processhunter

Tool for threat hunting and IR.

Processhunter is written in Python, and tested on Windows, Linux and OSX.

This tool was created to provide threat hunters / incident responders, with context, when looking for suspicious running processes.

Features

Hunt with Yara rule(s)
Hunt by process name
Hunt by IPv4 address
Dump all running processes

The output is in JSON, and processes mached will contain additional information, like process ancenstors, net connections,files hashes and process children.

Usage

usage: process_hunter.py [-h] [-p PID] [-r YARARULE] [-i IPADDRES] [-s PROCNAME] [-f]

optional arguments:
  -h, --help            show this help message and exit
	-p PID, --pid PID     Process id
	-r YARARULE, --rule YARARULE Yara rule
	-i IPADDRES, --ip IPADDRES Ipv4 address
	-s PROCNAME, --proc PROCNAME Process name
	-f, --full            Dump running processes

git clone https://github.com/jemik/processhunter.git
cd processhunter
sudo -H pip install -r requirements.txt
sudo ./process_hunter.py -h

DISCLAIMER

This tool comes without ANY warranty!
USE AT YOUR OWN RISK.

Name		Name	Last commit message	Last commit date
Latest commit History 13 Commits
LICENSE		LICENSE
README.md		README.md
process_hunter.py		process_hunter.py
requirements.txt		requirements.txt

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

processhunter

Features

Usage

DISCLAIMER

About

Releases

Packages

Contributors 2

Languages

License

jemik/processhunter

Folders and files

Latest commit

History

Repository files navigation

processhunter

Features

Usage

DISCLAIMER

About

Topics

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Contributors 2

Languages

Packages