9 个仓库
Tools that use predefined data structures to format and export raw memory regions.
Distinct from Binary Memory Dumping: Distinct from raw binary dumping: uses Python ctypes to apply structure and formatting to the dump.
Explore 9 awesome GitHub repositories matching operating systems & systems programming · Structured Memory Dumping. Refine with filters or upvote what's useful.
GEF is a Python-based extension for GDB that serves as a framework for binary analysis, exploit development, and low-level debugging. It functions as a dynamic analysis extension designed to assist in reverse engineering workflows and malware analysis by enhancing the debugger's ability to inspect process state and memory. The project is distinguished by its specialized heap analysis tools, which allow for the inspection of glibc heap arenas, bins, and chunks to detect memory corruption. It also provides a dedicated toolkit for exploit development, including cyclic pattern generation for offs
Applies Python ctypes structures to memory addresses to dump and edit formatted binary data.
gops 是一个命令行诊断工具集,用于监控、分析和管理活跃 Go 应用的运行时状态。它作为一个运行时诊断工具,提供了一个专注的界面,用于分析内存、分析性能和监控运行进程的健康状况。 该工具提供了一组专门的实用程序,包括用于捕获 CPU 和堆分析文件的性能分析器、用于识别泄漏并触发垃圾回收的内存分析器,以及用于发现运行中的二进制文件并可视化进程层次结构的进程监控器。 该项目涵盖了广泛的诊断功能,包括运行时执行追踪、堆栈跟踪捕获和资源使用采样。它还包括用于进程元数据检查、二进制路径解析以及监控线程数和内存统计等运行时指标的系统工具。
Reports current Go memory and runtime statistics, including active concurrent execution threads, to assess resource allocation.
本项目是一个全面的 Android 逆向工程套件,具有反编译器、字节码去混淆器和恶意软件分析工具的功能。它旨在将 APK、DEX 和 OAT 二进制文件转换为人类可读的源代码,并使用无需 Java 虚拟机 (JVM) 的原生实现。 该平台通过与 Frida 集成进行动态分析而脱颖而出,允许用户实时挂钩方法、注入自定义 JavaScript 并转储设备内存。它还具有专门的安全引擎,包括污点传播引擎和栈状态机,以检测隐私泄露、恶意行为和安全漏洞。 该套件涵盖了广泛的分析功能,包括二进制补丁和重打包、交叉引用依赖映射和数据流分析。它提供了用于软件加壳识别、加密字符串解码以及跨应用程序资源进行全局元数据搜索的工具。 该工具提供命令行界面,并支持通过自定义 Python 或 Java 脚本进行分析自动化。
Extracts active modules from a running process's memory to recover the original binary code.
本项目是一个红队知识库和进攻性安全手册,旨在模拟对手行为。它作为技术指南和战术的综合集合,用于执行红队行动。 该存储库提供了 Active Directory 渗透测试的详细说明,包括 Kerberos 滥用和域权限提升。它涵盖了通过 API 解钩 (unhooking) 和载荷混淆进行的防御规避,以及涉及内核对象和系统内存操作的 Windows 内部研究。 功能范围扩展到网络渗透测试、恶意软件分析与工程,以及进攻性安全基础设施的部署。它还包括在企业环境中进行横向移动、持久化和数据外泄的方法。
Provides methods for extracting plaintext passwords and hashes directly from active process memory.
Meltdown 是一组软件工具,旨在绕过内核地址随机化并转储物理内存,以利用硬件级安全漏洞。它作为 Meltdown 硬件漏洞的概念验证,能够读取受影响处理器上的受保护内核内存。 该工具提供了识别直接物理映射的秘密随机化偏移量以定位内核内存的功能。它还包括将大段物理内存导出为十六进制转储格式的功能,用于恢复敏感字符串和密码。 该项目涵盖通过内核偏移计算和物理内存泄漏进行的内存分析。它还包括测量从物理内存泄漏的数据的准确性和一致性的能力,以验证硬件漏洞的可靠性。
Exports large segments of physical memory into hexdump format for the recovery of strings and passwords.
MimiPenguin 是一个 Linux 内存凭据提取和密码恢复工具,旨在从活动进程内存中隔离并检索明文用户登录密码。它作为一种后渗透工具,用于在安全评估期间从桌面用户会话中提取敏感凭据。 该工具通过分析系统进程内存来识别和隔离凭据,从而执行 Linux 内存取证。它用于安全渗透测试、评估与基于内存的攻击相关的风险,以及测试本地权限提升。 该系统通过转储运行中进程的虚拟内存来定位用户会话内存。它利用基于模式的内存扫描、启发式密码识别和明文凭据隔离,从二进制数据中区分出潜在的密码。
Extracts sensitive credentials from active process memory using specialized loaders.
x-cmd is an AI agent orchestrator, cloud infrastructure CLI, and cross-platform package manager that provides an enhanced POSIX shell toolkit. It integrates large language models directly into the terminal for chatting, code generation, and the execution of agentic workflows, while offering a framework for building interactive terminal user interface components. The project distinguishes itself by deploying containerized AI agents within isolated sandboxes, provisioning them with specialized skills and headless browser automation capabilities. It further streamlines development through a unif
Converts system memory statistics into structured formats for programmatic use.
BloodHound is an identity risk management platform and graph-based attack path analyzer used to map identity relationships and permissions in Active Directory. It functions as a security tool for auditing directory services, uncovering unintended privilege relationships, and visualizing sequences of permissions that can lead to domain compromise. The project differentiates itself as a comprehensive adversary emulation framework that coordinates remote agents and executes post-exploitation commands. It includes a reverse proxy for bypassing multi-factor authentication via real-time session hij
Extracts credentials and sensitive data from active process memory using in-memory loaders.
Mimikatz is a Windows post-exploitation framework designed for extracting plaintext passwords, hashes, PIN codes, and security tokens from system memory and the registry. It functions as a credential extraction tool that targets the Local Security Authority Subsystem Service to retrieve cached credentials and sensitive account data. The project provides specialized capabilities for Active Directory penetration testing, including the simulation of domain controllers to replicate directory secrets. It features a Kerberos ticket manipulator capable of exporting, injecting, and forging authentica
Reads process memory directly to extract sensitive credentials stored by the local security authority.