Skip to content

PyrsistenceSniper

Category: Forensics

Homepage: https://github.com/Hexastrike/PyrsistenceSniper

License: MIT License

Source: Python

Profiles: Full, Basic

Tags: malware-analysis, forensics, ioc, data-extraction, enrichment

Point it at a KAPE dump, a Velociraptor collection, or a mounted disk image and get offline Windows persistence detection in seconds. No live system access, no admin privileges, no PowerShell. Runs on Windows, Linux, and macOS because investigators don't always get to pick their workstation.