Skip to content
Script lets you gather malicious software and c&c servers from open source platforms like Malshare, Malcode, Google, Cymon - vxvault, cybercrime tracker and c2 for Pony.
Branch: master
Clone or download
woj-ciech Merge pull request #2 from redmed666/py3_adapt
Adapted ddom and its modules to python3
Latest commit 0726a03 Jan 20, 2018
Type Name Latest commit message Commit time
Failed to load latest commit information.
modules Adapted ddom and its modules to python3 Jan 16, 2018 Merge pull request #2 from redmed666/py3_adapt Jan 20, 2018

Daily dose of malware

DDOM or Daily Dose of Malware allows you to gather malware and c&c from open source intelligence.
It can display info, export results to text file or download malicious software.
I want to make it as fresh as possible, that's why all malwares are dated on few days back.
Cymon displays last ten records, Google shows only first page and Malcode only main page.
Malshare API is updated, if new sample appears.

Supported platforms:
Malshare (You need to get api key)
Google dorks
-Vx vault
-CyberCrime tracker
-CybeCrime tracker for Pony malware (mostly c2 servers)


First clone this repo
git clone
For google dorks:
pip install selenium
pip install pyvirtualdisplay

and you need Mozilla Geckodriver

for Malcode:

pip install bs4

You can run the tool with python

usage: [-h] [-s [[...]]] [-cs [[...]]] [-d | -o | -e]

Daily dose of malware

optional arguments:

-h, --help            show this help message and exit
-s [ [ ...]], --source [ [ ...]]
                        source of feed. Allowed values are cymon, malshare,
                        malcode, google
-cs [ [ ...]], --cymonsource [ [ ...]]
                        Additional source for Cymon. Allowed values are
-d, --download        download malware
-o, --output          print to console
-e, --export          export to text file


Display info from malcode and malshare -s malcode malshare --output

Brought to you by Malc0de
Brought to you by Malshare
A free Malware repository providing researchers access to samples, malicous feeds, and Yara results.

Download files from vxvault and malcode (--download works for malshare, malcode and vxvault) (it connects to malicious, be careful) -s cymon -cs vxvault malcode --download

Cymon is the largest open tracker of malware, phishing, botnets, spam, and more. Brought to you by eSentire.
Downloading file
Downloaded malcode2018-01-13/rn.php
Downloading file
Downloaded malcode2018-01-13/32Kilences.exe
Downloading file
Downloaded malcode2018-01-13/dfjkgy7

It creates directory named 'source + timestamp' and then download malware into it.

Export results from google dorks: -s google --export

Google dorks
Exported to google2018-01-13.txt

It creates text file named 'source + timestamp' with information inside.


  1. You are dealing with real malware, which may harm your computer badly. I'm not responsible for any caused damages. Be careful and think.
  2. For Google dorks please make sure to use newest firefox and geckodriver. It simulates browser, so it may not working sometimes because of google captcha. My advice is to connect and reconnect your vpn.
  3. To use Malshare, you have to register and obtain api key. Then paste it to modules/ - line 21
  4. If you know more public and open source platforms for retrieving malware, let me know.
  5. If this script violates terms of service from any used service, let me know and I will delete it.
  6. Not all of google dorks are perfect, you may encounter on some false positives.


Do whatever you want to do with this tool.
If you know how to develop or have any idea, let me know.

You can’t perform that action at this time.