https://github.com/cybersecurity-dev/malware-toolkit
A malware toolkit is a set of tools and resources used to create, distribute, and manage malicious software (malware). These toolkits are often sold on the dark web and are used by cybercriminals with varying levels of technical expertise.
https://github.com/cybersecurity-dev/malware-toolkit
malware malware-development
Last synced: 10 days ago
JSON representation
A malware toolkit is a set of tools and resources used to create, distribute, and manage malicious software (malware). These toolkits are often sold on the dark web and are used by cybercriminals with varying levels of technical expertise.
- Host: GitHub
- URL: https://github.com/cybersecurity-dev/malware-toolkit
- Owner: cybersecurity-dev
- License: mit
- Created: 2024-11-06T20:17:34.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2025-11-13T19:33:14.000Z (8 months ago)
- Last Synced: 2025-11-13T21:19:09.060Z (8 months ago)
- Topics: malware, malware-development
- Language: C++
- Homepage: https://en.wikipedia.org/wiki/Malware
- Size: 2.81 MB
- Stars: 2
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# **`Malware`** Development Toolkit
[](https://github.com/cybersecurity-dev/awesome-linux-reverse-engineering)
[](https://github.com/cybersecurity-dev/awesome-windows-reverse-engineering)
[]()
[](https://www.reddit.com/r/Malware/new)
Install required tools on Linux
### For Ubuntu 18.04, 20.04, 22.04
```bash
sudo apt-get update
```
Install required python libs
### pip install
```bash
pip install -r requirements.txt
python3 setup.py install
```
### conda install
```bash
conda config --add channels conda-forge
conda install --file requirements_conda.txt
python3 setup.py install
```
## 🛡️ Malware Attacker Techniques
### 🔹 1. Initial Access
- Phishing (email, spear-phishing, attachments, links)
- Drive-by downloads
- Exploiting public-facing applications
- Supply chain compromise
- Removable media (USB attacks)
- Credential stuffing / password spraying
- Watering hole attacks
### 🔹 2. Execution
- Malicious scripts (PowerShell, JavaScript, VBA macros)
- Exploiting application vulnerabilities
- Fileless malware execution
- Scheduled tasks or cron jobs
- User-triggered execution
### 🔹 3. Persistence
- Registry run keys / startup folders
- Scheduled tasks
- Service installation
- DLL hijacking
- Bootkits / rootkits
- Web shell deployment
### 🔹 4. Privilege Escalation
- Exploiting OS vulnerabilities
- Token impersonation
- Abuse of misconfigured permissions
- DLL injection into privileged processes
### 🔹 5. Defense Evasion
- Obfuscation / packing / encryption
- Disabling antivirus or security tools
- Living-off-the-land (LOLBins)
- Fileless techniques
- Process injection
- Masquerading as legitimate processes
### 🔹 6. Credential Access
- Keylogging
- Credential dumping (e.g., LSASS memory)
- Brute force attacks
- Phishing credential harvesting
- Browser credential theft
### 🔹 7. Discovery
- System information enumeration
- Network scanning
- Account discovery
- Process and service enumeration
- File and directory discovery
### 🔹 8. Lateral Movement
- Pass-the-hash / pass-the-ticket
- Remote desktop (RDP abuse)
- SMB/Windows Admin shares
- Remote services execution
- Exploiting trust relationships
### 🔹 9. Collection
- Screen capture
- Clipboard monitoring
- File collection
- Email harvesting
- Audio/video capture
### 🔹 10. Command and Control (C2)
- HTTP/HTTPS beacons
- DNS tunneling
- Encrypted channels
- Peer-to-peer botnets
- Cloud service abuse
### 🔹 11. Exfiltration
- Data transfer over C2 channel
- Compression and encryption before exfiltration
- Steganography (hidden data in files)
- Exfiltration over web services
##
### My Awesome Lists
You can access the my awesome lists [here](https://cyberthreatdefence.com/my_awesome_lists)
### Contributing
[Contributions of any kind welcome, just follow the guidelines](contributing.md)!
### Contributors
[Thanks goes to these contributors](https://github.com/cybersecurity-dev/Malware-Toolkit/graphs/contributors)!
[🔼 Back to top](#malware-development-toolkit)