Displaying 1 to 6 from 6 results

Yara - The pattern matching swiss knife for malware researchers

  •    C

YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strings and a boolean expression which determine its logic.

botnets - This is a collection of #botnet source codes, unorganized. For EDUCATIONAL PURPOSES ONLY

  •    C++

Many projects are duplicates or revisions of each other. Many of them have outdated depedencies. My goal is to collectively put them together so that they are compilable and help people interested in malware research analyze them and learn from these samples.

python-medusa - :snake: Python IRC botnet for controlling Mac OS X computers! (defeated by SIP & Gatekeeper)

  •    Python

Don't worry this bot is not a danger to anyone. It would be incredibly difficult to install it on anyone's computer these days as you'd have to disable SIP & Gatekeeper.If you somehow got this bot unintentionally, please remove it, it's not meant to be a virus.

mesh-botnet - :snake: Proof-of-concept python IRC botnet for orchestrating macOS computers (harmless due to SIP & Gatekeeper)

  •    Python

python-medusa is a demo of simple intrusion and virus building concepts introduced in the book "Violent Python", to be run on the test bed provided by mesh-networking. The book is a a funny overview of Python & system security by a US Military Paratrooper, and I highly recommend checking it out. This is an ideal demonstration of the mesh-networking project because it needs a large, organic, networked app to show off its true capability. It would be incredibly difficult to install or get away with using this for malicious purposes in the real world. It makes no attempts to shield communications or evade filesystem detection in any way because the mesh-networking hosts are not adversarial and do not have any of the protection measures like SIP or Gatekeeper.




Cypher - Pythonic ransomware proof of concept.

  •    Python

Cypher operates by generating a unique client ID for each box that has been infected. The client ID and encryption key will be sent via email to a gmail adress by leveraging python's SMTP lib. The new version of Cypher will give the operator the choice to pick between gmail and the C&C infrastructure that comes with the finished project, namely a web application to generate and store key pairs together with client IDs. If the operator chooses to employ the Cypher web app the ransomware will contact via HTTP by leveraging the Mechanize lib. After Cypher has enumerated the files we wish to encrypt the multiprocessing and PyCrypto libs are employed to do the actual encrypting. I opted to use the multiprocessing lib to speed up the encryption process.

clamav.js - A node.js library for ClamAV

  •    Javascript

This node.js library is intended to be served as a bridge between a node.js application and the ClamAV antivirus engine. will scan through the "directory" of a Linux machine and report any malicious files detected by ClamAV.