Forensics / Post Exploitation

swap_digger: automate Linux swap analysis

by do son · Published August 30, 2017 · Updated November 4, 2024

swap_digger

swap_digger is a bash script used to automate Linux swap analysis for post-exploitation or forensic purpose. It automates swap extraction and searches for Linux user credentials, Web form credentials, Web form emails, HTTP basic authentication, WiFi SSID, and keys, etc.

Download and run the tool

On your machine

Use the following commands to download and run the script on your machine:

alice@1nvuln3r4bl3:~$ git clone https://github.com/sevagas/swap_digger.git

alice@1nvuln3r4bl3:~$ cd swap_digger

alice@1nvuln3r4bl3:~$ chmod +x swap_digger.sh

alice@1nvuln3r4bl3:~$ sudo ./swap_digger.sh -vx

On a mounted hard drive

To use swap_digger on a mounted hard drive, do the following:

First, download the script using the following commands:

alice@1nvuln3r4bl3:~$ git clone https://github.com/sevagas/swap_digger.git

alice@1nvuln3r4bl3:~$ cd swap_digger

alice@1nvuln3r4bl3:~$ chmod +x swap_digger.sh

Then, find the target swap file/partition with:

Finally, analyze the target by running: