YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strings and a boolean expression which determine its logic.
malware malware-analysis threat-analysis security virusMany projects are duplicates or revisions of each other. Many of them have outdated depedencies. My goal is to collectively put them together so that they are compilable and help people interested in malware research analyze them and learn from these samples.
botnet botnets security virus malware vulnerability vulnerability-testingDon't worry this bot is not a danger to anyone. It would be incredibly difficult to install it on anyone's computer these days as you'd have to disable SIP & Gatekeeper.If you somehow got this bot unintentionally, please remove it, it's not meant to be a virus.
botnet irc mac proof-of-concept viruspython-medusa is a demo of simple intrusion and virus building concepts introduced in the book "Violent Python", to be run on the test bed provided by mesh-networking. The book is a a funny overview of Python & system security by a US Military Paratrooper, and I highly recommend checking it out. This is an ideal demonstration of the mesh-networking project because it needs a large, organic, networked app to show off its true capability. It would be incredibly difficult to install or get away with using this for malicious purposes in the real world. It makes no attempts to shield communications or evade filesystem detection in any way because the mesh-networking hosts are not adversarial and do not have any of the protection measures like SIP or Gatekeeper.
botnet irc mac proof-of-concept virusCypher operates by generating a unique client ID for each box that has been infected. The client ID and encryption key will be sent via email to a gmail adress by leveraging python's SMTP lib. The new version of Cypher will give the operator the choice to pick between gmail and the C&C infrastructure that comes with the finished project, namely a web application to generate and store key pairs together with client IDs. If the operator chooses to employ the Cypher web app the ransomware will contact via HTTP by leveraging the Mechanize lib. After Cypher has enumerated the files we wish to encrypt the multiprocessing and PyCrypto libs are employed to do the actual encrypting. I opted to use the multiprocessing lib to speed up the encryption process.
ransomware malware virus encryption-key encryptionThis node.js library is intended to be served as a bridge between a node.js application and the ClamAV antivirus engine. will scan through the "directory" of a Linux machine and report any malicious files detected by ClamAV.
clamav.js clamav clamd daemon virus scan node.js
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.