Top 23 Malware Open-Source Projects

1. hosts

   1 314 28,077 9.5 Python

   🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.

   

   Project mention: Digital Hygiene | news.ycombinator.com | 2025-03-19

   Why use NextDNS when you can use a lightweight, native solution[1]? Sorry if this sounds condescending but I need less services and not more.

   [1]: https://github.com/StevenBlack/hosts

2. InfluxDB

   www.influxdata.com featured

   InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

   

3. MalwareSourceCode

   2 30 16,775 3.9 Assembly

   Collection of malware source code for a variety of platforms in an array of different programming languages.

   

   Project mention: Source Code of $3k-a-Month macOS Malware 'Banshee Stealer' Leaked | news.ycombinator.com | 2024-12-01

   So let me get this straight. The malware source code was uploaded to github for people to view, but it's all in zip and 7z files, requiring you to download and execute the files in order to see their contents. 7z itself just had a RCE cve last week, and who would ever download malware files and unzip them trying to view the source code. This repo is not something to be trusted in its current state

   https://github.com/vxunderground/MalwareSourceCode/tree/main...

4. Awesome-Hacking-Resources

   3 5 15,694 0.0

   A collection of hacking / penetration testing resources to make you better!

   

5. wifiphisher

   4 5 13,825 2.1 Python

   The Rogue Access Point Framework

   

6. Reverse-Engineering-Tutorial

   5 19 12,124 8.7 Assembly

   A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit/64-bit ARM, 8-bit AVR and 32-bit RISC-V architectures.

   

   Project mention: Reverse Engineering – Lesson 1: x86 Course (Part 1: Goals) | news.ycombinator.com | 2024-12-20

7. theZoo

   6 66 11,841 2.5 Python

   A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.

   

   Project mention: Malware Analysis: CryptoLocker | dev.to | 2024-12-29

   The analyzed sample is provided within this folder, the password for the zip file is infected. This sample was taken from theZoo Repository.

8. dns-blocklists

   7 85 11,295 9.4 Text

   DNS-Blocklists: For a better internet - keep the internet clean!

   

   Project mention: Xcode Constantly Phones Home | news.ycombinator.com | 2025-03-01

   Personally I use a dns block list like https://github.com/hagezi/dns-blocklists with dnmasq or dnsdist. Works great :)

9. SaaSHub

   www.saashub.com featured

   SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

   

10. TheFatRat

    8 8 9,779 0.0 C

    Thefatrat a massive exploiting tool : Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and etc . This tool compiles a malware with popular payload and then the compiled malware can be execute on windows, android, mac . The malware that created with this tool also have an ability to bypass most AV software protection .

    

11. volatility

    9 19 7,571 0.0 Python

    An advanced memory forensics framework

    

    Project mention: 💀 Insomni'hack 2025 CTF write-up | dev.to | 2025-03-17

    We were given a quite big 20250312.mem file. Looking at the name of the challenge and the size of the file, it was clear it was required to use volatility.

12. maltrail

    10 5 6,965 10.0 Python

    Malicious traffic detection system

    

13. pyWhat

    11 17 6,866 0.0 Python

    🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙‍♀️

    

    Project mention: pyWhat VS binwalk - a user suggested alternative | libhunt.com/r/pyWhat | 2024-07-19

14. al-khaser

    12 5 6,314 4.4 C++

    Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.

    

15. qiling

    13 10 5,435 8.5 Python

    A True Instrumentable Binary Emulation Framework

    

16. simplify

    14 0 4,528 0.0 Java

    Android virtual machine and deobfuscator

    

17. nginx-ultimate-bad-bot-blocker

    15 13 4,365 9.8 Shell

    Nginx Block Bad Bots, Spam Referrer Blocker, Vulnerability Scanners, User-Agents, Malware, Adware, Ransomware, Malicious Sites, with anti-DDOS, Wordpress Theme Detector Blocking and Fail2Ban Jail for Repeat Offenders

    

    Project mention: Killing Bots at the Gate: Detecting Malicious Crawlers with Nginx | dev.to | 2025-05-03

    Bonus: check your logs against public bot signature lists like MitchellKrogza’s bad bot list.

18. pafish

    16 17 3,647 0.0 C

    Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do

    

19. flare-floss

    17 4 3,521 7.9 Python

    FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.

    

20. blocklist-ipsets

    18 39 3,406 2.1 Shell

    ipsets dynamically updated with firehol's update-ipsets.sh script

    

21. malwoverview

    19 3 3,193 7.9 Python

    Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest, VxExchange and IPInfo, and it is also able to scan Android devices against VT.

    

22. volatility3

    20 8 3,097 9.9 Python

    Volatility 3.0 development

    

    Project mention: Memory Dump Analysis | Kali Linux | dev.to | 2024-09-17

    Clone the Volatility 3 repository: > git clone https://github.com/volatilityfoundation/volatility3.git

23. block

    21 95 2,602 9.4 Shell

    Let's make an annoyance free, better open internet, altogether!

    

24. APT_REPORT

    22 4 2,555 9.1 Python

    Interesting APT Report Collection And Some Special IOC

    

25. CAPEv2

    23 5 2,411 9.8 Python

    Malware Configuration And Payload Extraction

    

26. SaaSHub

    www.saashub.com featured

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    

Malware related posts

• 💀 Insomni'hack 2025 CTF write-up

  1 project | dev.to | 17 Mar 2025

• Malware Analysis: CryptoLocker

  1 project | dev.to | 29 Dec 2024

• Tell HN: I just updated my wife's Chrome, and uBlock is no longer supported

  5 projects | news.ycombinator.com | 25 Dec 2024

• Source Code of $3k-a-Month macOS Malware 'Banshee Stealer' Leaked

  1 project | news.ycombinator.com | 1 Dec 2024

• Researchers discover first UEFI bootkit malware for Linux

  1 project | news.ycombinator.com | 27 Nov 2024

• A Study of Malware Prevention in Linux Distributions

  1 project | news.ycombinator.com | 21 Nov 2024

• Ask HN: What ist your AdBlock strategy?

  7 projects | news.ycombinator.com | 28 Oct 2024
• A note from our sponsor - SaaSHub
  www.saashub.com | 21 May 2025

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

InfluxDB – Built for High-Performance Time Series Workloads

InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

www.influxdata.com