Saruman
ELF anti-forensics exec, for injecting full dynamic executables into process image (With thread injection)
Install / Use
/learn @elfmaster/SarumanREADME
Saruman v0.1 (Ryan O'Neill) elfmaster@zoho.com
Type make to compile launcher (It will also try to compile a parasite.c file which is for you too supply). Make sure your parasite executable is compiled -fpic -pie
./launcher <pid> <parasite_executable> <parasite_args, [arg1, arg2, argN]>
NOTE: In this version Saruman doesn't yet support injecting a program that requires command line args because it is early POC. So <parasite_args> will not actually accept args yet.
./launcher --no-dlopen <pid> <parasite_executable>
When using --no-dlopen it uses a more stealth technique of loading the executable so that it doesn't show up as /path/to/parasite.exe in the /proc maps file. Currently this has some bugs and won't work with more complex parasites (To be fixed)
Related Skills
node-connect
334.1kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
82.1kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
334.1kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
commit-push-pr
82.1kCommit, push, and open a PR
