Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/hugsy/cfb
Canadian Furious Beaver is a ProcMon-style tool designed only for capturing IRPs sent to any Windows driver.
https://github.com/hugsy/cfb
fuzzing hooking irp irp-monitor kernel vulnerability-research windows windows-driver
Last synced: 3 days ago
JSON representation
Canadian Furious Beaver is a ProcMon-style tool designed only for capturing IRPs sent to any Windows driver.
- Host: GitHub
- URL: https://github.com/hugsy/cfb
- Owner: hugsy
- Created: 2018-07-31T04:27:32.000Z (over 6 years ago)
- Default Branch: main
- Last Pushed: 2024-03-26T02:01:27.000Z (10 months ago)
- Last Synced: 2025-01-13T15:13:00.991Z (10 days ago)
- Topics: fuzzing, hooking, irp, irp-monitor, kernel, vulnerability-research, windows, windows-driver
- Language: C++
- Homepage: https://hugsy.github.io/CFB/
- Size: 7.25 MB
- Stars: 311
- Watchers: 16
- Forks: 66
- Open Issues: 2
-
Metadata Files:
- Readme: Docs/README.md
- Funding: .github/FUNDING.yml
Awesome Lists containing this project
README
## Idea
**Canadian Furious Beaver** is a distributed tool for capturing IRPs sent to any Windows driver. It operates in 2 parts:
1. the "Broker" combines both a user-land agent and a self-extractable driver (`IrpMonitor.sys`) that will install itself on the targeted system. After installing the driver, the broker will expose a TCP port listening (by default, on TCP/1337) and start collecting IRP from hooked drivers. The communication protocol was made to be simple by design (i.e. not secure) allowing any [3rd party tool](https://github.com/hugsy/cfb-cli) to dump the driver IRPs from the same Broker easily (via simple JSON messages).
2. the clients can connect to the broker, and will receive IRPs as a JSON message making it easy to view, or convert to another format.
## Why the name?
Because I had no idea for the name of this tool, so it was graciously generated by [a script of mine](https://github.com/hugsy/stuff/tree/master/random-word).