Secure and fast microVMs for serverless computing.

Overview

Firecracker Logo Title

Our mission is to enable secure, multi-tenant, minimal-overhead execution of container and function workloads.

Read more about the Firecracker Charter here.

What is Firecracker?

Firecracker is an open source virtualization technology that is purpose-built for creating and managing secure, multi-tenant container and function-based services that provide serverless operational models. Firecracker runs workloads in lightweight virtual machines, called microVMs, which combine the security and isolation properties provided by hardware virtualization technology with the speed and flexibility of containers.

Overview

The main component of Firecracker is a virtual machine monitor (VMM) that uses the Linux Kernel Virtual Machine (KVM) to create and run microVMs. Firecracker has a minimalist design. It excludes unnecessary devices and guest-facing functionality to reduce the memory footprint and attack surface area of each microVM. This improves security, decreases the startup time, and increases hardware utilization. Firecracker has also been integrated in container runtimes, for example Kata Containers and Weaveworks Ignite.

Firecracker was developed at Amazon Web Services to accelerate the speed and efficiency of services like AWS Lambda and AWS Fargate. Firecracker is open sourced under Apache version 2.0.

To read more about Firecracker, check out firecracker-microvm.io.

Getting Started

To get started with Firecracker, download the latest release binaries or build it from source.

You can build Firecracker on any Unix/Linux system that has Docker running (we use a development container) and bash installed, as follows:

git clone https://github.com/firecracker-microvm/firecracker
cd firecracker
tools/devtool build
toolchain="$(uname -m)-unknown-linux-musl"

The Firecracker binary will be placed at build/cargo_target/${toolchain}/debug/firecracker. For more information on building, testing, and running Firecracker, go to the quickstart guide.

The overall security of Firecracker microVMs, including the ability to meet the criteria for safe multi-tenant computing, depends on a well configured Linux host operating system. A configuration that we believe meets this bar is included in the production host setup document.

Contributing

Firecracker is already running production workloads within AWS, but it's still Day 1 on the journey guided by our mission. There's a lot more to build and we welcome all contributions.

To contribute to Firecracker, check out the development setup section in the getting started guide and then the Firecracker contribution guidelines.

Releases

New Firecracker versions are released via the GitHub repository releases page, typically every two or three months. A history of changes is recorded in our changelog.

The Firecracker release policy is detailed here.

Design

Firecracker's overall architecture is described in the design document.

Features & Capabilities

Firecracker consists of a single micro Virtual Machine Manager process that exposes an API endpoint to the host once started. The API is specified in OpenAPI format. Read more about it in the API docs.

The API endpoint can be used to:

  • Configure the microvm by:
    • Setting the number of vCPUs (the default is 1).
    • Setting the memory size (the default is 128 MiB).
    • [x86_64 only] Choosing a CPU template (currently, C3 and T2 are available).
  • Add one or more network interfaces to the microVM.
  • Add one or more read-write or read-only disks to the microVM, each represented by a file-backed block device.
  • Trigger a block device re-scan while the guest is running. This enables the guest OS to pick up size changes to the block device's backing file.
  • Change the backing file for a block device, before or after the guest boots.
  • Configure rate limiters for virtio devices which can limit the bandwidth, operations per second, or both.
  • Configure the logging and metric system.
  • [BETA] Configure the data tree of the guest-facing metadata service. The service is only available to the guest if this resource is configured.
  • Add a vsock socket to the microVM.
  • Start the microVM using a given kernel image, root file system, and boot arguments.
  • [x86_64 only] Stop the microVM.

Built-in Capabilities:

  • Demand fault paging and CPU oversubscription enabled by default.
  • Advanced, thread-specific seccomp filters for enhanced security.
  • Jailer process for starting Firecracker in production scenarios; applies a cgroup/namespace isolation barrier and then drops privileges.

Supported platforms

We continuously test Firecracker on machines with the following CPUs micro-architectures: Intel Skylake, Intel Cascade Lake, AMD Zen2 and ARM64 Neoverse N1.

Firecracker is generally available on Intel x86_64, AMD x86_64 and ARM64 CPUs (starting from release v0.24) that offer hardware virtualization support, and that are released starting with 2015. All production use cases should follow these production host setup instructions.

Firecracker may work on other x86 and Arm 64-bit CPUs with support for hardware virtualization, but any such platform is currently not supported and not fit for production. If you want to run Firecracker on such platforms, please open a feature request.

Firecracker currently only supports little-endian platforms, which includes x86_64 and many aarch64 CPUs. Other systems and architectures may not provide a little-endian mode, and Firecracker may not work correctly on such systems.

Known issues and Limitations

  • The SendCtrlAltDel API request is not supported for aarch64 enabled microVMs.
  • Configuring CPU templates is only supported for Intel enabled microVMs.

Performance

Firecracker's performance characteristics are listed as part of the specification documentation. All specifications are a part of our commitment to supporting container and function workloads in serverless operational models, and are therefore enforced via continuous integration testing.

Policy for Security Disclosures

The security of Firecracker is our top priority. If you suspect you have uncovered a vulnerability, contact us privately, as outlined in our security policy document; we will immediately prioritize your disclosure.

FAQ & Contact

Frequently asked questions are collected in our FAQ doc.

You can get in touch with the Firecracker community in the following ways:

When communicating within the Firecracker community, please mind our code of conduct.

Comments
  • InstanceStart Causes Firecracker to Crash

    InstanceStart Causes Firecracker to Crash

    Platform

    • Hardware: t1.small.x86 Bare metal server from Packet with 1 x Intel Atom C2550 @ 2.4Ghz processor, 8GB RAM, 80 GB SSD
    • OS: Ubuntu 16.04.5 LTS
    • Kernel: 4.4.0-134-generic

    Issue Runing InstanceStart action causes Firecracker process to crash with logging error.

    Error Message 018-11-28T06:51:31.336002913 [:ERROR:vmm/src/lib.rs:1157] Failed to log metrics on abort. Failed to log metrics. Logger was not initialized.:?

    Steps to reproduce

    • Download the firecracker executable from Firecracker release page
    • Start firecracker process using ./firecracker --api-sock /tmp/firecracker.sock command. No messages seen here.
    • On a second console download kernel and rootfs to same directory as firecracker binary from links : kernel and rootfs
    • Set guest kernel using command curl --unix-socket /tmp/firecracker.sock -i \ -X PUT 'http://localhost/boot-source' \ -H 'Accept: application/json' \ -H 'Content-Type: application/json' \ -d '{ "kernel_image_path": "./hello-vmlinux.bin", "boot_args": "console=ttyS0 reboot=k panic=1 pci=off" }'
    • set the guest rootfs using commandcurl --unix-socket /tmp/firecracker.sock -i \ -X PUT 'http://localhost/drives/rootfs' \ -H 'Accept: application/json' \ -H 'Content-Type: application/json' \ -d '{ "drive_id": "rootfs", "path_on_host": "./hello-rootfs.ext4", "is_root_device": true, "is_read_only": false }'
    • Start VM using command curl --unix-socket /tmp/firecracker.sock -i \ -X PUT 'http://localhost/actions' \ -H 'Accept: application/json' \ -H 'Content-Type: application/json' \ -d '{ "action_type": "InstanceStart" }'

    Summary

    • Logger is not initialised causing the process to crash when relevant logging is initiated code
    • InstanceStart action fails leading to above case (?)
    Quality: Improvement Support: Failure 
    opened by ganeshmannamal 48
  • vsock: error reading from backing stream

    vsock: error reading from backing stream

    While developing the vhost-user-vsock application for cloud-hypervisor, I had an issue that happens also with the vsock device emulation: https://github.com/cloud-hypervisor/cloud-hypervisor/issues/1001

    As @sboeuf suggested, I tried with Firecracker and I had a very similar issue:

    2020-04-06T11:52:33.632842533 [anonymous-instance:ERROR:src/devices/src/virtio/vsock/csm/connection.rs:242] vsock: error reading from backing stream: lp=5201, pp=1031, err=Os { code: 11, kind: WouldBlock, message: "Resource temporarily unavailable" }
    

    After the error, the throughput goes to 0 and the peers are able to communicate only restarting the connection, but the error happens every time I tried to run iperf-vsock (guest connecting to the host)

    How to reproduce

    I used iperf-vsock to stress the vsock connection.

    Kernel: hello-vmlinux.bin (Linux (none) 4.14.55-84.37.amzn2.x86_64 #1 SMP Wed Jul 25 18:47:15 UTC 2018 x86_64 Linux) Firecracker: firecracker-v0.21.1-x86_64

    VM config

    {
      "boot-source": {
        "kernel_image_path": "./hello-vmlinux.bin",
        "boot_args": "console=ttyS0 reboot=k panic=1 pci=off"
      },
      "drives": [
        {
          "drive_id": "rootfs",
          "path_on_host": "rootfs.ext4",
          "is_root_device": true,
          "is_read_only": false
        }
      ],
      "machine-config": {
        "vcpu_count": 2,
        "mem_size_mib": 1024,
        "ht_enabled": false
      },
      "vsock": {
          "vsock_id": "1",
          "guest_cid": 4,
          "uds_path": "/tmp/vm4.vsock"
      }
    }
    

    guest

    ~# mkdir /tmp     # iperf3 uses mkstemp(3)
    ~# iperf3 --vsock -c 2
    Connecting to host 2, port 5201
    [  5] local 4 port 1033 connected to 2 port 5201
    [ ID] Interval           Transfer     Bitrate
    [  5]   0.00-1.00   sec  91.0 MBytes   763 Mbits/sec                  
    2020-04-06T11:55:51.001682775 [anonymous-instance:ERROR:src/devices/src/virtio/vsock/csm/connection.rs:242] vsock: error reading from backing stream: lp=5201, pp=1033, err=Os { code: 11, kind: WouldBlock, message: "Resource temporarily unavailable" }
    [  5]   1.00-2.00   sec   422 MBytes  3.54 Gbits/sec                  
    [  5]   2.00-3.00   sec  0.00 Bytes  0.00 bits/sec                  
    [  5]   3.00-4.00   sec  0.00 Bytes  0.00 bits/sec                  
    [  5]   4.00-5.00   sec  0.00 Bytes  0.00 bits/sec                  
    [  5]   5.00-6.00   sec  0.00 Bytes  0.00 bits/sec                  
    [  5]   6.00-7.00   sec  0.00 Bytes  0.00 bits/sec                  
    [  5]   7.00-8.00   sec  0.00 Bytes  0.00 bits/sec                  
    [  5]   8.00-9.00   sec  0.00 Bytes  0.00 bits/sec                  
    [  5]   9.00-10.00  sec  0.00 Bytes  0.00 bits/sec                  
    - - - - - - - - - - - - - - - - - - - - - - - - -
    [ ID] Interval           Transfer     Bitrate
    [  5]   0.00-10.00  sec   513 MBytes   431 Mbits/sec                  sender
    [  5]   0.00-10.01  sec   513 MBytes   430 Mbits/sec                  receiver
    
    iperf Done.
    

    host

    > ./iperf3 --vsock -s -B /tmp/vm4.vsock
    -----------------------------------------------------------
    Server listening on 5201
    -----------------------------------------------------------
    Accepted connection from 40:8c44:a220:e9bb:30b4:aa01::, port 43521
    [  5] local 6d34:2e76:736f:636b:5f35:3230:3100:0 port 12148 connected to :: port 0
    [ ID] Interval           Transfer     Bitrate
    [  5]   0.00-1.00   sec   431 MBytes  3.61 Gbits/sec                  
    [  5]   1.00-2.00   sec  0.00 Bytes  0.00 bits/sec                  
    [  5]   2.00-3.00   sec  0.00 Bytes  0.00 bits/sec                  
    [  5]   3.00-4.00   sec  0.00 Bytes  0.00 bits/sec                  
    [  5]   4.00-5.00   sec  0.00 Bytes  0.00 bits/sec                  
    [  5]   5.00-6.00   sec  0.00 Bytes  0.00 bits/sec                  
    [  5]   6.00-7.00   sec  0.00 Bytes  0.00 bits/sec                  
    [  5]   7.00-8.00   sec  0.00 Bytes  0.00 bits/sec                  
    [  5]   8.00-9.00   sec  0.00 Bytes  0.00 bits/sec                  
    [  5]   9.00-10.00  sec  0.00 Bytes  0.00 bits/sec                  
    - - - - - - - - - - - - - - - - - - - - - - - - -
    [ ID] Interval           Transfer     Bitrate
    [  5]   0.00-10.00  sec   431 MBytes   361 Mbits/sec                  receiver
    
    Quality: Bug Feature: Emulation Priority: High 
    opened by stefano-garzarella 47
  • Update Rust toolchain to 1.43.1

    Update Rust toolchain to 1.43.1

    Reason for This PR

    The latest cargo-audit used in the Docker images requires Rust >=1.40. The current image still uses Rust 1.39.

    Blocked by #1913

    Fixes #1904

    Description of Changes

    The Dockerfiles have been changed to use Rust 1.43.1, the latest stable Rust version.

    • [x] This functionality can be added in rust-vmm.

    License Acceptance

    By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

    PR Checklist

    [Reviewer TODO: Verify that these criteria are met. Request changes if not]

    • [x] All commits in this PR are signed (git commit -s).
    • [x] The reason for this PR is clearly provided (issue no. or explanation).
    • [x] The description of changes is clear and encompassing.
    • [x] Any required documentation changes (code and docs) are included in this PR.
    • [x] Any newly added unsafe code is properly documented.
    • [x] Any API changes are reflected in firecracker/swagger.yaml.
    • [x] Any user-facing changes are mentioned in CHANGELOG.md.
    Status: Author Status: Reviewer 
    opened by timvisee 42
  • loader: add support for initrd

    loader: add support for initrd

    Reason for This PR

    The 2020 Roadmap welcomes contributions that adds initrd support. A previous PR was opened to add it (#670), but cannot be reused as is, because it also added support for loading a compressed kernel.

    Hence #670 was reworked and rebased to only include initrd support. Fixes #208 .

    Description of Changes

    • Add initrd_path property to the boot-source API.
    • Pass ramdisk_image (memory offset) and ramdisk_size to the guest bootparams table.
    • Implement the load_initrd loader function, to load the initrd file content into the guest memory ~~at a (for the moment) fixed address~~ at then end of the available low memory (for x86_64).

    License Acceptance

    By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

    PR Checklist

    [Author TODO: Meet these criteria. Where there are two options, keep one.]
    [Reviewer TODO: Verify that these criteria are met. Request changes if not]

    • [x] All commits in this PR are signed (git commit -s).
    • [x] Either this PR is linked to an issue, or, the reason for this PR is clearly provided.
    • [x] The description of changes is clear and encompassing.
    • [x] Either no docs need to be updated as part of this PR, or, the required doc changes are included in this PR. Docs in scope are all *.md files located either in the repository root, or in the docs/ directory.
    • [x] Either no code has been touched, or, code-level documentation for touched code is included in this PR.
    • [x] Either no API changes are included in this PR, or, the API changes are reflected in firecracker/swagger.yaml.
    • [x] Either the changes in this PR have no user impact, or, the changes in this PR have user impact and have been added to the CHANGELOG.md file.
    Codebase: Usability Roadmap: New Request Status: Reviewer 
    opened by marcov 41
  • Partial fix for restore snapshot GET /vm/config bug

    Partial fix for restore snapshot GET /vm/config bug

    Fixed the issue where GET /vm/config would return the default config for a VM restored from a snapshot. The config now updates after restoring from a snapshot.

    Reason for This PR

    This PR exists to fix the bug described in issue #2783.

    Description of Changes

    Changed restoring a snapshot to include updating the VmResources so that the correct config would be returned for the GET /vm/config endpoint. The only parts of the config that are still using default values after restoring a snapshot are the following: boot-source (which is reasonable since there is no boot-source in the case of a restore), machine-config.smt and machine-config.cpu_template.

    License Acceptance

    By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

    PR Checklist

    [Author TODO: Meet these criteria.] [Reviewer TODO: Verify that these criteria are met. Request changes if not]

    • [x] All commits in this PR are signed (git commit -s).
    • [x] The issue which led to this PR has a clear conclusion.
    • [x] This PR follows the solution outlined in the related issue.
    • [x] The description of changes is clear and encompassing.
    • [x] Any required documentation changes (code and docs) are included in this PR.
    • [x] Any newly added unsafe code is properly documented.
    • [x] Any API changes follow the Runbook for Firecracker API changes.
    • [x] Any user-facing changes are mentioned in CHANGELOG.md.
    • [x] All added/changed functionality is tested.
    opened by summerlinryan 35
  • [Devices] virtio vsock

    [Devices] virtio vsock

    We want to have vsock support to enable container integration, but we don't want to use vhost since that would be another attack surface to directly exposes the host kernel. Instead, we'll write another back-end for vsock. See #194.

    Currenty, virtio vsock exists in the codebase as an experimental development-only rust feature, with the vhost implementation.

    Feature: IO Virtualization Roadmap: Tracked 
    opened by raduweiss 30
  • firecracker coredump

    firecracker coredump

    Describe the bug

    [Author TODO: A clear and concise description of what the bug is.]

    root@ubuntu:~/myfirecracker/firecracker# firecracker --api-sock /tmp/firecracker.socket Bad system call (core dumped)

    To Reproduce

    1、 start firecrakcer: firecracker --api-sock /tmp/firecracker.socket 2、 send curl request curl --unix-socket /tmp/firecracker.socket -i
    -X PUT 'http://localhost/boot-source'
    -H 'Accept: application/json'
    -H 'Content-Type: application/json'
    -d "{ "kernel_image_path": "${kernel_path}", "boot_args": "keep_bootcon console=ttyS0 reboot=k panic=1 pci=off" }" curl: (52) Empty reply from server curl: (7) Couldn't connect to server curl: (7) Couldn't connect to server

    Environment

    uname -a Linux ubuntu 5.0.0-23-generic #24~18.04.1-Ubuntu SMP Mon Jul 29 16:10:24 UTC 2019 aarch64 aarch64 aarch64 GNU/Linux

    the firecrakcer is builded as following: root@ubuntu:~/myfirecracker# git clone https://github.com/firecracker-microvm/firecracker.git Cloning into 'firecracker'... remote: Enumerating objects: 82, done. remote: Counting objects: 100% (82/82), done. remote: Compressing objects: 100% (69/69), done. remote: Total 25405 (delta 31), reused 25 (delta 12), pack-reused 25323 Receiving objects: 100% (25405/25405), 17.58 MiB | 5.38 MiB/s, done. Resolving deltas: 100% (15370/15370), done. root@ubuntu:~/myfirecracker# cd firecracker root@ubuntu:~/myfirecracker/firecracker# tools/devtool build

    Quality: Bug 
    opened by magnate3 29
  • bzImage / initrd support (v2)

    bzImage / initrd support (v2)

    This is a rebase of https://github.com/firecracker-microvm/firecracker/pull/428 - after various repo shuffles I'm not able to update that PR with the new version.

    It adds support for loading bzImage kernels and initrds as an alternative to ELF64 kernels. It's slower than the vmlinux format because the kernel must decompress itself, but useful for trying kernels that I didn't build myself.

    For now, it loads the initrd at a fixed address; it would be better to have a way of finding a free area of memory after the kernel has loaded.

    Feature: Guest OS 
    opened by tim-deegan-aws 29
  • Update to latest Tokio/Hyper

    Update to latest Tokio/Hyper

    • Updates Firecracker to the latest Tokio revision. This removes dependencies on deprecated libraries and introduces a global Tokio event loop, removing the need to juggle Tokio handles.
    • As part of using the latest Tokio revision, I updated Firecracker to Hyper 0.12. While this allows Firecracker to use the new Tokio library, it does remove the typed headers. They are in development at hyperium/headers.
    • Tokio now imposes a Sync constraint on spawned futures, as the future could potentially run on a threadpool. Since std::sync::mpsc::Sender is not Sync, I introduced Crossbeam, whose senders are Sync. I was not aware of SyncSender at the time. On bounded channels, Crossbeam greatly outperforms. This change can be reverted if necessary.

    Still to do:

    • Run integration tests on a Linux machine. This builds, but I didn’t have a Linux machine handy. Sorry about that; I’ll address that soon.
    • Decide whether to keep Crossbeam.

    Signed-off-by: David Barsky [email protected]

    Feature: API 
    opened by davidbarsky 28
  • Proposal: Use Docker CE as jailer

    Proposal: Use Docker CE as jailer

    There are a few Jailers already around that support creation of Linux/BSD Jails the two biggest are Docker CE (containerD, moby) and SystemdNS

    I would love to see that we get this Project to choose one of this Options as additional jailer

    It will enable firecracker to be spawned in all this environments so it can be deployed in a local Kubernetes Cluster (containerd & moby) or CoreOs installation (SystemdNS)

    Feature: Jailing Roadmap: New Request 
    opened by frank-dspeed 26
  • Add --cgroups parameter to jailer

    Add --cgroups parameter to jailer

    Reason for This PR

    Increase cgroups integration flexibility for the Jailer. Fixes #1937 Fixes #1617

    Description of Changes

    New --cgroups argument have been added to the Jailer. This argument takes care of setting the passed cgroups generically and check that the expected value is correctly written.

    The Cgroup type have been modified in order to represent each of the cgroups passed by --cgroups command line argument.

    • [ ] This functionality can be added in rust-vmm.

    License Acceptance

    By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

    PR Checklist

    [Author TODO: Meet these criteria.] [Reviewer TODO: Verify that these criteria are met. Request changes if not]

    • [ ] All commits in this PR are signed (git commit -s).
    • [ ] The reason for this PR is clearly provided (issue no. or explanation).
    • [ ] The description of changes is clear and encompassing.
    • [ ] Any required documentation changes (code and docs) are included in this PR.
    • [ ] Any newly added unsafe code is properly documented.
    • [ ] Any API changes are reflected in firecracker/swagger.yaml.
    • [ ] Any user-facing changes are mentioned in CHANGELOG.md.
    Status: Author 
    opened by christian7007 25
  • Testing cpuid

    Testing cpuid

    Changes

    Adds additional testing onto the cpuid crate in the feature/cpu-templates feature branch.

    Reason

    Increases safety.

    License Acceptance

    By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

    PR Checklist

    • [x] All commits in this PR are signed (git commit -s).
    • [x] If a specific issue led to this PR, this PR closes the issue.
    • [x] The description of changes is clear and encompassing.
    • [x] Any required documentation changes (code and docs) are included in this PR.
    • [x] New unsafe code is documented.
    • [x] API changes follow the Runbook for Firecracker API changes.
    • [x] User-facing changes are mentioned in CHANGELOG.md.
    • [x] All added/changed functionality is tested.
    • [x] New TODOs link to an issue.

    • [ ] This functionality can be added in rust-vmm.
    opened by JonathanWoollett-Light 0
  • Update code coverage to grcov

    Update code coverage to grcov

    Changes

    Changes code coverage to grcov.

    Reason

    kcov outputs inaccurate coverage.

    License Acceptance

    By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

    PR Checklist

    • [x] All commits in this PR are signed (git commit -s).
    • [x] If a specific issue led to this PR, this PR closes the issue.
    • [x] The description of changes is clear and encompassing.
    • [x] Any required documentation changes (code and docs) are included in this PR.
    • [x] New unsafe code is documented.
    • [x] API changes follow the Runbook for Firecracker API changes.
    • [x] User-facing changes are mentioned in CHANGELOG.md.
    • [x] All added/changed functionality is tested.
    • [x] New TODOs link to an issue.

    • [ ] This functionality can be added in rust-vmm.
    Quality: CI Status: Reviewer 
    opened by JonathanWoollett-Light 1
  • Cleanup devtool

    Cleanup devtool

    Changes

    Follow-up cleanups after the latest release changes.

    Reason

    Extract release functionality out of devtool and simplify devtool.

    License Acceptance

    By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

    PR Checklist

    • [x] All commits in this PR are signed (git commit -s).
    • ~[ ] If a specific issue led to this PR, this PR closes the issue.~
    • [x] The description of changes is clear and encompassing.
    • [x] Any required documentation changes (code and docs) are included in this PR.
    • ~[ ] New unsafe code is documented.~
    • ~[ ] API changes follow the Runbook for Firecracker API changes.~
    • ~[ ] User-facing changes are mentioned in CHANGELOG.md.~
    • [x] All added/changed functionality is tested.
    • ~[ ] New TODOs link to an issue.~

    • ~[ ] This functionality can be added in rust-vmm.~
    Codebase: Build System Status: Author 
    opened by pb8o 1
  • perf: net: update AMD baselines for TCP throughput

    perf: net: update AMD baselines for TCP throughput

    Signed-off-by: Luminita Voicu [email protected]

    Changes

    Update AMD performance baselines for TCP throughput tests.

    Reason

    We have recently merged some network improvements (see #2958) and only ARM and Intel performance baselines were updated.

    License Acceptance

    By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

    PR Checklist

    • [X] All commits in this PR are signed (git commit -s).
    • ~[ ] If a specific issue led to this PR, this PR closes the issue.~
    • [X] The description of changes is clear and encompassing.
    • ~[ ] Any required documentation changes (code and docs) are included in this PR.~
    • ~[ ] New unsafe code is documented.~
    • ~[ ] API changes follow the Runbook for Firecracker API changes.~
    • ~[ ] User-facing changes are mentioned in CHANGELOG.md.~
    • ~[ ] All added/changed functionality is tested.~
    • ~[ ] New TODOs link to an issue.~

    • ~[ ] This functionality can be added in rust-vmm.~
    opened by luminitavoicu 0
  • [Bug] Memory monitor logic does not support multiple memory regions layout

    [Bug] Memory monitor logic does not support multiple memory regions layout

    Describe the bug

    Some intermittent failures can be noticed for tests that configure microVMs that exceed the one memory region layout on x86. Like test_create_large_diff_snapshot. The test fails only sometimes because most of the times the memory monitor does not get a chance to run a second time (we have a 1s gap between runs) before the test finishes.

    To Reproduce

    • decrease MEMORY_SAMPLE_TIMEOUT_S to 0.5
    • run test_create_large_diff_snapshot

    Expected behaviour

    • aforementioned test passes all the time
    Quality: Bug 
    opened by dianpopa 0
  • Api server thread clean shutdown

    Api server thread clean shutdown

    Changes

    Use dedicated kill switch mechanism to break out of micro-http loop and gracefully shutdown the API server thread.

    Remove hacky "/shutdown-internal" HTTP request which was externally exposing a way to bring down parts of firecracker components.

    Dependencies

    Ideally needs https://github.com/firecracker-microvm/micro-http/pull/33 merged first, then point the dependency there.

    License Acceptance

    By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

    PR Checklist

    • [x] All commits in this PR are signed (git commit -s).
    • [x] ~If a specific issue led to this PR, this PR closes the issue.~
    • [x] The description of changes is clear and encompassing.
    • [x] Any required documentation changes (code and docs) are included in this PR.
    • [x] ~New unsafe code is documented.~
    • [x] ~API changes follow the Runbook for Firecracker API changes.~
    • [x] ~User-facing changes are mentioned in CHANGELOG.md.~
    • [x] All added/changed functionality is tested.
    • [x] ~New TODOs link to an issue.~

    • [x] ~This functionality can be added in rust-vmm.~
    opened by acatangiu 0
Releases(v1.1.4)
  • v1.1.4(Dec 7, 2022)

  • v1.2.0(Dec 2, 2022)

    Added

    • Added a new CPU template called T2S. This exposes the same CPUID as T2 to the Guest and also overwrites the ARCH_CAPABILITIES MSR to expose a reduced set of capabilities. With regards to hardware vulnerabilities and mitigations, the Guest vCPU will apear to look like a Skylake CPU, making it safe to snapshot uVMs running on a newer host CPU (Cascade Lake) and restore on a host that has a Skylake CPU.
    • Added a new CLI option --metrics-path PATH. It accepts a file parameter where metrics will be sent to.
    • Added baselines for m6i.metal and m6a.metal for all long running performance tests.
    • Releases now include debuginfo files.

    Changed

    • Changed the jailer option --exec-file to fail if the filename does not contain the string firecracker to prevent from running non-firecracker binaries.
    • Upgraded Rust toolchain from 1.52.1 to 1.64.0.
    • Switched to specifying our dependencies using caret requirements instead of comparison requirements.
    • Updated all dependencies to their respective newest versions.

    Fixed

    • Made the T2 template more robust by explicitly disabling additional CPUID flags that should be off but were missed initially or that were not available in the spec when the template was created.
    • Now MAC address is correctly displayed when queried with GET /vm/config if left unspecified in both pre and post snapshot states.
    • Fixed a self-DoS scenario in the virtio-queue code by reporting and terminating execution when the number of available descriptors reported by the driver is higher than the queue size.
    • Fixed the bad handling of kernel cmdline parameters when init arguments were provided in the boot_args field of the JSON body of the PUT /boot-source request.
    • Fixed a bug on ARM64 hosts where the upper 64bits of the V0-V31 FL/SIMD registers were not saved correctly when taking a snapshot, potentially leading to data loss. This change invalidates all ARM64 snapshots taken with versions of Firecracker <= 1.1.3.
    • Improved stability and security when saving CPU MSRs in snapshots.
    Source code(tar.gz)
    Source code(zip)
    firecracker-v1.2.0-aarch64.tgz(3.87 MB)
    firecracker-v1.2.0-aarch64.tgz.sha256.txt(65 bytes)
    firecracker-v1.2.0-x86_64.tgz(3.75 MB)
    firecracker-v1.2.0-x86_64.tgz.sha256.txt(65 bytes)
  • v1.0.2(Nov 30, 2022)

  • v1.1.3(Nov 24, 2022)

  • v1.1.2(Oct 10, 2022)

  • v1.0.1(Oct 10, 2022)

  • v1.1.1(Jul 29, 2022)

    Added

    • Add a new CPU template called T2S. This exposes the same CPUID as T2 to the Guest and also overwrites the ARCH_CAPABILITIES MSR to expose a reduced set of capabilities. With regards to hardware vulnerabilities and mitigations, the Guest vCPU will apear to look like a Skylake CPU, making it safe to snapshot uVMs running on a newer host CPU (Cascade Lake) and restore on a host that has a Skylake CPU.

    Fixed

    • Make the T2 template more robust by explicitly disabling additional CPUID flags that should be off but were missed initially or that were not available in the spec when the template was created.
    Source code(tar.gz)
    Source code(zip)
    firecracker-v1.1.1-aarch64.tgz(1.78 MB)
    firecracker-v1.1.1-aarch64.tgz.sha256.txt(65 bytes)
    firecracker-v1.1.1-x86_64.tgz(1.80 MB)
    firecracker-v1.1.1-x86_64.tgz.sha256.txt(65 bytes)
  • v1.1.0(May 6, 2022)

    Added

    • The API PATCH methods for machine-config can now be used to reset the cpu_template to "None". Until this change there was no way to reset the cpu_template once it was set.
    • Added a rebase-snap tool for rebasing a diff snapshot over a base snapshot.
    • Mmds version is persisted across snapshot-restore. Snapshot compatibility is preserved bidirectionally, to and from a Firecracker version that does not support persisting the Mmds version. In such cases, the default V1 option is used.
    • Added --mmds-size-limit for limiting the mmds data store size instead of piggy-backing on --http-api-max-payload-size. If left unconfigured it defaults to the value of --http-api-max-payload-size, to provide backwards compatibility.
    • Added optional mem_backend body field in PUT requests on /snapshot/load. This new parameter is an object that defines the configuration of the backend responsible for handling memory loading during snapshot restore. The mem_backend parameter contains backend_type and backend_path required fields. backend_type is an enum that can take either File or Uffd as value. Interpretation of backend_path field depends on the value of backend_type. If File, then the user must provide the path to file that contains the guest memory to be loaded. Otherwise, if backend_type is Uffd, then backend_path is the path to a unix domain socket where a custom page fault handler process is listening and expecting a UFFD to be sent by Firecracker. The UFFD is used to handle the guest memory page faults in the separate process.
    • Added logging for the snapshot/restore and async block device IO engine features to indicate they are in development preview.

    Changed

    • The API PATCH method for /machine-config can be now used to change track_dirty_pages on aarch64.
    • MmdsV2 is now Generally Available.
    • MmdsV1 is now deprecated and will be removed in Firecracker v2.0.0. Use MmdsV2 instead.
    • Deprecated mem_file_path body field in PUT on /snapshot/load request.

    Fixed

    • Fixed inconsistency that allowed the start of a microVM from a JSON file without specifying the vcpu_count and mem_size_mib parameters for machine-config although they are mandatory when configuring via the API. Now these fields are mandatory when specifying machine-config in the JSON file and when using the PUT request on /machine-config.
    • Fixed inconsistency that allowed a user to specify the cpu_template parameter and set smt to True in machine-config when starting from a JSON file on aarch64 even though they are not permitted when using PUT or PATCH in the API. Now Firecracker will return an error on aarch64 if smt is set to True or if cpu_template is specified.
    • Fixed inconsistent behaviour of the PUT method for /machine-config that would reset the track_dirty_pages parameter to false if it was not specified in the JSON body of the request, but left the cpu_template parameter intact if it was not present in the request. Now a PUT request for /machine-config will reset all optional parameters (smt, cpu_template, track_dirty_pages) to their default values if they are not specified in the PUT request.
    • Fixed incosistency in the swagger definition with the current state of the /vm/config endpoint.
    Source code(tar.gz)
    Source code(zip)
    firecracker-v1.1.0-aarch64.tgz(1.78 MB)
    firecracker-v1.1.0-aarch64.tgz.sha256.txt(65 bytes)
    firecracker-v1.1.0-x86_64.tgz(1.80 MB)
    firecracker-v1.1.0-x86_64.tgz.sha256.txt(65 bytes)
  • v1.0.0(Jan 31, 2022)

    Added

    • Added jailer option --parent-cgroup <relative_path> to allow the placement of microvm cgroups in custom cgroup nested hierarchies. The default value is <exec-file> which is backwards compatible to the behavior before this change.
    • Added jailer option --cgroup-version <1|2> to support running the jailer on systems that have cgroup-v2. Default value is 1 which means that if --cgroup-version is not specified, the jailer will try to create cgroups on cgroup-v1 hierarchies only.
    • Added --http-api-max-payload-size parameter to configure the maximum payload size for PUT and PATCH requests.
    • Limit MMDS data store size to --http-api-max-payload-size.
    • Cleanup all environment variables in Jailer.
    • Added metrics for accesses to deprecated HTTP and command line API endpoints.
    • Added permanent HTTP endpoint for GET on /version for getting the Firecracker version.
    • Added --metadata parameter to enable MMDS content to be supplied from a file allowing the MMDS to be used when using --no-api to disable the API server.
    • Checksum file for the release assets.
    • Added support for custom headers to MMDS requests. Accepted headers are: X-metadata-token, which accepts a string value that provides a session token for MMDS requests; and X-metadata-token-ttl-seconds, which specifies the lifetime of the session token in seconds.
    • Support and validation for host and guest kernel 5.10.
    • A kernel support policy.
    • Added io_engine to the pre-boot block device configuration. Possible values: Sync (the default option) or Async (only available for kernels newer than 5.10.51). The Async variant introduces a block device engine that uses io_uring for executing requests asynchronously, which is in developer preview (NOT for production use). See docs/api_requests/block-io-engine.md.
    • Added block.io_engine_throttled_events metric for measuring the number of virtio events throttled because of the IO engine.
    • New optional version field to PUT requests towards /mmds/config to configure MMDS version. Accepted values are V1 and V2 and default is V1. MMDS V2 is developer preview only (NOT for production use) and it does not currently work after snapshot load.
    • Mandatory network_interfaces field to PUT requests towards /mmds/config which contains a list of network interface IDs capable of forwarding packets to MMDS.

    Changed

    • Removed the --node jailer parameter.
    • Deprecated vsock_id body field in PUTs on /vsock.
    • Removed the deprecated the --seccomp-level parameter.
    • GET requests to MMDS require a session token to be provided through X-metadata-token header when using V2.
    • Allow PUT requests to MMDS in order to generate a session token to be used for future GET requests when version 2 is used.
    • Remove allow_mmds_requests field from the request body that attaches network interfaces. Specifying interfaces that allow forwarding requests to MMDS is done by adding the network interface's ID to the network_interfaces field of PUT /mmds/config request's body.
    • Renamed /machine-config ht_enabled to smt.
    • smt field is now optional on PUT /machine-config, defaulting to false.
    • Configuring smt: true on aarch64 via the API is forbidden.

    Fixed

    • Fixed incorrect propagation of init parameters in kernel commandline. Related to: #2709.
    • Adapt T2 and C3 CPU templates for kernel 5.10. Firecracker was not previously masking some CPU features of the host or emulated by KVM, introduced in more recent kernels: umip, vmx, avx512_vnni.
    • Fix jailer's cgroup implementation to accept properties that contain multiple dots.
    Source code(tar.gz)
    Source code(zip)
    firecracker-v1.0.0-aarch64.tgz(1.56 MB)
    firecracker-v1.0.0-aarch64.tgz.sha256.txt(65 bytes)
    firecracker-v1.0.0-x86_64.tgz(1.59 MB)
    firecracker-v1.0.0-x86_64.tgz.sha256.txt(65 bytes)
  • v0.25.2(Nov 24, 2021)

  • v0.25.1(Nov 5, 2021)

  • v0.24.6(Aug 24, 2021)

  • v0.25.0(Aug 13, 2021)

    Added

    • Added devtool build --ssh-keys flag to support fetching from private git repositories.
    • Added option to configure block device flush.
    • Added --new-pid-ns flag to the Jailer in order to spawn the Firecracker process in a new PID namespace.
    • Added API metrics for GET, PUT and PATCH requests on /mmds endpoint.
    • Added --describe-snapshot flag to Firecracker to fetch the data format version of a snapshot state file provided as argument.
    • Added --no-seccomp parameter for disabling the default seccomp filters.
    • Added --seccomp-filter parameter for supplying user-provided, custom filters.
    • Added the seccompiler-bin binary that is used to compile JSON seccomp filters into serialized BPF for Firecracker consumption.
    • Snapshotting support for GICv2 enabled guests.
    • Added devtool install to deploy built binaries in /usr/local/bin or a given path.
    • Added code logic to send VIRTIO_VSOCK_EVENT_TRANSPORT_RESET on snapshot creation, when the Vsock device is active. The event will close active connections on the guest.
    • Added GET request on /vm/config that provides full microVM configuration as a JSON HTTP response.
    • Added --resource-limit flag to jailer to limit resources such as: number of file descriptors allowed at a time (with a default value of 2048) and maximum size of files created by the process.

    Changed

    • Changed Docker images repository from DockerHub to Amazon ECR.
    • Fixed off-by-one error in virtio-block descriptor address validation.
    • Changed the PATCH request on /balloon/statistics to schedule the first statistics update immediately after processing the request.
    • Deprecated the --seccomp-level parameter. It will be removed in a future release. Using it logs a runtime warning.
    • Experimental gnu libc builds use empty default seccomp filters, allowing all system calls.

    Fixed

    • Fixed non-compliant check for the RTC device ensuring a fixed 4-sized data buffer.
    • Unnecessary interrupt assertion was removed from the RTC. However, a dummy interrupt is still allocated for snapshot compatibility reasons.
    • Fixed the SIGPIPE signal handler so Firecracker no longer exits. The signal is still recorded in metrics and logs.
    • Fixed ballooning API definitions by renaming all fields which mentioned "MB" to use "MiB" instead.
    • Snapshot related host files (vm-state, memory, block backing files) are now flushed to their backing mediums as part of the CreateSnapshot operation.
    • Fixed the SSBD mitigation not being enabled on aarch64 with the provided prod-host-setup.md.
    • Fixed the balloon statistics not working after a snapshot restore event.
    • The utc_timestamp_ms now reports the timestamp in ms from the UTC UNIX Epoch, as the name suggests. It was previously using a monotonic clock with an undefined starting point.
    Source code(tar.gz)
    Source code(zip)
    firecracker-v0.25.0-aarch64.tgz(1.66 MB)
    firecracker-v0.25.0-x86_64.tgz(1.69 MB)
  • v0.24.5(Jul 23, 2021)

  • v0.23.5(Jul 23, 2021)

  • v0.24.4(May 25, 2021)

  • v0.23.4(May 25, 2021)

    Changed

    • Changed Docker images repository from DockerHub to Amazon ECR.

    Fixed

    • Snapshot related host files (vm-state, memory, block backing files) are now flushed to their backing mediums as part of the CreateSnapshot operation.
    • Fixed race between vcpu initialization and emulation thread which could potentially lead to segmentation faults.
    • Fixed the SSBD mitigation not being enabled on aarch64 with the provided prod-host-setup.md, by force-enabling it.
    Source code(tar.gz)
    Source code(zip)
    firecracker-v0.23.4-aarch64.tgz(1.19 MB)
    firecracker-v0.23.4-x86_64.tgz(1.36 MB)
  • v0.24.3(May 11, 2021)

  • v0.24.2(Feb 19, 2021)

  • v0.23.3(Feb 19, 2021)

  • v0.22.4(Feb 1, 2021)

  • v0.23.2(Jan 15, 2021)

  • v0.24.1(Jan 14, 2021)

  • v0.22.3(Jan 13, 2021)

  • v0.24.0(Dec 23, 2020)

    Added

    • Added optional resume_vm field to /snapshot/load API call.
    • Added support for block rate limiter PATCH.
    • Added devtool test -c|--cpuset-cpus flag for cpus confinement when tests run.
    • Added devtool test -m|--cpuset-mems flag for memory confinement when tests run.
    • Added the virtio traditional memory ballooning device.
    • Added a mechanism to handle vCPU/VMM errors that result in process termination.
    • Added incremental guest memory snapshot support.
    • Added aarch64 snapshot support.

    Changed

    • Change the information provided in DescribeInstance command to provide microVM state information (Not started/Running/Paused) instead of whether it's started or not.
    • Removed the jailer --extra-args parameter. It was a noop, having been replaced by the -- separator for extra arguments.
    • Changed the output of the --version command line parameter to include a list of supported snapshot data format versions for the firecracker binary.
    • Increased the maximum number of virtio devices from 11 to 19.
    • Added a new check that prevents creating v0.23 snapshots when more than 11 devices are attached.
    • If the stdout buffer is full and non-blocking, the serial writes no longer block. Any new bytes will be lost, until the buffer is freed. The device also logs these errors and increments the uart.error_count metric for each lost byte.

    Fixed

    • Fixed inconsistency in YAML file InstanceInfo definition
    Source code(tar.gz)
    Source code(zip)
    firecracker-v0.24.0-aarch64.tgz(1.36 MB)
    firecracker-v0.24.0-x86_64.tgz(1.36 MB)
  • v0.23.0(Oct 27, 2020)

    Added

    • Added full support for AMD CPUs (General Availability). More details here.
    • Added snapshot-restore functionality (Developer preview). More details here.
    • Added metric for throttled block device events.
    • Added metrics for counting rate limiter throttling events.
    • Added metric for counting MAC address updates.
    • Added metrics for counting TAP read and write errors.
    • Added metrics for counting RX and TX partial writes.
    • Added metrics that measure the duration of pausing and resuming the microVM, from the VMM perspective.
    • Added metric for measuring the duration of the last full snapshot created, from the VMM perspective.
    • Added metric for measuring the duration of loading a snapshot, from the VMM perspective.
    • Added metrics that measure the duration of pausing and resuming the microVM, from the API (user) perspective.
    • Added metric for measuring the duration of the last full snapshot created, from the API (user) perspective.
    • Added metric for measuring the duration of loading a snapshot, from the API (user) perspective.
    • Added track_dirty_pages field to machine-config. If enabled, Firecracker can create incremental guest memory snapshots by saving the dirty guest pages in a sparse file.
    • Added a new API call, PATCH /vm, for changing the microVM state (to Paused or Resumed).
    • Added a new API call, PUT /snapshot/create, for creating a full snapshot.
    • Added a new API call, PUT /snapshot/load, for loading a snapshot.
    • Added new jailer command line argument --cgroup which allow the user to specify the cgroups that are going to be set by the Jailer.

    Fixed

    • Boot time on AMD achieves the desired performance (i.e under 150ms).

    Changed

    • The logger level field is now case-insensitive.
    • Disabled boot timer device after restoring a snapshot.
    • Enabled boot timer device only when specifically requested, by using the --boot-timer dedicated cmdline parameter.
    • firecracker and jailer --version now gets updated on each devtool build to the output of git describe --dirty, if the git repo is available.
    • MicroVM process is only attached to the cgroups defined by using --cgroups or the ones defined indirectly by using --node.
    Source code(tar.gz)
    Source code(zip)
    firecracker-v0.23.0-aarch64(1.52 MB)
    firecracker-v0.23.0-x86_64(1.94 MB)
    jailer-v0.23.0-aarch64(1.28 MB)
    jailer-v0.23.0-x86_64(1.38 MB)
Owner
firecracker-microvm
firecracker-microvm
Secure multithreaded packet sniffer

sniffglue sniffglue is a network sniffer written in rust. Network packets are parsed concurrently using a thread pool to utilize all cpu cores. Projec

null 914 Dec 30, 2022
Secure transport for running MPC protocols backed by Signal

MPC over Signal Overview This library provides a high-level interface for connecting to Signal Server and using it to exchange messages with other con

[ZenGo X] 42 Jan 4, 2023
Secure sandboxing system for untrusted code execution

Godbox Secure sandboxing system for untrusted code execution. It uses isolate which uses specific functionnalities of the Linux kernel, thus godbox no

Nathanael Demacon 19 Dec 14, 2022
Cross-platform Secure TUI Secret Locker

SafeCloset keeps your secrets in password protected files. SafeCloset is designed to be convenient and avoid common weaknesses like external editing or temporary files written on disk.

Canop 63 Dec 26, 2022
Secure storage for cryptographic secrets in Rust

secrets secrets is a library to help Rust programmers safely held cryptographic secrets in memory. It is mostly an ergonomic wrapper around the memory

Stephen Touset 165 Dec 22, 2022
Use Touch ID / Secure Enclave for SSH Authentication!

SeKey About SeKey is a SSH Agent that allow users to authenticate to UNIX/Linux SSH servers using the Secure Enclave How it Works? The Secure Enclave

SeKey 2.3k Dec 26, 2022
Cyg will help you to secure files in your repository directly using PGP encryption

cyg: Secure files in your repository Cyg will help you to secure files in your repository directly using PGP encryption. The name "cyg" was inspired b

Hisam Fahri 2 Aug 31, 2022
A fast Rust-based safe and thead-friendly grammar-based fuzz generator

Intro fzero is a grammar-based fuzzer that generates a Rust application inspired by the paper "Building Fast Fuzzers" by Rahul Gopinath and Andreas Ze

null 203 Nov 9, 2022
The Heros NFT Marketplace Boilerplate project is designed to let users fork, customize, and deploy their own nft marketplace app to a custom domain, ultra fast.

Heros NFT on Solana The Heros NFT Marketplace Boilerplate project is designed to let users fork, customize, and deploy their own nft marketplace app t

nightfury 6 Jun 6, 2022
A fast, simple, recursive content discovery tool written in Rust.

A simple, fast, recursive content discovery tool written in Rust ?? Releases ✨ Example Usage ✨ Contributing ✨ Documentation ?? ?? What the heck is a f

epi 3.6k Dec 30, 2022
Dangerously fast dns/network/port scanner, all-in-one

Skanuvaty Dangerously fast dns/network/port scanner, all-in-one. Start with a domain, and we'll find everything about it. Features: Finds subdomains f

CCCC 701 Dec 31, 2022
Fast, Concurrent, Rust based Tidal-Media-Downloader implementation.

tdl tdl is a rust implementation of the Python Script Tidal-Media-Downloader. Overview tdl offers significant performance improvements over the origin

null 42 Mar 18, 2023
Kepler is a vulnerability database and lookup store and API currently utilising National Vulnerability Database and NPM Advisories as data sources

Kepler — Kepler is a vulnerability database and lookup store and API currently utilising National Vulnerability Database and NPM Advisories as data so

Exein.io 101 Nov 12, 2022
Steals browser passwords and cookies and sends to webhook.

Browser-Stealer Steals browser passwords and cookies and sends to webhook. Donating Educational Purposes Only This code is made so you can learn from

RadonCoding 3 Sep 27, 2021
Xori is an automation-ready disassembly and static analysis library for PE32, 32+ and shellcode

Xori - Custom disassembly framework Xori is an automation-ready disassembly and static analysis library that consumes shellcode or PE binaries and pro

ENDGAME 712 Nov 28, 2022
🕵️‍♀️ Find, locate, and query files for ops and security experts ⚡️⚡️⚡️

Recon Find, locate, and query files for ops and security experts Key Features • How To Use • Download • Contributing • License Key Features Query with

Rusty Ferris Club 11 Dec 16, 2022
Semi-automatic OSINT framework and package manager

sn0int sn0int (pronounced /snoɪnt/) is a semi-automatic OSINT framework and package manager. It was built for IT security professionals and bug hunter

null 1.4k Dec 31, 2022
A Comprehensive Web Fuzzer and Content Discovery Tool

rustbuster A Comprehensive Web Fuzzer and Content Discovery Tool Introduction Check the blog post: Introducing Rustbuster — A Comprehensive Web Fuzzer

Francesco Soncina 467 Dec 26, 2022
A simple menu to keep all your most used one-liners and scripts in one place

Dama Desktop Agnostic Menu Aggregate This program aims to be a hackable, easy to use menu that can be paired to lightweight window managers in order t

null 47 Jul 23, 2022