pdgmail Package Description
Python script to gather gmail artifacts from a pd process memory dump. It’ll find what it can out of the memory image including contacts, emails, last acccess times, IP addresses etc.
pdgmail Homepage | Kali pdgmail Repo
- Author: Jeff Bryner
- License: GPLv2
Tools included in the pdgmail package
pdgmail – Extracts gmail artifacts from a pd dump
[email protected]:~# pdgmail -h
Usage: /usr/bin/pdgmail [OPTIONS]
Options:
-f, --file the file to use (stdin if no file given)
-b, --bodies don't look for message bodies (helpful if you're getting too many false positives on the mb regex)
-h, --help prints this
-v,--verbose be verbose (prints filename, other junk)
-V,--version prints just the version info and exits.
This expects to be unleashed on the result of running strings -el on a pd dump from windows process memory. Anything other than that, your mileage will certainly vary.
pdgmail Usage Example
Extract artifacts from file (f) file.dmp and be verbose (v).
[email protected]:~# pdgmail -v -f file.dmp