Python malware-analysis

Open-source Python projects categorized as malware-analysis | Edit details

Top 20 Python malware-analysis Projects

  • theZoo

    A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.

    Project mention: Public malware repos as a part of Malware Analysis | reddit.com/r/github | 2022-05-11

    Not against the TOS. See theZoo.

  • pyWhat

    🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙‍♀️

    Project mention: Tips for Making a Popular Open-Source Project in 2021 [Ultimate Guide] | news.ycombinator.com | 2021-11-12
  • Scout APM

    Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.

  • pwndbg

    Exploit Development and Reverse Engineering with GDB Made Easy

    Project mention: Hacked GDB Dashboard Puts It All on Display | news.ycombinator.com | 2022-03-24

    There are a lot of these types of tools already in the reverse engineering community (in order of lowest chance of breaking when you throw really weird stuff at it):

    GEF: https://gef.readthedocs.io/en/master/

    PWNDBG: https://github.com/pwndbg/pwndbg

    PEDA: https://github.com/longld/peda

    They also come with a slew of different features to aid in RE/exploit dev, but many of them are also useful for debugging really weird issues.

  • gef

    GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging features for exploit developers & reverse engineers

    Project mention: Debugging with GDB | news.ycombinator.com | 2022-03-21

    I still struggle with GDB but my excuse is that I seldom use it.

    When I was studying reverse engineering though, I came across a really cool kit (which I've yet to find an alternative for lldb, which would be nice given: rust)

    I'd recommend checking it out, if for no other reason than it makes a lot of things really obvious (like watching what value lives in which register).

    https://github.com/hugsy/gef

    LLDB's closest alternative to this is called Venom, but it's not the same at all. https://github.com/ovh/venom

  • IntelOwl

    Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale

    Project mention: Threat detection | reddit.com/r/selfhosted | 2022-03-01

    One thing I ran for a while was security onion and utilized port mirroring to mirror the uplink port from my primary switch to my LAN on my router, so I was catching anything coming into/out of my network destined for internet. I've also used ElastiFlow ( https://github.com/robcowart/elastiflow ) which is absolutely phenomenal and awesome, I did the same and it provides some great data. You could also leverage IntelOwl ( https://github.com/intelowlproject/IntelOwl ) , one thing I have added to all my VMs is a OSSEC agent, Wazuh to be specific which is free ( https://github.com/wazuh/wazuh ) and while I am not using it to its full potential such as monitoring file deletions/modifications etc it is a powerful tool.

  • flare-fakenet-ng

    [Suspended] FakeNet-NG - Next Generation Dynamic Network Analysis Tool

    Project mention: Ask HN: What is your home networking setup? | news.ycombinator.com | 2022-01-20

    * INetSim [1]

    Reverse engineering, and malware analysis skills will transfer to this task directly.

    [0]: https://github.com/mandiant/flare-fakenet-ng

  • yarGen

    yarGen is a generator for YARA rules

    Project mention: Tasked with building a malware analysis / threat hunting machine . Need feedback | reddit.com/r/cybersecurity | 2022-03-10

    Yara rules generator - Generate yara rules based on a set of malware sample, https://github.com/Neo23x0/yarGen

  • SonarLint

    Deliver Cleaner and Safer Code - Right in Your IDE of Choice!. SonarLint is a free and open source IDE extension that identifies and catches bugs and vulnerabilities as you code, directly in the IDE. Install from your favorite IDE marketplace today.

  • malboxes

    Builds malware analysis Windows VMs so that you don't have to.

  • ViperMonkey

    A VBA parser and emulation engine to analyze malicious macros.

    Project mention: De-obfuscation | reddit.com/r/Malware | 2021-06-02
  • drakvuf-sandbox

    DRAKVUF Sandbox - automated hypervisor-level malware analysis system

    Project mention: Want to setup a malware analysis Sandbox on Windows 10. Almost giving up... | reddit.com/r/cybersecurity | 2021-07-21

    Why not have a look at DRAKVUF? Supports W10 2004 guests: https://github.com/CERT-Polska/drakvuf-sandbox

  • antivmdetection

    Script to create templates to use with VirtualBox to make vm detection harder

    Project mention: Security research homelab, made with <3 | reddit.com/r/homelab | 2022-01-17

    To avoid detection of something like a cuckoo I would use https://github.com/nsmfoo/antivmdetection and test it with https://github.com/therealdreg/anticuckoo and https://github.com/LordNoteworthy/al-khaser

  • karton

    Distributed malware processing framework based on Python, Redis and MinIO.

    Project mention: Using a Virtual Machine to Isolate and Test Files for Malware | reddit.com/r/vmware | 2022-01-13

    I did something along the lines of what you describe at work. The easiest way to check files is of course uploading their hashes to virustotal (it's free!) but if you still want to set up an automated malware analysis lab then VMware is a decent choice. You should have a resonably beefy VM (at least 16 gb of ram, couple of cpu cores, rather large ROM also make sure you expose hardware virtualization to this guest). You want the machine to have a bit better specs than a regular windows pc - that way malware won't think "Oh hey, this computer I am on has suspiciously low specs - it's probably a VM! Better delete myself to hinder any threat hunting efforts". On that machine you should install a linux distro - ubuntu for example. Then on this linux you should install a sandbox - for example Cuckoo (it works well on Vsphere, Esxi guests). I know there exist other sandbox software but I worked with this one and it performed alright. Installing and configuring Cuckoo is a bit more involved than I'd like to get into in this comment but I'm sure you will figure this out with numerous tutorials and documentation pages available. Take a look at Volatility framework too! For automating you might want to check out Karton Framework (https://github.com/CERT-Polska/karton) . I haven't used it but I had the chance to talk to its authors and it seems dope.

  • dumpulator

    An easy-to-use library for emulating code in minidump files.

    Project mention: dumpulator: An easy-to-use library for emulating code in minidump files. | reddit.com/r/blueteamsec | 2021-11-20
  • refinery

    High Octane Triage Analysis (by binref)

    Project mention: Binary Refinery: High Octane Triage Analysis | reddit.com/r/blueteamsec | 2021-11-12
  • AutoDroid

    A tool for automating interactions with Android devices - including ADB, AndroGuard, and Frida interactivity.

    Project mention: Automating Reverse Engineering Android Apps - Python Tool with ADB, AndroGuard, and Frida integration | reddit.com/r/Hacking_Tutorials | 2022-05-08
  • DroidDetective

    A machine learning malware analysis framework for Android apps.

    Project mention: Using machine learning to identify malware in Android applications | reddit.com/r/learnmachinelearning | 2022-05-10
  • peid

    Python implementation of the Packed Executable iDentifier (PEiD)

    Project mention: Collection of tools for executable packing detection | reddit.com/r/Malware | 2022-01-15

    PEiD (Python version): Yet another version of it (I found a few others, but always with an outdated userdb.txt), but with a userdb.txt merged from various repositories and an additional tool for making new signatures.

  • centaur.04

    Lightweight malware analysis tool

    Project mention: Malware analysis tool | reddit.com/r/Python | 2021-08-18

    Centaur.04 is a malware analysis tool written in python. It uses the virus Total API to scan for malware using over 50 antivirus databases. Centaur.04 source code

  • bintropy

    Analysis tool for estimating the likelihood that a binary contains compressed or encrypted bytes

    Project mention: Collection of tools for executable packing detection | reddit.com/r/Malware | 2022-01-15

    Bintropy: Entropy-based packing detection featuring multiple modes (whole binary, per section or segment). Based on the awesome LIEF library, therefore supports ELF, PE, Mach-O.

  • PyPackerDetect

    Packing detection tool for PE files

    Project mention: Collection of tools for executable packing detection | reddit.com/r/Malware | 2022-01-15

    PyPackerDetect (upgraded fork): Refactored version of the original that seems to be discontinued.

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2022-05-11.

Python malware-analysis related posts

Index

What are some of the best open-source malware-analysis projects in Python? This list will help you:

Project Stars
1 theZoo 8,426
2 pyWhat 5,147
3 pwndbg 4,572
4 gef 4,566
5 IntelOwl 2,285
6 flare-fakenet-ng 1,355
7 yarGen 1,033
8 malboxes 963
9 ViperMonkey 860
10 drakvuf-sandbox 656
11 antivmdetection 607
12 karton 248
13 dumpulator 227
14 refinery 199
15 AutoDroid 63
16 DroidDetective 31
17 peid 15
18 centaur.04 7
19 bintropy 6
20 PyPackerDetect 5
Find remote jobs at our new job board 99remotejobs.com. There are 9 new remote jobs listed recently.
Are you hiring? Post a new remote job listing for free.
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com