{"id":13612451,"url":"https://github.com/Hestat/calamity","last_synced_at":"2025-04-13T11:32:20.799Z","repository":{"id":122501942,"uuid":"178971136","full_name":"Hestat/calamity","owner":"Hestat","description":" A script to assist in processing forensic RAM captures for malware triage","archived":false,"fork":false,"pushed_at":"2021-02-04T13:55:45.000Z","size":34,"stargazers_count":27,"open_issues_count":1,"forks_count":7,"subscribers_count":5,"default_branch":"master","last_synced_at":"2024-11-07T20:42:20.578Z","etag":null,"topics":["dfir","malware-analysis","memory-forensics","volatility"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Hestat.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2019-04-02T00:55:53.000Z","updated_at":"2024-08-12T19:47:31.000Z","dependencies_parsed_at":"2024-01-12T03:36:11.984Z","dependency_job_id":"10ce11fb-9260-446f-8292-48e8a928a5b1","html_url":"https://github.com/Hestat/calamity","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Hestat%2Fcalamity","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Hestat%2Fcalamity/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Hestat%2Fcalamity/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Hestat%2Fcalamity/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Hestat","download_url":"https://codeload.github.com/Hestat/calamity/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248705823,"owners_count":21148601,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dfir","malware-analysis","memory-forensics","volatility"],"created_at":"2024-08-01T20:00:30.100Z","updated_at":"2025-04-13T11:32:15.784Z","avatar_url":"https://github.com/Hestat.png","language":"Shell","funding_links":[],"categories":["Analysis Tools"],"sub_categories":[],"readme":"## Calamity\n\n```\n================================================================================\n\n      ========================= Calamity =========================\n\nA script to assist in processing forensic RAM captures for malware triage\n\nRun the script with no options and it will run in guided mode prompting the\nuser to choose options as required\n\nIf you already know the correct volatility memory profile you can use the\nfollowing options\n -f, --filepath  provide the complete filepath to the RAM memory dump\n -p, --profile   provide the memory profile you want volatility to use\n -s, --scan      will run all scans and prompt user as required\n -q, --quick     will run a quick scan for malware, no user input required to complete\n -c, --config    same as quickscan but will try to extract malware configurations as well\n\nExample:\ncalamity -f /home/user/memory.dmp -p Win10x64_10586 -s\n\ncalamity --fullpath /home/user/memory.dmp --profile Win10x64_10586 --scan\n\n================================================================================\n\n```\nFull walkthrough and writeup:\nhttps://laskowski-tech.com/2019/05/18/calamity-a-volatility-script-to-aid-malware-triage/\n\n\nOriginal inspiration to Volatility Labs writeup in this article:\nhttps://volatility-labs.blogspot.com/2016/08/automating-detection-of-known-malware.html\n\nWhich led me to write up my version:\nhttps://laskowski-tech.com/2019/02/18/volatility-workflow-for-basic-incident-response/\n\nWhich led to this project. Good Hunting.\n\nInstall instructions:\n\nOn base system (has been tested for Ubuntu, Kali)\n\n```\ngit clone https://github.com/Hestat/calamity.git\ncd calamity\nsudo ./install.sh\n```\n\nDocker option:\n\n```\ndocker pull hestat/calamity\n\ndocker run --rm -it -v ~/memory-dumps:/home/nonroot/memdumps hestat/calamity:latest bash\n```\n\nThe /memory-dumps folder is where the memory images reside on the host OS, you will be dropped into a bash shell in the home directory of the nonroot user with a folder called memdumps which is mapped to the folder on the host OS. \n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FHestat%2Fcalamity","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FHestat%2Fcalamity","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FHestat%2Fcalamity/lists"}