Top 23 Malware Open-Source Projects

  • hosts

    🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.

    Project mention: I'm a Teapot | | 2023-05-26

    hosts file (modified) sourced from; Steven-Black - hosts @GitHub :

    cat /etc/hosts |grep -i ''

  • Awesome-Hacking-Resources

    A collection of hacking / penetration testing resources to make you better!

    Project mention: A list of hacking / penetration testing resources to make you better | | 2023-01-09
  • InfluxDB

    Access the most powerful time series database as a service. Ingest, store, & analyze all types of time series data in a fully-managed, purpose-built database. Keep data forever with low-cost storage and superior data compression.

  • MalwareSourceCode

    Collection of malware source code for a variety of platforms in an array of different programming languages.

    Project mention: Ransomware with known Registry Persistence | | 2023-05-21

    I did managed to get many ransomware from, which is great for me, but I want more ransomware names (in addition to Wannacry and Ryuk).

  • wifiphisher

    The Rogue Access Point Framework

    Project mention: I am looking for a shortcut to convert PICs like this to a working CSS code using the aid of AI, is it possible ? ( i am studying CyberSec, so i need temps like this from time to time, i am mediocre at programming tho) | | 2023-04-09

    dis but for multiple vendors .. as a project for this semester

  • theZoo

    A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.

    Project mention: Diablo I/II/III/IV/Immortal Class Randomizer | | 2023-05-19
  • Reverse-Engineering-Tutorial

    A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.

    Project mention: Updated FREE Complete Reverse Engineering Tutorial to include C, C++ and Go | | 2023-03-01
  • TheFatRat

    Thefatrat a massive exploiting tool : Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and etc . This tool compiles a malware with popular payload and then the compiled malware can be execute on windows, android, mac . The malware that created with this tool also have an ability to bypass most AV software protection .

    Project mention: backdoor | | 2023-04-06

    git clone


    ONLYOFFICE Docs — document collaboration in your environment. Powerful document editing and collaboration in your app or environment. Ultimate security, API and 30+ ready connectors, SaaS or on-premises

  • volatility

    An advanced memory forensics framework

    Project mention: What is the appropriate uncompressed kernel ELF to use with dwarf2json? [ 5.19.0-42-generic #43~22.04.1-Ubuntu ], in order to create generate a custom symbols table to conduct linux memory forensics on Ubuntu 22.04? | | 2023-05-28

    I need this to create generate a custom symbols table (using dwarf2json), in order to run a memory dump acquired by Ubuntu 22.04, as Ubuntu 22.04 kernel does not work anymore with volatility 2 (Issue here: volatilityfoundation/volatility#828)

  • pyWhat

    🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙‍♀️

    Project mention: Go Library like PyWhat? | | 2022-10-20

    Is there a library written in Go similar to PyWhat? I want to use a subset of the functionality for a simple go program I'm writing. I could just call PyWhat, link to lemmeknow, or even write a simple go implementation myself, but I wanted to ask if there was a pure go implementation. Thanks!

  • maltrail

    Malicious traffic detection system

    Project mention: Is Maltrait worth the trouble? | | 2022-12-22

    Yes, MT had OOM on *BSD, because of python-pcapy module, which is currently unmaintained. So, the fork was done and python-pcapy-ng becomes actual module for MT, which fixed OOM and now MT works OK for *BSD-line: [1] [2] [3] py-pcapy-ng on Fresh Ports: Also /requirement.txt file was modified for MT to avoid installing python-pcapy instead of python-pcapy-ng: [4] Despite on all it, some mass-medias keep saying that python-pcapy is required for MT to work. No, just python-pcapy-ng. "Given everything is now encrypted, does anyone know if it is still effective?" <-- IDS (MT is the IDS itself) is passive detection, it doesn't provide the prevention actions. MT can use blocking mechanism, they are describes for Linux: . If some can describe mechanism for MT on *BSD-line, that would be nice. Anyway would be thankful, if you provide details on missing ransomware. Perhaps, it is needed to update network IoCs, if ransomware comprometation was via network. Thank you! "Are the signatures reasonably up to date?" <-- trying to be up-to-dated:

  • al-khaser

    Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.

    Project mention: My neat little internal CS:GO cheat project for Linux | | 2023-01-09
  • simplify

    Android virtual machine and deobfuscator

  • qiling

    A True Instrumentable Binary Emulation Framework

    Project mention: Unicorn Engine problem with map | | 2022-11-26

    Sounds more like r/ReverseEngineering. If what you want to do is some dynamic analysis or just play around, maybe try using qiling, it's built on top of unicorn and is made by the same authors. It will take care of loading the file for you.

  • nginx-ultimate-bad-bot-blocker

    Nginx Block Bad Bots, Spam Referrer Blocker, Vulnerability Scanners, User-Agents, Malware, Adware, Ransomware, Malicious Sites, with anti-DDOS, Wordpress Theme Detector Blocking and Fail2Ban Jail for Repeat Offenders

    Project mention: Rack::Attack | | 2023-03-18

    I generally prefer to go up a level. We install ultimate bad bot blocker at the nginx level for apps running on servers or in K8S. For Heroku you can do this with foremen or docker. The advantage of this is that the ‘no’ happens faster than it does when making it all the way down to rack. RackAttack might let a door to door salesperson say “hi,I’m here to talk to you about solar” before slamming the door. Nginx let’s the same salesperson barely say “hi ..” before slamming the door in their face.

  • pafish

    Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do

    Project mention: Makes perfect sense | | 2023-04-04

    Yes. For example:

  • flare-floss

    FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.

    Project mention: Why is this de-compiled code showing a different value in memory sometimes? | | 2023-03-06

    Depending on how clever the developer was, this tool works well to find hidden strings:

  • blocklist-ipsets

    ipsets dynamically updated with firehol's script

    Project mention: [Opnsensefirewall] Bloquer des IP malveillants avec un pare-feu OPNSENSE | | 2023-04-19
  • block

    Let's make an annoyance free, better open internet, altogether!

    Project mention: Remove Energized blocklists | | 2023-01-07
  • hosts-blocklists

    Automatically updated, moderated and optimized lists for blocking ads, trackers, malware and other garbage

    Project mention: hosts-blocklists VS Lists - a user suggested alternative | | 2023-01-19
  • malwoverview

    Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest and it is able to scan Android devices against VT.

  • EvilClippy

    A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.

    Project mention: Defeat 'Project Unviewable' protection | | 2022-07-07

    It seems that this is some kind of protection. I tried different methods including EvilClippy without any success. Is there any way to view the underlying vba code ?


    Interesting APT Report Collection And Some Special IOC

    Project mention: APT_REPORT/WithSecure-Lazarus-No-Pineapple-Threat-Intelligence-Report-2023.pdf at master · blackorbird/APT_REPORT | | 2023-02-06
  • cyberchef-recipes

    A list of cyber-chef recipes and curated links

  • Sonar

    Write Clean Python Code. Always.. Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2023-05-28.

Malware related posts


What are some of the best open-source Malware projects? This list will help you:

Project Stars
1 hosts 22,984
2 Awesome-Hacking-Resources 13,446
3 MalwareSourceCode 12,800
4 wifiphisher 11,728
5 theZoo 9,748
6 Reverse-Engineering-Tutorial 8,443
7 TheFatRat 7,778
8 volatility 6,249
9 pyWhat 5,966
10 maltrail 5,115
11 al-khaser 4,815
12 simplify 4,156
13 qiling 4,039
14 nginx-ultimate-bad-bot-blocker 3,111
15 pafish 2,689
16 flare-floss 2,658
17 blocklist-ipsets 2,624
18 block 2,393
19 hosts-blocklists 2,267
20 malwoverview 2,186
21 EvilClippy 1,892
22 APT_REPORT 1,802
23 cyberchef-recipes 1,604
Write Clean Python Code. Always.
Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.