Search Results for "malware"
Sort By:
Showing 441 open source projects for "malware"
View related business solutions-
Document generation engine that can be used to generate PDF and Word documents from custom software applicationsDocuments are generated from templates which can be created using Microsoft Word or LibreOffice. These templates utilize simple placeholder fields to handle text, repeating and conditional logic with flexible formatting features to control how data and images are injected into the documents.
-
Unrivaled Embedded Payments Solutions | NMINMI Payments is an embedded payments solution that lets SaaS platforms, Software companies and ISVs integrate, brand, and manage payment acceptance directly within their software—without becoming a PayFac or building complex infrastructure. As a full-stack processor, acquirer, and technology partner, NMI handles onboarding, compliance, and risk so you can stay focused on growth. The modular, white-label platform supports omnichannel payments, from online, mobile and in-app to in-store and unattended. Choose from full-code, low-code, or no-code integration paths and launch in weeks, not months. Built-in risk tools, flexible monetization, and customizable branding help you scale faster while keeping full control of your experience. With NMI’s developer-first tools, sandbox testing, and modern APIs, you can embed payments quickly and confidently.
-
1
malware-samples
A collection of malware samples and relevant dissection information
This repo is a public collection of malware samples and related dissection/analysis information, maintained by InQuest. It gathers various kinds of malicious artifacts, executables, scripts, macros, obfuscated documents, etc., with metadata (e.g., VirusTotal reports), file carriers, and sample hashes. It’s intended for malware analysts/researchers to help study how malware works, how they are delivered, and how it evolves. -
2
Malware Patch
Prevent UAC authorization of Chinese malware
Prevent UAC authorization of Chinese malware, no need to run in the background. Project inspired by Windows apps that amaze us. The selected program must be signed because this app uses its digital signature to identify the program. -
3
YARA
The pattern matching swiss knife for malware researchers
YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strings and a boolean expression which determines its logic. YARA is multi-platform, running on Windows, Linux and Mac OS X, and can be used through its command-line interface or from your own Python scripts with the yara-python extension. ... -
4
FLARE VM
A collection of software installations scripts for Windows systems
...Because security toolchains often clash (DLL versions, signing, privileges), FLARE VM’s packaging handles compatibility issues ahead of time. For investigations involving malware unpacking, sandboxing, static analysis, or code reversing on Windows, the platform dramatically accelerates readiness and consistency across analysts. -
Self-hosted n8n: No-code AI workflowsA free-to-use workflow automation tool, n8n lets you connect all your apps and data in one customizable, no-code platform. Design workflows and process data from a simple, unified dashboard.
-
5
Volatility
An advanced memory forensics framework
Volatility is a widely used open-source framework for analyzing memory captures (RAM dumps) from Windows, Linux, and macOS systems. It enables investigators and malware analysts to extract process lists, network connections, DLLs, strings, artifacts, and more. Volatility supports many plugins for detecting hidden processes, malware, rootkits, and event tracing. It’s essential in digital forensics and incident response workflows. -
6
Hypatia
A realtime malware scanner
Hypatia is a free and open-source malware scanner for Android that aims to provide on-device, real-time scanning with minimal battery and resource impact using signature-based detection inspired by ClamAV style databases. Designed as an Android app, it scans user filesystems and installed applications either on demand or in real time when files are written or renamed, operating completely offline aside from occasional signature database downloads. -
7
Al-Khaser
Public malware techniques used in the wild: Virtual Machine, Emulation
al-khaser is an open-source proof-of-concept security tool that deliberately implements techniques commonly used by real-world malware to test and evaluate the effectiveness of antivirus and endpoint detection and response (EDR) systems. It’s written in C/C++ and designed to execute a wide range of anti-analysis, anti-debugging, anti-virtualization, timing-based evasion, and sandbox detection routines so security researchers and defenders can see how well their tools detect or ignore these behaviors. ... -
8
uBlock Origin
An efficient blocker for Chromium and Firefox
...Fast, potent, and lean. uBlock Origin is not an "ad blocker", it is a wide-spectrum blocker, which happens to be able to function as a mere "ad blocker". The default behavior of uBlock Origin, when newly installed, is to block ads, trackers and malware sites through EasyList, EasyPrivacy, Peter Lowe’s ad/tracking/malware servers, Online Malicious URL Blocklist, and uBlock Origin's own filter lists. uBlock Origin (or uBlock₀) is not an ad blocker; it's a general-purpose blocker. uBlock Origin blocks ads through its support of the Adblock Plus filter syntax. uBlock Origin extends the syntax and is designed to work with custom rules and filters. ... -
9
Portable Executable Parser
lightweight Go package to parse, analyze and extract metadata
Saferwall PE is a lightweight Go package for parsing, analyzing, and extracting metadata from Portable Executable (PE) binaries. Designed with malware analysis in mind, it is robust against malformed PE files and provides detailed insights into executable structures. -
InEight is a leader in construction project controls softwareMinimize risks, gain operational efficiency, control project costs, and make confident, informed decisions. InEight software has your back during every stage of construction, from accurate pre-planning to predictable execution and completion. When project teams collaborate effectively, every decision is backed by precise, authoritative insights.
-
10
Santa
A binary authorization system for macOS
...Santa is made up of a kernel extension (or a system extension on macOS 10.15+) that monitors and participates in execve() decisions, a userland daemon that makes the execution decisions, a GUI agent that shows notifications when an execve() is blocked, and a command-line utility that oversees system management and the synchronization of database and server. Santa is built to help protect users by stopping the spread of malware and analyzing what's running on a computer, but is by no means a total security system. Ideally Santa works as a part of a defense-in-depth strategy, and other measures should be in place to protect hosts. -
11
Power Pwn
Repurpose Microsoft-trusted executables, service accounts, etc.
Repurpose Microsoft-trusted executables, service accounts and cloud services to power a malware operation. These materials are presented from an attacker’s perspective with the goal of raising awareness to the risks of underestimating the security impact of No Code/Low Code. No Code/Low Code is awesome. -
12
Ghidra
Ghidra is a software reverse engineering (SRE) framework
...It supports a wide array of instruction sets and executable formats, offering features such as decompilation, disassembly, scripting, and interactive graphing. Designed for security researchers and analysts, Ghidra provides a robust environment for understanding malware, auditing code, and performing software forensics. It includes both GUI-based and headless analysis modes. -
13
SSH-MITM
Server for security audits supporting public key authentication
ssh man-in-the-middle (ssh-mitm) server for security audits supporting publickey authentication, session hijacking and file manipulation. SSH-MITM is a man in the middle SSH Server for security audits and malware analysis. Password and publickey authentication are supported and SSH-MITM is able to detect, if a user is able to login with publickey authentication on the remote server. This allows SSH-MITM to accept the same key as the destination server. If publickey authentication is not possible, the authentication will fall back to password-authentication. ... -
14
Capstone
Capstone disassembly/disassembler framework
Capstone is a disassembly framework with the target of becoming the ultimate disasm engine for binary analysis and reversing in the security community. Created by Nguyen Anh Quynh, then developed and maintained by a small community, Capstone offers some unparalleled features. Support multiple hardware architectures: ARM, ARM64 (ARMv8), Ethereum VM, M68K, Mips, MOS65XX, PPC, Sparc, SystemZ, TMS320C64X, M680X, XCore and X86 (including X86_64). Having clean/simple/lightweight/intuitive... -
15
Blokada Apps
Repo for Blokada apps
...Protect multiple devices from ads and tracking, and manage your preferences in one place. Enjoy zero battery drain, no noticeable slowdowns, and highly reliable adblocking. If you want to efficiently block ads, trackers, malware, save on your data plan, speed up your device and protect your privacy with just one application, then Blokada is for you. It is free, secure and open source. For ultimate privacy protection, upgrade to Blokada Plus and connect through our VPN. Available in both Blokada 6 and Blokada 5. We use WireGuard®, the most advanced VPN protocol, to encrypt your network activity and hide your IP address. -
16
Portmaster
Block Mass Surveillance
Portmaster is a free and open-source application firewall that does the heavy lifting for you. Restore privacy and take back control over all your computer's network activity. Discover everything that is happening on your computer. Expose every connection your applications make and detect evil ones. Finally, get the power to act accordingly. Protect your whole computer, not just your browser. Block all advertisements and trackers for every application. Easily add your own rules and block... -
17
x64dbg
An open-source x64/x32 debugger for windows
An open-source binary debugger for Windows, aimed at malware analysis and reverse engineering of executables you do not have the source code for. There are many features available and a comprehensive plugin system to add your own. Fully customizable color scheme. Dynamically recognize modules and strings. Import reconstructor integrated (Scylla). Fast disassembler (Zydis). User database (JSON) for comments, labels, bookmarks, etc. -
18
LIEF
LIEF - Library to Instrument Executable Formats (C++, Python, Rust)
LIEF (Library to Instrument Executable Formats) is a cross-platform library that enables parsing, modifying, and abstracting executable formats such as ELF, PE, and Mach-O. It's widely used in reverse engineering and binary analysis. -
19
Detect It Easy
Program for determining types of files for Windows, Linux and MacOS
Detect It Easy (DiE) is a tool for determining the type and internal features of binary and other file formats. It is widely used by malware analysts, digital forensics investigators, reverse engineers, and security researchers to quickly inspect unknown files and infer their type, architecture, compiler/packer used, and internal structure. DiE supports a large variety of file formats — from common executables (Windows PE, Linux ELF, macOS Mach-O) to archives, mobile packages (APK, IPA), legacy binaries, compressed or packed files, and more — making it a versatile first step in analysis or triage workflows. ... -
20
LitterBox
A secure sandbox environment for malware developers and red teamers
LitterBox is a controlled malware-analysis and payload-testing sandbox aimed at red teams who need to validate evasions and behaviors before deployment. It provides an isolated environment to exercise payloads against modern detection stacks, verify signatures and heuristics, and observe runtime characteristics without leaking binaries to third-party vendors. The README frames typical use cases: testing evasion, validating detections, analyzing behavior, and keeping sensitive tooling in-house. ... -
21
Applite
User-friendly GUI macOS application for Homebrew Casks
...Any application that can be found in the Homebrew Catalog is available on Applite. Use the search function to find all applications in Applite. The macOS built-in protection (Gatekeeper and XProtect) will scan the application for potential malware the first time you open it and notify you if anything is suspicious. Also, most applications in the Homebrew Catalog are notarized, which means they come from a registered developer. -
22
Zen Linux
Simple, free and efficient ad-blocker and privacy guard
Zen is an open-source system-wide ad-blocker and privacy guard for Windows, macOS, and Linux. It works by setting up a proxy that intercepts HTTP requests from all applications and blocks those serving ads, tracking scripts that monitor your behavior, malware, and other unwanted content. By operating at the system level, Zen can protect against threats that browser extensions cannot, such as trackers embedded in desktop applications and operating system components. Zen comes with many pre-installed filters but also allows you to easily add host files and EasyList-style filters, enabling you to tailor your protection to your specific needs. -
23
Maltrail
Malicious traffic detection system
Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user-defined lists, where trail can be anything from domain name, URL, IP address (e.g. 185.130.5.231 for the known attacker) or HTTP User-Agent header value (e.g. sqlmap for automatic SQL injection and database takeover tool). Also, it uses (optional) advanced heuristic mechanisms that can help in the discovery of unknown threats (e.g. new malware). Sensor(s) is a standalone component running on the monitoring node (e.g. Linux platform connected passively to the SPAN/mirroring port or transparently inline on a Linux bridge) or at the standalone machine (e.g. Honeypot) where it "monitors" the passing Traffic for blacklisted items/trails (i.e. domain names, URLs and/or IPs). -
24
UTMStack
Customizable SIEM and XDR powered by Real-Time correlation
...UTMStack is a unified threat management platform that merges SIEM (Security Information and Event Management) and XDR (Extended Detection and Response) technologies. Our unique approach allows real-time correlation of log data, threat intelligence, and malware activity patterns from multiple sources, enabling the identification and halting of complex threats that use stealthy techniques. UTMStack stands out in threat prevention by surpassing the boundaries of traditional systems. Our software platform can swiftly analyze log data to identify and halt threats at their source in real-time, even if the threat was not directly detected on the server itself. ... -
25
Web-Check
All-in-one OSINT tool for analysing any website
Comprehensive, on-demand open source intelligence for any website. Get an insight into the inner-workings of a given website: uncover potential attack vectors, analyse server architecture, view security configurations, and learn what technologies a site is using. Currently the dashboard will show: IP info, SSL chain, DNS records, cookies, headers, domain info, search crawl rules, page map, server location, redirect ledger, open ports, traceroute, DNS security extensions, site performance,...