PSPY: Difference between revisions

From RCATs
(Created page with " pspy is a command line tool designed to snoop on processes without need for root permissions. It allows you to see commands run by other users, cron jobs, etc. as they execute. Great for enumeration of Linux systems in CTFs. Also great to demonstrate your colleagues why passing secrets as arguments on the command line is a bad idea. The tool gathers the info from procfs scans. Inotify watchers placed on selected parts of the file system trigger these scans to catch sho...")
 
No edit summary
 
Line 3: Line 3:


The tool gathers the info from procfs scans. Inotify watchers placed on selected parts of the file system trigger these scans to catch short-lived processes.
The tool gathers the info from procfs scans. Inotify watchers placed on selected parts of the file system trigger these scans to catch short-lived processes.
==Download Latest Releases==
==Download Latest Releases<ref>https://github.com/DominicBreuker/pspy</ref>==
<syntaxhighlight lang=powershell>
<syntaxhighlight lang=powershell>
https://github.com/DominicBreuker/pspy/releases/tag/v1.2.1
https://github.com/DominicBreuker/pspy/releases/tag/v1.2.1
Line 17: Line 17:
./pspy64 -p=false -f
./pspy64 -p=false -f
</syntaxhighlight>
</syntaxhighlight>
 
<references />
[[Category:Tools]]
[[Category:Tools]]

Latest revision as of 11:30, 21 February 2023

pspy is a command line tool designed to snoop on processes without need for root permissions. It allows you to see commands run by other users, cron jobs, etc. as they execute. Great for enumeration of Linux systems in CTFs. Also great to demonstrate your colleagues why passing secrets as arguments on the command line is a bad idea.

The tool gathers the info from procfs scans. Inotify watchers placed on selected parts of the file system trigger these scans to catch short-lived processes.

Download Latest Releases[1]

https://github.com/DominicBreuker/pspy/releases/tag/v1.2.1
# print both commands and file system events and scan procfs every 1000 ms (=1sec)
./pspy64 -pf -i 1000 

# place watchers recursively in two directories and non-recursively into a third
./pspy64 -r /path/to/first/recursive/dir -r /path/to/second/recursive/dir -d /path/to/the/non-recursive/dir

# disable printing discovered commands but enable file system events
./pspy64 -p=false -f