This framework aims to automate the process of exploiting the Linux Kernel, as well as to provide the user with the necessary tools to scan the target and consult already existing exploits.
The project started is not intended as a definitive version, but as a constantly evolving Framework subject to new kernel versions and security features as they emerge. For the time being, it is an open source prototype, with the hope that both those who are most proficient in the area of cyber security, as well as novices who want to enter the world of exploitation, can use the software freely and contribute to its development.
- Information Gathering
- Module Fuzzing
- Consult exploits
- Create/edit new exploits
Some of the tools currently being used are:
- SearchSploit - Local Exploit-db Database
- QEMU - Virtual Machine for target fuzzing simulator
- KASAN - Kernel Address Sanitizer for bug detection
It is required SearachSploit to query any exploit.
sudo apt update && sudo apt -y install exploitdb
and Vim editor to create/edit exploits.
sudo apt update && sudo apt install vim
To install the Framework just run the INSTALL.sh file in the 'Project' directory.
bash TFG/Project/INSTALL.sh
Or do the manual compilation...
cd TFG/Project/src/
make clean
make
cd ../fuzzer_ssh/fuzzer
make
then just run the Framework at 'TFG/Project/bin directory'
read the full documentation in the root of the repository documentation.pdf
For any doubt or reporting bug, you can contact me by email: vallespuigramon@gmail.com