Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work. Learn more →
Top 23 Python malware-analysis Projects
-
theZoo
A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
-
pyWhat
🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙♀️
Is there a library written in Go similar to PyWhat? I want to use a subset of the functionality for a simple go program I'm writing. I could just call PyWhat, link to lemmeknow, or even write a simple go implementation myself, but I wanted to ask if there was a pure go implementation. Thanks!
-
InfluxDB
Access the most powerful time series database as a service. Ingest, store, & analyze all types of time series data in a fully-managed, purpose-built database. Keep data forever with low-cost storage and superior data compression.
-
By far the best debugger for C is gdb+pwndbg (https://github.com/pwndbg/pwndbg)
-
gef
GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux
Project mention: How do you use gdb without the tui? Are there advantages? Or just describe your GDB workflow. | reddit.com/r/C_Programming | 2023-04-25If you are on Linux, install GEF and be happy.
-
You can detonate it into a VM running an instance of Cuckoo Sandbox. If you want to go the extra mile, you can dump the memory of said VM and analyse it with Volatility Framework. Also, if you want to quickly identify behavioural patterns in executable code, you can use Mandiant's CAPA tool (though idk if it works on .pdfs).
-
Allowed bulk analysis of files as well as observables, leading to a more efficient workflow for IntelOwl users. #1032
-
Project mention: Why is this de-compiled code showing a different value in memory sometimes? | reddit.com/r/ghidra | 2023-03-06
Depending on how clever the developer was, this tool works well to find hidden strings: https://github.com/mandiant/flare-floss
-
ONLYOFFICE
ONLYOFFICE Docs — document collaboration in your environment. Powerful document editing and collaboration in your app or environment. Ultimate security, API and 30+ ready connectors, SaaS or on-premises
-
malwoverview
Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest and it is able to scan Android devices against VT.
-
-
-
Project mention: Does anyone installed cuckoo sandbox recently? | reddit.com/r/cybersecurity | 2022-06-16
https://github.com/kevoreilly/CAPEv2 is a more "production ready" solution.
-
-
-
-
-
Project mention: unlicense 0.3.0 - A dynamic unpacker and import fixer for Themida/WinLicense 2.x and 3.x. Now with support for virtualized entry points and Delphi executables! | reddit.com/r/ReverseEngineering | 2022-07-21
-
packj
Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
I built Packj [1] sandboxing for securing “pip/NPM install”. It uses strace for sandboxing and blocks access to sensitive files and limits traffic to known-good IP addresses.
-
Project mention: refinery: High Octane Triage Analysis - The Binary Refinery™ is a collection of Python scripts that implement transformations of binary data such as compression and encryption | reddit.com/r/blueteamsec | 2023-03-02
-
honeypots
30 different honeypots in one package! (dhcp, dns, elastic, ftp, http proxy, https proxy, http, https, imap, ipp, irc, ldap, memcache, mssql, mysql, ntp, oracle, pjl, pop3, postgres, rdp, redis, sip, smb, smtp, snmp, socks5, ssh, telnet, vnc)
-
-
IATelligence
IATelligence is a Python script that will extract the IAT of a PE file and request GPT to get more information about the API and the ATT&CK matrix related
Project mention: IATelligence is a Python script that will extract the IAT of a PE file and request GPT to get more information about the API and the ATT&CK matrix related | reddit.com/r/cybersecurity | 2022-12-14 -
pyc2bytecode
A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including Python 3.10.*)
Project mention: PSA: Global QR Code bot could have malware... | reddit.com/r/DBZDokkanBattle | 2022-07-05I was able to figure out that this is a python program which was compiled to an .exe. Using uncompyle6 and pyc2bytecode, I was able to decompile the .exe into the python bytecode...but I'm no expert at reading python bytecode. If you want to do this yourself, note that you will need to use the same version of python as the version used to make the exe (python 3.9). I did easily by changing the python_version in my Pipfile to 3.9 and using pipenv shell.
-
AutoDroid
A tool for automating interactions with Android devices - including ADB, AndroGuard, and Frida interactivity.
-
Sonar
Write Clean Python Code. Always.. Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.
NOTE:
The open source projects on this list are ordered by number of github stars.
The number of mentions indicates repo mentiontions in the last 12 Months or
since we started tracking (Dec 2020).
The latest post mention was on 2023-05-19.
Python malware-analysis related posts
- Diablo I/II/III/IV/Immortal Class Randomizer
- Repo Collection for Malware analysis enthusiasts
- GitHub - INeddHelp/Destroyer: It destroys your pc
- Why is this de-compiled code showing a different value in memory sometimes?
- refinery: High Octane Triage Analysis - The Binary Refinery™ is a collection of Python scripts that implement transformations of binary data such as compression and encryption
- Gshade updates discontinued ;-;
- How to write malware
-
A note from our sponsor - Sonar
www.sonarsource.com | 1 Jun 2023
Index
What are some of the best open-source malware-analysis projects in Python? This list will help you:
| Project | Stars | |
|---|---|---|
| 1 | theZoo | 9,748 |
| 2 | pyWhat | 5,966 |
| 3 | pwndbg | 5,612 |
| 4 | gef | 5,597 |
| 5 | capa | 3,034 |
| 6 | IntelOwl | 2,767 |
| 7 | flare-floss | 2,658 |
| 8 | malwoverview | 2,189 |
| 9 | flare-fakenet-ng | 1,507 |
| 10 | yarGen | 1,271 |
| 11 | CAPEv2 | 1,219 |
| 12 | malboxes | 997 |
| 13 | ViperMonkey | 944 |
| 14 | drakvuf-sandbox | 834 |
| 15 | antivmdetection | 654 |
| 16 | unlicense | 594 |
| 17 | packj | 518 |
| 18 | refinery | 434 |
| 19 | honeypots | 404 |
| 20 | karton | 320 |
| 21 | IATelligence | 313 |
| 22 | pyc2bytecode | 102 |
| 23 | AutoDroid | 89 |
Write Clean Python Code. Always.
Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.
www.sonarsource.com