cmprmsd

cmprmsd / BusyBOF

Public

Busybox-style Beacon Object Files for *nix post-exploitation. Reimplements common Unix utilities as BOFs for use in stripped environments (Docker containers, Kubernetes pods, minimal VMs) where no binaries exist beyond the agent / implant.

16
1
69% credibility
Found Apr 05, 2026 at 16 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
C
AI Summary

BusyBOF is a collection of Unix utilities reimplemented as loadable object files for in-memory execution in minimal Linux environments during post-exploitation security testing.

How It Works

1
🔍 Discover the toolkit

You hear about a handy set of tools that let you explore bare-bones computers without installing anything new, perfect for security checks.

2
📥 Get the tools ready

Download the collection and prepare it quickly on your own machine so it's all set to use.

3
🚀 Connect to your agent

Link the tools to your hidden helper program already running on the target computer, making everything work in memory without traces.

4
📁 List files and check system

Run simple commands to see folders, running programs, or network connections, just like everyday computer tools but invisible.

5
Chain commands together
📄
Process text

Filter, sort, or transform lists of words and lines to spot important info.

🛤️
Handle paths

Work with file locations one by one, like sizing folders or updating them.

Full stealthy exploration

You now have a complete Unix toolbox running silently, gathering all the details you need without leaving any files behind.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 16 to 16 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is BusyBOF?

BusyBOF delivers busybox-style BOFs in C for *nix post-exploitation, reimplementing 64 common Unix utilities like ls, grep, ps, and netstat as loadable modules for Beacon agents. It solves the problem of stripped environments—Docker containers, Kubernetes pods, minimal VMs—where no binaries exist beyond the agent, letting operators run a full toolkit in-memory without dropping files or needing package managers.

Why is it gaining traction?

Pipe chaining stands out: chain commands like `bf-ls /etc | bf-grep password` directly on the agent, with text and path processors handling input seamlessly. No dependencies, pure C implementations for hashes and networking, and extension.json manifests for easy C2 integration make it a lightweight drop-in for busybody workflows in constrained setups.

Who should use this?

Red team operators and pentesters targeting *nix containers or air-gapped VMs, where standard utils are absent. Ideal for beacon handlers needing quick recon (ps, netstat), file ops (cat, find, tar), or text processing (awk, sed) without alerting via binary downloads.

Verdict

Grab it if you're in *nix post-ex; the pipe support and tool breadth punch above its 16 stars. Low 0.699999988079071% credibility score reflects early maturity—solid README but light tests—so test in staging first.

(187 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.