Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/hasherezade/hollows_hunter
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
https://github.com/hasherezade/hollows_hunter
anti-malware malware-analysis malware-detection memory-forensics pe-sieve
Last synced: 3 months ago
JSON representation
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
- Host: GitHub
- URL: https://github.com/hasherezade/hollows_hunter
- Owner: hasherezade
- License: bsd-2-clause
- Created: 2018-01-11T17:07:17.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2024-04-07T22:54:09.000Z (3 months ago)
- Last Synced: 2024-04-08T23:06:43.287Z (3 months ago)
- Topics: anti-malware, malware-analysis, malware-detection, memory-forensics, pe-sieve
- Language: C
- Homepage: https://github.com/hasherezade/hollows_hunter/wiki
- Size: 12.2 MB
- Stars: 1,866
- Watchers: 64
- Forks: 246
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Lists
- my-awesome-stars - hollows_hunter - memory patches). | hasherezade | 1701 | (C)
- awesome-threat-detection - hollows_hunter - Scans all running processes, recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches). (Tools)
- awesome-hacking-lists - hollows_hunter - Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches). (C (286))
- awesome-csirt - A process scanner detecting and dumping hollowed PE modules.
- Awesome-Threat-Detection - hollows_hunter - Scans all running processes, recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches). (Threat Detection and Hunting / Tools)
- awesome-stars - hasherezade/hollows_hunter - Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches). (malware-analysis)
- awesome-csirt - A process scanner detecting and dumping hollowed PE modules.
- repo-2396-awesome-threat-detection - hollows_hunter - Scans all running processes, recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches). (Threat Detection and Hunting / Tools)
- awesome-stars - hasherezade/hollows_hunter - Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches). (C)
- awesome-hacking-lists - hollows_hunter - Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches). (C)
- repo-2430-awesome-threat-detection - hollows_hunter - Scans all running processes, recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches). (Threat Detection and Hunting / Tools)
- awesome-cyber-security - **398**星 - memory patches). (<a id="132036452bfacf61471e3ea0b7bf7a55"></a>工具 / <a id="de63a029bda6a7e429af272f291bb769"></a>未分类-Scanner)
- awesome-cyber-security - **385**星 - memory patches). (<a id="8f92ead9997a4b68d06a9acf9b01ef63"></a>扫描器&&安全扫描&&App扫描&&漏洞扫描 / <a id="de63a029bda6a7e429af272f291bb769"></a>未分类-Scanner)
- awesome-hacking-lists - hasherezade/hollows_hunter - Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches). (C)
README
# hollows_hunter
![](./logo/logo2_128.png)[![Build status](https://ci.appveyor.com/api/projects/status/nsc2eux5986y1shq?svg=true)](https://ci.appveyor.com/project/hasherezade/hollows-hunter)
[![Codacy Badge](https://api.codacy.com/project/badge/Grade/0c149fcd62084f96ac0c131e4473dbdf)](https://app.codacy.com/gh/hasherezade/hollows_hunter/dashboard?branch=master)
[![Commit activity](https://img.shields.io/github/commit-activity/m/hasherezade/hollows_hunter)](https://github.com/hasherezade/hollows_hunter/commits)
[![Last Commit](https://img.shields.io/github/last-commit/hasherezade/hollows_hunter/master)](https://github.com/hasherezade/hollows_hunter/commits)[![GitHub release](https://img.shields.io/github/release/hasherezade/hollows_hunter.svg)](https://github.com/hasherezade/hollows_hunter/releases)
[![GitHub release date](https://img.shields.io/github/release-date/hasherezade/hollows_hunter?color=blue)](https://github.com/hasherezade/hollows_hunter/releases)
[![Github All Releases](https://img.shields.io/github/downloads/hasherezade/hollows_hunter/total.svg)](https://github.com/hasherezade/hollows_hunter/releases)
[![Github Latest Release](https://img.shields.io/github/downloads/hasherezade/hollows_hunter/latest/total.svg)](https://github.com/hasherezade/hollows_hunter/releases)[![License](https://img.shields.io/badge/License-BSD%202--Clause-blue.svg)](https://github.com/hasherezade/hollows_hunter/blob/master/LICENSE)
[![Platform Badge](https://img.shields.io/badge/Windows-0078D6?logo=windows)](https://github.com/hasherezade/hollows_hunter)Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
📦 Uses: [PE-sieve](https://github.com/hasherezade/pe-sieve.git) (the [library version](https://github.com/hasherezade/pe-sieve/wiki/2.-How-to-build)).
❓ [PE-sieve FAQ - Frequently Asked Questions](https://github.com/hasherezade/pe-sieve/wiki/1.-FAQ)
📖 [Read Wiki](https://github.com/hasherezade/hollows_hunter/wiki)
## Clone
Use recursive clone to get the repo together with all the submodules:
```console
git clone --recursive https://github.com/hasherezade/hollows_hunter.git
```## Builds
Download the latest [release](https://github.com/hasherezade/hollows_hunter/releases), or [read more](https://github.com/hasherezade/hollows_hunter/wiki#download).
![](https://community.chocolatey.org/favicon.ico) Available also via [Chocolatey](https://community.chocolatey.org/packages/hollowshunter)