Hello everyone,

I have been analyzing malware for quite sometime now, but have always used Wireshark to observe the C2 domains between two VM hosts. However, a while back a co-worker of mine mentioned Fakenet-ng. Has anyone played with this tool? Is it worth it?

Thank you for your time. :)
Last edited:

Deleted member 65228

I've heard of FakeNet-NG from a friend of mine although I have not used it myself before; it is open-source and can be freely downloaded therefore it wouldn't hurt for you to try it out and see if you are comfortable using it.

You can find out more information regarding the tool at the following links:
FakeNet - aldeid (this is the original - not the NG copy)
GitHub - fireeye/flare-fakenet-ng: FakeNet-NG - Next Generation Dynamic Network Analysis Tool (this is the one you are referring to and is however based* on the original)

The tool allows you to intercept and redirect all or specific network traffic while simulating legitimate network services. Using FakeNet-NG, malware analysts can quickly identify malware's functionality and capture network signatures. Penetration testers and bug hunters will find FakeNet-NG's configurable interception engine and modular framework highly useful when testing application's specific functionality and prototyping PoCs.
If it works well then it could be a really promising and useful tool to aid in malware analysis. If you do decide to try it out, please do let us know what your thoughts are on it!

Just a heads up, there's a forum category specifically for Malware Analysis and you can find it here: Malware Analysis - topics like this are better suited over in that area, and keeps topics on the subject all grouped together to be easily found for future reference. :)
UPDATE: Fakenet is awesome and I would highly recommend it. Also, ApateDNS is really good as well. Since this post I have tried both. This will definitely aid any malware analyst when performing dynamic analysis. ApateDNS can be found here -> ApateDNS | FireEye