InfluxDB is the Time Series Platform where developers build real-time applications for analytics, IoT and cloud-native services. Easy to start, it is available in the cloud or on-premises. Learn more →
Top 23 Python Malware Projects
-
hosts
🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.
-
In an effort to spend less time in front of class fiddling with the command line I tried using WifiPhisher https://github.com/wifiphisher/wifiphisher --- but it randomly crashes with the following error:
-
InfluxDB
Build time-series-based applications quickly and at scale.. InfluxDB is the Time Series Platform where developers build real-time applications for analytics, IoT and cloud-native services. Easy to start, it is available in the cloud or on-premises.
-
theZoo
A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
vx-underground The Zoo
-
-
pyWhat
🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙♀️
Is there a library written in Go similar to PyWhat? I want to use a subset of the functionality for a simple go program I'm writing. I could just call PyWhat, link to lemmeknow, or even write a simple go implementation myself, but I wanted to ask if there was a pure go implementation. Thanks!
-
By far the best debugger for C is gdb+pwndbg (https://github.com/pwndbg/pwndbg)
-
Yes, MT had OOM on *BSD, because of python-pcapy module, which is currently unmaintained. So, the fork was done and python-pcapy-ng becomes actual module for MT, which fixed OOM and now MT works OK for *BSD-line: [1] https://github.com/stamparm/maltrail/issues/19056 [2] https://github.com/stamparm/maltrail/issues/16710 [3] py-pcapy-ng on Fresh Ports: https://www.freshports.org/net/py-pcapy-ng/ Also /requirement.txt file was modified for MT to avoid installing python-pcapy instead of python-pcapy-ng: [4] https://github.com/stamparm/maltrail/commit/2aa2da5ba5c332ddd106020290926d1fdfd0f8b2 Despite on all it, some mass-medias keep saying that python-pcapy is required for MT to work. No, just python-pcapy-ng. "Given everything is now encrypted, does anyone know if it is still effective?" <-- IDS (MT is the IDS itself) is passive detection, it doesn't provide the prevention actions. MT can use blocking mechanism, they are describes for Linux: https://github.com/stamparm/maltrail/wiki/Miscellaneous#1-setting-up-maltrail-as-an-intrusion-prevention-system-ips . If some can describe mechanism for MT on *BSD-line, that would be nice. Anyway would be thankful, if you provide details on missing ransomware. Perhaps, it is needed to update network IoCs, if ransomware comprometation was via network. Thank you! "Are the signatures reasonably up to date?" <-- trying to be up-to-dated: https://github.com/stamparm/maltrail/commits/master
-
Sonar
Write Clean Python Code. Always.. Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.
-
Sounds more like r/ReverseEngineering. If what you want to do is some dynamic analysis or just play around, maybe try using qiling, it's built on top of unicorn and is made by the same authors. It will take care of loading the file for you.
-
Recently, I decided do delve a little bit more into static analysis, something beyond just running strings on a binary and getting the ASCII characters that are printable. I decided to take a deep look at how FLOSS is working and possibly recreate some of its functionality in my own tool.
-
malwoverview
Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest and it is able to scan Android devices against VT.
-
Project mention: Wie kompiliert man vollständig den Source-Code auf einem Debian Linux? | reddit.com/r/de_EDV | 2022-06-21
-
Project mention: Tasked with building a malware analysis / threat hunting machine . Need feedback | reddit.com/r/cybersecurity | 2022-03-10
Yara rules generator - Generate yara rules based on a set of malware sample, https://github.com/Neo23x0/yarGen
-
Project mention: Does anyone installed cuckoo sandbox recently? | reddit.com/r/cybersecurity | 2022-06-16
https://github.com/kevoreilly/CAPEv2 is a more "production ready" solution.
-
intelmq
IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.
-
-
-
-
-
opensquat
The openSquat project is an open-source solution for detecting phishing domains and domain squatting. It searches for newly registered domains that impersonate legitimate domains on a daily basis. This project aims to help protect individuals and organizations from cyber threats by identifying and alerting them to potentially malicious domains.
-
packj
The vetting tool 🚀 behind our "dependency firewall" to block malicious/risky open-source packages in your software supply chain
Project mention: Show HN: Coder Guard – Protect Your IDE from Malicious Extensions | news.ycombinator.com | 2023-01-26Very cool! I've built something similar, but for packages: https://github.com/ossillate-inc/packj Would love to talk.
-
MISP threat actors galaxy may be of interest: https://github.com/MISP/misp-galaxy
-
Project mention: Volatility 3 commands and usage tips to get started with memory forensics. Volatility 3 + plugins make it easy to do advanced memory analysis. | reddit.com/r/computerforensics | 2022-02-22
-
JPGtoMalware
It embeds the executable file or payload inside the jpg file. The method the program uses isn't exactly called one of the steganography methods. For this reason, it does not cause any distortion in the JPG file. The JPG file size and payload do not have to be proportional.The JPG file is displayed normally in any viewing application or web application. It can bypass various security programs such as firewall, antivirus. If the file is examined in detail, it is easier to detect than steganograp
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
NOTE:
The open source projects on this list are ordered by number of github stars.
The number of mentions indicates repo mentiontions in the last 12 Months or
since we started tracking (Dec 2020).
The latest post mention was on 2023-02-01.
Python Malware related posts
- There’s ads when you pause
- hc-rs: a hosts file creator
- Show HN: Coder Guard – Protect Your IDE from Malicious Extensions
- How do I scan the models?
- How to write malware
- Block time wasters permanently on your phone + ad free app experience on Android
- Joel Järvensivu, 24, vaihtoi kännykän retromalliin ja käyttää älypuhelinta vain tarpeeseen – "Tajusin, ettei siinä jää paitsi mistään"
-
A note from our sponsor - InfluxDB
www.influxdata.com | 4 Feb 2023
Index
What are some of the best open-source Malware projects in Python? This list will help you:
| Project | Stars | |
|---|---|---|
| 1 | hosts | 22,287 |
| 2 | wifiphisher | 11,421 |
| 3 | theZoo | 9,370 |
| 4 | volatility | 5,898 |
| 5 | pyWhat | 5,664 |
| 6 | pwndbg | 5,215 |
| 7 | maltrail | 4,932 |
| 8 | qiling | 3,862 |
| 9 | flare-floss | 2,529 |
| 10 | malwoverview | 2,074 |
| 11 | volatility3 | 1,282 |
| 12 | yarGen | 1,180 |
| 13 | CAPEv2 | 1,037 |
| 14 | intelmq | 798 |
| 15 | drakvuf-sandbox | 769 |
| 16 | ThePhish | 717 |
| 17 | Python-Rootkit | 456 |
| 18 | MalConfScan | 437 |
| 19 | opensquat | 417 |
| 20 | packj | 398 |
| 21 | misp-galaxy | 389 |
| 22 | community | 310 |
| 23 | JPGtoMalware | 300 |
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com