Hexastrike / PyrsistenceSniper

Public

We took PersistenceSniper, merged it with Python, and misspelled it on purpose. Meet PyrsistenceSniper.

100% credibility

Found Mar 08, 2026 at 15 stars -- GitGems finds repos before they trend. Get early access to the next one.

AI Analysis

Python

AI Summary

PyrsistenceSniper is an offline forensic tool that detects Windows persistence mechanisms by scanning registry hives, filesystems, and artifacts from disk images or collections.

How It Works

🔍 Discover the tool

You hear about PyrsistenceSniper from a cybersecurity friend as a quick way to spot hidden malware tricks on copied computer files without needing the original machine running.

💻 Set it up easily

Download the tool to your analysis computer and prepare it in just a few minutes so it's ready to use on any operating system.

📁 Gather your evidence

Collect a folder of files from the suspicious computer, like a disk image or forensic copy containing Windows system parts.

🚀 Launch the scan

Point the tool at your evidence folder and let it rapidly hunt for persistence tricks that let malware survive reboots.

📊 Review the report

Receive a clear, organized list of findings with details on suspicious files, signatures, and risk levels, ready to share or analyze.

🛡️ Catch the hidden threats

You've uncovered exactly how the malware was sticking around, empowering you to clean it up and secure the system confidently.

Sign up to see the full architecture

4 more

Star Growth

See how this repo grew from 15 to 15 stars Sign Up Free

Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose

AI-Generated Review

What is PyrsistenceSniper?

PyrsistenceSniper is a Python github tool that took PersistenceSniper, merged it with Python, and misspelled it on purpose. Meet PyrsistenceSniper: point it at KAPE dumps, Velociraptor collections, or disk images for offline detection of Windows persistence like run keys, services, scheduled tasks, and WMI subscriptions. No live access or admin rights needed; scans complete in seconds on Linux, macOS, or Windows, with Docker if Python setup took too long to respond.

Why is it gaining traction?

It stands out from Autoruns (Windows-only) and PersistenceSniper (PowerShell-bound) with cross-platform speed via fast hive parsing, signature validation to cut OS noise, and YAML profiles for custom baselines. Output to console, CSV, or HTML; filter by MITRE IDs; extensible plugins for new checks without core changes. Batch-process triage without PowerShell hassles.

Who should use this?

DFIR analysts triaging KAPE targets or E01 mounts during incident response. Forensic investigators needing quick persistence sweeps on non-Windows workstations. Red teamers validating evasion against offline hunters.

Verdict

Grab it if you process Windows forensics offline—solid docs, tests, and Docker make the 15 stars and 1.0% credibility score forgivable for an early project. Still maturing; watch for BITS and VT enrichments on the roadmap.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.

Stars

Forks

Followers

Base stars: 15 stars

Penalty: Very new repo (0d): -70%

Bonus: AI verified quality (100%)

Account age: 677 days

Repo age: 0 days

License: MIT

Updated: Mar 08, 2026