mXtract is associate opensource Linux based mostly tool that analyzes and dumps memory. it's developed as associate offensive pentration testing tool, its primary purpose is to scan memory for personal keys, ips, and passwords exploitation regexes. Remember, your results area unit solely pretty much as good as your regexes.



Scan with prolix and with an easy scientific discipline regex, scanning each knowledge section, displaying method data and scanning atmosphere files.

Why dump directly from memory?

In most linux environments users can access the memory of processes, this allows attackers to harvest credentials, private keys, or anything that isnt suppose to be seen but is being processed by a program in clear text.


  • List of regex abilition
  • Display Clear and Readable
  • Run if Memory Range is Writable in Current Permissions
  • Output file in XML and HTML (process name:result)
  • Mass Scan Every Proccess or a Specific PID
  • Can choose memory sections to scan
  • Show Detailed Process Information
  • Scan Process Environment Files
  • Automatically removes unicode characters (manually allows processing with other tools)


  • $ git clone
  • $ cd mXtract && sh


  • $ ./mxtract -h
  • $ ./mxtract -wm -wr -e -i -d=/tmp/output/ -r=example_regexes.db
Next Post »