Top 13 Python malware-research Projects
-
theZoo
A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
Project mention: Public malware repos as a part of Malware Analysis | reddit.com/r/github | 2022-05-11Not against the TOS. See theZoo.
-
pyWhat
🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙♀️
Project mention: Tips for Making a Popular Open-Source Project in 2021 [Ultimate Guide] | news.ycombinator.com | 2021-11-12 -
Scout APM
Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.
-
Project mention: Tasked with building a malware analysis / threat hunting machine . Need feedback | reddit.com/r/cybersecurity | 2022-03-10
Yara rules generator - Generate yara rules based on a set of malware sample, https://github.com/Neo23x0/yarGen
-
-
Project mention: Want to setup a malware analysis Sandbox on Windows 10. Almost giving up... | reddit.com/r/cybersecurity | 2021-07-21
Why not have a look at DRAKVUF? Supports W10 2004 guests: https://github.com/CERT-Polska/drakvuf-sandbox
-
Project mention: Using a Virtual Machine to Isolate and Test Files for Malware | reddit.com/r/vmware | 2022-01-13
I did something along the lines of what you describe at work. The easiest way to check files is of course uploading their hashes to virustotal (it's free!) but if you still want to set up an automated malware analysis lab then VMware is a decent choice. You should have a resonably beefy VM (at least 16 gb of ram, couple of cpu cores, rather large ROM also make sure you expose hardware virtualization to this guest). You want the machine to have a bit better specs than a regular windows pc - that way malware won't think "Oh hey, this computer I am on has suspiciously low specs - it's probably a VM! Better delete myself to hinder any threat hunting efforts". On that machine you should install a linux distro - ubuntu for example. Then on this linux you should install a sandbox - for example Cuckoo (it works well on Vsphere, Esxi guests). I know there exist other sandbox software but I worked with this one and it performed alright. Installing and configuring Cuckoo is a bit more involved than I'd like to get into in this comment but I'm sure you will figure this out with numerous tutorials and documentation pages available. Take a look at Volatility framework too! For automating you might want to check out Karton Framework (https://github.com/CERT-Polska/karton) . I haven't used it but I had the chance to talk to its authors and it seems dope.
-
Project mention: dumpulator: An easy-to-use library for emulating code in minidump files. | reddit.com/r/blueteamsec | 2021-11-20
-
SonarLint
Deliver Cleaner and Safer Code - Right in Your IDE of Choice!. SonarLint is a free and open source IDE extension that identifies and catches bugs and vulnerabilities as you code, directly in the IDE. Install from your favorite IDE marketplace today.
-
-
Project mention: Aurora: an open source Automated malware similarity platform with modularity in mind. | reddit.com/r/blueteamsec | 2021-06-06
-
Project mention: Collection of tools for executable packing detection | reddit.com/r/Malware | 2022-01-15
PEiD (Python version): Yet another version of it (I found a few others, but always with an outdated userdb.txt), but with a userdb.txt merged from various repositories and an additional tool for making new signatures.
-
Centaur.04 is a malware analysis tool written in python. It uses the virus Total API to scan for malware using over 50 antivirus databases. Centaur.04 source code
-
bintropy
Analysis tool for estimating the likelihood that a binary contains compressed or encrypted bytes
Project mention: Collection of tools for executable packing detection | reddit.com/r/Malware | 2022-01-15Bintropy: Entropy-based packing detection featuring multiple modes (whole binary, per section or segment). Based on the awesome LIEF library, therefore supports ELF, PE, Mach-O.
-
Project mention: Collection of tools for executable packing detection | reddit.com/r/Malware | 2022-01-15
PyPackerDetect (upgraded fork): Refactored version of the original that seems to be discontinued.
Python malware-research related posts
- Public malware repos as a part of Malware Analysis
- Old exploits and viruses | Encyclopedia of malware and exploits |
- Any ideas on a good Malware Archives
- any good websites that I can download malware and rasomware any suggestions
- Tasked with building a malware analysis / threat hunting machine . Need feedback
- Simple HTML DoS Script for Russian Sites
- How to Generate Your First Detection in CrowdStrike Falcon using Detection and Quarantine on Write [Tech Center]
Index
What are some of the best open-source malware-research projects in Python? This list will help you:
| Project | Stars | |
|---|---|---|
| 1 | theZoo | 8,426 |
| 2 | pyWhat | 5,147 |
| 3 | yarGen | 1,033 |
| 4 | malboxes | 961 |
| 5 | drakvuf-sandbox | 656 |
| 6 | karton | 248 |
| 7 | dumpulator | 227 |
| 8 | teleRAT | 87 |
| 9 | aurora | 70 |
| 10 | peid | 15 |
| 11 | centaur.04 | 7 |
| 12 | bintropy | 6 |
| 13 | PyPackerDetect | 5 |
Are you hiring? Post a new remote job listing for free.
