LOLBAS icon indicating copy to clipboard operation
LOLBAS copied to clipboard

Published 20 hours ago verified publisher icon LOLBAS-Project

Raw LOLBAS List

Open bohops opened this issue 2 years ago • 3 comments

Add (and maintain) a list of lolbas file names (e.g. lolbas.txt).

Per recommendation from @NathanMcNulty [https://twitter.com/NathanMcNulty/status/1460295942616219649], this could loaded into MDEs/SIEMs for searching and other use cases.

bohops avatar Nov 16 '21 01:11 bohops

If we decide to adopt this, we have a couple of options:

  1. File in repo, either:
    • Updated manually
    • Updated automatically via GitHub Actions
  2. Rendered file on website (implies updated automatically)

I'm inclined to go with option 2, as serving it over HTTP should ensure maximum compatibility with SIEM-like tools. But perhaps there are other considerations I haven't though of

see also #116

wietze avatar Nov 16 '21 14:11 wietze

as serving it over HTTP should ensure maximum compatibility with SIEM-like tools

Both ways sound good, but for option 1 the raw list could still be grabbed over HTTP from https://raw.githubusercontent.com (e.g. for the README).

I've been thinking more about this and I think it would be cool if LOLBAS had a command-line exploitdb + searchsploit-like interface. If it was packaged with Kali that would be epic. Maybe with a YAML to plaintext converter it wouldn't even be that hard. Just an idea I had, but it's definitely still quite a lot of work. However, I would be up for helping with at least the Debian packaging.

ElliotKillick avatar Nov 25 '21 07:11 ElliotKillick

I created a workflow that will create a CSV file containing all the binary names and nothing else. Since I tested a few things I won't create a PR but if you like please take the workflow and add it to your repo

https://github.com/f-bader/LOLBAS/blob/master/.github/workflows/yaml-to-csv.yml

f-bader avatar Aug 31 '22 17:08 f-bader