/hollows_hunter

Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

Primary LanguageCBSD 2-Clause "Simplified" LicenseBSD-2-Clause

hollows_hunter

Build status Codacy Badge License GitHub release Github All Releases

Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

Uses PE-sieve (DLL version):

Clone

Use recursive clone to get the repo together with all the submodules:

git clone --recursive https://github.com/hasherezade/hollows_hunter.git