MXtract is an opensource linux based tool that analyzes and dumps memory. It is developed as an offensive pentration testing tool, its primary purpose is to scan memory for private keys, ips, and passwords using regexes.
Remember, your results are only as good as your regexes.
Why dump directly from memory?
In most linux environments users can access the memory of processes, this allows attackers to harvest credentials, private keys, or anything that isnt suppose to be seen but is being processed by a program in clear text.
Also Read – Darksplitz : Exploit Framework
Features
Getting started
Downloading: git clone https://github.com/rek7/mXtract
Compiling: cd mXtract && sh compile.sh
This will create the directory bin/ and compile the binary as mXtract
Commands
General:
-v Enable Verbose Output
-s Suppress Banner
-h Help
-c Suppress Colored Output
Target and Regex:
-i Show Detailed Process/User Info
-a Scan all Memory Ranges not just Heap/Stack
-e Scan Process Environment Files
-w Check if Memory Range is Writable
-r= Regex Database to Use
-p= Specify Single PID to Scan
Output:
-x Format Regex Results to XML
-r Format Regex Results to an HTML Document
-wm Write Raw Memory to File Default Directory is: ‘pid/’
-wi Write Process Info to Beginning of File (Used in Conjunction with -wm)
-wr Write Regex Output to File (Will Appear in the Output Directory)
-f= Regex Results Filename Default is: ‘regex_results.txt’
-d= Custom Ouput Directory
Screenshot
Scan with verbose and with a simple IP regex, scanning every data segment, displaying process info and scanning environment files.
Scan with verbose and with a simple IP regex, scanning only heap and stack, displaying process info and scanning environment files.
Scan without verbose, and with a simple IP regex, displaying process info and scanning environment files.
Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…
This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…
GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…
Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…
The free and open-source security platform SecHub, provides a central API to test software with…
Don't worry if there are any bugs in the tool, we will try to fix…