mXtract

An open source Linux based tool that analyzes and dumps memory. It is developed as an offensive penetration testing tool, which is used to scan memory for private keys, ips, and passwords using regexes. Remember, your results are only as good as your regexes.

Why dump directly from memory?

In most Linux environments users can access the memory of processes, this allows attackers to harvest credentials, private keys, or anything that isn’t supposed to be seen but is being processed by a program in clear text.

Features

• Ability to enter regex lists
• Clear and Readable Display
• Ability to Mass Scan Every Process or a Specific PID
• Able to choose memory sections to scan
• Memory dumps automatically removes Unicode characters which allows for processing with other tools or manually

Changelog v1.1

• Fixed bugs & Increased readability of tool

Install

git clone https://github.com/rek7/mXtract.git
sh compile.sh

Use

 -v      Enable Verbose Output

        -s      Suppress Banner

        -h      Help

        -c      suppress colored output

        -r=     Regex DB

        -a      Scan all memory ranges not just heap/stack

        -w      Write raw memory to file Default directory is pid/

        -o      Write regex output to file

        -d=     Custom Ouput Directory

        -p=     Specify single pid to scan

        Either -r= or -w needed

Scan with verbose and with a simple IP regex, scanning every data segment.

Scan with verbose and with a simple IP regex, scanning only heap and stack.

Scan without verbose, and with a simple IP regex.

Copyright (C) 2019 rek7

Source: https://github.com/rek7/