SysHawk is a simple and powerful PowerShell-based threat analysis tool for Windows systems. It helps detect suspicious processes, malicious services, invalid autoruns, and unusual TCP connections β all from a clean command-line interface.
π§ Built with core Windows security techniques in mind, SysHawk gives system admins, forensic analysts, and cybersecurity enthusiasts an easy way to spot potential threats without complex setups.
β Scan running processes and highlight suspicious activity
β Detect suspicious Windows services (like fake svchost.exe, etc.)
β List autorun entries pointing to missing or weird files
β Show unusual TCP connections (external remote IPs)
SysHawk/
β
βββ SysHawk.ps1 # Main CLI launcher
βββ SysHawk.psm1 # Imports all modules
βββ README.md # You're reading it :)
βββ Modules/
β βββ ProcessScanner.psm1
β βββ ServiceScanner.psm1
β βββ AutorunScanner.psm1
β βββ TCPScanner.psm1
π You must run PowerShell as Administrator for full results!
-
Open PowerShell as Administrator
-
Go to the SysHawk folder:
powershell: cd "Full\Path\To\SysHawk" # Replace with the actual path on your system
- Start the tool:
.\SysHawk.ps1
- Choose an option from the menu:
[1] Scan Processes
[2] Scan Services
[3] Scan Autoruns
[4] Scan TCP Connections
[5] Run Full System Scan
[0] Exit
##π₯οΈ Sample Output
=== SysHawk Threat Analysis Tool ===
Enter option number: 2
[+] Scanning Services...
[!] Suspicious service detected: svch0st
Path: C:\Users\Public\svch0st.exe
Status: Running
Description: Unsigned, Unknown Origin
##π¦ Requirements
πͺ Windows 10 or newer
βοΈ PowerShell 5.1 or later
π¨βπ» Administrator access (to read system-level data)
##π‘ Why Use SysHawk?
No third-party tools required
Fully portable β just PowerShell scripts
Great for quick system investigations
Ideal for learners building security intuition
πββοΈ Author
Created by: Yours Cyber Buddy. If you like this tool, βοΈ star the repo and share it with others! π‘οΈ Note
SysHawk does not remove malware. It's a manual analysis tool designed to assist detection and triage. Use alongside antivirus and forensic tools for full coverage.