Skip to content

sendetection/TechSS

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

2 Commits
README.md
README.md
Β 
Β 
TechSS.exe
TechSS.exe
Β 
Β 

Repository files navigation

Tech Utilities

Forensics Windows Python

A tool specfically made to make PC Checkers / Screensharers Life Easier

Path Scanner

file analysis and detections

Features

Feature Description
Hash Extraction Extracts SHA1 hashes from target files
PE Analysis Entropy calculation and section analysis for Windows PE files
YARA Integration Custom rules made by me with 20+ detection rules across multiple categories
Amcache Integration Parses Windows Amcache data for file replacement detection (if picked default path to scan)
SRUM Analysis Extracts application runtime and focus time data from SRUM

Output Format

CSV Export Contains:
β”œβ”€β”€ File signatures and hash comparisons
β”œβ”€β”€ Entropy analysis of PE sections  
β”œβ”€β”€ YARA rule matches
β”œβ”€β”€ SRUM runtime statistics
β”œβ”€β”€ File replacement indicators
└── MAC timestamp information

Bypass Generic Checks

Generic Bypass detections so you wont have to look for these!

Features:

Event Log Scanning
DLL Usage Analysis  
Scheduled Tasks
Registry Autorun Keys
Mounted Devices
Prefetch Analysis
Modified Extensions
External Execution from other drives
Recent Files
PE Injection
BAM Analysis
Files Executed from Archives
AnyDesk file transfer analysis
File Modifications
Ghost Deletions
Attribute Manipulation
Self Destruct Patterns

Output

Location: C:\Bypass_generics.csv
Results exported to CSV format for you to use Timeline Explorer with.

Tool Downloader

Automated deployment of essential forensic tools

Included Tools

Tools
  • AmcacheParser
  • ShimCache
  • System Informer
  • WinLiveInfo
  • MFTECmd
  • USNHelper
  • PECmd
  • JournalTrace
  • RegistryExplorer
  • RECmd
More Tools!
  • BAMParser
  • Hayabusa
  • SrumECmd
  • WxTCmd
  • Detect It Easy (DIE)
  • ExeInfoPE
  • bstrings
  • PrefetchParser
Even More!!!
  • ProcessParser
  • PathsParser
  • ReplaceParser
  • PcaSvcExecuted
  • Everything
  • HxD
Yes, There is more...
  • JumpListExplorer
  • TimelineExplorer
  • UsbDeview
  • AlternateStreamView
  • WinPrefetchView
  • RAMDumpExplorer
  • Velociraptor

Installation Process

# The installer will automatically:
1️⃣ Create C:\SS base directory
2️⃣ Download all tools to individual folders  
3️⃣ Extract archives automatically
4️⃣ Run initial analysis commands where configured
5️⃣ Clean up temporary files

Output Structure

C:\SS\
β”œβ”€β”€ AmcacheParser/
β”œβ”€β”€ ShimCache/
β”œβ”€β”€ SystemInformer/
β”œβ”€β”€ WinLiveInfo/
β”œβ”€β”€ MFTECmd/
└── [Additional tool directories...]

Each tool generates forensic artifacts and CSV's in their respective folders under C:\SS\

Requirements

  • Windows 10/11
  • Administrator privileges
  • Active internet connection for tool downloads

🀝 Contributing

Contributions are welcome! Please feel free to contribute by messaging @txch on discord and i will take your ideas to consideration!

⭐ Star this repository if you find it helpful!

About

PC CHECKER UTILS

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published