volatility VS masscan

I need this to create generate a custom symbols table (using dwarf2json), in order to run a memory dump acquired by Ubuntu 22.04, as Ubuntu 22.04 kernel does not work anymore with volatility 2 (Issue here: volatilityfoundation/volatility#828)

Take a look at this link and specifically note how the profiles are named, especially Ubuntu - https://github.com/volatilityfoundation/volatility/wiki/Linux-Command-Reference

I think the typical tool for analyzing OS memory dumps is Volatility but I can't give you a course in how to use it, that is supposedly what your school should be doing.

Analyzing memory dumps can be hard, especially at the beginning. You might want to use comprehensive Frameworks like volatility.

git clone https://github.com/volatilityfoundation/volatility.git whenever i want to run something I get PS C:\Users\czare_000\python-course-for-beginners\bs4\volatility> & C:/Users/czare_000/AppData/Local/Programs/Python/Python310/python.exe c:/Users/czare_000/python-course-for-beginners/bs4/volatility/volatility/debug.py Traceback (most recent call last): File "c:\Users\czare_000\python-course-for-beginners\bs4\volatility\volatility\debug.py", line 27, in import volatility.conf ModuleNotFoundError: No module named 'volatility' or i also get except Exception, e: ^^^^^^^^^^^^ SyntaxError: multiple exception types must be parenthesized

Volatility is python based so you will need to install it and volatility's required dependencies. You can find the install instructions here https://github.com/volatilityfoundation/volatility

volatility - Version 2 Version 3

The volatility wiki should have instructions you need. Just follow the steps here (https://github.com/volatilityfoundation/volatility/wiki/Linux#making-the-profile)

Can I get banned for mass scanning with https://github.com/robertdavidgraham/masscan or does it slow down any other vms from other persons?

Nope, this doesn't work any more. Shodan checks all ports (so any attackers using data from Shodan already know which ports you have open), and tools like masscan (https://github.com/robertdavidgraham/masscan) let you portscan the entire IPv4 address space in less than 10 minutes.

https://github.com/LogoiLab/mcsl https://github.com/robertdavidgraham/masscan

Changing the default port does nothing for security. It only prevents some basic brute force or default password scripts. Anyone is able to scan for it in no time anyway (https://github.com/robertdavidgraham/masscan).

But it should blow away the far-too-common belief that no-one's after you because you're not interesting enough. IPv4 is smaller than we think. It is not difficult to scan the entire ipv4 space in minutes. And every single one of those is going to knock your door on the way past.

I'm not sure about the article, but the blazingly-fast IP scanner sounds a lot like Masscan. It can scan the entire Internet in 5 minutes and has received a lot of press: https://github.com/robertdavidgraham/masscan . https://rushter.com/blog/how-masscan-works/ is one of many articles about it.

Here's an except from the masscan docs: