Top 23 Malware Open-Source Projects

• hosts

  100 22,984 8.1 Python

  🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.

  Project mention: I'm a Teapot | news.ycombinator.com | 2023-05-26

  hosts file (modified) sourced from; Steven-Black - hosts @GitHub : https://github.com/StevenBlack/hosts

  cat /etc/hosts |grep -i 'jsonip.com'

    0.0.0.0 jsonip.com

• Awesome-Hacking-Resources

  3 13,446 0.0

  A collection of hacking / penetration testing resources to make you better!

  Project mention: A list of hacking / penetration testing resources to make you better | reddit.com/r/CKsTechNews | 2023-01-09

• InfluxDB

  www.influxdata.com

  sponsored

  Access the most powerful time series database as a service. Ingest, store, & analyze all types of time series data in a fully-managed, purpose-built database. Keep data forever with low-cost storage and superior data compression.

  

• MalwareSourceCode

  9 12,800 8.2 Assembly

  Collection of malware source code for a variety of platforms in an array of different programming languages.

  Project mention: Ransomware with known Registry Persistence | reddit.com/r/AskNetsec | 2023-05-21

  I did managed to get many ransomware from vx-underground.org, which is great for me, but I want more ransomware names (in addition to Wannacry and Ryuk).

• wifiphisher

  2 11,728 2.1 Python

  The Rogue Access Point Framework

  

  Project mention: I am looking for a shortcut to convert PICs like this to a working CSS code using the aid of AI, is it possible ? ( i am studying CyberSec, so i need temps like this from time to time, i am mediocre at programming tho) | reddit.com/r/ChatGPT | 2023-04-09

  dis but for multiple vendors .. as a project for this semester

• theZoo

  17 9,748 1.3 Python

  A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.

  Project mention: Diablo I/II/III/IV/Immortal Class Randomizer | reddit.com/r/diablo4 | 2023-05-19

• Reverse-Engineering-Tutorial

  2 8,443 5.6 Assembly

  A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.

  Project mention: Updated FREE Complete Reverse Engineering Tutorial to include C, C++ and Go | reddit.com/r/ReverseEngineering | 2023-03-01

• TheFatRat

  4 7,778 0.0 C

  Thefatrat a massive exploiting tool : Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and etc . This tool compiles a malware with popular payload and then the compiled malware can be execute on windows, android, mac . The malware that created with this tool also have an ability to bypass most AV software protection .

  Project mention: backdoor | reddit.com/r/u_GoldStop3185 | 2023-04-06

  git clone https://github.com/Screetsec/TheFatRat.git

• ONLYOFFICE

  www.onlyoffice.com

  sponsored

  ONLYOFFICE Docs — document collaboration in your environment. Powerful document editing and collaboration in your app or environment. Ultimate security, API and 30+ ready connectors, SaaS or on-premises

  

• volatility

  8 6,249 0.0 Python

  An advanced memory forensics framework

  

  Project mention: What is the appropriate uncompressed kernel ELF to use with dwarf2json? [ 5.19.0-42-generic #43~22.04.1-Ubuntu ], in order to create generate a custom symbols table to conduct linux memory forensics on Ubuntu 22.04? | reddit.com/r/computerforensics | 2023-05-28

  I need this to create generate a custom symbols table (using dwarf2json), in order to run a memory dump acquired by Ubuntu 22.04, as Ubuntu 22.04 kernel does not work anymore with volatility 2 (Issue here: volatilityfoundation/volatility#828)

• pyWhat

  5 5,966 0.0 Python

  🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙‍♀️

  Project mention: Go Library like PyWhat? | reddit.com/r/golang | 2022-10-20

  Is there a library written in Go similar to PyWhat? I want to use a subset of the functionality for a simple go program I'm writing. I could just call PyWhat, link to lemmeknow, or even write a simple go implementation myself, but I wanted to ask if there was a pure go implementation. Thanks!

• maltrail

  3 5,115 10.0 Python

  Malicious traffic detection system

  Project mention: Is Maltrait worth the trouble? | reddit.com/r/OPNsenseFirewall | 2022-12-22

  Yes, MT had OOM on *BSD, because of python-pcapy module, which is currently unmaintained. So, the fork was done and python-pcapy-ng becomes actual module for MT, which fixed OOM and now MT works OK for *BSD-line: [1] https://github.com/stamparm/maltrail/issues/19056 [2] https://github.com/stamparm/maltrail/issues/16710 [3] py-pcapy-ng on Fresh Ports: https://www.freshports.org/net/py-pcapy-ng/ Also /requirement.txt file was modified for MT to avoid installing python-pcapy instead of python-pcapy-ng: [4] https://github.com/stamparm/maltrail/commit/2aa2da5ba5c332ddd106020290926d1fdfd0f8b2 Despite on all it, some mass-medias keep saying that python-pcapy is required for MT to work. No, just python-pcapy-ng. "Given everything is now encrypted, does anyone know if it is still effective?" <-- IDS (MT is the IDS itself) is passive detection, it doesn't provide the prevention actions. MT can use blocking mechanism, they are describes for Linux: https://github.com/stamparm/maltrail/wiki/Miscellaneous#1-setting-up-maltrail-as-an-intrusion-prevention-system-ips . If some can describe mechanism for MT on *BSD-line, that would be nice. Anyway would be thankful, if you provide details on missing ransomware. Perhaps, it is needed to update network IoCs, if ransomware comprometation was via network. Thank you! "Are the signatures reasonably up to date?" <-- trying to be up-to-dated: https://github.com/stamparm/maltrail/commits/master

• al-khaser

  3 4,815 0.0 C++

  Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.

  Project mention: My neat little internal CS:GO cheat project for Linux | reddit.com/r/Csgohacks | 2023-01-09

• simplify

  0 4,156 0.0 Java

  Android virtual machine and deobfuscator

• qiling

  2 4,039 9.4 Python

  A True Instrumentable Binary Emulation Framework

  

  Project mention: Unicorn Engine problem with map | reddit.com/r/learnprogramming | 2022-11-26

  Sounds more like r/ReverseEngineering. If what you want to do is some dynamic analysis or just play around, maybe try using qiling, it's built on top of unicorn and is made by the same authors. It will take care of loading the file for you.

• nginx-ultimate-bad-bot-blocker

  4 3,111 9.1 Shell

  Nginx Block Bad Bots, Spam Referrer Blocker, Vulnerability Scanners, User-Agents, Malware, Adware, Ransomware, Malicious Sites, with anti-DDOS, Wordpress Theme Detector Blocking and Fail2Ban Jail for Repeat Offenders

  Project mention: Rack::Attack | reddit.com/r/rails | 2023-03-18

  I generally prefer to go up a level. We install ultimate bad bot blocker at the nginx level for apps running on servers or in K8S. For Heroku you can do this with foremen or docker. The advantage of this is that the ‘no’ happens faster than it does when making it all the way down to rack. RackAttack might let a door to door salesperson say “hi,I’m here to talk to you about solar” before slamming the door. Nginx let’s the same salesperson barely say “hi ..” before slamming the door in their face.

• pafish

  7 2,689 5.5 C

  Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do

  Project mention: Makes perfect sense | reddit.com/r/ProgrammerHumor | 2023-04-04

  Yes. For example: https://github.com/a0rtega/pafish

• flare-floss

  4 2,658 9.3 Python

  FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.

  

  Project mention: Why is this de-compiled code showing a different value in memory sometimes? | reddit.com/r/ghidra | 2023-03-06

  Depending on how clever the developer was, this tool works well to find hidden strings: https://github.com/mandiant/flare-floss

• blocklist-ipsets

  19 2,624 0.0 Shell

  ipsets dynamically updated with firehol's update-ipsets.sh script

  

  Project mention: [Opnsensefirewall] Bloquer des IP malveillants avec un pare-feu OPNSENSE | reddit.com/r/enfrancais | 2023-04-19

• block

  18 2,393 0.0 Shell

  Let's make an annoyance free, better open internet, altogether!

  

  Project mention: Remove Energized blocklists | reddit.com/r/ahadns | 2023-01-07

• hosts-blocklists

  5 2,267 0.0

  Automatically updated, moderated and optimized lists for blocking ads, trackers, malware and other garbage

  Project mention: hosts-blocklists VS Lists - a user suggested alternative | libhunt.com/r/hosts-blocklists | 2023-01-19

• malwoverview

  0 2,186 2.1 Python

  Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest and it is able to scan Android devices against VT.

• EvilClippy

  1 1,892 0.0 C#

  A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.

  

  Project mention: Defeat 'Project Unviewable' protection | reddit.com/r/excel | 2022-07-07

  It seems that this is some kind of protection. I tried different methods including EvilClippy without any success. Is there any way to view the underlying vba code ?

• APT_REPORT

  2 1,802 2.1 Python

  Interesting APT Report Collection And Some Special IOC

  Project mention: APT_REPORT/WithSecure-Lazarus-No-Pineapple-Threat-Intelligence-Report-2023.pdf at master · blackorbird/APT_REPORT | reddit.com/r/SecOpsDaily | 2023-02-06

• cyberchef-recipes

  0 1,604 3.8

  A list of cyber-chef recipes and curated links

• Sonar

  www.sonarsource.com

  sponsored

  Write Clean Python Code. Always.. Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.

  

Malware related posts

• PC slows down after downloading cracked games from Megathread sites
  1 project | reddit.com/r/Piracy | 29 May 2023
• What is the appropriate uncompressed kernel ELF to use with dwarf2json? [ 5.19.0-42-generic #43~22.04.1-Ubuntu ], in order to create generate a custom symbols table to conduct linux memory forensics on Ubuntu 22.04?
  2 projects | reddit.com/r/computerforensics | 28 May 2023
• Making a hardened/childproofed image. Need patch suggestions and guides.
  1 project | reddit.com/r/archlinux | 26 May 2023
• KittyStager: KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant, called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.
  1 project | reddit.com/r/blueteamsec | 25 May 2023
• Ransomware with known Registry Persistence
  1 project | reddit.com/r/AskNetsec | 21 May 2023
• How to block or reroute an entire top level domain?
  1 project | reddit.com/r/linuxmint | 21 May 2023
• Diablo I/II/III/IV/Immortal Class Randomizer
  2 projects | reddit.com/r/diablo4 | 19 May 2023
• A note from our sponsor - Sonar
  www.sonarsource.com | 1 Jun 2023

  Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work. Learn more →

Index

Sponsored

Write Clean Python Code. Always.

Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.

www.sonarsource.com