Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-malware-analysis
https://github.com/ravifatty/awesome-malware-analysis
- Anonymouse.org - A free, web based anonymizer.
- OpenVPN - VPN software and hosting solutions.
- Privoxy - An open source proxy server with some
- Tor - The Onion Router, for browsing the web
- Conpot - ICS/SCADA honeypot.
- Cowrie - SSH honeypot, based
- DemoHunter - Low interaction Distributed Honeypots.
- Dionaea - Honeypot designed to trap malware.
- Glastopf - Web application honeypot.
- Honeyd - Create a virtual honeynet.
- HoneyDrive - Honeypot bundle Linux distro.
- Honeytrap - Opensource system for running, monitoring and managing honeypots.
- Mnemosyne - A normalizer for
- Thug - Low interaction honeyclient, for
- Clean MX - Realtime
- Contagio - A collection of recent
- Exploit Database - Exploit and shellcode
- Infosec - CERT-PA - Malware samples collection and analysis.
- Malpedia - A resource providing
- Malshare - Large repository of malware actively
- Open Malware Project - Sample information and
- Ragpicker - Plugin based malware
- theZoo - Live malware samples for
- Tracker h3x - Agregator for malware corpus tracker
- vduddu malware repo - Collection of
- VirusBay - Community-Based malware repository and social network.
- ViruSign - Malware database that detected by
- VirusShare - Malware repository, registration
- VX Vault - Active collection of malware samples.
- Zeltser's Sources - A list
- Zeus Source Code - Source for the Zeus
- AbuseHelper - An open-source
- AlienVault Open Threat Exchange - Share and
- Combine - Tool to gather Threat
- Fileintel - Pull intelligence per file hash.
- Hostintel - Pull intelligence per host.
- IntelMQ
- IOC Editor
- iocextract - Advanced Indicator
- ioc_writer - Python library for
- MalPipe - Malware/IOC ingestion and
- Massive Octo Spice
- CSIRT Gadgets Foundation
- MISP - Malware Information Sharing
- The MISP Project
- Pulsedive - Free, community-driven threat intelligence platform collecting IOCs from open-source feeds.
- PyIOCe - A Python OpenIOC editor.
- RiskIQ - Research, connect, tag and
- threataggregator
- ThreatConnect - TC Open allows you to see and
- ThreatCrowd - A search engine for threats,
- ThreatIngestor - Build
- ThreatTracker - A Python
- TIQ-test - Data visualization
- Autoshun
- Bambenek Consulting Feeds
- Fidelis Barncat
- CI Army - badguys.txt)) -
- Critical Stack- Free Intel Market - Free
- Cybercrime tracker - Multiple botnet active tracker.
- FireEye IOCs - Indicators of Compromise
- FireHOL IP Lists - Analytics for 350+ IP lists
- HoneyDB - Community driven honeypot sensor data collection and aggregation.
- hpfeeds - Honeypot feed protocol.
- Infosec - CERT-PA lists - pa.it/analyze/listip.txt) - [Domains](https://infosec.cert-pa.it/analyze/listdomains.txt) - [URLs](https://infosec.cert-pa.it/analyze/listurls.txt)) - Blocklist service.
- Internet Storm Center (DShield) - Diary and
- API
- unofficial Python library
- malc0de - Searchable incident database.
- Malware Domain List - Search and share
- MetaDefender Threat Intelligence Feed
- OpenIOC - Framework for sharing threat intelligence.
- Proofpoint Threat Intelligence
- Ransomware overview
- STIX - Structured Threat Information eXpression
- MITRE
- CAPEC - Common Attack Pattern Enumeration and Classification
- CybOX - Cyber Observables eXpression
- MAEC - Malware Attribute Enumeration and Characterization
- TAXII - Trusted Automated eXchange of Indicator Information
- SystemLookup - SystemLookup hosts a collection of lists that provide information on
- ThreatMiner - Data mining portal for threat
- threatRECON - Search for indicators, up to 1000
- Yara rules - Yara rules repository.
- YETI - Yeti is a platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository.
- ZeuS Tracker - ZeuS
- AnalyzePE - Wrapper for a
- Assemblyline - A scalable
- BinaryAlert - An open source, serverless
- chkrootkit - Local Linux rootkit detection.
- ClamAV - Open source antivirus engine.
- Detect-It-Easy - A program for
- Exeinfo PE - Packer, compressor detector, unpack
- ExifTool - Read, write and
- File Scanning Framework
- Generic File Parser - A Single Library Parser to extract meta information,static analysis and detect macros within the files.
- hashdeep - Compute digest hashes with
- HashCheck - Windows shell extension
- Loki - Host based scanner for IOCs.
- Malfunction - Catalog and
- Manalyze - Static analyzer for PE
- MASTIFF - Static analysis
- MultiScanner - Modular file
- nsrllookup - A tool for looking
- packerid - A cross-platform
- PE-bear - Reversing tool for PE
- PEV - A multiplatform toolkit to work with PE
- PortEx - Java library to analyse PE files with a special focus on malware analysis and PE malformation robustness.
- Rootkit Hunter - Detect Linux rootkits.
- ssdeep - Compute fuzzy hashes.
- totalhash.py
- TotalHash.cymru.com
- TrID - File identifier.
- virustotal-falsepositive-detector - A Tool to Analyze Virustotal Reports to Find Potential False Positives based on similarity of Detection Naming.
- YARA - Pattern matching tool for
- Yara rules generator - Generate
- Yara Finder - A simple tool to yara match the file against various yara rules to find the indicators of suspicion.
- anlyz.io - Online sandbox.
- any.run - Online interactive sandbox.
- AndroTotal - Free online analysis of APKs
- AVCaesar - Malware.lu online scanner and
- BoomBox - Automatic deployment of Cuckoo
- Cryptam - Analyze suspicious office documents.
- Cuckoo Sandbox - Open source, self hosted
- cuckoo-modified - Modified
- cuckoo-modified-api - A
- DeepViz - Multi-format file analyzer with
- detux - A sandbox developed to do
- DRAKVUF - Dynamic malware analysis
- firmware.re - Unpacks, scans and analyzes almost any
- HaboMalHunter - An Automated Malware
- Hybrid Analysis - Online malware
- Intezer - Detect, analyze, and categorize malware by
- IRMA - An asynchronous and customizable
- Joe Sandbox - Deep malware analysis with Joe Sandbox.
- Jotti - Free online multi-AV scanner.
- Limon - Sandbox for Analyzing Linux Malware.
- Malheur - Automatic sandboxed analysis
- malice.io - Massively scalable malware analysis framework.
- malsub - A Python RESTful API framework for
- Malware config - Extract, decode and display online
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- Malwr - Free analysis with an online Cuckoo Sandbox
- MetaDefender Cloud - Scan a file, hash, IP, URL or
- NetworkTotal - A service that analyzes
- Noriben - Uses Sysinternals Procmon to
- PacketTotal - PacketTotal is an online engine for analyzing .pcap files, and visualizing the network traffic within.
- PDF Examiner - Analyse suspicious PDF files.
- ProcDot - A graphical malware analysis tool kit.
- Recomposer - A helper
- sandboxapi - Python library for
- SEE - Sandboxed Execution Environment (SEE)
- SEKOIA Dropper Analysis - Online dropper analysis (Js, VBScript, Microsoft Office, PDF).
- VirusTotal - Free online analysis of malware
- Visualize_Logs - Open source
- Zeltser's List - Free
- AbuseIPDB - AbuseIPDB is a project dedicated
- badips.com - Community based IP blacklist service.
- boomerang - A tool designed
- Cymon - Threat intelligence tracker, with IP/domain/hash
- Desenmascara.me - One click tool to retrieve as
- Dig - Free online dig and other
- dnstwist - Domain name permutation
- IPinfo - Gather information
- Machinae - OSINT tool for
- mailchecker - Cross-language
- MaltegoVT - Maltego transform
- Multi rbl - Multiple DNS blacklist and forward
- NormShield Services - Free API Services
- PhishStats - Phishing Statistics with search for
- SecurityTrails - Historical and current WHOIS,
- SpamCop - IP based spam block list.
- SpamHaus - Block list based on
- Sucuri SiteCheck - Free Website Malware
- Talos Intelligence - Search for IP, domain
- TekDefense Automater - OSINT tool
- URLhaus - A project from abuse.ch with the goal
- URLQuery - Free URL Scanner.
- urlscan.io - Free URL Scanner & domain information.
- Whois - DomainTools free online whois
- Zeltser's List - Free
- ZScalar Zulu - Zulu URL Risk Analyzer.
- Firebug - Firefox extension for web development.
- Java Decompiler - Decompile and inspect Java apps.
- Java IDX Parser - Parses Java
- JSDetox - JavaScript
- jsunpack-n - A javascript
- Krakatau - Java decompiler,
- Malzilla - Analyze malicious web pages.
- RABCDAsm - A "Robust
- SWF Investigator
- swftools - Tools for working with Adobe Flash
- xxxswf - A
- AnalyzePDF - A tool for
- box-js - A tool for studying JavaScript
- diStorm - Disassembler for analyzing
- JS Beautifier - JavaScript unpacking and deobfuscation.
- JS Deobfuscator
- libemu - Library and tools for x86 shellcode
- malpdfobj - Deconstruct malicious PDFs
- OfficeMalScanner - Scan for
- olevba - A script for parsing OLE
- Origami PDF - A tool for
- PDF Tools - pdfid,
- PDF X-Ray Lite - A PDF analysis tool,
- peepdf - Python
- QuickSand - QuickSand is a compact C framework
- Spidermonkey
- bulk_extractor - Fast file
- EVTXtract - Carve Windows
- Foremost - File carving tool designed
- hachoir3 - Hachoir is a Python library
- Scalpel - Another data carving
- SFlock - Nested archive
- Balbuzard - A malware
- de4dot - .NET deobfuscator and
- ex_pe_xor
- iheartxor
- FLOSS - The FireEye Labs Obfuscated
- NoMoreXOR - Guess a 256 byte
- PackerAttacker - A generic
- un{i}packer - Automatic and
- unpacker - Automated malware
- unxor - Guess XOR keys using
- VirtualDeobfuscator
- XORBruteForcer
- XORSearch & XORStrings
- xortool - Guess XOR key length, as
- angr - Platform-agnostic binary analysis
- bamfdetect - Identifies and extracts
- BAP - Multiplatform and
- BARF - Multiplatform, open
- binnavi - Binary analysis IDE for
- Binary ninja - A reversing engineering platform
- Binwalk - Firmware analysis tool.
- Capstone - Disassembly framework for
- codebro - Web based code browser using
- Cutter - GUI for Radare2.
- DECAF (Dynamic Executable Code Analysis Framework)
- dnSpy - .NET assembly editor, decompiler
- dotPeek - Free .NET Decompiler and
- Evan's Debugger (EDB) - A
- Fibratus - Tool for exploration
- FPort - Reports
- GDB - The GNU debugger.
- GEF - GDB Enhanced Features, for exploiters
- Ghidra - A software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate.
- hackers-grep - A utility to
- Hopper - The macOS and Linux Disassembler.
- IDA Pro - Windows
- IDR - Interactive Delphi Reconstructor
- Immunity Debugger - Debugger for
- ILSpy - ILSpy is the open-source .NET assembly browser and decompiler.
- Kaitai Struct - DSL for file formats / network protocols /
- LIEF - LIEF provides a cross-platform library
- ltrace - Dynamic analysis for Linux executables.
- mac-a-mal - An automated framework
- objdump - Part of GNU binutils,
- OllyDbg - An assembly-level debugger for Windows
- PANDA - Platform for Architecture-Neutral
- PEDA - Python Exploit Development
- pestudio - Perform static analysis of Windows
- Pharos - The Pharos binary analysis framework
- plasma - Interactive
- PPEE (puppy) - A Professional PE file Explorer for
- Process Explorer
- Process Hacker - Tool that monitors
- Process Monitor
- PSTools - Windows
- Pyew - Python tool for malware
- PyREBox - Python scriptable reverse
- QKD - QEMU with embedded WinDbg
- Radare2 - Reverse engineering framework, with
- RegShot - Registry compare utility
- RetDec - Retargetable machine-code decompiler with an
- online decompilation service
- API
- ROPMEMU - A framework to analyze, dissect
- SMRT - Sublime Malware Research Tool, a
- strace - Dynamic analysis for
- Triton - A dynamic binary analysis (DBA) framework.
- Udis86 - Disassembler library and tool
- Vivisect - Python tool for
- WinDbg - multipurpose debugger for the Microsoft Windows computer operating system, used to debug user mode applications, device drivers, and the kernel-mode memory dumps.
- X64dbg - An open-source x64/x32 debugger for windows.
- Bro - Protocol analyzer that operates at incredible
- BroYara - Use Yara rules from Bro.
- CapTipper - Malicious HTTP traffic
- chopshop - Protocol analysis and
- CloudShark - Web-based tool for packet analysis
- FakeNet-NG - Next generation
- Fiddler - Intercepting web proxy designed
- Hale - Botnet C&C monitor.
- Haka - An open source security oriented
- HTTPReplay - Library for parsing
- INetSim - Network service emulation, useful when
- Laika BOSS - Laika BOSS is a file-centric
- Malcolm - Malcolm is a powerful, easily
- Malcom - Malware Communications
- Maltrail - A malicious traffic
- mitmproxy - Intercept network traffic on the fly.
- Moloch - IPv4 traffic capturing, indexing
- NetworkMiner - Network
- ngrep - Search through network traffic
- PcapViz - Network topology and
- Python ICAP Yara - An
- Squidmagic - squidmagic is a tool
- Tcpdump - Collect network traffic.
- tcpick - Trach and reassemble TCP streams
- tcpxtract - Extract files from network
- Wireshark - The network traffic analysis
- BlackLight - Windows/MacOS
- DAMM - Differential Analysis of
- evolve - Web interface for the
- FindAES - Find AES
- inVtero.net - High speed memory
- Muninn - A script to automate portions
- Rekall - Memory analysis framework,
- TotalRecall - Script based
- VolDiff - Run Volatility on memory
- Volatility - Advanced
- VolUtility - Web Interface for
- WDBGARK
- WinDbg
- AChoir - A live incident response
- python-evt - Python
- python-registry - Python
- RegRipper
- GitHub
- Aleph - Open Source Malware Analysis
- CRITs - Collaborative Research Into Threats, a
- FAME - A malware analysis
- Malwarehouse - Store, tag, and
- Polichombr - A malware analysis
- stoQ - Distributed content analysis
- Viper - A binary management and analysis framework for
- al-khaser - A PoC malware
- CryptoKnight - Automated cryptographic algorithm reverse engineering and classification framework.
- DC3-MWCP
- FLARE VM - A fully customizable,
- MalSploitBase - A database
- Malware Museum - Collection of
- Malware Organiser - A simple tool to organise large malicious/benign files into a organised Structure.
- Pafish - Paranoid Fish, a demonstration
- REMnux - Linux distribution and docker images for
- Santoku Linux - Linux distribution for mobile
- Learning Malware Analysis - Learning Malware Analysis: Explore the concepts, tools, and techniques to analuze and investigate Windows malware
- Malware Analyst's Cookbook and DVD
- Mastering Malware Analysis - Mastering Malware Analysis: The complete malware analyst's guide to combating malicious software, APT, cybercime, and IoT attacks
- Mastering Reverse Engineering - Mastering Reverse Engineering: Re-engineer your ethical hacking skills
- Practical Malware Analysis - The Hands-On
- Practical Reverse Engineering
- Real Digital Forensics - Computer
- Rootkits and Bootkits - Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats
- The Art of Memory Forensics - Detecting
- The IDA Pro Book - The Unofficial Guide
- The Rootkit Arsenal - The Rootkit Arsenal:
- APT Notes - A collection of papers
- Ember - Endgame Malware BEnchmark for Research,
- File Formats posters - Nice visualization
- Honeynet Project - Honeypot tools, papers, and
- Kernel Mode - An active community
- Malicious Software - Malware
- Malware Analysis Search
- Malware Analysis Tutorials
- Malware Analysis, Threat Intelligence and Reverse Engineering
- Malware Samples and Traffic - This
- Malware Search+++
- Practical Malware Analysis Starter Kit
- RPISEC Malware Analysis - These are the
- WindowsIR: Malware - Harlan
- Windows Registry specification
- /r/csirt_tools - Subreddit for CSIRT
- malware analysis
- /r/Malware - The malware subreddit.
- /r/ReverseEngineering
- Android Security
- AppSec
- CTFs
- Forensics
- "Hacking"
- Honeypots
- Industrial Control System Security
- Incident-Response
- Infosec
- PCAP Tools
- Pentesting
- Security
- Threat Intelligence
- YARA - Pattern matching tool for
Keywords
security
21
malware-analysis
21
malware
17
python
16
reverse-engineering
14
malware-research
12
awesome
10
cybersecurity
8
awesome-list
8
infosec
7
yara
7
dfir
6
disassembler
5
honeypot
5
security-tools
5
linux
4
binary-analysis
4
threat-hunting
4
analysis
4
scanner
3
static-analysis
3
list
3
elf
3
arm
3
virustotal
3
mips
3
framework
3
threat-intelligence
3
dynamic-analysis
3
incident-response
3
x86
3
antivirus
3
malwareanalysis
3
windows
3
investigation
3
threatintel
3
ctf
2
unpacker
2
emulation
2
forensic-analysis
2
pcap
2
intelligence
2
cryptography
2
machine-learning
2
threat-sharing
2
golang
2
network-traffic
2
api-client
2
memory-forensics
2
virtual-machine
2