View Issue Details

IDProjectCategoryView StatusLast Update
0005512Kali Linux[All Projects] Kali Package Improvementpublic2019-06-03 12:11
Reporterg0tmi1kAssigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
Product Version 
Target VersionFixed in Version 
Summary0005512: volafox - Fix usage example
g0tmi1k@kali-dev:~$ volafox

volafox: Mac OS X Memory Analysis Toolkit
support: 10.6-8; 32/64-bit kernel
  input: *.vmem (VMWare memory file), *.mmr (Mac Memory Reader, flattened x86, IA-32e)
  usage: python /usr/bin/volafox -i IMAGE [-o COMMAND [-vp PID][-x PID][-x KEXT_ID][-x TASKID]]

-o CMD : Print kernel information for CMD (below)
-p PID : List open files for PID (where CMD is "lsof")
-v : Print all files, including unsupported types (where CMD is "lsof")
-x PID/KID/TASKID : Dump process/task/kernel extension address space for PID/KID/Task ID (where CMD is "ps"/"kextstat"/"tasks")

system_profiler : Kernel version, CPU, and memory spec, Boot/Sleep/Wakeup time
mount : Mounted filesystems
kextstat : KEXT (Kernel Extensions) listing
ps : Process listing
tasks : Task listing (& Matching Process List)
systab : Syscall table (Hooking Detection)
mtt : Mach trap table (Hooking Detection)
netstat : Network socket listing (Hash table)
lsof : Open files listing by process (research,
pestate : Show Boot information (experiment)
efiinfo : EFI System Table, EFI Runtime Services(experiment)
keychaindump : Dump master key candidates for decrypting keychain(Lion, ML)

Can `python /usr/bin/` be removed?


There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2019-06-03 12:11 g0tmi1k New Issue