{"id":13575074,"url":"https://github.com/liamg/dismember","last_synced_at":"2025-04-05T05:06:25.901Z","repository":{"id":39982572,"uuid":"506762635","full_name":"liamg/dismember","owner":"liamg","description":":knife: Scan memory for secrets and more. Maybe eventually a full /proc toolkit.","archived":false,"fork":false,"pushed_at":"2022-07-27T12:37:40.000Z","size":737,"stargazers_count":645,"open_issues_count":0,"forks_count":53,"subscribers_count":9,"default_branch":"main","last_synced_at":"2025-03-29T04:07:22.315Z","etag":null,"topics":["ctf","linux","memory","proc","secret-scanner"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/liamg.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null},"funding":{"github":["liamg"]}},"created_at":"2022-06-23T19:14:12.000Z","updated_at":"2025-03-18T02:40:53.000Z","dependencies_parsed_at":"2022-07-13T12:20:34.494Z","dependency_job_id":null,"html_url":"https://github.com/liamg/dismember","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/liamg%2Fdismember","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/liamg%2Fdismember/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/liamg%2Fdismember/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/liamg%2Fdismember/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/liamg","download_url":"https://codeload.github.com/liamg/dismember/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247289427,"owners_count":20914464,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ctf","linux","memory","proc","secret-scanner"],"created_at":"2024-08-01T15:00:58.013Z","updated_at":"2025-04-05T05:06:25.886Z","avatar_url":"https://github.com/liamg.png","language":"Go","readme":"# :hocho: Dismember\n\nDismember is a command-line toolkit for Linux that can be used to scan the memory of all processes (or particular ones) for common secrets and custom regular expressions, among other things.\n\nIt will eventually become a full `/proc` toolkit.\n\n![A gif showing dismember finding credentials from the memory of a browser](demo.gif)\n\nUsing the `grep` command, it can match a regular expression across all memory for all (accessible) processes. This could be used to find sensitive data in memory, identify a process by something included in its memory, or to interrogate a processes' memory for interesting information.\n\nThere are many built-in patterns included via the `scan` command, which effectively works as a secret scanner against the memory on your machine.\n\nDismember can be used to search memory of all processes it has access to, so running it as root is the most effective method.\n\nCommands are also included to list processes, explore process status and related information, draw process trees, and more...\n\n## Main Commands\n\n| Command   | Description                                                                              | \n|-----------|------------------------------------------------------------------------------------------|\n| `grep`    | Search process memory for a given string or regex                                        |\n| `scan`    | Search process memory for a set of predefined secret patterns                            | \n\n## Utility Commands\n\n| Command   | Description                                                                              | \n|-----------|------------------------------------------------------------------------------------------|\n| `files`   | Show a list of files being accessed by a process                                         |\n| `find`    | Find a PID given a process name. If multiple processes match, the first one is returned. |\n| `info`    | Show information about a process                                                         |\n| `kernel`  | Show information about the kernel                                                        | \n| `kill`    | Kill a process (or processes) using SIGKILL                                              | \n| `list`    | List all processes currently available on the system                                     | \n| `resume`  | Resume a suspended process using SIGCONT                                                 | \n| `suspend` | Suspend a process using SIGSTOP (use 'dismember resume' to leave suspension)             | \n| `tree`    | Show a tree diagram of a process and all children (defaults to PID 1).                   | \n\n## Installation\n\nGrab a binary from the [latest release](https://github.com/liamg/dismember/releases/latest) and add it to your path.\n\n## Usage Examples\n\n### Search for a pattern in a process by PID\n```bash\n# search memory owned by process 1234\ndismember grep -p 1234 'the password is .*'\n```\n\n### Search for a pattern in a process by name\n```bash\n# search memory owned by processes named \"nginx\" for a login form submission\ndismember grep -n nginx 'username=liamg\u0026password=.*'\n```\n\n### Search for a pattern across all processes\n```bash\n# find a github api token across all processes\ndismember grep 'gh[pousr]_[0-9a-zA-Z]{36}'\n```\n\n### Search for secrets in memory across all processes\n```bash\n# search all accessible memory for common secrets\ndismember scan\n```\n\n## FAQ\n\n\u003e Isn't this information all just sitting in `/proc`?\n\nPretty much. Dismember just reads and presents it for the most part. If you can get away with `grep whatever /proc/[pid]/blah` then go for it! I built this as an educational experience because I couldn't sleep one night and stayed up late reading the `proc` man-pages (I live an extremely rock 'n' roll lifestyle). It's not a replacement for existing tools, but perhaps it can complement them.\n\n\u003e Do you know how horrific some of these commands seem when read out of context?\n\n[Yes](https://twitter.com/liam_galvin/status/1540375769049960448).\n","funding_links":["https://github.com/sponsors/liamg"],"categories":["Go","加密、密码破解、字典"],"sub_categories":["网络服务_其他"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fliamg%2Fdismember","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fliamg%2Fdismember","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fliamg%2Fdismember/lists"}