repositorypackage
0.0.0-20240313182602-55f644eba713
Repository: https://github.com/audibleblink/it-o.git
Documentation: pkg.go.dev
# README
IT-O
Hacky linux memory probe with a grep-like interface for on-the-fly searching.
ito -p 123 -r '.{20}[D|d]roid.{20}'
123 0x000002645f60 State)({username:"droid",password:""}),t=b(d.
123 0x000002645f60 x)(Xl.Input,{label:"Droid",name:"password", "
...
Or use baked-in yara rules to search for multiple things at once.
ito -p 123 -Y
0x00000023dc3a 123 "sql://root:[email protected]:3306/portal\"" username_and_password_in_uri
0x00000027d5ea 123 "http://jean:[email protected]/jean/api.git" username_and_password_in_uri
...
Yara
Rules in the rules directory are embedded in the resulting binary. Use the -Y flag to run them
against a PID.
Project uses https://github.com/hillu/go-yara go bindings which means CGO. Deps:
- automake
- libtool
- make
- gcc
- pkg-config
make deps
make ito
Credits
- Procfs code taken from
Prometheus - Initial yara rules from
shhgit