mXtract – Offensive Memory Extractor & Analyzer

mXtract is an opensource linux based tool that analyzes and dumps memory. It is developed as an offensive pentration testing tool, its primary purpose is to scan memory for private keys, ips, and passwords using regexes. Remember, your results are only as good as your regexes.

In most linux environments users can access the memory of processes, this allows attackers to harvest credentials, private keys, or anything that is not supposed to be seen but is being processed by a program in clear text.

mXtract - Offensive Memory Extractor & Analyzer
mXtract – Offensive Memory Extractor & Analyzer

Currently this tool support the following features:

  • Ability to enter regex lists
  • Clear and Readable Display
  • Check if Memory Range is Writable with Current Permissions
  • Output in XML and HTML along with the default output (process name:result)
  • Ability to Mass Scan Every Proccess or a Specific PID
  • Able to choose memory sections to scan
  • Ability to Show Detailed Process Information
  • Ability to Scan Process Environment Files
  • Memory dumps automatically removes unicode characters which allows for processing with other tools or manually

The tool can be part of a penetration testing program or part of an incident response process to make a forensics of sensitive data.

You can read more and download this tool over here: https://github.com/rek7/mXtract

Share