shellkraft

shellkraft / Anvil

Public

Anvil is a runtime-first attack surface assessment tool for Windows thick client applications, built for penetration testers and security researchers conducting targeted application security assessments. It covers multiple attack classes in a single targeted run.

bug-bounty com-hijacking cybersecurity dll-hijacking dynamic-analysis
13
1
100% credibility
Found Mar 17, 2026 at 13 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

Anvil monitors Windows desktop applications during use to find privilege escalation risks like writable directories for DLLs or services.

How It Works

1
🔍 Discover Anvil

You hear about a helpful tool that checks Windows apps for hidden security weak spots that could let everyday users gain extra power.

2
📥 Get it ready

Download the simple program and run it as an administrator on your Windows computer – it grabs what it needs automatically.

3
🎯 Pick your app

Tell it which program or background service to watch, like your company's desktop tool or a running process.

4
👀 Watch it work

Use the app as usual while the tool quietly records what files it touches and checks if regular users could sneak in changes.

5
📊 Review results

See a colorful list of any risks found, like places where someone could swap files for more access.

Stay secure

Fix the issues shown and know your app is safer from sneaky privilege grabs – all in a clear report you can save.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 13 to 13 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is Anvil?

Anvil is a Python tool on GitHub for assessing attack surfaces in Windows thick client applications, like ace anvil github or anvil github python projects. It targets an exe, service, or PID, captures runtime activity via Procmon, and flags writable paths (DLLs, binaries, configs) verified by AccessCheck at high integrity levels—cutting noise from blind filesystem scans. Users get color-coded terminal output, JSON exports, or self-contained HTML reports with severity breakdowns.

Why is it gaining traction?

It stands out with a false-positive pipeline: only runtime-observed paths in non-protected dirs that standard users can write, beating tools like Spartacus or winPEAS on signal quality. Auto-resolves/downloads Sysinternals binaries, handles service restarts, and scores findings P1-P5 based on exploitability. Compile to standalone EXE for air-gapped use, like an anvil toolkit github for application security.

Who should use this?

Penetration testers targeting Windows desktop apps or services for priv-esc bugs. Security researchers auditing thick clients where generic enum tools overwhelm. Red teams needing quick, runtime-focused checks on custom software.

Verdict

Worth a spin for Windows app assessments despite 13 stars and 1.0% credibility—early but focused, with strong docs and MIT license. Pre-built EXE lowers barriers, but test thoroughly as modules evolve.

(187 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.