This tool is developed in Go language and is currently in active development. It may eventually evolve into a complete penetration testing tool.
Tool requirements
This tool is developed in Go language, so we first need to install and configure the Go language environment on the local device. Next, researchers can use the following command to clone the source code of this project to the local machine:
git clone https://github.com/liamg/dismember.git
or directly access the project's【Releases page】Download the latest version of the Dismember code and add it to the environment variable PATH.
Tool commands
This tool can use the grep command to match regular expressions in all memory for all (accessible) processes, which can be used to find sensitive data in memory, identify processes based on the content contained in memory, or query the memory of processes to obtain interesting information. The scan command includes many built-in patterns and can effectively act as a sensitive data scanner for machine memory.
Dismember can be used to search the memory of all processes it accesses, so running it as root is the most effective method. In addition, this tool also provides features such as process enumeration, process status acquisition, process information collection, and drawing process trees.
Main commands
Command | Description |
grep | Search for process memory data based on a given string or regular expression |
scan | Search for process memory data based on predefined sensitive data patterns |
Utility tool commands
Command | Description |
files | Display the list of files accessible by the process |
find | Search for the PID of a given process name, and return the first match if multiple processes are found |
info | Display relevant information about the target process |
kernel | Display kernel information |
kill | Terminate the execution of one or more processes using SIGKILL |
list | Enumerate all processes in the target system |
resume | Resume suspended processes using SIGCONT |
suspend | Suspend a process using SIGSTOP |
tree | Display the process tree of a process and all its child processes |
Tool usage
Search for a pattern match in the target process by PID
Search for memory information in process 1234 (PID):
dismember grep -p 1234 'the password is .*'
Search for a pattern match in the target process by process name
Search for memory-related information of process 'nginx':
dismember grep -n nginx 'username=liamg&password=.*'
Search for a pattern match in all processes
Search for GitHub API tokens in all processes:
dismember grep 'gh[pousr]_[0-9a-zA-Z]{36}'Search for sensitive information in the memory of all processes
Search for common sensitive information in the memory of all accessible processes:
dismember scan
Tool usage demonstration
license agreement
The development and release of this project followMITOpen source license agreement.
Project address
Dismember:【GitHub link】
评论已关闭