Python malware-analysis

Open-source Python projects categorized as malware-analysis

Top 23 Python malware-analysis Projects

  • theZoo

    A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.

    Project mention: Diablo I/II/III/IV/Immortal Class Randomizer | | 2023-05-19
  • pyWhat

    🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙‍♀️

    Project mention: Go Library like PyWhat? | | 2022-10-20

    Is there a library written in Go similar to PyWhat? I want to use a subset of the functionality for a simple go program I'm writing. I could just call PyWhat, link to lemmeknow, or even write a simple go implementation myself, but I wanted to ask if there was a pure go implementation. Thanks!

  • InfluxDB

    Access the most powerful time series database as a service. Ingest, store, & analyze all types of time series data in a fully-managed, purpose-built database. Keep data forever with low-cost storage and superior data compression.

  • pwndbg

    Exploit Development and Reverse Engineering with GDB Made Easy

    Project mention: Any tips for newish C debugging please. | | 2023-02-01

    By far the best debugger for C is gdb+pwndbg (

  • gef

    GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux

    Project mention: How do you use gdb without the tui? Are there advantages? Or just describe your GDB workflow. | | 2023-04-25

    If you are on Linux, install GEF and be happy.

  • capa

    The FLARE team's open-source tool to identify capabilities in executable files.

    Project mention: How to analyze malicious PDF? | | 2023-05-12

    You can detonate it into a VM running an instance of Cuckoo Sandbox. If you want to go the extra mile, you can dump the memory of said VM and analyse it with Volatility Framework. Also, if you want to quickly identify behavioural patterns in executable code, you can use Mandiant's CAPA tool (though idk if it works on .pdfs).

  • IntelOwl

    Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale

    Project mention: To GSoC and beyond... | | 2022-09-26

    Allowed bulk analysis of files as well as observables, leading to a more efficient workflow for IntelOwl users. #1032

  • flare-floss

    FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.

    Project mention: Why is this de-compiled code showing a different value in memory sometimes? | | 2023-03-06

    Depending on how clever the developer was, this tool works well to find hidden strings:


    ONLYOFFICE Docs — document collaboration in your environment. Powerful document editing and collaboration in your app or environment. Ultimate security, API and 30+ ready connectors, SaaS or on-premises

  • malwoverview

    Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest and it is able to scan Android devices against VT.

  • flare-fakenet-ng

    [Suspended] FakeNet-NG - Next Generation Dynamic Network Analysis Tool

  • yarGen

    yarGen is a generator for YARA rules

  • CAPEv2

    Malware Configuration And Payload Extraction

    Project mention: Does anyone installed cuckoo sandbox recently? | | 2022-06-16 is a more "production ready" solution.

  • malboxes

    Builds malware analysis Windows VMs so that you don't have to.

  • ViperMonkey

    A VBA parser and emulation engine to analyze malicious macros.

  • drakvuf-sandbox

    DRAKVUF Sandbox - automated hypervisor-level malware analysis system

  • antivmdetection

    Script to create templates to use with VirtualBox to make vm detection harder

  • unlicense

    Dynamic unpacker and import fixer for Themida/WinLicense 2.x and 3.x.

    Project mention: unlicense 0.3.0 - A dynamic unpacker and import fixer for Themida/WinLicense 2.x and 3.x. Now with support for virtualized entry points and Delphi executables! | | 2022-07-21
  • packj

    Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain

    Project mention: How to use Podman inside of a container | | 2023-04-26

    I built Packj [1] sandboxing for securing “pip/NPM install”. It uses strace for sandboxing and blocks access to sensitive files and limits traffic to known-good IP addresses.


  • refinery

    High Octane Triage Analysis (by binref)

    Project mention: refinery: High Octane Triage Analysis - The Binary Refinery™ is a collection of Python scripts that implement transformations of binary data such as compression and encryption | | 2023-03-02
  • honeypots

    30 different honeypots in one package! (dhcp, dns, elastic, ftp, http proxy, https proxy, http, https, imap, ipp, irc, ldap, memcache, mssql, mysql, ntp, oracle, pjl, pop3, postgres, rdp, redis, sip, smb, smtp, snmp, socks5, ssh, telnet, vnc)

    Project mention: 30 different honeypots in one package! | | 2023-04-03
  • karton

    Distributed malware processing framework based on Python, Redis and S3.

  • IATelligence

    IATelligence is a Python script that will extract the IAT of a PE file and request GPT to get more information about the API and the ATT&CK matrix related

    Project mention: IATelligence is a Python script that will extract the IAT of a PE file and request GPT to get more information about the API and the ATT&CK matrix related | | 2022-12-14
  • pyc2bytecode

    A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including Python 3.10.*)

    Project mention: PSA: Global QR Code bot could have malware... | | 2022-07-05

    I was able to figure out that this is a python program which was compiled to an .exe. Using uncompyle6 and pyc2bytecode, I was able to decompile the .exe into the python bytecode...but I'm no expert at reading python bytecode. If you want to do this yourself, note that you will need to use the same version of python as the version used to make the exe (python 3.9). I did easily by changing the python_version in my Pipfile to 3.9 and using pipenv shell.

  • AutoDroid

    A tool for automating interactions with Android devices - including ADB, AndroGuard, and Frida interactivity.

  • Sonar

    Write Clean Python Code. Always.. Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2023-05-19.

Python malware-analysis related posts


What are some of the best open-source malware-analysis projects in Python? This list will help you:

Project Stars
1 theZoo 9,748
2 pyWhat 5,966
3 pwndbg 5,612
4 gef 5,597
5 capa 3,034
6 IntelOwl 2,767
7 flare-floss 2,658
8 malwoverview 2,189
9 flare-fakenet-ng 1,507
10 yarGen 1,271
11 CAPEv2 1,219
12 malboxes 997
13 ViperMonkey 944
14 drakvuf-sandbox 834
15 antivmdetection 654
16 unlicense 594
17 packj 518
18 refinery 434
19 honeypots 404
20 karton 320
21 IATelligence 313
22 pyc2bytecode 102
23 AutoDroid 89
Write Clean Python Code. Always.
Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.