whokilleddb

whokilleddb / PSI_BOF

Public

A BOF designed to inspect processes memory and addresses

19
2
69% credibility
Found Apr 21, 2026 at 19 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
C++
AI Summary

ProcessInspect is a compact utility for viewing loaded components, memory contents, thread lists, and register states in active processes during security assessments.

How It Works

1
🔍 Discover ProcessInspect

You learn about this handy tool from a cybersecurity buddy who raves about how it lets you peek inside running programs without hassle.

2
📥 Pick it up

Grab the files from the sharing site and follow the easy setup steps to get it ready on your computer.

3
⚙️ Add to your toolkit

Slip it into your security testing session so it's available whenever you need to investigate a process.

4
🔬 Start exploring

Fire off a quick check to list all the parts loaded in the program, and watch the details flow in.

5
Choose your inspection
📋
Scan memory spot

Peek at the exact bytes in a specific memory location to see what's stored there.

📂
Spot details

Get the scoop on a memory address, like permissions and any matching symbols.

🔗
List helpers

See all the active threads helping the program run, with their starting points.

Check insides

Dump the inner workings of a thread's controls to understand its state.

6
📊 Review findings

Examine the clear reports on modules, memory, threads, or controls that pop up right away.

Mission accomplished

You now have a crystal-clear view inside the running program, making your security check super effective.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 19 to 19 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is PSI_BOF?

PSI_BOF is a C++ Cobalt Strike BOF designed to inspect processes' memory and addresses during red team ops. Fire it from a beacon to list loaded modules with base addresses and entry points via `lm`, dump bytes at hex addresses with `addr`, query meminfo on permissions and Microsoft symbols, enumerate threads with `lt`, or regdump registers including AVX sets. It solves quick in-process debugging without spawning debuggers or external tools.

Why is it gaining traction?

In the crowded Cobalt Strike BOF GitHub space—like mimikatz BOF GitHub or whoami BOF GitHub—PSI stands out with symbol resolution from MS servers and flexible reg dumps that suspend threads on demand. Developers grab it from BOF collections GitHub for its no-fuss memory peeks, beating clunky alternatives in github BOF net or github BOF template repos. The Docker build and BOF linter ensure it slots into github BOF vs workflows cleanly.

Who should use this?

Red team operators running Cobalt Strike beacons on Windows targets, especially when hunting PEB offsets or thread contexts mid-engagement. Pairs with keylogger BOF GitHub or SQL BOF GitHub in a BOF collection GitHub for process forensics. Skip if you're not in offensive security.

Verdict

Grab it if you need process inspection in CS—solid commands and docs make it production-ready despite 19 stars and 0.7% credibility score. Maturity is early; contribute more commands to boost it.

(178 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.