volatility3.plugins.linux.malware package

All core linux malware plugins.

These modules should only be imported from volatility3.plugins NOT volatility3.framework.plugins

Submodules

• volatility3.plugins.linux.malware.check_afinfo module
  • Check_afinfo
    • Check_afinfo.build_configuration()
    • Check_afinfo.check_afinfo()
    • Check_afinfo.config
    • Check_afinfo.config_path
    • Check_afinfo.context
    • Check_afinfo.get_requirements()
    • Check_afinfo.make_subconfig()
    • Check_afinfo.open
    • Check_afinfo.run()
    • Check_afinfo.set_open_method()
    • Check_afinfo.unsatisfied()
    • Check_afinfo.version
• volatility3.plugins.linux.malware.check_creds module
  • Check_creds
    • Check_creds.build_configuration()
    • Check_creds.config
    • Check_creds.config_path
    • Check_creds.context
    • Check_creds.get_requirements()
    • Check_creds.make_subconfig()
    • Check_creds.open
    • Check_creds.run()
    • Check_creds.set_open_method()
    • Check_creds.unsatisfied()
    • Check_creds.version
• volatility3.plugins.linux.malware.check_idt module
  • Check_idt
    • Check_idt.build_configuration()
    • Check_idt.config
    • Check_idt.config_path
    • Check_idt.context
    • Check_idt.get_idt_type()
    • Check_idt.get_requirements()
    • Check_idt.make_subconfig()
    • Check_idt.open
    • Check_idt.run()
    • Check_idt.set_open_method()
    • Check_idt.unsatisfied()
    • Check_idt.version
• volatility3.plugins.linux.malware.check_modules module
  • Check_modules
    • Check_modules.build_configuration()
    • Check_modules.compare_kset_and_lsmod()
    • Check_modules.config
    • Check_modules.config_path
    • Check_modules.context
    • Check_modules.get_kset_modules()
    • Check_modules.get_requirements()
    • Check_modules.implementation()
    • Check_modules.make_subconfig()
    • Check_modules.open
    • Check_modules.run()
    • Check_modules.set_open_method()
    • Check_modules.unsatisfied()
    • Check_modules.version
• volatility3.plugins.linux.malware.check_syscall module
  • Check_syscall
    • Check_syscall.build_configuration()
    • Check_syscall.config
    • Check_syscall.config_path
    • Check_syscall.context
    • Check_syscall.get_requirements()
    • Check_syscall.make_subconfig()
    • Check_syscall.open
    • Check_syscall.run()
    • Check_syscall.set_open_method()
    • Check_syscall.unsatisfied()
    • Check_syscall.version
• volatility3.plugins.linux.malware.hidden_modules module
  • Hidden_modules
    • Hidden_modules.build_configuration()
    • Hidden_modules.config
    • Hidden_modules.config_path
    • Hidden_modules.context
    • Hidden_modules.find_hidden_modules()
    • Hidden_modules.get_hidden_modules()
    • Hidden_modules.get_lsmod_module_addresses()
    • Hidden_modules.get_modules_memory_boundaries()
    • Hidden_modules.get_requirements()
    • Hidden_modules.implementation()
    • Hidden_modules.make_subconfig()
    • Hidden_modules.open
    • Hidden_modules.run()
    • Hidden_modules.set_open_method()
    • Hidden_modules.unsatisfied()
    • Hidden_modules.version
• volatility3.plugins.linux.malware.keyboard_notifiers module
  • Keyboard_notifiers
    • Keyboard_notifiers.build_configuration()
    • Keyboard_notifiers.config
    • Keyboard_notifiers.config_path
    • Keyboard_notifiers.context
    • Keyboard_notifiers.get_requirements()
    • Keyboard_notifiers.make_subconfig()
    • Keyboard_notifiers.open
    • Keyboard_notifiers.run()
    • Keyboard_notifiers.set_open_method()
    • Keyboard_notifiers.unsatisfied()
    • Keyboard_notifiers.version
• volatility3.plugins.linux.malware.malfind module
  • Malfind
    • Malfind.MAX_DUMPSIZE_DEFAULT
    • Malfind.build_configuration()
    • Malfind.config
    • Malfind.config_path
    • Malfind.context
    • Malfind.get_requirements()
    • Malfind.make_subconfig()
    • Malfind.open
    • Malfind.run()
    • Malfind.set_open_method()
    • Malfind.unsatisfied()
    • Malfind.version
  • MaliciousFlags
    • MaliciousFlags.RWX
    • MaliciousFlags.RX
    • MaliciousFlags.X_DIRTY
    • MaliciousFlags.as_integer_ratio()
    • MaliciousFlags.bit_count()
    • MaliciousFlags.bit_length()
    • MaliciousFlags.conjugate()
    • MaliciousFlags.denominator
    • MaliciousFlags.from_bytes()
    • MaliciousFlags.imag
    • MaliciousFlags.numerator
    • MaliciousFlags.real
    • MaliciousFlags.to_bytes()
• volatility3.plugins.linux.malware.modxview module
  • Modxview
    • Modxview.build_configuration()
    • Modxview.config
    • Modxview.config_path
    • Modxview.context
    • Modxview.flatten_run_modules_results()
    • Modxview.get_requirements()
    • Modxview.make_subconfig()
    • Modxview.open
    • Modxview.run()
    • Modxview.run_modules_scanners()
    • Modxview.set_open_method()
    • Modxview.unsatisfied()
    • Modxview.version
• volatility3.plugins.linux.malware.netfilter module
  • AbstractNetfilter
    • AbstractNetfilter.NF_MAX_HOOKS
    • AbstractNetfilter.PROTO_HOOKS
    • AbstractNetfilter.build_nf_hook_ops_array()
    • AbstractNetfilter.get_hook_ops()
    • AbstractNetfilter.get_hooks_container()
    • AbstractNetfilter.get_member_type()
    • AbstractNetfilter.get_module_name_for_address()
    • AbstractNetfilter.get_net_namespaces()
    • AbstractNetfilter.get_symbol_fullname()
    • AbstractNetfilter.run_all()
    • AbstractNetfilter.subscribed_protocols()
    • AbstractNetfilter.symtab_checks()
  • AbstractNetfilterNetDev
    • AbstractNetfilterNetDev.NF_MAX_HOOKS
    • AbstractNetfilterNetDev.PROTO_HOOKS
    • AbstractNetfilterNetDev.build_nf_hook_ops_array()
    • AbstractNetfilterNetDev.get_hook_ops()
    • AbstractNetfilterNetDev.get_hooks_container()
    • AbstractNetfilterNetDev.get_member_type()
    • AbstractNetfilterNetDev.get_module_name_for_address()
    • AbstractNetfilterNetDev.get_net_namespaces()
    • AbstractNetfilterNetDev.get_symbol_fullname()
    • AbstractNetfilterNetDev.run_all()
    • AbstractNetfilterNetDev.subscribed_protocols()
    • AbstractNetfilterNetDev.symtab_checks()
  • Netfilter
    • Netfilter.build_configuration()
    • Netfilter.config
    • Netfilter.config_path
    • Netfilter.context
    • Netfilter.get_requirements()
    • Netfilter.make_subconfig()
    • Netfilter.open
    • Netfilter.run()
    • Netfilter.set_open_method()
    • Netfilter.unsatisfied()
    • Netfilter.version
  • NetfilterImp_4_14_to_4_16
    • NetfilterImp_4_14_to_4_16.NF_MAX_HOOKS
    • NetfilterImp_4_14_to_4_16.PROTO_HOOKS
    • NetfilterImp_4_14_to_4_16.build_nf_hook_ops_array()
    • NetfilterImp_4_14_to_4_16.get_hook_ops()
    • NetfilterImp_4_14_to_4_16.get_hooks_container()
    • NetfilterImp_4_14_to_4_16.get_member_type()
    • NetfilterImp_4_14_to_4_16.get_module_name_for_address()
    • NetfilterImp_4_14_to_4_16.get_net_namespaces()
    • NetfilterImp_4_14_to_4_16.get_nf_hook_entries()
    • NetfilterImp_4_14_to_4_16.get_symbol_fullname()
    • NetfilterImp_4_14_to_4_16.run_all()
    • NetfilterImp_4_14_to_4_16.subscribed_protocols()
    • NetfilterImp_4_14_to_4_16.symtab_checks()
  • NetfilterImp_4_16_to_latest
    • NetfilterImp_4_16_to_latest.NF_MAX_HOOKS
    • NetfilterImp_4_16_to_latest.PROTO_HOOKS
    • NetfilterImp_4_16_to_latest.build_nf_hook_ops_array()
    • NetfilterImp_4_16_to_latest.get_hook_ops()
    • NetfilterImp_4_16_to_latest.get_hooks_container()
    • NetfilterImp_4_16_to_latest.get_member_type()
    • NetfilterImp_4_16_to_latest.get_module_name_for_address()
    • NetfilterImp_4_16_to_latest.get_net_namespaces()
    • NetfilterImp_4_16_to_latest.get_nf_hook_entries()
    • NetfilterImp_4_16_to_latest.get_symbol_fullname()
    • NetfilterImp_4_16_to_latest.run_all()
    • NetfilterImp_4_16_to_latest.subscribed_protocols()
    • NetfilterImp_4_16_to_latest.symtab_checks()
  • NetfilterImp_4_3_to_4_9
    • NetfilterImp_4_3_to_4_9.NF_MAX_HOOKS
    • NetfilterImp_4_3_to_4_9.PROTO_HOOKS
    • NetfilterImp_4_3_to_4_9.build_nf_hook_ops_array()
    • NetfilterImp_4_3_to_4_9.get_hook_ops()
    • NetfilterImp_4_3_to_4_9.get_hooks_container()
    • NetfilterImp_4_3_to_4_9.get_member_type()
    • NetfilterImp_4_3_to_4_9.get_module_name_for_address()
    • NetfilterImp_4_3_to_4_9.get_net_namespaces()
    • NetfilterImp_4_3_to_4_9.get_symbol_fullname()
    • NetfilterImp_4_3_to_4_9.run_all()
    • NetfilterImp_4_3_to_4_9.subscribed_protocols()
    • NetfilterImp_4_3_to_4_9.symtab_checks()
  • NetfilterImp_4_9_to_4_14
    • NetfilterImp_4_9_to_4_14.NF_MAX_HOOKS
    • NetfilterImp_4_9_to_4_14.PROTO_HOOKS
    • NetfilterImp_4_9_to_4_14.build_nf_hook_ops_array()
    • NetfilterImp_4_9_to_4_14.get_hook_ops()
    • NetfilterImp_4_9_to_4_14.get_hooks_container()
    • NetfilterImp_4_9_to_4_14.get_member_type()
    • NetfilterImp_4_9_to_4_14.get_module_name_for_address()
    • NetfilterImp_4_9_to_4_14.get_net_namespaces()
    • NetfilterImp_4_9_to_4_14.get_symbol_fullname()
    • NetfilterImp_4_9_to_4_14.run_all()
    • NetfilterImp_4_9_to_4_14.subscribed_protocols()
    • NetfilterImp_4_9_to_4_14.symtab_checks()
  • NetfilterImp_to_4_3
    • NetfilterImp_to_4_3.NF_MAX_HOOKS
    • NetfilterImp_to_4_3.PROTO_HOOKS
    • NetfilterImp_to_4_3.build_nf_hook_ops_array()
    • NetfilterImp_to_4_3.get_hook_ops()
    • NetfilterImp_to_4_3.get_hooks_container()
    • NetfilterImp_to_4_3.get_member_type()
    • NetfilterImp_to_4_3.get_module_name_for_address()
    • NetfilterImp_to_4_3.get_net_namespaces()
    • NetfilterImp_to_4_3.get_symbol_fullname()
    • NetfilterImp_to_4_3.run_all()
    • NetfilterImp_to_4_3.subscribed_protocols()
    • NetfilterImp_to_4_3.symtab_checks()
  • NetfilterNetDevImp_4_14_to_latest
    • NetfilterNetDevImp_4_14_to_latest.NF_MAX_HOOKS
    • NetfilterNetDevImp_4_14_to_latest.PROTO_HOOKS
    • NetfilterNetDevImp_4_14_to_latest.build_nf_hook_ops_array()
    • NetfilterNetDevImp_4_14_to_latest.get_hook_ops()
    • NetfilterNetDevImp_4_14_to_latest.get_hooks_container()
    • NetfilterNetDevImp_4_14_to_latest.get_member_type()
    • NetfilterNetDevImp_4_14_to_latest.get_module_name_for_address()
    • NetfilterNetDevImp_4_14_to_latest.get_net_namespaces()
    • NetfilterNetDevImp_4_14_to_latest.get_symbol_fullname()
    • NetfilterNetDevImp_4_14_to_latest.run_all()
    • NetfilterNetDevImp_4_14_to_latest.subscribed_protocols()
    • NetfilterNetDevImp_4_14_to_latest.symtab_checks()
  • NetfilterNetDevImp_4_2_to_4_9
    • NetfilterNetDevImp_4_2_to_4_9.NF_MAX_HOOKS
    • NetfilterNetDevImp_4_2_to_4_9.PROTO_HOOKS
    • NetfilterNetDevImp_4_2_to_4_9.build_nf_hook_ops_array()
    • NetfilterNetDevImp_4_2_to_4_9.get_hook_ops()
    • NetfilterNetDevImp_4_2_to_4_9.get_hooks_container()
    • NetfilterNetDevImp_4_2_to_4_9.get_member_type()
    • NetfilterNetDevImp_4_2_to_4_9.get_module_name_for_address()
    • NetfilterNetDevImp_4_2_to_4_9.get_net_namespaces()
    • NetfilterNetDevImp_4_2_to_4_9.get_symbol_fullname()
    • NetfilterNetDevImp_4_2_to_4_9.run_all()
    • NetfilterNetDevImp_4_2_to_4_9.subscribed_protocols()
    • NetfilterNetDevImp_4_2_to_4_9.symtab_checks()
  • NetfilterNetDevImp_4_9_to_4_14
    • NetfilterNetDevImp_4_9_to_4_14.NF_MAX_HOOKS
    • NetfilterNetDevImp_4_9_to_4_14.PROTO_HOOKS
    • NetfilterNetDevImp_4_9_to_4_14.build_nf_hook_ops_array()
    • NetfilterNetDevImp_4_9_to_4_14.get_hook_ops()
    • NetfilterNetDevImp_4_9_to_4_14.get_hooks_container()
    • NetfilterNetDevImp_4_9_to_4_14.get_member_type()
    • NetfilterNetDevImp_4_9_to_4_14.get_module_name_for_address()
    • NetfilterNetDevImp_4_9_to_4_14.get_net_namespaces()
    • NetfilterNetDevImp_4_9_to_4_14.get_symbol_fullname()
    • NetfilterNetDevImp_4_9_to_4_14.run_all()
    • NetfilterNetDevImp_4_9_to_4_14.subscribed_protocols()
    • NetfilterNetDevImp_4_9_to_4_14.symtab_checks()
  • Proto
    • Proto.hooks
    • Proto.name
• volatility3.plugins.linux.malware.process_spoofing module
  • ProcessSpoofing
    • ProcessSpoofing.build_configuration()
    • ProcessSpoofing.config
    • ProcessSpoofing.config_path
    • ProcessSpoofing.context
    • ProcessSpoofing.extract_process_names()
    • ProcessSpoofing.get_cmdline_basename()
    • ProcessSpoofing.get_comm()
    • ProcessSpoofing.get_executable_path()
    • ProcessSpoofing.get_requirements()
    • ProcessSpoofing.make_subconfig()
    • ProcessSpoofing.open
    • ProcessSpoofing.run()
    • ProcessSpoofing.set_open_method()
    • ProcessSpoofing.unsatisfied()
    • ProcessSpoofing.version
• volatility3.plugins.linux.malware.tty_check module
  • Tty_Check
    • Tty_Check.build_configuration()
    • Tty_Check.config
    • Tty_Check.config_path
    • Tty_Check.context
    • Tty_Check.get_requirements()
    • Tty_Check.make_subconfig()
    • Tty_Check.open
    • Tty_Check.run()
    • Tty_Check.set_open_method()
    • Tty_Check.unsatisfied()
    • Tty_Check.version