Packages and Binaries:

pspy

pspy is a command line tool designed to snoop on processes without need for root permissions. It allows you to see commands run by other users, cron jobs, etc. as they execute. Great for enumeration of Linux systems in CTFs. Also great to demonstrate your colleagues why passing secrets as arguments on the command line is a bad idea.

Installed size: 9.21 MB
How to install: sudo apt install pspy

Dependencies:
  • libc6
pspy
root@kali:~# pspy -h
pspy - version: 1.2.1 - Commit SHA: kali


     ██▓███    ██████  ██▓███ ▓██   ██▓
    ▓██░  ██▒▒██    ▒ ▓██░  ██▒▒██  ██▒
    ▓██░ ██▓▒░ ▓██▄   ▓██░ ██▓▒ ▒██ ██░
    ▒██▄█▓▒ ▒  ▒   ██▒▒██▄█▓▒ ▒ ░ ▐██▓░
    ▒██▒ ░  ░▒██████▒▒▒██▒ ░  ░ ░ ██▒▓░
    ▒▓▒░ ░  ░▒ ▒▓▒ ▒ ░▒▓▒░ ░  ░  ██▒▒▒ 
    ░▒ ░     ░ ░▒  ░ ░░▒ ░     ▓██ ░▒░ 
    ░░       ░  ░  ░  ░░       ▒ ▒ ░░  
                   ░           ░ ░     
                               ░ ░

Usage:
  pspy [flags]

Flags:
  -c, --color                        color the printed events (default true)
      --debug                        print detailed error messages
  -d, --dirs stringArray             watch these dirs
  -f, --fsevents                     print file system events to stdout
  -h, --help                         help for pspy
  -i, --interval int                 scan every 'interval' milliseconds for new processes (default 100)
      --ppid                         record process ppids
  -p, --procevents                   print new processes to stdout (default true)
  -r, --recursive_dirs stringArray   watch these dirs recursively (default [/usr,/tmp,/etc,/home,/var,/opt])
  -t, --truncate int                 truncate process cmds longer than this (default 2048)

pspy-binaries
root@kali:~# pspy-binaries -h

> pspy ~ Monitor Linux processes without root permissions

/usr/share/pspy
|-- pspy32
|-- pspy32s
|-- pspy64
`-- pspy64s

Updated on: 2024-Mar-21