KlamAV is an Anti-Virus Manager for the KDE Desktop. Based on the ClamAV scanning engine, it features : 'On Access' Scanning * Manual Scanning * Quarantine Management * Update Management * Mail Scanning (KMail/Evolution) * Virus Browser
anti-virus malware scannerClam AntiVirus is an anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates.
anti-virus malware scannerYARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strings and a boolean expression which determine its logic.
malware malware-analysis threat-analysis security virusThis repository consolidates several reputable hosts files, and merges them into a unified hosts file with duplicates removed. A variety of tailored hosts files are provided. The Non GitHub mirror is the link to use for some hosts file managers like Hostsman for Windows that don't work with Github download links.
unified-hosts malware ad-blocker porn-filter social-media-filter hosts privacy protection pornblocker gambling-filter ransomware trojansGEF is a kick-ass set of commands for X86, ARM, MIPS, PowerPC and SPARC to make GDB cool again for exploit dev. It is aimed to be used mostly by exploiters and reverse-engineers, to provide additional features to GDB using the Python API to assist during the process of dynamic analysis and exploit development. It has full support for both Python2 and Python3 indifferently (as more and more distros start pushing gdb compiled with Python3 support).
exploit gdb reverse-engineering ctf ida-pro binary-ninja pwn exploit-development malware malware-research debuggingMaltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user defined lists, where trail can be anything from domain name (e.g. zvpprsensinaix.com for Banjori malware), URL (e.g. http://109.162.38.120/harsh02.exe for known malicious executable), IP address (e.g. 185.130.5.231 for known attacker) or HTTP User-Agent header value (e.g. sqlmap for automatic SQL injection and database takeover tool). Also, it uses (optional) advanced heuristic mechanisms that can help in discovery of unknown threats (e.g. new malware). Maltrail is based on the Traffic -> Sensor <-> Server <-> Client architecture. Sensor(s) is a standalone component running on the monitoring node (e.g. Linux platform connected passively to the SPAN/mirroring port or transparently inline on a Linux bridge) or at the standalone machine (e.g. Honeypot) where it "monitors" the passing Traffic for blacklisted items/trails (i.e. domain names, URLs and/or IPs). In case of a positive match, it sends the event details to the (central) Server where they are being stored inside the appropriate logging directory (i.e. LOG_DIR described in the Configuration section). If Sensor is being run on the same machine as Server (default configuration), logs are stored directly into the local logging directory. Otherwise, they are being sent via UDP messages to the remote server (i.e. LOG_SERVER described in the Configuration section).
security malware intrusion-detection sensor heuristics network-monitoringtheZoo is a project created to make the possibility of malware analysis open and available to the public. Since we have found out that almost all versions of malware are very hard to come by in a way which will allow analysis, we have decided to gather all of them for you in an accessible and safe way. theZoo was born by Yuval tisf Nativ and is now maintained by Shahak Shalev. theZoo's purpose is to allow the study of malware and enable people who are interested in malware analysis (or maybe even as a part of their job) to have access to live malware, analyse the ways they operate, and maybe even enable advanced and savvy people to block specific malware within their own environment.
malware malware-analysis malware-samplesPafish is a demonstration tool that employs several techniques to detect sandboxes and analysis environments in the same way as malware families do. The project is open source, you can read the code of all anti-analysis checks. You can also download the executable of the latest stable version.
malware reverse-engineering virtual-machine malware-families analysis-environments sandboxSimplify virtually executes an app to understand its behavior and then tries to optimize the code so that it behaves identically but is easier for a human to understand. Each optimization type is simple and generic, so it doesn't matter what the specific type of obfuscation is used. The code on the left is a decompilation of an obfuscated app, and the code on the right has been deobfuscated.
deobfuscation optimization android reverse-engineering malware-analysis dalvik malware deobfuscator virtual-machine emulator malware-analyzerExploit Development and Reverse Engineering with GDB Made Easy
gdb peda gdbinit pwndbg reverse-engineering debugging ctf gef hack disassembler ida-pro binary-ninja defcon capture-the-flag malware malware-analysis pwnableMany projects are duplicates or revisions of each other. Many of them have outdated depedencies. My goal is to collectively put them together so that they are compilable and help people interested in malware research analyze them and learn from these samples.
botnet botnets security virus malware vulnerability vulnerability-testingMalice's mission is to be a free open source version of VirusTotal that anyone can use at any scale from an independent researcher to a fortune 500 company. NOTE: On the first run malice will download all of it's default plugins which can take a while to complete.
malice docker malware infosec virustotal elasticsearch antivirus cloud cybersecurity dfir malware-analysis malware-researchal-khaser is a PoC "malware" application with good intentions that aims to stress your anti-malware system. It performs a bunch of common malware tricks with the goal of seeing if you stay under the radar. You can download the latest release here: x86 | x64.
anti-analysis anti-debugging anti-sandbox anti-vm anti-emulation code-injection malware timing-attacks av-bypass sandbox-evasionA framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks
hacking-tool windows-hacking backdoor execution-policy-bypass hacking pentest uac-bypass kill-antivirus kali-linux powershell phishing social-engineering scam avs runas anti-forensics persistence spoofing malware dr0p1tHere are indicators of compromise (IOCs) of our various investigations. We are doing this to help the broader security community fight malware wherever it might be. If you would like to contribute improved versions please send us a pull request.
ioc malware misp yaraAwesome hacking is a curated list of hacking tools for hackers, pentesters and security researchers. Its goal is to collect, classify and make awesome tools easy to find by humans, creating a toolset you can checkout and update with one command. Every kind of contribution is really appreciated! Follow the :doc:`contribute`.
hacking hacking-tools curated-list penetration-testing forensics malware security security-toolsMalcom is a tool designed to analyze a system's network communication using graphical representations of network traffic, and cross-reference them with known malware sources. This comes handy when analyzing how certain malware species try to communicate with the outside world. The aim of Malcom is to make malware analysis and intel gathering faster by providing a human-readable version of network traffic originating from a given host or network. Convert network traffic information to actionable intelligence faster.
malware network-traffic pcap threat-intelligence malware-analysis infosec dfirUsing Oracle Virtualbox as the virtualisation software running from a Windows 10 physical host, will cause issues with the Docker install. There is currently no workaround other than using VMware Player or VMware Workstation.
data-science intelligence analytics virtual-machine malware threat cyber fireeye intelligence-analysis mandiant threatintelligence threathuntingThis repository includes a list of ipsets dynamically updated with FireHOL's update-ipsets.sh documented in this wiki.This repo is self maintained. It it updated automatically from the script via a cron job.
blocklists ipset ipset-lists attacks abuses malware command-and-controlPHP-malware-finder does its very best to detect obfuscated/dodgy code as well as files using PHP functions often used in malwares/webshells. Of course it's trivial to bypass PMF, but its goal is to catch kiddies and idiots, not people with a working brain. If you report a stupid tailored bypass for PMF, you likely belong to one (or both) category, and should re-read the previous statement.
yara malware webshell antivirus
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.