Skip to content

Latest commit

 

History

History
55 lines (45 loc) · 1.37 KB

README.md

File metadata and controls

55 lines (45 loc) · 1.37 KB

Privacy for your command line options

A Linux tool to hide from `ps`

Download (static and upx obfuscated binary):

curl -fL -o zapper https://da.gd/thczap/zapper-linux-x86_64 && \
chmod 755 zapper && \
./zapper -h

Example: Show only 'nmap', but without the command options:

./zapper nmap -sCV -F -Pn scanme.nmap.org
              ^^^^^^^^^^^^^^^^^^^^ will not show

Example: Hide the current shell and all sub processes as some kernel worker:

exec ./zapper -f -a[kworker/1:0-rcu_gp] bash -il

  1. Does not require root
  2. Works also on static binaries (e.g. GoLang)
  3. Zaps the environment (/proc/<PID>/environ) as well
  4. Does not rely on LD_PRELOAD=
  5. Only 00.1% overhead.
  6. Stops root from sniffing your processes (-f) (with strace).

Compile:

git clone https://github.com/hackerschoice/zapper.git
cd zapper
make

Exmaples

# Will show as 'ssh' without 'root@server'.
./zapper ssh root@server
# Will show as 'harmless' without '-sCV -F -Pn scanme...'
./zapper -a harmless nmap -sCV -F -Pn scanme.nmap.org
# Current shell and all child processes show as 'sh' without any options.
exec ./zapper -f -a THCwasHERE ${SHELL:-bash} -il

Screenshot 2023-09-08 at 09 51 25