Download WRAITH

Get the latest Windows release and start triaging in minutes. No installer, no setup, just extract and run.

Windows 10 / 11

Latest Release

Download the latest version of WRAITH directly from GitHub.

Latest GitHub Release

How to Install

Three steps and you're in. No admin rights needed just to get set up.

  1. Download the zip

    Click the download button above. The page automatically finds the latest Windows release from GitHub, so you always get the most recent version without having to check manually.

  2. Extract the folder

    Right-click the .zip file and choose “Extract All.” You can put it anywhere — your desktop, a USB drive, a dedicated tools folder. WRAITH is fully portable, so nothing gets installed on your system.

  3. Run WRAITH.exe

    Open the extracted folder and double-click WRAITH.exe. Windows may show a security prompt the first time — see the section below for exactly what to expect and how to get past it.

What Windows Will Tell You

These prompts are expected. Here is what each one means and what to do.

SmartScreen

“Windows protected your PC”

You will likely see this the first time you run WRAITH. It appears because WRAITH does not have a commercially purchased code signing certificate. To continue, click More info and then Run anyway. This is a one-time prompt for new executables from the internet.

UAC Prompt

“Do you want to allow this app to make changes?”

WRAITH may request administrator privileges. This is needed to read certain artifacts — event logs, some registry keys, and process data that require elevated access. Click Yes to continue. WRAITH does not install anything or modify your system.

Antivirus or Defender

Flagged as suspicious

Some antivirus tools flag WRAITH because it reads and inspects the same types of system artifacts that malware sometimes touches. This is a false positive. WRAITH is fully open source and every line of code is on GitHub. If it gets quarantined, you can review the code yourself and add an exclusion for the WRAITH folder.

About Code Signing

Why there is no certificate, and what that means for you.

WRAITH is not currently signed with a commercial Authenticode certificate. The honest reason: code signing certificates for Windows desktop apps cost a few hundred dollars per year, and this is a community project with no budget behind it. The absence of a certificate is a cost issue, not a security issue.

If you want to verify what you are running, the source code is entirely public on GitHub. You can review it, build it yourself, and compare the binary hash to the one in the release. That is more transparent than a paid certificate from a company you have never heard of anyway.

Getting a proper Authenticode certificate is on the roadmap. When that ships, Windows will recognize WRAITH as a trusted publisher and the SmartScreen prompt will go away.

Review the Source CodeAll Releases on GitHub