Top 13 Python malware-research Projects
A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.Project mention: Public malware repos as a part of Malware Analysis | reddit.com/r/github | 2022-05-11
Not against the TOS. See theZoo.
🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙♀️Project mention: Tips for Making a Popular Open-Source Project in 2021 [Ultimate Guide] | news.ycombinator.com | 2021-11-12
Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.
yarGen is a generator for YARA rulesProject mention: Tasked with building a malware analysis / threat hunting machine . Need feedback | reddit.com/r/cybersecurity | 2022-03-10
Yara rules generator - Generate yara rules based on a set of malware sample, https://github.com/Neo23x0/yarGen
Builds malware analysis Windows VMs so that you don't have to.
DRAKVUF Sandbox - automated hypervisor-level malware analysis systemProject mention: Want to setup a malware analysis Sandbox on Windows 10. Almost giving up... | reddit.com/r/cybersecurity | 2021-07-21
Why not have a look at DRAKVUF? Supports W10 2004 guests: https://github.com/CERT-Polska/drakvuf-sandbox
Distributed malware processing framework based on Python, Redis and MinIO.Project mention: Using a Virtual Machine to Isolate and Test Files for Malware | reddit.com/r/vmware | 2022-01-13
I did something along the lines of what you describe at work. The easiest way to check files is of course uploading their hashes to virustotal (it's free!) but if you still want to set up an automated malware analysis lab then VMware is a decent choice. You should have a resonably beefy VM (at least 16 gb of ram, couple of cpu cores, rather large ROM also make sure you expose hardware virtualization to this guest). You want the machine to have a bit better specs than a regular windows pc - that way malware won't think "Oh hey, this computer I am on has suspiciously low specs - it's probably a VM! Better delete myself to hinder any threat hunting efforts". On that machine you should install a linux distro - ubuntu for example. Then on this linux you should install a sandbox - for example Cuckoo (it works well on Vsphere, Esxi guests). I know there exist other sandbox software but I worked with this one and it performed alright. Installing and configuring Cuckoo is a bit more involved than I'd like to get into in this comment but I'm sure you will figure this out with numerous tutorials and documentation pages available. Take a look at Volatility framework too! For automating you might want to check out Karton Framework (https://github.com/CERT-Polska/karton) . I haven't used it but I had the chance to talk to its authors and it seems dope.
An easy-to-use library for emulating code in minidump files.Project mention: dumpulator: An easy-to-use library for emulating code in minidump files. | reddit.com/r/blueteamsec | 2021-11-20
Deliver Cleaner and Safer Code - Right in Your IDE of Choice!. SonarLint is a free and open source IDE extension that identifies and catches bugs and vulnerabilities as you code, directly in the IDE. Install from your favorite IDE marketplace today.
Telegram RAT written in Python
Malware similarity platform with modularity in mind. (by W3ndige)Project mention: Aurora: an open source Automated malware similarity platform with modularity in mind. | reddit.com/r/blueteamsec | 2021-06-06
Python implementation of the Packed Executable iDentifier (PEiD)Project mention: Collection of tools for executable packing detection | reddit.com/r/Malware | 2022-01-15
PEiD (Python version): Yet another version of it (I found a few others, but always with an outdated userdb.txt), but with a userdb.txt merged from various repositories and an additional tool for making new signatures.
Lightweight malware analysis toolProject mention: Malware analysis tool | reddit.com/r/Python | 2021-08-18
Centaur.04 is a malware analysis tool written in python. It uses the virus Total API to scan for malware using over 50 antivirus databases. Centaur.04 source code
Analysis tool for estimating the likelihood that a binary contains compressed or encrypted bytesProject mention: Collection of tools for executable packing detection | reddit.com/r/Malware | 2022-01-15
Bintropy: Entropy-based packing detection featuring multiple modes (whole binary, per section or segment). Based on the awesome LIEF library, therefore supports ELF, PE, Mach-O.
Packing detection tool for PE filesProject mention: Collection of tools for executable packing detection | reddit.com/r/Malware | 2022-01-15
PyPackerDetect (upgraded fork): Refactored version of the original that seems to be discontinued.
Python malware-research related posts
Public malware repos as a part of Malware Analysis
1 project | reddit.com/r/github | 11 May 2022
Old exploits and viruses | Encyclopedia of malware and exploits |
1 project | reddit.com/r/blueteamsec | 15 Apr 2022
Any ideas on a good Malware Archives
5 projects | reddit.com/r/Malware | 31 Mar 2022
any good websites that I can download malware and rasomware any suggestions
2 projects | reddit.com/r/cybersecurity | 21 Mar 2022
Tasked with building a malware analysis / threat hunting machine . Need feedback
3 projects | reddit.com/r/cybersecurity | 10 Mar 2022
Simple HTML DoS Script for Russian Sites
6 projects | reddit.com/r/hacking | 25 Feb 2022
How to Generate Your First Detection in CrowdStrike Falcon using Detection and Quarantine on Write [Tech Center]
1 project | reddit.com/r/crowdstrike | 15 Feb 2022
What are some of the best open-source malware-research projects in Python? This list will help you:
Are you hiring? Post a new remote job listing for free.