Skip to content
mXtract - Offensive Memory Extractor & Analyzer
Branch: master
Clone or download
Latest commit ed5198b Apr 15, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
img Added Proc info, env file scanning, bug fixes and quality of life upd… Mar 29, 2019
src Update arg.cpp Apr 11, 2019
.travis.yml Create .travis.yml Mar 25, 2019
LICENSE Add missing entry Apr 13, 2019
README.md Update README.md Apr 15, 2019
compile.sh Update compile.sh Mar 23, 2019
example_regexes.db Update example_regexes.db Mar 25, 2019

README.md

mXtract

Build Status License

mXtract is an opensource linux based tool that analyzes and dumps memory. It is developed as an offensive pentration testing tool, its primary purpose is to scan memory for private keys, ips, and passwords using regexes. Remember, your results are only as good as your regexes.

Screenshots

Screenshot

Scan with verbose and with a simple IP regex, scanning every data segment, displaying process info and scanning environment files. Screenshot

Scan with verbose and with a simple IP regex, scanning only heap and stack, displaying process info and scanning environment files. Screenshot

Scan without verbose, and with a simple IP regex, displaying process info and scanning environment files.

Why dump directly from memory?

In most linux environments users can access the memory of processes, this allows attackers to harvest credentials, private keys, or anything that isnt suppose to be seen but is being processed by a program in clear text.

Features

  • Ability to enter regex lists
  • Clear and Readable Display
  • Check if Memory Range is Writable with Current Permissions
  • Output in XML and HTML along with the default output (process name:result)
  • Ability to Mass Scan Every Proccess or a Specific PID
  • Able to choose memory sections to scan
  • Ability to Show Detailed Process Information
  • Ability to Scan Process Environment Files
  • Memory dumps automatically removes unicode characters which allows for processing with other tools or manually

Getting started

  1. Downloading: git clone https://github.com/rek7/mXtract
  2. Compiling: cd mXtract && sh compile.sh

This will create the directory bin/ and compile the binary as mxtract.

Commands

$ ./mxtract -h
           __  ___                  _     { V1.2 }
  _ __ ___ \ \/ / |_ _ __ __ _  ___| |_ 
 | '_ ` _ \ \  /| __| '__/ _` |/ __| __|
 | | | | | |/  \| |_| | | (_| | (__| |_ 
 |_| |_| |_/_/\_\\__|_|  \__,_|\___|\__|  https://github.com/rek7/mXtract
Usage: ./mxtract [args]
General:
        -v      Enable Verbose Output
        -s      Suppress Banner
        -h      Help
        -c      Suppress Colored Output
Target and Regex:
        -i      Show Detailed Process/User Info
        -a      Scan all Memory Ranges not just Heap/Stack
        -e      Scan Process Environment Files
        -w      Check if Memory Range is Writable
        -r=     Regex Database to Use
        -p=     Specify Single PID to Scan
Output:
        -x      Format Regex Results to XML
        -r      Format Regex Results to an HTML Document
        -wm     Write Raw Memory to File Default Directory is: 'pid/'
        -wi     Write Process Info to Beginning of File (Used in Conjunction with -wm)
        -wr     Write Regex Output to File (Will Appear in the Output Directory)
        -f=     Regex Results Filename Default is: 'regex_results.txt'
        -d=     Custom Ouput Directory
Either -r= or -wm needed

Example usage

$ ./mxtract -wm -wr -e -i -d=/tmp/output/ -r=example_regexes.db

Featured On:

You can’t perform that action at this time.