Search Results for "malicious"

...This is not intended for end-user self-assessment. If you are concerned with the security of your device please seek expert assistance. Compare extracted records to a provided list of malicious indicators in STIX2 format. Generate JSON logs of extracted records, and separate JSON logs of all detected malicious traces.

Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user-defined lists, where trail can be anything from domain name, URL, IP address (e.g. 185.130.5.231 for the known attacker) or HTTP User-Agent header value (e.g. sqlmap for automatic SQL injection and database takeover tool).

The Web Application Firewall Fingerprinting Tool. Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions. If that is not successful, it sends a number of (potentially malicious) HTTP requests and uses simple logic to deduce which WAF it is. If that is also not successful, it analyses the responses previously returned and uses another simple algorithm to guess if a WAF or security solution is actively responding to our attacks. For further details, check out the source code on our main repository.

This repo is a public collection of malware samples and related dissection/analysis information, maintained by InQuest. It gathers various kinds of malicious artifacts, executables, scripts, macros, obfuscated documents, etc., with metadata (e.g., VirusTotal reports), file carriers, and sample hashes. It’s intended for malware analysts/researchers to help study how malware works, how they are delivered, and how it evolves.

...The UTM includes a firewall, web antivirus, VPN server, and a URL-filtering and SSL-inspection web proxy. The WAF operates in conjunction with a reverse proxy, web application load balancer, and SSL offloader, and is capable of blocking malicious requests as well as traffic from IP addresses with poor reputations. The QoS manager enables traffic shaping to prioritize critical network flows, load balance multiple WAN links, and cache web traffic.

This web application scanner is a powerful tool designed to identify potential security vulnerabilities in websites with full GUI (no need to cli). It currently performs checks for: SQL Injection (SQLi): Detects vulnerabilities that could allow attackers to inject malicious SQL code and manipulate the database. XSS Cross-site-scripting: Detect vulnerability that allow attackers to inject client-side scripts into web pages Cross-Site Request Forgery (CSRF): Helps discover vulnerabilities that could allow attackers to trick users into performing unintended actions on a website. Insecure Direct Object References (IDOR): Scans for vulnerabilities that might enable attackers to access unauthorized data by manipulating direct object references. ...

...EG ClamNet antivirus is simple and user friendly antivirus (currently for Windows OS ) that uses ClamAV as an internal scanning engine to detect trojans, viruses, malware and other known malicious threats. It can be installed on the existing default windows antivirus (Windows Defender) and compatible with it as extra protection. 1) Antivirus & Internet Security: EG ClamNet Antivirus is powered by ClamAV which has fast scanning, detects over 9 millions viruses, malware, worms and trozens. It also protects from MS Office macro viruses, mobile malware, other threats (including known ransomware). 2) Cleaner: EG ClamNet Antivirus has an additional feature of effective cleaning of junk files. ...

A Python open source toolkit that helps you find malicious, hidden and suspicious PHP scripts and shells in a chosen destination, it automates the process of detecting the above.

Artemisa is a honeypot for VoIP (SIP) networks. It is designed to connect to a VoIP domain as a user-agent backend in order to detect malicious activity at an early stage and also adjust the policies of the enterprise in real-time.

The sandbox libraries (libsandbox & pysandbox) are an open-source suite of software components for C/C++ and Python developers to create automated profiling tools and watchdog programs. The API's are designed for executing and instrumenting simple (single process) tasks, featuring policy-based behavioral auditing, resource quota, and statistics collecting. The sandbox libraries were originally designed and utilized as the core security module of a full-fledged online judge system for...

Adobe Malware Classifier is a command-line tool that lets antivirus analysts, IT administrators, and security researchers quickly and easily determine if a binary file contains malware, so they can develop malware detection signatures faster, reducing the time in which users' systems are vulnerable. Malware Classifier uses machine learning algorithms to classify Win32 binaries – EXEs and DLLs – into three classes: 0 for “clean,” 1 for “malicious,” or “UNKNOWN.” The tool was developed using models resultant from running the J48, J48 Graft, PART, and Ridor machine-learning algorithms on a dataset of approximately 100,000 malicious programs and 16,000 clean programs. The tool extracts seven key features from an unknown binary, feeds them to one of the four classifiers or all of them, and presents its classification of the unknown binary.

Nixory is a light and handy antispyware tool aimed at removing malicious tracking cookies. It currently supports Mozilla Firefox, Google Chrome and Internet Explorer and it runs on all major OS including Windows, Linux and MacOSx.

Open source project for bots that can be used on social networks. These bots are for testing only and should not be used for SPAM or other malicious means. Bots are currently coded in Python and Ruby and demonstrate many different ways to use bots.

TrustedPickle is a Python module which lets you create and sign your data files. By using public/private key techniques, this module protects your users from loading malicious data files that others might claim you created. LEGAL FOR EXPORT.

Runs (malicious) executables under Wine and generates an IDS-signature based on the observed network traffic.

The EaseFilter Process Filter Driver SDK is a kernel-mode development kit designed to help developers monitor and control Windows process and thread activities. By intercepting process and thread operations at the kernel level, it enables the development of robust security applications that can prevent unauthorized or malicious processes from executing. With the Process Filter Driver, it allows you to prevent the untrusted executable binaries (malwares) from being launched, protect your data being damaged by the untrusted processes. It also enables your application to get the callback notification for the process/thread creation or termination, from the new process information you can get the parent process Id and thread Id of the new created process, you also can get the exact file name that is used to open the executable file and the command line that is used to execute the process if it is available.