https://github.com/b0lg0r0v/orion

Orion is a TCP/IP Forensics Tool, written in C, capable of detecting malicious processes / connections on windows hosts by using the VirusTotal API.
https://github.com/b0lg0r0v/orion

connections-monitoring forensics forensics-tools ip-analysis malicious-connections malicious-detection malicious-processes monitoring-systems windows-process

Last synced: 2 months ago
JSON representation

Orion is a TCP/IP Forensics Tool, written in C, capable of detecting malicious processes / connections on windows hosts by using the VirusTotal API.

• Host: GitHub
• URL: https://github.com/b0lg0r0v/orion
• Owner: B0lg0r0v
• License: mit
• Created: 2024-06-24T22:53:02.000Z (11 months ago)
• Default Branch: main
• Last Pushed: 2024-07-21T14:26:33.000Z (10 months ago)
• Last Synced: 2024-07-21T15:57:03.434Z (10 months ago)
• Topics: connections-monitoring, forensics, forensics-tools, ip-analysis, malicious-connections, malicious-detection, malicious-processes, monitoring-systems, windows-process
• Language: C
• Homepage:
• Size: 16.6 KB
• Stars: 1
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# Orion



     

    

                                          ____   ___   ____ ____   _  __

                                         / __ \ / _ \ /  _// __ \ / |/ /

                                        / /_/ // , _/_/ / / /_/ //    / 

                                        \____//_/|_|/___/ \____//_/|_/  

                                                                        

                                                                                    

                                       Author: B0lg0r0v

                                       https://arthurminasyan.com




## Description

Orion is a TCP/IP forensics tool, written in C, capable of detecting malicious processes / connections on windows hosts by using the VirusTotal API.

*Example Output:*

```

ORION v0.1

Author: B0lg0r0v

https://arthurminasyan.com/

PROCESS NAME:   msedge.exe  (PID: 21868)

                Local Port: 57809

                Remote Addr: 20.250.77.142:443 --> [SAFE]

PROCESS NAME:   msedge.exe  (PID: 21868)

                Local Port: 57977

                Remote Addr: 140.82.112.25:443 --> [SAFE]

PROCESS NAME:   firefox.exe  (PID: 7880)

                Local Port: 58050

                Remote Addr: 13.83.65.43:443 --> [SAFE]

PROCESS NAME:   Skype.exe  (PID: 30764)

                Local Port: 58107

                Remote Addr: 162.159.137.232:443 --> [SAFE]

PROCESS NAME:   Discord.exe  (PID: 19732)

                Local Port: 58116

                Remote Addr: 162.159.134.233:443 --> [MALICIOUS]

```

## Features

More Features on its way..

## Credits & Disclaimer

This project is heavily inspired and taken from [@SaadAhla](https://github.com/SaadAhla) "IP Hunter".

 This tool is primarly created for me as a project to enhance my coding skills and start creating some hacking tools. It is not considered to be the most efficient tool out there.