/ Framework

A malware dynamic instrumentation tool based on frida.re framework

A malware dynamic instrumentation tool based on frida.re framework

HawkEye

HawkEye is a malware dynamic instrumentation tool based on frida.re framework. It will hook common functions to log malware activities and output the results in a nice web page report.

This is not a sandbox so please use it in a safe sandboxed environment.

Usage

usage: HawkEye.py [-h] [--path PATH] [--pid PID]

optional arguments:
  -h, --help   show this help message and exit
  --path PATH  File path
  --pid PID    Process PID

HawkEye runs in 2 modes:

  • spawn a malware sample in a new process given its path.
  • hook a running process given its PID.

GitHub

Comments