Giter VIP home page Giter VIP logo

a-ar-r / pe-sieve Goto Github PK

View Code? Open in Web Editor NEW

This project forked from jack-mcdowell/pe-sieve

0.0 0.0 0.0 1.34 MB

Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).

Home Page: https://hshrzd.wordpress.com/pe-sieve/

License: BSD 2-Clause "Simplified" License

CMake 1.47% C++ 74.34% C 24.13% Shell 0.06%

pe-sieve's Introduction

PE-sieve

Build status Codacy Badge License GitHub release Github All Releases Twitter URL

FAQ - Frequently Asked Questions

📖 Read Wiki

PE-sieve is a tool that helps to detect malware running on the system, as well as to collect the potentially malicious material for further analysis. Recognizes and dumps variety of implants within the scanned process: replaced/injected PEs, shellcodes, hooks, and other in-memory patches.
Detects inline hooks, Process Hollowing, Process Doppelgänging, Reflective DLL Injection, etc.

PE-sieve is meant to be a light-weight engine dedicated to scan a single process at the time. It can be built as an EXE or as a DLL. The DLL version exposes a simple API and can be easily integrated with other applications.

If instead of scanning a particular process you want to scan your full system with PE-sieve, you can use HollowsHunter. It contains PE-sieve (a DLL version), but offers also some additional features and filters on the top of this base.

📦 Uses library: libPEConv

Clone

Use recursive clone to get the repo together with the submodule:

git clone --recursive https://github.com/hasherezade/pe-sieve.git

Builds

Download the latest release, or read more.

logo by Baran Pirinçal

pe-sieve's People

Contributors

hasherezade avatar jack-mcdowell avatar baranpirincal avatar secdre4mer avatar neo23x0 avatar fmk0 avatar cerebralmischief avatar hillu avatar ion28 avatar mauronz avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.