Python malware-research

Open-source Python projects categorized as malware-research | Edit details

Top 13 Python malware-research Projects

  • theZoo

    A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.

    Project mention: Public malware repos as a part of Malware Analysis | reddit.com/r/github | 2022-05-11

    Not against the TOS. See theZoo.

  • pyWhat

    🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙‍♀️

    Project mention: Tips for Making a Popular Open-Source Project in 2021 [Ultimate Guide] | news.ycombinator.com | 2021-11-12
  • Scout APM

    Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.

  • yarGen

    yarGen is a generator for YARA rules

    Project mention: Tasked with building a malware analysis / threat hunting machine . Need feedback | reddit.com/r/cybersecurity | 2022-03-10

    Yara rules generator - Generate yara rules based on a set of malware sample, https://github.com/Neo23x0/yarGen

  • malboxes

    Builds malware analysis Windows VMs so that you don't have to.

  • drakvuf-sandbox

    DRAKVUF Sandbox - automated hypervisor-level malware analysis system

    Project mention: Want to setup a malware analysis Sandbox on Windows 10. Almost giving up... | reddit.com/r/cybersecurity | 2021-07-21

    Why not have a look at DRAKVUF? Supports W10 2004 guests: https://github.com/CERT-Polska/drakvuf-sandbox

  • karton

    Distributed malware processing framework based on Python, Redis and MinIO.

    Project mention: Using a Virtual Machine to Isolate and Test Files for Malware | reddit.com/r/vmware | 2022-01-13

    I did something along the lines of what you describe at work. The easiest way to check files is of course uploading their hashes to virustotal (it's free!) but if you still want to set up an automated malware analysis lab then VMware is a decent choice. You should have a resonably beefy VM (at least 16 gb of ram, couple of cpu cores, rather large ROM also make sure you expose hardware virtualization to this guest). You want the machine to have a bit better specs than a regular windows pc - that way malware won't think "Oh hey, this computer I am on has suspiciously low specs - it's probably a VM! Better delete myself to hinder any threat hunting efforts". On that machine you should install a linux distro - ubuntu for example. Then on this linux you should install a sandbox - for example Cuckoo (it works well on Vsphere, Esxi guests). I know there exist other sandbox software but I worked with this one and it performed alright. Installing and configuring Cuckoo is a bit more involved than I'd like to get into in this comment but I'm sure you will figure this out with numerous tutorials and documentation pages available. Take a look at Volatility framework too! For automating you might want to check out Karton Framework (https://github.com/CERT-Polska/karton) . I haven't used it but I had the chance to talk to its authors and it seems dope.

  • dumpulator

    An easy-to-use library for emulating code in minidump files.

    Project mention: dumpulator: An easy-to-use library for emulating code in minidump files. | reddit.com/r/blueteamsec | 2021-11-20
  • SonarLint

    Deliver Cleaner and Safer Code - Right in Your IDE of Choice!. SonarLint is a free and open source IDE extension that identifies and catches bugs and vulnerabilities as you code, directly in the IDE. Install from your favorite IDE marketplace today.

  • teleRAT

    Telegram RAT written in Python

  • aurora

    Malware similarity platform with modularity in mind. (by W3ndige)

    Project mention: Aurora: an open source Automated malware similarity platform with modularity in mind. | reddit.com/r/blueteamsec | 2021-06-06
  • peid

    Python implementation of the Packed Executable iDentifier (PEiD)

    Project mention: Collection of tools for executable packing detection | reddit.com/r/Malware | 2022-01-15

    PEiD (Python version): Yet another version of it (I found a few others, but always with an outdated userdb.txt), but with a userdb.txt merged from various repositories and an additional tool for making new signatures.

  • centaur.04

    Lightweight malware analysis tool

    Project mention: Malware analysis tool | reddit.com/r/Python | 2021-08-18

    Centaur.04 is a malware analysis tool written in python. It uses the virus Total API to scan for malware using over 50 antivirus databases. Centaur.04 source code

  • bintropy

    Analysis tool for estimating the likelihood that a binary contains compressed or encrypted bytes

    Project mention: Collection of tools for executable packing detection | reddit.com/r/Malware | 2022-01-15

    Bintropy: Entropy-based packing detection featuring multiple modes (whole binary, per section or segment). Based on the awesome LIEF library, therefore supports ELF, PE, Mach-O.

  • PyPackerDetect

    Packing detection tool for PE files

    Project mention: Collection of tools for executable packing detection | reddit.com/r/Malware | 2022-01-15

    PyPackerDetect (upgraded fork): Refactored version of the original that seems to be discontinued.

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2022-05-11.

Python malware-research related posts

Index

What are some of the best open-source malware-research projects in Python? This list will help you:

Project Stars
1 theZoo 8,426
2 pyWhat 5,147
3 yarGen 1,033
4 malboxes 961
5 drakvuf-sandbox 656
6 karton 248
7 dumpulator 227
8 teleRAT 87
9 aurora 70
10 peid 15
11 centaur.04 7
12 bintropy 6
13 PyPackerDetect 5
Find remote jobs at our new job board 99remotejobs.com. There are 12 new remote jobs listed recently.
Are you hiring? Post a new remote job listing for free.
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com