The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →
Top 23 Python malware-analysis Projects
-
theZoo
A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
gef
GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux
-
pyWhat
🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙♀️
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
oletools
oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.
-
malwoverview
Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest and it is able to scan Android devices against VT.
-
packj
Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
-
honeypots
30 different honeypots in one package! (dhcp, dns, elastic, ftp, http proxy, https proxy, http, https, imap, ipp, irc, ldap, memcache, mssql, mysql, ntp, oracle, pjl, pop3, postgres, rdp, redis, sip, smb, smtp, snmp, socks5, ssh, telnet, vnc)
-
IATelligence
IATelligence is a Python script that will extract the IAT of a PE file and request GPT to get more information about the API and the ATT&CK matrix related
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
There is also GEF, which is widely used by the reverse engineering and CTF community.
https://github.com/hugsy/gef
Project mention: N00bs Night Malware RE Workshop with @c3rb3ru5d3d53c (OALABS) | /r/Malware | 2023-06-11Python3 Environment Basics For IDA Pro (Windows) https://www.patreon.com/posts/python3-basics-58467121 Hexcopy (save a click) https://github.com/OALabs/hexcopy-ida HashDB https://github.com/OALabs/hashdb-ida Flare-IDA https://github.com/mandiant/flare-ida Capa https://github.com/mandiant/capa Capa Rules https://github.com/mandiant/capa-rules BinDiff https://www.youtube.com/watch?v=BLBjcZe-C3I
Creator of Packj [1] here. How do you envision sandboxing/security policies will be specified? Per-lib policies when you've hundreds of dependencies will become overwhelming. Having built an eBPF-based sandbox [2], I anticipate that accuracy will be another challenge here: too restrictive will block functionality, too permissive defeats the purpose.
1. https://github.com/ossillate-inc/packj flags malicious/risky NPM/PyPI/RubyGems/Rust/Maven/PHP packages by carrying out static+dynamic+metadata analysis.
Python malware-analysis related posts
- TheZoo a.k.a. Malware DB
- Tools to demonstrate malware or ransomware infected PC
- Advices for an automated malware analysis lab project
- Worms for practice
- N00bs Night Malware RE Workshop with @c3rb3ru5d3d53c (OALABS)
- Python script which uses Ghidra doesn't recognize imports
- Diablo I/II/III/IV/Immortal Class Randomizer
-
A note from our sponsor - WorkOS
workos.com | 25 Apr 2024
Index
What are some of the best open-source malware-analysis projects in Python? This list will help you:
Project | Stars | |
---|---|---|
1 | theZoo | 10,688 |
2 | pwndbg | 6,700 |
3 | gef | 6,474 |
4 | pyWhat | 6,352 |
5 | capa | 3,842 |
6 | IntelOwl | 3,103 |
7 | flare-floss | 3,016 |
8 | oletools | 2,742 |
9 | malwoverview | 2,725 |
10 | flare-fakenet-ng | 1,689 |
11 | CAPEv2 | 1,650 |
12 | yarGen | 1,447 |
13 | ViperMonkey | 1,021 |
14 | malboxes | 1,011 |
15 | drakvuf-sandbox | 983 |
16 | unlicense | 874 |
17 | antivmdetection | 686 |
18 | packj | 614 |
19 | refinery | 588 |
20 | honeypots | 585 |
21 | karton | 366 |
22 | IATelligence | 341 |
23 | mwdb-core | 292 |
Sponsored