The Memory Scraper is a legitimate tool for Memory/RAM scraping vulnerability testing on Windows applications. By running this tool, specific patterns can be found in the memory, e.g. credit cards numbers, URLs or any other regular expression. One of the major advantages of the Memory Scraper is the ability to run continues testing on the scanned process. This means that if a sensitive data stored in the memory, even for a very short time, the Memory Scraper finds it.
Use the command line to clone the git locally.
$ cd your_repo_root/repo_name $ git clone https://github.com/SecurityTools/MemoryScraper.git
This tool tested on Windows 7, 8 and 8.1. It runs without administrative privileges on Windows 7, but requires to "run as administrator" on Windows 8 and above.
Get the code and verify it's legitimate software :-)
Once you build the project, the start screen pops up. Click "Run".
The Processes List window allows to choose the process to read from a drop-down list. Choose the required process from the drop-down list and press on "Select Process". Note: If you see a process name that appears more than one time on the list and you're not sure which to select - don't worry, it doesn't matter (just right now) which one you will select because the next window will help you. Note: If a process appears more than once in the list, it means that there are several running processes with the same name. Therefore, "Multiple Processes Scan" window should appear. This window lets you to decide which PID (process ID) you want the scan, among all the processes that have the process name you selected earlier. Choose a process and click "Select process".
In the new window you can start searching the data by choosing a regular expression and pressing on "Start".
Once you click "Start scan", the scan starts and when Memory Scraper finishes scanning all the data of the process - it starts over again until stopped explicitly.This way Memory Scraper is scanning and showing results in real time and update it results according to the changes being made in the selected process's data. If more information about the selected process needed, click "Process Info". This opens a window called "Process Information" which shows more details. Click "Process Info" again in order to close that window.