Search Results for "malware"
Sort By:
Showing 460 open source projects for "malware"
View related business solutions-
MongoDB Atlas runs apps anywhereMongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
-
$300 in Free Credit Towards Top Cloud ServicesStart your project in minutes. After credits run out, 20+ products include free monthly usage. Only pay when you're ready to scale.
-
1
Malware Patch
Prevent UAC authorization of Chinese malware
Prevent UAC authorization of Chinese malware, no need to run in the background. Project inspired by Windows apps that amaze us. The selected program must be signed because this app uses its digital signature to identify the program. -
2
YARA
The pattern matching swiss knife for malware researchers
YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strings and a boolean expression which determines its logic. YARA is multi-platform, running on Windows, Linux and Mac OS X, and can be used through its command-line interface or from your own Python scripts with the yara-python extension. ... -
3
malware-samples
A collection of malware samples and relevant dissection information
This repo is a public collection of malware samples and related dissection/analysis information, maintained by InQuest. It gathers various kinds of malicious artifacts, executables, scripts, macros, obfuscated documents, etc., with metadata (e.g., VirusTotal reports), file carriers, and sample hashes. It’s intended for malware analysts/researchers to help study how malware works, how they are delivered, and how it evolves. -
4
FLARE VM
A collection of software installations scripts for Windows systems
...Because security toolchains often clash (DLL versions, signing, privileges), FLARE VM’s packaging handles compatibility issues ahead of time. For investigations involving malware unpacking, sandboxing, static analysis, or code reversing on Windows, the platform dramatically accelerates readiness and consistency across analysts. -
Go From AI Idea to AI App FastAccess Gemini 3 and 200+ models. Build chatbots, agents, or custom models with built-in monitoring and scaling.
-
5
Hypatia
A realtime malware scanner
Hypatia is a free and open-source malware scanner for Android that aims to provide on-device, real-time scanning with minimal battery and resource impact using signature-based detection inspired by ClamAV style databases. Designed as an Android app, it scans user filesystems and installed applications either on demand or in real time when files are written or renamed, operating completely offline aside from occasional signature database downloads. -
6
ClamAV
Antivirus engine for detecting trojans, viruses and malware
ClamAV is an open-source antivirus engine developed by Cisco Talos that provides cross-platform malware detection for servers, desktops, and mail systems. Originally designed for Unix environments and email security, it has evolved into a flexible antimalware toolkit capable of identifying millions of viruses, worms, trojans, and other threats. The software includes a command-line scanner, an automatically updating signature database, and a scalable multi-threaded daemon that enables high-performance scanning in production environments. ... -
7
Al-Khaser
Public malware techniques used in the wild: Virtual Machine, Emulation
al-khaser is an open-source proof-of-concept security tool that deliberately implements techniques commonly used by real-world malware to test and evaluate the effectiveness of antivirus and endpoint detection and response (EDR) systems. It’s written in C/C++ and designed to execute a wide range of anti-analysis, anti-debugging, anti-virtualization, timing-based evasion, and sandbox detection routines so security researchers and defenders can see how well their tools detect or ignore these behaviors. ... -
8
Volatility
An advanced memory forensics framework
Volatility is a widely used open-source framework for analyzing memory captures (RAM dumps) from Windows, Linux, and macOS systems. It enables investigators and malware analysts to extract process lists, network connections, DLLs, strings, artifacts, and more. Volatility supports many plugins for detecting hidden processes, malware, rootkits, and event tracing. It’s essential in digital forensics and incident response workflows. -
9
Ghidra
Ghidra is a software reverse engineering (SRE) framework
...It supports a wide array of instruction sets and executable formats, offering features such as decompilation, disassembly, scripting, and interactive graphing. Designed for security researchers and analysts, Ghidra provides a robust environment for understanding malware, auditing code, and performing software forensics. It includes both GUI-based and headless analysis modes. -
Custom VMs From 1 to 96 vCPUs With 99.95% UptimeLive migration and automatic failover keep workloads online through maintenance. One free e2-micro VM every month.
-
10
uBlock Origin
An efficient blocker for Chromium and Firefox
...Fast, potent, and lean. uBlock Origin is not an "ad blocker", it is a wide-spectrum blocker, which happens to be able to function as a mere "ad blocker". The default behavior of uBlock Origin, when newly installed, is to block ads, trackers and malware sites through EasyList, EasyPrivacy, Peter Lowe’s ad/tracking/malware servers, Online Malicious URL Blocklist, and uBlock Origin's own filter lists. uBlock Origin (or uBlock₀) is not an ad blocker; it's a general-purpose blocker. uBlock Origin blocks ads through its support of the Adblock Plus filter syntax. uBlock Origin extends the syntax and is designed to work with custom rules and filters. ... -
11
Santa
A binary authorization system for macOS
...Santa is made up of a kernel extension (or a system extension on macOS 10.15+) that monitors and participates in execve() decisions, a userland daemon that makes the execution decisions, a GUI agent that shows notifications when an execve() is blocked, and a command-line utility that oversees system management and the synchronization of database and server. Santa is built to help protect users by stopping the spread of malware and analyzing what's running on a computer, but is by no means a total security system. Ideally Santa works as a part of a defense-in-depth strategy, and other measures should be in place to protect hosts. -
12
Power Pwn
Repurpose Microsoft-trusted executables, service accounts, etc.
Repurpose Microsoft-trusted executables, service accounts and cloud services to power a malware operation. These materials are presented from an attacker’s perspective with the goal of raising awareness to the risks of underestimating the security impact of No Code/Low Code. No Code/Low Code is awesome. -
13
Portable Executable Parser
lightweight Go package to parse, analyze and extract metadata
Saferwall PE is a lightweight Go package for parsing, analyzing, and extracting metadata from Portable Executable (PE) binaries. Designed with malware analysis in mind, it is robust against malformed PE files and provides detailed insights into executable structures. -
14
DNS Blocklists
For a better internet - keep the internet clean
...The project offers multiple tiers of blocklists, ranging from lightweight filtering to aggressive protection, allowing users to choose the level of blocking that best fits their needs. It targets a wide range of online threats and nuisances, including advertisements, trackers, malware, phishing domains, scam websites, and cryptojacking services. The lists are built from multiple data sources and are carefully optimized to minimize false positives while maintaining high effectiveness. They are compatible with a variety of DNS-based filtering tools such as Pi-hole, AdGuard, and DNSMasq, making them easy to integrate into different environments. ... -
15
SSH-MITM
Server for security audits supporting public key authentication
ssh man-in-the-middle (ssh-mitm) server for security audits supporting publickey authentication, session hijacking and file manipulation. SSH-MITM is a man in the middle SSH Server for security audits and malware analysis. Password and publickey authentication are supported and SSH-MITM is able to detect, if a user is able to login with publickey authentication on the remote server. This allows SSH-MITM to accept the same key as the destination server. If publickey authentication is not possible, the authentication will fall back to password-authentication. ... -
16
Blokada Apps
Repo for Blokada apps
...Protect multiple devices from ads and tracking, and manage your preferences in one place. Enjoy zero battery drain, no noticeable slowdowns, and highly reliable adblocking. If you want to efficiently block ads, trackers, malware, save on your data plan, speed up your device and protect your privacy with just one application, then Blokada is for you. It is free, secure and open source. For ultimate privacy protection, upgrade to Blokada Plus and connect through our VPN. Available in both Blokada 6 and Blokada 5. We use WireGuard®, the most advanced VPN protocol, to encrypt your network activity and hide your IP address. -
17
Sogen
Windows User Space Emulator
...Unlike traditional emulators that reimplement full operating system APIs, Sogen works closer to the kernel boundary by intercepting and emulating system calls, allowing it to leverage native system libraries while maintaining granular control. This approach makes it particularly valuable for advanced use cases such as malware analysis, reverse engineering, and DRM research, where precise observation and manipulation of execution flow are critical. The emulator supports multiple backends, including Unicorn Engine and Hyper-V, enabling flexible deployment depending on performance or accuracy requirements. It also includes robust support for loading Portable Executable (PE) files, including proper handling of relocations, thread-local storage, and memory mapping. -
18
IntelOwl
Centralized platform for automated threat intelligence analysis
...These plugins can collect data from external intelligence platforms or generate insights using internal analysis tools such as YARA or static malware analyzers. -
19
Capstone
Capstone disassembly/disassembler framework
Capstone is a disassembly framework with the target of becoming the ultimate disasm engine for binary analysis and reversing in the security community. Created by Nguyen Anh Quynh, then developed and maintained by a small community, Capstone offers some unparalleled features. Support multiple hardware architectures: ARM, ARM64 (ARMv8), Ethereum VM, M68K, Mips, MOS65XX, PPC, Sparc, SystemZ, TMS320C64X, M680X, XCore and X86 (including X86_64). Having clean/simple/lightweight/intuitive... -
20
LIEF
LIEF - Library to Instrument Executable Formats (C++, Python, Rust)
LIEF (Library to Instrument Executable Formats) is a cross-platform library that enables parsing, modifying, and abstracting executable formats such as ELF, PE, and Mach-O. It's widely used in reverse engineering and binary analysis. -
21
LitterBox
A secure sandbox environment for malware developers and red teamers
LitterBox is a controlled malware-analysis and payload-testing sandbox aimed at red teams who need to validate evasions and behaviors before deployment. It provides an isolated environment to exercise payloads against modern detection stacks, verify signatures and heuristics, and observe runtime characteristics without leaking binaries to third-party vendors. The README frames typical use cases: testing evasion, validating detections, analyzing behavior, and keeping sensitive tooling in-house. ... -
22
Portmaster
Block Mass Surveillance
Portmaster is a free and open-source application firewall that does the heavy lifting for you. Restore privacy and take back control over all your computer's network activity. Discover everything that is happening on your computer. Expose every connection your applications make and detect evil ones. Finally, get the power to act accordingly. Protect your whole computer, not just your browser. Block all advertisements and trackers for every application. Easily add your own rules and block... -
23
x64dbg
An open-source x64/x32 debugger for windows
An open-source binary debugger for Windows, aimed at malware analysis and reverse engineering of executables you do not have the source code for. There are many features available and a comprehensive plugin system to add your own. Fully customizable color scheme. Dynamically recognize modules and strings. Import reconstructor integrated (Scylla). Fast disassembler (Zydis). User database (JSON) for comments, labels, bookmarks, etc. -
24
AndroidNativeEmu
Allows you to partly emulate an Android native library
...Instead of emulating an entire operating system, it focuses specifically on the native layer, allowing for targeted testing and reverse engineering of shared libraries (.so files). This makes it particularly useful in security research, malware analysis, and debugging of Android applications. The framework provides tools for loading binaries, simulating system calls, and interacting with native functions in a controlled environment. By abstracting away the complexity of full device emulation, it allows faster iteration and more focused analysis of specific components. ... -
25
Detect It Easy
Program for determining types of files for Windows, Linux and MacOS
Detect It Easy (DiE) is a tool for determining the type and internal features of binary and other file formats. It is widely used by malware analysts, digital forensics investigators, reverse engineers, and security researchers to quickly inspect unknown files and infer their type, architecture, compiler/packer used, and internal structure. DiE supports a large variety of file formats — from common executables (Windows PE, Linux ELF, macOS Mach-O) to archives, mobile packages (APK, IPA), legacy binaries, compressed or packed files, and more — making it a versatile first step in analysis or triage workflows. ...
