Skip to content

black-leg-nameko/proc_scanner

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
assets
assets
 
 
src
src
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
README.md
README.md
 
 
report.json
report.json
 
 

Repository files navigation

proc_scanner

A Rust-based offensive security tool for enumerating and analyzing Linux /proc information.
Designed for post-exploitation and penetration testing scenarios, it automates the collection of process secrets, suspicious sockets, privilege anomalies, and cross-checks between file descriptors and capabilities.

Demo

Demo gif

Features

  • Network Scanner

    • Parses /proc/net/{tcp,tcp6,udp,udp6}
    • Maps socket inodes to owning PIDs
    • Scores suspicious sockets (e.g., 0.0.0.0:LISTEN, external ESTABLISHED sessions, orphaned sockets)

  • Privilege Scanner

    • Reads /proc/[pid]/status
    • Detects processes with dangerous capabilities (CAP_SYS_ADMIN, CAP_NET_ADMIN, etc.)
    • Flags non-root processes holding high-privilege capabilities

  • Cross Privilege + FD Scanner

    • Correlates processes with elevated capabilities and active file descriptors/sockets
    • Highlights potential privilege escalation or lateral movement opportunities

  • Secrets Scanner

    • Extracts cmdline and environ from /proc/[pid]
    • Searches for sensitive patterns (passwords, API keys, tokens, database credentials)

  • JSON Output

    • All results are aggregated into a structured JSON report
    • Easy integration with jq, SIEMs, or custom tooling

Example Usage

cargo run > report.json
jq . report.json

About

A Rust-based offensive security tool for enumerating and analyzing Linux /proc information.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages