hollows_hunter
A process scanning tool that detects and dumps malicious implants, shellcodes, hooks, and memory patches in running processes.
Free2,318
Free2,318
hollows_hunter
A process scanning tool that detects and dumps malicious implants, shellcodes, hooks, and memory patches in running processes.
Data verified May 2026
ADYour product here. Reach security decision-makers.Launch a campaignhollows_hunter Description
hollows_hunter is a process scanning tool that analyzes all running processes on a system to identify potentially malicious implants and modifications. The tool detects various types of malicious activities including: - Replaced or implanted PE (Portable Executable) files - Shellcode injections in process memory - API hooks and function redirections - In-memory patches and modifications Built on the PE-sieve library, hollows_hunter provides automated scanning capabilities to identify processes that have been compromised or modified by malware. The tool can dump detected malicious implants for further analysis. The scanner operates by examining process memory structures and comparing them against expected patterns to identify anomalies that may indicate malicious activity. It supports recursive cloning for development and is available through multiple distribution channels including direct releases and package managers like Chocolatey.
hollows_hunter FAQ
Common questions about hollows_hunter including features, pricing, alternatives, and user reviews.
hollows_hunter is A process scanning tool that detects and dumps malicious implants, shellcodes, hooks, and memory patches in running processes. It is a Security Operations solution designed to help security teams with Pe File, Shellcode, Memory Forensics.
hollows_hunter is a free Security Operations tool. This makes it accessible for organizations of all sizes, from startups to enterprises. Visit https://github.com/hasherezade/hollows_hunter/ for download and installation instructions.
Popular alternatives to hollows_hunter include:
1.Joe Sandbox DEC - Plugin that decompiles malware PE files into readable C code using hybrid analysis. (Commercial)
2.WindowsSCOPE - A comprehensive incident response tool for Windows computers, providing advanced memory forensics and access to locked systems. (Free)
3.CAPA - CAPA is a static analysis tool that detects and reports capabilities in executable files across multiple formats, mapping findings to MITRE ATT&CK tactics and techniques. (Free)
4.IRTriage - Automated collection tool for incident response triage in Windows systems. (Free)
5.capa - Capa is a malware analysis tool that detects capabilities in executable files by analyzing PE, ELF, .NET modules, shellcode, and sandbox reports to identify potential malicious behaviors with ATT&CK framework mapping. (Free)
Compare these tools and more at https://cybersectools.com/categories/security-operations
hollows_hunter is for security teams and organizations that need Pe File, Shellcode, Memory Forensics, Windows, Process Injection. It's particularly suitable for small to medium-sized teams looking for cost-effective solutions. Other Security Operations tools can be found at https://cybersectools.com/categories/security-operations
Have more questions? Browse our categories or search for specific tools.
