Open-source tool to explore malware clusters and shared infrastructure

Name: Open-source tool to explore malware clusters and shared infrastructure
Availability: InStock
Author: hi2poc

by hi2poc·Apr 27, 2026·2 points·0 comments

Visit Project View on HN

AI Analysis

●●SolidNiche GemSolve My ProblemDark Horse

TLSH fuzzy hashing with Cytoscape graph beats manual SHA256 lookups.

Strengths

•TLSH fuzzy hashing finds similar samples beyond exact hash matches
•Daily automated updates via GitHub Actions from MalwareBazaar
•Graph edges show shared infrastructure via URLhaus domain connections

Weaknesses

•Niche threat intel audience limits broader security team adoption
•VirusTotal Intelligence already offers malware clustering at scale

Post Description

I built a webapp that clusters malware samples by TLSH fuzzy hash similarity and visualizes the relationships as an interactive graph.

You can drop a SHA256 or TLSH hash to instantly find similar samples, see which malware family they belong to, and spot shared infrastructure (via URLhaus). Dashed edges mean two samples were distributed from the same domain.

Stack: FastAPI + SQLite (updated daily via GitHub Actions from MalwareBazaar) + Cytoscape.js for the graph

The database is updated daily—let me know what you'd like to see in a project like this

Similar Projects

Developer Tools●●Solid

Busca – the fuzzy ripgrep fast code explorer

Ripgrep wrapper with fuzzy search TUI when fzf, telescope, and ripgrep-all already exist.

Niche Gem

rokyed

424mo ago

Developer Tools●Mid

Memctl.com: Open-source shared memory infrastructure for coding agents

Persistent memory for coding agents, but memctl hasn't shipped yet—waitlist only, no demo.

Big BrainBold Bet

meszmate

203mo ago

Social●Mid

Faux radio website instead of texting MP3s

Turns the annoying phone-duplication problem into a simple, URL-first listening experience: live playlist, play/seek controls, and a very restrained UI that does the job without friction. Clever and immediately useful for personal demos, but it feels like a focused MVP — add per-track links, upload/permission controls, or lightweight metadata and this would stop being just a convenience hack.

Niche GemCozySolve My Problem

mcdowell_atx

104mo ago

SaaS●●Solid

Khaga – AI Infrastructure Diagnosis for AWS, GCP, Azure and Kubernetes

Multi-cloud diagnosis in <30s, but infra observability (Datadog, New Relic) already solves this better.

Solve My ProblemDark Horse

Gowrishankarhq

123mo ago

AI/ML●●Solid

WavNav, a desktop app to explore and search large sample libraries

The visual map + drop-to-search workflow is the clearest "oh that's cool" moment here — seeing samples clustered by similarity makes exploration fast and delightful. All ML and audio analysis run locally with GPU acceleration on macOS, which is technically impressive; the Windows story (no ML GPU support yet) and unclear DAW/integration hooks are the biggest practical gaps for serious users.

Niche GemWizardryEye Candy

maxgraf96

104mo ago

Infrastructure●●Solid

Armalo – The Infrastructure for Agent Networks

On-chain reputation and escrow for agent networks—ambitious, but product-market fit unproven.

Big BrainBold Bet

ArmaloAI

383mo ago