Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work. Learn more →
Top 23 Python malware-analysis Projects
A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.Project mention: Diablo I/II/III/IV/Immortal Class Randomizer | reddit.com/r/diablo4 | 2023-05-19
🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙♀️Project mention: Go Library like PyWhat? | reddit.com/r/golang | 2022-10-20
Is there a library written in Go similar to PyWhat? I want to use a subset of the functionality for a simple go program I'm writing. I could just call PyWhat, link to lemmeknow, or even write a simple go implementation myself, but I wanted to ask if there was a pure go implementation. Thanks!
Access the most powerful time series database as a service. Ingest, store, & analyze all types of time series data in a fully-managed, purpose-built database. Keep data forever with low-cost storage and superior data compression.
Exploit Development and Reverse Engineering with GDB Made EasyProject mention: Any tips for newish C debugging please. | reddit.com/r/neovim | 2023-02-01
By far the best debugger for C is gdb+pwndbg (https://github.com/pwndbg/pwndbg)
GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on LinuxProject mention: How do you use gdb without the tui? Are there advantages? Or just describe your GDB workflow. | reddit.com/r/C_Programming | 2023-04-25
If you are on Linux, install GEF and be happy.
The FLARE team's open-source tool to identify capabilities in executable files.Project mention: How to analyze malicious PDF? | reddit.com/r/AskNetsec | 2023-05-12
You can detonate it into a VM running an instance of Cuckoo Sandbox. If you want to go the extra mile, you can dump the memory of said VM and analyse it with Volatility Framework. Also, if you want to quickly identify behavioural patterns in executable code, you can use Mandiant's CAPA tool (though idk if it works on .pdfs).
Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scaleProject mention: To GSoC and beyond... | dev.to | 2022-09-26
Allowed bulk analysis of files as well as observables, leading to a more efficient workflow for IntelOwl users. #1032
FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.Project mention: Why is this de-compiled code showing a different value in memory sometimes? | reddit.com/r/ghidra | 2023-03-06
Depending on how clever the developer was, this tool works well to find hidden strings: https://github.com/mandiant/flare-floss
ONLYOFFICE Docs — document collaboration in your environment. Powerful document editing and collaboration in your app or environment. Ultimate security, API and 30+ ready connectors, SaaS or on-premises
Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest and it is able to scan Android devices against VT.
[Suspended] FakeNet-NG - Next Generation Dynamic Network Analysis Tool
yarGen is a generator for YARA rules
Malware Configuration And Payload ExtractionProject mention: Does anyone installed cuckoo sandbox recently? | reddit.com/r/cybersecurity | 2022-06-16
https://github.com/kevoreilly/CAPEv2 is a more "production ready" solution.
Builds malware analysis Windows VMs so that you don't have to.
A VBA parser and emulation engine to analyze malicious macros.
DRAKVUF Sandbox - automated hypervisor-level malware analysis system
Script to create templates to use with VirtualBox to make vm detection harder
Dynamic unpacker and import fixer for Themida/WinLicense 2.x and 3.x.Project mention: unlicense 0.3.0 - A dynamic unpacker and import fixer for Themida/WinLicense 2.x and 3.x. Now with support for virtualized entry points and Delphi executables! | reddit.com/r/ReverseEngineering | 2022-07-21
Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chainProject mention: How to use Podman inside of a container | news.ycombinator.com | 2023-04-26
I built Packj  sandboxing for securing “pip/NPM install”. It uses strace for sandboxing and blocks access to sensitive files and limits traffic to known-good IP addresses.
High Octane Triage Analysis (by binref)Project mention: refinery: High Octane Triage Analysis - The Binary Refinery™ is a collection of Python scripts that implement transformations of binary data such as compression and encryption | reddit.com/r/blueteamsec | 2023-03-02
30 different honeypots in one package! (dhcp, dns, elastic, ftp, http proxy, https proxy, http, https, imap, ipp, irc, ldap, memcache, mssql, mysql, ntp, oracle, pjl, pop3, postgres, rdp, redis, sip, smb, smtp, snmp, socks5, ssh, telnet, vnc)Project mention: 30 different honeypots in one package! | reddit.com/r/Ethical_Hackers | 2023-04-03
Distributed malware processing framework based on Python, Redis and S3.
IATelligence is a Python script that will extract the IAT of a PE file and request GPT to get more information about the API and the ATT&CK matrix relatedProject mention: IATelligence is a Python script that will extract the IAT of a PE file and request GPT to get more information about the API and the ATT&CK matrix related | reddit.com/r/cybersecurity | 2022-12-14
A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including Python 3.10.*)Project mention: PSA: Global QR Code bot could have malware... | reddit.com/r/DBZDokkanBattle | 2022-07-05
I was able to figure out that this is a python program which was compiled to an .exe. Using uncompyle6 and pyc2bytecode, I was able to decompile the .exe into the python bytecode...but I'm no expert at reading python bytecode. If you want to do this yourself, note that you will need to use the same version of python as the version used to make the exe (python 3.9). I did easily by changing the python_version in my Pipfile to 3.9 and using pipenv shell.
A tool for automating interactions with Android devices - including ADB, AndroGuard, and Frida interactivity.
Write Clean Python Code. Always.. Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.
Python malware-analysis related posts
Diablo I/II/III/IV/Immortal Class Randomizer
2 projects | reddit.com/r/diablo4 | 19 May 2023
Repo Collection for Malware analysis enthusiasts
4 projects | reddit.com/r/Malware | 20 May 2023
GitHub - INeddHelp/Destroyer: It destroys your pc
2 projects | reddit.com/r/programminghorror | 25 Mar 2023
Why is this de-compiled code showing a different value in memory sometimes?
1 project | reddit.com/r/ghidra | 6 Mar 2023
refinery: High Octane Triage Analysis - The Binary Refinery™ is a collection of Python scripts that implement transformations of binary data such as compression and encryption
1 project | reddit.com/r/blueteamsec | 2 Mar 2023
Gshade updates discontinued ;-;
7 projects | reddit.com/r/ffxiv | 6 Feb 2023
How to write malware
2 projects | reddit.com/r/hacking | 21 Jan 2023
A note from our sponsor - Sonar
www.sonarsource.com | 1 Jun 2023
What are some of the best open-source malware-analysis projects in Python? This list will help you: