Good afternoon JamieI copied the file ethscan.py in volatility/plugins and….I executed:remnux@remnux:~/Desktop/volatility-2.3.1$ sudo make cleanrm -f `find . -name "*.pyc" -o -name "*~"`rm -rf dist buildremnux@remnux:~/Desktop/volatility-2.3.1$ sudo vol.py -v ethscan -f /mnt/hgfs/E/ENSE/F/M/Audits/7523/200309/memory.imgERROR : __main__ : You must specify something to do (try -h)The same error :(El 14/11/2013, a las 14:05, Jamie Levy <jamie.levy@gmail.com> escribió:Oh, also if you copied the ethscan plugin to your volatility/plugins directory, don't use the --plugins optionFrom: David <eterno.comandante@gmail.com>Date: Thu, 14 Nov 2013 13:53:05 +0100To: Jamie Levy<jamie.levy@gmail.com>Cc: Volatility List<vol-users@volatilesystems.com>Subject: Re: [Vol-users] Help to add new pluginHi JamieThanks again...I executed "sudo python vol.py --plugins=../jamaal-re-tools-f427978461d4/volplugins -f /mnt/hgfs/E/ENSE/F/M/Audits/7523/200309/memory.img --profile=Win7SP1x64 ethscan”And i have new errors, (i use vol.py 2.3.1 non instalable version volatility 2.3.1)Do you know if has anybody a similar problem with ethscan plugin?
Traceback (most recent call last):File "/usr/local/bin/vol.py", line 186, in <module>main()File "/usr/local/bin/vol.py", line 143, in mainregistry.register_global_options(config, commands.Command)File "/usr/local/lib/python2.7/dist-packages/volatility/registry.py", line 157, in register_global_optionsfor m in get_plugin_classes(cls, True).values():File "/usr/local/lib/python2.7/dist-packages/volatility/registry.py", line 152, in get_plugin_classesraise Exception("Object {0} has already been defined by {1}".format(name, plugin))Exception: Object EthScan has already been defined by <class 'volatility.plugins.ethscan_rc1.EthScan'>Best regardsEl 14/11/2013, a las 12:45, Jamie Levy <jamie.levy@gmail.com> escribió:Try:
sudo python vol.py --plugins=../jamaal-re-tools-f427978461d4/volplugins -f /mnt/hgfs/E/ENSE/F/M/Audits/7523/200309/memory.img --profile=Win7SP1x64 ethscan
First: --plugins takes in either a directory or a zipfile, not a plugin
Second: You didn't specify which plugin to run (ethscan)From: David <eterno.comandante@gmail.com>Date: Thu, 14 Nov 2013 10:41:47 +0100To: Jamie Levy<jamie.levy@gmail.com>Cc: Volatility List<vol-users@volatilesystems.com>Subject: Re: [Vol-users] Help to add new pluginSorry I had a typo i didn´t write --profile=Win7SP1x64sudo python vol.py --plugins=../jamaal-re-tools-f427978461d4/volplugins/ethscan.py -f /mnt/hgfs/E/ENSE/F/M/Audits/7523/200309/memory.img --profile=Win7SP1x64I have the same error of ever :(Volatility Foundation Volatility Framework 2.3.1ERROR : __main__ : You must specify something to do (try -h)Thanks!!El 14/11/2013, a las 09:36, David <eterno.comandante@gmail.com> escribió:Hi @Jamie and listThanks very much for your support ;)I’ve same errors when i’m executing: :(sudo python vol.py --plugins=../jamaal-re-tools-f427978461d4/volplugins/ethscan.py -f /mnt/hgfs/E/ENSE/F/M/Audits/7523/200309/memory.imgThe error:Volatility Foundation Volatility Framework 2.3.1ERROR : __main__ : You must specify something to do (try -h)Maybe the cause of this error can be that the new plugin “ethscan" isn't compatible with non instalable version of volatility 2.3.1, what do you think about?On the other hand, i found a brief tutorial about ethscan:vol.py ethscan -f be2.vmem -R --dump-dir outputfiles -C out.pcap -P -SThe execution of the vol.py command is different……. :(He does not the flag —-plugin=Thanks for all!!Ps: My apologies for my level of englishEl 13/11/2013, a las 16:43, Jamie Levy <jamie.levy@gmail.com> escribió:Hi David,I think you might have also asked this on the channel. So yes, you should use the `--plugins=/path/to/folder/with/ethscan` option, obviously changing the path to a folder that has that plugin. If you were the person on the channel, the issue that you were having is because you must specify `--plugins` first, BEFORE any other options to vol.py:Let me know if you have any other questions.All the best,-gleedaOn Tue, Nov 12, 2013 at 6:42 AM, David Martin <eterno.comandante@gmail.com> wrote:
Hello list,Please, I need some help about for add/use new plugins in volatility 2.3.1.Can I use the flag "--plugins=contrib/plugins"? o is there any method?The plugin that I want for add/use is:Thanks for your support!!
_______________________________________________
Vol-users mailing list
Vol-users@volatilityfoundation.org
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
--
PGP Fingerprint: 2E87 17A1 EC10 1E3E 11D3 64C2 196B 2AB5 27A4 AC92