https://github.com/jblukach/mmi
OS Triage for Anyone and Everyone
https://github.com/jblukach/mmi
amazon apple arm aws b3 blake3 cli hash linux macintosh macos microsoft rust triage ubuntu windows x86
Last synced: about 2 months ago
JSON representation
OS Triage for Anyone and Everyone
- Host: GitHub
- URL: https://github.com/jblukach/mmi
- Owner: jblukach
- License: apache-2.0
- Created: 2022-10-05T09:27:57.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2025-02-18T00:55:04.000Z (2 months ago)
- Last Synced: 2025-02-18T01:33:28.723Z (2 months ago)
- Topics: amazon, apple, arm, aws, b3, blake3, cli, hash, linux, macintosh, macos, microsoft, rust, triage, ubuntu, windows, x86
- Language: Rust
- Homepage: https://github.com/jblukach/artifacts
- Size: 1.57 MB
- Stars: 7
- Watchers: 2
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE
Awesome Lists containing this project
README
# mmi
Metadata is the lowest-value indicator as easy to circumvent. Still, with the exponential volume of directories and files standard on default operating system installations, finding things hiding in plain sight has become an important analysis technique.
```
mmi
```
Output:
Legitimate files found on default OS installations that threat actors can potentially use to perform malicious intent are flagged; this technique is known as living off the land (LOL).
- https://gtfobins.github.io
- https://lolbas-project.github.io
- https://www.loobins.io
### Visualizations
- **BLUE** Known Meta Text
- **GREEN** Known File Content
- **MAGENTA** Full Path NOT Matched
- **RED** Potentially Suspect
### Classifications
- **DENIED** Permission Issue
- **DIRECTORY** Folder Path
- **EMPTY** Empty File Hash
- **ERROR** Content Hash Error
- **LARGE** File Size 1+ GB
- **ZERO** Zero File Size
### Help Command
```
mmi help
```
Output:
```
Commands: download, status, verify
```
### Required Files
```
mmi
```
Output:
```
Required File: /workspaces/mmi/target/debug/lol.poppy
Required File: /workspaces/mmi/target/debug/mmi.poppy
Download Link: https://github.com/jblukach/artifacts/releases
```
### Download Command
```
mmi download
```
Output:
```
Download Link: https://github.com/jblukach/artifacts/releases/download/v2025.02.02/lol.poppy
File Download: /workspaces/mmi/target/debug/lol.poppy
Download Link: https://github.com/jblukach/artifacts/releases/download/v2025.02.02/mmi.poppy
File Download: /workspaces/mmi/target/debug/mmi.poppy
Download Link: https://github.com/jblukach/artifacts/releases/download/v2025.02.02/verification.csv
File Download: /workspaces/mmi/target/debug/verification.csv
```
### Status Command
```
mmi status
```
Output:
```
Estimate: 22116 /workspaces/mmi/target/debug/lol.poppy
Estimate: 4071377 /workspaces/mmi/target/debug/mmi.poppy
```
### Verify Command
```
mmi verify
```
Output:
```
Verified: /workspaces/mmi/target/debug/mmi.poppy
Verified: /workspaces/mmi/target/debug/lol.poppy
```
### Dependency
```
curl https://sh.rustup.rs -sSf | sh -s -- -y
source "$HOME/.cargo/env"
```
### Installation
```
cargo install mmi
```
