Skip to content
/ HawkEye Public

Malware dynamic instrumentation tool based on frida framework

101 stars 19 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

n1ght-w0lf/HawkEye

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
hooks
hooks
 
 
report
report
 
 
HawkEye.py
HawkEye.py
 
 
README.md
README.md
 
 

Repository files navigation

HawkEye

HawkEye is a malware dynamic instrumentation tool based on frida.re framework. It will hook common functions to log malware activities and output the results in a nice web page report.

This is not a sandbox so please use it in a safe sandboxed environment.

Installation

  • Install the prerequisites
pip install frida
pip install psutil
  • Clone this repository
git clone https://github.com/N1ght-W0lf/HawkEye.git

Usage

usage: HawkEye.py [-h] [--path PATH] [--pid PID]

optional arguments:
  -h, --help   show this help message and exit
  --path PATH  File path
  --pid PID    Process PID

HawkEye runs in 2 modes:

  • spawn a malware sample in a new process given its path.
  • hook a running process given its PID.

Hooked Functions

Processes:

Files:

Registry:

Network:

General:

Example Report

I've also uploaded a video for a full report from analysis to final results.

https://www.youtube.com/watch?v=DnCj2Dt6OcE

About

Malware dynamic instrumentation tool based on frida framework

Topics

malware-analysis frida hawkeye hooking

Resources

Readme
Activity

Stars

101 stars

Watchers

4 watching

Forks

19 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages