Fsnoop

Introduction

Fsnoop is a tool to monitor file operations on GNU/Linux systems by using the Inotify mechanism. Its primary purpose is to help detecting file race condition vulnerabilities and since version 3, to exploit them with loadable DSO modules (also called "payload modules" or "paymods").

Download

Documentation

See the README file for a full documentation of the tool.

Contribution

The source code is hosted on GitHub, so feel free to contribute via pull requests.

Credits

Thanks to Larry Cashdollar for testing the tool and bringing new ideas.