{"id":13698491,"url":"https://github.com/sevagas/swap_digger","last_synced_at":"2025-04-05T21:07:51.728Z","repository":{"id":49147962,"uuid":"96909591","full_name":"sevagas/swap_digger","owner":"sevagas","description":" swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.","archived":false,"fork":false,"pushed_at":"2021-06-26T13:33:55.000Z","size":363,"stargazers_count":494,"open_issues_count":1,"forks_count":96,"subscribers_count":28,"default_branch":"master","last_synced_at":"2024-02-14T20:34:56.680Z","etag":null,"topics":["dfir","forensics","hacking","post-exploitation","security"],"latest_commit_sha":null,"homepage":"http://blog.sevagas.com/?Digging-passwords-in-Linux-swap","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sevagas.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-07-11T15:39:47.000Z","updated_at":"2024-02-13T20:55:33.000Z","dependencies_parsed_at":"2022-09-11T08:41:35.951Z","dependency_job_id":null,"html_url":"https://github.com/sevagas/swap_digger","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sevagas%2Fswap_digger","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sevagas%2Fswap_digger/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sevagas%2Fswap_digger/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sevagas%2Fswap_digger/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sevagas","download_url":"https://codeload.github.com/sevagas/swap_digger/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247399877,"owners_count":20932876,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dfir","forensics","hacking","post-exploitation","security"],"created_at":"2024-08-02T19:00:47.920Z","updated_at":"2025-04-05T21:07:51.695Z","avatar_url":"https://github.com/sevagas.png","language":"Shell","funding_links":[],"categories":["Challenges","Tools","Forensics","\u003ca id=\"505d67a56d03c921dd19737c28c3d8fc\"\u003e\u003c/a\u003eLinux"],"sub_categories":["Carving","Analysis / Gathering tool (Know your ennemies)","Steganography"],"readme":"![Bash version](https://img.shields.io/badge/Bash-4-brightgreen.svg) ![License](https://img.shields.io/badge/License-GPLv3-blue.svg)\n\n# swap\\_digger\n\nswap\\_digger is a bash script used to automate Linux swap analysis for\npost-exploitation or forensics purpose. It automates swap extraction and\nsearches for Linux user credentials, Web form credentials, Web form emails,\nHTTP basic authentication, WiFi SSID and keys, etc.\n\n![Sample run](/assets/swap_digger.png?raw=true \"Sample run\")\n\n## Download and run the tool\n\n### On your machine\n\nUse the following commands to download and run the script on your machine:\n\n```bash\ngit clone https://github.com/sevagas/swap_digger.git\ncd swap_digger\nchmod +x swap_digger.sh\nsudo ./swap_digger.sh -vx\n```\n\n![Extended run](/assets/swap_digger_extended.png?raw=true \"Extended run\")\n\n### On a mounted hard drive\n\nTo use swap\\_digger on a mounted hard drive, do the following:\n\nFirst, download the script using the following commands:\n```bash\ngit clone https://github.com/sevagas/swap_digger.git\ncd swap_digger\nchmod +x swap_digger.sh\n```\n\nThen, find the target swap file/partition with:\n```bash\nsudo ./swap_digger.sh -S\n``` \n\nFinally, analyze the target by running:\n```bash\nsudo ./swap_digger.sh -vx -r path/to/mounted/target/root/fs -s path/to/target/swap/device\n```\n\n### On a third party machine\n\nUse the following commands to download and run the script on a third party machine (useful for pentests and CTFs):\n\n```bash\nwget https://raw.githubusercontent.com/sevagas/swap_digger/master/swap_digger.sh\nchmod +x swap_digger.sh\nsudo ./swap_digger.sh -vx -c\n```\n\nNote: Use the `-c` option to automatically remove the directory created by swap\\_digger (`/tmp/swap_dig`).\n \n \n## Simple run\n\nIf you only need to recover clear text Linux user passwords, simply run:\n```bash\nsudo ./swap_digger.sh\n```\n\n## Available options\n\nAll options:\n```\n ./swap_digger.sh [ OPTIONS ]\n Options : \n  -x, --extended    Run Extended tests on the target swap to retrieve other interesting data\n        (web passwords, emails, wifi creds, most accessed urls, etc)\n  -g, --guessing  Try to guess potential passwords based on observations and stats\n        Warning: This option is not reliable, it may dig more passwords as well as hundreds false positives.\n  -h, --help    Display this help.\n  -v, --verbose Verbose mode.\n  -l, --log Log all outputs in a log file (protected inside the generated working directory).\n  -c, --clean Automatically erase the generated working directory at end of script (will also remove log file)\n  -r PATH, --root-path=PATH   Location of the target file-system root (default value is /)\n        Change this value for forensic analysis when target is a mounted file system.\n        This option has to  be used along the -s option to indicate path to swap device.\n  -s PATH, --swap-path=PATH   Location of swap device or swap dump to analyse\n        Use this option for forensic/remote analysis of a swap dump or a mounted external swap partition.\n        This option should be used with the -r option where at least /\u003croot-path\u003e/etc/shadow exists.\n  -S, --swap-search   Search for all available swap devices (use for forensics).\n```\n  \n## Relevant resources\n\nBlog posts about swap digging:\n - https://blog.sevagas.com/?Digging-passwords-in-Linux-swap\n\n## Contact\n\nFeel free to message me on my Twitter account [@EmericNasi](http://twitter.com/EmericNasi)\n\n## License and credits\n\n[The GNU General Public License version 3](https://opensource.org/licenses/GPL-3.0)\n\nCopyright 2017-2021 Emeric “Sio” Nasi ([blog](https://blog.sevagas.com))\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsevagas%2Fswap_digger","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsevagas%2Fswap_digger","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsevagas%2Fswap_digger/lists"}