Skip to content

kudu-dynamics/exploitgenie

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.github/workflows
.github/workflows
 
 
.vscode
.vscode
 
 
daemon
daemon
 
 
debian
debian
 
 
docs
docs
 
 
exploitgenie
exploitgenie
 
 
hacker-help
hacker-help
 
 
signatures/version1
signatures/version1
 
 
.clang-format
.clang-format
 
 
.eslintrc.json
.eslintrc.json
 
 
.gitignore
.gitignore
 
 
.gitlab-ci.yml
.gitlab-ci.yml
 
 
.gitmodules
.gitmodules
 
 
.prettierignore
.prettierignore
 
 
.prettierrc.json
.prettierrc.json
 
 
CHANGELOG.md
CHANGELOG.md
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
NOTICE
NOTICE
 
 
README.md
README.md
 
 
egdaemon.service
egdaemon.service
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
pyproject.toml
pyproject.toml
 
 
system.sh
system.sh
 
 
tsconfig.json
tsconfig.json
 
 

Repository files navigation

ExploitGenie

ExploitGenie is an Exploit Development Environment (EDE) implemented as a Visual Studio (VS) Code Extension.

Its purpose is to make exploit development more accessible to software developers by automating hacking workflows in a familiar environment and providing an Exploit Technique Library in the form of code templates.

Architecture

ExploitGenie consists of a front-end, middle, and back-end.

Within the repository, there are three core modules.

  1. exploitgenie - (front-end) user-interface module for the VS Code Extension.
  2. daemon - (middle) RPC server responsible for orchestrating long-running tasks. Currently, this is only used by SyzScope related workflows.
  3. hacker-help - (back-end) library accessible from both the front-end and from a command-line-interface. hacker-help will perform command construction and run various workflows on the system using the podman container runtime.

Located in exploitgenie/resources is the Exploit Technique Library that encodes various exploit techniques using simulated vulnerabilities. These template files can be loaded from the front-end and from the hacker-help command-line-interface.

Dependencies

  • Ubuntu 22
  • Nodejs 18+
  • Visual Studio Code
  • bash
  • python3
  • python3 packaging
  • podman
  • KVM

For best compatibility, use Ubuntu 22.04 LTS as the host system.

Host system dependencies are managed by the top-level system.sh shell script which can be used to install all required system dependencies on an Ubuntu 22 host.

After host system dependencies are installed, be sure to build the backing podman container images that support the various workflows of the extension. This can be performed either in the UI's command palette [ctrl|cmd]-shift-p > Hacker help -> Build workflow containers or by using the top-level system.sh host system dependency management script by running ./system.sh build images from the top of this repository.

  • Tested on podman version 3.4.4 with python version 3.10.6.
  • WSL2 is fully supported although bare Windows has also been tested to have limited support.
  • Mac users will have to use remote workspaces and connect to a Linux server.

Additional Workflows

The extension may assume certain commandline-tools have been installed in order to support additional workflows.

For example, the struct_finder workflow assumes that the structseeker commandline-tool is either installed or aliased on the local host system.

The assumed struct_finder command can be installed and aliased by following the commands below:

$ git clone .../structseeker.git
$ cd structseeker
$ cargo build
$ echo "alias struct_finder=`realpath ${PWD}/target/debug/struct_finder`" >> ~/.bashrc

KVM Setup

If the host processor supports KVM (Kernel-based Virtual Machine), then the following setup is required to allow the nested QEMU instance to access the host KVM:

# check for kvm support on host (supported if output > 0)
grep -E "(vmx|svm)" /proc/cpuinfo | wc -l
96

# ensure nested virtualization is enabled
cat /sys/module/kvm_intel/parameters/nested
Y

# if not enabled, reload the kvm module with nested=1
rmmod kvm_intel # or kvm_amd
modprobe kvm_intel nested=1

# add the user to the kvm group
sudo usermod -a -G kvm $USER

# (necessary to re-login for group changes to take effect)
exec su -l $USER

Install

This repository can be bundled as an installable VS Code Extension.

Automatic Setup

The top-level system.sh script may be used to manage host system dependencies and build the project assuming the host system is Ubuntu 22.

$ ./system.sh help
system.sh -
  Manage system dependencies and build the project's package.

Usage:
  ./system.sh [help] [check] [setup] [build]

[help] - Print command usage prompt
[check] - Check presence of host system and build dependencies
[setup] [yes] - Install missing system and build dependencies.
                Optionally append "yes" to skip user-prompts.
[build] [package] - Build and package software.
[build] [images] - Build the podman container images.

All required host system dependencies can be checked with ./system.sh check. The expected output when all dependencies are found is shown below:

$ ./system.sh check
Checking host system dependencies...
System has podman installed.
localhost/codeql:latest
System already has localhost/codeql:latest container image.
localhost/kernel-preparer:latest
System already has localhost/kernel-preparer:latest container image.
localhost/kernel-runner:latest
System already has localhost/kernel-runner:latest container image.
localhost/image-builder:latest
System already has localhost/image-builder:latest container image.
localhost/poc-compiler:latest
System already has localhost/poc-compiler:latest container image.
System has npm installed.
System has python3 installed.
System has pip installed.
packaging              21.3

In the event that host system dependencies are missing, they can be installed using the ./system.sh setup command.

When all host system dependencies are already available, the output will appear as below:

$ ./system.sh setup
System has podman installed.
podman is already installed!
System has npm installed.
node is already installed!
System has python3 installed.
python is already installed!
packaging              21.3
python packaging is already installed!

Once host system dependencies are available, build the backing podman container images required for running the various workflows in ExploitGenie using the ./system.sh build images command.

$ ./system.sh build images
System has podman installed.
localhost/codeql:latest
System already has localhost/codeql:latest container image.
localhost/kernel-preparer:latest
System already has localhost/kernel-preparer:latest container image.
localhost/kernel-runner:latest
System already has localhost/kernel-runner:latest container image.
localhost/image-builder:latest
System already has localhost/image-builder:latest container image.
localhost/poc-compiler:latest
System already has localhost/poc-compiler:latest container image.
localhost/disassembler:latest
System already has localhost/disassembler:latest container image.
podman container images have already been built!
Do you want build podman image localhost/image-builder:latest? It will take ~238 MB of disk space [y/n]

Once all build dependencies are available, the VS Code extension package can be created using the ./system.sh build package command from the top-level of this repository:

$ ./system.sh build package
System has npm installed.
Building package from /mnt/raid/m/remote/exploitgenie...
Installing node build dependencies...
...
Building project into bundled javascript...
...
Packaging project into vscode extension...
...
Output extension file is available at: exploitgenie-0.2.0.vsix
Install into VS Code with the command: code --install-extension exploitgenie-0.2.0.vsix

After The VS Code extension is packaged, the hacker help cli interface needs to be configured using ./system.sh link cli command from the top-level of this repository. Run npx hh configure. It will prompt for the absolute path to exploitgenie/exploitgenie/resources from this repository.

$ ./system.sh link cli
...

$ npx hh configure
? Path to resources folder
# Example input: /home/user/exploitgenie/exploitgenie/resources

Developer Setup:

  1. Clone repo: git clone .../exploitgenie.git
  2. In the exploitgenie folder, run npm install
  3. Open exploitgenie folder in vscode
  4. (optional, if using syzscope) Start the daemon, npm run dev:daemon
  5. (optional, if developing the cli) npm run dev:hacker-help
  6. (optional, if developing llm plugin) pip install -e exploitgenie/resources/tools/jarvis
  7. Run the Extension (F5 or click Run Extension in the bottom ribbon)
  8. A new window of VS Code should launch with the extension activated
  9. Build the backing podman container images on the host system. This can be done from the extension UI using the command palette: [ctrl|cmd]-shift-p > Hacker help -> Build workflow containers

Usage

  1. Open any workspace folder
  2. Open the command palette: [ctrl|cmd]-shift-p
  3. Run a command:
Palette -> Hacker help -> loadTemplate -> choose template
Palette -> Hacker help -> runTemplate  -> choose template -> choose kernel version
Palette -> Hacker help -> testTemplate -> choose template -> choose kernel version
Palette -> Hacker help -> makeKernel -> enter version
Palette -> Hacker help -> runKernel -> choose version
Palette -> Hacker help -> addExistingKernel -> choose directory
Palette -> Hacker help -> makeFilesystem

Alternatively, use the buttons located on the ExploitGenie Activity Bar interface.

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

6 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages