Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/sammwyy/novm

A tool to hide virtual machines (VMs) from malicious actors.
https://github.com/sammwyy/novm

antivm antivmdetection kvm malware-analysis malware-detection qemu vbox virtual-machine virtualbox virtualization vm vmdetect vmware

Last synced: 3 days ago
JSON representation

A tool to hide virtual machines (VMs) from malicious actors.

Host: GitHub
URL: https://github.com/sammwyy/novm
Owner: sammwyy
License: mit
Created: 2024-10-19T17:34:52.000Z (about 1 month ago)
Default Branch: main
Last Pushed: 2024-10-26T21:24:22.000Z (24 days ago)
Last Synced: 2024-10-26T23:14:40.012Z (24 days ago)
Topics: antivm, antivmdetection, kvm, malware-analysis, malware-detection, qemu, vbox, virtual-machine, virtualbox, virtualization, vm, vmdetect, vmware
Language: Rust
Homepage:
Size: 13.7 KB
Stars: 7
Watchers: 1
Forks: 1
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # 🚫🖥️ NoVM

NoVM is a tool designed to hide virtual machines (VMs) from malicious actors.

## ✨ Features

- **Cloak Virtual Machines:** Protect your VM by obfuscating registry entries, files, drivers, and processes.

- **Cross-Platform Support:** Automatically detects the VM platform or allows manual selection.

## 📜 Usage

To use NoVM, you can run the following command:

> [!WARNING]

> Do not run this software in a real environment, as it may destabilize your system or render it unusable. By default, NoVM will not run if it does not detect any traces of a virtualizing agent.

```bash

novm --help

```

> [!IMPORTANT]

> On Linux you must run the executable as sudo, on Windows as NT authority (You can use [PsExec](https://learn.microsoft.com/es-es/sysinternals/downloads/psexec) for this)

### Command Line Options

- `-p, --platform `: Specifies the platform to cloak. Default is `auto`.

- `--no-reg`: Do not cloak registry entries.

- `--no-files`: Do not obfuscate files.

- `--no-kill`: Do not kill processes.

- `--no-drivers`: Do not obfuscate drivers.

> [!TIP]

> The "auto" option allows the virtualizer to be detected using the running processes. If you want to run NoVM more than once you must force the cleanup function by specifying the platform using the "-p" parameter.

## Compatibility Table 🛠️

| Guest OS   | VMware | VirtualBox | QEMU | Hyper-V | KVM | Xen |

|------------|:------:|:----------:|:----:|:-------:|:---:|:---:|

| Windows    | ✔️     | ❌        | ❌  | ❌     | ❌ | ❌  |

| Linux      | ❌     | ❌        | ❌  | ❌     | ❌ | ❌  |

| macOS      | ⚠️     | ⚠️        | ⚠️  | ⚠️     | ⚠️ | ⚠️  |

> ✔️: Supported

> ❌: Not Supported (yet)

> ⚠️: Not planned

## 🤝 Contributing

Contributions, issues and feature requests are welcome! Feel free to check [issues page](https://github.com/sammwyy/novm/issues).

## ❤️ Show your support

Give a ⭐️ if this project helped you! Or buy me a coffeelatte 🙌 on [Ko-fi](https://ko-fi.com/sammwy)

## 📝 License

Copyright © 2024 [Sammwy](https://github.com/sammwyy). This project is [MIT](LICENSE) licensed.