Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-malware-analysis-
https://github.com/mos165/awesome-malware-analysis-
Last synced: about 20 hours ago
JSON representation
-
Online Scanners and Sandboxes
-
Other Resources
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- anlyz.io - Online sandbox.
- any.run - Online interactive sandbox.
- AndroTotal - Free online analysis of APKs
- AVCaesar - Malware.lu online scanner and
- Cuckoo Sandbox - Open source, self hosted
- DeepViz - Multi-format file analyzer with
- firmware.re - Unpacks, scans and analyzes almost any
- Hybrid Analysis - Online malware
- IRMA - An asynchronous and customizable
- Jotti - Free online multi-AV scanner.
- Malware config - Extract, decode and display online
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- Malwr - Free analysis with an online Cuckoo Sandbox
- MetaDefender Cloud - Scan a file, hash, IP, URL or
- NetworkTotal - A service that analyzes
- SEKOIA Dropper Analysis - Online dropper analysis (Js, VBScript, Microsoft Office, PDF).
- Zeltser's List - Free
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MetaDefender Cloud - Scan a file, hash, IP, URL or
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- PacketTotal - PacketTotal is an online engine for analyzing .pcap files, and visualizing the network traffic within.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
-
-
Debugging and Reverse Engineering
-
Other Resources
- FPort - Reports
- bamfdetect - Identifies and extracts
- Binary ninja - A reversing engineering platform
- Cutter - GUI for Radare2.
- dotPeek - Free .NET Decompiler and
- Hopper - The macOS and Linux Disassembler.
- IDA Pro - Windows
- Immunity Debugger - Debugger for
- ILSpy - ILSpy is the open-source .NET assembly browser and decompiler.
- Kaitai Struct - DSL for file formats / network protocols /
- ltrace - Dynamic analysis for Linux executables.
- objdump - Part of GNU binutils,
- OllyDbg - An assembly-level debugger for Windows
- PPEE (puppy) - A Professional PE file Explorer for
- QKD - QEMU with embedded WinDbg
- RegShot - Registry compare utility
- strace - Dynamic analysis for
- X64dbg - An open-source x64/x32 debugger for windows.
-
-
Domain Analysis
-
Other Resources
- Multi rbl - Multiple DNS blacklist and forward
- URLQuery - Free URL Scanner.
- AbuseIPDB - AbuseIPDB is a project dedicated
- badips.com - Community based IP blacklist service.
- Cymon - Threat intelligence tracker, with IP/domain/hash
- Dig - Free online dig and other
- PhishStats - Phishing Statistics with search for
- Spyse - subdomains, whois, realted domains, DNS, hosts AS, SSL/TLS info,
- SecurityTrails - Historical and current WHOIS,
- SpamCop - IP based spam block list.
- SpamHaus - Block list based on
- Sucuri SiteCheck - Free Website Malware
- Talos Intelligence - Search for IP, domain
- TekDefense Automater - OSINT tool
- URLhaus - A project from abuse.ch with the goal
- urlscan.io - Free URL Scanner & domain information.
- Whois - DomainTools free online whois
- Zeltser's List - Free
- ZScalar Zulu - Zulu URL Risk Analyzer.
- TekDefense Automater - OSINT tool
-
-
Documents and Shellcode
-
Other Resources
- JS Beautifier - JavaScript unpacking and deobfuscation.
- diStorm - Disassembler for analyzing
- InQuest Deep File Inspection - Upload common malware lures for Deep File Inspection and heuristical analysis.
- libemu - Library and tools for x86 shellcode
- OfficeMalScanner - Scan for
- olevba - A script for parsing OLE
- Origami PDF - A tool for
- PDF Tools - pdfid,
- QuickSand - QuickSand is a compact C framework
- Spidermonkey
- peepdf - Python
-
-
Browser Malware
-
Other Resources
- xxxswf - A
- Firebug - Firefox extension for web development.
- JSDetox - JavaScript
- SWF Investigator
- swftools - Tools for working with Adobe Flash
-
-
Malware Collection
-
Anonymizers
- Anonymouse.org - A free, web based anonymizer.
- OpenVPN - VPN software and hosting solutions.
- Privoxy - An open source proxy server with some
- Tor - The Onion Router, for browsing the web
-
Malware Corpora
- Exploit Database - Exploit and shellcode
- Infosec - CERT-PA - Malware samples collection and analysis.
- Malpedia - A resource providing
- Open Malware Project - Sample information and
- Tracker h3x - Agregator for malware corpus tracker
- vduddu malware repo - Collection of
- VirusBay - Community-Based malware repository and social network.
- VirusShare - Malware repository, registration
- Zeltser's Sources - A list
- Clean MX - Realtime
- Malshare - Large repository of malware actively
- Javascript Mallware Collection - Collection of almost 40.000 javascript malware samples
- VX Vault - Active collection of malware samples.
-
Honeypots
- Conpot - ICS/SCADA honeypot.
- DemoHunter - Low interaction Distributed Honeypots.
- Dionaea - Honeypot designed to trap malware.
- Glastopf - Web application honeypot.
- Honeytrap - Opensource system for running, monitoring and managing honeypots.
- MHN - MHN is a centralized server for management and data collection of honeypots. MHN allows you to deploy sensors quickly and to collect data immediately, viewable from a neat web interface.
- Mnemosyne - A normalizer for
- Thug - Low interaction honeyclient, for
-
-
Open Source Threat Intelligence
-
Tools
- AlienVault Open Threat Exchange - Share and
- RiskIQ - Research, connect, tag and
- ThreatCrowd - A search engine for threats,
- IntelMQ
-
Other Resources
- Bambenek Consulting Feeds
- Fidelis Barncat
- CI Army - badguys.txt)) -
- Critical Stack- Free Intel Market - Free
- Cybercrime tracker - Multiple botnet active tracker.
- FireHOL IP Lists - Analytics for 350+ IP lists
- HoneyDB - Community driven honeypot sensor data collection and aggregation.
- Infosec - CERT-PA lists - pa.it/analyze/listip.txt) - [Domains](https://infosec.cert-pa.it/analyze/listdomains.txt) - [URLs](https://infosec.cert-pa.it/analyze/listurls.txt)) - Blocklist service.
- InQuest REPdb - Continuous aggregation of IOCs from a variety of open reputation sources.
- InQuest IOCdb - Continuous aggregation of IOCs from a variety of blogs, Github repos, and Twitter.
- Internet Storm Center (DShield) - Diary and
- malc0de - Searchable incident database.
- MetaDefender Threat Intelligence Feed
- Ransomware overview
- MITRE
- SystemLookup - SystemLookup hosts a collection of lists that provide information on
- ThreatMiner - Data mining portal for threat
- threatRECON - Search for indicators, up to 1000
- ZeuS Tracker - ZeuS
- STIX - Structured Threat Information eXpression
- MAEC - Malware Attribute Enumeration and Characterization
- TAXII - Trusted Automated eXchange of Indicator Information
- Autoshun
-
-
Detection and Classification
-
Other Resources
- Assemblyline - A scalable
- ClamAV - Open source antivirus engine.
- Exeinfo PE - Packer, compressor detector, unpack
- Generic File Parser - A Single Library Parser to extract meta information,static analysis and detect macros within the files.
- packerid - A cross-platform
- PE-bear - Reversing tool for PE
- totalhash.py
- Yara Finder - A simple tool to yara match the file against various yara rules to find the indicators of suspicion.
-
-
Deobfuscation
-
Other Resources
- Balbuzard - A malware
- ex_pe_xor
- iheartxor
- XORSearch & XORStrings
-
-
Network
-
Other Resources
- Fiddler - Intercepting web proxy designed
- Haka - An open source security oriented
- mitmproxy - Intercept network traffic on the fly.
- Wireshark - The network traffic analysis
- CloudShark - Web-based tool for packet analysis
-
-
Memory Forensics
-
Other Resources
- BlackLight - Windows/MacOS
- FindAES - Find AES
- Rekall - Memory analysis framework,
- Rekall - Memory analysis framework,
-
-
Windows Artifacts
-
Other Resources
- python-registry - Python
- RegRipper
- GitHub
-
-
Storage and Workflow
-
Miscellaneous
-
Other Resources
- Malware Museum - Collection of
- Malware Organiser - A simple tool to organise large malicious/benign files into a organised Structure.
- REMnux - Linux distribution and docker images for
- Santoku Linux - Linux distribution for mobile
-
-
Books
-
Other Resources
- Rootkits and Bootkits - Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats
- Mastering Reverse Engineering - Mastering Reverse Engineering: Re-engineer your ethical hacking skills
- Malware Analyst's Cookbook and DVD
- Real Digital Forensics - Computer
- The Art of Memory Forensics - Detecting
- Mastering Malware Analysis - Mastering Malware Analysis: The complete malware analyst's guide to combating malicious software, APT, cybercime, and IoT attacks
-
-
Other
-
Other Resources
- Malicious Software - Malware
- Malware Analysis, Threat Intelligence and Reverse Engineering
- Malware Search+++
- Practical Malware Analysis Starter Kit
- WindowsIR: Malware - Harlan
- Windows Registry specification
- /r/csirt_tools - Subreddit for CSIRT
- malware analysis
- /r/Malware - The malware subreddit.
- /r/ReverseEngineering
- Android Security
- AppSec
- CTFs
- "Hacking"
- Honeypots
- Incident-Response
- PCAP Tools
- Security
-
Categories
Online Scanners and Sandboxes
62
Open Source Threat Intelligence
27
Malware Collection
25
Domain Analysis
20
Debugging and Reverse Engineering
18
Other
18
Documents and Shellcode
11
Detection and Classification
8
Books
6
Browser Malware
5
Network
5
Miscellaneous
4
Deobfuscation
4
Memory Forensics
4
Windows Artifacts
3
Storage and Workflow
2
Sub Categories
Keywords
security
9
honeypot
5
awesome
5
awesome-list
4
list
3
python
3
malware-analysis
2
security-tools
2
owasp
1
curated
1
application-security
1
android
1
yara-rules
1
yara
1
malware-analyzer
1
malware
1
zip
1
static-analysis
1
reverse-engineering
1
rar
1
pe-executable
1
pdf-parsing
1
office-files
1
mime
1
machine-learning
1
libmagic
1
dynamic-analysis
1
malware-samples
1
malware-research
1
malware-jail
1
javascript
1
virustotal
1
shellcode
1
low-interaction
1
honeyclient
1
client-honeypot
1
framework
1
dionaea
1
distributed
1
deception
1
scada
1
ics
1
incident-response-tooling
1
incident-response
1
dfir
1
cybersecurity
1
honeyd
1
hacking
1
penetration
1
ctf
1