FSMon : Monitor Filesystem On iOS / OS X / Android / FirefoxOS / Linux

FSMon or FileSystem Monitor utility that runs on Linux, Android, iOS and OSX. Brought to you by Sergi Àlvarez at Nowsecure and distributed under the MIT license.

Usage

The tool retrieves file system events from a specific directory and shows them in colorful format or in JSON.

It is possible to filter the events happening from a specific program name or process id (PID).

Usage: ./fsmon [-jc] [-a sec] [-b dir] [-B name] [-p pid] [-P proc] [path]
-a [sec] stop monitoring after N seconds (alarm)
-b [dir] backup files to DIR folder (EXPERIMENTAL)
-B [name] specify an alternative backend
-c follow children of -p PID
-f show only filename (no path)
-h show this help
-j output in JSON format
-L list all filemonitor backends
-p [pid] only show events from this pid
-P [proc] events only from process name
-v show version
[path] only get events from this path

Also Read – Zeek : A Powerful Network Analysis Framework

Backends

fsmon filesystem information is taken from different backends depending on the operating system and apis available.

This is the list of backends that can be listed with fsmon -L:

  • inotify (linux / android)
  • fanotify (linux > 2.6.36 / android 5)
  • devfsev (osx /dev/fsevents – requires root)
  • kqueue (xnu – requires root)
  • kdebug (bsd?, xnu – requires root)
  • fsevapi (osx filesystem monitor api)

Compilation

fsmon is a portable tool. It works on iOS, OSX, Linux and Android (x86, arm, arm64, mips)

Linux

$ make

OSX + iOS fatbin

$ make

iOS

$ make ios

Android

$ make android NDK_ARCH= ANDROID_API=

To get fsmon installed system wide just type:

$ make install

Changing installation path…

$ make install PREFIX=/usr DESTDIR=/

R K

Recent Posts

SpyAI : Intelligent Malware With Advanced Capabilities

SpyAI is a sophisticated form of malware that leverages advanced technologies to capture and analyze…

2 days ago

Proxmark3 : The Ultimate Tool For RFID Security And Analysis

The Proxmark3 is a versatile, open-source tool designed for radio-frequency identification (RFID) security analysis, research,…

2 days ago

Awesome Solana Security : Enhancing Program Development

The "Awesome Solana Security" collection is a comprehensive resource designed to help developers build more…

2 days ago

IngressNightmare-POCs : Understanding The Vulnerability Exploitation Flow

The "IngressNightmare" vulnerabilities, disclosed in March 2025, represent a critical set of security issues affecting…

2 days ago

AdaptixC2 : Enhancing Penetration Testing With Advanced Framework Capabilities

AdaptixC2 is an advanced post-exploitation and adversarial emulation framework designed specifically for penetration testers. It…

2 days ago

Bincrypter : Enhancing Linux Binary Security through Runtime Encryption And Obfuscation

Bincrypter is a powerful Linux binary runtime crypter written in BASH. It is designed to…

2 days ago