Worm/Trojan/Ransomware/apt/Rootkit/Virus Database

Overview

Pestilence - The Malware Database

Contributions Welcome HitCount [GitHub stars] made-with-python

Logo

Screenshot

Screenshot

Pestilence is a project created to make the possibility of malware analysis open and available to the public. Since we have found out that almost all versions of malware are very hard to come by in a way which will allow analysis, we have decided to gather all of them for you in an accessible and safe way. Pestilence was born by Err0r_HB and is now maintained by Hackboyz Team.

Pestilence is open and welcoming visitors!

If you are about to interact with our community please make sure to read our CODE-OF-CONDUCT.md prior to doing so. If you plan to contribute, first - thank you. However, do make sure to follow the standards on CONTRIBUTING.md.

Disclaimer

Pestilence's purpose is to allow the study of malware and enable people who are interested in malware analysis (or maybe even as a part of their job) to have access to live malware, analyse the ways they operate, and maybe even enable advanced and savvy people to block specific malware within their own environment.

Please remember that these are live and dangerous malware! They come encrypted and locked for a reason! Do NOT run them unless you are absolutely sure of what you are doing! They are to be used only for educational purposes (and we mean that!) !!!

We recommend running them in a VM which has no internet connection (or an internal virtual network if you must) and without guest additions or any equivalents. Some of them are worms and will automatically try to spread out. Running them unconstrained means that you will infect yourself or others with vicious and dangerous malware!!!

Getting Started

Clone the repository with git clone https://www.github.com/Err0r-ICA/Pestilence. Go to the directory and run pip install --user -r requirements.txt. This should install all latest requirements needed. In total can be "scripted" like so:

git clone https://www.github.com/Err0r-ICA/Pestilence
cd Pestilence
pip install --user -r requirements.txt

Start by running the console:

python2 Pestilence

License

Pestilence - the most awesome free malware database on the air Copyright (C) 2015-2021, Err0r_HB - Hackboyz Team

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.

You can also find more information in LICENSE.md.

License section does not apply to any of malicious samples in Pestilence's repository which includes samples and source code, reversed or otherwise.

Documentation and Notes

Background

Pestilence's objective is to offer a fast and easy way of retrieving malware samples and source code in an organized fashion in hopes of promoting malware research.

Root Files

Since version 0.42 Pestilence has been undergoing dramatic changes. It now runs in both CLI and ARGVS modes. You can call the program with the same command line arguments as before. The current default state of Pestilence runtime is the CLI. The following files and directories are responsible for the application's behaviour.

/conf - The conf folder holds files relevant to the particular running of the program but are not part of the application. You can find the EULA file in the conf and more.

/imports - Contains .py import files used by the rest of the application

/malwares/Binaries - The actual malwares samples - be careful! These are very live.

/malware/Source - Malware source code.

Malware under the folder Original is supposed to be (NO PROMISES!) the original source of the malware that leaked. Malware under the folder Reversed is either reversed, decompiled or partially reconstructed.

Directory Structure:

Each directory is composed of 4 files:

  • Malware files in an encrypted ZIP archive.
  • SHA256 sum of the 1st file.
  • MD5 sum of the 1st file.
  • Password file for the archive.

Bugs and Reports

The repository holding all files is currently https://github.com/Err0r-ICA/Pestilence

Submit Malware

Get the file you want to submit and just run python prep_file.py file_tosubmit.exe. It will create a directory for you. Then just submit that along with the changes to the conf/maldb.db so that we know which malware it is.

Change Log for v0.60:

  • Moved DB to SQLite3.
  • Searching overhaul to a freestyle fashion.
  • Fixed "get" command.
  • More & more malwares.

Change Log for v0.50:

  • Better and easier UI.
  • Aligned printing of malwares.
  • Command line arguments are now working.
  • Added 10 more malwares (cool ones) to the DB.

Change Log for v0.42:

  • Fix EULA for proper disclaimer.
  • More precise searching and indexing including platform and more.
  • Added 10 new malwares.
  • Git update of platform and new malware.
  • Fix display of search.
  • Enable support for platform and architecture in indexing.
  • Separate between database and application.
  • UI improvements.

Change Log for v0.43:

  • Verify argv to be working properly. (fixes in v0.5)
  • Virus-Total upload and indexing module. - Not possible due to restrictions of VT.
  • Automatic reporting system for malwares which are not indexed in the framework.

Change Log for v0.50:

  • Malware analysis pack has been removed to reduce clone size.
  • More documentation has been added.
  • Removed debugging function which were dead in the code.

Predicted Change Log for v1.0

  • Fix auto-complete for malware frameworks. (thanks to 5fingers)
  • Consider changing DB to XML or SQLite3. (Sheksa - done :))
  • Better UI features.
  • Fix and make 'light' version without malwares with _MalwareFetch function.

Hopeful

  • A GUI.
  • Package releases.

If you have any suggestions or malware that you have indexed (in the manner laid out in the documentation) please send it to us to - Pestilence-submissions [a-t] morirt [.d0t.] com - so we can add it for everyone's enjoyment.

My Accounts

Owner
*ERR0R*
*ERR0R*
SEBUAH TOOLS TERMUX CRACK AKUN FF HOMKI AKUN EPEP DAH SATU FOLLOW AE YA BROO AWOKWOK

print " INSTALL TOOLS " $ pkg update && upgrade $ pkg install python2 $ pkg install git $ pip2 install lolcat $ pip2 install bs4 $ pip2 install reques

Jeeck 2 Nov 29, 2021
Script Crack Facebook Elite 🚶‍♂

elite Script Crack Facebook Elite 🚶‍♂ Install Script $ pkg update && pkg upgrade $ termux-setup-storage $ pkg install git $ pkg install python $ pip

Yumasaa 1 Jan 02, 2022
Selamat Datang DiTools Crack-Old, Crack Old Adalah Sebuah Crack Tanpa Login Dan Crack Menggunakan Akun Facebook Tua/Old.

Selamat Datang DiTools Crack-Old, Crack Old Adalah Sebuah Crack Tanpa Login Dan Crack Menggunakan Akun Facebook Tua/Old. ([Welcome to Crack-Old Tools, Old Crack Is A Crack Without Login And Crack Usi

Risky [ Zero Tow ] 7 Dec 25, 2022
Format SSSD Raw Kerberos Payloads into CCACHE files for use on Windows systems

KCMTicketFormatter This tools takes the output from https://github.com/fireeye/SSSDKCMExtractor and turns it into properly formatted CCACHE files for

Black Lantern Security 35 Oct 25, 2022
You can manage your password with this program.

You must have Python compilers in order to run this program. First of all, download the compiler in the link.

Mustafa Bahadır Doğrusöz 6 Aug 07, 2021
Spring Cloud Gateway < 3.0.7 & < 3.1.1 Code Injection (RCE)

Spring Cloud Gateway 3.0.7 & 3.1.1 Code Injection (RCE) CVE: CVE-2022-22947 CVSS: 10.0 (Vmware - https://tanzu.vmware.com/security/cve-2022-22947)

Carlos Vieira 35 Dec 28, 2022
A Python r2pipe script to automatically create a Frida hook to intercept TLS traffic for Flutter based apps

boring-flutter A Python r2pipe script to automatically create a Frida hook to intercept TLS traffic for Flutter based apps. Currently only supporting

Hamza 64 Oct 18, 2022
Abusing Microsoft 365 OAuth Authorization Flow for Phishing Attack

O365DevicePhish Microsoft365_devicePhish Abusing Microsoft 365 OAuth Authorization Flow for Phishing Attack This is a simple proof-of-concept script t

Trewis [work] Scotch 4 Sep 23, 2022
LittleBrother is a simple parental control application monitoring specific processes on Linux hosts to monitor and limit the play time of children.

Parental Control Application LittleBrother Overview LittleBrother is a simple parental control application monitoring specific processes (read "games"

40 Dec 21, 2022
Password-Manager - This app can generate ,save , find and delete passwords.

Password-Manager This app can generate ,save , find and delete passwords. In the StartUp() Function , there are three buttons to choose from : Generat

1 Jan 01, 2022
A BurpSuite extension to parse 5GC NF OpenAPI 3.0 files to assess 5G core networks

5GC_API_parse Description 5GC API parse is a BurpSuite extension allowing to assess 5G core network functions, by parsing the OpenAPI 3.0 not supporte

PentHertz 57 Dec 16, 2022
A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications

This project is no longer maintained March 2020 Update: Please go see the amazing Pysa tutorial that should get you up to speed finding security vulne

2.1k Dec 25, 2022
CVE-2021-21972

CVE-2021-21972 % python3 /tmp/CVE_2021_21972.py -i /tmp/urls.txt -n 8 -e [*] Creating tmp.tar containing ../../../../../home/vsphere-ui/.ssh/authoriz

Keith Lee 30 Nov 19, 2022
对naabu的端口扫描结果,调用nmap进行指纹识别

naabu2nmap 对naabu的端口扫描结果,调用nmap进行指纹识别

Se7en 12 Nov 22, 2022
Confluence OGNL injection

CVE-2021-26084 Confluence OGNL injection CVE-2021-26084 is an Object-Graph Navigation Language (OGNL) injection vulnerability in the Atlassian Conflue

Ashish Kunwar 15 Sep 23, 2022
The Web Application Firewall Paranoia Level Test Tool.

Quick WAF "paranoid" Doctor Evaluation WAFPARAN01D3 The Web Application Firewall Paranoia Level Test Tool. — From alt3kx.github.io Introduction to Par

22 Jul 25, 2022
Python program that generates secure passwords.

Python program that generates secure passwords. The user has the option to select the length of the password, amount of passwords,

4 Dec 07, 2021
This is a repository filled with scripts that were made with Python, and designed to exploit computer systems.

PYTHON-EXPLOITATION This is a repository filled with scripts that were made with Python, and designed to exploit computer systems. Networking tcp_clin

Nathan Galindo 1 Oct 30, 2021
About Hive Burp Suite Extension

Hive Burp Suite Extension Description Hive extension for Burp Suite. This extension allows you to send data from Burp to Hive in one click. Create iss

7 Dec 07, 2022
NS-Defacer: a auto html injecter, In other words It's a auto defacer to deface a lot of websites in less time

Overview NS-Defacer is a auto html injecter, In other words It's a auto defacer

NightSec 10 Nov 19, 2022