Displaying 1 to 17 from 17 results

shellen - :cherry_blossom: Interactive shellcoding environment to easily craft shellcodes

  •    Python

Shellen is an interactive shellcoding environment. If you want a handy tool to write shellcodes, then shellen may be your friend. Shellen can also be used as an assembly or disassembly tool. keystone and capstone engines are used for all of shellen's operations.

contained.af - A stupid game for learning about containers, capabilities, and syscalls.

  •    Javascript

A game for learning about containers, capabilities, and syscalls. To add a question edit this file: frontend/js/questions.js.

krf - A kernelspace syscall interceptor and randomized faulter

  •    C

KRF is a Kernelspace Randomized Faulter. It currently supports the Linux and FreeBSD kernels.

kafel - A language and library for specifying syscall filtering policies.

  •    C

Kafel is a language and library for specifying syscall filtering policies. The policies are compiled into BPF code that can be used with seccomp-filter.This is NOT an official Google product.




ptracer - A library for ptrace-based tracing of Python programs

  •    Python

Ptracer is a library providing on-demand system call tracing in Python programs. In the above example, ptracer will invoke the callback only for successful attempts to open files in the "/tmp" directory for writing.

go-memfd - Golang Linux memfd library

  •    Go

This is a Go library for working with Linux memfd, memory file descriptors. These provide shareable anonymous memory, which can be passed around via file descriptors, and also locked from write or resize. They are designed to let programs that do not trust each other communicate via shared memory without issues of naming, truncation, or race conditions due to modifications.

write-a-strace-and-gdb - A tiny system call tracer and debugger implementation

  •    C

This repo contains a very simple implementation of a possible system call tracer and debugger.


linux-prog - Some C code i write to study systems programming (while reading The Linux Programming Interface)

  •    C

Some C code i write to study systems programming (while reading The Linux Programming Interface)

TARDIS - Trace And Rewrite Delays In Syscalls: Hooking time-related Linux syscalls to warp a process's perspective of time, using ptrace

  •    C

Trace And Rewrite Delays In Syscalls: Hooking time-related Linux syscalls to warp a process's perspective of time. This code is rather buggy, mainly due to my lack of understanding of the ptrace API. You probably shouldn't use it for anything serious, although it could be useful for testing/debugging certain applications.

cubostratus - Blazingly fast Linux syscall collector

  •    Rust

cubostratus is a high performance Linux syscall collector. It acquires the syscall flow from the rock solid sysdig driver and emits it to Kafka brokers for later ingestion, storage and analysis.

gtrace - Experimental system call tracer for Linux x86-64, written in Go

  •    C

A system call tracer for Linux x86-64. DISCLAIMER: This software is experimental and not considered stable. Do not use it in mission-critical environments.

go-disass - A suite of tools for disassembly, ROP, and binary analysis written in Go

  •    Go

syscall-accumulate - a tool that finds all direct references to syscalls in a x86_64 ELF binary and prints the list to stdout.

fork - Library for creating a new process detached from the controling terminal (daemon) using the fork and setsid syscalls

  •    Rust

Library for creating a new process detached from the controling terminal (daemon). If using daemon(false, false),it will chdir to / and close the standard input, standard output, and standard error file descriptors.

oci-seccomp-bpf-hook - OCI hook to trace syscalls and generate a seccomp profile

  •    Go

This project provides an OCI hook to generate seccomp profiles by tracing the syscalls made by the container. The generated profile would allow all the syscalls made and deny every other syscall. The syscalls are traced by launching a binary by using the prestart OCI hook. The binary started spawns a child process which attaches function enter_trace to the raw_syscalls:sys_enter tracepoint using eBPF. The function looks at all the syscalls made on the system and writes the syscalls which have the same PID namespace as the container to the perf buffer. The perf buffer is read by the process in the userspace and generates a seccomp profile when the container exits.






We have large collection of open source products. Follow the tags from Tag Cloud >>


Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.