Python Malware

Open-source Python projects categorized as Malware

Top 23 Python Malware Projects

  • hosts

    🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.

    Project mention: There’s ads when you pause | reddit.com/r/ABoringDystopia | 2023-01-31
  • wifiphisher

    The Rogue Access Point Framework

    Project mention: Fixing an embedded null character error | reddit.com/r/linuxquestions | 2022-12-29

    In an effort to spend less time in front of class fiddling with the command line I tried using WifiPhisher https://github.com/wifiphisher/wifiphisher --- but it randomly crashes with the following error:

  • InfluxDB

    Build time-series-based applications quickly and at scale.. InfluxDB is the Time Series Platform where developers build real-time applications for analytics, IoT and cloud-native services. Easy to start, it is available in the cloud or on-premises.

  • theZoo

    A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.

    Project mention: How to write malware | reddit.com/r/hacking | 2023-01-21

    vx-underground The Zoo

  • volatility

    An advanced memory forensics framework

    Project mention: memory dump with FTK Imager | reddit.com/r/computerforensics | 2022-12-02
  • pyWhat

    🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙‍♀️

    Project mention: Go Library like PyWhat? | reddit.com/r/golang | 2022-10-20

    Is there a library written in Go similar to PyWhat? I want to use a subset of the functionality for a simple go program I'm writing. I could just call PyWhat, link to lemmeknow, or even write a simple go implementation myself, but I wanted to ask if there was a pure go implementation. Thanks!

  • pwndbg

    Exploit Development and Reverse Engineering with GDB Made Easy

    Project mention: Any tips for newish C debugging please. | reddit.com/r/neovim | 2023-02-01

    By far the best debugger for C is gdb+pwndbg (https://github.com/pwndbg/pwndbg)

  • maltrail

    Malicious traffic detection system

    Project mention: Is Maltrait worth the trouble? | reddit.com/r/OPNsenseFirewall | 2022-12-22

    Yes, MT had OOM on *BSD, because of python-pcapy module, which is currently unmaintained. So, the fork was done and python-pcapy-ng becomes actual module for MT, which fixed OOM and now MT works OK for *BSD-line: [1] https://github.com/stamparm/maltrail/issues/19056 [2] https://github.com/stamparm/maltrail/issues/16710 [3] py-pcapy-ng on Fresh Ports: https://www.freshports.org/net/py-pcapy-ng/ Also /requirement.txt file was modified for MT to avoid installing python-pcapy instead of python-pcapy-ng: [4] https://github.com/stamparm/maltrail/commit/2aa2da5ba5c332ddd106020290926d1fdfd0f8b2 Despite on all it, some mass-medias keep saying that python-pcapy is required for MT to work. No, just python-pcapy-ng. "Given everything is now encrypted, does anyone know if it is still effective?" <-- IDS (MT is the IDS itself) is passive detection, it doesn't provide the prevention actions. MT can use blocking mechanism, they are describes for Linux: https://github.com/stamparm/maltrail/wiki/Miscellaneous#1-setting-up-maltrail-as-an-intrusion-prevention-system-ips . If some can describe mechanism for MT on *BSD-line, that would be nice. Anyway would be thankful, if you provide details on missing ransomware. Perhaps, it is needed to update network IoCs, if ransomware comprometation was via network. Thank you! "Are the signatures reasonably up to date?" <-- trying to be up-to-dated: https://github.com/stamparm/maltrail/commits/master

  • Sonar

    Write Clean Python Code. Always.. Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.

  • qiling

    A True Instrumentable Binary Emulation Framework

    Project mention: Unicorn Engine problem with map | reddit.com/r/learnprogramming | 2022-11-26

    Sounds more like r/ReverseEngineering. If what you want to do is some dynamic analysis or just play around, maybe try using qiling, it's built on top of unicorn and is made by the same authors. It will take care of loading the file for you.

  • flare-floss

    FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.

    Project mention: Static Analysis Research - Windows PE | dev.to | 2023-01-06

    Recently, I decided do delve a little bit more into static analysis, something beyond just running strings on a binary and getting the ASCII characters that are printable. I decided to take a deep look at how FLOSS is working and possibly recreate some of its functionality in my own tool.

  • malwoverview

    Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest and it is able to scan Android devices against VT.

  • volatility3

    Volatility 3.0 development

    Project mention: Wie kompiliert man vollständig den Source-Code auf einem Debian Linux? | reddit.com/r/de_EDV | 2022-06-21
  • yarGen

    yarGen is a generator for YARA rules

    Project mention: Tasked with building a malware analysis / threat hunting machine . Need feedback | reddit.com/r/cybersecurity | 2022-03-10

    Yara rules generator - Generate yara rules based on a set of malware sample, https://github.com/Neo23x0/yarGen

  • CAPEv2

    Malware Configuration And Payload Extraction

    Project mention: Does anyone installed cuckoo sandbox recently? | reddit.com/r/cybersecurity | 2022-06-16

    https://github.com/kevoreilly/CAPEv2 is a more "production ready" solution.

  • intelmq

    IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.

  • drakvuf-sandbox

    DRAKVUF Sandbox - automated hypervisor-level malware analysis system

  • ThePhish

    ThePhish: an automated phishing email analysis tool

    Project mention: security alerts management | reddit.com/r/msp | 2022-09-15
  • Python-Rootkit

    Python Remote Administration Tool (RAT) to gain meterpreter session

  • MalConfScan

    Volatility plugin for extracts configuration data of known malware

  • opensquat

    The openSquat project is an open-source solution for detecting phishing domains and domain squatting. It searches for newly registered domains that impersonate legitimate domains on a daily basis. This project aims to help protect individuals and organizations from cyber threats by identifying and alerting them to potentially malicious domains.

    Project mention: How to find a similar looking domains | reddit.com/r/OSINT | 2022-10-08
  • packj

    The vetting tool 🚀 behind our "dependency firewall" to block malicious/risky open-source packages in your software supply chain

    Project mention: Show HN: Coder Guard – Protect Your IDE from Malicious Extensions | news.ycombinator.com | 2023-01-26

    Very cool! I've built something similar, but for packages: https://github.com/ossillate-inc/packj Would love to talk.

  • misp-galaxy

    Clusters and elements to attach to MISP events or attributes (like threat actors)

    Project mention: Profiling and Tracking Threat Actors | reddit.com/r/OSINT | 2022-09-13

    MISP threat actors galaxy may be of interest: https://github.com/MISP/misp-galaxy

  • community

    Volatility plugins developed and maintained by the community (by volatilityfoundation)

    Project mention: Volatility 3 commands and usage tips to get started with memory forensics. Volatility 3 + plugins make it easy to do advanced memory analysis. | reddit.com/r/computerforensics | 2022-02-22
  • JPGtoMalware

    It embeds the executable file or payload inside the jpg file. The method the program uses isn't exactly called one of the steganography methods. For this reason, it does not cause any distortion in the JPG file. The JPG file size and payload do not have to be proportional.The JPG file is displayed normally in any viewing application or web application. It can bypass various security programs such as firewall, antivirus. If the file is examined in detail, it is easier to detect than steganograp

    Project mention: JPGtoMalware | news.ycombinator.com | 2022-06-02
  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2023-02-01.

Python Malware related posts

Index

What are some of the best open-source Malware projects in Python? This list will help you:

Project Stars
1 hosts 22,287
2 wifiphisher 11,421
3 theZoo 9,370
4 volatility 5,898
5 pyWhat 5,664
6 pwndbg 5,215
7 maltrail 4,932
8 qiling 3,862
9 flare-floss 2,529
10 malwoverview 2,074
11 volatility3 1,282
12 yarGen 1,180
13 CAPEv2 1,037
14 intelmq 798
15 drakvuf-sandbox 769
16 ThePhish 717
17 Python-Rootkit 456
18 MalConfScan 437
19 opensquat 417
20 packj 398
21 misp-galaxy 389
22 community 310
23 JPGtoMalware 300
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com