Skip to content
/ Orion Public

Orion is a TCP/IP Forensics Tool, written in C, capable of detecting malicious processes / connections on windows hosts by using the VirusTotal API.

License

MIT license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

B0lg0r0v/Orion

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
orion.c
orion.c
 
 
orion.sln
orion.sln
 
 
orion.vcxproj
orion.vcxproj
 
 
orion.vcxproj.filters
orion.vcxproj.filters
 
 

Repository files navigation

Orion

                                      ____   ___   ____ ____   _  __
                                     / __ \ / _ \ /  _// __ \ / |/ /
                                    / /_/ // , _/_/ / / /_/ //    / 
                                    \____//_/|_|/___/ \____//_/|_/  
                                                                    
                                                                                
                                   Author: B0lg0r0v
                                   https://arthurminasyan.com

Description

Orion is a TCP/IP forensics tool, written in C, capable of detecting malicious processes / connections on windows hosts by using the VirusTotal API.

Example Output:

ORION v0.1
Author: B0lg0r0v
https://arthurminasyan.com/

PROCESS NAME:   msedge.exe  (PID: 21868)
                Local Port: 57809
                Remote Addr: 20.250.77.142:443 --> [SAFE]

PROCESS NAME:   msedge.exe  (PID: 21868)
                Local Port: 57977
                Remote Addr: 140.82.112.25:443 --> [SAFE]

PROCESS NAME:   firefox.exe  (PID: 7880)
                Local Port: 58050
                Remote Addr: 13.83.65.43:443 --> [SAFE]

PROCESS NAME:   Skype.exe  (PID: 30764)
                Local Port: 58107
                Remote Addr: 162.159.137.232:443 --> [SAFE]

PROCESS NAME:   Discord.exe  (PID: 19732)
                Local Port: 58116
                Remote Addr: 162.159.134.233:443 --> [MALICIOUS]

Features

More Features on its way..

Credits & Disclaimer

This project is heavily inspired and taken from @SaadAhla "IP Hunter".

This tool is primarly created for me as a project to enhance my coding skills and start creating some hacking tools. It is not considered to be the most efficient tool out there.

About

Orion is a TCP/IP Forensics Tool, written in C, capable of detecting malicious processes / connections on windows hosts by using the VirusTotal API.

Topics

forensics monitoring-systems malicious-processes connections-monitoring ip-analysis forensics-tools windows-process malicious-detection malicious-connections

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages