Fakebust is a software that helps to distinguish and identify malicious exploits.
The software aims to strike a balance between extensive analysis and blind execution with its interactive "bounding box" debugger. The program is allowed to run for as long as certain boundary I/O conditions are not violated. Whenever the program attempts to gain access to a new security-relevant resource or tries to extend its permissions to a degree that would affect the system, Fakebust stops the code.
At this point, users are presented with an informative description and can choose from several options. These options include denying the request and aborting the program or permitting the program to perform an action once. Users can also choose to permit this and future access of this type to a resource or deny the request without aborting the program.
Fakebust allows users to run elusive Apache 0-day exploits and be automatically warned if it attempts to execute shellcode locally rather than remotely. In addition, Fakebust can detect if an exploit attempts to dial a host in China with the user's /etc/passwd in hand, write to /etc/ld.so.preload, fiddle with /dev/kmem, and more. Users can stop any undesirable action before it is carried out.
The latest release of Fakebust includes proper handling of sigreturn and payload dumps on sendto/recvfrom. Overall, Fakebust is an excellent tool for those in need of advanced security measures for their computer systems.
Version 0.02b: N/A