Displaying 1 to 11 from 11 results

Yara - The pattern matching swiss knife for malware researchers

  •    C

YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strings and a boolean expression which determine its logic.

botnets - This is a collection of #botnet source codes, unorganized. For EDUCATIONAL PURPOSES ONLY

  •    C++

Many projects are duplicates or revisions of each other. Many of them have outdated depedencies. My goal is to collectively put them together so that they are compilable and help people interested in malware research analyze them and learn from these samples.

GoBot2 - Second Version of The GoBot Botnet, But more advanced.

  •    Go

After seeing another users Go based botnet i wanted to do more work on my GoBot, But i ended up building something a bit more. There is issues with this but it more of a advanced PoC.... I am not a good coder but i was able to make this buy doing some basic reading online. There was more i wanted to do with this project but i stopped, I am getting out of making Malware and virus's... I am going to move on to more legitimet things. Though i will be posting some of my old projects on my Github, and most of witch are malevolent i am putting them here to make it simpler for the 'good guys' to fight them and there kin. The C&C is a program, You can compile it for Windows, Linux, Mac systems. Its a self-running web-server that handles all connections on the selected port in the settings. it will serve the HTLM C&C to a connector if you allow it and it saves data about account, bots and commands as a SQL database and bots files (screenshots, keylogs, ect) as file under the bots own "Profile" You can control the botnet from the program(more secure) or control it from the HTML C&C. The C&C's program is extremely stable, Go based servers are know for handling millions or requests at once without fail, just make sure you have a good connection. The C&C has a build in hard-coded login (kinda like a Backdoor) you can use if you 'forgot' the account login. the C&C can have any number of accounts. With it being a self-contained program this removes the issue of SQLi attacks on the C&C so its more SECURE. The C&C can also run inside a Tor Hidden service if configured right and the client (bot) can connect to it using a onion.to or onion.cab forwarder if needed. Tor can also be used by the bot via a SOCKS proxy... Simple to do, Google it.

python-medusa - :snake: Python IRC botnet for controlling Mac OS X computers! (defeated by SIP & Gatekeeper)

  •    Python

Don't worry this bot is not a danger to anyone. It would be incredibly difficult to install it on anyone's computer these days as you'd have to disable SIP & Gatekeeper.If you somehow got this bot unintentionally, please remove it, it's not meant to be a virus.

mesh-botnet - :snake: Proof-of-concept python IRC botnet for orchestrating macOS computers (harmless due to SIP & Gatekeeper)

  •    Python

python-medusa is a demo of simple intrusion and virus building concepts introduced in the book "Violent Python", to be run on the test bed provided by mesh-networking. The book is a a funny overview of Python & system security by a US Military Paratrooper, and I highly recommend checking it out. This is an ideal demonstration of the mesh-networking project because it needs a large, organic, networked app to show off its true capability. It would be incredibly difficult to install or get away with using this for malicious purposes in the real world. It makes no attempts to shield communications or evade filesystem detection in any way because the mesh-networking hosts are not adversarial and do not have any of the protection measures like SIP or Gatekeeper.

Cypher - Pythonic ransomware proof of concept.

  •    Python

Cypher operates by generating a unique client ID for each box that has been infected. The client ID and encryption key will be sent via email to a gmail adress by leveraging python's SMTP lib. The new version of Cypher will give the operator the choice to pick between gmail and the C&C infrastructure that comes with the finished project, namely a web application to generate and store key pairs together with client IDs. If the operator chooses to employ the Cypher web app the ransomware will contact via HTTP by leveraging the Mechanize lib. After Cypher has enumerated the files we wish to encrypt the multiprocessing and PyCrypto libs are employed to do the actual encrypting. I opted to use the multiprocessing lib to speed up the encryption process.


  •    Go

A simple Keylogger that captures window titles and all keys, uses AllenDang/w32. This has flaws but its bette then the other ones i have found.

virii - Collection of ancient computer virus source codes

  •    Assembly

Collection of ancient computer virus source codes (mostly). There should be around 2000 files in this repository with a few being Pascal source codes or assembled COM files. A portion of the source codes are also result of reverse engineering and most if not all of it were created for DOS and/or Win9x. I had this files laying around an old hard drive since ages ago and decided to share. They were once included in an issue of a magazine from the early 2000s called H4CK3R by Digerati (a publisher from Brazil which had lots of interesting magazines and books about hacktivism and related topics).

clamav.js - A node.js library for ClamAV

  •    Javascript

This node.js library is intended to be served as a bridge between a node.js application and the ClamAV antivirus engine. will scan through the "directory" of a Linux machine and report any malicious files detected by ClamAV.

Fe2O3 - Simple prepender virus written in Rust

  •    Rust

This is a POC ELF prepender written in Rust. I like writting prependers on languages that I'm learning and find interesting. As for the name, Fe2O3 is the chemical formula of Rust, I thought it was appropriate. Note that the Rust version used is rustc 1.37.0 (eae3437df 2019-08-13), the latest at this moment.

nim-cephei - Probably the first ELF binary infector ever created in Nim.

  •    Nim

Note that Nim version used was 0.17.0, the latest at this moment.