Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/sevagas/swap_digger
swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.
https://github.com/sevagas/swap_digger
dfir forensics hacking post-exploitation security
Last synced: 18 days ago
JSON representation
swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.
- Host: GitHub
- URL: https://github.com/sevagas/swap_digger
- Owner: sevagas
- License: gpl-3.0
- Created: 2017-07-11T15:39:47.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2021-06-26T13:33:55.000Z (over 3 years ago)
- Last Synced: 2024-02-14T20:34:56.680Z (10 months ago)
- Topics: dfir, forensics, hacking, post-exploitation, security
- Language: Shell
- Homepage: http://blog.sevagas.com/?Digging-passwords-in-Linux-swap
- Size: 354 KB
- Stars: 494
- Watchers: 28
- Forks: 96
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- ForensicsTools - swap_digger - A bash script used to automate Linux swap analysis, automating swap extraction and searches for Linux user credentials, Web form credentials, Web form emails, etc. (Challenges / Carving)
- awesome-forensics - swap_digger - A bash script used to automate Linux swap analysis, automating swap extraction and searches for Linux user credentials, Web form credentials, Web form emails, etc. (Tools / Carving)
- awesome-anti-forensic - Swap-digger - exploitation or forensics. (Tools / Analysis / Gathering tool (Know your ennemies))
- Awesome-Forensics - swap_digger - A bash script used to automate Linux swap analysis, automating swap extraction and searches for Linux user credentials, Web form credentials, Web form emails, etc. (Tools / Carving)
README
![Bash version](https://img.shields.io/badge/Bash-4-brightgreen.svg) ![License](https://img.shields.io/badge/License-GPLv3-blue.svg)
# swap\_digger
swap\_digger is a bash script used to automate Linux swap analysis for
post-exploitation or forensics purpose. It automates swap extraction and
searches for Linux user credentials, Web form credentials, Web form emails,
HTTP basic authentication, WiFi SSID and keys, etc.![Sample run](/assets/swap_digger.png?raw=true "Sample run")
## Download and run the tool
### On your machine
Use the following commands to download and run the script on your machine:
```bash
git clone https://github.com/sevagas/swap_digger.git
cd swap_digger
chmod +x swap_digger.sh
sudo ./swap_digger.sh -vx
```![Extended run](/assets/swap_digger_extended.png?raw=true "Extended run")
### On a mounted hard drive
To use swap\_digger on a mounted hard drive, do the following:
First, download the script using the following commands:
```bash
git clone https://github.com/sevagas/swap_digger.git
cd swap_digger
chmod +x swap_digger.sh
```Then, find the target swap file/partition with:
```bash
sudo ./swap_digger.sh -S
```Finally, analyze the target by running:
```bash
sudo ./swap_digger.sh -vx -r path/to/mounted/target/root/fs -s path/to/target/swap/device
```### On a third party machine
Use the following commands to download and run the script on a third party machine (useful for pentests and CTFs):
```bash
wget https://raw.githubusercontent.com/sevagas/swap_digger/master/swap_digger.sh
chmod +x swap_digger.sh
sudo ./swap_digger.sh -vx -c
```Note: Use the `-c` option to automatically remove the directory created by swap\_digger (`/tmp/swap_dig`).
## Simple runIf you only need to recover clear text Linux user passwords, simply run:
```bash
sudo ./swap_digger.sh
```## Available options
All options:
```
./swap_digger.sh [ OPTIONS ]
Options :
-x, --extended Run Extended tests on the target swap to retrieve other interesting data
(web passwords, emails, wifi creds, most accessed urls, etc)
-g, --guessing Try to guess potential passwords based on observations and stats
Warning: This option is not reliable, it may dig more passwords as well as hundreds false positives.
-h, --help Display this help.
-v, --verbose Verbose mode.
-l, --log Log all outputs in a log file (protected inside the generated working directory).
-c, --clean Automatically erase the generated working directory at end of script (will also remove log file)
-r PATH, --root-path=PATH Location of the target file-system root (default value is /)
Change this value for forensic analysis when target is a mounted file system.
This option has to be used along the -s option to indicate path to swap device.
-s PATH, --swap-path=PATH Location of swap device or swap dump to analyse
Use this option for forensic/remote analysis of a swap dump or a mounted external swap partition.
This option should be used with the -r option where at least //etc/shadow exists.
-S, --swap-search Search for all available swap devices (use for forensics).
```
## Relevant resourcesBlog posts about swap digging:
- https://blog.sevagas.com/?Digging-passwords-in-Linux-swap## Contact
Feel free to message me on my Twitter account [@EmericNasi](http://twitter.com/EmericNasi)
## License and credits
[The GNU General Public License version 3](https://opensource.org/licenses/GPL-3.0)
Copyright 2017-2021 Emeric “Sio” Nasi ([blog](https://blog.sevagas.com))