今天给大家介绍的是一款名叫Swap Digger的工具，大家可以利用这款工具自动化搜索并提取Linux用户凭证、Web表单凭证、Web表单邮件、HTTP认证数据、WiFi SSID和密钥等等。

Swap_Digger是一个Bash脚本，它可以自动对目标Linux系统进行数据提取和分析，它不仅能给取证人员提供数据支持，而且还能给渗透测试人员提供后渗透阶段所需的信息。

下载并运行工具

在本地主机上打开命令行终端，输入下列命令下载并运行Swap_Digger脚本：

	alice@1nvuln3r4bl3:~$git clone https://github.com/sevagas/swap_digger.git 



	alice@1nvuln3r4bl3:~$cd swap_digger



	alice@1nvuln3r4bl3:~$chmod +x swap_digger.sh



	alice@1nvuln3r4bl3:~$sudo ./swap_digger.sh -v

在加载的硬盘驱动器上，首先使用下列命令下载脚本：

	alice@1nvuln3r4bl3:~$git clone https://github.com/sevagas/swap_digger.git 



	alice@1nvuln3r4bl3:~$cd swap_digger



	alice@1nvuln3r4bl3:~$chmod +x swap_digger.sh

接下来，寻找目标swap文件/分区：

alice@1nvuln3r4bl3:~$sudo ./swap_digger.sh -S

最后，运行下列命令对目标进行分析：

alice@1nvuln3r4bl3:~$sudo ./swap_digger.sh -vx -r path/to/mounted/target/root/fs -spath/to/target/swap/device

在第三方设备上，使用下列命令下载并运行脚本（可用于渗透测试和CTF）：

	alice@1nvuln3r4bl3:~$wgethttps://raw.githubusercontent.com/sevagas/swap_digger/master/swap_digger.sh 



	alice@1nvuln3r4bl3:~$chmod +x swap_digger.sh



	alice@1nvuln3r4bl3:~$sudo ./swap_digger.sh -vx

简单运行

如果你只需要恢复出Linux用户的明文密码，可以直接运行下列命令：

alice@1nvuln3r4bl3:~$sudo ./swap_digger.sh

可用选项

	./swap_digger.sh[ OPTIONS ]



	Options :



	-x, --extended    Run Extended tests on the target swap toretrieve other interesting data 



	 (web passwords, emails, wifi creds,most accessed urls, etc) 



	 -g, --guessing  Try to guess potential passwords  d onobservations and stats 



	 Warning: This option is not reliable,it may dig more passwords as well as hundreds false positives. 



	 -h, --help   Display this help. 



	 -v, --verbose Verbose mode. 



	 -l, --log Log all outputs in a log file(protected inside the generated working directory). 



	 -c, --clean Automatically erase the generatedworking directory at end of   (will also remove log file) 



	 -r PATH, --root-path=PATH   Location of the target file-system root(default value is /) 



	 Change this value for forensic analysiswhen target is a mounted file system. 



	 This option has to  be used along the -s option to indicate pathto swap device. 



	 -s PATH, --swap-path=PATH   Location of swap device or swap dump toanalyse



	Use this option for forensic/remoteanalysis of a swap dump or a mounted external swap partition.



	This option should be used with the -roption where at least //etc/shadow exists.






	-S, --swap-search   Search for all available swap devices (usefor forensics).