{"id":13720839,"url":"https://github.com/ThreatResponse/margaritashotgun","last_synced_at":"2025-05-07T13:30:37.844Z","repository":{"id":48268610,"uuid":"65315497","full_name":"ThreatResponse/margaritashotgun","owner":"ThreatResponse","description":"Remote Memory Acquisition Tool ","archived":false,"fork":false,"pushed_at":"2020-09-22T15:58:11.000Z","size":196,"stargazers_count":241,"open_issues_count":13,"forks_count":50,"subscribers_count":17,"default_branch":"master","last_synced_at":"2024-11-09T10:15:58.260Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://www.threatresponse.cloud","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ThreatResponse.png","metadata":{"files":{"readme":"README.rst","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-08-09T17:39:44.000Z","updated_at":"2024-10-21T07:44:23.000Z","dependencies_parsed_at":"2022-09-26T21:11:18.650Z","dependency_job_id":null,"html_url":"https://github.com/ThreatResponse/margaritashotgun","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ThreatResponse%2Fmargaritashotgun","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ThreatResponse%2Fmargaritashotgun/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ThreatResponse%2Fmargaritashotgun/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ThreatResponse%2Fmargaritashotgun/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ThreatResponse","download_url":"https://codeload.github.com/ThreatResponse/margaritashotgun/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224604588,"owners_count":17339166,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-03T01:01:08.677Z","updated_at":"2024-11-14T10:30:36.586Z","avatar_url":"https://github.com/ThreatResponse.png","language":"Python","funding_links":[],"categories":["IR Tools Collection","IR tools Collection","事件响应工具","Synopsis","Incident Response tools"],"sub_categories":["Evidence Collection","事件证据搜集（取证）","Table of Contents","Evidence collection"],"readme":".. image:: https://travis-ci.org/ThreatResponse/margaritashotgun.svg?branch=master\n    :target: https://travis-ci.org/ThreatResponse/margaritashotgun\n\nMargarita Shotgun\n=================\n\nPython Remote Memory Aquisition\n\nDocumentation\n-------------\n\nRead the full documentation on `read the docs \u003chttps://margaritashotgun.readthedocs.io/en/latest/\u003e`__.\n\nQuickstart\n**********\n\nFor more information see the `user guide \u003chttps://margaritashotgun.readthedocs.io/en/latest/user_guide.html\u003e`__.\n\nInstallation\n~~~~~~~~~~~~\n\n``pip install margaritashotgun``\n\nMargarita Shotgun is supported on common linux distributions, for other operating systems use the `python docker container \u003chttps://hub.docker.com/_/python/\u003e`__ and follow our `installation guide \u003chttps://margaritashotgun.readthedocs.io/en/latest/installing.html#install-with-docker\u003e`__.\n\nSee `installing \u003chttps://margaritashotgun.readthedocs.io/en/latest/installing.html\u003e`__ for a list of required system packages.\n\nCapture A Single Machine\n************************\n\nA single machine can be captured using only the command line arguments for margaritashotgun.\nFirst specify the server and user with the ``--server`` and ``--username`` flags.\nNext provide a path to an ssh key with ``--key`` (or use a password with the ``--password`` flag).\nFinally provide a lime kernel module with ``--module`` and specify an output file with ``--filename``\n\n::\n\n   margaritashotgun --server 172.16.20.10 --username root --key root_access.pem --module lime-3.13.0-74-generic.ko --filename 172.16.20.10-mem.lime\n\nSave Memory In S3\n*****************\n\nTo save a file to s3 replace the ``filename`` flag with ``--bucket``.  Ensure that you have aws credentials configured prior to executing the following command.\n\n::\n\n   margaritashotgun --server 172.16.20.10 --username root --key root_access.pem --module lime-3.13.0-74-generic.ko --bucket memory_capture_bucket``\n\nCapture Multiple Machines\n*************************\n\nRun margaritashotgun with a configuration file like ``parallel_config.yml.example``\n\n.. code-block:: bash\n\n    aws:\n        bucket: memory_dump_example\n    hosts:\n        - addr:     52.36.191.XXX\n          port:     22\n          username: ec2-user\n          key:      access.pem\n          module:   lime-4.1.19-24.31.amzn1.x86_64.ko\n        - addr:     52.36.170.XXX\n          port:     22\n          username: ec2-user\n          key:      access.pem\n          module:   lime-4.1.19-24.31.amzn1.x86_64.ko\n        - addr:     52.36.210.XXX\n          port:     22\n          username: ubuntu\n          key:      dev.pem\n          module:   lime-3.13.0-74-generic.ko\n        - addr:     52.36.90.XXX\n          port:     22\n          username: ubuntu\n          key:      dev.pem\n          module:   lime-3.13.0-74-generic.ko\n    workers: 2\n\nHere parallelism is limited to 2 workers.\n\nRun the capture with:\n\n::\n\n   margaritashotgun --config your_custom_config.yml.\n\nLicense\n-------\n\nThe MIT License (MIT)\n\nCopyright (c) 2016 Joel Ferrier\n\nPermission is hereby granted, free of charge, to any person obtaining a\ncopy of this software and associated documentation files (the\n\"Software\"), to deal in the Software without restriction, including\nwithout limitation the rights to use, copy, modify, merge, publish,\ndistribute, sublicense, and/or sell copies of the Software, and to\npermit persons to whom the Software is furnished to do so, subject to\nthe following conditions:\n\nThe above copyright notice and this permission notice shall be included\nin all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS\nOR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\nMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.\nIN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY\nCLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,\nTORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\nSOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FThreatResponse%2Fmargaritashotgun","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FThreatResponse%2Fmargaritashotgun","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FThreatResponse%2Fmargaritashotgun/lists"}