Skip to content
/ JXA_Proc_Tree Public
forked from antman1p/JXA_Proc_Tree

A JXA script for enumerating running processes, printed out in a json, parent-child tree.

1 star 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

its-a-feature/JXA_Proc_Tree

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
README.md
README.md
 
 
Screen Shot 2021-04-19 at 5.12.57 PM.png
Screen Shot 2021-04-19 at 5.12.57 PM.png
 
 
jxa_tree.js
jxa_tree.js
 
 

Repository files navigation

JXA_Proc_Tree

A JXA script for enumerating running processes, printed out in a json, parent-child tree.

What is this?

It is sort of a port of Jaron Bradley's TrueTree (Swift tool over to JXA for use in an Apfell Agent, Mythic for Mythic C2 by Cody Thomas
I recently implemented the Responsible pid functionality, so processes can now show the rpid as their real parent, rather than every process always having a ppid of 1 (launchd).

Usage

  1. In Mythic, use jsimport jxa_tree.js and upload jxa_tree.js
  2. Use jsimport_call{"command":"printTree('<TREE TYPE>')"}
    • TREE TYPEs are either 'standard' for pid 1 (launchd) as the parent of all processes, or 'truetree' where the Responsible pid (rpid) is the parent process, if available.
    • This works best if you have a root callback, but it will work with a user context callback as well. alt text

TODO:

1. Get the getRpid(pid) function to work

Special Thanks

Thank you to my colleagues in Appsec for helping me figure out how to get around the struct issue! JXA has a problem with structs.

About

A JXA script for enumerating running processes, printed out in a json, parent-child tree.

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 100.0%