import os
import re
import glob

def search_proc_file(filepath, pattern):
    try:
        with open(filepath, 'r') as f:
            content = f.read()
            matches = re.finditer(pattern, content)
            for match in matches:
                print(f"Found in {filepath}: {match.group()}")
    except (PermissionError, IOError, UnicodeDecodeError):
        # Some proc files may not be readable or might contain binary data
        pass

def scan_proc():
    # Common API key patterns
    patterns = [
        r'[a-zA-Z0-9_-]{32}', # Generic API key pattern
        r'sk_live_[0-9a-zA-Z]{24}', # Stripe API key pattern
        r'github_pat_[a-zA-Z0-9]{40}', # GitHub PAT pattern
        # Add more patterns as needed
    ]
    
    pattern = '|'.join(patterns)
    
    # Scan all files in /proc
    for proc_file in glob.glob('/proc/*/'):
        # Check cmdline, environ, and other text files
        interesting_files = ['cmdline', 'environ', 'stat']
        
        for filename in interesting_files:
            filepath = os.path.join(proc_file, filename)
            if os.path.exists(filepath):
                search_proc_file(filepath, pattern)

if __name__ == "__main__":
    # Need to run as root/sudo for full access
    scan_proc()

import re
import os

def scan_process_memory(pid):
    try:
        # Read process maps
        with open(f'/proc/{pid}/maps', 'r') as maps_file:
            for line in maps_file:
                # Parse memory regions
                region = line.split()
                if len(region) >= 6:
                    addr_range = region[0].split('-')
                    start = int(addr_range[0], 16)
                    end = int(addr_range[1], 16)
                    
                    # Try to read memory contents
                    try:
                        with open(f'/proc/{pid}/mem', 'rb') as mem_file:
                            mem_file.seek(start)
                            content = mem_file.read(end - start)
                            
                            # Convert to string and search
                            try:
                                str_content = content.decode('utf-8', errors='ignore')
                                # Search for API key patterns
                                matches = re.finditer(r'[a-zA-Z0-9_-]{32}', str_content)
                                for match in matches:
                                    print(f"Found potential API key in PID {pid}: {match.group()}")
                            except:
                                pass
                    except:
                        pass
    except:
        pass

def scan_all_processes():
    # Get all process IDs
    pids = [pid for pid in os.listdir('/proc') if pid.isdigit()]
    
    for pid in pids:
        scan_process_memory(pid)

if __name__ == "__main__":
    # Need to run as root/sudo
    scan_all_processes()

/proc/[pid]/cmdline - Command line arguments
/proc/[pid]/environ - Environment variables
/proc/[pid]/maps - Memory mappings
/proc/[pid]/mem - Process memory
/proc/[pid]/status - Process status

import re
import os

def search_proc_files(pattern):
    found_matches = []
    
    # List all processes in /proc
    for pid in os.listdir('/proc'):
        if not pid.isdigit():
            continue
            
        try:
            # Common files to check in each process directory
            proc_files = [
                f'/proc/{pid}/cmdline',
                f'/proc/{pid}/environ',
                f'/proc/{pid}/status',
                f'/proc/{pid}/maps'
            ]
            
            for proc_file in proc_files:
                try:
                    with open(proc_file, 'r') as f:
                        content = f.read()
                        matches = re.finditer(pattern, content)
                        for match in matches:
                            found_matches.append({
                                'pid': pid,
                                'file': proc_file,
                                'match': match.group()
                            })
                except (IOError, UnicodeDecodeError):
                    # Skip files we can't read or decode
                    continue
                    
        except OSError:
            # Process might have terminated
            continue
            
    return found_matches

# Example patterns for API keys and sensitive data
patterns = [
    r'api[_-]key[=:]\S+',  # Generic API key pattern
    r'[A-Za-z0-9-_]{21}[AQgw]',  # Google API key pattern
    r'sk_live_[0-9a-zA-Z]{24}',  # Stripe Secret Key pattern
    r'access_token\S+',  # Generic access token pattern
]

def main():
    for pattern in patterns:
        print(f"\nSearching for pattern: {pattern}")
        matches = search_proc_files(pattern)
        
        for match in matches:
            print(f"Found in PID {match['pid']} - {match['file']}: {match['match']}")

if __name__ == "__main__":
    # Need to run as root/sudo to access all proc files
    if os.geteuid() != 0:
        print("This script needs to be run as root to access all proc files")
        exit(1)
    
    main()

   /proc/[pid]/cmdline - Command line arguments
   /proc/[pid]/environ - Environment variables
   /proc/[pid]/status - Process status
   /proc/[pid]/maps - Memory mappings
   

import re
import os
import argparse
from datetime import datetime

class ProcScanner:
    def __init__(self, patterns=None, exclude_paths=None):
        self.patterns = patterns or []
        self.exclude_paths = exclude_paths or []
        
    def scan_file(self, filepath, pid):
        try:
            with open(filepath, 'r') as f:
                content = f.read()
                
            results = []
            for pattern in self.patterns:
                matches = re.finditer(pattern, content)
                for match in matches:
                    results.append({
                        'pid': pid,
                        'file': filepath,
                        'pattern': pattern,
                        'match': match.group(),
                        'timestamp': datetime.now().isoformat()
                    })
            return results
            
        except (IOError, UnicodeDecodeError):
            return []
            
    def scan_proc_directory(self):
        all_matches = []
        
        for pid in os.listdir('/proc'):
            if not pid.isdigit():
                continue
                
            proc_dir = f'/proc/{pid}'
            
            # Skip excluded paths
            if any(exclude in proc_dir for exclude in self.exclude_paths):
                continue
                
            try:
                # Scan specific files in process directory
                for filename in ['cmdline', 'environ', 'status', 'maps']:
                    filepath = os.path.join(proc_dir, filename)
                    matches = self.scan_file(filepath, pid)
                    all_matches.extend(matches)
                    
            except OSError:
                continue
                
        return all_matches

def main():
    parser = argparse.ArgumentParser(description='Scan /proc for sensitive data')
    parser.add_argument('--patterns', nargs='+', help='Regular expressions to search for')
    parser.add_argument('--exclude', nargs='+', help='Paths to exclude')
    parser.add_argument('--output', help='Output file for results')
    args = parser.parse_args()

    default_patterns = [
        r'api[_-]key[=:]\S+',
        r'[A-Za-z0-9-_]{21}[AQgw]',
        r'sk_live_[0-9a-zA-Z]{24}',
        r'access_token\S+'
    ]

    patterns = args.patterns if args.patterns else default_patterns
    exclude_paths = args.exclude if args.exclude else []

    scanner = ProcScanner(patterns, exclude_paths)
    matches = scanner.scan_proc_directory()

    # Output results
    output_format = "Found in PID {pid} - {file}: {match} (Pattern: {pattern})"
    
    if args.output:
        with open(args.output, 'w') as f:
            for match in matches:
                f.write(output_format.format(**match) + '\n')
    else:
        for match in matches:
            print(output_format.format(**match))

if __name__ == "__main__":
    if os.geteuid() != 0:
        print("This script needs to be run as root to access all proc files")
        exit(1)
    
    main()

sudo python3 proc_scanner.py --patterns "api[_-]key[=:]\S+" "access_token\S+" --exclude "/proc/sys" --output results.txt

import os
import re
import glob

def search_proc_file(file_path, pattern):
    try:
        with open(file_path, 'r') as f:
            content = f.read()
            matches = re.finditer(pattern, content)
            for match in matches:
                print(f"Found in {file_path}: {match.group()}")
    except (PermissionError, IOError, UnicodeDecodeError):
        # Some proc files may not be readable or may contain binary data
        pass

def search_proc_directory(pattern):
    # Common API key pattern (customize as needed)
    regex_pattern = re.compile(pattern)
    
    # Search through proc directory
    proc_paths = glob.glob('/proc/*/status')
    proc_paths.extend(glob.glob('/proc/*/cmdline'))
    proc_paths.extend(glob.glob('/proc/*/environ'))
    
    for proc_file in proc_paths:
        search_proc_file(proc_file, regex_pattern)

# Example patterns to search for
patterns = [
    r'[A-Za-z0-9_-]{20,40}',  # Generic API key pattern
    r'aws[_-]?key[_-]?[A-Za-z0-9]+',  # AWS key pattern
    r'github[_-]?token[_-]?[A-Za-z0-9]+',  # GitHub token pattern
]

# Search for each pattern
for pattern in patterns:
    print(f"\nSearching for pattern: {pattern}")
    search_proc_directory(pattern)

def read_proc_info():
    # Read system memory info
    try:
        with open('/proc/meminfo', 'r') as f:
            mem_info = f.read()
            print("Memory Info:")
            print(mem_info[:200])  # Print first 200 chars
    except Exception as e:
        print(f"Error reading meminfo: {e}")

    # Read CPU info
    try:
        with open('/proc/cpuinfo', 'r') as f:
            cpu_info = f.read()
            print("\nCPU Info:")
            print(cpu_info[:200])
    except Exception as e:
        print(f"Error reading cpuinfo: {e}")

    # Read process environment variables
    try:
        with open('/proc/self/environ', 'r') as f:
            env = f.read().split('\0')
            print("\nEnvironment Variables:")
            for var in env:
                if var:  # Skip empty strings
                    print(var)
    except Exception as e:
        print(f"Error reading environ: {e}")

if __name__ == "__main__":
    read_proc_info()

import re

def search_for_sensitive_data():
    # Common patterns for sensitive data
    patterns = {
        'api_key': r'[a-zA-Z0-9]{32,45}',
        'aws_key': r'AKIA[0-9A-Z]{16}',
        'email': r'[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}',
        'ip_address': r'\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b'
    }

    # Files to search in proc
    proc_files = [
        '/proc/self/environ',
        '/proc/self/cmdline',
        '/proc/self/status'
    ]

    for file_path in proc_files:
        try:
            with open(file_path, 'r') as f:
                content = f.read()
                for pattern_name, pattern in patterns.items():
                    matches = re.findall(pattern, content)
                    if matches:
                        print(f"Found {pattern_name} in {file_path}:")
                        for match in matches:
                            print(f"  {match}")
        except Exception as e:
            print(f"Error reading {file_path}: {e}")

import os
import re
import glob

def search_proc_file(filepath, pattern):
    try:
        with open(filepath, 'r', errors='ignore') as f:
            content = f.read()
            matches = re.finditer(pattern, content)
            for match in matches:
                print(f"Found in {filepath}: {match.group()}")
    except (PermissionError, IOError):
        pass  # Skip files we can't read

def scan_proc():
    # Example regex patterns for API keys
    patterns = [
        r'[a-zA-Z0-9]{32}',  # Generic 32-char API key
        r'sk_live_[0-9a-zA-Z]{24}',  # Stripe API key
        r'gh[pousr]_[A-Za-z0-9_]{36}',  # GitHub token
        # Add more patterns as needed
    ]

    combined_pattern = '|'.join(patterns)

    # Scan all files in /proc
    for proc_path in glob.glob('/proc/*/'):
        # Check memory maps
        maps_file = os.path.join(proc_path, 'maps')
        if os.path.exists(maps_file):
            search_proc_file(maps_file, combined_pattern)

        # Check environment
        environ_file = os.path.join(proc_path, 'environ')
        if os.path.exists(environ_file):
            search_proc_file(environ_file, combined_pattern)

        # Check cmdline
        cmdline_file = os.path.join(proc_path, 'cmdline')
        if os.path.exists(cmdline_file):
            search_proc_file(cmdline_file, combined_pattern)

if __name__ == "__main__":
    # Need to run as root to access all proc files
    if os.geteuid() != 0:
        print("This script needs to be run as root to access all proc files")
        exit(1)
    
    scan_proc()

def read_proc_file(pid, filename):
    try:
        with open(f'/proc/{pid}/{filename}', 'r', errors='ignore') as f:
            return f.read()
    except (PermissionError, IOError) as e:
        print(f"Error reading {filename} for PID {pid}: {e}")
        return None

# Example usage
pid = "1234"  # Replace with actual PID
environ = read_proc_file(pid, "environ")
if environ:
    # Split environment variables on null bytes
    for var in environ.split('\0'):
        if re.search(r'API_KEY|SECRET', var):
            print(f"Found sensitive data: {var}")

def is_safe_to_scan(pid):
    """Check if it's safe to scan this PID"""
    try:
        with open(f'/proc/{pid}/status', 'r') as f:
            status = f.read()
            # Skip kernel threads
            if 'VmSize:' not in status:
                return False
            # Add more safety checks as needed
        return True
    except:
        return False

def safe_scan_proc():
    for pid_dir in os.listdir('/proc'):
        if not pid_dir.isdigit():
            continue
        if not is_safe_to_scan(pid_dir):
            continue
        # Proceed with scanning

import os
import re
import glob

def search_proc_file(filepath, pattern):
    try:
        with open(filepath, 'r') as f:
            content = f.read()
            matches = re.finditer(pattern, content)
            for match in matches:
                print(f"Found in {filepath}: {match.group()}")
    except (PermissionError, IOError, UnicodeDecodeError):
        # Some proc files may not be readable or may contain binary data
        pass

def scan_proc():
    # Common API key patterns
    patterns = [
        r'[a-zA-Z0-9_-]{32}',  # Generic API key pattern
        r'sk_live_[0-9a-zA-Z]{24}',  # Stripe secret key
        r'rk_live_[0-9a-zA-Z]{24}',  # Stripe restricted key
        r'pk_live_[0-9a-zA-Z]{24}',  # Stripe publishable key
        # Add more patterns as needed
    ]

    combined_pattern = '|'.join(patterns)

    # Scan all readable files in /proc
    for proc_entry in glob.glob('/proc/*/'):
        # Check commonly interesting files
        interesting_files = [
            'cmdline',
            'environ',
            'maps',
            'status',
            'mem'
        ]

        for filename in interesting_files:
            filepath = os.path.join(proc_entry, filename)
            if os.path.isfile(filepath):
                search_proc_file(filepath, combined_pattern)

if __name__ == "__main__":
    # Need to run as root to access all proc files
    if os.geteuid() != 0:
        print("This script should be run as root to access all proc files")
        exit(1)
    
    scan_proc()

# Check if you have permission to read the file
if not os.access(filepath, os.R_OK):
    continue

def search_proc_file(filepath, pattern):
    try:
        with open(filepath, 'r') as f:
            for line in f:
                matches = re.finditer(pattern, line)
                for match in matches:
                    print(f"Found in {filepath}: {match.group()}")
    except (PermissionError, IOError, UnicodeDecodeError):
        pass

def scan_specific_process(pid):
    proc_path = f'/proc/{pid}'
    if not os.path.exists(proc_path):
        print(f"Process {pid} not found")
        return

    interesting_files = ['cmdline', 'environ', 'maps', 'status']
    for filename in interesting_files:
        filepath = os.path.join(proc_path, filename)
        if os.path.isfile(filepath):
            search_proc_file(filepath, pattern)

def read_proc_environ(pid):
    try:
        with open(f'/proc/{pid}/environ', 'r') as f:
            environ = f.read().split('\0')
            for env in environ:
                if env:  # Skip empty strings
                    print(env)
    except (PermissionError, IOError):
        print(f"Cannot access environment for PID {pid}")

def safe_read_proc(filepath):
    try:
        with open(filepath, 'r') as f:
            return f.read()
    except PermissionError:
        print(f"Permission denied: {filepath}")
    except IOError:
        print(f"IO Error reading: {filepath}")
    except UnicodeDecodeError:
        print(f"Cannot decode content: {filepath}")
    return None

PATTERNS = {
    'aws_key': r'AKIA[0-9A-Z]{16}',
    'google_api': r'AIza[0-9A-Za-z\\-_]{35}',
    'github_token': r'gh[pousr]_[A-Za-z0-9_]{36}',
    'ssh_key': r'-----BEGIN.*PRIVATE KEY-----',
    'jwt_token': r'eyJ[A-Za-z0-9-_=]+\.[A-Za-z0-9-_=]+\.?[A-Za-z0-9-_.+/=]*',
}