ghostvectoracademy

ghostvectoracademy / DLLHijackHunter

Public

Automated DLL Hijacking Detection Tool with Zero False Positives โ€” Discovers, filters, and canary-confirms exploitable DLL hijacks on Windows with tiered confidence scoring

bug-bounty bugbounty bugbounty-tool cybersecurity cybersecurity-tools
78
7
100% credibility
Found Mar 04, 2026 at 78 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
C#
AI Summary

DLLHijackHunter is an automated Windows tool that detects and verifies DLL hijacking vulnerabilities across services, tasks, and binaries with intelligent filtering and harmless proof-testing for zero false positives.

How It Works

1
๐Ÿ” Discover the security checker

You hear about a free tool that finds hidden weaknesses in how Windows programs load extra files, helping keep your computer safe.

2
๐Ÿ’ป Get it ready on your Windows PC

Download the simple program and open it โ€“ it works right away without complicated setup.

3
Pick your scan style
๐Ÿ›ก๏ธ
Gentle scan

Safely looks around without changing anything, perfect for work computers.

๐Ÿš€
Deep scan

Thoroughly tests to prove real issues, like dropping safe test files that vanish after.

4
โณ Let it scan your system

Sit back as it automatically explores services, tasks, and programs to spot risky spots where bad files could sneak in.

5
๐Ÿ“Š Review colorful results

See a clear report with high, medium, and low risks highlighted, plus proof of which ones really work.

โœ… Secure your setup

Use the list to fix weaknesses, knowing exactly what's dangerous and how to patch it for peace of mind.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 78 to 78 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is DLLHijackHunter?

DLLHijackHunter is a C# CLI tool for automated DLL hijacking detection on Windows, scanning services, scheduled tasks, startup items, and COM objects to discover binaries loading DLLs from writable paths. It filters candidates through multiple gates to eliminate false positives, then optionally canary-confirms exploitable hijacks by dropping harmless proxy DLLs that prove loading without disrupting apps. Output includes tiered confidence scoring, impact ratings, and reports in console, JSON, or HTML, with profiles like aggressive or safe for different risk levels.

Why is it gaining traction?

Unlike static tools that flood you with unverified "maybe" hijacks, this delivers zero false positives via rigorous filtering and live canary confirmation, plus ETW runtime monitoring for real-world loads. Developers notice the tiered scoring prioritizing reboot-persistent SYSTEM escalations, targeted scans (e.g., `--target notepad.exe`), and clean proxy DLLs that keep targets functional. Its automated pipeline fits github automated tests or deployment checks, standing out for actionable red team intel over raw lists.

Who should use this?

Red teamers hunting privilege escalation on enterprise Windows endpoints, especially services or tasks running as SYSTEM. Blue teams auditing third-party security software for hijackable DLL loads during hardening. Pentesters validating exploits pre-engagement, or DevOps integrating into github automated pipeline for CI/CD vuln scans.

Verdict

Solid for Windows DLL hijack huntsโ€”try the aggressive profile on a test box; canary-confirms save hours chasing ghosts. Low 1.0% credibility score and 78 stars signal early maturity with thin test coverage, but excellent README and MIT license make it low-risk to fork or extend. (198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.