security scripts

uber basic check for kelogers.py
import psutil 
 import os 
 import sys 
 
 def find_suspicious_processes(): 
     suspicious_processes = [] 
     for process in psutil.process_iter(['pid', 'name', 'exe', 'cmdline']): 
         try: 
             if process.info['exe'] and process.info['cmdline']: 
                 exe_name = os.path.basename(process.info['exe']).lower() 
                 cmdline = ' '.join(process.info['cmdline']).lower() 
 
                 if 'keylogger' in exe_name or 'keylogger' in cmdline: 
                     suspicious_processes.append(process) 
         except (psutil.NoSuchProcess, psutil.AccessDenied, psutil.ZombieProcess): 
             pass 
     return suspicious_processes 
 
 def main(): 
     suspicious_processes = find_suspicious_processes() 
     
     if not suspicious_processes: 
         print("No suspicious processes found.") 
     else: 
         print("Suspicious processes found:") 
         for process in suspicious_processes: 
             print(f"PID: {process.info['pid']} - Name: {process.info['name']} - Exe: {process.info['exe']} - Cmdline: {' '.join(process.info['cmdline'])}") 
 
 if __name__ == '__main__': 
     main()

start-win-defender.bat
@echo off echo Starting Windows Defender malware scan... "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -Scan -ScanType 1 echo Scan complete. pause

check for systemstats.py v1
import psutil 
 import datetime 
 
 def check_high_memory_usage ( threshold = 50 ): 
     high_memory_usage_processes = [] 
     total_memory = psutil . virtual_memory (). total 
     for proc in psutil . process_iter ([ 'pid' , 'name' , 'memory_info' ]): 
         try : 
             memory_percent = ( proc .info[ 'memory_info' ].rss / total_memory ) * 100 
             if memory_percent > threshold : 
                 high_memory_usage_processes . append (( proc , memory_percent )) 
         except ( psutil . NoSuchProcess , psutil . AccessDenied , psutil . ZombieProcess ): 
             pass 
 
     return high_memory_usage_processes 
 
 def write_processes_to_file (): 
     now = datetime . datetime . now () 
     file_name = f "processes_ { now : % Y -% m -% d_ % H -% M -% S } .txt" 
     with open ( file_name , 'w' ) as f : 
         try : 
             f . write ( f "List of highest CPU usage processes on { now } : \n\n " ) 
             for proc in sorted ( psutil . process_iter ([ 'pid' , 'name' , 'memory_percent' , 'cpu_percent' ]), key = lambda p : p .info[ 'cpu_percent' ], reverse = True ): 
                 try : 
                     cpu_percent = proc .info[ 'cpu_percent' ] 
                     if cpu_percent > 0.0 : 
                         f . write ( f "PID: { proc .info[ 'pid' ] } - Name: { proc .info[ 'name' ] } - CPU%: { cpu_percent :.2f } - Memory%: { proc .info[ 'memory_percent' ] :.2f }\n " ) 
                         f . write ( f " \t Disk usage: { psutil . disk_usage ( '/' ). percent :.2f } % \n " ) 
                         f . write ( f " \t Network usage: { psutil . net_io_counters (). bytes_sent / 1024 :.2f } KB sent/ { psutil . net_io_counters (). bytes_recv / 1024 :.2f } KB received \n " ) 
                 except ( psutil . NoSuchProcess , psutil . AccessDenied , psutil . ZombieProcess ): 
                     pass 
         except : 
             f . write ( "An error occurred while writing the file. \n " ) 
 
         f . write ( " \n\n =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= \n\n " ) 
         f . write ( f "List of highest memory usage processes on { now } : \n\n " ) 
         for proc , mem_percent in sorted ( check_high_memory_usage (), key = lambda p : p [ 1 ], reverse = True ): 
             f . write ( f "PID: { proc .info[ 'pid' ] } - Name: { proc .info[ 'name' ] } - Memory%: { mem_percent :.2f }\n " ) 
             f . write ( f " \t Disk usage: { psutil . disk_usage ( '/' ). percent :.2f } % \n " ) 
             f . write ( f " \t Network usage: { psutil . net_io_counters (). bytes_sent / 1024 :.2f } KB sent/ { psutil . net_io_counters (). bytes_recv / 1024 :.2f } KB received \n " ) 
         f . write ( " \n\n =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= \n\n " ) 
         f . write ( f "List of all running processes on { now } : \n\n " ) 
         for proc in psutil . process_iter ([ 'pid' , 'name' , 'memory_percent' , 'cpu_percent' ]): 
             try : 
                 cpu_percent = proc .info[ 'cpu_percent' ] 
                 mem_percent = proc .info[ 'memory_percent' ] 
                 if cpu_percent > 0.0 : 
                     f . write ( f "PID: { proc .info[ 'pid' ] } - Name: { proc .info[ 'name' ] } - CPU%: { cpu_percent :.2f } - Memory%: { mem_percent :.2f }\n " ) 
                     f . write ( f " \t Disk usage: { psutil . disk_usage ( '/' ). percent :.2f } % \n " ) 
                     f . write ( f " \t Network usage: { psutil . net_io_counters (). bytes_sent / 1024 :.2f } KB sent/ { psutil . net_io_counters (). bytes_recv / 1024 :.2f } KB received \n " ) 
             except ( psutil . NoSuchProcess , psutil . AccessDenied , psutil . ZombieProcess ): 
                 pass 
                     
 def main (): 
     write_processes_to_file () 
 
 if __name__ == '__main__' : 
     print ( "checking" ) 
     main () 
     print ( "done" )

check for pc's pids names and usage stats and send them to a file to search later .py v2
import os 
 import psutil 
 import datetime 
 
 def check_high_memory_usage ( threshold = 50 ): 
     high_memory_usage_processes = [] 
     total_memory = psutil . virtual_memory (). total 
     for proc in psutil . process_iter ([ 'pid' , 'name' , 'memory_info' ]): 
         try : 
             memory_percent = ( proc .info[ 'memory_info' ].rss / total_memory ) * 100 
             if memory_percent > threshold : 
                 high_memory_usage_processes . append (( proc , memory_percent )) 
         except ( psutil . NoSuchProcess , psutil . AccessDenied , psutil . ZombieProcess ): 
             pass 
 
     return high_memory_usage_processes 
 
 def write_processes_to_file (): 
     current_pid = os . getpid () 
     now = datetime . datetime . now () 
     file_name = f "processes_ { now : % Y -% m -% d_ % H -% M -% S } .txt" 
     with open ( file_name , 'w' ) as f : 
         f . write ( f "List of all running processes on { now } : \n\n " ) 
         for proc in psutil . process_iter ([ 'pid' , 'name' , 'memory_percent' , 'cpu_percent' ]): 
             try : 
                 if proc .info[ 'pid' ] != current_pid :   # Exclude the current script 
                     cpu_percent = proc .info[ 'cpu_percent' ] 
                     mem_percent = proc .info[ 'memory_percent' ] 
                     f . write ( f "PID: { proc .info[ 'pid' ] } - Name: { proc .info[ 'name' ] } - CPU%: { cpu_percent :.2f } - Memory%: { mem_percent :.2f }\n " ) 
                     f . write ( f " \t Disk usage: { psutil . disk_usage ( '/' ). percent :.2f } % \n " ) 
                     f . write ( f " \t Network usage: { psutil . net_io_counters (). bytes_sent / 1024 :.2f } KB sent/ { psutil . net_io_counters (). bytes_recv / 1024 :.2f } KB received \n " ) 
             except ( psutil . NoSuchProcess , psutil . AccessDenied , psutil . ZombieProcess ): 
                 pass 
 
         f . write ( " \n\n =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= \n\n " ) 
         f . write ( f "List of highest CPU usage processes on { now } : \n\n " ) 
         for proc in sorted ( psutil . process_iter ([ 'pid' , 'name' , 'memory_percent' , 'cpu_percent' ]), key = lambda p : p .info[ 'cpu_percent' ], reverse = True ): 
             try : 
                 if proc .info[ 'pid' ] != current_pid :   # Exclude the current script 
                     cpu_percent = proc .info[ 'cpu_percent' ] 
                     if cpu_percent > 0.0 : 
                         f . write ( f "PID: { proc .info[ 'pid' ] } - Name: { proc .info[ 'name' ] } - CPU%: { cpu_percent :.2f } - Memory%: { proc .info[ 'memory_percent' ] :.2f }\n " ) 
                         f . write ( f " \t Disk usage: { psutil . disk_usage ( '/' ). percent :.2f } % \n " ) 
                         f . write ( f " \t Network usage: { psutil . net_io_counters (). bytes_sent / 1024 :.2f } KB sent/ { psutil . net_io_counters (). bytes_recv / 1024 :.2f } KB received \n " ) 
             except ( psutil . NoSuchProcess , psutil . AccessDenied , psutil . ZombieProcess ): 
                 pass 
 
         f . write ( " \n\n =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= \n\n " ) 
         f . write ( f "List of highest memory usage processes on { now } : \n\n " ) 
         for proc , mem_percent in sorted ( check_high_memory_usage (), key = lambda p : p [ 1 ], reverse = True ): 
             f . write ( f "PID: { proc .info[ 'pid' ] } - Name: { proc .info[ 'name' ] } - Memory%: { mem_percent :.2f }\n " ) 
             f . write ( f " \t Disk usage: { psutil . disk_usage ( '/' ). percent :.2f } % \n " ) 
             f . write ( f " \t Network usage: { psutil . net_io_counters (). bytes_sent / 1024 :.2f } KB sent/ { psutil . net_io_counters (). bytes_recv / 1024 :.2f } KB received \n " ) 
 
 def main (): 
     write_processes_to_file () 
 
 if __name__ == '__main__' : 
     main ()

pid killer (ranges too)
import psutil 
 
 while True : 
     pids = input ( "Type the PID(s) you want to kill, separated by commas, or specify a range with a dash (-): " ) 
     if pids . lower () == "exit" or pids . lower () == "stop" : 
         confirm = input ( "Are you sure you want to stop the script? (Y/N): " ) 
         if confirm . lower () in [ "y" , "yes" ]: 
             break 
         else : 
             continue 
     if '-' in pids : 
         start , end = pids . split ( '-' ) 
         pids_list = [ str ( pid ) for pid in range ( int ( start ), int ( end ) + 1 )] 
         yes_all = input ( "Do you want to kill all processes in the range without confirmation? (Y/N): " ) 
         if yes_all . lower () in [ 'y' , 'yes' ]: 
             response = 'y' 
         elif yes_all . lower () in [ 'n' , 'no' ]: 
             response = '' 
         else : 
             response = '' 
     else : 
         pids_list = pids . split ( "," ) 
         response = '' 
     
     for pid in pids_list : 
         try : 
             process = psutil . Process ( int ( pid )) 
             name = process . name () 
             mem_usage = process . memory_info (). rss / 1024 / 1024 
             cpu_usage = process . cpu_percent () 
             net_io_counters = psutil . net_io_counters ( pernic = False ) 
             network_usage = net_io_counters . bytes_sent / 1024 / 1024 + net_io_counters . bytes_recv / 1024 / 1024 
             disk_usage = process . io_counters ().write_bytes / 1024 / 1024 + process . io_counters ().read_bytes / 1024 / 1024 
             if response . lower () in [ 'y' , 'yes' ]: 
                 process . kill () 
                 print ( f "Process with PID { pid } ( { name } ) terminated." ) 
             elif response . lower () in [ 'n' , 'no' ]: 
                 response = input ( f "Y/N are you sure that you want to kill PID { pid } ( { name } ) current: mem { mem_usage :.2f } MB, CPU { cpu_usage :.2f } %, net { network_usage :.2f } MB, disk { disk_usage :.2f } MB? " ) 
                 if response . lower () in [ 'y' , 'yes' , 'yeah' , 'yep' , 'sure' , 'ok' , 'okay' , 'fine' , 'affirmative' , 'positive' ]: 
                     process . kill () 
                     print ( f "Process with PID { pid } ( { name } ) terminated." ) 
                 else : 
                     print ( f "Skipped terminating process with PID { pid } ( { name } )." ) 
             else : 
                 response = input ( f "Y/N are you sure that you want to kill PID { pid } ( { name } ) current: mem { mem_usage :.2f } MB, CPU { cpu_usage :.2f } %, net { network_usage :.2f } MB, disk { disk_usage :.2f } MB? " ) 
                 if response . lower () in [ 'y' , 'yes' , 'yeah' , 'yep' , 'sure' , 'ok' , 'okay' , 'fine' , 'affirmative' , 'positive' ]: 
                     process . kill () 
                     print ( f "Process with PID { pid } ( { name } ) terminated." ) 
                 else : 
                     print ( f "Skipped terminating process with PID { pid } ( { name } )." ) 
         except ( psutil . NoSuchProcess , psutil . AccessDenied , ValueError ) as e : 
             print ( f "Error: Cannot kill process with PID { pid } . Reason: { e } " )

block all .zip .rar .mov top level domains
current research impossible