diff options
| author | dusoleil <howcansocksbereal@gmail.com> | 2023-02-12 03:17:32 -0500 |
|---|---|---|
| committer | dusoleil <howcansocksbereal@gmail.com> | 2023-02-12 03:17:32 -0500 |
| commit | 151a454802590ab32018392bf221e33855e9b05a (patch) | |
| tree | 66fc0aaa05fb6b492555c2f588ecbb9f41f460fa /README.txt | |
| parent | 4fb3e9ac04cb7772bca3988c5983019a7a34bf20 (diff) | |
| download | sploit-151a454802590ab32018392bf221e33855e9b05a.tar.gz sploit-151a454802590ab32018392bf221e33855e9b05a.zip | |
Add .gitignore, README, and UNLICENSE
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
Diffstat (limited to 'README.txt')
| -rw-r--r-- | README.txt | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/README.txt b/README.txt new file mode 100644 index 0000000..1199c36 --- /dev/null +++ b/README.txt @@ -0,0 +1,57 @@ +sploit is a process interaction automation tool with software exploitation +focused utilities. It is designed to abstract and simplify process invocation +to enable exploit code reuse across target sources. It includes a limited, but +powerful and intuitive set of utilities and syntactic sugar which make writing +exploits quick and straightforward. This enables rapid prototyping workflows. + +Installation +-------------- +sploit can be installed to the system with +``` +$ pip install . +``` + +Once installed, sploit can be invoked from the PATH like normal +``` +$ sploit exploit.py ./target target_args +``` + +Usage +------------ +sploit has two main modes of operation: Process and Pipes. + +A sploit script can be run against a specific command in Process mode. This +will automatically connect the target's stdio into a handy io object that can +be referenced in the sploit script. +``` +$ sploit exploit.py ./target target_args +``` + +If sploit is run omitting the target, it will launch in Pipes mode. Here, it +will create temporary FIFOs for stdio which will be tied to the same io object +in the sploit script. In this way, the same script can be used in both modes +and against any target source regardless of how it exposes its stdio. +``` +$ sploit exploit.py +``` + +When running in Pipes mode, sploit will wait for something to connect on the +FIFOs before actually executing the exploit script. Once it has finished, it +will go back to waiting and run the script again the next time it connects. +This will loop indefinitely until you give a keyboard interrupt (Ctrl+C). The +exploit script can be modified between each run without any problems. + +The main use case of Pipes mode is when you want to launch the target program +under another program (such as gdb). This enables a powerful workflow where you +can keep sploit and gdb running, make small alterations to the exploit script, +and re-run the target directly in gdb to see what happens. This allows for +rapid prototyping. + +``` +gdb> r </tmp/tmpksakkt8o/in >/tmp/tmpksakkt8o/out +``` + +You can also directly run sploit scripts with the following shebang +``` +#!/usr/bin/env sploit +``` |