Fork me on GitHub


out-of-tree kernel {module, exploit} development tool

out-of-tree is for automating some routine actions for creating development environments for debugging kernel modules and exploits, generating reliability statistics for exploits, and also provides the ability to easily integrate into CI (Continuous Integration).


Build && run module/exploit
$ out-of-tree pew
Test only with one kernel
$ out-of-tree pew --kernel='Ubuntu:4.10.0-30-generic'
Run debug environment
$ out-of-tree debug --kernel='Ubuntu:4.10.0-30-generic'
Test compiled module/exploit
$ out-of-tree pew --binary some_exploit --test some_exploit_test
Identifying vulnerable kernel version
$ out-of-tree pew --guess
And more examples in


$ cat kernel-exploit/.out-of-tree.toml
name = "CVE-XXXX-YYYYY exploit"
type = "exploit" # or "module" for LKM

distro_type = "Ubuntu"
distro_release = "16.04"
release_mask = "4.4.0-(1|2|3|4)-.*"

distro_type = "Ubuntu"
distro_release = "16.04"
release_mask = "4.8.0-(1|2|3|4|5|6|7|8|9|10)-.*"


If you already have Go, Qemu and Docker installed, there's cross-platform installation checklist:
$ go get -u
Test kernel module
$ cd $GOPATH/
$ out-of-tree kernel autogen # generate kernels based on .out-of-tree.toml
$ out-of-tree pew
Test kernel exploit
$ cd $GOPATH/
$ out-of-tree pew

See also