{"id":27392395,"url":"https://github.com/whitecat18/rust-for-malware-development","last_synced_at":"2025-05-14T13:06:22.422Z","repository":{"id":222165751,"uuid":"756435047","full_name":"Whitecat18/Rust-for-Malware-Development","owner":"Whitecat18","description":"This repository contains complete resources and coding practices for malware development using Rust 🦀. ","archived":false,"fork":false,"pushed_at":"2025-05-04T13:33:41.000Z","size":30640,"stargazers_count":2191,"open_issues_count":0,"forks_count":57,"subscribers_count":30,"default_branch":"main","last_synced_at":"2025-05-04T14:28:51.248Z","etag":null,"topics":["malware","malware-development","proof-of-concept","research","rust","rustlang","tips-and-tricks","windows"],"latest_commit_sha":null,"homepage":"https://maldev.5mukx.site/","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Whitecat18.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2024-02-12T16:55:06.000Z","updated_at":"2025-05-04T14:13:37.000Z","dependencies_parsed_at":"2025-04-13T21:47:22.742Z","dependency_job_id":"1de96d61-56ff-442f-9a0f-88d62785f2bc","html_url":"https://github.com/Whitecat18/Rust-for-Malware-Development","commit_stats":null,"previous_names":["whitecat18/rust-for-malware-development"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Whitecat18%2FRust-for-Malware-Development","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Whitecat18%2FRust-for-Malware-Development/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Whitecat18%2FRust-for-Malware-Development/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Whitecat18%2FRust-for-Malware-Development/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Whitecat18","download_url":"https://codeload.github.com/Whitecat18/Rust-for-Malware-Development/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254149953,"owners_count":22022851,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["malware","malware-development","proof-of-concept","research","rust","rustlang","tips-and-tricks","windows"],"created_at":"2025-04-13T21:47:10.222Z","updated_at":"2025-05-14T13:06:22.384Z","avatar_url":"https://github.com/Whitecat18.png","language":"Rust","readme":"\n# Rust for Malware Development\n\n\u003cdiv align=\"center\"\u003e\n  \u003cimg width=\"350px\" src=\"https://user-images.githubusercontent.com/797/46922345-99723480-cfbc-11e8-8f2d-18eec8f18ad5.png\" alt=\"Rust for Malware Development Logo\" /\u003e\n  \u003ch3\u003e\u003ca href=\"https://github.com/Whitecat18/Rust-for-Malware-Development\"\u003eRust for Malware Development\u003c/a\u003e\u003c/h3\u003e\n  \u003cp\u003e\u003cb\u003eThis repository contains source codes of various techniques used by malware authors, red teamers, threat actors, state-sponsored hacking groups etc. These techniques are well-researched and implemented in Rust.\u003c/b\u003e\u003c/p\u003e\n  \u003cp\u003eManaged by \u003ca href=\"https://x.com/5mukx\"\u003e@5mukx\u003c/a\u003e\u003c/p\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Language-Rust-orange\" alt=\"Language: Rust\" /\u003e\n  \u003cimg src=\"https://img.shields.io/badge/OS-Windows-blue\" alt=\"OS: Windows\" /\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Maintained-Yes-green\" alt=\"Maintained: Yes\" /\u003e\n\u003c/div\u003e\n\n---\n\n## Table of Contents\n\n- [Walkthrough](#walkthrough)\n- [Malware Techniques](#malware-techniques)\n- [Encryption Techniques](#encryption-techniques)\n- [Related Blogs](#related-blogs)\n- [Download Repository](#download-as-zip-file)\n- [Contribution](#contributing-to-rust-for-malware-development)\n\n## Malware Techniques\n\n| Technique | Description |\n|-----------|-------------|\n| [Process Injection](Process-Injection) | Process injection techniques |\n| [Process Injection 2](Process) | Additional process injection snippets. |\n| [Process Ghosting](GhostingProcess) | Process ghosting technique |\n| [Process Hypnosis](Process/hypnosis.rs) | Process hypnosis techniques |\n| [Process Herpaderping](Process/Herpaderping) | Process herpaderping |\n| [Waiting Thread Hijacking](WaitingThreadHijacking) | injection by overwriting the return address of a waiting thread |\n| [NtCreateUserProcess](NtCreateUserProcess) | Launch processes using NtCreateUserProcess API. |\n| [Custom Shellcode](./Custom_Shellcode/) | Custom Shellcode for Testing. | \n| [Named Pipes](Named_Pipe) | Interprocess communication using named pipes on Windows. |\n| [Api Hooking](Api_Hooking) | API Hooking Using Trampoline. | \n| [PE Analyzer](https://github.com/Whitecat18/PE-Analyzer.rs) | Extract PE information via CLI. |\n| [BlockHandle](BlockHandle) | Block handles using SDDL PoC. |\n| [Dynamic Export Table PEB](base_addr_locator) | Call Windows functions by searching memory. |\n| [API Hammering](api_hammering) | API hammering techniques. |\n| [Early Cascade Injection](Early%20Cascade%20Injection) | Early-cascade injection PoC in Rust. |\n| [Encryption Methods](Encryption%20Methods) | Methods to encrypt and execute payloads. |\n| [Enumeration](Enumeration) | Enumeration modules for efficiency. |\n| [Malware Samples](Malware-Samples) | Malware based on real-world activities. |\n| [Metadata Modification](Metadata_Modification) | Extract and embed custom metadata in binaries. |\n| [Keyloggers](Keyloggers) | Custom keylogger implementations in Rust. |\n| [DLL Injection](dll_injection) | DLL injection in Rust. |\n| [DLL Injector](DLL_Injector) | Versatile DLL injector in Rust. |\n| [Code Snippets](Malware_Tips) | Snippets for malware operations. |\n| [NTAPI Implementation](NtApi) | NTAPI usage snippets. |\n| [Extract WiFi Passwords](Recon/extract_wifi) | Extract stored WiFi passwords on Windows. |\n| [Reverse Shell](Reverse%20Shell) | Client-server reverse shell in Rust. |\n| [Thread Hijacking](Threads) | Thread hijacking snippets. |\n| [Self Deletion](Self-Deletion-Techniques) | Techniques for self-deleting binaries. |\n| [Position Independent Series](position%20independent) | Position-independent code in Rust. |\n| [Shellcode Execution](shellcode_exec) | Shellcode execution using WinAPIs. |\n| [Sleep Obfuscation](Sleep_Obfuscations/Ekko) | Sleep obfuscation implementation. |\n| [Direct Syscalls](syscalls/direct_syscalls) | Direct syscall implementation using STUB methods. |\n| [Indirect Syscalls](syscalls/indirect_syscalls) | Indirect syscall implementation using STUB methods. |\n| [BSOD](BSOD) | Triggers a Blue Screen of Death. |\n| [Persistence](Persistence) | Persistence techniques. |\n| [UAC Bypass CMSTP](uac-bypass-cmstp) | UAC bypass by elevating CMSTP.exe. |\n| [Malware DSA](shellcode_exec/DSA_Exec) | Malware using data structures and algorithms. |\n| [Shellcode Obfuscation](obfuscation) | Obfuscate shellcode using IPv4, IPv6, MAC, UUID formats. |\n| [EDR Checker](EDRChecker) | Detect EDR tools, AV software, and security applications. |\n| [Timer](timer) | Time-based execution control mechanism. |\n| [Keylogger Dropper](keylog_dropper) | Downloads and executes keylogger in the background. |\n| [Rand_Fill](Malware_Tips/rand_fill) | Deletes files and fills disk with random bytes. |\n| [Encryfer-X](Malware-Samples/Encryfer/Encryfer-X) | Ransomware combining multiple PoC techniques. |\n| [GitHub Stealers](stealer/GitHub_API) | Steal credentials using GitHub API. |\n| [AMSI Byapss](./Amsi_Bypass/) | Using hardware breakpoints to intercept and manipulate the AmsiScanBuffer function. | \n\n## Encryption Techniques\n\n| Technique | Description |\n|-----------|-------------|\n| [AES Encryption](Encryption%20Methods/Aes_Encryption) | Encrypt/decrypt shellcodes using AES. |\n| [RC4 Encryption](Encryption%20Methods/rc4_shellcode_encrypt.rs) | Encrypt/decrypt shellcodes using RC4. |\n| [Khufu Encryption](Encryption%20Methods/Khufu_encryption) | Encrypt/decrypt using Khufu algorithm. |\n| [Camellia Cipher](Encryption%20Methods/camellia_cipher) | Encryption using Camellia cipher. |\n| [NullxFigure](Encryption%20Methods/nullxfigure) | Parse null bytes into shellcode. |\n| [A5/1 Cipher](Encryption%20Methods) | Encrypt shellcode using modified A5/1 cipher. |\n| [XOR Encryption](Encryption%20Methods/xor_encrypt.rs) | Shellcode encryption using XOR. |\n| [Lucifer Algorithm](Encryption%20Methods/lucifer_algorithm.rs) | Encrypt/decrypt shellcodes using Lucifer algorithm. |\n| [DFC Algorithm](Encryption%20Methods/dfc_algorithm.rs) | Encrypt/execute payloads using DFC algorithm. |\n| [Payload Shuffling](Encryption%20Methods/payload_shuffling) | Payload shuffling techniques. |\n| [ECC Encryption](Encryption%20Methods/ecc_shellcode_exec) | Encrypt/decrypt shellcodes using ECC. |\n| [SystemFunction032/033](Encryption%20Methods/SystemFunction032_033) | Encrypt/decrypt shellcode using undocumented WinAPI. |\n\n## Walkthrough\n\n- **New to Rust?** Follow the [compilation guide](deps.md).\n- **Compile Source Code**: See [README](deps.md).\n- **Clean PoCs Recursively**: Use [commands](CLEAN.md).\n- **Cross-Compilation with Docker**: Refer to [README](docker.md).\n\n## Related Blogs\n\n- [Malware Development Essentials Part 1](https://medium.com/system-weakness/malware-development-essentials-part-1-5f4626652ed9)\n- [Rust for Cybersecurity and Red Teaming](https://infosecwriteups.com/rust-for-cyber-security-and-red-teaming-275595d3fdec)\n- [DLL Injection Using Rust](dll_injection)\n\n## Download as .Zip File\n\nDownload the repository: [Link](https://download.5mukx.site/#/home?url=https://github.com/Whitecat18/Rust-for-Malware-Development)\n\n## Contributing to Rust for Malware Development\n\nWe welcome contributions to the [Rust for Malware Development repository](https://github.com/Whitecat18/Rust-for-Malware-Development). To contribute, please follow these steps:\n\n1. Fork the repository.\n2. Create a new branch: `git checkout -b \u003cbranch_name\u003e`.\n3. Make your changes and commit them: `git commit -m '\u003ccommit_message\u003e'`.\n4. Push your changes to your branch: `git push origin \u003cbranch_name\u003e`.\n5. Submit a pull request.\n\nIf you have any questions about contributing, refer to the [GitHub documentation](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests) for more details or contact me on Twitter [@5mukx](https://x.com/5mukx).","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwhitecat18%2Frust-for-malware-development","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwhitecat18%2Frust-for-malware-development","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwhitecat18%2Frust-for-malware-development/lists"}