Top 20 Python malware-analysis Projects
A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.Project mention: Public malware repos as a part of Malware Analysis | reddit.com/r/github | 2022-05-11
Not against the TOS. See theZoo.
🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙♀️Project mention: Tips for Making a Popular Open-Source Project in 2021 [Ultimate Guide] | news.ycombinator.com | 2021-11-12
Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.
Exploit Development and Reverse Engineering with GDB Made EasyProject mention: Hacked GDB Dashboard Puts It All on Display | news.ycombinator.com | 2022-03-24
There are a lot of these types of tools already in the reverse engineering community (in order of lowest chance of breaking when you throw really weird stuff at it):
They also come with a slew of different features to aid in RE/exploit dev, but many of them are also useful for debugging really weird issues.
GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging features for exploit developers & reverse engineersProject mention: Debugging with GDB | news.ycombinator.com | 2022-03-21
I still struggle with GDB but my excuse is that I seldom use it.
When I was studying reverse engineering though, I came across a really cool kit (which I've yet to find an alternative for lldb, which would be nice given: rust)
I'd recommend checking it out, if for no other reason than it makes a lot of things really obvious (like watching what value lives in which register).
LLDB's closest alternative to this is called Venom, but it's not the same at all. https://github.com/ovh/venom
Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scaleProject mention: Threat detection | reddit.com/r/selfhosted | 2022-03-01
One thing I ran for a while was security onion and utilized port mirroring to mirror the uplink port from my primary switch to my LAN on my router, so I was catching anything coming into/out of my network destined for internet. I've also used ElastiFlow ( https://github.com/robcowart/elastiflow ) which is absolutely phenomenal and awesome, I did the same and it provides some great data. You could also leverage IntelOwl ( https://github.com/intelowlproject/IntelOwl ) , one thing I have added to all my VMs is a OSSEC agent, Wazuh to be specific which is free ( https://github.com/wazuh/wazuh ) and while I am not using it to its full potential such as monitoring file deletions/modifications etc it is a powerful tool.
[Suspended] FakeNet-NG - Next Generation Dynamic Network Analysis Tool
yarGen is a generator for YARA rulesProject mention: Tasked with building a malware analysis / threat hunting machine . Need feedback | reddit.com/r/cybersecurity | 2022-03-10
Yara rules generator - Generate yara rules based on a set of malware sample, https://github.com/Neo23x0/yarGen
Deliver Cleaner and Safer Code - Right in Your IDE of Choice!. SonarLint is a free and open source IDE extension that identifies and catches bugs and vulnerabilities as you code, directly in the IDE. Install from your favorite IDE marketplace today.
Builds malware analysis Windows VMs so that you don't have to.
A VBA parser and emulation engine to analyze malicious macros.Project mention: De-obfuscation | reddit.com/r/Malware | 2021-06-02
DRAKVUF Sandbox - automated hypervisor-level malware analysis systemProject mention: Want to setup a malware analysis Sandbox on Windows 10. Almost giving up... | reddit.com/r/cybersecurity | 2021-07-21
Why not have a look at DRAKVUF? Supports W10 2004 guests: https://github.com/CERT-Polska/drakvuf-sandbox
Script to create templates to use with VirtualBox to make vm detection harderProject mention: Security research homelab, made with <3 | reddit.com/r/homelab | 2022-01-17
To avoid detection of something like a cuckoo I would use https://github.com/nsmfoo/antivmdetection and test it with https://github.com/therealdreg/anticuckoo and https://github.com/LordNoteworthy/al-khaser
Distributed malware processing framework based on Python, Redis and MinIO.Project mention: Using a Virtual Machine to Isolate and Test Files for Malware | reddit.com/r/vmware | 2022-01-13
I did something along the lines of what you describe at work. The easiest way to check files is of course uploading their hashes to virustotal (it's free!) but if you still want to set up an automated malware analysis lab then VMware is a decent choice. You should have a resonably beefy VM (at least 16 gb of ram, couple of cpu cores, rather large ROM also make sure you expose hardware virtualization to this guest). You want the machine to have a bit better specs than a regular windows pc - that way malware won't think "Oh hey, this computer I am on has suspiciously low specs - it's probably a VM! Better delete myself to hinder any threat hunting efforts". On that machine you should install a linux distro - ubuntu for example. Then on this linux you should install a sandbox - for example Cuckoo (it works well on Vsphere, Esxi guests). I know there exist other sandbox software but I worked with this one and it performed alright. Installing and configuring Cuckoo is a bit more involved than I'd like to get into in this comment but I'm sure you will figure this out with numerous tutorials and documentation pages available. Take a look at Volatility framework too! For automating you might want to check out Karton Framework (https://github.com/CERT-Polska/karton) . I haven't used it but I had the chance to talk to its authors and it seems dope.
An easy-to-use library for emulating code in minidump files.Project mention: dumpulator: An easy-to-use library for emulating code in minidump files. | reddit.com/r/blueteamsec | 2021-11-20
High Octane Triage Analysis (by binref)Project mention: Binary Refinery: High Octane Triage Analysis | reddit.com/r/blueteamsec | 2021-11-12
A tool for automating interactions with Android devices - including ADB, AndroGuard, and Frida interactivity.Project mention: Automating Reverse Engineering Android Apps - Python Tool with ADB, AndroGuard, and Frida integration | reddit.com/r/Hacking_Tutorials | 2022-05-08
A machine learning malware analysis framework for Android apps.Project mention: Using machine learning to identify malware in Android applications | reddit.com/r/learnmachinelearning | 2022-05-10
Python implementation of the Packed Executable iDentifier (PEiD)Project mention: Collection of tools for executable packing detection | reddit.com/r/Malware | 2022-01-15
PEiD (Python version): Yet another version of it (I found a few others, but always with an outdated userdb.txt), but with a userdb.txt merged from various repositories and an additional tool for making new signatures.
Lightweight malware analysis toolProject mention: Malware analysis tool | reddit.com/r/Python | 2021-08-18
Centaur.04 is a malware analysis tool written in python. It uses the virus Total API to scan for malware using over 50 antivirus databases. Centaur.04 source code
Analysis tool for estimating the likelihood that a binary contains compressed or encrypted bytesProject mention: Collection of tools for executable packing detection | reddit.com/r/Malware | 2022-01-15
Bintropy: Entropy-based packing detection featuring multiple modes (whole binary, per section or segment). Based on the awesome LIEF library, therefore supports ELF, PE, Mach-O.
Packing detection tool for PE filesProject mention: Collection of tools for executable packing detection | reddit.com/r/Malware | 2022-01-15
PyPackerDetect (upgraded fork): Refactored version of the original that seems to be discontinued.
Python malware-analysis related posts
Public malware repos as a part of Malware Analysis
1 project | reddit.com/r/github | 11 May 2022
Using machine learning to identify malware in Android applications
1 project | reddit.com/r/learnmachinelearning | 10 May 2022
A Machine Learning, Reverse Engineering, and Malware Analysis Framework for Android Applications
1 project | reddit.com/r/ReverseEngineering | 10 May 2022
A Machine Learning Malware Analysis Framework For Android Applications
1 project | reddit.com/r/Hacking_Tutorials | 10 May 2022
Old exploits and viruses | Encyclopedia of malware and exploits |
1 project | reddit.com/r/blueteamsec | 15 Apr 2022
Any ideas on a good Malware Archives
5 projects | reddit.com/r/Malware | 31 Mar 2022
Dataset with labeled benign and malicious files
5 projects | reddit.com/r/Malware | 31 Mar 2022
What are some of the best open-source malware-analysis projects in Python? This list will help you:
Are you hiring? Post a new remote job listing for free.