{"id":19614659,"url":"https://github.com/activestate/malwarearchivist","last_synced_at":"2025-04-28T01:32:14.427Z","repository":{"id":66048049,"uuid":"489476165","full_name":"ActiveState/MalwareArchivist","owner":"ActiveState","description":"Download archived malware from ActiveState's source code mirror","archived":false,"fork":false,"pushed_at":"2022-05-16T03:52:02.000Z","size":18,"stargazers_count":29,"open_issues_count":0,"forks_count":0,"subscribers_count":14,"default_branch":"master","last_synced_at":"2025-04-05T04:51:15.330Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ActiveState.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-05-06T19:48:15.000Z","updated_at":"2025-03-22T06:23:57.000Z","dependencies_parsed_at":null,"dependency_job_id":"74484a4a-0963-4ca0-8a74-4b7f521a6cd3","html_url":"https://github.com/ActiveState/MalwareArchivist","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ActiveState%2FMalwareArchivist","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ActiveState%2FMalwareArchivist/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ActiveState%2FMalwareArchivist/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ActiveState%2FMalwareArchivist/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ActiveState","download_url":"https://codeload.github.com/ActiveState/MalwareArchivist/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251234092,"owners_count":21556781,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-11T10:53:15.909Z","updated_at":"2025-04-28T01:32:14.415Z","avatar_url":"https://github.com/ActiveState.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# malware-archivist (ma)\nTool to aid security researchers in dissecting malware.  Often,\nrepository maintainers will remove malicious packages entirely from their\nrepositories in order to protect their users.  This can be frustrating\nfor security researchers who need access to malware source code for\nforensic analysis.\n\nActiveState is maintaining a mirror of many such repositories to\nfacilitate the [ActiveState Platform](https://platform.activestate.com/)\nand has a policy of never removing source code, only marking it as\nunavailable.  This tool allows security researchers to download the\narchived source code to malware ActiveState has mirrored, assuming they\nknow the ecosystem it came from and the name of the package.\n\nCurrently, the ActiveState catalog mirrors PyPI (Python), CPAN (Perl),\nRubyGems (Ruby), Packagist (PHP) and maintains a list of packages for Tcl.\n\n# DISCLAIMER\nThis tool is provided for security researchers looking to dissect and\nunderstand malicious software.  Handling the software accessed with\nthis tool is the equivalent of chainsaw juggling - don't do it unless\nyou REALLY know what you're doing with it.  ActiveState disclaims any\nliability for damages incurred by using this tool or the software accessed\nwith it.\n\nActiveState is providing this service as a resource for\nsecurity researchers.  Abuse of this tool and ActiveState's\nAPIs are covered by the [ActiveState Platform Terms of\nService](https://www.activestate.com/support/platform-terms-of-service/).\nUse of the platform in general is also covered by the above and our\n[Privacy Policy](https://www.activestate.com/company/privacy-policy/).\n\nThe APIs this tool uses are under constant development.  ActiveState\nreserves the right to modify this tool, the underlying APIs and access\nto them in the future.\n\n## Feedback\nFeedback on this tool is welcome!  Please raise issues here if there are\nfeatures you'd like to see or there's malware you'd like to see that we\ndon't have an archive of.\n\n## Prerequisites\n1. An ActiveState platform account\n2. This repo\n3. The ActiveState [state tool](https://docs.activestate.com/platform/state/install/)\n\nDownload 2 and 3 directly:\n```bash\nsh \u003c(curl -q https://platform.activestate.com/dl/cli/106007066.1611950122_pdli01/install.sh) -c'state activate --default ActiveState/Malware-Archivist'\n```\nfor linux/mac, or\n```PowerShell\npowershell -Command \"\u0026 $([scriptblock]::Create((New-Object Net.WebClient).DownloadString('https://platform.activestate.com/dl/cli/106007066.1611950122_pdli01/install.ps1'))) -c'state activate --default ActiveState/Malware-Archivist'\"\n```\nfor Windows\n\n## Usage\n\n```bash\nstate activate\nma --ecosystem ECOSYSTEM --name NAME --version VERSION\n```\nor\n```bash\nstate run ma --ecosystem ECOSYSTEM --name NAME --version VERSION\n```\nWhere ECOSYSTEM can be one of perl, python, tcl, ruby or php\n\nif VERSION is omitted, list the available versions\n\n## Examples\n\nto list the available versions of ecopower:\n```bash\nma --ecosystem python --name ecopower\n```\n\nto download ActiveState's mirrored source for ecopower 1.3:\n```bash\nma --ecosystem python --name ecopower --version 1.3\n```\n\nTry some of these other malware python packages:\n* are\n* aryi\n* hipid\n* noblesse\n* noblesse2\n* noblessev2\n* suffer\n\n## TODO\n1. Add a facility to browse the ActiveState catalog for all known malware\n2. Add mirrors for more ecosystems (NPM, Maven, LuaRocks etc.)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Factivestate%2Fmalwarearchivist","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Factivestate%2Fmalwarearchivist","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Factivestate%2Fmalwarearchivist/lists"}