Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

Malware

Malware can take various forms, including viruses, worms, Trojans, ransomware, spyware, and more. Its primary goal is to compromise the integrity, confidentiality, or availability of information, often for financial gain, espionage, or other malicious purposes.

https://github.com/hasherezade/demos

Demos of various injection techniques found in malware

code-injection dll-injection malware process-hollowing runpe

Last synced: 29 Oct 2024

https://github.com/limerboy/adamantium-thief

:key: Decrypt chromium based browsers passwords, cookies, credit cards, history, bookmarks, autofill. Version > 80 is supported.

bookmarks brave-browser browser chrome chromium chromium-browser cookies credit-cards csharp decrypt history malware opera-browser passwords recovery stealer trojan virus

Last synced: 13 Nov 2024

https://github.com/LimerBoy/Adamantium-Thief

:key: Decrypt chromium based browsers passwords, cookies, credit cards, history, bookmarks, autofill. Version > 80 is supported.

bookmarks brave-browser browser chrome chromium chromium-browser cookies credit-cards csharp decrypt history malware opera-browser passwords recovery stealer trojan virus

Last synced: 29 Oct 2024

https://github.com/mrexodia/dumpulator

An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in general (sandboxing).

cross-platform debugging-tools easy-to-use emulator hacktoberfest malware malware-analysis malware-analyzer malware-research minidump python python3 reverse-engineering sandbox unicorn unpacking windows windows-internals x64

Last synced: 13 Nov 2024

https://github.com/saturnsvoid/gobot2

Second Version of The GoBot Botnet, But more advanced.

bot botnet ddos-tool go golang keylogger malware uac-bypass virus windows

Last synced: 03 Nov 2024

https://github.com/SaturnsVoid/GoBot2

Second Version of The GoBot Botnet, But more advanced.

bot botnet ddos-tool go golang keylogger malware uac-bypass virus windows

Last synced: 14 Nov 2024

https://github.com/dragokas/hijackthis

A free utility that finds malware, adware and other security threats

adware cleanup expert hijacking-methods malware portable pup scanner security toolbars tuneup unwanted

Last synced: 01 Nov 2024

https://github.com/gwillem/magento-malware-scanner

Scanner, signatures and the largest collection of Magento malware

cryptojacking ecommerce fraud-detection infosec magento malware scanner

Last synced: 14 Nov 2024

https://github.com/forrest-orr/moneta

Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs

artifact dump hollowing injection ioc malware memory moneta pe process reflective scanner shellcode usermode windows

Last synced: 13 Nov 2024

https://github.com/gen0cide/gscript

framework to rapidly implement custom droppers for all three major operating systems

cli compiler golang javascript malware security

Last synced: 03 Nov 2024

https://github.com/atenreiro/opensquat

The openSquat is an open-source tool for detecting domain look-alikes by searching for newly registered domains that might be impersonating legit domains and brands.

blue-team cybersecurity cybersquatting domain-name domain-squatting homograph-attack infosec malware osint phishing phishing-detection phishing-domains python scanner security-tools threat-hunting threat-intelligence typosquatting

Last synced: 04 Aug 2024

https://github.com/ossillate-inc/packj

Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain

developer-tools devops devops-tools devsecops dynamic-analysis malware malware-analysis npm pypi python rubygems sandboxing security security-audit security-tools static-analysis supply-chain supply-chain-security vulnerability vulnerability-scanners

Last synced: 14 Nov 2024

https://github.com/CapacitorSet/box-js

A tool for studying JavaScript malware.

es6 es6-proxies javascript malware malwareanalysis nodejs

Last synced: 04 Aug 2024

https://github.com/guitmz/virii

Collection of ancient computer virus source codes

assembly dos malware virus win32 windows x86

Last synced: 13 Nov 2024

https://github.com/Cr4sh/SmmBackdoor

First open source and publicly available System Management Mode backdoor for UEFI based platforms. Good as general purpose playground for various SMM experiments.

backdoor boot firmware intel malware smm uefi

Last synced: 04 Aug 2024

https://github.com/cr4sh/smmbackdoor

First open source and publicly available System Management Mode backdoor for UEFI based platforms. Good as general purpose playground for various SMM experiments.

backdoor boot firmware intel malware smm uefi

Last synced: 03 Nov 2024

https://github.com/cr4sh/microbackdoor

Small and convenient C2 tool for Windows targets. [ Русский -- значит нахуй! ]

backdoor c2 malware python shellcode windows

Last synced: 13 Nov 2024

https://github.com/bert-janp/open-source-threat-intel-feeds

This repository contains Open Source freely usable Threat Intel feeds that can be used without additional requirements. Contains multiple types such as IP, URL, CVE and Hash.

c2 ioc iocfeed malware misp phishing threat-hunting threat-intelligence

Last synced: 14 Nov 2024

https://github.com/0x27/linux.mirai

Leaked Linux.Mirai Source Code for Research/IoC Development Purposes

botnet ioc ioc-development iot leak linux malware malware-analysis malware-development malware-research mirai mirai-source

Last synced: 03 Aug 2024

https://github.com/Cr4sh/MicroBackdoor

Small and convenient C2 tool for Windows targets. [ Русский -- значит нахуй! ]

backdoor c2 malware python shellcode windows

Last synced: 04 Aug 2024

https://github.com/scr34m/php-malware-scanner

Scans PHP files for malwares and known threats

command-line-tool malware php scanner

Last synced: 02 Nov 2024

https://github.com/Bert-JanP/Open-Source-Threat-Intel-Feeds

This repository contains Open Source freely usable Threat Intel feeds that can be used without additional requirements. Contains multiple types such as IP, URL, CVE and Hash.

c2 ioc iocfeed malware misp phishing threat-hunting threat-intelligence

Last synced: 06 Nov 2024

https://github.com/hasherezade/process_doppelganging

My implementation of enSilo's Process Doppelganging (PE injection technique)

malware pe-injector process-doppelganging

Last synced: 29 Oct 2024

https://github.com/vysecurity/morphHTA

morphHTA - Morphing Cobalt Strike's evil.HTA

application cobalt evil hta html malware strike

Last synced: 04 Aug 2024

https://github.com/richkmeli/Richkware

Framework for building Windows malware, written in C++

bot c cpp framework hacker hacking hacktool keylogger malware mingw spyware virus windows worm

Last synced: 11 Nov 2024

https://github.com/CalebFenton/dex-oracle

A pattern based Dalvik deobfuscator which uses limited execution to improve semantic analysis

android android-malware dalvik deobfuscation deobfuscator dex malware malware-analysis malware-analyzer malware-research reverse-engineer-apk reverse-engineering

Last synced: 25 Oct 2024

https://github.com/calebfenton/dex-oracle

A pattern based Dalvik deobfuscator which uses limited execution to improve semantic analysis

android android-malware dalvik deobfuscation deobfuscator dex malware malware-analysis malware-analyzer malware-research reverse-engineer-apk reverse-engineering

Last synced: 11 Nov 2024

https://github.com/looCiprian/GC2-sheet

GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrate data using Google Drive.

c2 command-and-control golang google google-drive google-sheet malware

Last synced: 04 Aug 2024

https://github.com/hasherezade/transacted_hollowing

Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging

code-injection malware pe-injector pefile

Last synced: 29 Oct 2024

https://github.com/jpcertcc/malconfscan

Volatility plugin for extracts configuration data of known malware

forensics malware memory python security volatility

Last synced: 05 Nov 2024

https://github.com/JPCERTCC/MalConfScan

Volatility plugin for extracts configuration data of known malware

forensics malware memory python security volatility

Last synced: 01 Nov 2024

https://github.com/checkpointsw/invizzzible

InviZzzible is a tool for assessment of your virtual environments in an easy and reliable way. It contains the most recent and up to date detection and evasion techniques as well as fixes for them.

evasion malware research

Last synced: 12 Nov 2024

https://github.com/chenerlich/FCL

FCL (Fileless Command Lines) - Known command lines of fileless malicious executions

command-line fcl file-less incident-response malware malware-analysis malware-detection threat-hunting

Last synced: 01 Nov 2024

https://github.com/diogo-fernan/ir-rescue

A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.

bash batch cybersecurity dfir forensics incident-response malware nirsoft sysinternals unix windows

Last synced: 03 Nov 2024

https://github.com/pylyf/NetWorm

Python network worm that spreads on the local network and gives the attacker control of these machines.

attacker-control backdoor bruteforcing-local-machines hacking hacking-code machine malware pentesting pentesting-windows python python-network-worm python-virus rat spread trojan worm

Last synced: 09 Nov 2024

https://github.com/jpcertcc/aa-tools

Artifact analysis tools by JPCERT/CC Analysis Center

malware python security

Last synced: 05 Nov 2024

https://github.com/machine1337/gmailc2

A Fully Undetectable C2 Server That Communicates Via Google SMTP to evade Antivirus Protections and Network Traffic Restrictions

c2server evasion fud-rat googlec2 hacking linux-exploits malware network-analysis penetration-testing rat redteaming smtprat windows-exploitation

Last synced: 10 Nov 2024

https://github.com/hasherezade/malware_analysis

Various snippets created during malware analysis

malware malware-analysis trickbot

Last synced: 29 Oct 2024

https://github.com/mandiant/FIDL

A sane API for IDA Pro's decompiler. Useful for malware RE and vulnerability research

api decompiler ida malware research reversing vulnerability

Last synced: 26 Oct 2024

https://github.com/mandiant/fidl

A sane API for IDA Pro's decompiler. Useful for malware RE and vulnerability research

api decompiler ida malware research reversing vulnerability

Last synced: 10 Nov 2024

https://github.com/CERT-Polska/mquery

YARA malware query accelerator (web frontend)

database malware security-automation security-tools yara

Last synced: 09 Nov 2024

https://github.com/V1D1AN/S1EM

This project is a SIEM with SIRP and Threat Intel, all in one.

arkime cortex docker elasticsearch filebeat kibana logstash malware misp mwdb n8n opencti sigma suricata thehive velociraptor yara zeek zircolite

Last synced: 12 Nov 2024

https://github.com/SitinCloud/Owlyshield

Owlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact).

antivirus behavior-analysis command-and-control cybersecurity edr exfiltration impact machine-learning malware malware-analysis malware-research ransomware threat-hunting

Last synced: 06 Aug 2024

https://github.com/checkpointsw/evasions

Evasions encyclopedia gathers methods used by malware to evade detection when run in virtualized environment. Methods are grouped into categories for ease of searching and understanding. Also provided are code samples, signature recommendations and countermeasures within each category for the described techniques.

anti-analysis anti-emulation anti-sandbox anti-vm evasions malware sandbox-evasion vm-detect

Last synced: 12 Nov 2024

https://github.com/CheckPointSW/Evasions

Evasions encyclopedia gathers methods used by malware to evade detection when run in virtualized environment. Methods are grouped into categories for ease of searching and understanding. Also provided are code samples, signature recommendations and countermeasures within each category for the described techniques.

anti-analysis anti-emulation anti-sandbox anti-vm evasions malware sandbox-evasion vm-detect

Last synced: 26 Oct 2024

https://github.com/diogo-fernan/malsub

A Python RESTful API framework for online malware analysis and threat intelligence services.

api-client cybersecurity malware malware-analysis python restful restful-client virustotal

Last synced: 03 Nov 2024

https://github.com/ujjwal-kr/system-programming-roadmap

A roadmap to teach myself compiler dev, malware reverse engineering, exploitation and kernel dev fundamentals

assembly compilers malware operating-system reverse-engineering

Last synced: 29 Oct 2024

https://github.com/aaaddress1/Windows-APT-Warfare

著作《Windows APT Warfare:惡意程式前線戰術指南》各章節技術實作之原始碼內容

apt hackers hacking malware security windows

Last synced: 04 Aug 2024

https://github.com/checkpointsw/android_unpacker

A (hopefully) generic unpacker for packed Android apps.

android malware research

Last synced: 12 Nov 2024

https://github.com/owasp-dep-scan/blint

BLint is a Binary Linter to check the security properties, and capabilities in your executables. Since v2, blint is also an SBOM generator for binaries.

binary cyclonedx depscan fuzzing malware sbom supply-chain-analytics supply-chain-security

Last synced: 14 Nov 2024

https://github.com/volatilityfoundation/community

Volatility plugins developed and maintained by the community

malware python volatility-framework volatility-plugins

Last synced: 01 Nov 2024

https://github.com/ionescu007/Simpleator

Simpleator ("Simple-ator") is an innovative Windows-centric x64 user-mode application emulator that leverages several new features that were added in Windows 10 Spring Update (1803), also called "Redstone 4", with additional improvements that were made in Windows 10 October Update (1809), aka "Redstone 5".

containerization containers emulator hyper-v malware malware-analysis operating-systems reverse-engineering security virtualization

Last synced: 01 Nov 2024

https://github.com/nyan-x-cat/mass-rat

Basic Multiplatform Remote Administration Tool - Xamarin

admin android backdoor malware rat remote tool xamarin

Last synced: 14 Nov 2024

https://github.com/ionescu007/simpleator

Simpleator ("Simple-ator") is an innovative Windows-centric x64 user-mode application emulator that leverages several new features that were added in Windows 10 Spring Update (1803), also called "Redstone 4", with additional improvements that were made in Windows 10 October Update (1809), aka "Redstone 5".

containerization containers emulator hyper-v malware malware-analysis operating-systems reverse-engineering security virtualization

Last synced: 25 Oct 2024

https://github.com/secrary/InfectPE

InfectPE - Inject custom code into PE file [This project is not maintained anymore]

c-plus-plus malware reverse-engineering

Last synced: 04 Aug 2024

https://github.com/0x0be/PEpper

An open source script to perform malware static analysis on Portable Executable

malware malware-analysis python3 static-analysis

Last synced: 03 Nov 2024

https://github.com/phype/telnet-iot-honeypot

Python telnet honeypot for catching botnet binaries

botnet honeypot malware telnet-server

Last synced: 03 Aug 2024

https://github.com/santoru/filewatcher

A simple auditing utility for macOS

auditing filesystem macos malware monitoring security-audit

Last synced: 09 Nov 2024

https://github.com/mitchellkrogza/the-big-list-of-hacked-malware-web-sites

This repository contains a list of all web sites I come across that are either hacked with or purposefully hosting malware, ransomware, viruses or trojans.

browsers click-jacking click-redirecting clickjacking cyber-security cybersecurity hacked malware petya porn ransomware technical-support trojans viruses wannacry website wordpress wordpress-site

Last synced: 12 Oct 2024

https://github.com/mitchellkrogza/The-Big-List-of-Hacked-Malware-Web-Sites

This repository contains a list of all web sites I come across that are either hacked with or purposefully hosting malware, ransomware, viruses or trojans.

browsers click-jacking click-redirecting clickjacking cyber-security cybersecurity hacked malware petya porn ransomware technical-support trojans viruses wannacry website wordpress wordpress-site

Last synced: 04 Nov 2024

https://github.com/senzee1984/inflativeloading

Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.

malware shellcode windows

Last synced: 14 Nov 2024

https://github.com/petercunha/goat

:goat: GoAT (Golang Advanced Trojan) is a trojan that uses Twitter as a C&C server

decentralized golang hacking malware trojan

Last synced: 06 Nov 2024

https://github.com/petercunha/GoAT

:goat: GoAT (Golang Advanced Trojan) is a trojan that uses Twitter as a C&C server

decentralized golang hacking malware trojan

Last synced: 14 Nov 2024

https://github.com/EvilBytecode/GoDefender

Anti Virtulization, Anti Debugging, AntiVM, Anti Virtual Machine, Anti Debug, Anti Sandboxie, Anti Sandbox, VM Detect package. Windows ONLY.

anti-cracking anti-debug anti-vm debugger debugging malware protection reverse-engineering

Last synced: 05 Nov 2024

https://github.com/sapphirex00/Threat-Hunting

Personal compilation of APT malware from whitepaper releases, documents and own research

collection malware malware-analysis malware-detection malware-research threat-hunting threat-intelligence threat-modeling threat-sharing yara-rules

Last synced: 01 Nov 2024

https://github.com/A3sal0n/FalconGate

A smart gateway to stop cyber criminals - Sponsored by Falcon Guard

cybersecurity firewall malware security-tools

Last synced: 04 Aug 2024

https://github.com/kleiton0x00/shelltropy

A technique of hiding malicious shellcode via Shannon encoding.

encoding malware malware-analysis malware-development obfuscate obfuscation

Last synced: 14 Nov 2024

https://github.com/reveng007/reveng_rtkit

Linux Loadable Kernel Module (LKM) based rootkit (ring-0), capable of hiding itself, processes/implants, rmmod proof, has ability to bypass infamous rkhunter antirootkit.

antirootkit-bypass backdoor c hacking-tool hacktoberfest kernel-mode-rootkit linux linux-device-driver linux-kernel linux-kernel-module malware post-exploitation-toolkit redteam redteam-tools ring0 rkhunter-antirootkit security security-tools

Last synced: 12 Oct 2024

https://github.com/MDudek-ICS/TRISIS-TRITON-HATMAN

Repository containting original and decompiled files of TRISIS/TRITON/HATMAN malware

ics ics-security malware python scada scada-security

Last synced: 04 Aug 2024

https://github.com/gleeda/memtriage

Allows you to quickly query a Windows machine for RAM artifacts

live-analysis malware memory memory-analysis memory-forensics ram volatility windows-machine winpmem

Last synced: 27 Oct 2024