alpcmap
Connect to a JSON rBuggery stub to map Windows ALPC information
Usage of ./alpcmap:
-0x=false: Enable pretty colors
-c="http://localhost:4567/debugger": API Endpoint to connect to
-d=false: Enable debug mode
-g="twopi": Graphviz command execute to generate graph
-h="SYSTEM": Highlight ports matching this regex
-t=false: Dump matching ports in plaintext
TODO:
Probably a lot
Screenshots
Text Mode
$ ./alpcmap -c http://172.16.216.139:4567/debugger -d -t -h SYSTEM -g fdp
2014/06/13 12:12:37 Connecting to remote debugger at http://172.16.216.139:4567/debugger
2014/06/13 12:12:37 Connected!
2014/06/13 12:12:50 Got process list, running ALPC queries...
csrss.exe: \Windows\ApiPort
wininit.exe: \RPC Control\WMsgKRpc093C20
wininit.exe: \RPC Control\WindowsShutdown
csrss.exe: \Sessions\1\Windows\ApiPort
winlogon.exe: \RPC Control\WMsgKRpc095FC1
services.exe: \RPC Control\ntsvcs
services.exe: \RPC Control\LRPC-c96aaeeab0887ed04a
services.exe: \RPC Control\ubpmrpc
lsass.exe: \RPC Control\LRPC-f07a68951dc06a1ad8
lsass.exe: \RPC Control\audit
lsass.exe: \RPC Control\securityevent
lsass.exe: \RPC Control\LSARPC_ENDPOINT
lsass.exe: \RPC Control\lsapolicylookup
lsass.exe: \RPC Control\lsasspirpc
lsass.exe: \RPC Control\protected_storage
lsass.exe: \RPC Control\samss lpc
lsm.exe: \RPC Control\LRPC-b9caa281ff9ab82524
lsm.exe: \RPC Control\LSMApi
[...]
Web Interface
BUGS
Contributing
Fork & pullreq
License
BSD Style, See LICENSE file for details