30 open-source projects similar to jgamblin/mirai-source-code, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Mirai Source Code alternative.
TheZoo is a centralized repository and management system designed for the storage, organization, and retrieval of live malicious software samples. It provides a structured environment for security researchers and educators to access, track, and analyze dangerous code for the purpose of threat intelligence and defense development. The system utilizes a command-line interface to manage the lifecycle of malware samples, including the preparation of new submissions and the querying of a centralized database. To ensure safety and authenticity, the platform stores binaries in password-protected, en
This project is a curated repository of remote access trojan binaries and malware samples. It serves as a structured analysis dataset and security research toolset designed for studying the behavior and inner workings of remote administration tools. The collection provides a versioned archive of malware samples and backdoor interfaces, with specific categorizations for target platforms including Windows and Android. It organizes these binaries to facilitate the study of malware evolution and the identification of technical patterns. The repository covers several security research areas, incl
This project is a post-exploitation framework and command and control platform designed for security research and penetration testing. It functions as a remote access tool consisting of a central command server and encrypted executable payloads that establish reverse shell connections. The system utilizes a web-based dashboard for multi-client administration, allowing for remote host monitoring and direct shell access through an in-browser terminal. It generates cross-platform, encrypted binaries that employ a multi-stage delivery chain and a key exchange mechanism to secure communications.
pe-sieve is a set of diagnostic tools for scanning Windows process memory to identify malicious implants, shellcode, and hooks. It functions as an in-memory implant detector, malware unpacker, and process callstack analyzer designed to locate and dump memory patches and injected code from running processes. The project identifies advanced evasion techniques, such as process hollowing and reflective injection, by verifying portable executable structures in memory. It distinguishes itself by analyzing process callstacks to detect anomalies and redirections and by reconstructing executable heade
This project is a cybersecurity educational resource and courseware designed for malware analysis and reverse engineering. It provides a structured curriculum of lessons, labs, and guided projects focused on detecting and understanding the behavior of malicious software. The resource includes a lab guide for building isolated virtual machine environments to safely execute and study malware. It covers the setup of a specialized toolchain consisting of disassemblers and debuggers used to analyze compiled machine code. The training material covers both static analysis, which examines binary cod
This project is a curated archive and cybersecurity research dataset of raw source code from various malware families. It serves as a malware analysis library designed to help researchers study the inner workings of different threats and identify attack patterns across multiple platforms and programming languages. The repository supports security research by providing raw text distribution of original source code. This allows for the study of platform vulnerabilities, threat intelligence gathering, and the development of security products and detection signatures. The collection is organized
Malware samples, analysis exercises and other interesting resources.
This project is a cross-compiler toolchain for RISC-V software development. It provides the necessary components to compile C and C++ source code into executable binaries and libraries specifically for the RISC-V hardware architecture. The toolchain supports multi-architecture binary generation and multilib capabilities, allowing a single installation to target various instruction set specifications and bit-widths. It integrates with alternative compilers such as LLVM and Clang and includes a bootstrapped build pipeline to produce high-performance versions of the tools. The system covers bro
This project is a security auditing and penetration testing utility designed for automating password guessing, credential stuffing, and account brute-forcing on Instagram. It functions as an account recovery auditor that simulates automated login attacks to test the strength of account passwords. The tool incorporates a proxy manager to handle the import and monitoring of proxy lists. This system routes requests through rotating IP addresses and monitors proxy health to prune unresponsive addresses and avoid rate limiting. The software provides capabilities for concurrent request execution a
Patator is a multi-purpose brute force tool and modular security framework used for testing credentials, discovering network services, and fuzzing network protocols through automated payload delivery. It functions as a credential exhaustion framework and a network protocol fuzzer. The project provides specific utilities for recovering passwords from encrypted ZIP archives, enumerating DNS zones via forward and reverse queries, and identifying valid usernames and passwords across common network protocols. Its broader capabilities include web endpoint fuzzing, network service probing, and user
Hydra is a network login password cracker and authentication tester designed to identify valid usernames and passwords through automated brute-force and dictionary attacks. It serves as a multi-protocol authentication tester capable of verifying credentials across a wide range of remote network services, including SSH, SMB, FTP, and various database listeners. The project is distinguished by its ability to execute parallelized password attacks against multiple servers and protocols simultaneously. It features a modular system for implementing diverse network authentication schemes, allowing f
GopherJS is a cross-compiler toolchain that converts Go source code into JavaScript. It functions as a transpiler, enabling the execution of statically typed Go code within web browsers and other standard JavaScript runtime environments. The project provides a comprehensive implementation of the Go standard library, replacing system-level calls with browser-compatible APIs to maintain language semantics. It maps Go's memory allocation patterns and type definitions onto the host JavaScript engine, while utilizing source map generation to allow for debugging using original Go source files. By
Nexe is a cross-platform binary bundler and compiler that packages Node.js applications and their dependencies into single standalone executables. It functions as a runtime compiler that can build the Node.js runtime from source with custom flags and application snapshots to enable software distribution without requiring a pre-installed runtime. The system allows for cross-compilation across different operating systems and architectures from a single build environment. It includes a static asset bundler to embed external files and directories directly into the compiled binary for access at ru
This project is a cross-compilation build system and software repository for the OpenWrt operating system. It provides a curated collection of community-maintained software packages, build scripts, and application definitions used to compile third-party libraries and utilities for specific target hardware architectures. The system functions as an embedded Linux software feed, utilizing a cross-compilation workflow to convert external source code into compatible binaries. It includes a distribution of network tools, such as DNS servers and VPNs, tailored for router-based environments and resou
Gox is a cross-platform build automator and command line tool designed for Go cross-compilation. It serves as a toolchain manager that builds and configures the necessary compilation tools and flags required to target diverse hardware platforms. The system automates the setup, installation, and provisioning of the assemblers and linkers needed for different operating systems and architectures. It manages the generation of executable binaries for multiple platforms in parallel, utilizing custom naming templates and linker flags to prepare software releases. The tool provides capabilities for
Hashcat is a high-performance hash cracking software and OpenCL compute application used to recover plain-text passwords from hashed data. It functions as a GPU-accelerated recovery tool and distributed password cracker, leveraging CPUs and GPUs to perform intensive cryptographic computations. The system differentiates itself through a distributed cracking workflow that coordinates tasks across multiple machines via an overlay network to share computational load. It further optimizes recovery speed using Markov chain keyspace optimization to prioritize the most likely password candidates. Th
Quasar is an encrypted TCP-based remote administration tool for Windows that combines command-and-control capabilities with credential extraction, keystroke logging, file and registry management, desktop monitoring, and SOCKS5 reverse proxy tunneling. It operates through a modular framework where individual capabilities are loaded as plugins communicating over an encrypted command channel. The tool distinguishes itself by integrating credential recovery from browsers and FTP clients, keystroke capture with full Unicode support, and a SOCKS5 reverse proxy for routing network traffic through th
Blasting Dictionary provides curated datasets of common usernames and passwords designed for auditing authentication strength and identifying vulnerable accounts. It serves as a collection of credential stuffing wordlists and password attack dictionaries used to test for weak or default credentials in target services. The project facilitates security penetration testing and vulnerability assessments by providing the necessary datasets for simulating brute force and credential stuffing attacks. These resources are used to evaluate the security of authentication systems and identify services su
FFmpeg-Builds is a cross-platform compilation toolchain and custom build system designed to generate static executables of the FFmpeg multimedia framework. It provides a distribution of pre-compiled binaries for multiple operating systems and hardware architectures. The project utilizes a Docker-based build environment to isolate toolchains and dependencies. This containerized approach enables multi-architecture cross-compilation and allows for parameter-driven feature selection to include specific codecs, libraries, and license options in the final binaries. The system manages the entire wo
kscan is a network security scanner and service fingerprinter used to discover active hosts and open ports. It functions as a network protocol analyzer and internal network mapper to identify reachable gateways and analyze the network surface area of target environments. The tool integrates external asset discovery by retrieving target hosts through external intelligence services and verifying their availability. It also operates as a credential brute force tool, testing authentication strength across multiple protocols using automated username and password dictionaries. The project covers n
Blade-build is a multi-language build system and software orchestrator designed to automate the compilation, linking, and testing of complex codebases. It functions as an incremental build engine that models project structures as directed acyclic graphs, ensuring that only affected modules are recompiled when source code or header files change. By utilizing declarative build specifications, the system provides a unified approach to managing dependencies and toolchains across diverse programming environments. The system distinguishes itself through a focus on hermetic build environments and re
ISPC is a vectorizing compiler and SIMD parallel programming language that implements a single program multiple data model. It serves as a toolchain for translating C-based code with parallel extensions into optimized machine code for various CPU and GPU architectures using an LLVM backend. The compiler is designed for cross-platform SIMD toolchain support, generating specialized instruction sets for x86 SSE/AVX, ARM NEON, and Intel GPU from a single source. It features a runtime dispatch mechanism that selects the most efficient hardware-specific implementation for the current system during
fsociety is a penetration testing framework and security tool orchestrator designed to conduct full security audits. It functions as a wrapper that integrates external security binaries into a unified, menu-driven interface, providing a centralized system for command-line parameter mapping and execution. The project distinguishes itself by organizing specialized utilities into domain-specific collections for structured navigation. It automates the transition between different phases of an audit by chaining reconnaissance and exploitation tools through sequential workflow automation. The fram
GoReleaser is a release automation tool for building, packaging, and distributing Go binaries across multiple platforms and architectures. It functions as a cross-compilation build pipeline and binary distribution orchestrator that manages the end-to-end lifecycle of versioned software releases. The tool utilizes a declarative configuration pipeline based on a YAML definition file to automate the Go toolchain. It links Git tags to the compilation process, allowing for automated version tagging and the injection of build metadata and version strings into binaries via linker flags. Its capabil
Empire is a post-exploitation command-and-control (C2) framework designed for red team operations. It deploys and manages agents written in PowerShell, Python, C#, Go, and C across Windows, Linux, and macOS, using encrypted communication channels over HTTP, HTTPS, and SMB. The framework executes over 400 built-in modules for reconnaissance, privilege escalation, credential theft, and lateral movement, and provides a modular engine for authoring custom attack modules. What sets Empire apart is its multi-language agent deployment system, which allows operators to choose implants that suit each
This project provides a Linux kernel development environment and a system emulation suite for building and debugging kernel modules and baremetal assembly across multiple hardware architectures. It functions as a comprehensive sandbox and framework for low-level system development, utilizing QEMU to simulate hardware environments without the need for physical devices. The environment integrates cross-compilation toolchains using Buildroot and crosstool-NG to target x86_64, ARMv7, and ARMv8 platforms from a single host. It features a specialized kernel debugging framework that leverages GDB an
This repository is a library of scripts for automating keystroke injection and executing remote payloads via USB HID devices. It provides a collection of pre-written automation sequences that simulate keyboard input to perform complex tasks on target operating systems. The framework supports cross-platform payloads capable of detecting target operating systems and adapting keyboard layouts for accurate character injection across different regions. It utilizes a staged payload method to download and execute external code from remote servers, extending the functionality of initial scripts. The
python-build-standalone is a toolchain designed to produce redistributable Python executables across multiple operating systems and hardware architectures. It generates standalone Python binaries that can be distributed to users without requiring a pre-installed system interpreter. The project manages the end-to-end process of cross-platform compilation using target triples and containerized environments to ensure consistent binary output. It includes a distribution pipeline that automates the generation of build matrices and the uploading of compiled artifacts to public release pages and mir
Bjorn is a penetration testing framework that automates network scanning, credential brute-forcing, vulnerability assessment, and data exfiltration, all coordinated through an event-driven task pipeline and controlled via a web-based dashboard. Its modular plugin architecture allows independent security modules to be loaded and chained together, with an asynchronous network scanner discovering live hosts and open ports without blocking the main execution flow. The framework distinguishes itself by integrating a credential brute-force engine that systematically attempts login combinations agai