MXtract – Memory Extractor & Analyser

MXtract is an opensource Linux based tool that analyses and dumps memory. Its developed as an offensive pentration testing tool which can be used to scan memory for private keys, IP, and passwords using regexes. Remember your results are only as good as your regexes.

In most Linux environments users can access the memory of processes, this allows attackers to harvest credentials, private keys, or anything that isn’t suppose to be seen but is being processed by a program in clear text.

Also Read – DNSDmpstr : Unofficial API & Client for DnsDumpster & HackerTarget

Features

  • Ability to enter regex lists
  • Clear and Readable Display
  • Ability to Mass Scan Every Proccess or a Specfic PID
  • Able to choose memory sections to scan
  • Memory dumps automatically removes unicode characters which allows for processing with other tools or manually

Getting started

Compiling: g++ -std=c++11 -O2 src/main.cpp -o mxtract

Commands

-v Enable Verbose Output
-s Suppress Banner
-h Help
-c suppress colored output
-r= Regex DB
-a Scan all memory ranges not just heap/stack
-w Write raw memory to file Default directory is pid/
-o Write regex output to file
-d= Custom Ouput Directory
-p= Specify single pid to scan
Either -r= or -w needed

Screenshots

Scan with verbose and with a simple IP regex, scanning every data segment. 

Scan with verbose and with a simple IP regex, scanning only heap and stack.

Scan without verbose, and with a simple IP regex.

R K

Recent Posts

ModTask – Task Scheduler Attack Tool

ModTask is an advanced C# tool designed for red teaming operations, focusing on manipulating scheduled…

13 hours ago

HellBunny : Advanced Shellcode Loader For EDR Evasio

HellBunny is a malleable shellcode loader written in C and Assembly utilizing direct and indirect…

13 hours ago

SharpRedirect : A Lightweight And Efficient .NET-Based TCP Redirector

SharpRedirect is a simple .NET Framework-based redirector from a specified local port to a destination…

13 hours ago

Flyphish : Mastering Cloud-Based Phishing Simulations For Security Assessments

Flyphish is an Ansible playbook allowing cyber security consultants to deploy a phishing server in…

2 days ago

DeLink : Decrypting D-Link Firmware Across Devices With A Rust-Based Library

A crypto library to decrypt various encrypted D-Link firmware images. Confirmed to work on the…

2 days ago

LLM Lies : Hallucinations Are Not Bugs, But Features As Adversarial Examples

LLMs (e.g., GPT-3.5, LLaMA, and PaLM) suffer from hallucination—fabricating non-existent facts to cheat users without…

2 days ago