• Stars
    star
    229
  • Rank 174,666 (Top 4 %)
  • Language
  • Created over 6 years ago
  • Updated over 3 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

๐Ÿ’ปโš ๏ธ A curated collection of awesome malware, botnets, and other post-exploitation tools.

Awesome Malware Awesome

A curated collection of awesome malware, botnets, and other post-exploitation tools.

Malware is software intentionally designed to cause damage or provide unauthorized access to a computer, server, or computer network. While not exclusive, this list is heavily biased towards Free Software projects. For pre-exploitation TTPs, see awesome-pentest. For defenses, see awesome-cybersecurity-blueteam.

Your contributions and suggestions are heartilyโ™ฅ welcome. (โœฟโ—•โ€ฟโ—•). Please check the Contributing Guidelines for more details. This work is licensed under a Creative Commons Attribution 4.0 International License.

โš ๏ธ ๐Ÿ“ Please note that this compilation is intended for educational and demonstration purposes only.

Contents

Analysis and reverse engineering

See awesome-malware-analysis.

  • theZoo - Repository of live malwares for your own joy and pleasure, created to make the possibility of malware analysis open and available to the public.

Banking trojans

๐Ÿšง TK-TODO

Botnets

  • Idisagree - Control remote computers using Discord bot and Python 3.

Command and Control

(Also known as C2 and C&C.)

  • Browser Exploitation Framework (BeEF) - Command and control server for delivering exploits to commandeered Web browsers.
  • Merlin - Cross-platform post-exploitation HTTP/2 command and control server and agent written in golang.
  • SILENTTRINITY - Asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR.

Credential Stuffing Account Checkers

Also known as Account Takeover (ATO) or account cracking.

  • Black Bullet - Single-threaded account checker with captcha bypass features and Selenium WebDriver support, sold for about $30 to $50. (Reference)
  • Private Keeper - Russian language account checker and takeover tool, sold at prices starting from approximately $1 USD.
  • SNIPR - Windows toolkit for credential stuffing across Web (HTTP/S) and email (IMAP) attack surfaces with the ability to encrypt and re-sell ATO configurations, sold for about $20.
  • STORM - Flexible account checker with Cloudflare protection bypass features written in C#. (Reference)
  • Sentry MBA - Among the oldest and longest in-use account checkers, using OCR for captcha bypass but unable to pass JavaScript anti-bot challenges, sold for between $5 and $20 per configuration file. (Reference)
  • Woxy - Email account checker with built-in support for automating password reset and searching email content for valuable information, now cracked and available free of charge. (Reference)

Data stealers

๐Ÿšง TK-TODO

Evasion

  • CheckPlease - Sandbox evasion modules written in PowerShell, Python, Go, Ruby, C, C#, Perl, and Rust.

Keyloggers

  • TechNowLogger - Windows/Linux keylogger generator which sends key-logs via email with other juicy target info.

Phishing kits

(Also known as phishkits, one word.)

  • ActorExpose/PhishKits - Collection of phishing kits provided to the public to make the Internet a safer environment.

RAM scrapers

๐Ÿšง

See RamScraper for now.

Ransomware

๐Ÿšง TK-TODO

Remote Administration Tools (RATs)

Some Command and Control tools also overlap with RAT software.

(Also known as Remote Access Trojan or post-exploitation agent.)

  • Bella - Pure Python post-exploitation data mining and remote administration tool for macOS.
  • Empire - Pure PowerShell post-exploitation agent built on cryptologically-secure communications and a flexible architecture.
  • EvilOSX - Modular RAT that uses numerous evasion and exfiltration techniques out-of-the-box.
  • Pupy - Low-footprint, cross-platform (Windows, Linux, macOS, Android) RAT featuring all-in-memory execution guideline written in Python.
  • RedPeanut - Small RAT developed in .Net Core 2 and its agent in .Net 3.5/4.0, weaponized with several additional utilities.
  • Slackor - Golang implant that uses Slack as a command and control server.
  • Twittor - Stealthy Python based backdoor that uses Twitter (Direct Messages) as a command and control server.

Rootkits

  • Adore-NG - Rootkit adapted for the 2.6 and 3.x Linux kernels.
  • AdoreForAndroid - Adore rootkit ported to Android.
  • Diamorphine - LKM rootkit for Linux Kernels 2.6.x, 3.x, and 4.x.
  • Masochist - Framework for creating XNU based rootkits useful in OS X and iOS security research.
  • Vector-EDK - Commercial UEFI rootkit illegally sold by Hacking Team to numerous governments, leaked by hacker Phineas Phisher in 2015, and the basis of the MosaicRegressor rootkit.
  • vlany - Linux LD_PRELOAD rootkit.

Web Shells

(Also known as webshells, one word.)

  • BlackArch Webshells Collection - Various webshells that can be installed as a package on BlackArch Linux.
  • DAws - Advanced Web shell.
  • PHP-backdoors - Collection of PHP backdoors, for educational and/or testing purposes only.
  • PHP Exploit Scripts - Collection of PHP exploit scripts (often but not necessarily always backdoors or web shells), found when investigating hacked servers.
  • PHP WebShells collection - Repository of common PHP Web shells, somewhat dated.
  • PhpSploit - Remote control framework, aiming to provide a stealth interactive shell-like connection over HTTP between client and web server.
  • SharPyShell - Tiny and obfuscated ASP.NET webshell for C# web applications.
  • SecLists Web Shells - Examples of core Web shell functionality in PHP, JSP, ASP(X), ColdFusion, and more.
  • Weevely - Extensible PHP Web shell with numerous out-of-the-box modules.

License

CC-BY

This work is licensed under a Creative Commons Attribution 4.0 International License.

More Repositories

1

awesome-cybersecurity-blueteam

๐Ÿ’ป๐Ÿ›ก๏ธ A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.
4,204
star
2

awesome-lockpicking

๐Ÿ”“๐Ÿ˜Ž A curated list of awesome guides, tools, and other resources related to the security and compromise of locks, safes, and keys.
1,386
star
3

git-archive-all.sh

A bash shell script wrapper for git-archive that archives a git superproject and its submodules, if it has any.
Shell
204
star
4

data-structures-and-algorithms

๐Ÿ“–๐Ÿ’ป A compendium for self-education geared for "people who do not have computer science degrees."
PHP
88
star
5

fetlife-aslsearch

Greasemonkey user script offering an interface to perform pseudo-automatic searches of the FetLife.com user base filtered by age, sex, location, and role.
JavaScript
40
star
6

wp-pgp-encrypted-emails

๐Ÿ” ๐Ÿ“ง Encrypts WordPress emails using OpenPGP or S/MIME with a familiar API.
PHP
38
star
7

libFetLife

libFetLife is a PHP class implementing a simple API useful for interfacing with the amateur porn and fetish dating website FetLife.com.
PHP
33
star
8

fetlife-maltego

Local Transforms for the Maltego OSINT investigative tool that act on FetLife.com.
PHP
32
star
9

remail.sh

๐Ÿ“ง๐Ÿ”€ A simple Cypherpunk message preprocessor that makes it easy to chain Type I anonymous remailers together.
Shell
30
star
10

pat-okcupid

Alerts you of potential sexual predators on OkCupid based on their own answers to Match Questions patterned after Lisak and Miller's groundbreaking academic work on identifying "undetected rapists."
JavaScript
30
star
11

wp-sri

โšก๐Ÿ‘€ Adds Subresource Integrity (SRI) attributes to your page's elements for better protection against JavaScript DDoS attacks.
PHP
27
star
12

tarot-doc

๐ŸŽด A Debian package that provides information about the Tarot and various Tarot decks as a UNIX-like manual page.
Python
17
star
13

fetlife-faade

Alerts you of people who allegedly assaulted others as you browse FetLife. Sister tools exist for Facebook (https://apps.facebook.com/predator-alert-tool/) and for OkCupid (http://www.onthemedia.org/story/predator-alert-ok-cupid/)
JavaScript
16
star
14

fetlife-export

Backup the history (and related contexts) of a FetLife.com user account.
HTML
15
star
15

CTF

๐ŸŽ Capture The Flag (CTF) challenges that I've encountered. An "educational purposes only" repository.
HTML
13
star
16

pat-facebook

Predator Alert Tool for Facebook --> Click this link to use the app:
PHP
12
star
17

technomagic-dialects

๐Ÿ’ฌ๐Ÿ”ฎ Speak to your shell using various metaphors sourced from differing cultural dialects.
Shell
11
star
18

crabgrass-tools

๐ŸŒฑ๐Ÿƒ A collection of utility scripts and other tools that make working with Crabgrass easier.
Shell
11
star
19

inline-gdocs-viewer

๐Ÿ“Š Feature-rich WordPress plugin integrating Google Spreadsheets, Google Query Language, Google Charts API, and jQuery DataTables using a shortcode.
PHP
11
star
20

pentest-links

โš ๏ธ THIS REPOSITORY IS STALE. โš ๏ธ Collection of resources for penetration testing, ethical hacking, cybersecurity, organized by user context.
HTML
10
star
21

pat-twitter

Predator Alert Tool for Twitter enables you to receive alerts of predatory, harassing, or otherwise dangerous behavior on Twitter from sources you trust.
PHP
10
star
22

SimpleSpoofMAC

๐Ÿ†”๐Ÿ”€ Super simple launchd-style Airport/Wi-Fi card MAC address spoofer for macOS.
Shell
9
star
23

tumblr-crosspostr

โ†”๏ธ Tumblr Crosspostr is a bi-directional WordPress and Tumblr bridge inspired by Tumblrize.
PHP
9
star
24

wp-seedbank

Add seed exchange post type to turn a WordPress install into a seed bank! :D
PHP
9
star
25

fetlife-video-sharer

Lets you share videos on FetLife with anyone for free.
JavaScript
8
star
26

jekyll-builder-for-github-pages-action

Build Jekyll sites using the official Jekyll `builder` Docker image, then optionally deploy to GitHub Pages.
Shell
8
star
27

better-fetlife

A userscript to improve various features of FetLife.com, especially data portability and interoperability functionality.
JavaScript
8
star
28

cross-pod-links

Click a Diaspora post's permalink to copy a server-relative URL to your clipboard.
JavaScript
7
star
29

fb-unfollow

fb-unfollow has been obsoleted by Facebook's new News Feed Settings, which provides a batch unfollow command
Python
7
star
30

fabacab

5
star
31

ntalk-dissector

Talk (talkd) protocol dissector for Wireshark.
Lua
5
star
32

wikipages2csv

Script to extract data from an Apple WikiServer's data store by querying the filesystem itself. Creates a 'wikipages.csv' file that's readable by any spreadsheeting application, such as Numbers.app or Microsoft Excel.app.
4
star
33

wp-auto-image-grabber

WordPress plugin that scans your post for a link to another article, then scans that article for an appropriate main image to use.
PHP
4
star
34

simple-sex-positive-glossary

WordPress plugin that provides automatic links to definitions of sexuality-related terms.
PHP
4
star
35

osm2vcf

๐Ÿ—บ๏ธ๐Ÿ“‡ Download OpenStreetMap (OSM) data as a vCard.
JavaScript
4
star
36

wp-crosspost

WordPress Crosspost cross-posts content from your self-hosted WordPress blogs to your WordPress.com sites. Changes to your WordPress posts are reflected in your WordPress.com sites.
PHP
4
star
37

cloud-init-vagrant-example

Bare-bones example for testing a cloud-init cloud config script in a local Vagrant development environment.
Shell
3
star
38

fetlife-bridge

PHP
3
star
39

fetlife-epic-thread

Easily view comments in-reply-to other comments on FetLife discussion threads, quickly jump from one comment in a thread on the same page to another.
JavaScript
3
star
40

fetlife-spyscope

Hover over FetLife user avatar pictures to see their recent activity, vitals, and more. Quickly discern whether they're worth talking back to or not.
JavaScript
3
star
41

onion-radio

๐Ÿง…๐Ÿ“ป Experimental 21st century "pirate" Internet radio in Onionland.
3
star
42

pgps-fb

Preferred Gender Pronouns for Facebook implements "gender as a text field" and lets you choose your gender pronouns, as a Facebook App.
PHP
3
star
43

byoc

Portable blogging toolkit providing a unified dashboard for creating and managing content on multiple free Web hosting providers simultaneously.
Shell
3
star
44

eyes-of-arcadia

Automatically tests various social networks for user profiles whose names match the profile you're currently viewing.
JavaScript
3
star
45

jekyll-skeleton

An opinionated, skeletal Jekyll template compatible with GitHub Pages supporting iCalendar event feeds, gettext-like i18n/l10n, Schema.org-focused structured data markup, Forestry.io CMS integrations, and Tor's Onion-Location specification out of the box.
HTML
3
star
46

diasposter

Diasposter cross-posts your WordPress entries to Diaspora. Changes to your WordPress posts are reflected in your Diaspora posts.
PHP
3
star
47

wp-ldap

๐Ÿ‘ฅ๐Ÿข Manage your LDAP DIT using your WordPress Dashboard.
PHP
2
star
48

asm-example

Work in progress for assembly language education.
Assembly
2
star
49

adventofcode.com

My solutions to AdventOfCode.com programming challenges, updated whenever I feel like it.
Go
2
star
50

fb-utils

Utilities to automate Facebook tasks.
Python
2
star
51

pgp-practice-bot

Interactive tutorial for learning PGP/GPG, implemented as a single-page application.
HTML
2
star
52

chkrelease

Utility script to cryptographically verify the contents of a filesystem against the content of a tarball.
Shell
2
star
53

fetlife-demographics

Displays the demographics of FetLife events by age, sex, and role. May help you quickly determine whether an event is worth participating in or not.
JavaScript
2
star
54

bp-signup-member-type

๐Ÿ”˜๐Ÿ†” Add a "Member Type" option to the BuddyPress registration form.
PHP
2
star
55

tech-autonomy

๐ŸŒฑ๐Ÿ’ง To the daring belongs the future.
HTML
1
star
56

wp-waitlist

Waitlists for WordPress lets you create and manage user lists of almost any type in any post.
PHP
1
star
57

secure-shred

PHP
1
star
58

fetlife-text-search

Searches through FetLife group discussions for a specific keyword or phrase.
JavaScript
1
star
59

general-programming-encyclopedia

Simple explanations of general programming terms and concepts that are, for some reason, still missing from the Internet.
1
star
60

the-lark

A publication of art and insight, dangerously alive online.
PHP
1
star
61

wordpress-plugin-skeleton

A simple, opinionated scaffold for new WordPress plugins
PHP
1
star
62

fetlife-icalendar

A simple FetLife Event to iCalendar exporter.
PHP
1
star
63

fetlife2wxr

Export your FetLife content as a WordPress eXtended RSS (WXR) file, which can be imported to any WordPress blog.
PHP
1
star
64

apps-script-paypal-ipn-listener

โšก๐Ÿ’ต Simple Google Apps Script Library project for interacting with the PayPal IPN postback service.
JavaScript
1
star
65

vvv-activistnetwork

โœŠ Activist Network Platform (ANP) configuration for VVV
Shell
1
star
66

technomad-tools

Library that aims to provide a foundation for writing programs supporting technomad activities and technomadic individuals, themselves.
PHP
1
star
67

resting-crane-theme

Clean and simple blog theme for Tumblr focusing on accessibility, readability, and rich semantics.
1
star
68

nand2tetris

๐Ÿ’พ๐Ÿ”ฎ Personal self-study following the "Build a Computer from First Principles" ("Nand2Tetris") coursework.
Assembly
1
star
69

multisite-directory

๐Ÿ“‡๐ŸŒ Add a browseable, flexible directory of the sites in a WP Multisite network.
PHP
1
star
70

wp-screen-help-loader

Easily add custom on-screen help to the admin area of your WordPress website.
PHP
1
star
71

bp-delegated-xprofile

๐Ÿ‘ฅ๐Ÿšธ A BuddyPress plugin that lets a user delegate Extended Profile field(s) in one user's profile to other users.
PHP
1
star
72

wifi-cafe-surveyor

Automated Wi-Fi cafรฉ network device surveyor: collect data about internet devices at Internet cafรฉs.
CSS
1
star
73

have-we-disarmed-the-police-yet

Cops are taxpayer-funded domestic terrorists who serve no ethical or necessary function in society. Disband them immedaitely.
PHP
1
star