{"id":13612443,"url":"https://github.com/carlospolop/autoVolatility","last_synced_at":"2025-04-13T11:32:18.690Z","repository":{"id":104205313,"uuid":"131433717","full_name":"carlospolop/autoVolatility","owner":"carlospolop","description":"Run several volatility plugins at the same time","archived":false,"fork":false,"pushed_at":"2022-10-27T11:49:26.000Z","size":9,"stargazers_count":114,"open_issues_count":1,"forks_count":26,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-04-04T20:08:10.483Z","etag":null,"topics":["default-autovolatility","volatility","volatility-plugins"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/carlospolop.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2018-04-28T18:21:08.000Z","updated_at":"2025-04-01T17:04:43.000Z","dependencies_parsed_at":"2023-07-16T04:56:15.078Z","dependency_job_id":null,"html_url":"https://github.com/carlospolop/autoVolatility","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/carlospolop%2FautoVolatility","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/carlospolop%2FautoVolatility/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/carlospolop%2FautoVolatility/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/carlospolop%2FautoVolatility/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/carlospolop","download_url":"https://codeload.github.com/carlospolop/autoVolatility/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248705811,"owners_count":21148600,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["default-autovolatility","volatility","volatility-plugins"],"created_at":"2024-08-01T20:00:29.935Z","updated_at":"2025-04-13T11:32:13.681Z","avatar_url":"https://github.com/carlospolop.png","language":"Python","readme":"# AutoVolatility\n\nAutoVolatility is a script made to run several volatility plugins at the same time\n\n## How to use\n\nAutoVolatility will create a new folder in the output directory for each plugin executed.\n\nYou can run the \"main\" volatility plugins doing\n\n```python\npython autoVolatility.py -f MEMFILE -d OUT_DIRECTORY\n``` \n\nBe default autoVolatility tries to execute `volatility`. If you do not have volatility executable in path or with this name, you can set where your volatility executable is using the option `-e`\n\n```python\npython autoVolatility.py -f MEMFILE -d OUT_DIRECTORY -e /home/user/tools/volatility/vol.py\n```\n\nAutoVolatility will use the plugin \"imageinfo\" to figure out the profile to use. But if you know the profile, you can set it using the option `-p`\n\n```python\npython autoVolatility.py -f MEMFILE -d OUT_DIRECTORY -p WinXPSP2x86\n```\n\nIf you want to run almos all the default plugins that comes with volatility you can use the option `-a`\n\n```python\npython autoVolatility.py -f MEMFILE -d OUT_DIRECTORY -a\n```\n\nBy default autoVolatility uses 8 threads, but you can change it with the option `-t`\n\n```python\npython autoVolatility.py -f MEMFILE -d OUT_DIRECTORY -t 16 # 16 threads\n```\n\nIf want autoVolatility to run other plugins, you can do so using the option `-c`\n\n```python\npython autoVolatility.py -f MEMFILE -d OUT_DIRECTORY -c amcache,auditpol,cachedump,clipboard,cmdline,cmdscan # Only these plugins will be executed\n```\n\nThe plugins executed by default are:\n\n```python\n\ndump_plugins = [\"dumpcerts\", \"dumpregistry\", \"dumpfiles\", \"dumpregistry\"]\n\nplugins = [\"amcache\", \"auditpol\", \"cachedump\", \"clipboard\", \"cmdline\", \"cmdscan\", \"connections\", \"connscan\", \"consoles\", \"deskscan\", \"devicetree\", \"dlllist\",\n            \"envars\", \"getservicesids\", \"handles\", \"hashdump\", \"hibinfo\", \"hivelist\", \"hivescan\", \"iehistory\", \"ldrmodules\", \"lsadump\", \"malfind\", \"mbrparser\", \"memmap\", \"mftparser\", \"modules\", \"notepad\", \n            \"privs\", \"pslist\", \"psscan\", \"pstree\", \"psxview\", \"qemuinfo\", \"servicediff\", \"sessions\", \"sockets\", \"sockscan\", \"ssdt\", \"strings\", \"svcscan\", \"symlinkscan\", \"thrdscan\", \"verinfo\", \"windows\", \"wintree\"]\n```\n\nThe plugins executed using the option `-a` are:\n\n```python\ndump_plugins = [\"dumpcerts\", \"dumpregistry\", \"dumpfiles\", \"dumpregistry\"]\n\n\nplugins_all = [\"amcache\", \"apihooks\", \"atoms\", \"atomscan\", \"auditpol\", \"bigpools\", \"bioskbd\", \"cachedump\", \"callbacks\", \"clipboard\", \"cmdline\", \"cmdscan\", \"connections\", \"connscan\", \"consoles\", \"crashinfo\",\n                \"deskscan\", \"devicetree\", \"dlldump\", \"dlllist\", \"driverirp\", \"drivermodule\", \"driverscan\", \"editbox\", \"envars\", \"eventhooks\", \"evtlogs\", \"filescan\", \n                \"gahti\", \"gditimers\", \"gdt\", \"getservicesids\", \"getsids\", \"handles\", \"hashdump\", \"hibinfo\", \"hivelist\", \"hivescan\", \"hpakextract\", \"hpakinfo\", \"idt\", \"iehistory\", \"imagecopy\", \"imageinfo\",\n                \"joblinks\", \"kdbgscan\", \"kpcrscan\", \"ldrmodules\", \"lsadump\", \"malfind\", \"mbrparser\", \"memdump\", \"memmap\", \"messagehooks\", \"mftparser\", \"moddump\", \"modscan\", \"modules\", \"multiscan\", \"mutantscan\",\n                \"notepad\", \"objtypescan\", \"patcher\", \"printkey\", \"privs\", \"procdump\", \"pslist\", \"psscan\", \"pstree\", \"psxview\", \"qemuinfo\", \"raw2dmp\", \"screenshot\", \"servicediff\", \"sessions\", \"shellbags\", \"shimcache\",\n                \"shutdowntime\", \"sockets\", \"sockscan\", \"ssdt\", \"strings\", \"svcscan\", \"symlinkscan\", \"thrdscan\", \"threads\", \"timeliner\", \"timers\", \"truecryptmaster\", \"truecryptpassphrase\", \"truecryptsummary\",\n                \"unloadedmodules\", \"userassist\", \"userhandles\", \"vaddump\", \"vadinfo\", \"vadtree\", \"vadwalk\", \"vboxinfo\", \"verinfo\", \"vmwareinfo\", \"windows\", \"wintree\", \"wndscan\"]\n\n\n```\n","funding_links":[],"categories":["Analysis Tools","Forensics"],"sub_categories":["Volatility"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcarlospolop%2FautoVolatility","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcarlospolop%2FautoVolatility","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcarlospolop%2FautoVolatility/lists"}