{"id":16535866,"url":"https://github.com/frederikme/sandboxed","last_synced_at":"2025-12-13T22:12:05.193Z","repository":{"id":57463807,"uuid":"328949663","full_name":"frederikme/sandboxed","owner":"frederikme","description":"Virtual machine detection. This is done by looking at registry keys, processes, files, internet access and specs such as disk storage, RAM and amount of cpu cores. Easy to use Python 3 library.","archived":false,"fork":false,"pushed_at":"2021-10-08T08:38:57.000Z","size":60,"stargazers_count":18,"open_issues_count":0,"forks_count":4,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-07-01T18:18:23.841Z","etag":null,"topics":["detection","python","sandbox","virtualbox","virtualmachine"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/frederikme.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null},"funding":{"github":[],"patreon":"frederikme","open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"custom":["https://paypal.me/frederikmees","https://www.buymeacoffee.com/frederikme"]}},"created_at":"2021-01-12T10:24:56.000Z","updated_at":"2024-11-22T07:09:52.000Z","dependencies_parsed_at":"2022-09-05T06:01:28.905Z","dependency_job_id":null,"html_url":"https://github.com/frederikme/sandboxed","commit_stats":null,"previous_names":["frederikme/sandbox-evasion"],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/frederikme/sandboxed","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/frederikme%2Fsandboxed","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/frederikme%2Fsandboxed/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/frederikme%2Fsandboxed/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/frederikme%2Fsandboxed/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/frederikme","download_url":"https://codeload.github.com/frederikme/sandboxed/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/frederikme%2Fsandboxed/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":265815587,"owners_count":23832961,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["detection","python","sandbox","virtualbox","virtualmachine"],"created_at":"2024-10-11T18:29:07.074Z","updated_at":"2025-12-13T22:11:59.908Z","avatar_url":"https://github.com/frederikme.png","language":"Python","funding_links":["https://patreon.com/frederikme","https://paypal.me/frederikmees","https://www.buymeacoffee.com/frederikme","https://www.patreon.com/frederikme"],"categories":[],"sub_categories":[],"readme":"# sandbox-evasion\n## Installation\nsandboxed is now available on PyPi as a pip installation.\n```\npip3 install sandboxed\n```\n## Usage\nCertainty will be expressed with a value between 0 and 1, whereas closer to 0 is a real machine and closer to 1 a virtual machine.\n```\nfrom sandboxed import is_sandboxed\n\ncertainty = is_sandboxed()\ncertainty = is_sandboxed(logging=False)\n\nprint(f\"Chance of being inside a virtual machine is {certainty*100}%.\")\n\n\u003e\u003e\u003e Chance of being inside a virtual machine is 95%.\n```\n\n## Explanation of the techniques used\nSandboxed will look at 3 aspects to determine whether it's being run inside a virtual machine.\nAs can be found below:\n1. [Specifications of the machine](#specifications-of-the-machine)\n2. [Filesystem](#filesystem-on-the-pc)\n3. [Internet Access](#internet-access)\n\n### Specifications of the machine\nSince VM (=virtual machines) tend to run upon real operating systems, VM's most of the time have rather bad specs.\nThings that are taken into considerations:\n1. Hard Drive Storage Amount\n2. RAM Storage Amount\n3. CPU (logical) Cores Amount\n4. Serial Number of the PC\n5. Model of the PC\n5. Manufacturer of the PC\n\n### Filesystem on the PC\nSome files directly point to VM that don't exist on real PCs and some files exsist on real PCs that don't exist on the VM.\nThings that are being looked for:\n1. Registry Keys\n2. Active Processes\n3. Specific Files\n4. Amount of Previous WIFI Connections \n5. Amount of Files on PC\n6. Amount of Previous Logins on PC\n\n### Internet Access\nWhen Malware Reverse Engineering the VMs access to internet is most of the time limited or even blocked off completetly to avoid letting the malware back out in the open. \nFew basic internet checks are:\n1. Basic Ping\n2. Downloading a File\n3. HTTP Post Request\n4. DNS Socket Request\n\n\n## Support the Repository\nFeel free to make a pull request and contribute to this project.\u003c/br\u003e\nIf you feel like buying me a drink:\n* [Patreon](https://www.patreon.com/frederikme)\n* [Paypal](https://paypal.me/frederikmees)\n* [Buy Me A Coffee](https://www.buymeacoffee.com/frederikme)\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffrederikme%2Fsandboxed","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffrederikme%2Fsandboxed","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffrederikme%2Fsandboxed/lists"}