Malware Research Python Packages

ioc-fanger

Fang and defang indicators of compromise. You can test this project in a GUI here: http://ioc-fanger.hightower.space .

67K 69 11

iocextract

Defanged Indicator of Compromise (IOC) Extractor.

60K 578 92

ioc-finder

Simple, effective, and modular package for parsing observables (indicators of compromise (IOCs), network data, and other, security related information) from text. It uses grammars rather than regexes which makes it more readable, maintainable, and hackable. Explore our interactive documentation here: https://hightower.space/ioc-finder/

37K 181 44

pyhidra

Pyhidra is a Python library that provides direct access to the Ghidra API within a native CPython interpreter using jpype.

18K 209 22

apkid

Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android

16K 2K 337

karton-core

Distributed malware processing framework based on Python, Redis and S3.

10K 470 52

peid

Python implementation of the Packed Executable iDentifier (PEiD)

6K 145 15

malwaredb

MalwareDB: bookkeeping for malware, goodware, and unknown files with relationship discovery

6K 57 7

die-python

Native Python3 bindings for @horsicq's Detect-It-Easy

5K 87 5

pywhat

🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙‍♀️

4K 7K 388

threatingestor

Extract and aggregate threat intelligence.

4K 910 135

VirusTotal Full api

2K 307 86

mwdb-core

Malware repository component for samples & static configuration with REST API interface.

2K 385 74

bintropy

Analysis tool for estimating the likelihood that a binary contains compressed or encrypted bytes

2K 49 4

reminder-detector

Implementation of the packing detection heuristic from the paper "Packed PE File Detection for Malware Forensics" of Han et al.

1K 2 0

pypackerdetect

Re-implementation and packaging of PyPackerDetect

1K 28 4

karton-classifier

File type classifier for Karton framework

826 8 12

dumpulator

An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in general (sandboxing).

560 862 51

python-see

Sandboxed Execution Environment

521 820 94

malware-atlas

ATLAS - Malware Analysis Description

481 21 3

visualize-logs

A Python library and command line tools to provide interactive log visualization.

387 145 31

karton-archive-extractor

Extractor of various archive formats for Karton framework

313 5 6

cy-ioc-finder

Python package for finding and parsing indicators of compromise from text.

289 181 44

karton-config-extractor

Static configuration extractor for the Karton framework

226 10 6