out-of-tree kernel {module, exploit} development tool
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
dump_stack() c12daaa1d6 Travis-CI: fix bootstrap.sh path 2 weeks ago
config Move to fmt.Errorf 2 months ago
examples Print kernel config skeleton to stdout 2 months ago
qemu Rename qemu package 2 weeks ago
tools Use relative path for bootstrap script 2 weeks ago
.gitignore Remove snap support 2 months ago
.travis.yml Travis-CI: fix bootstrap.sh path 2 weeks ago
LICENSE Change license to GNU AGPLv3 4 months ago
README.md Move upstream to code.dumpstack.io 2 weeks ago
bootstrap.config.go Implements bootstrap, fixes #3 2 months ago
bootstrap.go Improve logging 2 months ago
debug.go Move upstream to code.dumpstack.io 2 weeks ago
gen.go Move upstream to code.dumpstack.io 2 weeks ago
go.mod Go modules support 2 weeks ago
go.sum Go modules support 2 weeks ago
kernel.go Move upstream to code.dumpstack.io 2 weeks ago
main.go Move upstream to code.dumpstack.io 2 weeks ago
pew.go Move upstream to code.dumpstack.io 2 weeks ago
pew_test.go Use go timers for kill docker by timeout, fixes #12 2 months ago

README.md

Build Status Go Report Card

out-of-tree

out-of-tree kernel {module, exploit} development tool

Screenshot

Requirements

Qemu, docker and golang is required.

Also do not forget to set GOPATH and PATH e.g.:

$ echo 'export GOPATH=$HOME' >> ~/.bashrc
$ echo 'export PATH=$PATH:$HOME/bin' >> ~/.bashrc
$ source ~/.bashrc

Gentoo

# emerge app-emulation/qemu app-emulation/docker dev-lang/go

macOS

$ brew install go qemu
$ brew cask install docker

Fedora

$ sudo dnf install go qemu moby-engine

Also check out docker post-installation steps.

Build from source

$ go get -u code.dumpstack.io/tools/out-of-tree
$ out-of-tree bootstrap

Then you can check it on kernel module example:

$ cd $GOPATH/src/code.dumpstack.io/tools/out-of-tree/examples/kernel-module
$ out-of-tree kernel autogen # generate kernels based on .out-of-tree.toml
$ out-of-tree pew

Examples

Run by absolute path

$ out-of-tree --path /path/to/exploit/directory pew

Test only with one kernel:

$ out-of-tree pew --kernel='Ubuntu:4.10.0-30-generic'

Run debug environment:

$ out-of-tree debug --kernel='Ubuntu:4.10.0-30-generic'

Test binary module/exploit with implicit defined test ($BINARY_test)

$ out-of-tree pew --binary /path/to/exploit

Test binary module/exploit with explicit defined test

$ out-of-tree pew --binary /path/to/exploit --test /path/to/exploit_test

Guess work kernels:

$ out-of-tree pew --guess

Use custom kernels config

$ out-of-tree --kernels /path/to/kernels.toml pew

Generate all kernels

$ out-of-tree kernel genall --distro Ubuntu --ver 16.04

Development

Read Qemu API.

Generate images

$ cd $GOPATH/src/code.dumpstack.io/tools/out-of-tree/tools/qemu-debian-img/
$ docker run --privileged -v $(pwd):/shared -e IMAGE=/shared/ubuntu1404.img -e RELEASE=trusty -t gen-ubuntu1804-image
$ docker run --privileged -v $(pwd):/shared -e IMAGE=/shared/ubuntu1604.img -e RELEASE=xenial -t gen-ubuntu1804-image