gh0x0st/wanderer gh0x0st/wanderer

  • Stars
    star
    165
  • Rank 227,917 (Top 5 %)
  • Language
    C#
  • License
    GNU General Publi...
  • Created almost 2 years ago
  • Updated almost 2 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
gh0x0st/wanderer
github

gh0x0st

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

An open-source process injection enumeration tool written in C#

Wanderer

Wanderer is an open-source program that collects information about running processes. This information includes the integrity level, the presence of the AMSI as a loaded module, whether it is running as 64-bit or 32-bit as well as the privilege level of the current process. This information is extremely helpful when building payloads catered to the ideal candidate for process injection.

This is a project that I started working on as I progressed through Offensive Security's PEN-300 course. One of my favorite modules from the course is the process injection & migration section which inspired me to be build a tool to help me be more efficient in during that activity. A special thanks goes out to ShadowKhan who provided valuable feedback which helped provide creative direction to make this utility visually appealing and enhanced its usability with suggested filtering capabilities.

Usage

PS C:\> .\wanderer.exe

     >> Process Injection Enumeration
     >> https://github.com/gh0x0st
     
Usage: wanderer [target options] <value> [filter options] <value> [output options] <value>

Target Options:

-i, --id, Target a single or group of processes by their id number
-n, --name, Target a single or group of processes by their name
-c, --current, Target the current process and reveal the current privilege level
-a, --all, Target every running process

Filter Options:

--include-denied, Include instances where process access is denied
--exclude-32, Exclude instances where the process architecture is 32-bit
--exclude-64, Exclude instances where the process architecture is 64-bit
--exclude-amsiloaded, Exclude instances where amsi.dll is a loaded process module
--exclude-amsiunloaded, Exclude instances where amsi is not loaded process module
--exclude-integrity, Exclude instances where the process integrity level is a specific value

Output Options:

--output-nested, Output the results in a nested style view
-q, --quiet, Do not output the banner

Examples:

Enumerate the process with id 12345
C:\> wanderer --id 12345

Enumerate all processes with the names process1 and processs2
C:\> wanderer --name process1,process2

Enumerate the current process privilege level
C:\> wanderer --current

Enumerate all 32-bit processes
C:\wanderer --all --exclude-64

Enumerate all processes where is AMSI is loaded
C:\> wanderer --all --exclude-amsiunloaded

Enumerate all processes with the names pwsh,powershell,spotify and exclude instances where the integrity level is untrusted or low and exclude 32-bit processes
C:\> wanderer --name pwsh,powershell,spotify --exclude-integrity untrusted,low --exclude-32

Screenshots

Example 1

Example 2

Example 3

Example 4

Example 5

More Repositories

1

Buffer_Overflow

Don't let buffer overflows overflow your mind
Python
431
star
2

Invoke-PSObfuscation

An in-depth approach to obfuscating the individual components of a PowerShell payload whether you're on Windows or Kali Linux.
PowerShell
245
star
3

OSCP-A-Step-Forward

Opening the door, one reverse shell at a time
179
star
4

pythonizing_nmap

A detailed guide showing you different ways you can incorporate Python into your workflows around Nmap.
Python
150
star
5

OSEP-Breaking-Chains

A collection of code snippets built to assist with breaking chains.
PowerShell
114
star
6

Secure_Kali

How to utilize tools such as Fail2ban and PortSentry to detect and block people that try to scan your Kali Linux machine for open ports or launch attacks against your apache web server and more
Shell
73
star
7

OSWE-crawling-through-the-webs

Becoming the spider, crawling through the webs to catch the fly.
70
star
8

Get-ReverseShell

A solution to create obfuscated reverse shells for PowerShell.
PowerShell
64
star
9

OSWP-Expanding-Your-Reach

You don't need wires to be connected
39
star
10

RCE_Web_Shell_Python

A python approach to interacting with web shells.
Python
29
star
11

python3_multithreading

An introduction on how to build a multithreaded ping sweeper and port scanner with Python 3
Python
26
star
12

SMB-Data-Discovery

A PowerShell solution to discover visible SMB shares, test for access rights, inventory accessible files and flag human readable file contents for sensitive information.
PowerShell
26
star
13

Get-Shellcode

A solution to create obfuscated shellcode from msfvenom for PowerShell.
PowerShell
20
star
14

pt_phone_home

Staged Payloads from Kali Linux - Part 1,2 of 3
PHP
19
star
15

raven

A lightweight http file upload service used for penetration testing and incident response.
Python
17
star
16

spawning_access_points

Leveraging kali Linux, hostapd and dnsmasq to spawn effective access points for wireless penetration tests.
14
star
17

Get-GPAutoLogon

Using PowerShell to quickly scan through the SYSVOL share for exposed credentials within auto logon policies.
PowerShell
13
star
18

Get-DownloadCradle

A solution to create obfuscated download cradles for PowerShell.
PowerShell
13
star
19

gh0x0st

7
star
20

adfs_cloner

A python approach to enumerate for and clone ADFS user portals
Python
7
star
21

storefront_cloner

A python approach to clone Citrix Storefront portals
Python
6
star
22

TheButcher

A python based utility to split files into specified byte sized chunks or line-by-line derivatives.
Python
3
star
23

intro-honeypots

An introduction into the concept of honeypots and how they can be used defensively as an early detection mechanism.
PHP
3
star
24

compliant_or_effective_timeouts

How do you know your session timeouts are effective? You test them!
PowerShell
2
star
25

alfa_troubleshooting

A lightweight guide to troubleshooting conflicts with various alfa adapters on VMware and Kali
2
star
26

fallout-terminal-theme

A simple Windows Terminal theme based around the terminals found in the Fallout universe.
2
star