You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
7 days ago | |
---|---|---|
.github/workflows | 2 weeks ago | |
config | 1 week ago | |
docs | 3 years ago | |
examples | 2 years ago | |
qemu | 3 weeks ago | |
tools | 3 weeks ago | |
.gitignore | 2 weeks ago | |
CHANGELOG.md | 7 days ago | |
LICENSE | 4 years ago | |
README.md | 3 weeks ago | |
db.go | 3 years ago | |
debug.go | 1 week ago | |
gen.go | 1 week ago | |
go.mod | 1 week ago | |
go.sum | 1 week ago | |
images.config.go | 4 years ago | |
images.go | 4 years ago | |
kernel.go | 1 week ago | |
kernel_linux.go | 3 years ago | |
kernel_macos.go | 3 years ago | |
log.go | 1 week ago | |
main.go | 1 week ago | |
pack.go | 1 week ago | |
pew.go | 7 days ago | |
pew_test.go | 4 years ago | |
preload.go | 1 week ago | |
shell.nix | 3 weeks ago |
README.md
out-of-tree
out-of-tree kernel {module, exploit} development tool
out-of-tree is for automating some routine actions for creating development environments for debugging kernel modules and exploits, generating reliability statistics for exploits, and also provides the ability to easily integrate into CI (Continuous Integration).
Installation
GNU/Linux (with Nix)
$ curl -fsSL https://get.docker.com | sh
$ sudo usermod -aG docker user && newgrp docker
$ curl -L https://nixos.org/nix/install | sh
$ nix-env -iA nixpkgs.out-of-tree
Note that adding a user to group docker has serious security implications. Check Docker documentation for more information.
macOS
$ brew cask install docker
$ open --background -a Docker && sleep 1m
$ brew tap jollheef/repo
$ brew install out-of-tree
Read documentation for further info.
Examples
Run by absolute path
$ out-of-tree --path /path/to/exploit/directory pew
Test only with one kernel:
$ out-of-tree pew --kernel='Ubuntu:5.4.0-29-generic
Run debug environment:
$ out-of-tree debug --kernel='Ubuntu:5.4.0-29-generic
Test binary module/exploit with implicit defined test ($BINARY_test)
$ out-of-tree pew --binary /path/to/exploit
Test binary module/exploit with explicit defined test
$ out-of-tree pew --binary /path/to/exploit --test /path/to/exploit_test
Guess work kernels:
$ out-of-tree pew --guess
Use custom kernels config
$ out-of-tree --kernels /path/to/kernels.toml pew
Generate all kernels
$ out-of-tree kernel genall --distro Ubuntu --ver 22.04
Development
Read Qemu API.