{"id":21239458,"url":"https://github.com/gh0x0st/wanderer","last_synced_at":"2025-10-29T01:17:05.426Z","repository":{"id":64930686,"uuid":"579168993","full_name":"gh0x0st/wanderer","owner":"gh0x0st","description":"An open-source process injection enumeration tool written in C#","archived":false,"fork":false,"pushed_at":"2022-12-16T20:54:56.000Z","size":276,"stargazers_count":163,"open_issues_count":0,"forks_count":16,"subscribers_count":3,"default_branch":"main","last_synced_at":"2023-11-07T20:09:35.137Z","etag":null,"topics":["enumeration-tool","offensive-security","pen-300","process-injection","security-tools"],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/gh0x0st.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-12-16T20:52:40.000Z","updated_at":"2023-11-01T03:08:45.000Z","dependencies_parsed_at":"2022-12-19T03:52:51.004Z","dependency_job_id":null,"html_url":"https://github.com/gh0x0st/wanderer","commit_stats":null,"previous_names":[],"tags_count":0,"template":null,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gh0x0st%2Fwanderer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gh0x0st%2Fwanderer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gh0x0st%2Fwanderer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gh0x0st%2Fwanderer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/gh0x0st","download_url":"https://codeload.github.com/gh0x0st/wanderer/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225653822,"owners_count":17502940,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["enumeration-tool","offensive-security","pen-300","process-injection","security-tools"],"created_at":"2024-11-21T00:43:38.477Z","updated_at":"2025-10-07T03:19:35.640Z","avatar_url":"https://github.com/gh0x0st.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Wanderer\n\nWanderer is an open-source program that collects information about running processes. This information includes the integrity level, the presence of the AMSI as a loaded module, whether it is running as 64-bit or 32-bit as well as the privilege level of the current process. This information is extremely helpful when building payloads catered to the ideal candidate for process injection.\n\nThis is a project that I started working on as I progressed through Offensive Security's PEN-300 course. One of my favorite modules from the course is the process injection \u0026 migration section which inspired me to be build a tool to help me be more efficient in during that activity. A special thanks goes out to ShadowKhan who provided valuable feedback which helped provide creative direction to make this utility visually appealing and enhanced its usability with suggested filtering capabilities. \n \n## Usage\n\n```shell\nPS C:\\\u003e .\\wanderer.exe\n\n     \u003e\u003e Process Injection Enumeration\n     \u003e\u003e https://github.com/gh0x0st\n     \nUsage: wanderer [target options] \u003cvalue\u003e [filter options] \u003cvalue\u003e [output options] \u003cvalue\u003e\n\nTarget Options:\n\n-i, --id, Target a single or group of processes by their id number\n-n, --name, Target a single or group of processes by their name\n-c, --current, Target the current process and reveal the current privilege level\n-a, --all, Target every running process\n\nFilter Options:\n\n--include-denied, Include instances where process access is denied\n--exclude-32, Exclude instances where the process architecture is 32-bit\n--exclude-64, Exclude instances where the process architecture is 64-bit\n--exclude-amsiloaded, Exclude instances where amsi.dll is a loaded process module\n--exclude-amsiunloaded, Exclude instances where amsi is not loaded process module\n--exclude-integrity, Exclude instances where the process integrity level is a specific value\n\nOutput Options:\n\n--output-nested, Output the results in a nested style view\n-q, --quiet, Do not output the banner\n\nExamples:\n\nEnumerate the process with id 12345\nC:\\\u003e wanderer --id 12345\n\nEnumerate all processes with the names process1 and processs2\nC:\\\u003e wanderer --name process1,process2\n\nEnumerate the current process privilege level\nC:\\\u003e wanderer --current\n\nEnumerate all 32-bit processes\nC:\\wanderer --all --exclude-64\n\nEnumerate all processes where is AMSI is loaded\nC:\\\u003e wanderer --all --exclude-amsiunloaded\n\nEnumerate all processes with the names pwsh,powershell,spotify and exclude instances where the integrity level is untrusted or low and exclude 32-bit processes\nC:\\\u003e wanderer --name pwsh,powershell,spotify --exclude-integrity untrusted,low --exclude-32\n```\n\n## Screenshots\n\n### Example 1\n\n![](./example-1.png)\n\n### Example 2\n\n![](./example-2.png)\n\n### Example 3\n\n![](./example-3.png)\n\n### Example 4\n\n![](./example-4.png)\n\n### Example 5\n\n![](./example-5.png)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgh0x0st%2Fwanderer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgh0x0st%2Fwanderer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgh0x0st%2Fwanderer/lists"}