watchstring

Detect at what instruction address binary processes user input string

Usage:

$ ps -ef | grep optmgr
root      5605  3011  0 Oct17 ?        00:01:49 /usr/local/bin/optmgr

$ ./pin -pid 5605 -t watchstring.so -s "PAYLOADSTRING" -f "/tmp/output.log"

# Inserting string somewhere in optmgr

$ cat /tmp/output.log
Memory write containing 'PAYLOADSTRING' detected at IP: 0x7f32ff
Memory reаd containing 'PAYLOADSTRING' detected at IP: 0x7f7fab

memgrep

Find string in memory of all processes (fast-memgrep does the same, but with multithreading)

Usage:

$ memgrep PAYLOADSTRING
l2mgr:
snmpd:
mmmoed:
nginx 5855 contains string 'PAYLOADSTRING'
httpd 6174 contains string 'PAYLOADSTRING'
httpd 6176 contains string 'PAYLOADSTRING'
systemd:

r3

Get info about directory files' extensions

Usage:

$ r3 /etc/nginx
conf
html
num
pem
tmpl
types

logme

Intercepts calls to binary by wrapping it with logger. (logme-strict uses exec redirection with both STDOUT and STDERR)

Usage:

$ chmod 0777 -R /var/log
$ logme /bin/rhttpd /var/log/rhttpd.log
Interceptor created. Call the process
$ rhttpd 80 
Listening server at :80

$ cat /var/log/rhttpd.log
[bash][Thu Nov  9 05:34:52 PST 2023] : /bin/rhttpd 80
Listening server at :80

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

watchstring

Usage:

memgrep

Usage:

r3

Usage:

logme

Usage:

Files

README.md

Latest commit

History

README.md

File metadata and controls

watchstring

Usage:

memgrep

Usage:

r3

Usage:

logme

Usage: