Analysis updated 2026-06-21
Study real-world botnet source code, including Mirai-family samples, to understand how command-and-control infrastructure is built.
Analyze ransomware and rootkit samples to build accurate detection signatures for your security monitoring tools.
Learn how in-browser JavaScript attacks and phishing page templates work in order to write defenses against them.
| vxunderground/malwaresourcecode | mytechnotalent/reverse-engineering | leachim6/hello-world | |
|---|---|---|---|
| Stars | 18,209 | 13,571 | 11,806 |
| Language | Assembly | Assembly | Assembly |
| Setup difficulty | moderate | moderate | easy |
| Complexity | 1/5 | 3/5 | 1/5 |
| Audience | researcher | developer | developer |
Figures from each repo's GitHub metadata at analysis time.
Some archives are password-protected with the word 'infected', extract and run samples only in an isolated, air-gapped environment.
MalwareSourceCode is a collection of malicious software source code gathered and organized by the vx-underground security research group. It is intended for malware research and education, understanding how malware is built helps defenders detect and counter it. The repository spans a wide range of platforms and programming languages, including Windows, Linux, macOS, Android, legacy Windows versions, PHP, Python, Perl, Ruby, Java, JavaScript, and assembly language. The collection is organized by platform and category. Windows malware entries include botnets, ransomware, rootkits, crypters (tools that hide malware from detection), stealers, exploit kits, and internet worms. Linux entries cover backdoors, botnets, rootkits, and trojans, including Mirai-family code. There are also phishing page templates, point-of-sale malware, and in-browser JavaScript attacks. Some archived files may be password-protected with the word "infected" to prevent accidental execution. The repository comes with a liability disclaimer: vx-underground and contributors accept no responsibility for how the code is used. Access to this material is intended strictly for defensive research purposes.
A curated archive of malicious software source code across Windows, Linux, macOS, Android, and more, maintained by vx-underground for security researchers and defenders who study how malware is built to better detect it.
Mainly Assembly. The stack also includes Assembly, C, Python.
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly researcher.
This repo across BitVibe Labs
Verify against the repo before relying on details.