jscythe abuses the node.js inspector mechanism so as to drive any node.js/electron/v8 primarily based course of to execute arbitrary javascript code, even when their debugging capabilities are disabled.
Examined and dealing in opposition to Visible Studio Code, Discord, any Node.js utility and extra!
How
- Find the goal course of.
- Ship
SIGUSR1sign to the method, it will allow the debugger on a port (relying on the software program, typically it is random, typically it isn’t). - Decide debugging port by diffing open ports earlier than and after sending
SIGUSR1. - Get the websocket debugging URL and session id from
http://localhost:<port>/json. - Ship a
Runtime.considerrequest with the supplied code. - Revenue.
Constructing
Working
Goal a selected course of and execute a primary expression:
./goal/debug/jscythe --pid 666 --code "5 - 3 + 2"Execute code from a file:
./goal/debug/jscythe --pid 666 --script example_script.jsThe example_script.js can require any node module and execute any code, like:
require('child_process').spawnSync('/System/Purposes/Calculator.app/Contents/MacOS/Calculator', { encoding : 'utf8' }).stdoutSearch course of by expression:
./goal/debug/jscythe --search extensionHost --script example_script.jsDifferent choices
Run jscythe --help for the whole checklist of choices.
License
This undertaking is made with ♥ by @evilsocket and it’s launched underneath the GPL3 license.
