Kali Linux

Dismember : Scan Memory For Secrets And More

Dismember is a command-line toolkit for Linux that can be used to scan the memory of all processes (or particular ones) for common secrets and custom regular expressions, among other things.

It will eventually become a full /proc toolkit.

Using the grep command, it can match a regular expression across all memory for all (accessible) processes. This could be used to find sensitive data in memory, identify a process by something included in its memory, or to interrogate a processes’ memory for interesting information.

There are many built-in patterns included via the scan command, which effectively works as a secret scanner against the memory on your machine.

Dismember can be used to search memory of all processes it has access to, so running it as root is the most effective method.

Commands are also included to list processes, explore process status and related information, draw process trees, and more…

Main Commands

CommandDescription
grepSearch process memory for a given string or regex
scanSearch process memory for a set of predefined secret patterns

Utility Commands

CommandDescription
filesShow a list of files being accessed by a process
findFind a PID given a process name. If multiple processes match, the first one is returned.
infoShow information about a process
kernelShow information about the kernel
killKill a process (or processes) using SIGKILL
listList all processes currently available on the system
resumeResume a suspended process using SIGCONT
suspendSuspend a process using SIGSTOP (use ‘dismember resume’ to leave suspension)
treeShow a tree diagram of a process and all children (defaults to PID 1).

Installation

Grab a binary from the latest release and add it to your path.

Usage Examples

Search for a pattern in a process by PID

# search memory owned by process 1234
dismember grep -p 1234 'the password is .*'

Search for a pattern in a process by name

# search memory owned by processes named "nginx" for a login form submission
dismember grep -n nginx 'username=liamg&password=.*'

Search for a pattern across all processes

# find a github api token across all processes
dismember grep 'gh[pousr]_[0-9a-zA-Z]{36}'

Search for secrets in memory across all processes

# search all accessible memory for common secrets
dismember scan
R K

Recent Posts

Install Anaconda on Ubuntu 18.04: Python Data Science Setup Guide

Anaconda is the most widely used Python distribution for data science and machine learning. It bundles…

19 hours ago

Install WordPress on Ubuntu 18.04 with Nginx and PHP 7.2

WordPress is the most popular open-source CMS in the world, powering over 40% of all websites…

20 hours ago

Install Magento 2 on Ubuntu 18.04 with Composer and Nginx

Magento is an enterprise-class, open-source e-commerce platform written in PHP. It is built for merchants who…

20 hours ago

Install WildFly on Ubuntu 18.04: Java App Server Setup Guide

Install WildFly on Ubuntu 18.04: Java App Server Setup GuideWildFly (formerly JBoss) is an open-source,…

20 hours ago

Install OpenCart on Ubuntu 18.04 with Nginx and PHP 7.2

OpenCart is a free, open-source PHP e-commerce platform used by hundreds of thousands of merchants worldwide.…

20 hours ago

Install Drupal on Ubuntu 18.04 with Composer, Nginx, and PHP

Drupal is one of the most widely used open-source CMS platforms in the world. Written in…

2 days ago