{"id":23812753,"url":"https://github.com/cybersecurity-dev/malware-toolkit","last_synced_at":"2026-06-29T09:31:11.122Z","repository":{"id":261492670,"uuid":"884473207","full_name":"cybersecurity-dev/Malware-Toolkit","owner":"cybersecurity-dev","description":"A malware toolkit is a set of tools and resources used to create, distribute, and manage malicious software (malware).   These toolkits are often sold on the dark web and are used by cybercriminals with varying levels of technical expertise.","archived":false,"fork":false,"pushed_at":"2025-11-13T19:33:14.000Z","size":2944,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-11-13T21:19:09.060Z","etag":null,"topics":["malware","malware-development"],"latest_commit_sha":null,"homepage":"https://en.wikipedia.org/wiki/Malware","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cybersecurity-dev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-11-06T20:17:34.000Z","updated_at":"2025-11-13T19:33:17.000Z","dependencies_parsed_at":"2024-11-06T21:27:49.374Z","dependency_job_id":"720447e1-d23b-4973-a3f8-84533f36eb74","html_url":"https://github.com/cybersecurity-dev/Malware-Toolkit","commit_stats":null,"previous_names":["cybersecurity-dev/malware-toolkit"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/cybersecurity-dev/Malware-Toolkit","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cybersecurity-dev%2FMalware-Toolkit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cybersecurity-dev%2FMalware-Toolkit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cybersecurity-dev%2FMalware-Toolkit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cybersecurity-dev%2FMalware-Toolkit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cybersecurity-dev","download_url":"https://codeload.github.com/cybersecurity-dev/Malware-Toolkit/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cybersecurity-dev%2FMalware-Toolkit/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34921804,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-29T02:00:05.398Z","response_time":58,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["malware","malware-development"],"created_at":"2025-01-02T02:33:29.951Z","updated_at":"2026-06-29T09:31:11.109Z","avatar_url":"https://github.com/cybersecurity-dev.png","language":"C++","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n# **`Malware`** Development Toolkit\n\u003c/div\u003e\n\n[![Linux](https://img.shields.io/badge/Linux-FCC624?style=for-the-badge\u0026logo=linux\u0026logoColor=black)](https://github.com/cybersecurity-dev/awesome-linux-reverse-engineering)\n[![Windows](https://custom-icon-badges.demolab.com/badge/Windows-0078D6?style=for-the-badge\u0026logo=windows11\u0026logoColor=white)](https://github.com/cybersecurity-dev/awesome-windows-reverse-engineering)\n[![YouTube](https://img.shields.io/badge/YouTube-%23FF0000.svg?style=for-the-badge\u0026logo=YouTube\u0026logoColor=white)]()\n[![Reddit](https://img.shields.io/badge/Reddit-FF4500?style=for-the-badge\u0026logo=reddit\u0026logoColor=white)](https://www.reddit.com/r/Malware/new)\n\n\u003cp align=\"center\"\u003e\n    \u003ca href=\"https://github.com/cybersecurity-dev/\"\u003e\u003cimg height=\"25\" src=\"https://github.com/cybersecurity-dev/cybersecurity-dev/blob/main/assets/github.svg\" alt=\"GitHub\"\u003e\u003c/a\u003e\n    \u0026nbsp;\n    \u003ca href=\"https://www.youtube.com/@CyberThreatDefence\"\u003e\u003cimg height=\"25\" src=\"https://github.com/cybersecurity-dev/cybersecurity-dev/blob/main/assets/youtube.svg\" alt=\"YouTube\"\u003e\u003c/a\u003e\n    \u0026nbsp;\n    \u003ca href=\"https://cyberthreatdefence.com/my_awesome_lists\"\u003e\u003cimg height=\"20\" src=\"https://github.com/cybersecurity-dev/cybersecurity-dev/blob/main/assets/blog.svg\" alt=\"My Awesome Lists\"\u003e\u003c/a\u003e\n    \u003cimg src=\"https://github.com/cybersecurity-dev/cybersecurity-dev/blob/main/assets/bar.gif\"\u003e\n\u003c/p\u003e\n\n\u003cdetails\u003e\n \n\u003csummary\u003eInstall required tools on Linux\u003c/summary\u003e\n \n### For Ubuntu 18.04, 20.04, 22.04\n \n ```bash\n sudo apt-get update\n ```\n \u003c/details\u003e\n  \n \n \u003cdetails\u003e\n \n \u003csummary\u003eInstall required python libs\u003c/summary\u003e\n \n ### pip install\n ```bash\n pip install -r requirements.txt\n python3 setup.py install\n ```\n \n ### conda install\n ```bash\n conda config --add channels conda-forge\n conda install --file requirements_conda.txt\n python3 setup.py install\n ```\n \n \u003c/details\u003e\n\n## 🛡️ Malware Attacker Techniques\n\n### 🔹 1. Initial Access\n- Phishing (email, spear-phishing, attachments, links)\n- Drive-by downloads\n- Exploiting public-facing applications\n- Supply chain compromise\n- Removable media (USB attacks)\n- Credential stuffing / password spraying\n- Watering hole attacks\n\n### 🔹 2. Execution\n- Malicious scripts (PowerShell, JavaScript, VBA macros)\n- Exploiting application vulnerabilities\n- Fileless malware execution\n- Scheduled tasks or cron jobs\n- User-triggered execution\n\n### 🔹 3. Persistence\n- Registry run keys / startup folders\n- Scheduled tasks\n- Service installation\n- DLL hijacking\n- Bootkits / rootkits\n- Web shell deployment\n\n### 🔹 4. Privilege Escalation\n- Exploiting OS vulnerabilities\n- Token impersonation\n- Abuse of misconfigured permissions\n- DLL injection into privileged processes\n\n### 🔹 5. Defense Evasion\n- Obfuscation / packing / encryption\n- Disabling antivirus or security tools\n- Living-off-the-land (LOLBins)\n- Fileless techniques\n- Process injection\n- Masquerading as legitimate processes\n\n### 🔹 6. Credential Access\n- Keylogging\n- Credential dumping (e.g., LSASS memory)\n- Brute force attacks\n- Phishing credential harvesting\n- Browser credential theft\n\n### 🔹 7. Discovery\n- System information enumeration\n- Network scanning\n- Account discovery\n- Process and service enumeration\n- File and directory discovery\n\n### 🔹 8. Lateral Movement\n- Pass-the-hash / pass-the-ticket\n- Remote desktop (RDP abuse)\n- SMB/Windows Admin shares\n- Remote services execution\n- Exploiting trust relationships\n\n### 🔹 9. Collection\n- Screen capture\n- Clipboard monitoring\n- File collection\n- Email harvesting\n- Audio/video capture\n\n### 🔹 10. Command and Control (C2)\n- HTTP/HTTPS beacons\n- DNS tunneling\n- Encrypted channels\n- Peer-to-peer botnets\n- Cloud service abuse\n\n### 🔹 11. Exfiltration\n- Data transfer over C2 channel\n- Compression and encryption before exfiltration\n- Steganography (hidden data in files)\n- Exfiltration over web services\n\n\n##\n\n### My Awesome Lists\nYou can access the my awesome lists [here](https://cyberthreatdefence.com/my_awesome_lists)\n\n### Contributing\n\n[Contributions of any kind welcome, just follow the guidelines](contributing.md)!\n\n### Contributors\n\n[Thanks goes to these contributors](https://github.com/cybersecurity-dev/Malware-Toolkit/graphs/contributors)!\n\n[🔼 Back to top](#malware-development-toolkit)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcybersecurity-dev%2Fmalware-toolkit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcybersecurity-dev%2Fmalware-toolkit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcybersecurity-dev%2Fmalware-toolkit/lists"}