Quantcast
Channel: KitPloit - PenTest Tools!
Viewing all articles
Browse latest Browse all 5816

Maybe - See What A Program Does Before Deciding Whether You Really Want It To Happen

$
0
0

rm -rf pic*
Are you sure? Are you one hundred percent sure?

... allows you to run a command and see what it does to your files without actually doing it! After reviewing the operations listed, you can then decide whether you really want these things to happen or not.

What is this sorcery?!?

maybe runs processes under the control of ptrace (with the help of the excellent python-ptrace library). When it intercepts a system call that is about to make changes to the file system, it logs that call, and then modifies CPU registers to both redirect the call to an invalid syscall ID (effectively turning it into a no-op) and set the return value of that no-op call to one indicating success of the original call.

As a result, the process believes that everything it is trying to do is actually happening, when in reality nothing is.

That being said, maybe should NEVER be used to run untrusted code on a system you care about! A process running under maybe can still do serious damage to your system because only a handful of syscalls are blocked. Currently, maybe is best thought of as an (alpha-quality) "what exactly will this command I typed myself do?" tool.

Installation

maybe requires Python 2.7+/3.2+ If you have the pip package manager, all you need to do is run
pip install maybe  
either as a superuser or from a virtualenv environment. To develop maybe , clone the repository and run
pip install -e .  
in its main directory to install the package in editable mode.

Usage

Command line
maybe COMMAND [ARGUMENT]...  
No other command line parameters are currently accepted.

Example
maybe mkdir test  



Viewing all articles
Browse latest Browse all 5816

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>