out-of-tree kernel {module, exploit} development tool
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
dump_stack() 02663fad64
Run tests on pull request
5 days ago
.github/workflows Run tests on pull request 5 days ago
config adding TestFiles to artifact config, transfers extra test files to VM 5 days ago
docs Move build from source to documentation 8 months ago
examples Implements modules preload list 3 months ago
qemu Update bootstrap scripts to Ubuntu 20.04 3 months ago
tools CentOS 8 image generator 3 months ago
.gitignore Remove snap support 1 year ago
CHANGELOG.md Bump version 3 months ago
LICENSE Change license to GNU AGPLv3 1 year ago
README.md Follow redirect 3 months ago
db.go Show last log if no ID specified 3 months ago
debug.go adding TestFiles to artifact config, transfers extra test files to VM 5 days ago
gen.go Implements modules preload list 3 months ago
go.mod Implements modules preload list 3 months ago
go.sum Implements modules preload list 3 months ago
images.config.go Remove bootstrap, download images on-demand 1 year ago
images.go Remove bootstrap, download images on-demand 1 year ago
kernel.go Workaround for CentOS 8 Vault repos 3 months ago
kernel_linux.go Exclude host kernel generation for macOS 1 year ago
kernel_macos.go Exclude host kernel generation for macOS 1 year ago
log.go Show last log if no ID specified 3 months ago
main.go Bump version 3 months ago
pack.go Add flag for verbose output 10 months ago
pew.go adding TestFiles to artifact config, transfers extra test files to VM 5 days ago
pew_test.go Use go timers for kill docker by timeout, fixes #12 1 year ago
preload.go Implements modules preload list 3 months ago

README.md

Codacy Badge Go Report Card Documentation Status Donate Donate

out-of-tree

out-of-tree kernel {module, exploit} development tool

out-of-tree is for automating some routine actions for creating development environments for debugging kernel modules and exploits, generating reliability statistics for exploits, and also provides the ability to easily integrate into CI (Continuous Integration).

Screenshot

Installation

GNU/Linux (with Nix)

$ curl -fsSL https://get.docker.com | sh
$ sudo usermod -aG docker user && newgrp docker
$ curl -L https://nixos.org/nix/install | sh
$ nix-env -iA nixpkgs.out-of-tree

Note that adding a user to group docker has serious security implications. Check Docker documentation for more information.

macOS

$ brew cask install docker
$ open --background -a Docker && sleep 1m
$ brew tap jollheef/repo
$ brew install out-of-tree

Read documentation for further info.

Examples

Run by absolute path

$ out-of-tree --path /path/to/exploit/directory pew

Test only with one kernel:

$ out-of-tree pew --kernel='Ubuntu:5.4.0-29-generic

Run debug environment:

$ out-of-tree debug --kernel='Ubuntu:5.4.0-29-generic

Test binary module/exploit with implicit defined test ($BINARY_test)

$ out-of-tree pew --binary /path/to/exploit

Test binary module/exploit with explicit defined test

$ out-of-tree pew --binary /path/to/exploit --test /path/to/exploit_test

Guess work kernels:

$ out-of-tree pew --guess

Use custom kernels config

$ out-of-tree --kernels /path/to/kernels.toml pew

Generate all kernels

$ out-of-tree kernel genall --distro Ubuntu --ver 20.04

Troubleshooting

If anything happens that you cannot solve -- just remove $HOME/.out-of-tree.

But it’ll be better if you’ll write the bug report.

Development

Read Qemu API.