This framework aims to automate the process of exploiting the Linux Kernel, as well as to provide the user with the necessary tools to scan the target and consult already existing exploits.
The project started is not intended as a definitive version, but as a constantly evolving Framework subject to new kernel versions and security features as they emerge. For the time being, it is an open source prototype, with the hope that both those who are most proficient in the area of cyber security, as well as novices who want to enter the world of exploitation, can use the software freely and contribute to its development.
- Information Gathering
- Module Fuzzing
- Consult exploits
- Create/edit new exploits
Some of the tools currently being used are:
- SearchSploit - Local Exploit-db Database
- QEMU - Virtual Machine for target fuzzing simulator
- KASAN - Kernel Address Sanitizer for bug detection
It is required SearachSploit to query any exploit.
sudo apt update && sudo apt -y install exploitdband Vim editor to create/edit exploits.
sudo apt update && sudo apt install vimTo install the Framework just run the INSTALL.sh file in the 'Project' directory.
bash TFG/Project/INSTALL.shOr do the manual compilation...
cd TFG/Project/src/
make clean
make
cd ../fuzzer_ssh/fuzzer
makethen just run the Framework at 'TFG/Project/bin directory'
read the full documentation in the root of the repository documentation.pdf
For any doubt or reporting bug, you can contact me by email: vallespuigramon@gmail.com