Thursday, August 27, 2020

VolExp - Volatility Explorer


This program allows the user to access a Memory Dump. It can also function as a plugin to the Volatility Framework (https://github.com/volatilityfoundation/volatility). This program functions similarly to Process Explorer/Hacker, but additionally it allows the user access to a Memory Dump (or access the real-time memory on the computer using Memtriage). This program can run from Windows, Linux and MacOS machines, but can only use Windows memory images.

Quick Start
  1. Download the volexp.py file (download the memtriage.py file as well and replace it with your memtriage.py file if you want to use memtriage https://github.com/gleeda/memtriage).
  2. Run as a standalone program or as a plugin to Volatility:
  • As a standalone program:
 python2 volexp
 python2 vol.py -f <memory file path> --profile=<memory profile> volexp

Some Features:
python2 memtriage.py --plugins=volexp
  • Some of the information display will not update in real time (except Processes info(update slowly), real time functions like struct analyzer, PE properties, run real time plugin, etc.).
  • The program also allows to view Loaded dll's, open handles and network connections of each process (Access to a dll's properties is also optional).
  • To present more information of a process, Double-Click (or Left-Click and select Properties) to bring up an information window.
  • Or present more information on any PE.
  • The program allows the user to view the files in the Memory Dump as well as their information. Additionally, it allows the user to extract those files (HexDump/strings view is also optional).
  • The program supports viewing of the Windows Objects and files's matadata (MFT).
  • The program also support viewing a regview of the memory dump
  • Additionally, the program supports struct analysis. (writing on the memory's struct, running Volatility functions on a struct is available). Example of getting all the load modules inside _EPROCESS struct in another struct analyzer window:
  • The Program is also capable of automatically marking suspicious processes found by another plugin. Example of a running threadmap plugin:
  • View memory use of a process.
  • Manually marking a certain process and adding a sidenote on it.
  • User's actions can be saved on a seperate file for later usage.

get help: https://github.com/memoryforensics1/VolExp/wiki/VolExp-help:






via KitPloit
This article is the property of Tenochtitlan Offensive Security. Verlo Completo --> https://tenochtitlan-sec.blogspot.com
Related articles

  1. Best Pentesting Tools 2018
  2. Hacking Tools For Beginners
  3. Pentest Tools Alternative
  4. Pentest Tools Subdomain
  5. Pentest Reporting Tools
  6. Hacking Tools Windows
  7. Hacking Tools Download
  8. Hak5 Tools
  9. Pentest Tools Linux
  10. Hacker Tools For Ios
  11. Pentest Tools Free
  12. Pentest Tools
  13. Hacker Tools For Windows
  14. Hacker Tools Hardware
  15. Pentest Tools For Ubuntu
  16. Pentest Box Tools Download
  17. Tools 4 Hack
  18. Pentest Tools Open Source
  19. Pentest Tools Kali Linux
  20. Hacking Tools For Kali Linux
  21. Hacking Tools Github
  22. Nsa Hack Tools Download
  23. World No 1 Hacker Software
  24. Hacking Tools For Mac
  25. Hacker Tools Linux
  26. Black Hat Hacker Tools
  27. Computer Hacker
  28. Hacker Tools List
  29. World No 1 Hacker Software
  30. Pentest Tools Review
  31. Hacking Tools Name
  32. Pentest Automation Tools
  33. Hack Tools
  34. Hak5 Tools
  35. How To Hack
  36. Hacker Tools For Windows
  37. Hacker Tools
  38. Hack Tools Pc
  39. Kik Hack Tools
  40. Pentest Tools For Windows
  41. Hacking Tools Windows 10
  42. Hacker Search Tools
  43. Hacker Tools Github
  44. Pentest Tools Open Source
  45. Hack Tools For Games
  46. How To Make Hacking Tools
  47. Hacking Tools 2020
  48. Hack App
  49. Hacker Tools
  50. Pentest Tools Windows
  51. Ethical Hacker Tools
  52. Hacker Tools Online
  53. Pentest Tools
  54. Hacking Tools Software
  55. Pentest Tools Kali Linux
  56. Hacking Tools Github
  57. Growth Hacker Tools
  58. Hacker Tool Kit
  59. Install Pentest Tools Ubuntu
  60. Pentest Tools Tcp Port Scanner
  61. Tools Used For Hacking
  62. Hack Tools Github
  63. Hack Tools Github
  64. How To Make Hacking Tools
  65. Kik Hack Tools
  66. Hack Tools Online
  67. Hacker Search Tools
  68. Hacking Tools Name
  69. Tools 4 Hack
  70. Pentest Tools Kali Linux
  71. Android Hack Tools Github
  72. Pentest Tools For Mac
  73. Hacking Tools Windows
  74. Underground Hacker Sites
  75. Pentest Tools Alternative
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)