Download (static and upx obfuscated binary):
curl -fL -o zapper https://da.gd/thczap/zapper-linux-x86_64 && \
chmod 755 zapper && \
./zapper -h
Example: Show only 'nmap', but without the command options:
./zapper nmap -sCV -F -Pn scanme.nmap.org
^^^^^^^^^^^^^^^^^^^^ will not show
Example: Hide the current shell and all sub processes as some kernel worker:
exec ./zapper -f -a[kworker/1:0-rcu_gp] bash -il
- Does not require root
- Works also on static binaries (e.g. GoLang)
- Zaps the environment (/proc/<PID>/environ) as well
- Does not rely on LD_PRELOAD=
- Only 00.1% overhead.
- Stops root from sniffing your processes (
-f
) (with strace).
Compile:
git clone https://github.com/hackerschoice/zapper.git
cd zapper
make
Exmaples
# Will show as 'ssh' without 'root@server'.
./zapper ssh root@server
# Will show as 'harmless' without '-sCV -F -Pn scanme...'
./zapper -a harmless nmap -sCV -F -Pn scanme.nmap.org
# Current shell and all child processes show as 'sh' without any options.
exec ./zapper -f -a THCwasHERE ${SHELL:-bash} -il