{"id":13511123,"url":"https://github.com/monnappa22/Psinfo","last_synced_at":"2025-03-30T20:32:34.684Z","repository":{"id":216714178,"uuid":"69106600","full_name":"monnappa22/Psinfo","owner":"monnappa22","description":"Psinfo is a Volatility plugin which collects the process related information from the VAD (Virtual Address Descriptor) and PEB (Process Enivornment Block) and displays the collected information and suspicious memory regions for all the processes running on the system. This plugin should allow a security analyst to get the process related information and spot any process anamoly without having to run multiple plugins.","archived":false,"fork":false,"pushed_at":"2016-09-24T14:27:50.000Z","size":3,"stargazers_count":35,"open_issues_count":2,"forks_count":15,"subscribers_count":7,"default_branch":"master","last_synced_at":"2024-11-01T13:33:53.014Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/monnappa22.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2016-09-24T14:19:42.000Z","updated_at":"2024-09-19T01:13:57.000Z","dependencies_parsed_at":"2024-01-12T07:10:20.177Z","dependency_job_id":"09e316dd-f7cf-4fbf-a343-2756ce39d6c4","html_url":"https://github.com/monnappa22/Psinfo","commit_stats":null,"previous_names":["monnappa22/psinfo"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/monnappa22%2FPsinfo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/monnappa22%2FPsinfo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/monnappa22%2FPsinfo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/monnappa22%2FPsinfo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/monnappa22","download_url":"https://codeload.github.com/monnappa22/Psinfo/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246379366,"owners_count":20767694,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T03:00:34.945Z","updated_at":"2025-03-30T20:32:34.428Z","avatar_url":"https://github.com/monnappa22.png","language":"Python","funding_links":[],"categories":["Volatility 2"],"sub_categories":["Plugins"],"readme":"# Psinfo\nPsinfo is a Volatility plugin which collects the process related information from the VAD (Virtual Address Descriptor) and PEB (Process Enivornment Block) and displays the collected information and suspicious memory regions for all the processes running on the system. This plugin should allow a security analyst to get the process related information and spot any process anamoly without having to run multiple plugins.\n\nFull details can be found in the link:\nhttps://cysinfo.com/detecting-malicious-processes-psinfo-volatility-plugin/\n\n### Running the Plugin\n\nCopy the plugin to volatility/plugins directory\n\nRun the plugin against memory image as shown below\n\n```sh\n$ python vol.py -f infected.vmem --profile=Win7SP0x86 psinfo\n```\n\n### Other Options\n\nTo filter on a specic process id use -p option\n\n```sh\n$ python vol.py -f infected.vmem --profile=Win7SP0x86 psinfo -p 1820\n```\n\nTo filter on multiple process ids use -p followed by comma seperated process ids\n\n```sh\n$ python vol.py -f infected.vmem --profile=Win7SP0x86 psinfo -p 1820,868\n```\n\nTo dump the suspicious memory regions use -D followed by directory name\n\n```sh\n$ python vol.py -f infected.vmem --profile=Win7SP0x86 psinfo -p 1820 -D dump/\n```\n\nTo redirect the output to file use --output-file option\n\n```sh\n$ python vol.py -f infected.vmem --profile=Win7SP0x86 psinfo --output-file=output.txt\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmonnappa22%2FPsinfo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmonnappa22%2FPsinfo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmonnappa22%2FPsinfo/lists"}