{"id":28435369,"url":"https://github.com/kata198/findprocessesusing","last_synced_at":"2025-06-30T13:32:06.762Z","repository":{"id":57429630,"uuid":"41645695","full_name":"kata198/findProcessesUsing","owner":"kata198","description":"Scans all running applications on a host to identify those using a shared library, or an executable, or one of several.","archived":false,"fork":false,"pushed_at":"2017-06-11T06:06:11.000Z","size":35,"stargazers_count":2,"open_issues_count":0,"forks_count":2,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-06-01T00:45:49.960Z","etag":null,"topics":["files","find","libs","mappings","open","process","shared","using"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kata198.png","metadata":{"files":{"readme":"README.md","changelog":"Changelog","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-08-30T22:56:18.000Z","updated_at":"2024-04-26T10:52:24.000Z","dependencies_parsed_at":"2022-08-26T02:41:24.905Z","dependency_job_id":null,"html_url":"https://github.com/kata198/findProcessesUsing","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/kata198/findProcessesUsing","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kata198%2FfindProcessesUsing","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kata198%2FfindProcessesUsing/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kata198%2FfindProcessesUsing/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kata198%2FfindProcessesUsing/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kata198","download_url":"https://codeload.github.com/kata198/findProcessesUsing/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kata198%2FfindProcessesUsing/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":262783254,"owners_count":23363500,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["files","find","libs","mappings","open","process","shared","using"],"created_at":"2025-06-05T20:08:55.581Z","updated_at":"2025-06-30T13:32:06.751Z","avatar_url":"https://github.com/kata198.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# findProcessesUsing\nScans all running applications on a host to identify those using a shared library, or an executable, some other mapping, or an open file descriptor.\n\n\nThis application works on UNIX-derived systems (Linux, BSD, cygwin, etc). You can use it, for example, to scan for processes using a certain version of a shared library, or running under a certain interpreter. It can print a summarized view, or optionally print all matching mappings as well.\n\nThis application can also scan for open files, either fully qualified or partially qualified.\n\nThis could be paired with https://github.com/kata198/remote_copy_and_execute to do audits of running software/library usage across many machines on a network.\n\n\nYou must be root to scan all running processes, otherwise this will only scan that which is running under your current user.\n\n\nUsage\n-----\n\n\n\tUsage: findProcessesUsing (options) [search portion]\n\n\tSearches all running processes for those containing a given mapping, or an open file (with -f). \n\tMappings include running executables (like python), or a shared library, or a device.\n\n\tOptions:\n\n\t Modes:\n\n\t\t-m or --mappings       Scan for mappings (default)\n\t\t-c or --cwd            Scan for cwd\n\t\t-f or --files          Scan for open files instead of mappings. This should not be a symbolic link.\n\n\t Modifiers:\n\n\t\t-v or --verbose        Also print mapping lines containing the given pattern, or matched filenames when given -f.\n\t\t-e or --exact          Require exact match. Default is to allow partial matches\n\t\t-p or --pids-only      Only print pids, one per line\n\t\t-i or --ignore-case    Search case-insensitively. By default, case must be an exact match.\n\n\t\t--version              Print the version\n\t\t-h or --help           Display this message and quit\n\n\n\n\tNOTE: Multiple modes can be specified\n\n\n\tExamples: \n\tfindProcessesUsing libpython2.7             # Scan for any processes linking against anything containing \"libpython2.7\"\n\tfindProcessesUsing -f /var/lib/data.db      # Scan for any processes with an open handle to \"/var/lib/data.db\"\n\tfindProcessesUsing -f -c /mnt/otherdrive    # Scan for any process with a CWD or open file in \"/mnt/otherdrive\"\n\n\tIt is recommended to run this process as root, otherwise you are only able to scan your own processes.\n\n\nExample Usage\n-------------\n\nScan for mappings of libc\n\n\n\t]$ sudo findProcessesUsing libc | head -n 20 | tail -n5\n\tFound libc in 803 (john) [ -bash  ]\n\tFound libc in 1060 (john) [ /usr/lib/tracker/tracker-extract  ]\n\tFound libc in 1062 (www) [ /usr/bin/httpd  ]\n\tFound libc in 808 (frankl) [ /bin/sh /usr/bin/startx  ]\n\tFound libc in 1065 (frankl) [ /usr/lib/tracker/tracker-miner-user-guides  ]\n\n\nScan for any cwd or open file in \"/mnt/otherdrive\"\n\n\t]$ sudo findProcessesUsing -f -c /mnt/otherdrive\n\tFound /mnt/otherdrive {cwd=/mnt/otherdrive} in 2927 (tim) [ -/bin/bash  ]\n\tFound /mnt/otherdrive {cwd=/mnt/otherdrive} in 3943 (root) [ bash  ]\n\tFound /mnt/otherdrive {fd=3} in 19636 (root) [ vim z  ]\n\tFound /mnt/otherdrive {cwd=/mnt/otherdrive} in 19636 (root) [ vim z  ]\n\n\n\nScan for open file descriptor of pty\n\n\n\t]$ ./findProcessesUsing -f -v pty\n\n\tFound pty {fd=0,1,2,31} in 2384 (user1) [ /bin/bash  ]\n\n\t\t\t   0 = \"/dev/pty1\"\n\t\t\t   1 = \"/dev/pty1\"\n\t\t\t   2 = \"/dev/pty1\"\n\t\t\t  31 = \"/dev/pty1\"\n\n\tFound pty {fd=3} in 5732 (user1) [ SCREEN  ]\n\n\t\t\t   3 = \"/dev/pty0\"\n\n\tFound pty {fd=0,1,2} in 6184 (user1) [ screen  ]\n\n\t\t\t   0 = \"/dev/pty0\"\n\t\t\t   1 = \"/dev/pty0\"\n\t\t\t   2 = \"/dev/pty0\"\n\n\tFound pty {fd=0,1,2} in 5772 (user1) [ python  ]\n\n\t\t\t   0 = \"/dev/pty2\"\n\t\t\t   1 = \"/dev/pty2\"\n\t\t\t   2 = \"/dev/pty2\"\n\n\tFound pty {fd=0,1,2,31} in 6672 (user1) [ -bash  ]\n\n\t\t\t   0 = \"/dev/pty0\"\n\t\t\t   1 = \"/dev/pty0\"\n\t\t\t   2 = \"/dev/pty0\"\n\t\t\t  31 = \"/dev/pty0\"\n\n\tFound pty {fd=0,1,2,31} in 6072 (user1) [ /bin/bash  ]\n\n\t\t\t   0 = \"/dev/pty3\"\n\t\t\t   1 = \"/dev/pty3\"\n\t\t\t   2 = \"/dev/pty3\"\n\t\t\t  31 = \"/dev/pty3\"\n\n\tFound pty {fd=0,1,2,31} in 4796 (user1) [ /bin/bash  ]\n\n\t\t\t   0 = \"/dev/pty2\"\n\t\t\t   1 = \"/dev/pty2\"\n\t\t\t   2 = \"/dev/pty2\"\n\t\t\t  31 = \"/dev/pty2\"\n\nLibrary\n-------\n\nfindProcessesUsing is the frontend for the python library [ProcessMappingScanner](https://github.com/kata198/ProcessMappingScanner). If you want to use the findProcessesMapping functionality within your application, you may consider using that library directly in lieu of parsing findProcessesMapping's output.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkata198%2Ffindprocessesusing","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkata198%2Ffindprocessesusing","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkata198%2Ffindprocessesusing/lists"}