Advanced Security Testing Tool for Scheduled Tasks
TaskThief is a sophisticated security tool for active testing of scheduled tasks and cron jobs on Linux systems. It helps identify and evaluate misconfigurations in task schedulers that could lead to privilege escalation or persistent backdoors.
๐ Discover โ ๐ก๏ธ Analyze โ ๐งช Test โ ๐ Report
| Feature | Description |
|---|---|
| ๐ Enhanced Discovery | Systematically detects all scheduled tasks, including hidden ones in udev rules, systemd units, and more |
| ๐ก๏ธ Configuration Analysis | Evaluates settings against security best practices to identify potential vulnerabilities |
| ๐งช Simulated Attacks | Performs controlled modifications to test for privilege escalation vectors |
| ๐ Comprehensive Reporting | Generates detailed HTML and text reports with actionable recommendations |
| ๐ Advanced Logging | Configurable logging levels with enhanced backup and restore mechanisms |
| ๐ Smart Privilege Handling | Intelligently manages root access requirements for operations |
| ๐งฉ Modular Architecture | Easily extensible with additional modules for other schedulers |
| โจ๏ธ CLI Support | Run specific operations directly from the command line |
- Bash 4.0 or higher
- Linux operating system
- Root privileges for full functionality (can be provided via sudo)
# Clone the repository
git clone https://github.com/reschjonas/TaskThief.git
# Navigate to the directory
cd TaskThief
# Make the script executable
chmod +x taskthief.sh
# Run TaskThief
./taskthief.sh๐ Automatic Discovery [Requires Root]
โข Identifies cron jobs, systemd timers, AT jobs, and anacron jobs
โข Discovers hidden scheduled tasks like udev rules, startup scripts, and more
โข Gathers detailed information about each scheduled task
๐ก๏ธ Configuration Analysis [Requires Root]
โข Analyzes cron jobs and systemd timers for security issues
โข Checks for permission problems in configuration files
โข Identifies weak configurations that could be exploited
๐งช Task Manipulation [Requires Root]
โข Tests cron job hijacking by attempting controlled modifications
โข Tests systemd timer manipulation to identify privilege escalation vectors
โข Demonstrates how an attacker might create persistent backdoors
๐ Reporting
โข Generates comprehensive HTML or text reports
โข Provides detailed findings and recommendations
โข Exports results for documentation purposes
./taskthief.sh [OPTION]| Option | Description |
|---|---|
-h, --help |
Display help message |
-v, --version |
Display version information |
-d, --discover |
Run full discovery immediately |
-a, --analyze |
Run full analysis immediately |
-r, --report |
Generate a full report immediately |
TaskThief automatically detects when root privileges are required and offers options to:
- Continue without root privileges (limited functionality)
- Restart with sudo to gain full functionality
- Exit the application
For critical operations that require root access, TaskThief will prompt you to elevate privileges when needed.
| Level | Description |
|---|---|
DEBUG |
Most verbose, logs all operations |
INFO |
Standard information (default) |
WARNING |
Only logs warnings and errors |
ERROR |
Only logs errors |
NONE |
Disables logging |
Configure logging in the Settings menu or by editing the config file.
TaskThief is designed for legitimate security testing and educational purposes. When using this tool:
- โ Always ensure you have proper authorization to test the target systems
- โ Use in a controlled environment when possible
- โ Backup important files before running manipulation tests
- โ Review all findings and manipulations carefully
The tool performs active testing that modifies system files to demonstrate vulnerabilities. You should use this tool cautiously and only on systems you are authorized to test.
This project is licensed under the MIT License - see the LICENSE.md file for details.
Developed as a penetration testing tool for identifying vulnerabilities in scheduled task systems.