Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
Malware
Malware can take various forms, including viruses, worms, Trojans, ransomware, spyware, and more. Its primary goal is to compromise the integrity, confidentiality, or availability of information, often for financial gain, espionage, or other malicious purposes.
- GitHub: https://github.com/topics/malware
- Wikipedia: https://en.wikipedia.org/wiki/Malware
- Related Topics: virus, security, malware-analysis, cyber-attack, cyber-security, system-tracking, system-monitoring,
- Aliases: computer-malware,
- Last updated: 2024-11-15 00:17:26 UTC
- JSON Representation
https://github.com/hasherezade/demos
Demos of various injection techniques found in malware
code-injection dll-injection malware process-hollowing runpe
Last synced: 29 Oct 2024
https://github.com/limerboy/adamantium-thief
:key: Decrypt chromium based browsers passwords, cookies, credit cards, history, bookmarks, autofill. Version > 80 is supported.
bookmarks brave-browser browser chrome chromium chromium-browser cookies credit-cards csharp decrypt history malware opera-browser passwords recovery stealer trojan virus
Last synced: 13 Nov 2024
https://github.com/LimerBoy/Adamantium-Thief
:key: Decrypt chromium based browsers passwords, cookies, credit cards, history, bookmarks, autofill. Version > 80 is supported.
bookmarks brave-browser browser chrome chromium chromium-browser cookies credit-cards csharp decrypt history malware opera-browser passwords recovery stealer trojan virus
Last synced: 29 Oct 2024
https://github.com/strazzere/anti-emulator
Android Anti-Emulator
android anti-emulation emulator java malware reverse-engineering
Last synced: 30 Oct 2024
https://github.com/mrexodia/dumpulator
An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in general (sandboxing).
cross-platform debugging-tools easy-to-use emulator hacktoberfest malware malware-analysis malware-analyzer malware-research minidump python python3 reverse-engineering sandbox unicorn unpacking windows windows-internals x64
Last synced: 13 Nov 2024
https://github.com/saferwall/saferwall
:cloud: Collaborative Malware Analysis Platform at Scale
antivirus dynamic-analysis malware malware-analysis multiav portable-executable sandbox security-tools static-analysis
Last synced: 28 Oct 2024
https://github.com/tarcisio-marinho/gonnacry
A Linux Ransomware
aes aes-encryption c crypto-library cryptography decryption encryption linux linux-ransomware malware malware-analysis malware-development openssl python python-2 ransom-worm ransomware ransomware-prevention rsa-cryptography rsa-key-encryption
Last synced: 12 Oct 2024
https://github.com/gwillem/magento-malware-scanner
Scanner, signatures and the largest collection of Magento malware
cryptojacking ecommerce fraud-detection infosec magento malware scanner
Last synced: 14 Nov 2024
https://github.com/gen0cide/gscript
framework to rapidly implement custom droppers for all three major operating systems
cli compiler golang javascript malware security
Last synced: 03 Nov 2024
https://github.com/atenreiro/opensquat
The openSquat is an open-source tool for detecting domain look-alikes by searching for newly registered domains that might be impersonating legit domains and brands.
blue-team cybersecurity cybersquatting domain-name domain-squatting homograph-attack infosec malware osint phishing phishing-detection phishing-domains python scanner security-tools threat-hunting threat-intelligence typosquatting
Last synced: 04 Aug 2024
https://github.com/rek7/fireELF
fireELF - Fileless Linux Malware Framework
backdoor exploit-development exploitation exploitation-framework framework linux malware malware-development pentesting python redteam security security-tools
Last synced: 31 Oct 2024
https://github.com/ossillate-inc/packj
Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
developer-tools devops devops-tools devsecops dynamic-analysis malware malware-analysis npm pypi python rubygems sandboxing security security-audit security-tools static-analysis supply-chain supply-chain-security vulnerability vulnerability-scanners
Last synced: 14 Nov 2024
https://github.com/swwwolf/wdbgark
WinDBG Anti-RootKit Extension
anomaly-detection anti-rootkit c-plus-plus crash-dump debugging-tool driver forensic-analysis kernel-mode malware malware-analysis malware-research memory-forensics sww swwwolf user-mode visual-studio wdbgark windbg windbg-extension windows
Last synced: 26 Oct 2024
https://github.com/mitre/multiscanner
Modular file scanning/analysis framework
analysis-framework analytic-machines antivirus cuckoo linux malware malware-analysis malware-analyzer malware-research metadata python python-script scanning yara
Last synced: 09 Nov 2024
https://github.com/CapacitorSet/box-js
A tool for studying JavaScript malware.
es6 es6-proxies javascript malware malwareanalysis nodejs
Last synced: 04 Aug 2024
https://github.com/rek7/mxtract
mXtract - Memory Extractor & Analyzer
c-plus-plus cpp cpp11 credentials exploitation linux malware memory-hacking pentesting redteam regex security security-tools stealing
Last synced: 13 Nov 2024
https://github.com/rek7/mXtract
mXtract - Memory Extractor & Analyzer
c-plus-plus cpp cpp11 credentials exploitation linux malware memory-hacking pentesting redteam regex security security-tools stealing
Last synced: 01 Nov 2024
https://github.com/bert-janp/open-source-threat-intel-feeds
This repository contains Open Source freely usable Threat Intel feeds that can be used without additional requirements. Contains multiple types such as IP, URL, CVE and Hash.
c2 ioc iocfeed malware misp phishing threat-hunting threat-intelligence
Last synced: 14 Nov 2024
https://github.com/0x27/linux.mirai
Leaked Linux.Mirai Source Code for Research/IoC Development Purposes
botnet ioc ioc-development iot leak linux malware malware-analysis malware-development malware-research mirai mirai-source
Last synced: 03 Aug 2024
https://github.com/scr34m/php-malware-scanner
Scans PHP files for malwares and known threats
command-line-tool malware php scanner
Last synced: 02 Nov 2024
https://github.com/Bert-JanP/Open-Source-Threat-Intel-Feeds
This repository contains Open Source freely usable Threat Intel feeds that can be used without additional requirements. Contains multiple types such as IP, URL, CVE and Hash.
c2 ioc iocfeed malware misp phishing threat-hunting threat-intelligence
Last synced: 06 Nov 2024
https://github.com/hasherezade/process_doppelganging
My implementation of enSilo's Process Doppelganging (PE injection technique)
malware pe-injector process-doppelganging
Last synced: 29 Oct 2024
https://github.com/vysecurity/morphHTA
morphHTA - Morphing Cobalt Strike's evil.HTA
application cobalt evil hta html malware strike
Last synced: 04 Aug 2024
https://github.com/nyan-x-cat/lime-crypter
Simple obfuscation tool
crypter injection lime-crypter malware obfuscation
Last synced: 16 Nov 2024
https://github.com/carbonblack/binee
Binee: binary emulation environment
analysis binary binary-analysis emulation hooks malware mock static-analysis testing unicorn-emulator
Last synced: 09 Nov 2024
https://github.com/CalebFenton/dex-oracle
A pattern based Dalvik deobfuscator which uses limited execution to improve semantic analysis
android android-malware dalvik deobfuscation deobfuscator dex malware malware-analysis malware-analyzer malware-research reverse-engineer-apk reverse-engineering
Last synced: 25 Oct 2024
https://github.com/calebfenton/dex-oracle
A pattern based Dalvik deobfuscator which uses limited execution to improve semantic analysis
android android-malware dalvik deobfuscation deobfuscator dex malware malware-analysis malware-analyzer malware-research reverse-engineer-apk reverse-engineering
Last synced: 11 Nov 2024
https://github.com/ThomasThelen/Anti-Debugging
A collection of c++ programs that demonstrate common ways to detect the presence of an attached debugger.
anti-debugging anti-malware anti-reversing checkremotedebuggerpresent cracking debugging hacking isdebuggerpresent malware malware-analysis malware-development malware-research reverse-engineering reversing virus windows-hacking
Last synced: 03 Aug 2024
https://github.com/thomasthelen/anti-debugging
A collection of c++ programs that demonstrate common ways to detect the presence of an attached debugger.
anti-debugging anti-malware anti-reversing checkremotedebuggerpresent cracking debugging hacking isdebuggerpresent malware malware-analysis malware-development malware-research reverse-engineering reversing virus windows-hacking
Last synced: 12 Nov 2024
https://github.com/looCiprian/GC2-sheet
GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrate data using Google Drive.
c2 command-and-control golang google google-drive google-sheet malware
Last synced: 04 Aug 2024
https://github.com/hasherezade/transacted_hollowing
Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging
code-injection malware pe-injector pefile
Last synced: 29 Oct 2024
https://github.com/jpcertcc/malconfscan
Volatility plugin for extracts configuration data of known malware
forensics malware memory python security volatility
Last synced: 05 Nov 2024
https://github.com/JPCERTCC/MalConfScan
Volatility plugin for extracts configuration data of known malware
forensics malware memory python security volatility
Last synced: 01 Nov 2024
https://github.com/checkpointsw/invizzzible
InviZzzible is a tool for assessment of your virtual environments in an easy and reliable way. It contains the most recent and up to date detection and evasion techniques as well as fixes for them.
Last synced: 12 Nov 2024
https://github.com/chenerlich/FCL
FCL (Fileless Command Lines) - Known command lines of fileless malicious executions
command-line fcl file-less incident-response malware malware-analysis malware-detection threat-hunting
Last synced: 01 Nov 2024
https://github.com/droidefense/engine
Droidefense: Advance Android Malware Analysis Framework
android dalvik droidefense dynamic-analysis dynamic-code-analysis engine engineer malware malware-analysis opcodes ransomware reverse security static-analysis static-code-analysis trojan
Last synced: 10 Aug 2024
https://github.com/diogo-fernan/ir-rescue
A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
bash batch cybersecurity dfir forensics incident-response malware nirsoft sysinternals unix windows
Last synced: 03 Nov 2024
https://github.com/pylyf/NetWorm
Python network worm that spreads on the local network and gives the attacker control of these machines.
attacker-control backdoor bruteforcing-local-machines hacking hacking-code machine malware pentesting pentesting-windows python python-network-worm python-virus rat spread trojan worm
Last synced: 09 Nov 2024
https://github.com/jpcertcc/aa-tools
Artifact analysis tools by JPCERT/CC Analysis Center
Last synced: 05 Nov 2024
https://github.com/machine1337/gmailc2
A Fully Undetectable C2 Server That Communicates Via Google SMTP to evade Antivirus Protections and Network Traffic Restrictions
c2server evasion fud-rat googlec2 hacking linux-exploits malware network-analysis penetration-testing rat redteaming smtprat windows-exploitation
Last synced: 10 Nov 2024
https://github.com/hasherezade/malware_analysis
Various snippets created during malware analysis
malware malware-analysis trickbot
Last synced: 29 Oct 2024
https://github.com/eschultze/urlextractor
Information gathering & website reconnaissance | https://phishstats.info/
abuse domain incident-response information-extraction information-gathering malicious-domains malware osint phishing shodan virustotal whois
Last synced: 03 Nov 2024
https://github.com/eschultze/URLextractor
Information gathering & website reconnaissance | https://phishstats.info/
abuse domain incident-response information-extraction information-gathering malicious-domains malware osint phishing shodan virustotal whois
Last synced: 09 Aug 2024
https://github.com/mandiant/FIDL
A sane API for IDA Pro's decompiler. Useful for malware RE and vulnerability research
api decompiler ida malware research reversing vulnerability
Last synced: 26 Oct 2024
https://github.com/mandiant/fidl
A sane API for IDA Pro's decompiler. Useful for malware RE and vulnerability research
api decompiler ida malware research reversing vulnerability
Last synced: 10 Nov 2024
https://github.com/phpMussel/phpMussel
PHP-based anti-virus anti-trojan anti-malware solution.
anti-malware anti-spam anti-trojan anti-virus antivirus clamav file-upload hacktoberfest malware php phpmussel protection security signatures upload uploads viruses websites
Last synced: 29 Oct 2024
https://github.com/justasmasiulis/nt_wrapper
A wrapper library around native windows sytem APIs
cpp17 low-level malware modern-cpp native-api obfuscation reverse-engineering syscall system windows-internals
Last synced: 12 Nov 2024
https://github.com/CERT-Polska/mquery
YARA malware query accelerator (web frontend)
database malware security-automation security-tools yara
Last synced: 09 Nov 2024
https://github.com/SitinCloud/Owlyshield
Owlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact).
antivirus behavior-analysis command-and-control cybersecurity edr exfiltration impact machine-learning malware malware-analysis malware-research ransomware threat-hunting
Last synced: 06 Aug 2024
https://github.com/checkpointsw/evasions
Evasions encyclopedia gathers methods used by malware to evade detection when run in virtualized environment. Methods are grouped into categories for ease of searching and understanding. Also provided are code samples, signature recommendations and countermeasures within each category for the described techniques.
anti-analysis anti-emulation anti-sandbox anti-vm evasions malware sandbox-evasion vm-detect
Last synced: 12 Nov 2024
https://github.com/CheckPointSW/Evasions
Evasions encyclopedia gathers methods used by malware to evade detection when run in virtualized environment. Methods are grouped into categories for ease of searching and understanding. Also provided are code samples, signature recommendations and countermeasures within each category for the described techniques.
anti-analysis anti-emulation anti-sandbox anti-vm evasions malware sandbox-evasion vm-detect
Last synced: 26 Oct 2024
https://github.com/diogo-fernan/malsub
A Python RESTful API framework for online malware analysis and threat intelligence services.
api-client cybersecurity malware malware-analysis python restful restful-client virustotal
Last synced: 03 Nov 2024
https://github.com/ujjwal-kr/system-programming-roadmap
A roadmap to teach myself compiler dev, malware reverse engineering, exploitation and kernel dev fundamentals
assembly compilers malware operating-system reverse-engineering
Last synced: 29 Oct 2024
https://github.com/checkpointsw/android_unpacker
A (hopefully) generic unpacker for packed Android apps.
Last synced: 12 Nov 2024
https://github.com/owasp-dep-scan/blint
BLint is a Binary Linter to check the security properties, and capabilities in your executables. Since v2, blint is also an SBOM generator for binaries.
binary cyclonedx depscan fuzzing malware sbom supply-chain-analytics supply-chain-security
Last synced: 14 Nov 2024
https://github.com/volatilityfoundation/community
Volatility plugins developed and maintained by the community
malware python volatility-framework volatility-plugins
Last synced: 01 Nov 2024
https://github.com/ionescu007/Simpleator
Simpleator ("Simple-ator") is an innovative Windows-centric x64 user-mode application emulator that leverages several new features that were added in Windows 10 Spring Update (1803), also called "Redstone 4", with additional improvements that were made in Windows 10 October Update (1809), aka "Redstone 5".
containerization containers emulator hyper-v malware malware-analysis operating-systems reverse-engineering security virtualization
Last synced: 01 Nov 2024
https://github.com/ionescu007/simpleator
Simpleator ("Simple-ator") is an innovative Windows-centric x64 user-mode application emulator that leverages several new features that were added in Windows 10 Spring Update (1803), also called "Redstone 4", with additional improvements that were made in Windows 10 October Update (1809), aka "Redstone 5".
containerization containers emulator hyper-v malware malware-analysis operating-systems reverse-engineering security virtualization
Last synced: 25 Oct 2024
https://github.com/maravento/blackweb
Domains Blacklist for Squid-Cache
adware blacklist blocker-proxy blocklist blocklists drugs malware porn ransomware spyware squid warez
Last synced: 20 Aug 2024
https://github.com/d3ext/maldev
Golang library for malware development
av-evasion cryptography development encryption go golang infosec kali-linux maldev malware pentesting red-team shellcode
Last synced: 14 Nov 2024
https://github.com/nikolaischunk/discord-phishing-links
An actively maintained JSON & txt List containing 22'000+ malicious Domains which are used for phishing on Discord.
discord discord-scams links list malicious-domains malware nitro-scam phishing-detection phishing-links pishing pishing-links-detection scam scam-sites scamblock scammers-database steam steam-scams suspicious tokengrabber
Last synced: 08 Nov 2024
https://github.com/ivan-sincek/invoker
Penetration testing utility and antivirus assessment tool.
access-token bytecode-injection c-plus-plus dll-injection dump-memory ethical-hacking hook-procedure malware offensive-security penetration-testing process-ghosting process-hollowing red-team-engagement reverse-tcp security sticky-keys system-calls task-scheduler windows windows-penetration-testing
Last synced: 14 Nov 2024
https://github.com/secrary/InfectPE
InfectPE - Inject custom code into PE file [This project is not maintained anymore]
c-plus-plus malware reverse-engineering
Last synced: 04 Aug 2024
https://github.com/0x0be/PEpper
An open source script to perform malware static analysis on Portable Executable
malware malware-analysis python3 static-analysis
Last synced: 03 Nov 2024
https://github.com/CriticalPathSecurity/Zeek-Intelligence-Feeds
Zeek-Formatted Threat Intelligence Feeds
malware phishing threat-intelligence threatintel zeek zeek-ids
Last synced: 26 Sep 2024
https://github.com/phype/telnet-iot-honeypot
Python telnet honeypot for catching botnet binaries
botnet honeypot malware telnet-server
Last synced: 03 Aug 2024
https://github.com/ScriptTiger/Unified-Hosts-AutoUpdate
Quickly and easily install, uninstall, and set up automatic updates for any of Steven Black's unified hosts files.
ad-blocker autoupdate autoupdate-script blacklist easy gambling-filter hosts install installer malware microsoft porn-filter scheduling social-media-filter unified-hosts uninstaller unsintall updater updater-script windows
Last synced: 11 Nov 2024
https://github.com/KCarretto/paragon
Red Team engagement platform with the goal of unifying offensive tools behind a simple UI
api botnet command-and-control cross-platform dsl framework frontend golang graphql implants knowledge-graph malware malware-development offensive redteam scripting-language starlark threat-emulation toolkit
Last synced: 04 Aug 2024
https://github.com/santoru/filewatcher
A simple auditing utility for macOS
auditing filesystem macos malware monitoring security-audit
Last synced: 09 Nov 2024
https://github.com/ThreatLabz/ransomware_notes
An Archive of Ransomware Notes Past and Present Collected by Zscaler ThreatLabz
akira alphv blackbasta blackcat blacksuit cactus clop darkangels hive karakurt lockbit mallox malware malware-research medusa notes qilin ransomhub ransomware revil
Last synced: 06 Nov 2024
https://github.com/mitchellkrogza/the-big-list-of-hacked-malware-web-sites
This repository contains a list of all web sites I come across that are either hacked with or purposefully hosting malware, ransomware, viruses or trojans.
browsers click-jacking click-redirecting clickjacking cyber-security cybersecurity hacked malware petya porn ransomware technical-support trojans viruses wannacry website wordpress wordpress-site
Last synced: 12 Oct 2024
https://github.com/mitchellkrogza/The-Big-List-of-Hacked-Malware-Web-Sites
This repository contains a list of all web sites I come across that are either hacked with or purposefully hosting malware, ransomware, viruses or trojans.
browsers click-jacking click-redirecting clickjacking cyber-security cybersecurity hacked malware petya porn ransomware technical-support trojans viruses wannacry website wordpress wordpress-site
Last synced: 04 Nov 2024
https://github.com/senzee1984/inflativeloading
Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.
Last synced: 14 Nov 2024
https://github.com/petercunha/goat
:goat: GoAT (Golang Advanced Trojan) is a trojan that uses Twitter as a C&C server
decentralized golang hacking malware trojan
Last synced: 06 Nov 2024
https://github.com/petercunha/GoAT
:goat: GoAT (Golang Advanced Trojan) is a trojan that uses Twitter as a C&C server
decentralized golang hacking malware trojan
Last synced: 14 Nov 2024
https://github.com/EvilBytecode/GoDefender
Anti Virtulization, Anti Debugging, AntiVM, Anti Virtual Machine, Anti Debug, Anti Sandboxie, Anti Sandbox, VM Detect package. Windows ONLY.
anti-cracking anti-debug anti-vm debugger debugging malware protection reverse-engineering
Last synced: 05 Nov 2024
https://github.com/sapphirex00/Threat-Hunting
Personal compilation of APT malware from whitepaper releases, documents and own research
collection malware malware-analysis malware-detection malware-research threat-hunting threat-intelligence threat-modeling threat-sharing yara-rules
Last synced: 01 Nov 2024
https://github.com/A3sal0n/FalconGate
A smart gateway to stop cyber criminals - Sponsored by Falcon Guard
cybersecurity firewall malware security-tools
Last synced: 04 Aug 2024
https://github.com/qeeqbox/analyzer
Analyze, extract and visualize features, artifacts and IoCs of files and memory dumps (Windows, Linux, Android, iPhone, Blackberry, macOS binaries, emails and more)
analysis analyzer malware malware-analysis osint phishing python visualizes
Last synced: 15 Nov 2024
https://github.com/CybercentreCanada/assemblyline
AssemblyLine 4: File triage and malware analysis
assemblyline automation-framework cert cyber-security cybersecurity document-analysis file-analysis framework incident-response infosec malware malware-analysis malware-analyzer malware-detection malware-research python3 security-automation security-automation-framework security-tools
Last synced: 25 Oct 2024
https://github.com/cybercentrecanada/assemblyline
AssemblyLine 4: File triage and malware analysis
assemblyline automation-framework cert cyber-security cybersecurity document-analysis file-analysis framework incident-response infosec malware malware-analysis malware-analyzer malware-detection malware-research python3 security-automation security-automation-framework security-tools
Last synced: 11 Nov 2024
https://github.com/kleiton0x00/shelltropy
A technique of hiding malicious shellcode via Shannon encoding.
encoding malware malware-analysis malware-development obfuscate obfuscation
Last synced: 14 Nov 2024
https://github.com/reveng007/reveng_rtkit
Linux Loadable Kernel Module (LKM) based rootkit (ring-0), capable of hiding itself, processes/implants, rmmod proof, has ability to bypass infamous rkhunter antirootkit.
antirootkit-bypass backdoor c hacking-tool hacktoberfest kernel-mode-rootkit linux linux-device-driver linux-kernel linux-kernel-module malware post-exploitation-toolkit redteam redteam-tools ring0 rkhunter-antirootkit security security-tools
Last synced: 12 Oct 2024
https://github.com/MDudek-ICS/TRISIS-TRITON-HATMAN
Repository containting original and decompiled files of TRISIS/TRITON/HATMAN malware
ics ics-security malware python scada scada-security
Last synced: 04 Aug 2024
https://github.com/GetRektBoy724/MeterPwrShell
Automated Tool That Generates The Perfect Meterpreter Powershell Payload
amsi av-evasion bypass bypass-amsi bypass-antivirus bypass-firewall bypass-uac fud malware metasploit metasploit-framework meterpreter one-liner payload stager windows
Last synced: 04 Aug 2024