Top 23 Python malware-analysis Projects

malware-analysis

• Add a project

1. theZoo

   1 66 11,841 2.5 Python

   A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.

   

   Project mention: Malware Analysis: CryptoLocker | dev.to | 2024-12-29

   The analyzed sample is provided within this folder, the password for the zip file is infected. This sample was taken from theZoo Repository.

2. InfluxDB

   www.influxdata.com featured

   InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

   

3. pwndbg

   2 10 8,637 9.7 Python

   Exploit Development and Reverse Engineering with GDB & LLDB Made Easy

   

   Project mention: Pleasant Debugging with GDB and DDD | news.ycombinator.com | 2024-11-16

   It's written for exploit development, but even for debugging a C program. It makes things a lot nicer.

   https://pwndbg.re/

4. gef

   3 18 7,504 7.4 Python

   GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux

   

   Project mention: Bit Vectors and my first steps into assembly | news.ycombinator.com | 2024-12-25

5. flare-vm

   4 23 7,294 9.0 Python

   A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

   

6. pyWhat

   5 17 6,866 0.0 Python

   🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙‍♀️

   

   Project mention: pyWhat VS binwalk - a user suggested alternative | libhunt.com/r/pyWhat | 2024-07-19

7. capa

   6 2 5,310 9.7 Python

   The FLARE team's open-source tool to identify capabilities in executable files.

   

8. IntelOwl

   7 13 4,123 9.5 Python

   IntelOwl: manage your Threat Intelligence at scale

   

9. SaaSHub

   www.saashub.com featured

   SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

   

10. flare-floss

    8 4 3,534 7.9 Python

    FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.

    

11. malwoverview

    9 3 3,195 7.9 Python

    Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest, VxExchange and IPInfo, and it is also able to scan Android devices against VT.

    

12. oletools

    10 6 3,065 3.9 Python

    oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.

    

    Project mention: Paper sospechoso - CTF - PWNEDCR0x7 | dev.to | 2024-11-10

13. CAPEv2

    11 5 2,425 9.8 Python

    Malware Configuration And Payload Extraction

    

14. flare-fakenet-ng

    12 2 1,918 4.4 Python

    FakeNet-NG - Next Generation Dynamic Network Analysis Tool

    

15. yarGen

    13 1 1,643 2.4 Python

    yarGen is a generator for YARA rules

    

16. unlicense

    14 2 1,140 6.3 Python

    Dynamic unpacker and import fixer for Themida/WinLicense 2.x and 3.x.

    

17. drakvuf-sandbox

    15 2 1,139 8.9 Python

    DRAKVUF Sandbox - automated hypervisor-level malware analysis system

    

18. ViperMonkey

    16 1 1,092 2.1 Python

    A VBA parser and emulation engine to analyze malicious macros.

    

19. malboxes

    17 1 1,040 1.8 Python

    Builds malware analysis Windows VMs so that you don't have to.

    

20. honeypots

    18 1 786 8.0 Python

    30 different honeypots in one package! (dhcp, dns, elastic, ftp, http proxy, https proxy, http, https, imap, ipp, irc, ldap, memcache, mssql, mysql, ntp, oracle, pjl, pop3, postgres, rdp, redis, sip, smb, smtp, snmp, socks5, ssh, telnet, vnc)

    

21. antivmdetection

    19 1 742 0.0 Python

    Script to create templates to use with VirtualBox to make vm detection harder

    

22. refinery

    20 2 725 9.9 Python

    High Octane Triage Analysis (by binref)

    

23. packj

    21 39 662 7.2 Python

    Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain

    

    Project mention: A Study of Malware Prevention in Linux Distributions | news.ycombinator.com | 2024-11-21

    Good to see Packj[1] as one of the malware scanners used.

    1. https://github.com/ossillate-inc/packj

    Packj detects malicious PyPI/NPM/Ruby/PHP/etc. dependencies using behavioral analysis. It uses static+dynamic code analysis to scan for indicators of compromise (e.g., spawning of shell, use of SSH keys, network communication, use of decode+eval, etc). It also checks for several metadata attributes to detect bad actors (e.g., typo squatting).

24. karton

    22 2 426 6.8 Python

    Distributed malware processing framework based on Python, Redis and S3.

    

25. IATelligence

    23 5 358 10.0 Python

    IATelligence is a Python script that will extract the IAT of a PE file and request GPT to get more information about the API and the ATT&CK matrix related

    

26. SaaSHub

    www.saashub.com featured

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    

Python malware-analysis related posts

• Malware Analysis: CryptoLocker

  1 project | dev.to | 29 Dec 2024

• Paper sospechoso - CTF - PWNEDCR0x7

  1 project | dev.to | 10 Nov 2024

• TheZoo a.k.a. Malware DB

  1 project | news.ycombinator.com | 18 Aug 2023

• Tools to demonstrate malware or ransomware infected PC

  1 project | /r/cybersecurity | 20 Jul 2023

• Advices for an automated malware analysis lab project

  3 projects | /r/Malware | 11 Jul 2023

• Worms for practice

  1 project | /r/hacking | 28 Jun 2023

• N00bs Night Malware RE Workshop with @c3rb3ru5d3d53c (OALABS) ​

  5 projects | /r/Malware | 11 Jun 2023
• A note from our sponsor - SaaSHub
  www.saashub.com | 23 May 2025

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

InfluxDB – Built for High-Performance Time Series Workloads

InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

www.influxdata.com

Do not miss the trending Python projects with our weekly report!