Skip to content

jemik/processhunter

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
process_hunter.py
process_hunter.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

processhunter

Tool for threat hunting and IR.

Processhunter is written in Python, and tested on Windows, Linux and OSX.

This tool was created to provide threat hunters / incident responders, with context, when looking for suspicious running processes.

Features

  • Hunt with Yara rule(s)
  • Hunt by process name
  • Hunt by IPv4 address
  • Dump all running processes

The output is in JSON, and processes mached will contain additional information, like process ancenstors, net connections,files hashes and process children.

Usage

usage: process_hunter.py [-h] [-p PID] [-r YARARULE] [-i IPADDRES] [-s PROCNAME] [-f]

optional arguments:
  -h, --help            show this help message and exit
	-p PID, --pid PID     Process id
	-r YARARULE, --rule YARARULE Yara rule
	-i IPADDRES, --ip IPADDRES Ipv4 address
	-s PROCNAME, --proc PROCNAME Process name
	-f, --full            Dump running processes

git clone https://github.com/jemik/processhunter.git
cd processhunter
sudo -H pip install -r requirements.txt
sudo ./process_hunter.py -h

DISCLAIMER

This tool comes without ANY warranty!
USE AT YOUR OWN RISK.

About

Tool for threat hunting and IR.

Topics

incident-response threat-hunting

Resources

Readme

License

GPL-3.0 license
Activity

Stars

3 stars

Watchers

0 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages