____ ___ ____ ____ _ __ / __ \ / _ \ / _// __ \ / |/ / / /_/ // , _/_/ / / /_/ // / \____//_/|_|/___/ \____//_/|_/ Author: B0lg0r0v https://arthurminasyan.com Orion is a TCP/IP forensics tool, written in C, capable of detecting malicious processes / connections on windows hosts by using the VirusTotal API.
Example Output:
ORION v0.1 Author: B0lg0r0v https://arthurminasyan.com/ PROCESS NAME: msedge.exe (PID: 21868) Local Port: 57809 Remote Addr: 20.250.77.142:443 --> [SAFE] PROCESS NAME: msedge.exe (PID: 21868) Local Port: 57977 Remote Addr: 140.82.112.25:443 --> [SAFE] PROCESS NAME: firefox.exe (PID: 7880) Local Port: 58050 Remote Addr: 13.83.65.43:443 --> [SAFE] PROCESS NAME: Skype.exe (PID: 30764) Local Port: 58107 Remote Addr: 162.159.137.232:443 --> [SAFE] PROCESS NAME: Discord.exe (PID: 19732) Local Port: 58116 Remote Addr: 162.159.134.233:443 --> [MALICIOUS] More Features on its way..
This project is heavily inspired and taken from @SaadAhla "IP Hunter".
This tool is primarly created for me as a project to enhance my coding skills and start creating some hacking tools. It is not considered to be the most efficient tool out there.