awesome-malware
Malware repository
A curated collection of malware tools for analysis and demonstration purposes
A curated collection of awesome malware, botnets, and other post-exploitation tools.
239 stars
20 watching
33 forks
last commit: over 3 years ago
Linked from 1 awesome list
awesomeawesome-listcomputer-securitycybersecuritymalwarepost-exploitation
Analysis and reverse engineering | |||
| theZoo | Repository of live malwares for your own joy and pleasure, created to make the possibility of malware analysis open and available to the public | ||
Botnets | |||
| Idisagree | 172 | over 2 years ago | Control remote computers using Discord bot and Python 3 |
Command and Control | |||
| Browser Exploitation Framework (BeEF) | 9,854 | 6 days ago | Command and control server for delivering exploits to commandeered Web browsers |
| Merlin | 5,083 | about 1 month ago | Cross-platform post-exploitation HTTP/2 command and control server and agent written in golang |
| SILENTTRINITY | 2,196 | 12 months ago | Asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR |
Credential Stuffing Account Checkers | |||
| Reference | Black Bullet - Single-threaded account checker with captcha bypass features and Selenium WebDriver support, sold for about $30 to $50. ( ) | ||
| Private Keeper | Russian language account checker and takeover tool, sold at prices starting from approximately $1 USD | ||
| SNIPR | Windows toolkit for credential stuffing across Web (HTTP/S) and email (IMAP) attack surfaces with the ability to encrypt and re-sell ATO configurations, sold for about $20 | ||
| Reference | STORM - Flexible account checker with Cloudflare protection bypass features written in C#. ( ) | ||
| Sentry MBA | Among the oldest and longest in-use account checkers, using OCR for captcha bypass but unable to pass JavaScript anti-bot challenges, sold for between $5 and $20 per configuration file. ( ) | ||
| Reference | Woxy - Email account checker with built-in support for automating password reset and searching email content for valuable information, now cracked and available free of charge. ( ) | ||
Evasion | |||
| CheckPlease | 898 | over 3 years ago | Sandbox evasion modules written in PowerShell, Python, Go, Ruby, C, C#, Perl, and Rust |
Keyloggers | |||
| TechNowLogger | 447 | about 2 months ago | Windows/Linux keylogger generator which sends key-logs via email with other juicy target info |
Phishing kits | |||
| ActorExpose/PhishKits | Collection of phishing kits provided to the public to make the Internet a safer environment | ||
Remote Administration Tools (RATs) | |||
| Bella | 183 | about 2 years ago | Pure Python post-exploitation data mining and remote administration tool for macOS |
| Empire | Pure PowerShell post-exploitation agent built on cryptologically-secure communications and a flexible architecture | ||
| EvilOSX | 2,270 | almost 4 years ago | Modular RAT that uses numerous evasion and exfiltration techniques out-of-the-box |
| Pupy | 8,460 | 8 months ago | Low-footprint, cross-platform (Windows, Linux, macOS, Android) RAT featuring all-in-memory execution guideline written in Python |
| RedPeanut | 329 | over 1 year ago | Small RAT developed in .Net Core 2 and its agent in .Net 3.5/4.0, weaponized with several additional utilities |
| Slackor | 458 | over 1 year ago | Golang implant that uses Slack as a command and control server |
| Twittor | 760 | about 4 years ago | Stealthy Python based backdoor that uses Twitter (Direct Messages) as a command and control server |
Rootkits | |||
| Adore-NG | 205 | almost 9 years ago | Rootkit adapted for the 2.6 and 3.x Linux kernels |
| AdoreForAndroid | 36 | about 10 years ago | Adore rootkit ported to Android |
| Diamorphine | 1,840 | about 1 year ago | LKM rootkit for Linux Kernels 2.6.x, 3.x, and 4.x |
| Masochist | 124 | almost 10 years ago | Framework for creating XNU based rootkits useful in OS X and iOS security research |
| Vector-EDK | 132 | over 9 years ago | Commercial UEFI rootkit illegally sold by Hacking Team to numerous governments, leaked by hacker Phineas Phisher in 2015, and the basis of the |
| vlany | 944 | almost 4 years ago | Linux rootkit |
Web Shells | |||
| BlackArch Webshells Collection | 892 | about 1 year ago | Various webshells that can be installed as a package on BlackArch Linux |
| DAws | 572 | over 7 years ago | Advanced Web shell |
| PHP-backdoors | 2,206 | 9 months ago | Collection of PHP backdoors, for educational and/or testing purposes only |
| PHP Exploit Scripts | 838 | 9 months ago | Collection of PHP exploit scripts (often but not necessarily always backdoors or web shells), found when investigating hacked servers |
| PHP WebShells collection | 1,885 | over 3 years ago | Repository of common PHP Web shells, somewhat dated |
| PhpSploit | 2,221 | 7 months ago | Remote control framework, aiming to provide a stealth interactive shell-like connection over HTTP between client and web server |
| SharPyShell | 913 | 12 months ago | Tiny and obfuscated ASP.NET webshell for C# web applications |
| SecLists Web Shells | 58,517 | 6 days ago | Examples of core Web shell functionality in PHP, JSP, ASP(X), ColdFusion, and more |
| Weevely | 3,200 | about 1 month ago | Extensible PHP Web shell with numerous out-of-the-box modules |
enaqx/awesome-pentestMore related projects:
-
emilyanncr/windows-post-exploitation
-
nextronsystems/aptsimulator
-
s1ckb0y1337/active-directory-exploitation-cheat-sheet
-
tennc/webshell
-
bats3c/shad0w
-
donnemartin/haxor-news
-
geeksniper/active-directory-pentest
-
foospidy/payloads
-
gentilkiwi/mimikatz
-
-
deimosc2/deimosc2
-
-
goblinfactory/konsole
-
govolution/avet
-
empireproject/empire