Skip to content

Zaps arguments and environment from the process list

Notifications You must be signed in to change notification settings

nick-forks/zapper

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

33 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Privacy for your command line options

A Linux tool to hide from `ps`

Download (static and upx obfuscated binary):

curl -fL -o zapper https://da.gd/thczap/zapper-linux-x86_64 && \
chmod 755 zapper && \
./zapper -h

Example: Show only 'nmap', but without the command options:

./zapper nmap -sCV -F -Pn scanme.nmap.org
              ^^^^^^^^^^^^^^^^^^^^ will not show

Example: Hide the current shell and all sub processes as some kernel worker:

exec ./zapper -f -a[kworker/1:0-rcu_gp] bash -il

  1. Does not require root
  2. Works also on static binaries (e.g. GoLang)
  3. Zaps the environment (/proc/<PID>/environ) as well
  4. Does not rely on LD_PRELOAD=
  5. Only 00.1% overhead.
  6. Stops root from sniffing your processes (-f) (with strace).

Compile:

git clone https://github.com/hackerschoice/zapper.git
cd zapper
make

Exmaples

# Will show as 'ssh' without 'root@server'.
./zapper ssh root@server
# Will show as 'harmless' without '-sCV -F -Pn scanme...'
./zapper -a harmless nmap -sCV -F -Pn scanme.nmap.org
# Current shell and all child processes show as 'sh' without any options.
exec ./zapper -f -a THCwasHERE ${SHELL:-bash} -il

Screenshot 2023-09-08 at 09 51 25

About

Zaps arguments and environment from the process list

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • C 98.3%
  • Makefile 1.5%
  • Go 0.2%