pe-sieve
PE scanner
A tool for detecting and analyzing malicious code in executables
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
3k stars
103 watching
441 forks
Language: C++
last commit: 11 months ago anti-malwarehookinglibpeconvmalware-analysismemory-forensicspe-analyzerpe-dumperpe-formatpe-sieveprocess-analyzerscans
Related projects:
| Repository | Description | Stars |
|---|---|---|
| hasherezade/hollows_hunter | Analyzes running processes to detect and dump malicious code | 2,047 |
| hasherezade/process_doppelganging | An implementation of a malware injection technique using PE injection to create and control malicious processes | 581 |
| hasherezade/transacted_hollowing | An implementation of a memory-based PE injection technique for executing payloads in a target process | 521 |
| hasherezade/mal_unpack | A tool to unpack malicious code from packed executables using the PE-sieve technique. | 668 |
| hasherezade/pe_to_shellcode | Converts PE files into executable shellcode | 2,410 |
| hasherezade/pe-bear-releases | An open-source tool for analyzing and editing PE file formats | 772 |
 projectdiscovery/nuclei | A fast and customizable vulnerability scanner built on a YAML-based DSL. | 21,054 |
| hasherezade/libpeconv | A C++ library that provides a set of helper functions for loading, manipulating, and dumping PE files. | 1,129 |
 anchore/grype | A tool for detecting vulnerabilities in container images and filesystems | 8,970 |
 hiddenillusion/analyzepe | Analyzes PE files by combining data from various tools to generate a centralized report. | 204 |
 guelfoweb/peframe | Analyzes Portable Executable malware and malicious MS Office documents for various suspicious features | 612 |
 stamparm/maltrail | Detects and analyzes malicious traffic patterns to identify potential security threats. | 6,642 |
 justicerage/manalyze | Analyzes PE files for security vulnerabilities and suspicious behavior | 1,024 |
| anchore/syft | Generates detailed visibility into software packages and dependencies to manage vulnerabilities and license compliance. | 6,371 |