LiteThreatWatch is a Python-based, host-level monitoring tool designed to detect suspicious activity in real-time, such as USB device insertions, command-line tool abuse (cmd, PowerShell), and sensitive clipboard data copying (e.g., passwords, tokens). It was built for analysts, interns, or security learners who want to gain hands-on experience in endpoint behavior monitoring — without using any antivirus or external software. Lightweight, modular, and completely open-source.
- 🎯 Detects suspicious processes (e.g., cmd, PowerShell, netcat)
- 💾 Logs USB device insertions
- 📋 Monitors clipboard for sensitive data (e.g., passwords, tokens)
- 🧵 Multi-threaded architecture for real-time monitoring
- 💻 Safe to run on host — no malware, no simulation required
| Module | Function |
|---|---|
process_monitor.py |
Detects suspicious processes like cmd, powershell, ftp.Used to catch command-line abuse and unauthorized tool usage. |
usb_monitor.py |
Logs USB insertions using WMI COM watcher. Helps detect data exfiltration via physical media. |
clipboard_monitor.py |
Flags sensitive content copied to clipboard like password, api_key, or tokens.Useful for spotting accidental leaks. |
main.py |
Launches all modules in parallel threads. Ensures real-time threat monitoring. |
Each module is written from scratch and tested independently before integration.
Install the required Python libraries
pip install psutil pyperclip wmi
##These libraries are used for accessing system-level info, clipboard, and Windows management interfaces.
Run the project
python main.py
##If everything runs correctly, you’ll see:
Lite ThreatWatch started...
[INFO] USB monitoring started...
[INFO] Clipboard monitoring started...
All detected threats will be printed to terminal and logged into:
📁 logs/threat_log.txt
[ALERT] USB device inserted at 2025-05-16 21:22:01
[ALERT] Suspicious process detected: powershell.exe (PID: 8840)
[ALERT] Clipboard data flagged: password = 123secure...
---
## 📸 Sample Output Screenshot
Below is a real-time output of this tool detecting threats:
---
## 👨💻 Author
Name: Rishabh Saini
---
## 🔒 Proof of Work
This project was completely built, tested, and documented by me.
✅ All code is manually written, debugged, and structured from scratch.
✅ Project was executed on my local machine, with real-time screenshots and logs captured.
System Details:
- 💻 Username: `theri`
- 🖥️ OS: Windows 11
- 🐍 Python: 3.11.3
- 🛠️ Editor: Visual Studio Code
- 📂 Project Folder: `D:\Project\Lite ThreatWatch`
> This repository is a result of original effort and thinking, aiming to solve real-world insider threat challenges through defensive security scripting.
----------