hollows_hunter

Recognizes and dumps a variety of potentially malicious implants

This is an exact mirror of the hollows_hunter project, hosted at https://github.com/hasherezade/hollows_hunter. SourceForge is not affiliated with hollows_hunter.

Add a Review

Downloads: 4 This Week

Last Update: 2026-06-04

Download

Get an email when there's a new version of hollows_hunter

Windows Mac Linux BSD ChromeOS

Hollows Hunter is a command-line malware analysis tool based on the PE-sieve passive memory scanner. It scans running processes, or even the full system, to identify potentially malicious implants. The tool can recognize and dump suspicious artifacts such as replaced PEs, injected PEs, shellcode, hooks, and in-memory patches. Unlike PE-sieve’s more process-specific workflow, Hollows Hunter can select targets using broader criteria such as process IDs, process names, or creation time. This makes it useful for incident response, memory triage, and forensic investigation of suspicious Windows systems. Its purpose is defensive analysis, helping researchers extract suspicious memory artifacts for deeper review.

Features

Command-line memory scanning
Full-system or multi-process analysis
Detection of injected PE artifacts
Shellcode, hook, and patch recognition
Suspicious implant dumping
Incident response and malware triage

Project Samples

Project Activity

See All Activity >

License

BSD License

Follow hollows_hunter

hollows_hunter Web Site

Other Useful Business Software

Ditto Edge Server is a lightweight standalone server for resource-constrained edge environments, based on the core Ditto Edge SDK.

With Ditto Edge Server, you can join devices as small as a Raspberry Pi to a local mesh network and synchronize data across edge environments.

Ditto's Edge SDK is the only thing your edge devices need to ensure your application is operational in any environment, regardless of network conditions.

Learn More

Rate This Project

User Reviews

Be the first to post a review of hollows_hunter!

Additional Project Details

Programming Language

Related Categories

C Command Line Tools

Registered

2026-06-04

Similar Business Software

Aikido Security

Secure your code, cloud, and runtime in one central system. Aikido’s all-in-one security platform is loved by developers and security teams alike with full security visibility, insight in what matters most, and fast/automatic vulnerability fixes. Teams get security done with Aikido thanks...

See Software
Process Street

Process Street is an AI-powered compliance operations platform that automates complex workflows, enforces standards, and tracks audit data in real time. Teams use it to create structured SOPs, assign tasks, collect data, and monitor execution with intelligent oversight. From onboarding and...

See Software
Devin Desktop

Devin Desktop (formerly Windsurf) is an AI-powered development environment that combines a full-featured IDE with advanced coding agents in a unified workspace. Formerly known as Windsurf, the platform enables developers to manage local and cloud-based AI agents, delegate tasks, review code, and...

See Software
Grafana Cloud

Grafana Labs delivers the leading AI-powered observability platform, built around Grafana—the world’s most widely adopted open source technology for dashboards and visualization. Recognized as a Leader in the 2025 Gartner® Magic Quadrant™ for Observability Platforms, Grafana Labs supports more...

See Software
SurveyJS

SurveyJS is an embeddable, self-hosted, white-label form builder for teams building custom forms, surveys, questionnaires, and other data collection tools inside web applications. It runs entirely on the client and is fully compatible with all modern JavaScript frameworks, including React,...

See Software
GW Apps

GW Apps – Build Powerful Business Apps Without Code. GW Apps is a secure, cloud-based no-code platform that enables businesses to create custom applications and automate workflows without programming. Designed for both business and IT teams, GW Apps combines an intuitive drag-and-drop builder...

See Software

Report inappropriate content

Ditto Edge Server is a lightweight standalone server for resource-constrained edge environments, based on the core Ditto Edge SDK.

With Ditto Edge Server, you can join devices as small as a Raspberry Pi to a local mesh network and synchronize data across edge environments.

Ditto's Edge SDK is the only thing your edge devices need to ensure your application is operational in any environment, regardless of network conditions.

Learn More

Recommended Projects

MemProcFS Analyzer
Automated Forensic Analysis of Windows Memory Dumps for DFIR
XL-Parser
XL-Parser is a tool for data extraction and analysis.
File Nuke
File Nuke, the Nuclear File Shredder! Whipe out suspicious data forever with this nuclear file removal tool ...
Network Flight Simulator
A utility to safely generate malicious network traffic patterns
readpe
The PE file analysis toolkit