ENNAENNA

FakeNet-NG

Apache-2.0

🧬 Reverse Engineering · Python

FakeNet-NG is a dynamic network analysis tool designed for malware analysis on Windows and Linux. It intercepts and redirects all network traffic to local listeners that simulate real internet services (HTTP, HTTPS, DNS, SMTP, FTP, IRC, and custom protocols). This allows analysts to observe malware network behavior without allowing actual internet connectivity, capturing C2 communications, download URLs, exfiltration attempts, and protocol patterns. FakeNet-NG supports SSL interception, custom response scripts, and integration with other analysis tools. It operates at the network driver level, catching traffic from all processes simultaneously.

2.1kstars
380forks
82issues
Updated 25d ago
+I use this
View on GitHub

Installation

$ pip install fakenet-ng

Use Cases

  • Capturing malware C2 traffic in isolated environments
  • Simulating internet services for dynamic malware analysis
  • Observing DNS queries and HTTP callbacks from samples
  • Safe detonation of malware without internet access

Tags

malware-analysisnetwork-simulationdynamic-analysisc2-capturemandiantfakenet-nggsoc-2026mandiant-flaretraffic-redirection

Details

Category
🧬 Reverse Engineering
Language
Python
License
Apache-2.0
Platforms
🐧linux🪟windows

Links

GitHub Repository

github.com/mandiant/flare-fakenet-ng

Releases

github.com/mandiant/flare-fakenet-ng/releases

Issues

github.com/mandiant/flare-fakenet-ng/issues

Sponsored

Your ad here

Reach security professionals and developers - ads@en-na.com

Community Reviews

Alternatives & Comparisons

Wireshark

C/C++

The world's foremost network protocol analyzer. Deep packet inspection for hundreds of protocols.

Compare FakeNet-NG vs Wireshark

Zeek

C++

Network analysis framework (formerly Bro). Deep packet inspection, protocol analysis, and security monitoring at scale.

Compare FakeNet-NG vs Zeek

Dshell

Python

Network forensic analysis framework by US Army Research Lab. Extensible Python-based packet decoder with plugin architecture.

Compare FakeNet-NG vs Dshell

CAPEv2

Python

Malware behavior analysis sandbox. Detonates samples and extracts configs, payloads, network IOCs, and API call traces.

Compare FakeNet-NG vs CAPEv2

More in Reverse Engineering

dnSpy

C#

.NET debugger, decompiler, and assembly editor. Inspect and modify .NET and Unity assemblies without source code.

dotnetdecompilerdebugger

ILSpy

C#

Open-source .NET decompiler and assembly browser. Produces clean C# from compiled binaries with cross-platform support.

dotnetdecompilerassembly-browser

x64dbg

C++

Open-source x64/x32 debugger for Windows. Full-featured binary debugger with plugin ecosystem for malware analysis and reverse engineering.

debuggerdisassemblermalware-analysis

Detect It Easy

C++/Qt

Binary packer and compiler detection. Identifies compilers, linkers, packers, and protectors used to build PE, ELF, and Mach-O files.

packer-detectionbinary-analysispe

angr

Python

Binary analysis framework. Symbolic execution, CFG recovery, and vulnerability discovery for compiled binaries in Python.

symbolic-executionbinary-analysiscfr

RetDec

C++

Retargetable decompiler by Avast. Converts machine code back to C from x86, ARM, MIPS, and PowerPC binaries.

decompilerllvmmulti-arch