Home / C/C++ / Miscellaneous

Extended Process List (Search functionality)

Extended Process List (ps with search) (64-bit only)
Information
Category: C/C++ / Miscellaneous
Watchers: 2
Star: 21
Fork: 6
Last update: Feb 3, 2021
Resource links
https://github.com/thesnoom/extps-cobalt-strike-bof

Extended Process List (ps with search) (64-bit only)

Added search functionality for process listing.

  • Credits to @odzhan, Alfie Champion (@ajpc500), SysWhispers, InlineWhispers etc.

Compile

make

Usage

Aggressor script included with the following commands: extps

extps proc/user

extps proc user

e.g: extps explorer snoom

e.g: extps snoom

e.g: extps onedrive admin

NOTE: BOF is for 64-bit use only.

Example

beacon> extps explorer
[*] Extended process list (@thesnoom)
[+] host called home, sent: 8650 bytes
[+] received output:
- Searching for proc/user explorer
[+] received output:
PID    PPID   Name                           Arch  Session  User
----   ----   ----                           ----  -------  ----
5688   3360   explorer.exe                   x64   1        DESKTOP-G69JOUU\snoom

beacon> extps host snoom
[*] Extended process list (@thesnoom)
[+] host called home, sent: 8651 bytes
[+] received output:
- Searching for host under user snoom
[+] received output:
PID    PPID   Name                           Arch  Session  User
----   ----   ----                           ----  -------  ----
2020   2404   sihost.exe                     x64   1        DESKTOP-G69JOUU\snoom
1904   676    svchost.exe                    x64   1        DESKTOP-G69JOUU\snoom
4088   676    svchost.exe                    x64   1        DESKTOP-G69JOUU\snoom
5132   1708   taskhostw.exe                  x64   1        DESKTOP-G69JOUU\snoom
6368   676    svchost.exe                    x64   1        DESKTOP-G69JOUU\snoom
6656   844    StartMenuExperienceHost.exe    x64   1        DESKTOP-G69JOUU\snoom
8984   676    svchost.exe                    x64   1        DESKTOP-G69JOUU\snoom
7384   844    ApplicationFrameHost.exe       x64   1        DESKTOP-G69JOUU\snoom
744    844    ShellExperienceHost.exe        x64   1        DESKTOP-G69JOUU\snoom
8908   844    dllhost.exe                    x64   1        DESKTOP-G69JOUU\snoom
6288   844    SecurityHealthHost.exe         x64   1        DESKTOP-G69JOUU\snoom

beacon> extps SERVICE
[*] Extended process list (@thesnoom)
[+] host called home, sent: 8649 bytes
[+] received output:
- Searching for proc/user service
[+] received output:
PID    PPID   Name                           Arch  Session  User
----   ----   ----                           ----  -------  ----
8808   676    svchost.exe                    x64   0        NT AUTHORITY\LOCAL SERVICE
2188   1824   audiodg.exe                    x64   0        NT AUTHORITY\LOCAL SERVICE
2336   676    SecurityHealthService.exe      x64   0        NT AUTHORITY\SYSTEM
4568   5688   vm3dservice.exe                x64   1        DESKTOP-G69JOUU\snoom
7364   676    NisSrv.exe                     x64   0        NT AUTHORITY\LOCAL SERVICE
5188   676    svchost.exe                    x64   0        NT AUTHORITY\NETWORK SERVICE

Contents

    flintlok A Python-based application demonstrating various search algorithms, namely Depth-First Search (DFS), Breadth-First Search (BFS), and A* Search (Manhattan Distance Heuristic)
    felixweyne Process Spawn Control is a Powershell tool which aims to help in the behavioral (process) analysis of malware. PsC suspends newly launched processes, and gives the analyst the option to either keep the process suspended, or to resume it.
    lwdgit gitbook powerful search plugin
    PascalPixel GAME BOY font from Pokémon R/G/B/Y/G/S/C, Unicode extended.
    mazipan 🌹 Beautiful ESLint HTML formatter extended from ESLint's official HTML formatter by JulianLaval combined with Stylish by Sindre Sorhus
    LITdevs Extended profile features for OMG.LOL
    R-E-S-T Extended CW721 Extended CW721 NFT with update, burn, freeze, set_minter functionalities
    kagurazakasanae A lib that allows using mhyprot2 driver for enum process modules, r/w process memory and kill process.
    cweiske Self-hosted search engine for your static blog
    realityengines Local search for NAS
    TechyNilesh Deep Image Search is an AI-based image search engine that includes deep transfor learning features Extraction and tree-based vectorized search.
    knipknap Easily add search/filter functionality to Django projects
    radovskyb process is a simple Go package for working with unix processes.
    dcposch Run WebTorrent in one process, control it from another process or even another machine
    mafintosh A "top" like module for your Node.js process. Collects CPU usage etc.
    joshtriplett Rust crate to use process file descriptors (pidfd) for Linux
    qdrant Qdrant - vector similarity search engine with extended filtering support
    Damian89 A better version of my xssfinder tool - scans for different types of xss on a list of urls.
    google Model search (MS) is a framework that implements AutoML algorithms for model architecture search at scale
    ko1o 🔍 An elegant search controller which replaces the UISearchController for iOS (iPhone & iPad) .
    react-native-vietnam A simple search box with animation, inspired from ios search bar. Lightweight, fast, flexible.
    Share this repo

    Related Repos


    Miscellaneous
    420
    For recording and retrieving metadata associated with ML developer and data scientist work...
    google ML Metadata ML Metadata (MLMD) is a library for recording and retrieving metadata associated with ML developer and data scientist workflows. NOTE: ML
     
    Miscellaneous
    100
    Hotcaml: an interpreter with watching and reloading
    let-def Hotcaml: an OCaml interpreter with watching and reloading Hotcaml is an OCaml interpreter that starts from a source file and loads its dependencies. W
     
    Miscellaneous
    50
    A React Native library for accessing an ArrayBuffer of a Blob instance.
    mrousavy react-native-blob-jsi-helper A React Native library for directly accessing an ArrayBuffer of a Blob instance. Note: This is a workaround. A long-term
     
    Miscellaneous
    14
    This is a OOSDK port of flat's ps4_remote_pkg_installer, all credit goes to them and their...
    Backporter ps4_remote_pkg_installer-OOSDK This is a OOSDK port of flat's ps4_remote_pkg_installer, all credit goes to them and their amazing work! NOTES Some fun
     
    Miscellaneous
    731
    General purpose GPU compute framework for cross vendor graphics cards (AMD, Qualcomm, NVID...
    KomputeProject General purpose GPU compute framework for cross vendor graphics cards (AMD, Qualcomm, NVIDIA & friends). Blazing fast, mobile-enabled, asynchronous and optimized for advanced GPU data processing usecases based on Vulkan compute. Backed by the Linux Foundation.
     
    Miscellaneous
    31
    An open source machine learning library for performing regression tasks using RVM techniqu...
    siavashserver Introduction neonrvm is an open source machine learning library for performing regression tasks using RVM technique. It is written in C programming la
     
    Miscellaneous
    108
    Pure C ONNX runtime with zero dependancies for embedded devices
    alrevuelta 🤖 cONNXr C ONNX Runtime A onnx runtime written in pure C99 with zero dependencies focused on embedded devices. Run inference on your machine learning
     
    Miscellaneous
    125
    Multi-armed bandit simulation library
    jkomiyama BanditLib: a simple multi-armed bandit library .-. .-') ('-. .-') _ _ .-') _ .-') _ .-. .-') \ ( OO )
     
    Miscellaneous
    466
    oneAPI Data Analytics Library (oneDAL)
    oneapi-src oneAPI Data Analytics Library Installation   |   Documentation   |   Support   |   Examples   |   Samples   |   How to Contribute    oneAPI Data Analy
     
    Miscellaneous
    1.4k
    Library for factorization machines
    srendle libFM Library for factorization machines web: http://www.libfm.org/ forum: https://groups.google.com/forum/#!forum/libfm Factorization machines (FM) a
     
    Miscellaneous
    617
    ThunderGBM: Fast GBDTs and Random Forests on GPUs
    Xtra-Computing Documentations | Installation | Parameters | Python (scikit-learn) interface What's new? ThunderGBM won 2019 Best Paper Award from IEEE Transactions o
     
    Miscellaneous
    34
    Low dependency(C++11 STL only), good portability, header-only, deep neural networks for em...
    mosdeo LKYDeepNN LKYDeepNN 可訓練的深度類神經網路 (Deep Neural Network) 函式庫。 輕量,核心部份只依賴 C++11 標準函式庫,低相依性、好移植,方便在嵌入式系統上使用。 Class diagram 附有訓練視覺化 demo 程式 訓練視覺化程式以 OpenCV
     
    Miscellaneous
    115
    Colibri core is an NLP tool as well as a C++ and Python library for working with basic lin...
    proycon Colibri Core is software to quickly and efficiently count and extract patterns from large corpus data, to extract various statistics on the extracted patterns, and to compute relations between the extracted patterns.
     
    Miscellaneous
    67
    Frog is an integration of memory-based natural language processing (NLP) modules developed...
    LanguageMachines Frog is an integration of memory-based natural language processing (NLP) modules developed for Dutch. All NLP modules are based on Timbl, the Tilburg memory-based learning software package.
     
    Miscellaneous
    14
    FoLiA library for C++
    LanguageMachines Libfolia: FoLiA Library for C++ Libfolia (c) CLS/ILK 2010 - 2022 Centre for Language Studies, Radboud University Nijmegen Induction of Linguistic Know