mirror of
https://github.com/Ed1s0nZ/CyberStrikeAI.git
synced 2026-03-31 00:09:29 +02:00
52 lines
1.3 KiB
YAML
52 lines
1.3 KiB
YAML
name: "volatility"
|
||
command: "volatility"
|
||
enabled: true
|
||
short_description: "内存取证分析工具"
|
||
description: |
|
||
Volatility是一个内存取证框架,用于从内存转储中提取数字证据。
|
||
|
||
**主要功能:**
|
||
- 内存转储分析
|
||
- 进程列表提取
|
||
- 网络连接分析
|
||
- 文件系统重建
|
||
|
||
**使用场景:**
|
||
- 内存取证
|
||
- 恶意软件分析
|
||
- 事件响应
|
||
- 数字取证
|
||
parameters:
|
||
- name: "memory_file"
|
||
type: "string"
|
||
description: "内存转储文件路径"
|
||
required: true
|
||
flag: "-f"
|
||
format: "flag"
|
||
- name: "plugin"
|
||
type: "string"
|
||
description: "要使用的Volatility插件"
|
||
required: true
|
||
position: 0
|
||
format: "positional"
|
||
- name: "profile"
|
||
type: "string"
|
||
description: "内存配置文件"
|
||
required: false
|
||
flag: "--profile"
|
||
format: "flag"
|
||
- name: "additional_args"
|
||
type: "string"
|
||
description: |
|
||
额外的volatility参数。用于传递未在参数列表中定义的volatility选项。
|
||
|
||
**示例值:**
|
||
- 根据工具特性添加常用参数示例
|
||
|
||
**注意事项:**
|
||
- 多个参数用空格分隔
|
||
- 确保参数格式正确,避免命令注入
|
||
- 此参数会直接追加到命令末尾
|
||
required: false
|
||
format: "positional"
|