Pentest Tools

Published on April 1st, 2016 📆 | 6949 Views ⚑


VolUtility — Volatility Framework Web Interface
After Evolve, web interface for the volatility forensics framework,  many developers started to work on web interface for one of the most popular forensic framework, The Volatility Framework. For those of you who are not familiar with Volatility you can check our previous post where you can briefly familiarize with basic features and from where you can follow links to all Volatility resources. The Volatility Framework. is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.

Web Interface for Volatility Memory Analysis framework, VolUtility runs plugins and stores the output in a mongo database. This Volatility Framework Web Interface extracts files from plugins (that support dump-dir) and stores them in the database Search across all plugins and file content with string search and yara rules. Allows you to work on multiple images in one database.



Tested on Ubuntu 14.04 LTS



You need to install volatility. Minimum version is 2.5. 2.5 is needed as this is when unified output was introduced.

git clone
cd volatility
sudo python install

VolUtility will list what version you have installed under the Help page (At least it will soon)


Mongo & PyMongo

Install mongodb version 3 or higher first.

Then install pymongo

sudo pip install pymongo



sudo pip install django



sudo pip install virustotal-api


Get the code

git clone



If you would like to add a virus total key

create a file in the web directory named In the file add a single line API_KEY = 'YourKeyHere'

 [adsense size='1']


Run The Code

cd VolUtility ./ runserver

Open your browser and point to https://your.ip:8000

File paths are on the box thats running the interface. This does not Upload mem dumps. Just points to them


Using VolUtility

Basic usage

Create a new session then click the run button next to each plugin name. Plugins run in the background and you will be notified when a plugin completes. Click the view button next to each plugin to view the output, that can be searched and filtered.


You can add extra plugin directories for example the Volatility Community plugin pack. This must be done before creating a new session. Any sessions created after this will include the extra plugins.



Vol Command Line.

In the session page, on the toolbar there is an option to run vol commands. This takes a full command string without e.g.

--plugin-dir=/path/to/dir --profile=Win7SP1x86 -f /path/to/image.vmem procdump --dump-dir=/path/to/dump


Clean the DB

The following commands will erase all data in the Volutility Database

use voldb
use voldbfs


Source && Download

Leave a Reply

Your email address will not be published.