Worm/Trojan/Ransomware/apt/Rootkit/Virus Database

Overview

Pestilence - The Malware Database

Contributions Welcome HitCount [GitHub stars] made-with-python

Logo

Screenshot

Screenshot

Pestilence is a project created to make the possibility of malware analysis open and available to the public. Since we have found out that almost all versions of malware are very hard to come by in a way which will allow analysis, we have decided to gather all of them for you in an accessible and safe way. Pestilence was born by Err0r_HB and is now maintained by Hackboyz Team.

Pestilence is open and welcoming visitors!

If you are about to interact with our community please make sure to read our CODE-OF-CONDUCT.md prior to doing so. If you plan to contribute, first - thank you. However, do make sure to follow the standards on CONTRIBUTING.md.

Disclaimer

Pestilence's purpose is to allow the study of malware and enable people who are interested in malware analysis (or maybe even as a part of their job) to have access to live malware, analyse the ways they operate, and maybe even enable advanced and savvy people to block specific malware within their own environment.

Please remember that these are live and dangerous malware! They come encrypted and locked for a reason! Do NOT run them unless you are absolutely sure of what you are doing! They are to be used only for educational purposes (and we mean that!) !!!

We recommend running them in a VM which has no internet connection (or an internal virtual network if you must) and without guest additions or any equivalents. Some of them are worms and will automatically try to spread out. Running them unconstrained means that you will infect yourself or others with vicious and dangerous malware!!!

Getting Started

Clone the repository with git clone https://www.github.com/Err0r-ICA/Pestilence. Go to the directory and run pip install --user -r requirements.txt. This should install all latest requirements needed. In total can be "scripted" like so:

git clone https://www.github.com/Err0r-ICA/Pestilence
cd Pestilence
pip install --user -r requirements.txt

Start by running the console:

python2 Pestilence

License

Pestilence - the most awesome free malware database on the air Copyright (C) 2015-2021, Err0r_HB - Hackboyz Team

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.

You can also find more information in LICENSE.md.

License section does not apply to any of malicious samples in Pestilence's repository which includes samples and source code, reversed or otherwise.

Documentation and Notes

Background

Pestilence's objective is to offer a fast and easy way of retrieving malware samples and source code in an organized fashion in hopes of promoting malware research.

Root Files

Since version 0.42 Pestilence has been undergoing dramatic changes. It now runs in both CLI and ARGVS modes. You can call the program with the same command line arguments as before. The current default state of Pestilence runtime is the CLI. The following files and directories are responsible for the application's behaviour.

/conf - The conf folder holds files relevant to the particular running of the program but are not part of the application. You can find the EULA file in the conf and more.

/imports - Contains .py import files used by the rest of the application

/malwares/Binaries - The actual malwares samples - be careful! These are very live.

/malware/Source - Malware source code.

Malware under the folder Original is supposed to be (NO PROMISES!) the original source of the malware that leaked. Malware under the folder Reversed is either reversed, decompiled or partially reconstructed.

Directory Structure:

Each directory is composed of 4 files:

  • Malware files in an encrypted ZIP archive.
  • SHA256 sum of the 1st file.
  • MD5 sum of the 1st file.
  • Password file for the archive.

Bugs and Reports

The repository holding all files is currently https://github.com/Err0r-ICA/Pestilence

Submit Malware

Get the file you want to submit and just run python prep_file.py file_tosubmit.exe. It will create a directory for you. Then just submit that along with the changes to the conf/maldb.db so that we know which malware it is.

Change Log for v0.60:

  • Moved DB to SQLite3.
  • Searching overhaul to a freestyle fashion.
  • Fixed "get" command.
  • More & more malwares.

Change Log for v0.50:

  • Better and easier UI.
  • Aligned printing of malwares.
  • Command line arguments are now working.
  • Added 10 more malwares (cool ones) to the DB.

Change Log for v0.42:

  • Fix EULA for proper disclaimer.
  • More precise searching and indexing including platform and more.
  • Added 10 new malwares.
  • Git update of platform and new malware.
  • Fix display of search.
  • Enable support for platform and architecture in indexing.
  • Separate between database and application.
  • UI improvements.

Change Log for v0.43:

  • Verify argv to be working properly. (fixes in v0.5)
  • Virus-Total upload and indexing module. - Not possible due to restrictions of VT.
  • Automatic reporting system for malwares which are not indexed in the framework.

Change Log for v0.50:

  • Malware analysis pack has been removed to reduce clone size.
  • More documentation has been added.
  • Removed debugging function which were dead in the code.

Predicted Change Log for v1.0

  • Fix auto-complete for malware frameworks. (thanks to 5fingers)
  • Consider changing DB to XML or SQLite3. (Sheksa - done :))
  • Better UI features.
  • Fix and make 'light' version without malwares with _MalwareFetch function.

Hopeful

  • A GUI.
  • Package releases.

If you have any suggestions or malware that you have indexed (in the manner laid out in the documentation) please send it to us to - Pestilence-submissions [a-t] morirt [.d0t.] com - so we can add it for everyone's enjoyment.

My Accounts

Owner
*ERR0R*
*ERR0R*
Local File Inclusion Scanner and Exploiter

LFI-Paradise Local File Inclusion Scanner and Exploiter Features 1- Scanner 2- E

11 Sep 04, 2022
A python script to turn Ubuntu Desktop in a one stop security platform. The InfoSec Fortress installs the packages,tools, and resources to make Ubuntu 20.04 capable of both offensive and defensive security work.

infosec-fortress A python script to turn Ubuntu Desktop into a strong DFIR/RE System with some teeth (Purple Team Ops)! This is intended to create a s

James 41 Dec 30, 2022
VPN Overall Reconnaissance, Testing, Enumeration and eXploitation Toolkit

Vortex VPN Overall Reconnaissance, Testing, Enumeration and Exploitation Toolkit Overview A very simple Python framework, inspired by SprayingToolkit,

315 Dec 28, 2022
Mips script decompiles MIPS assembly instructions & bot functionality

mips mips is a python-based script that decodes MIPS instructions. Usage cd into mips and run python decode.py command or open decode.py to run the sc

Anthony Tedja 0 Mar 30, 2022
A simple tool to audit Unix/*BSD/Linux system libraries to find public security vulnerabilities

master_librarian A simple tool to audit Unix/*BSD/Linux system libraries to find public security vulnerabilities. To install requirements: $ sudo pyth

CoolerVoid 167 Dec 19, 2022
Files related to PoC||GTFO 21:21 - NSA’s Backdoor of the PX1000-Cr

Files related to PoC||GTFO 21:21 - NSA’s Backdoor of the PX1000-Cr 64bit2key.py

Stefan Marsiske 15 Nov 26, 2022
Natural Language Processing - Sommer Semester 2022

Natural Language Processing (DIS25a/NLP) This course can be taken for the Bachelor Programm Data and Information Science (DIS25a) or the Master Progra

Classrooms of IR Group at Technische Hochschule Köln 19 Sep 07, 2022
Cobalt Strike < 4.4 dos CVE-2021-36798

CVE-2021-36798 CVE-2021-36798 Cobalt Strike 4.3 dos 用法 python3 CVE-2021-36798.py BeaconURL 打瘫Cobalt Strike 只需要一个包 已测试 4.3 4.2 参考: https://labs.sent

37 Nov 09, 2022
DCSync - DCSync Attack from Outside using Impacket

Adding DCSync Permissions Mostly copypasta from https://github.com/tothi/rbcd-at

n00py 77 Dec 16, 2022
Guess the password for Tik Tok accounts

Guess the password for Tik Tok accounts Tool features : You don't need proxies There is no captcha Running on a private api Combo T

32 Dec 25, 2022
This is a js front-end encryption blasting account and password tools

Author:0xAXSDD By Gamma安全实验室 version:1.0 explain:这是一款用户绕过前端js加密进行密码爆破的工具,你无需在意js加密的细节,只需要输入你想要爆破url,以及username输入框的classname,password输入框的clas

75 Nov 25, 2022
A great and handy python obfuscator for protecting code.

Python Code Obfuscator A handy and necessary tool that can protect your code anytime! Mostly Command Line tool that will obfuscate your code. Features

Karim 5 Nov 18, 2022
Denial Attacks by Various Methods

Denial Service Attack Denial Attacks by Various Methods IIIIIIIIIIIIIIIIIIII PPPPPPPPPPPPPPPPP VVVVVVVV VVVVVVVV I::

Baris Dincer 9 Nov 26, 2022
Open Source Tool - Cybersecurity Graph Database in Neo4j

GraphKer Open Source Tool - Cybersecurity Graph Database in Neo4j |G|r|a|p|h|K|e|r| { open source tool for a cybersecurity graph database in neo4j } W

Adamantios - Marios Berzovitis 27 Dec 06, 2022
A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)

MassDNS A high-performance DNS stub resolver MassDNS is a simple high-performance DNS stub resolver targeting those who seek to resolve a massive amou

B. Blechschmidt 2.5k Jan 07, 2023
Auerswald COMpact 8.0B Backdoors exploit

CVE-2021-40859 Auerswald COMpact 8.0B Backdoors exploit About Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow a

Ashish Kunwar 1 Nov 24, 2022
CC CAMERA HACKING TOOL

CAM-HACK CC CAMERA HACKING TOOL Installation On Termux $ apt update

Aryan 10 Sep 25, 2022
Phoenix Framework is an environment for writing, testing and using exploit code.

Phoenix-Framework Phoenix Framework is an environment for writing, testing and using exploit code. 🖼 Screenshots 🎪 Community PwnWiki Forums 🔑 Licen

Felix 42 Aug 09, 2022
Auerswald COMpact 8.0B Backdoors exploit

CVE-2021-40859 Auerswald COMpact 8.0B Backdoors exploit About Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow a

6 Sep 22, 2022
Burp Suite extension for encoding/decoding EVM calldata

unblocker Burp Suite extension for encoding/decoding EVM calldata 0x00_prerequisites Burp Suite Java 8+ Python 2.7 0x01_installation clone this reposi

Halborn 16 Aug 30, 2022