Search Results for "malware"
Sort By:
Showing 475 open source projects for "malware"
View related business solutions-
$300 Free Credits for Your Google Cloud ProjectsLaunch your next project with $300 in free Google Cloud credits—no strings attached. Test, build, and deploy without risk. Use your credits across the entire Google Cloud platform to find what works best for your needs. After your credits are used, continue with always-free tier services. Only pay when you're ready to scale. Sign up in minutes and start exploring.
-
MongoDB Atlas runs apps anywhereMongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
-
1
Malware Patch
Prevent UAC authorization of Chinese malware
Prevent UAC authorization of Chinese malware, no need to run in the background. Project inspired by Windows apps that amaze us. The selected program must be signed because this app uses its digital signature to identify the program. -
2
AUR Malware Check
Detection tools for the June 2026 atomic-lockfile AUR supply-chain
AUR Malware Check is a community repository for detecting exposure to the June 2026 atomic-lockfile supply-chain attack against the Arch User Repository. It collects scattered indicators, affected package lists, and detection scripts into one place for easier review and contribution. The project helps users compare installed AUR packages against known compromised package lists. -
3
YARA
The pattern matching swiss knife for malware researchers
YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strings and a boolean expression which determines its logic. YARA is multi-platform, running on Windows, Linux and Mac OS X, and can be used through its command-line interface or from your own Python scripts with the yara-python extension. ... -
4
Ghidra
Ghidra is a software reverse engineering (SRE) framework
...It supports a wide array of instruction sets and executable formats, offering features such as decompilation, disassembly, scripting, and interactive graphing. Designed for security researchers and analysts, Ghidra provides a robust environment for understanding malware, auditing code, and performing software forensics. It includes both GUI-based and headless analysis modes. -
Build Agents and Models on One PlatformGemini Enterprise Agent Platform is Google Cloud's comprehensive platform for developers to build, scale, govern, and optimize agents and models. Choose from Google's most advanced models and third-party models like Anthropic's Claude Model Family.
-
5
Hypatia
A realtime malware scanner
Hypatia is a free and open-source malware scanner for Android that aims to provide on-device, real-time scanning with minimal battery and resource impact using signature-based detection inspired by ClamAV style databases. Designed as an Android app, it scans user filesystems and installed applications either on demand or in real time when files are written or renamed, operating completely offline aside from occasional signature database downloads. -
6
FLARE VM
A collection of software installations scripts for Windows systems
...Because security toolchains often clash (DLL versions, signing, privileges), FLARE VM’s packaging handles compatibility issues ahead of time. For investigations involving malware unpacking, sandboxing, static analysis, or code reversing on Windows, the platform dramatically accelerates readiness and consistency across analysts. -
7
malware_training_vol1
Materials for Windows Malware Analysis training (volume 1)
malware_training_vol1 is an educational repository for Windows malware analysis training. It is designed to help learners understand common malware techniques through programming, reverse engineering, and Windows internals concepts. The material focuses on analysis rather than active misuse, making it useful for students, security researchers, and defenders building foundational skills. It includes exercises that explain how malware-like behaviors can be recognized and studied in a controlled lab context. ... -
8
ClamAV
Antivirus engine for detecting trojans, viruses and malware
ClamAV is an open-source antivirus engine developed by Cisco Talos that provides cross-platform malware detection for servers, desktops, and mail systems. Originally designed for Unix environments and email security, it has evolved into a flexible antimalware toolkit capable of identifying millions of viruses, worms, trojans, and other threats. The software includes a command-line scanner, an automatically updating signature database, and a scalable multi-threaded daemon that enables high-performance scanning in production environments. ... -
9
Al-Khaser
Public malware techniques used in the wild: Virtual Machine, Emulation
al-khaser is an open-source proof-of-concept security tool that deliberately implements techniques commonly used by real-world malware to test and evaluate the effectiveness of antivirus and endpoint detection and response (EDR) systems. It’s written in C/C++ and designed to execute a wide range of anti-analysis, anti-debugging, anti-virtualization, timing-based evasion, and sandbox detection routines so security researchers and defenders can see how well their tools detect or ignore these behaviors. ... -
Our Free Plans just got better! | Auth0You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
-
10
PE-bear
Portable Executable reversing tool with a friendly GUI
PE-bear is a multiplatform reversing tool for inspecting Windows Portable Executable files. It is designed to give malware analysts and reverse engineers a fast first view of a PE file’s structure. The tool can handle malformed PE files, which is important when analyzing packed, damaged, or intentionally manipulated binaries. It provides a graphical interface for exploring headers, sections, imports, resources, strings, and other PE internals. PE-bear also includes analysis conveniences such as hashes, signatures, and searchable string views. ... -
11
uBlock Origin
An efficient blocker for Chromium and Firefox
...Fast, potent, and lean. uBlock Origin is not an "ad blocker", it is a wide-spectrum blocker, which happens to be able to function as a mere "ad blocker". The default behavior of uBlock Origin, when newly installed, is to block ads, trackers and malware sites through EasyList, EasyPrivacy, Peter Lowe’s ad/tracking/malware servers, Online Malicious URL Blocklist, and uBlock Origin's own filter lists. uBlock Origin (or uBlock₀) is not an ad blocker; it's a general-purpose blocker. uBlock Origin blocks ads through its support of the Adblock Plus filter syntax. uBlock Origin extends the syntax and is designed to work with custom rules and filters. ... -
12
Power Pwn
Repurpose Microsoft-trusted executables, service accounts, etc.
Repurpose Microsoft-trusted executables, service accounts and cloud services to power a malware operation. These materials are presented from an attacker’s perspective with the goal of raising awareness to the risks of underestimating the security impact of No Code/Low Code. No Code/Low Code is awesome. -
13
Santa
A binary authorization system for macOS
...Santa is made up of a kernel extension (or a system extension on macOS 10.15+) that monitors and participates in execve() decisions, a userland daemon that makes the execution decisions, a GUI agent that shows notifications when an execve() is blocked, and a command-line utility that oversees system management and the synchronization of database and server. Santa is built to help protect users by stopping the spread of malware and analyzing what's running on a computer, but is by no means a total security system. Ideally Santa works as a part of a defense-in-depth strategy, and other measures should be in place to protect hosts. -
14
Portable Executable Parser
lightweight Go package to parse, analyze and extract metadata
Saferwall PE is a lightweight Go package for parsing, analyzing, and extracting metadata from Portable Executable (PE) binaries. Designed with malware analysis in mind, it is robust against malformed PE files and provides detailed insights into executable structures. -
15
Blokada Apps
Repo for Blokada apps
...Protect multiple devices from ads and tracking, and manage your preferences in one place. Enjoy zero battery drain, no noticeable slowdowns, and highly reliable adblocking. If you want to efficiently block ads, trackers, malware, save on your data plan, speed up your device and protect your privacy with just one application, then Blokada is for you. It is free, secure and open source. For ultimate privacy protection, upgrade to Blokada Plus and connect through our VPN. Available in both Blokada 6 and Blokada 5. We use WireGuard®, the most advanced VPN protocol, to encrypt your network activity and hide your IP address. -
16
DNS Blocklists
For a better internet - keep the internet clean
...The project offers multiple tiers of blocklists, ranging from lightweight filtering to aggressive protection, allowing users to choose the level of blocking that best fits their needs. It targets a wide range of online threats and nuisances, including advertisements, trackers, malware, phishing domains, scam websites, and cryptojacking services. The lists are built from multiple data sources and are carefully optimized to minimize false positives while maintaining high effectiveness. They are compatible with a variety of DNS-based filtering tools such as Pi-hole, AdGuard, and DNSMasq, making them easy to integrate into different environments. ... -
17
SSH-MITM
Server for security audits supporting public key authentication
ssh man-in-the-middle (ssh-mitm) server for security audits supporting publickey authentication, session hijacking and file manipulation. SSH-MITM is a man in the middle SSH Server for security audits and malware analysis. Password and publickey authentication are supported and SSH-MITM is able to detect, if a user is able to login with publickey authentication on the remote server. This allows SSH-MITM to accept the same key as the destination server. If publickey authentication is not possible, the authentication will fall back to password-authentication. ... -
18
IntelOwl
Centralized platform for automated threat intelligence analysis
...These plugins can collect data from external intelligence platforms or generate insights using internal analysis tools such as YARA or static malware analyzers. -
19
LitterBox
A secure sandbox environment for malware developers and red teamers
LitterBox is a controlled malware-analysis and payload-testing sandbox aimed at red teams who need to validate evasions and behaviors before deployment. It provides an isolated environment to exercise payloads against modern detection stacks, verify signatures and heuristics, and observe runtime characteristics without leaking binaries to third-party vendors. The README frames typical use cases: testing evasion, validating detections, analyzing behavior, and keeping sensitive tooling in-house. ... -
20
hollows_hunter
Recognizes and dumps a variety of potentially malicious implants
Hollows Hunter is a command-line malware analysis tool based on the PE-sieve passive memory scanner. It scans running processes, or even the full system, to identify potentially malicious implants. The tool can recognize and dump suspicious artifacts such as replaced PEs, injected PEs, shellcode, hooks, and in-memory patches. Unlike PE-sieve’s more process-specific workflow, Hollows Hunter can select targets using broader criteria such as process IDs, process names, or creation time. ... -
21
Capstone
Capstone disassembly/disassembler framework
Capstone is a disassembly framework with the target of becoming the ultimate disasm engine for binary analysis and reversing in the security community. Created by Nguyen Anh Quynh, then developed and maintained by a small community, Capstone offers some unparalleled features. Support multiple hardware architectures: ARM, ARM64 (ARMv8), Ethereum VM, M68K, Mips, MOS65XX, PPC, Sparc, SystemZ, TMS320C64X, M680X, XCore and X86 (including X86_64). Having clean/simple/lightweight/intuitive... -
22
AndroidNativeEmu
Allows you to partly emulate an Android native library
...Instead of emulating an entire operating system, it focuses specifically on the native layer, allowing for targeted testing and reverse engineering of shared libraries (.so files). This makes it particularly useful in security research, malware analysis, and debugging of Android applications. The framework provides tools for loading binaries, simulating system calls, and interacting with native functions in a controlled environment. By abstracting away the complexity of full device emulation, it allows faster iteration and more focused analysis of specific components. ... -
23
Sogen
Windows User Space Emulator
...Unlike traditional emulators that reimplement full operating system APIs, Sogen works closer to the kernel boundary by intercepting and emulating system calls, allowing it to leverage native system libraries while maintaining granular control. This approach makes it particularly valuable for advanced use cases such as malware analysis, reverse engineering, and DRM research, where precise observation and manipulation of execution flow are critical. The emulator supports multiple backends, including Unicorn Engine and Hyper-V, enabling flexible deployment depending on performance or accuracy requirements. It also includes robust support for loading Portable Executable (PE) files, including proper handling of relocations, thread-local storage, and memory mapping. -
24
x64dbg
An open-source x64/x32 debugger for windows
An open-source binary debugger for Windows, aimed at malware analysis and reverse engineering of executables you do not have the source code for. There are many features available and a comprehensive plugin system to add your own. Fully customizable color scheme. Dynamically recognize modules and strings. Import reconstructor integrated (Scylla). Fast disassembler (Zydis). User database (JSON) for comments, labels, bookmarks, etc. -
25
Portmaster
Block Mass Surveillance
Portmaster is a free and open-source application firewall that does the heavy lifting for you. Restore privacy and take back control over all your computer's network activity. Discover everything that is happening on your computer. Expose every connection your applications make and detect evil ones. Finally, get the power to act accordingly. Protect your whole computer, not just your browser. Block all advertisements and trackers for every application. Easily add your own rules and block...
