Windows admin and security tool for discovering, recovering, and managing hidden or inaccessible windows

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for djdarcy from gravatar.com djdarcy

Unverified details

These details have not been verified by PyPI
Meta
  • License: GPL-3.0
  • Author: Dustin
  • Tags windows , window-management , security , admin-tools , utility , hidden-windows , dazzletools , dazzle
  • Requires: Python >=3.8
Report project as malware

Project description

wingather

PyPI Release Date Python 3.8+ License: GPL v3 GitHub Discussions Platform

Windows admin and security tool for discovering, recovering, and managing hidden or inaccessible windows.

Finds hidden, minimized, off-screen, and obscured windows -- restores them and centers them on your chosen monitor. Useful for:

  • Security investigation -- surface suspicious hidden dialogs or message boxes
  • Window rescue -- recover windows lost off-screen after monitor disconnect
  • Desktop cleanup -- quickly gather all windows to one spot (including from other desktops)

Installation

# From PyPI (coming soon)
pip install wingather

# From source
git clone https://github.com/DazzleTools/wingather.git
cd wingather
pip install -e .

Usage

# Find and surface suspicious windows (default: only acts on flagged windows)
wingather --dry-run

# Gather ALL windows to center of primary monitor
wingather --all

# List what's out there without taking action
wingather --list-only

# Reveal suspicious hidden windows (with educational banner)
wingather --show-hidden
wingather --show-hidden --all   # reveal ALL hidden windows (use with caution)
wingather --undo                # re-hide them (see docs/hidden-windows.md)

# Center on a specific monitor (0=primary, 1=secondary, etc.)
wingather --monitor 1

# Filter by window title or process name (fnmatch patterns)
wingather --filter "*chrome*"
wingather --exclude "*spotify*"

# JSON output for scripting
wingather --json

# Verbose logging
wingather -v

See docs/parameters.md for the full CLI reference with all options, filtering, trust configuration, and output modes.

Running as Administrator

For best results, run as Administrator. Without elevation, windows belonging to elevated processes (e.g., Task Manager, Process Explorer) cannot be moved.

What It Does

  1. Sets DPI awareness for accurate multi-monitor coordinate handling
  2. Enumerates all top-level windows via Win32 EnumWindows
  3. Identifies window state: normal, minimized, hidden, off-screen, cloaked (virtual desktop)
  4. Scores windows for suspicious indicators (off-screen, shrunk, dialog, cloaked)
  5. By default, only acts on suspicious windows (use --all for everything)
  6. Restores, shows, and centers affected windows on the target monitor
  7. Reports what was found and what action was taken

Window States

State Description Default Action
normal Visible, on-screen Skip (use --all to center)
minimized In taskbar Restore + Center (if suspicious)
maximized Full-screen normal Skip (use --all to center)
hidden WS_VISIBLE not set Skip (use --show-hidden)
off-screen Beyond monitor bounds Center (flagged suspicious)
cloaked On another virtual desktop Skip (OS limitation)

Suspicious Window Detection

wingather flags windows that exhibit suspicious behavior using a weighted concern scoring system:

Level Label Example Triggers Action
[!1] ALERT Off-screen + dialog, trust verification failed Set TOPMOST
[!2] ALERT Off-screen window Set TOPMOST
[!3] CONCERN Heavily shrunk window Set TOPMOST
[!4] NOTE Dialog, partially off-screen Flagged only
[!5] NOTE Cloaked on another desktop Flagged only

See docs/parameters.md for indicator weights and scoring details.

Trust Verification

Built-in trusted processes (explorer.exe, etc.) are verified by checking their file path and Microsoft Authenticode signature before suppressing flags. A process masquerading as a trusted name but failing verification triggers an immediate level 1 ALERT.

# Bypass default trust list -- flag everything
wingather --no-default-trust --dry-run

# Trust additional processes
wingather -tp myapp.exe -tp "custom*"

Cross-Platform

Designed with a platform abstraction layer. Currently implemented for Windows only. macOS and Linux stubs are in place for future development. See docs/platform-support.md for details, requirements, and how to help.

Platform Status
Windows Implemented
macOS Stub (PyObjC/Quartz planned)
Linux/X11 Stub (python-xlib/wmctrl planned)
Linux/Wayland Not feasible (compositor security model)

Requirements

  • Python 3.8+
  • Windows: pywin32, psutil

Related Tools

  • process-delta -- Process and service snapshot comparison tool
  • NirCmd -- win center alltop does partial centering (no hidden/minimized restore)
  • GUIPropView -- GUI window inspector with manual center action

Contributing

Contributions welcome! See CONTRIBUTING.md.

Like the project?

"Buy Me A Coffee"

License

wingather, Copyright (C) 2026 Dustin Darcy

This project is licensed under the GNU General Public License v3.0 - see the LICENSE file for details.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for djdarcy from gravatar.com djdarcy

Unverified details

These details have not been verified by PyPI
Meta
  • License: GPL-3.0
  • Author: Dustin
  • Tags windows , window-management , security , admin-tools , utility , hidden-windows , dazzletools , dazzle
  • Requires: Python >=3.8

Release history Release notifications | RSS feed

0.2.3a1 pre-release

This version

0.2.2a0 pre-release

0.2.1a0 pre-release

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

wingather-0.2.2a0.tar.gz (47.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

wingather-0.2.2a0-py3-none-any.whl (42.9 kB view details)

Uploaded Python 3

File details

Details for the file wingather-0.2.2a0.tar.gz.

File metadata

  • Download URL: wingather-0.2.2a0.tar.gz
  • Upload date:
  • Size: 47.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for wingather-0.2.2a0.tar.gz
Algorithm Hash digest
SHA256 e041de1e6478f102356d89de8631741a82deef38c0cff51e3a7046542142a0ef
MD5 70972238ede95e818e74583fe28ac0c5
BLAKE2b-256 f7f23e0a1128d365489b24023e00f9783b0cf62fb2445dbad1d94c4406f45904

See more details on using hashes here.

Provenance

The following attestation bundles were made for wingather-0.2.2a0.tar.gz:

Publisher: release.yml on DazzleTools/wingather

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file wingather-0.2.2a0-py3-none-any.whl.

File metadata

  • Download URL: wingather-0.2.2a0-py3-none-any.whl
  • Upload date:
  • Size: 42.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for wingather-0.2.2a0-py3-none-any.whl
Algorithm Hash digest
SHA256 ccb792e3a0d3a8145103aab104b28a7759b71a2dcc02872638f6495745e42372
MD5 7c731471cbb2df4579b9c8e2aad040a2
BLAKE2b-256 d1fe1aac02b10f44adc3782a3c5ee3686310cc4d00fdb3847dabcd7992c20de7

See more details on using hashes here.

Provenance

The following attestation bundles were made for wingather-0.2.2a0-py3-none-any.whl:

Publisher: release.yml on DazzleTools/wingather

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page