{"id":17682973,"url":"https://github.com/ytisf/muninn","last_synced_at":"2025-05-07T21:44:34.153Z","repository":{"id":19056194,"uuid":"22282564","full_name":"ytisf/muninn","owner":"ytisf","description":"A short and small memory forensics helper.","archived":false,"fork":false,"pushed_at":"2017-10-18T07:47:52.000Z","size":545,"stargazers_count":52,"open_issues_count":0,"forks_count":9,"subscribers_count":10,"default_branch":"master","last_synced_at":"2025-03-31T14:22:13.903Z","etag":null,"topics":["memory-forensics","python","volatility"],"latest_commit_sha":null,"homepage":"http://ytisf.github.io/muninn/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ytisf.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2014-07-26T09:14:41.000Z","updated_at":"2024-09-06T15:06:56.000Z","dependencies_parsed_at":"2022-08-21T05:40:35.817Z","dependency_job_id":null,"html_url":"https://github.com/ytisf/muninn","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ytisf%2Fmuninn","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ytisf%2Fmuninn/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ytisf%2Fmuninn/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ytisf%2Fmuninn/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ytisf","download_url":"https://codeload.github.com/ytisf/muninn/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252961835,"owners_count":21832190,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["memory-forensics","python","volatility"],"created_at":"2024-10-24T09:43:59.551Z","updated_at":"2025-05-07T21:44:34.130Z","avatar_url":"https://github.com/ytisf.png","language":"Python","funding_links":[],"categories":["Memory Forensics","\u003ca id=\"ecb63dfb62722feb6d43a9506515b4e3\"\u003e\u003c/a\u003e新添加"],"sub_categories":["Other Resources"],"readme":"# Muninn - The Volatility Reporter\n\n##About\nMuninn was built to allow an easier approach to initial memory forensics on Windows 7 and Windows XP machines. Usually, when approaching a memory analysis we start by plotting out the basics and looking for the exceptions. This usually involves a lot of commandlining for each and every data set with Volatility. \nMuninn will take a case number and a memory image and will try to grab the basic pieces of data _**we**_ usually look for and export them into a readable txt file which will be 'nicer' to read by a human being. It does not try to lead the memory forensics from a to z but rather to help the auditor through the initial plotting.\nTo check for updates or submit changes follow this repository at the [official repository](https://github.com/ytisf/Muninn)\nThis program is licensed under GPLv3.\n\n##Installation\nClone this repository using:\n\n    git clone https://www.github.com/ytisf/muninn\n\nMake sure you have all the dependencies installed:\n\n    sudo pip install prettytable\n    \nMake sure [Volatility](https://code.google.com/p/volatility/) is installed and linked to vol.py . \n\n    sudo apt-get install subversion pcregrep libpcre++-dev python-dev build-essentia libgmp3-dev\n    sudo apt-get install python-pycryptopp sqlite3 libsqlite3-dev\n    wget https://volatility.googlecode.com/files/volatility-2.3.tar.gz\n    tar xfv volatility-2.3.tar.gz\n    cd volatility-2.3/\n    sudo python setup.py install\n\n##How To\nThe basic command line arguments for Muninn are:\n\n    Options:\n        -h, --help                           show this help message and exit\n        -f FILENAME, --file=FILENAME         The path to memory image to analyse\n        -c CASENUMBER, --case=CASENUMBER     Case number to use\n\nThe image location and case number are mandatory.\n\nMuninn can be tested using the [memory dumps](https://code.google.com/p/volatility/wiki/PublicMemoryImages) which were published by the guys of Volatility here\n\n\n##Documentation\nBasic structure of Muninn is:\n\n* **imports**\n* vol_handler.py \n* error_handler.py\n* report_manager.py\n* muninn.py\n* README.md\n\n###muninn.py\nThe main execution file. This file just calls other imports. This file manages the flow of the application and is a bit documented. Function names and calls are simple to understand.\n###error_handler.py\nThis manages errors in the program. It is very simple and not documented (since there is nothing to document). Every other python module in this application will call error_handler.py for output to the user (screen).\n###report_manager.py\nWill be called to write the report file. It manages the functions:\n\n* **\\_\\_init___** - \n* **InitiateDocument** - Will create the first block of the document and create the file_handler.\n* **print_title** - Will add a header to the file.\n* **print_table** - Will add a table to the report (since we have many).\n* **save** - This will save the document properly and close the file_handler.\n\n###vol_handler.py\n\u003e Warning! Black magic regexing here!\n\u003e You've been warned!\n\n* **\\_\\_init__** - This will initialize constructs. In general, all of the function will try to store the output in the main class as attributes to the class and not as a return option or anything like that.\n* **regex_search** - Just what it says.\n* **check_if_vol_is_installed** - Diddo.\n* **get_image_type** - First time we use Volatility, and we use it to get image type. \n* **document_image_details** - Generates basic image details such as MD5.\n* **get_process_list** - Takes the process list from the memory image.\n* **hive_list** - Gets all the hives. Used also at *find\\_hashes*\n* **find_hashes** - Extract hashes (and users) from mem image. \n* **get_network_connections** - Extract all UDP and TCP connections. (black craft magic van-dam regex vodoo here)\n* **get_runkey_from_reg** - Gets the startup keys from the Registry.\n* **drivers** - creates the self._drivers object and fills it we the drivers' list.\n\n###README.md\nJust this readme file.\n\n##GPLv3\nMuninn - An Automatic Initial Memory Forensics Tool\nCopyright (C) 2014 Yuval tisf Nativ\n\nThis program is free software: you can redistribute it and/or modify\nit under the terms of the GNU General Public License as published by\nthe Free Software Foundation, either version 3 of the License, or\n(at your option) any later version.\n\nThis program is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\nGNU General Public License for more details.\n\nYou should have received a copy of the GNU General Public License\nalong with this program.  If not, see \u003chttp://www.gnu.org/licenses/\u003e.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fytisf%2Fmuninn","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fytisf%2Fmuninn","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fytisf%2Fmuninn/lists"}