-
Notifications
You must be signed in to change notification settings - Fork 45
Options V2
This page is for the updated version 2 of LiMEaide
- Remote Clients
limeaide.py [OPTIONS] CLIENT_IP/LOCAL
- Local Client
A client that exists on the same system in which you're running LiMEaide
limeaide.py [OPTIONS] local
- Help
- Show the help dialog
- User
- Execute memory grab as specified user (with sudo privileges) instead of root
- Socket
- Use a TCP socket in order to transfer memory image, skipping a write to disk
- No Profiler
- Do NOT run profiler and force the creation of a new module/profile for the client.
- Profile
- Skip the usage of the interactive profiler by providing the distribution, kernel version, and architecture of the remote client.
- Delay Pick-up
- Execute a job to create a RAM dump on target system that you will retrieve later.
- Output
- Change name of output file. dump.lime Is default
- Format
- Change the format that LiME uses for extraction. lime Is default, other options are raw and padded
- Digest
- Change the digest type that LiME uses for extraction. sha1 Is default, other options are dependent on the kernel
- Delay Pickup
- Pick up a job you previously ran with the --delayed-pickup switch.
- Verbose
- Output verbosely
- Force Clean
- Force LiMEaide to clean up if a deploy fails
Shows the help dialog
-h, --help
Execute memory grab as specified sudo user. This is useful when root privileges are not granted or if root login over SSH is not allowed
-u, --user
Skip the profiler by providing the distribution, kernel version, and architecture of the remote client.
-p, --profile
Do NOT run profiler and force the creation of a new module/profile for the client.
-N, --no-profiler
Do not compress memory file. By default memory is compressed on host. This may not be the most forensically sound option, however, I have seen a 60-80% reduction in file size. If you experience issues, toggle this flag
-C, --dont-compress
--delay-pickup Execute a job to create a RAM dump on target system that you will retrieve later. The stored job is located in the scheduled_jobs/ dir that ends in .dat
-P, --pickup <path to job file .dat> Pick up a job you previously ran with the --delayed-pickup switch. The file that follows this switch is located in the scheduled_jobs/ directory and ends in .dat
Change name of output file. Default is dump.bin
-o, --output
Gives you the ability to append a case number before the date in the output directory
-c, --case
If LiMEaide fails for any reason clean the remote client before attempting again
--force-clean
Table of Contents