seccomp tools: Provide powerful tools for seccomp analysis
Provide powerful tools for seccomp analysis.
This project is targeted to (but not limited to) analyze seccomp sandbox in CTF pwn challenges. Some features might be CTF-specific, but still useful for analyzing seccomp in real-case.
- Dump – Automatically dump seccomp-bpf from execution file(s).
- Disasm – Convert bpf to human readable format.
- Simple decompile.
- Show syscall names.
- Asm – Write seccomp rules is so easy!
- Emu – Emulate seccomp rules.
- Support multi-architectures.
$ gem install seccomp-tools
Dump the seccomp bpf from an execution file. This work is done by the
NOTICE: beware of the execution file will be executed.
Disassemble the seccomp from raw bpf.
Assemble the seccomp rules into raw bytes. Very useful when one wants to write custom seccomp rules.
Supports labels for jumping and use syscall names directly. See example below.
Emulate seccomp given
Copyright (c) 2017 david942j