Home

Takajō (鷹匠) is a fast forensics analyzer for Hayabusa results, created by Yamato Security and written in Nim. Takajō means "Falconer" in Japanese — it analyzes Hayabusa's "catches" (results).

Get Started Command Reference View on GitHub

---

Why Takajō?

• Single fast binary

  ---

  Written in Nim — memory-safe, as fast as native C, and a single standalone binary on any OS.

• HTML reports

  ---

  Generate HTML summary reports of your Hayabusa results, or serve them interactively.

• Process trees

  ---

  Reconstruct and print the process trees of malicious processes from Sysmon logs.

• Stacking analysis

  ---

  Stack command lines, DNS requests, logons, processes, services, tasks and more to surface outliers.

• Focused timelines

  ---

  Build timelines for logons, USB usage, suspicious processes and tasks, and split large CSV/JSONL timelines.

• TTPs & VirusTotal

  ---

  Visualize TTPs as heatmaps in the MITRE ATT&CK Navigator, and look up IPs, domains and hashes on VirusTotal.

Quick links

• New here?

  Start with the Overview, then head to Getting Started to download and run Takajō.

• Working with the CLI?

  Browse the Command List and the per-category reference — Extract, HTML, Stack, Timeline, and more.

• Going further?

  Explore the Companion Projects, the Changelog, and how to contribute.