Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work. Learn more →
Top 23 Malware Open-Source Projects
🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.Project mention: I'm a Teapot | news.ycombinator.com | 2023-05-26
hosts file (modified) sourced from; Steven-Black - hosts @GitHub : https://github.com/StevenBlack/hosts
cat /etc/hosts |grep -i 'jsonip.com'
A collection of hacking / penetration testing resources to make you better!Project mention: A list of hacking / penetration testing resources to make you better | reddit.com/r/CKsTechNews | 2023-01-09
Access the most powerful time series database as a service. Ingest, store, & analyze all types of time series data in a fully-managed, purpose-built database. Keep data forever with low-cost storage and superior data compression.
Collection of malware source code for a variety of platforms in an array of different programming languages.Project mention: Ransomware with known Registry Persistence | reddit.com/r/AskNetsec | 2023-05-21
I did managed to get many ransomware from vx-underground.org, which is great for me, but I want more ransomware names (in addition to Wannacry and Ryuk).
The Rogue Access Point FrameworkProject mention: I am looking for a shortcut to convert PICs like this to a working CSS code using the aid of AI, is it possible ? ( i am studying CyberSec, so i need temps like this from time to time, i am mediocre at programming tho) | reddit.com/r/ChatGPT | 2023-04-09
dis but for multiple vendors .. as a project for this semester
A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.Project mention: Diablo I/II/III/IV/Immortal Class Randomizer | reddit.com/r/diablo4 | 2023-05-19
A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.Project mention: Updated FREE Complete Reverse Engineering Tutorial to include C, C++ and Go | reddit.com/r/ReverseEngineering | 2023-03-01
Thefatrat a massive exploiting tool : Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and etc . This tool compiles a malware with popular payload and then the compiled malware can be execute on windows, android, mac . The malware that created with this tool also have an ability to bypass most AV software protection .Project mention: backdoor | reddit.com/r/u_GoldStop3185 | 2023-04-06
git clone https://github.com/Screetsec/TheFatRat.git
ONLYOFFICE Docs — document collaboration in your environment. Powerful document editing and collaboration in your app or environment. Ultimate security, API and 30+ ready connectors, SaaS or on-premises
An advanced memory forensics frameworkProject mention: What is the appropriate uncompressed kernel ELF to use with dwarf2json? [ 5.19.0-42-generic #43~22.04.1-Ubuntu ], in order to create generate a custom symbols table to conduct linux memory forensics on Ubuntu 22.04? | reddit.com/r/computerforensics | 2023-05-28
I need this to create generate a custom symbols table (using dwarf2json), in order to run a memory dump acquired by Ubuntu 22.04, as Ubuntu 22.04 kernel does not work anymore with volatility 2 (Issue here: volatilityfoundation/volatility#828)
🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙♀️Project mention: Go Library like PyWhat? | reddit.com/r/golang | 2022-10-20
Is there a library written in Go similar to PyWhat? I want to use a subset of the functionality for a simple go program I'm writing. I could just call PyWhat, link to lemmeknow, or even write a simple go implementation myself, but I wanted to ask if there was a pure go implementation. Thanks!
Malicious traffic detection systemProject mention: Is Maltrait worth the trouble? | reddit.com/r/OPNsenseFirewall | 2022-12-22
Yes, MT had OOM on *BSD, because of python-pcapy module, which is currently unmaintained. So, the fork was done and python-pcapy-ng becomes actual module for MT, which fixed OOM and now MT works OK for *BSD-line:  https://github.com/stamparm/maltrail/issues/19056  https://github.com/stamparm/maltrail/issues/16710  py-pcapy-ng on Fresh Ports: https://www.freshports.org/net/py-pcapy-ng/ Also /requirement.txt file was modified for MT to avoid installing python-pcapy instead of python-pcapy-ng:  https://github.com/stamparm/maltrail/commit/2aa2da5ba5c332ddd106020290926d1fdfd0f8b2 Despite on all it, some mass-medias keep saying that python-pcapy is required for MT to work. No, just python-pcapy-ng. "Given everything is now encrypted, does anyone know if it is still effective?" <-- IDS (MT is the IDS itself) is passive detection, it doesn't provide the prevention actions. MT can use blocking mechanism, they are describes for Linux: https://github.com/stamparm/maltrail/wiki/Miscellaneous#1-setting-up-maltrail-as-an-intrusion-prevention-system-ips . If some can describe mechanism for MT on *BSD-line, that would be nice. Anyway would be thankful, if you provide details on missing ransomware. Perhaps, it is needed to update network IoCs, if ransomware comprometation was via network. Thank you! "Are the signatures reasonably up to date?" <-- trying to be up-to-dated: https://github.com/stamparm/maltrail/commits/master
Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.Project mention: My neat little internal CS:GO cheat project for Linux | reddit.com/r/Csgohacks | 2023-01-09
Android virtual machine and deobfuscator
A True Instrumentable Binary Emulation FrameworkProject mention: Unicorn Engine problem with map | reddit.com/r/learnprogramming | 2022-11-26
Sounds more like r/ReverseEngineering. If what you want to do is some dynamic analysis or just play around, maybe try using qiling, it's built on top of unicorn and is made by the same authors. It will take care of loading the file for you.
Nginx Block Bad Bots, Spam Referrer Blocker, Vulnerability Scanners, User-Agents, Malware, Adware, Ransomware, Malicious Sites, with anti-DDOS, Wordpress Theme Detector Blocking and Fail2Ban Jail for Repeat OffendersProject mention: Rack::Attack | reddit.com/r/rails | 2023-03-18
I generally prefer to go up a level. We install ultimate bad bot blocker at the nginx level for apps running on servers or in K8S. For Heroku you can do this with foremen or docker. The advantage of this is that the ‘no’ happens faster than it does when making it all the way down to rack. RackAttack might let a door to door salesperson say “hi,I’m here to talk to you about solar” before slamming the door. Nginx let’s the same salesperson barely say “hi ..” before slamming the door in their face.
Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families doProject mention: Makes perfect sense | reddit.com/r/ProgrammerHumor | 2023-04-04
Yes. For example: https://github.com/a0rtega/pafish
FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.Project mention: Why is this de-compiled code showing a different value in memory sometimes? | reddit.com/r/ghidra | 2023-03-06
Depending on how clever the developer was, this tool works well to find hidden strings: https://github.com/mandiant/flare-floss
ipsets dynamically updated with firehol's update-ipsets.sh scriptProject mention: [Opnsensefirewall] Bloquer des IP malveillants avec un pare-feu OPNSENSE | reddit.com/r/enfrancais | 2023-04-19
Let's make an annoyance free, better open internet, altogether!Project mention: Remove Energized blocklists | reddit.com/r/ahadns | 2023-01-07
Automatically updated, moderated and optimized lists for blocking ads, trackers, malware and other garbageProject mention: hosts-blocklists VS Lists - a user suggested alternative | libhunt.com/r/hosts-blocklists | 2023-01-19
Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest and it is able to scan Android devices against VT.
A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.Project mention: Defeat 'Project Unviewable' protection | reddit.com/r/excel | 2022-07-07
It seems that this is some kind of protection. I tried different methods including EvilClippy without any success. Is there any way to view the underlying vba code ?
Interesting APT Report Collection And Some Special IOCProject mention: APT_REPORT/WithSecure-Lazarus-No-Pineapple-Threat-Intelligence-Report-2023.pdf at master · blackorbird/APT_REPORT | reddit.com/r/SecOpsDaily | 2023-02-06
A list of cyber-chef recipes and curated links
Write Clean Python Code. Always.. Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.
Malware related posts
PC slows down after downloading cracked games from Megathread sites
1 project | reddit.com/r/Piracy | 29 May 2023
What is the appropriate uncompressed kernel ELF to use with dwarf2json? [ 5.19.0-42-generic #43~22.04.1-Ubuntu ], in order to create generate a custom symbols table to conduct linux memory forensics on Ubuntu 22.04?
2 projects | reddit.com/r/computerforensics | 28 May 2023
Making a hardened/childproofed image. Need patch suggestions and guides.
1 project | reddit.com/r/archlinux | 26 May 2023
KittyStager: KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant, called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.
1 project | reddit.com/r/blueteamsec | 25 May 2023
Ransomware with known Registry Persistence
1 project | reddit.com/r/AskNetsec | 21 May 2023
How to block or reroute an entire top level domain?
1 project | reddit.com/r/linuxmint | 21 May 2023
Diablo I/II/III/IV/Immortal Class Randomizer
2 projects | reddit.com/r/diablo4 | 19 May 2023
A note from our sponsor - Sonar
www.sonarsource.com | 1 Jun 2023
What are some of the best open-source Malware projects? This list will help you: