SaaSHub helps you find the best software and product alternatives Learn more →
Top 23 Python malware-analysis Projects
-
theZoo
A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
The analyzed sample is provided within this folder, the password for the zip file is infected. This sample was taken from theZoo Repository.
-
InfluxDB
InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.
-
It's written for exploit development, but even for debugging a C program. It makes things a lot nicer.
https://pwndbg.re/
-
gef
GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux
-
flare-vm
A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.
-
pyWhat
🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙♀️
Project mention: pyWhat VS binwalk - a user suggested alternative | libhunt.com/r/pyWhat | 2024-07-19 -
-
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
-
malwoverview
Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest, VxExchange and IPInfo, and it is also able to scan Android devices against VT.
-
oletools
oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.
-
-
-
-
-
-
-
-
honeypots
30 different honeypots in one package! (dhcp, dns, elastic, ftp, http proxy, https proxy, http, https, imap, ipp, irc, ldap, memcache, mssql, mysql, ntp, oracle, pjl, pop3, postgres, rdp, redis, sip, smb, smtp, snmp, socks5, ssh, telnet, vnc)
-
-
-
packj
Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
Project mention: A Study of Malware Prevention in Linux Distributions | news.ycombinator.com | 2024-11-21Good to see Packj[1] as one of the malware scanners used.
1. https://github.com/ossillate-inc/packj
Packj detects malicious PyPI/NPM/Ruby/PHP/etc. dependencies using behavioral analysis. It uses static+dynamic code analysis to scan for indicators of compromise (e.g., spawning of shell, use of SSH keys, network communication, use of decode+eval, etc). It also checks for several metadata attributes to detect bad actors (e.g., typo squatting).
-
-
IATelligence
IATelligence is a Python script that will extract the IAT of a PE file and request GPT to get more information about the API and the ATT&CK matrix related
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Python malware-analysis discussion
Python malware-analysis related posts
-
Malware Analysis: CryptoLocker
-
Paper sospechoso - CTF - PWNEDCR0x7
-
TheZoo a.k.a. Malware DB
-
Tools to demonstrate malware or ransomware infected PC
-
Advices for an automated malware analysis lab project
-
Worms for practice
-
N00bs Night Malware RE Workshop with @c3rb3ru5d3d53c (OALABS)
-
A note from our sponsor - SaaSHub
www.saashub.com | 23 May 2025
Index
What are some of the best open-source malware-analysis projects in Python? This list will help you:
# | Project | Stars |
---|---|---|
1 | theZoo | 11,841 |
2 | pwndbg | 8,637 |
3 | gef | 7,504 |
4 | flare-vm | 7,294 |
5 | pyWhat | 6,866 |
6 | capa | 5,310 |
7 | IntelOwl | 4,123 |
8 | flare-floss | 3,534 |
9 | malwoverview | 3,195 |
10 | oletools | 3,065 |
11 | CAPEv2 | 2,425 |
12 | flare-fakenet-ng | 1,918 |
13 | yarGen | 1,643 |
14 | unlicense | 1,140 |
15 | drakvuf-sandbox | 1,139 |
16 | ViperMonkey | 1,092 |
17 | malboxes | 1,040 |
18 | honeypots | 786 |
19 | antivmdetection | 742 |
20 | refinery | 725 |
21 | packj | 662 |
22 | karton | 426 |
23 | IATelligence | 358 |