{"id":13797327,"url":"https://github.com/albertzsigovits/malware-tools","last_synced_at":"2025-05-13T02:32:13.367Z","repository":{"id":49824988,"uuid":"169741218","full_name":"albertzsigovits/malware-tools","owner":"albertzsigovits","description":"A curated list of malware repositories, trackers and malware analysis tools","archived":false,"fork":false,"pushed_at":"2023-02-04T09:01:37.000Z","size":41,"stargazers_count":83,"open_issues_count":0,"forks_count":18,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-03-31T01:04:55.390Z","etag":null,"topics":["malware","malware-analysis","malware-research","malware-tools","malwareanalysis","reverse-engineering"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/albertzsigovits.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-02-08T13:45:32.000Z","updated_at":"2025-03-25T17:38:28.000Z","dependencies_parsed_at":"2024-08-03T23:08:31.551Z","dependency_job_id":"969c70db-3f6b-4139-b868-46772496b375","html_url":"https://github.com/albertzsigovits/malware-tools","commit_stats":null,"previous_names":["albertzsigovits/mal-analysis-tools"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/albertzsigovits%2Fmalware-tools","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/albertzsigovits%2Fmalware-tools/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/albertzsigovits%2Fmalware-tools/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/albertzsigovits%2Fmalware-tools/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/albertzsigovits","download_url":"https://codeload.github.com/albertzsigovits/malware-tools/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253859782,"owners_count":21975174,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["malware","malware-analysis","malware-research","malware-tools","malwareanalysis","reverse-engineering"],"created_at":"2024-08-03T23:01:27.804Z","updated_at":"2025-05-13T02:32:13.130Z","avatar_url":"https://github.com/albertzsigovits.png","language":null,"funding_links":[],"categories":["\u003ca id=\"8c5a692b5d26527ef346687e047c5c21\"\u003e\u003c/a\u003e收集"],"sub_categories":[],"readme":"# malware-tools  \nA curated list of malware repositories, trackers and malware analysis tools\n\n## Malware repositories:  \nVirusTotal - https://virustotal.com  \nVirusBay - https://beta.virusbay.io  \nMalBeacon - https://malbeacon.com  \nTraffic.moe - https://traffic.moe  \nBrad traffic analysis - https://www.malware-traffic-analysis.net  \ntheZoo - https://github.com/ytisf/theZoo/tree/master/malwares  \nContagio - https://contagiodump.blogspot.com  \nOpenMalware - https://openmalware.com  \nVirusign - http://www.virusign.com  \nDasMelwerk - https://dasmalwerk.eu  \nMalquarium - https://malquarium.org  \nVirusShare - https://virusshare.com  \nMalwareOne - https://malware.one  \nAVCaesar - https://avcaesar.malware.lu  \n0xffff0800 - https://iec56w4ibovnb4wc.onion.si/Library  \nMalshare.com - https://malshare.com  \nMalshare.io - https://malshare.io  \n\n### Github repositories:\nhttps://github.com/fabrimagic72/malware-samples  \nhttps://github.com/InQuest/malware-samples  \nhttps://github.com/0x48piraj/MalWAReX  \nhttps://github.com/NEUAI/MalwareLibrary  \nhttps://github.com/Tlgyt/The-Collection  \n\n## Malware trackers:  \nURLHaus - https://urlhaus.abuse.ch/browse/  \nViriBack - http://tracker.viriback.com  \n0btemoslab - http://tracker.0btemoslab.com  \nMalwaresuck - https://malwaresuck.com  \nBenkow - http://benkow.cc/passwords.php?page=1  \nHaruko - https://tracker.fumik0.com  \nVXVault - http://vxvault.net/ViriList.php  \nCC Tracker - https://cybercrime-tracker.net  \nMalc0de - http://malc0de.com/database  \nCRDF - https://threatcenter.crdf.fr  \nMDL - https://www.malwaredomainlist.com/mdl.php  \nTweet IOC - http://tweettioc.com  \nStealer Tracker - http://malwr.cc  \nThreatShare - https://threatshare.io/malware/  \n\n## Automated Sandbox evaluation:  \nVirusTotal - https://www.virustotal.com  \nHybrid-Analysis - https://www.hybrid-analysis.com  \nVMRay - https://www.vmray.com  \nSndbox - https://app.sndbox.com  \nVirusBay - https://beta.virusbay.io  \nAny.run - https://app.any.run  \nTria.ge - https://tria.ge  \nIntezer - https://analyze.intezer.com  \nMalwr - https://malwr.com  \nMalwr Cuckoo - http://mlwr.ee  \nMetadefender - https://metadefender.opswat.com  \nValkyrie - https://valkyrie.comodo.com  \nJoe Sandbox - https://www.joesandbox.com  \nPikker - http://sandbox.pikker.ee  \nViCheck - https://www.vicheck.ca  \nJotti - https://virusscan.jotti.org  \nVirscan - http://virscan.org  \nAnubis - http://anubis.iseclab.org  \nWepawet - https://wepawet.cs.ucsb.edu  \nManalyzer - https://manalyzer.org  \nUnpacme - https://www.unpac.me  \n\n## Static string analysis:\n### Linux:\nfile  \ntrid  \nstrings  \nfloss  \nxxd  \nredress  \nssdeep  \ntelfhash  \nauthentihash  \ngdb  \nstrace  \nradare2  \nexiftool  \nelfdump  \nobjdump  \nreadelf  \nelfutils  \npax-utils  \nimphash  \nssdeep  \nauthentihash  \nbulk-extractor  \nuudeview  \nforemost  \nscalpel  \nsteghide  \nstegsnow  \nzsteg  \nstegosuite  \nstegbreak  \nstegdetect  \nPEpper - https://github.com/Th3Hurrican3/PEpper  \npev  \npecarve  \npescanner.py  \nanalysePE.py  \nAnalyzePE  \nupx  \nyara  \nripPE - https://github.com/matonis/ripPE  \nUnipacker - https://github.com/unipacker/unipacker  \n  \n### Windows:  \nCFF Explorer - https://ntcore.com/?page_id=388  \nResource Hacker - http://www.angusj.com/resourcehacker  \nXN Resource Hacker - https://stefansundin.github.io/xn_resource_editor  \nDependency Walker - http://www.dependencywalker.com  \nLordPE - http://www.woodmann.com/collaborative/tools/images/Bin_LordPE_2010-6-29_3.9_LordPE_1.41_Deluxe_b.zip  \nScylla - https://github.com/NtQuery/Scylla  \nDetect It Easy - https://ntinfo.biz  \nPE Explorer - http://www.heaventools.com/overview.htm  \nImport REConstructor - https://github.com/NtQuery/Scylla  \nLordPE - https://www.aldeid.com/wiki/LordPE  \nPEiD - https://www.aldeid.com/wiki/PEiD  \nPEview - https://www.aldeid.com/wiki/PEView  \nFileAlyzer - https://www.safer-networking.org/products/filealyzer/  \nPEstudio - https://www.winitor.com/  \nChimprec - https://www.aldeid.com/wiki/CHimpREC  \nPE Insider - https://cerbero.io/peinsider/  \nPEframe - https://github.com/guelfoweb/peframe  \nUPX - https://github.com/upx  \nManalyze - https://github.com/JusticeRage/Manalyze  \nPortEx - https://github.com/katjahahn/PortEx  \nSignsrch - https://aluigi.altervista.org/mytoolz/signsrch.zip  \nRevelo - http://www.kahusecurity.com/2012/05/revelo-javascript-deobfuscator  \nUniExtract2 - https://github.com/Bioruebe/UniExtract2  \nMalUnpack - https://github.com/hasherezade/mal_unpack  \nPE_recovery_tools - https://github.com/hasherezade/pe_recovery_tools  \nAuto XOR decrypter - https://github.com/MRGEffitas/scripts/blob/master/auto_xor_decryptor.py  \n  \n## Live dynamic detonation:  \n### Proxy  \nFiddler - https://www.telerik.com/fiddler  \nBurp Suite - https://portswigger.net/burp/communitydownload  \n### MitM  \nFakeDNS - https://www.fireeye.com/services/freeware/apatedns.html  \nApateDNS - https://github.com/Crypt0s/FakeDns  \n### C2  \nFakeNet - https://github.com/fireeye/flare-fakenet-ng  \nINetSim - https://www.inetsim.org  \nnetcat - http://netcat.sourceforge.net  \nTCPView - https://docs.microsoft.com/en-us/sysinternals/downloads/tcpview  \nWireshark - https://www.wireshark.org  \nImaginary C2 - https://github.com/felixweyne/imaginaryC2  \nSuricata - https://suricata-ids.org/download/  \nEmerging Threat SIGs - https://rules.emergingthreats.net/  \nTor - https://www.torproject.org/  \n### Registry  \nRegShot - https://sourceforge.net/projects/regshot  \nWhatChanged - https://www.majorgeeks.com/files/details/what_changed.html  \nCaptureBAT - https://www.honeynet.org/node/315  \n### Process  \nProcess Hacker - https://github.com/processhacker/processhacker  \nProcess Monitor - https://docs.microsoft.com/en-us/sysinternals/downloads/procmon  \nProcess Explorer - https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer  \nProcessSpawnControl - https://github.com/felixweyne/ProcessSpawnControl  \nProcDOT - http://www.procdot.com  \n### API  \nAPI Monitor - http://www.rohitab.com/apimonitor#Download  \nAPISpy - http://www.matcode.com/apis32.htm  \n### Persistance  \nAutoruns - https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns  \n### Memory  \nvolatility - https://github.com/volatilityfoundation/volatility  \nMemoryze - https://www.fireeye.com/services/freeware/memoryze.html  \nOSR Driver Loader - https://www.aldeid.com/wiki/OSR-Driver-Loader  \nThe Sleuth Kit - https://github.com/sleuthkit/sleuthkit  \nTruman - http://nsmwiki.org/Truman_Overview  \nyara - https://github.com/virustotal/yara  \n### Frameworks  \nmastiff - https://github.com/KoreLogicSecurity/mastiff  \nIRMA - https://github.com/quarkslab/irma  \nVIPER - https://github.com/viper-framework/viper  \nLoki - https://github.com/Neo23x0/Loki  \nMultiscanner - https://github.com/mitre/multiscanner  \nchopshop - https://github.com/MITRECND/chopshop  \nMunin - https://github.com/Neo23x0/munin  \nFenrir - https://github.com/Neo23x0/Fenrir  \nHarpoon - https://github.com/Neo23x0/harpoon  \n\n  \n## Manual reverse engineering:  \n### PE:  \nOnline - https://onlinedisassembler.com/static/home/index.html  \nIDA - https://www.hex-rays.com/products/ida/  \nHex-Rays Decompiler - https://www.hex-rays.com/products/decompiler/  \nradare2 - https://github.com/radare/radare2  \nBinary Ninja - https://binary.ninja/  \nBinDiff - https://www.zynamics.com/bindiff.html  \nBinNavi - https://github.com/google/binnavi  \nBochs - http://bochs.sourceforge.net/getcurrent.html  \nx64dbg - https://x64dbg.com/#start  \nWinDbg - https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/debugger-download-tools  \nOllyDbg - http://www.ollydbg.de/  \nImmunityDbg - https://www.immunityinc.com/products/debugger/  \n### Shellcode:  \nxorsearch - https://blog.didierstevens.com/2014/09/29/update-xorsearch-with-shellcode-detector/  \nscdbg - http://sandsprite.com/blogs/index.php?uid=7\u0026pid=152  \nshellcode2exe - https://zeltser.com/convert-shellcode-to-assembly/  \njmp2it - https://digital-forensics.sans.org/blog/2014/12/30/taking-control-of-the-instruction-pointer/  \nBlobRunner - https://github.com/OALabs/BlobRunner  \n### .NET:  \ndnSpy - https://github.com/0xd4d/dnSpy  \ndotPeek - https://www.jetbrains.com/decompiler  \nILSpy - https://github.com/icsharpcode/ILSpy  \nJustDecompile - https://www.telerik.com/products/decompiler.aspx  \nJustAssembly - https://www.telerik.com/justassembly  \nReflector - https://www.red-gate.com/products/dotnet-development/reflector/index  \nCodeReflect - http://www.devextras.com/decompiler  \nDis# - http://www.netdecompiler.com  \nIL Disassembler - https://www.dotnetperls.com/il-disassembler  \nDisassembly Diagnoser - https://adamsitnik.com/Disassembly-Diagnoser  \n### JS:  \nV8 - https://isc.sans.edu/diary/V8+as+an+Alternative+to+SpiderMonkey+for+JavaScript+Deobfuscation/12157  \nbox-js - https://github.com/CapacitorSet/box-js  \njs-detox - https://github.com/svent/jsdetox  \n### Flash:  \nSWFDec - https://cgit.freedesktop.org/wiki/swfdec  \nswf_mastah.py - https://github.com/9b/pdfxray_lite/blob/master/swf_mastah.py  \n### VBA:  \nViperMonkey - https://github.com/decalage2/ViperMonkey  \nolevba.py - https://github.com/decalage2/oletools/wiki/olevba  \n### OLE:  \nOfficeMalScanner - http://www.reconstructer.org/code/OfficeMalScanner.zip  \nOLETools - https://www.decalage.info/python/oletools  \nHachoir - https://bitbucket.org/haypo/hachoir/wiki/hachoir-urwid  \nEXEFilter - http://www.decalage.info/exefilter  \n### RTF:  \nrtfproc  \nrtfprocrule  \nrtfraptor  \nrtfscan  \nrtfobj  \nrtfparser  \nrtfdump  \n### PDF:  \nPDF Stream Dumper - http://sandsprite.com/blogs/index.php?uid=7\u0026pid=57  \nPDF Dissector - https://blog.zynamics.com/2010/09/03/pdf-dissector-1-7-0-released/  \nPDF Tools - https://blog.didierstevens.com/programs/pdf-tools/  \npdfid.py - https://blog.didierstevens.com/programs/pdf-tools/  \npdfparser.py - https://blog.didierstevens.com/programs/pdf-tools/    \npeepdf.py - https://github.com/jesparza/peepdf  \nqpdf - http://qpdf.sourceforge.net/  \npdfinfo  \npdf2txt  \npdfdetach  \n  \n## Other:  \nKahusecurity Tools - http://www.kahusecurity.com/tools.html  \nDidierStevensSuite - https://github.com/DidierStevens/DidierStevensSuite  \nAwesome Malware Analysis list - https://github.com/rshipp/awesome-malware-analysis  \nAwesome Reversing list - https://github.com/tylerha97/awesome-reversing  \nRemnux - https://remnux.org/  \nSANS SIFT - https://digital-forensics.sans.org/community/downloads  \nFireEye FLARE-VM - https://github.com/fireeye/flare-vm  \nFireEye CommandoVM - https://github.com/fireeye/commando-vm  \nWebshell-intel - https://github.com/Neo23x0/webshell-intel  \nMalware-behaviors - https://github.com/MAECProject/malware-behaviors  \nMalTrail - https://github.com/stamparm/maltrail  \n### YARA:\nYaraScanner - https://github.com/mitre/yararules-python  \nYara Analyzer - https://github.com/Neo23x0/yarAnalyzer  \nYara Generator - https://github.com/Neo23x0/yarGen  \nAwesome-Yara - https://github.com/Neo23x0/awesome-yara  \nMalware-signatures - https://github.com/Neo23x0/malware-signatures  \nSignature-set - https://github.com/Neo23x0/signature-base  \nYara-rules - https://github.com/Neo23x0/rules  \nmkYARA - https://blog.fox-it.com/2019/03/28/mkyara-writing-yara-rules-for-the-lazy-analyst/  \n### VirusTotal:\nVT Investigator paper - https://storage.googleapis.com/vt-gtm-wp-media/virustotal-for-investigators.pdf  \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falbertzsigovits%2Fmalware-tools","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Falbertzsigovits%2Fmalware-tools","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falbertzsigovits%2Fmalware-tools/lists"}