Turdshovel is an interactive CLI tool that allows users to dump objects from .NET memory dumps

Related tags

Command-line Toolsturdshovel
Overview

Turdshovel

logo

Description

Turdshovel is an interactive CLI tool that allows users to dump objects from .NET memory dumps without having to fully understand the intricacies of WinDbg. It uses Python.NET to wrap around ClrMD and perform basic operations for dumping objects and sections of memory. The primary goal of Turdshovel is to focus on finding secrets in memory dumps quickly.

It is absolutely not intended to be a full-fledged memory dump analysis tool.

Installation

Turdshovel is written in Python 3.8 and at the moment is expected to only work with Python 3.8. No testing has been performed with other Python versions. This is because Turdshovel has a dependency on Python.NET, which requires specific installations of its files per Python version. This may change in the future with the release of Python.NET 3.0 and Turdshovel will support Python >3.8 as long as Python.NET supports it.

Additionally, Turdshovel is meant to be installed on Windows and has only been tested on Windows. No testing has been performed with Linux. However, Turdshovel uses the .NET Standard 2.0 versions of ClrMD which supports:

  • .NET Core (2.0 - 6.0)
  • .NET Framework (4.6.1 - 4.8)
  • Mono (5.4, 6.4)

The inclusion of Mono may mean that Turdshovel works on Linux, especially since ClrMD does support Linux. However, future plans for Turdshovel may include features that will be limited to Windows due to dependencies. These features will not be supported on other OSes, so a Windows environment is your best bet for usage.

Microsoft offers free Windows 10 development environment VMs here.

Installing with Pipx

As a CLI tool, installation is highly recommended using Pipx to avoid any dependency confusions. Honestly, you should use Pipx for most Python CLI tools! Additionally, since Turdshovel only works with Python 3.8, this helps ensure that your virtual environment is set to use Python 3.8 at all times.

If your Pipx install was done with Python 3.8: pipx install turdshovel

If your Pipx install was done with different version: pipx install --python turdshovel

Usage

Turdshovel uses Nubia as its framework for an interactive CLI.

Command Arguments Description
load Loads a dump for a session
dump heap filter - Filter objects by strings Lists objects on the heap
dump obj address - Address of object to dump
save - Save ouput to disk		 Dumps object on heap by address
dump mem address - Address of memory to read
length - Length of bytes to read		 Dumps the memory in bytes at location
dump stat filter - Filter objects by strings
sort - Sort object by count or object
reverse - Reverse sorting output		 Dumps the count of each object on the heap
dump type types - Objects types Dumps the objects on the heap by type
help Show help
exit Exit

Commands

load

The load command takes the path to the file dump as an argument.

load command

dump heap

Similar to the dump heap command via SOS, this command will list the objects on the heap as well as their type. However, the output differs in that Turdshovel does not show objects which are listed as "Free" on the heap. You can optionally pass a list of strings as the filter.

dump heap

dump obj

Similar to the dump obj command via SOS, this command will dump all of the non-static fields of the object on the heap in JSON representation. You can also pass save=True to save the resulting JSON to disk.

IMPORTANT: When dumping a complex object, you may noticed fields . This indicates that the field would have caused a recursion error to occur so Turdshovel did not parse the field. This usually occurs with objects that reference themselves.

dump obj 1

dump obj 2

dump mem Prints the bytes at the location specified for the amount of bytes specified. This is useful when objects point to locations in memory that are not objects, such as encrypted data, or just seeing what is around any given memory address. The example shows a simple string which you could find with the strings command but there are better use cases, specifically with pointers!

dump mem

dump stat

Prints the count of each type of object. You can optionally filter the type using filter= and can sort the output by count or object using sort=.

dump stat

dump type

Dumps all objects of specific types. THIS CAN BE DANGEROUS so if you suspect a type might have a large amount of output, use "save=True" to write everything to disk.

dump type


Built With


Special Thanks

Owner
Leron Gray
Leron Gray
GitHub Repository
Openstack bucket retention cli

Openstack bucket retention cli

Fatih Sarhan 3 Apr 03, 2022
Rdwcli - Car list cli app with python

Rdwcli - Car list cli app with python

Arie Twigt 1 Feb 02, 2022
Tarstats - A simple Python commandline application that collects statistics about tarfiles

A simple Python commandline application that collects statistics about tarfiles.

Kristian Koehntopp 13 Feb 20, 2022
Python codecs extension featuring CLI tools for encoding/decoding anything

CodExt Encode/decode anything. This library extends the native codecs library (namely for adding new custom encodings and character mappings) and prov

Alex 210 Dec 30, 2022
A python CLI app that converts a mp4 file into a gif with ASCII effect added.

Video2ASCIIgif This CLI app takes in a mp4 format video, converts it to a gif with ASCII effect applied. This also includes full control over: backgro

Sriram R 6 Dec 31, 2021
Palm CLI - the tool-belt for data teams

Palm CLI: The extensible CLI at your fingertips Palm is a universal CLI developed to improve the life and work of data professionals. Palm CLI documen

Palmetto 41 Dec 12, 2022
Play WORDLE game in your terminal.

Wordle TUI Play WORDLE game in your terminal. The game will be kept the same as the Web version. Prerequisites Python 3.7+ Linux/MacOS (Windows is not

Frost Ming 61 Oct 30, 2022
Command Line (CLI) Application to automate creation of tasks in Redmine, issues on Github and the sync process of them.

Task Manager Automation Tool (TMAT) CLI Command Line (CLI) Application to automate creation of tasks in Redmine, issues on Github and the sync process

Tiamat 5 Apr 12, 2022
Modern line-oriented terminal emulator without support for TUIs.

Modern line-oriented terminal emulator without support for TUIs.

10 Jun 12, 2022
Quickly open any path on your terminal window in your $EDITOR of choice!

Tmux fpp Plugin wrapper around Facebook PathPicker. Quickly open any path on your terminal window in your $EDITOR of choice! Demo Dependencies fpp - F

257 Dec 28, 2022
Double Pendulum visualised with fetching system information in Python.

Show off your terminal, in style. A nice relaxing double pendulum simulation using ASCII, able to simulate multiple pendulums at once, and provide tra

Nekurone 62 Dec 14, 2022
This CLI give the possibility to do a queries in Star Wars API and returns a JSON in a terminal.

Star Wars CLI (swcli) This CLI give the possibility to do a queries in Star Wars API and returns a JSON in a terminal. Install $ pip install swcli Qu

Pery Lemke 5 Nov 05, 2021
A Hikari command handler for people who love ducks.

duckari A Hikari command handler made with love by ducks. Currently Duckari is work in progress. Documentation is WIP. The wiki is no longer used as d

2 Oct 09, 2022
open a remote repo locally quickly

A command line tool to peek a remote repo hosted on github or gitlab locally and view it in your favorite editor. The tool handles cleanup of the repo once you exit your editor.

Rahul Nair 44 Dec 16, 2022
A Telegram Bot Written In Python To Upload Medias To telegra.ph

Telegraph-Uploader A Telegram Bot Written In Python To Upload Medias To telegra.ph DEPLOY YOU CAN SIMPLY DEPLOY ON HEROKU BY CLICKING THE BUTTON BELOW

Rithunand 31 Dec 03, 2022
spade is the next-generation networking command line tool.

spade is the next-generation networking command line tool. Say goodbye to the likes of dig, ping and traceroute with more accessible, more informative and prettier output.

Vivaan Verma 5 Jan 28, 2022
Unconventional ways to save an Image

Unexpected Image Saves Unconventional ways to save an image 😄 Have you ever been bored by the same old .png, .jpg, .jpeg, .gif and all other image ex

Eric Mendes 15 Nov 06, 2022
pyGinit is a command line tools that help you to initialize your current project a local git repo and remote repo

pyGinit pyGinit is a command line tools that help you to initialize your current project a local git repo and remote repo Requirements Requirements be

AlphaBeta 15 Feb 26, 2022
AML Command Transfer. A lightweight tool to transfer any command line to Azure Machine Learning Services

AML Command Transfer (ACT) ACT is a lightweight tool to transfer any command from the local machine to AML or ITP, both of which are Azure Machine Lea

Microsoft 11 Aug 10, 2022
A simple note taker CLI program written in python

note-taker A simple note taker program written in python This allows you to snip your todo's, notes, and your tasks easily without extra charges Requi

marcusz 4 Nov 02, 2021