pdgmail 介绍

Python脚本收集PD进程内存转储,来自Gmail的产品。它会可以发现内存映射的内容,包括联系人,电子邮件,最后acccess时间,IP地址等

pdgmail 首页
pdgmail 源代码版本库

包含在pdgmail里的工具

pdgmail - 提取gmail的产品从PD转储的内容

:~# pdgmail -h
Usage: /usr/bin/pdgmail [OPTIONS]

Options:
   -f, --file       the file to use (stdin if no file given)
   -b, --bodies     don't look for message bodies (helpful if you're getting too many false positives on the mb regex)
   -h, --help       prints this
   -v,--verbose     be verbose (prints filename, other junk)
   -V,--version     prints just the version info and exits.

This expects to be unleashed on the result of running strings -el on a pd dump from windows process memory. Anything other than that, your mileage will certainly vary.

pdgmail 用法示例

从文件中提取文物(f)file.dmp,并详细显示(V)。

:~# pdgmail -v -f file.dmp