Skip to content
/ memscan Public

Searches for strings, regex, credit card numbers of magnetic stripe card tracks in a Windows process's memory space

License

AGPL-3.0 license
124 stars 23 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

nccgroup/memscan

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
MemoryScanner
MemoryScanner
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
memscan.sln
memscan.sln
 
 

Repository files navigation

memscan

Searches for strings, regex, credit card numbers of magnetic stripe card tracks in a process's memory space

Memory/Process Scanner
Written by Matt Lewis, NCC Group 2014
Updated by Tom Watson, NCC Group 2015
Thanks to Jesse Bullock for lots of great ideas

Released as open source by NCC Group Plc - http://www.nccgroup.com/

Developed by Matt Lewis and Tom Watson, matt [dot] lewis [at] nccgroup [dot] com & tom [dot] watson [at] nccgroup [dot] com

http://www.github.com/nccgroup/memscan

Released under AGPL, see LICENSE for more information

Synopsis - keeps scanning a process memory space for a search string (unicode and ascii), regex pattern, credit card data or magnetic stripe data then if found, spits these out either to stdout, a file or a socket to a remote listener

Useful for memory scraping a process, a post-exploitation POC or instrumentation tool to be used during fuzzing.

TODO - Lots of duplicated code could be refactored out

Code adapted from http://www.codeproject.com/Articles/716227/Csharp-How-to-Scan-a-Process-Memory
Original code licensed under CPOL: http://www.codeproject.com/info/cpol10.aspx

Usage

memscan
-string -s [pid] [Remote IP] [Remote Port] [delay] [width] [search term]
-string -f [pid] [filename] [delay] [width] [search term]
-string -o [pid] [delay] [width] [search term]
-regex -s [pid] [Remote IP] [Remote Port] [delay] [width] [regex]
-regex -f [pid] [filename] [delay] [width] [regex]
-regex -o [pid] [delay] [width] [regex]
-ccdata -s [pid] [Remote IP] [Remote Port] [delay]
-ccdata -f [pid] [filename] [delay]
-ccdata -o [pid] [delay]
-msdata -s [pid] [Remote IP] [Remote Port] [delay]
-msdata -f [pid] [filename] [delay]
-msdata -o [pid] [delay]
-proclist

Flag Definitions:
-string search for string
-regex search for regex pattern
-ccdata search for credit card data
-msdata search for magenetic stripe data
-s write output to socket
-f write output to a file
-o write output to terminal
delay time to wait between each memchunk scan
width amount of data to display before and after search term
string to look for in memory (spaces allowed)
regex to look for in memory (e.g. 3[47][0-9]{13})

About

Searches for strings, regex, credit card numbers of magnetic stripe card tracks in a Windows process's memory space

Resources

Readme

License

AGPL-3.0 license
Activity
Custom properties

Stars

124 stars

Watchers

10 watching

Forks

23 forks
Report repository

Releases 1

First release with extended search functionality Latest
Jul 23, 2015

Packages

No packages published

Languages