Displaying 1 to 20 from 20 results

KlamAV - ClamAV for KDE

  •    C

KlamAV is an Anti-Virus Manager for the KDE Desktop. Based on the ClamAV scanning engine, it features : 'On Access' Scanning * Manual Scanning * Quarantine Management * Update Management * Mail Scanning (KMail/Evolution) * Virus Browser

Clam AntiVirus

  •    C

Clam AntiVirus is an anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates.

pafish - Pafish is a demonstration tool that employs several techniques to detect sandboxes and analysis environments in the same way as malware families do

  •    C

Pafish is a demonstration tool that employs several techniques to detect sandboxes and analysis environments in the same way as malware families do. The project is open source, you can read the code of all anti-analysis checks. You can also download the executable of the latest stable version.

al-khaser - Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection

  •    C++

al-khaser is a PoC "malware" application with good intentions that aims to stress your anti-malware system. It performs a bunch of common malware tricks with the goal of seeing if you stay under the radar. You can download the latest release here: x86 | x64.




magento-malware-scanner - Scanner, signatures and the largest collection of Magento malware

  •    HTML

Magento is a profitable target for hackers. Since 2015, I have identified more than 40.000 compromised stores. In most cases, malware is inserted that will a) intercept customer data, b) divert payments or c) uses your customers for cryptojacking. This project contains both a fast scanner to quickly find malware, and a collection of Magento malware signatures. They are recommended by Magento and used by the US Department of Homeland Security, the Magento Marketplace, Magereport, the Mage Security Council and many others.

fame - FAME Automates Malware Evaluation

  •    Python

FAME is a recursive acronym meaning “FAME Automates Malware Evaluation”. It is meant to facilitate analysis of malicious files, leveraging as much knowledge as possible in order to speed up and automate end-to-end analysis.

intelmq - IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol

  •    Python

IntelMQ is a solution for IT security teams (CERTs, CSIRTs, abuse departments,...) for collecting and processing security feeds (such as log files) using a message queuing protocol. It's a community driven initiative called IHAP (Incident Handling Automation Project) which was conceptually designed by European CERTs/CSIRTs during several InfoSec events. Its main goal is to give to incident responders an easy way to collect & process threat intelligence thus improving the incident handling processes of CERTs. See INSTALL.

gscript - framework to rapidly implement custom droppers for all three major operating systems

  •    Go

Gscript is a framework for building multi-tenant executors for several implants in a stager. The engine works by embedding runtime logic (powered by the V8 Javascript Virtual Machine) for each persistence technique. This logic gets run at deploy time on the victim machine, in parallel for every implant contained with the stager. The Gscript engine leverages the multi-platform support of Golang to produce final stage one binaries for Windows, Mac, and Linux. Thats it! You're good to go.


Manalyze - A static analyzer for PE executables.

  •    C++

My work on Manalyze started when my antivirus tried to quarantine my malware sample collection for the thirtieth time. It is also born from my increasing frustration with AV products which make decisions without ever explaining why they deem a file malicious. Obviously, most people are better off having an antivirus decide what's best for them. But it seemed to me that expert users (i.e. malware analysts) could use a tool which would analyze a PE executable, provide as many data as possible, and leave the final call to them. If you want to see some sample reports generated by the tool, feel free to try out the web service I created for it: manalyzer.org.

rokki - Simple web-sites malware scanner.

  •    PHP

Rokki is a simple web-sites malware scanner inspired by Manul Antimalware Tool. The tool has been developed to help system administrators to find malware in websites without a need to install PHP on the server. Check all files in /var/www/htdocs folder.

Cypher - Pythonic ransomware proof of concept.

  •    Python

Cypher operates by generating a unique client ID for each box that has been infected. The client ID and encryption key will be sent via email to a gmail adress by leveraging python's SMTP lib. The new version of Cypher will give the operator the choice to pick between gmail and the C&C infrastructure that comes with the finished project, namely a web application to generate and store key pairs together with client IDs. If the operator chooses to employ the Cypher web app the ransomware will contact via HTTP by leveraging the Mechanize lib. After Cypher has enumerated the files we wish to encrypt the multiprocessing and PyCrypto libs are employed to do the actual encrypting. I opted to use the multiprocessing lib to speed up the encryption process.

malware-research - Samples, research and documents about any kind of malware and misc source which should be released for the public

  •    C

Collection of malware samples, research and guides to understand it and to practice, learn and build mechanism to defeat it. Collection of Malware samples, research and guides to understand it and to practice, learn and build mechanism to defeat it.

Windows-Backdoor - Simple Windows backdoor written in Go

  •    Go

A simple Windows backdoor, It uses TCP connections to communicate between the Server and Client. Data is encoded using Base64 for some basic obfuscation. This is a Command Prompt backdoor. Send command "exit" to have the backdoor close.

gocave - Finding code caves in ELF files with GoLang

  •    Go

Utility to find code caves in ELF files, written in Go. You can either run go get -u github.com/guitmz/gocave or clone this repository and build with go build.

fake-sandbox - This script will simulate fake processes of analysis sandbox/VM software that some malware will try to avoid

  •    Batchfile

This small script will simulate fake processes of analysis, sandbox and VM software that some malware will try to avoid. You can download the original script made by @x0rz here (thanks, by the way). You can also download my slightly optimized script from the root directory. The file is named fsp.ps1. This exact script is also used in the FSP installer.

malwarecage - Malware repository component for samples & static configuration with REST API interface

  •    Python

Malware repository component for automated malware collection/analysis systems. Project is written in Python 2.7.

fame_modules - Community modules for FAME

  •    Python

Community modules for FAME. This repository is automatically added to all FAME installations.

ergo-pe-av - 🧠 🦠 An artificial neural network and API to detect Windows malware, based on Ergo and LIEF

  •    Python

An artificial neural network and API to detect Windows malware, based on Ergo and LIEF. Made with ♥ by the dev team and it is released under the GPL 3 license.

nim-cephei - Probably the first ELF binary infector ever created in Nim.

  •    Nim

Note that Nim version used was 0.17.0, the latest at this moment.