Please do not use the volatility3.framework.plugins namespace directly, only use volatility3.plugins

criminalip / Criminalip-Volatility3-Plugins

These plugins integrate Volatility with the Criminal IP CTI search engine, enabling users to execute Asset Search and Domain Search queries to identify potentially malicious IPs and domains.

7 stars 1 forks source link

Please do not use the volatility3.framework.plugins namespace directly, only use volatility3.plugins #1

Open hawaii67 opened 1 year ago

hawaii67 commented 1 year ago

Hello, great plugin but it is not running on my box. Is it supposed to run on Linux as well?

I get this error message:

Please do not use the volatility3.framework.plugins namespace directly, only use volatility3.plugins

I followed the video tuorial and I am sure i didn't miss a step.

criminalip commented 1 year ago

Hi hawaii67,

Thank you for your inquiry, and we apologize for any inconvenience you may have experienced. The issue appears to be related to a code version before its update with PyInstaller. We have just updated the version on GitHub. We kindly request that you review this latest version. To ensure the correct usage of the plugin, please place the Criminalip file into the /volatility3/plugins directory, not the /volatility3/framework/plugins directory. If you encounter any other inconveniences, please feel free to leave any comments.

Sincerely, Criminal IP Team

hawaii67 commented 1 year ago

Thanks, now no more error messages but no results........

` python3 vol.py -f 20231008.mem Criminalip.criminalipip

Volatility 3 Framework 2.5.2 Progress: 100.00 PDB scanning finished
Time PID Owner Proto LocalAddr ForeignAddr App inboud/outbound tags representative ids abuse `

Any ideas?

Note: I use it on Kali (therefore I changed the path to db_file.db in the python code).

EDIT: It seems to be an issue with netscan so never mind! I'll keep you posted.

hawaii67 commented 1 year ago

All is fine, please close the issue. Thanks a lot.