A repository full of malware samples.

Android malware (.apk) can be spread through a fake PDF document by manipulating the file extension in the WhatsApp application. PoC is available in this repo

A simple antivirus coded in python capable of scanning selected files and deleting files that it detects as infected. This antivirus uses a large list of MD5, SHA1 and SHA256 malware hashes (many of which coming from this repo - https://github.com/Len-Stevens/MD5-Malware-Hashes) to determine infections. However as this project progresses I would like to implement machine learning detection with the long term goal of becoming a fully functioning antivirus. All Donations in Cryptocurrency are highly appreciated: Bitcoin: bc1qgnvw4x7w4m7uhafdne7seu4fvs73m44v9fu3ng Monero: 42xCsURykTQGqz6Kmy4rBm4ZVEpGv5NhcRFrqbgQZ3FzTXeFe9nzNjYCBzU7yMSGMqVzrHfNoMBfYfoALQcc69VtGNQeRWE Dogecoin: DD3rtFFBfusJSDmP8cmVp3X5Jq688B49gs Thank You! :)

Fluxion is a security auditing and social-engineering research tool. It is a remake of linset by vk496 with (hopefully) less bugs and more functionality. The script attempts to retrieve the WPA/WPA2 key from a target access point by means of a social engineering (phishing) attack. It's compatible with the latest release of Kali (rolling). Fluxion's attacks' setup is mostly manual, but experimental auto-mode handles some of the attacks' setup parameters. Read the FAQ before requesting issues. If you need quick help, fluxion is also avaible on gitter. You can talk with us on Gitter or on Discord. Installation Read here before you do the following steps. Download the latest revision git clone --recursive git@github.com:FluxionNetwork/fluxion.git Switch to tool's directory cd fluxion Run fluxion (missing dependencies will be auto-installed) ./fluxion.sh Fluxion is also available in arch cd bin/arch makepkg or using the blackarch repo pacman -S fluxion scroll Changelog Fluxion gets weekly updates with new features, improvements, and bugfixes. Be sure to check out the changelog here. :octocat: How to contribute All contributions are welcome! Code, documentation, graphics, or even design suggestions are welcome; use GitHub to its fullest. Submit pull requests, contribute tutorials or other wiki content -- whatever you have to offer, it'll be appreciated but please follow the style guide. book How it works Scan for a target wireless network. Launch the Handshake Snooper attack. Capture a handshake (necessary for password verification). Launch Captive Portal attack. Spawns a rogue (fake) AP, imitating the original access point. Spawns a DNS server, redirecting all requests to the attacker's host running the captive portal. Spawns a web server, serving the captive portal which prompts users for their WPA/WPA2 key. Spawns a jammer, deauthenticating all clients from original AP and lureing them to the rogue AP. All authentication attempts at the captive portal are checked against the handshake file captured earlier. The attack will automatically terminate once a correct key has been submitted. The key will be logged and clients will be allowed to reconnect to the target access point. For a guide to the Captive Portal attack, read the Captive Portal attack guide exclamation Requirements A Linux-based operating system. We recommend Kali Linux 2 or Kali rolling. Kali 2 & rolling support the latest aircrack-ng versions. An external wifi card is recommended. Related work For development I use vim and tmux. Here are my dotfiles :octocat: Credits l3op - contributor dlinkproto - contributor vk496 - developer of linset Derv82 - @Wifite/2 Princeofguilty - @webpages and @buteforce Photos for wiki @http://www.kalitutorials.net Ons Ali @wallpaper PappleTec @sites MPX4132 - Fluxion V3 Disclaimer Authors do not own the logos under the /attacks/Captive Portal/sites/ directory. Copyright Disclaimer Under Section 107 of the Copyright Act 1976, allowance is made for "fair use" for purposes such as criticism, comment, news reporting, teaching, scholarship, and research. The usage of Fluxion for attacking infrastructures without prior mutual consent could be considered an illegal activity, and is highly discouraged by its authors/developers. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program. Note Beware of sites pretending to be related with the Fluxion Project. These may be delivering malware. Fluxion DOES NOT WORK on Linux Subsystem For Windows 10, because the subsystem doesn't allow access to network interfaces. Any Issue regarding the same would be Closed Immediately Links Fluxion website: https://fluxionnetwork.github.io/fluxion/ Discord: https://discordapp.com/invite/G43gptk Gitter: https://gitter.im/FluxionNetwork/Lobby

Repo for The Crown: Exploratory Analysis of Nim Malware DEF CON 615 talk

Warning, almost everything in this Repo is MALWARE. I am using this to experiment with various functionality for the Hak5 USB Rubber Ducky Keystroke Attack Device. And trying to determine which methods work.

Keeps track of what repos needs to be saved from the new Github " Exploits and malware policy"

This repository contains the analysis reports, technical details or any tools created for helping in malware analysis. Additionally, the repo contains extracted TTPs with code along with the detection rules

This Malware is an application for MalwareEvasionTechniques repo .I used in it Registery staging in two modes R/W and I combined it with the remote scanner

Fluxion is the future of MITM WPA attacks Fluxion is a security auditing and social-engineering research tool. It is a remake of linset by vk496 with (hopefully) less bugs and more functionality. The script attempts to retrieve the WPA/WPA2 key from a target access point by means of a social engineering (phishing) attack. It's compatible with the latest release of Kali (rolling). Fluxion's attacks' setup is mostly manual, but experimental auto-mode handles some of the attacks' setup parameters. Read the FAQ before requesting issues. If you need quick help, fluxion is also avaible on gitter. You can talk with us on Gitter or on Discord. Installation Read here before you do the following steps. Download the latest revision git clone --recursive git@github.com:FluxionNetwork/fluxion.git Switch to tool's directory cd fluxion Run fluxion (missing dependencies will be auto-installed) ./fluxion.sh Fluxion is also available in arch cd bin/arch makepkg or using the blackarch repo pacman -S fluxion scroll Changelog Fluxion gets weekly updates with new features, improvements, and bugfixes. Be sure to check out the changelog here. :octocat: How to contribute All contributions are welcome! Code, documentation, graphics, or even design suggestions are welcome; use GitHub to its fullest. Submit pull requests, contribute tutorials or other wiki content -- whatever you have to offer, it'll be appreciated but please follow the style guide. book How it works Scan for a target wireless network. Launch the Handshake Snooper attack. Capture a handshake (necessary for password verification). Launch Captive Portal attack. Spawns a rogue (fake) AP, imitating the original access point. Spawns a DNS server, redirecting all requests to the attacker's host running the captive portal. Spawns a web server, serving the captive portal which prompts users for their WPA/WPA2 key. Spawns a jammer, deauthenticating all clients from original AP and lureing them to the rogue AP. All authentication attempts at the captive portal are checked against the handshake file captured earlier. The attack will automatically terminate once a correct key has been submitted. The key will be logged and clients will be allowed to reconnect to the target access point. For a guide to the Captive Portal attack, read the Captive Portal attack guide exclamation Requirements A Linux-based operating system. We recommend Kali Linux 2 or Kali rolling. Kali 2 & rolling support the latest aircrack-ng versions. An external wifi card is recommended. Related work For development I use vim and tmux. Here are my dotfiles :octocat: Credits l3op - contributor dlinkproto - contributor vk496 - developer of linset Derv82 - @Wifite/2 Princeofguilty - @webpages and @buteforce Photos for wiki @http://www.kalitutorials.net Ons Ali @wallpaper PappleTec @sites MPX4132 - Fluxion V3 Disclaimer Authors do not own the logos under the /attacks/Captive Portal/sites/ directory. Copyright Disclaimer Under Section 107 of the Copyright Act 1976, allowance is made for "fair use" for purposes such as criticism, comment, news reporting, teaching, scholarship, and research. The usage of Fluxion for attacking infrastructures without prior mutual consent could be considered an illegal activity, and is highly discouraged by its authors/developers. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program. Note Beware of sites pretending to be related with the Fluxion Project. These may be delivering malware. Fluxion DOES NOT WORK on Linux Subsystem For Windows 10, because the subsystem doesn't allow access to network interfaces. Any Issue regarding the same would be Closed Immediately Links Fluxion website: https://fluxionnetwork.github.io/fluxion/ Discord: https://discordapp.com/invite/G43gptk Gitter: https://gitter.im/FluxionNetwork/Lobby

This repo contains deobfuscated files of the Redline malware code which was behind the The recent Github Account hacks and stealing sensitive data such as Microsoft Windows login account and password and Browser Info and password along with Screen capture ability along with Cryptocurrency stealer

The repo contains publicly available malware analysis and reversing resources.

Tartocitron is a repo to have fun with malwares and the Rust language. This repo provides working examples of dropper written in Rust.

This is a repo of Malware Developement Workshop that I hosted with Nexus Security Club, it contains the modules and also the slides. If you are beginner in MalDev you can check the content to learn some new stuff

Fluxion is the future of MITM WPA attacks Fluxion is a security auditing and social-engineering research tool. It is a remake of linset by vk496 with (hopefully) less bugs and more functionality. The script attempts to retrieve the WPA/WPA2 key from a target access point by means of a social engineering (phishing) attack. It's compatible with the latest release of Kali (rolling). Fluxion's attacks' setup is mostly manual, but experimental auto-mode handles some of the attacks' setup parameters. Read the FAQ before requesting issues. If you need quick help, fluxion is also avaible on gitter. You can talk with us on Gitter or on Discord. Installation Read here before you do the following steps. Download the latest revision git clone --recursive git@github.com:FluxionNetwork/fluxion.git Switch to tool's directory cd fluxion Run fluxion (missing dependencies will be auto-installed) ./fluxion.sh Fluxion is also available in arch cd bin/arch makepkg or using the blackarch repo pacman -S fluxion scroll Changelog Fluxion gets weekly updates with new features, improvements, and bugfixes. Be sure to check out the changelog here. :octocat: How to contribute All contributions are welcome! Code, documentation, graphics, or even design suggestions are welcome; use GitHub to its fullest. Submit pull requests, contribute tutorials or other wiki content -- whatever you have to offer, it'll be appreciated but please follow the style guide. book How it works Scan for a target wireless network. Launch the Handshake Snooper attack. Capture a handshake (necessary for password verification). Launch Captive Portal attack. Spawns a rogue (fake) AP, imitating the original access point. Spawns a DNS server, redirecting all requests to the attacker's host running the captive portal. Spawns a web server, serving the captive portal which prompts users for their WPA/WPA2 key. Spawns a jammer, deauthenticating all clients from original AP and lureing them to the rogue AP. All authentication attempts at the captive portal are checked against the handshake file captured earlier. The attack will automatically terminate once a correct key has been submitted. The key will be logged and clients will be allowed to reconnect to the target access point. For a guide to the Captive Portal attack, read the Captive Portal attack guide exclamation Requirements A Linux-based operating system. We recommend Kali Linux 2 or Kali rolling. Kali 2 & rolling support the latest aircrack-ng versions. An external wifi card is recommended. Related work For development I use vim and tmux. Here are my dotfiles :octocat: Credits l3op - contributor dlinkproto - contributor vk496 - developer of linset Derv82 - @Wifite/2 Princeofguilty - @webpages and @buteforce Photos for wiki @http://www.kalitutorials.net Ons Ali @wallpaper PappleTec @sites MPX4132 - Fluxion V3 Disclaimer Authors do not own the logos under the /attacks/Captive Portal/sites/ directory. Copyright Disclaimer Under Section 107 of the Copyright Act 1976, allowance is made for "fair use" for purposes such as criticism, comment, news reporting, teaching, scholarship, and research. The usage of Fluxion for attacking infrastructures without prior mutual consent could be considered an illegal activity, and is highly discouraged by its authors/developers. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program. Note Beware of sites pretending to be related with the Fluxion Project. These may be delivering malware. Fluxion DOES NOT WORK on Linux Subsystem For Windows 10, because the subsystem doesn't allow access to network interfaces. Any Issue regarding the same would be Closed Immediately Links Fluxion website: https://fluxionnetwork.github.io/fluxion/ Discord: https://discordapp.com/invite/G43gptk Gitter: https://gitter.im/FluxionNetwork/Lobby

This repo demonstrates a real world case study and aims to solve a business problem, that is to predict the probability of each data-point belonging to each of the nine classes of malware.

A repo that contains scripts written to automate the de-obfuscation of the AutoIT malware that wraps a Remcos RAT agent, and to automate the extraction and decryption of Remcos configuration.

Don't execute any samples without the necessary environment and the knowledge. The final user (you) are responsible for the use of this samples, be aware. The distribution of this samples is only for purposes of investigation and analysis.

Repo contains POCs taken from the course Malware Development 1: The Basics and its succeeding Malware Development 2: Advanced Techniques

This repo contains the artifacts of ML experiments to detect / classify various malware attacks based on the classical MalImg Dataset

This repo has the code I wrote for "Malware Development for Ethical Hackers" course hosted on arabic.tech

theZoo-WebUI is bringing your favorite theZoo LIVE malware repo into your browser for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public. This WebUI is a way to make it even more useful in your homelab to quickly have a small webserver for distribution or search etc.

This is a misc repo related to the Ramnit malware share.

This is the repo linked to the malware analysis of Latrodectus on YT.

A repo of the malware source codes that I fix and create

This repo will contain the SQLite file(s) containing the IoT malware that my tracker found.

This is a keylogger written in C. This keylogger.h file provides you and option to append the keylogger activity in your malware.(For malware you can check my repos)

This repo contains the link and instructions for downloading a VM to be used at the Gotcha! Intro to Malware Analysis Workshop

I used this repo for my final year assignment to save all my work on the "Implementasi EfficientNet pada Klasifikasi Malware BIG 2015".

Repo to go along with my DC416 talk, Malware Development For Dummies. Code samples will continue to be uploaded over the next couple weeks