Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-malware-analysis
A curated list of awesome malware analysis tools and resources
https://github.com/hslatman/awesome-malware-analysis
Last synced: 5 days ago
JSON representation
-
Online Scanners and Sandboxes
-
Other Resources
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- anlyz.io - Online sandbox.
- any.run - Online interactive sandbox.
- AndroTotal - Free online analysis of APKs
- AVCaesar - Malware.lu online scanner and
- Cuckoo Sandbox - Open source, self hosted
- DeepViz - Multi-format file analyzer with
- firmware.re - Unpacks, scans and analyzes almost any
- Hybrid Analysis - Online malware
- IRMA - An asynchronous and customizable
- Jotti - Free online multi-AV scanner.
- Malware config - Extract, decode and display online
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- Malwr - Free analysis with an online Cuckoo Sandbox
- MetaDefender Cloud - Scan a file, hash, IP, URL or
- NetworkTotal - A service that analyzes
- SEKOIA Dropper Analysis - Online dropper analysis (Js, VBScript, Microsoft Office, PDF).
- Zeltser's List - Free
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- PacketTotal - PacketTotal is an online engine for analyzing .pcap files, and visualizing the network traffic within.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
-
-
Open Source Threat Intelligence
-
Tools
- IntelMQ
- AlienVault Open Threat Exchange - Share and
- RiskIQ - Research, connect, tag and
- ThreatCrowd - A search engine for threats,
- IntelMQ
-
Other Resources
- Bambenek Consulting Feeds
- Fidelis Barncat
- CI Army - badguys.txt)) -
- Critical Stack- Free Intel Market - Free
- Cybercrime tracker - Multiple botnet active tracker.
- FireHOL IP Lists - Analytics for 350+ IP lists
- HoneyDB - Community driven honeypot sensor data collection and aggregation.
- Infosec - CERT-PA lists - pa.it/analyze/listip.txt) - [Domains](https://infosec.cert-pa.it/analyze/listdomains.txt) - [URLs](https://infosec.cert-pa.it/analyze/listurls.txt)) - Blocklist service.
- InQuest REPdb - Continuous aggregation of IOCs from a variety of open reputation sources.
- InQuest IOCdb - Continuous aggregation of IOCs from a variety of blogs, Github repos, and Twitter.
- Internet Storm Center (DShield) - Diary and
- malc0de - Searchable incident database.
- MetaDefender Threat Intelligence Feed
- Ransomware overview
- MITRE
- SystemLookup - SystemLookup hosts a collection of lists that provide information on
- ThreatMiner - Data mining portal for threat
- threatRECON - Search for indicators, up to 1000
- ThreatShare - C2 panel tracker
- ZeuS Tracker - ZeuS
- STIX - Structured Threat Information eXpression
- MAEC - Malware Attribute Enumeration and Characterization
- TAXII - Trusted Automated eXchange of Indicator Information
- Autoshun
-
-
Malware Collection
-
Honeypots
- Conpot - ICS/SCADA honeypot.
- Cowrie - SSH honeypot, based
- DemoHunter - Low interaction Distributed Honeypots.
- Dionaea - Honeypot designed to trap malware.
- Glastopf - Web application honeypot.
- Honeytrap - Opensource system for running, monitoring and managing honeypots.
- MHN - MHN is a centralized server for management and data collection of honeypots. MHN allows you to deploy sensors quickly and to collect data immediately, viewable from a neat web interface.
- Mnemosyne - A normalizer for
- Thug - Low interaction honeyclient, for
-
Malware Corpora
- VX Vault - Active collection of malware samples.
- Clean MX - Realtime
- Exploit Database - Exploit and shellcode
- Infosec - CERT-PA - Malware samples collection and analysis.
- Malpedia - A resource providing
- Open Malware Project - Sample information and
- Tracker h3x - Agregator for malware corpus tracker
- vduddu malware repo - Collection of
- VirusBay - Community-Based malware repository and social network.
- VirusShare - Malware repository, registration
- Zeltser's Sources - A list
- Malshare - Large repository of malware actively
- Javascript Mallware Collection - Collection of almost 40.000 javascript malware samples
-
Anonymizers
- Anonymouse.org - A free, web based anonymizer.
- OpenVPN - VPN software and hosting solutions.
- Privoxy - An open source proxy server with some
- Tor - The Onion Router, for browsing the web
-
-
Network
-
Other Resources
- Wireshark - The network traffic analysis
- Fiddler - Intercepting web proxy designed
- Haka - An open source security oriented
- mitmproxy - Intercept network traffic on the fly.
- CloudShark - Web-based tool for packet analysis
-
-
Memory Forensics
-
Other Resources
- BlackLight - Windows/MacOS
- FindAES - Find AES
- Rekall - Memory analysis framework,
-
-
Windows Artifacts
-
Other Resources
- python-registry - Python
- RegRipper
- GitHub
-
-
Storage and Workflow
-
Miscellaneous
-
Other Resources
- Malware Museum - Collection of
- Malware Organiser - A simple tool to organise large malicious/benign files into a organised Structure.
- REMnux - Linux distribution and docker images for
- Santoku Linux - Linux distribution for mobile
-
-
Books
-
Other Resources
- Rootkits and Bootkits - Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats
- Mastering Malware Analysis - Mastering Malware Analysis: The complete malware analyst's guide to combating malicious software, APT, cybercime, and IoT attacks
- Malware Analyst's Cookbook and DVD
- Practical Reverse Engineering
- Real Digital Forensics - Computer
- The Art of Memory Forensics - Detecting
-
-
Other
-
Other Resources
- Malicious Software - Malware
- Malware Analysis, Threat Intelligence and Reverse Engineering
- Malware Search+++
- Practical Malware Analysis Starter Kit
- WindowsIR: Malware - Harlan
- Windows Registry specification
- /r/csirt_tools - Subreddit for CSIRT
- malware analysis
- /r/Malware - The malware subreddit.
- /r/ReverseEngineering
- AppSec
- CTFs
- "Hacking"
- Honeypots
- Android Security
- Incident-Response
- PCAP Tools
- Security
-
-
Detection and Classification
-
Other Resources
- packerid - A cross-platform
- PE-bear - Reversing tool for PE
- Assemblyline - A scalable
- ClamAV - Open source antivirus engine.
- Exeinfo PE - Packer, compressor detector, unpack
- Generic File Parser - A Single Library Parser to extract meta information,static analysis and detect macros within the files.
- totalhash.py
- Yara Finder - A simple tool to yara match the file against various yara rules to find the indicators of suspicion.
-
-
Debugging and Reverse Engineering
-
Other Resources
- FPort - Reports
- bamfdetect - Identifies and extracts
- Binary ninja - A reversing engineering platform
- Cutter - GUI for Radare2.
- dotPeek - Free .NET Decompiler and
- Hopper - The macOS and Linux Disassembler.
- IDA Pro - Windows
- Immunity Debugger - Debugger for
- ILSpy - ILSpy is the open-source .NET assembly browser and decompiler.
- Kaitai Struct - DSL for file formats / network protocols /
- ltrace - Dynamic analysis for Linux executables.
- objdump - Part of GNU binutils,
- OllyDbg - An assembly-level debugger for Windows
- PPEE (puppy) - A Professional PE file Explorer for
- RegShot - Registry compare utility
- strace - Dynamic analysis for
-
-
Domain Analysis
-
Other Resources
- AbuseIPDB - AbuseIPDB is a project dedicated
- badips.com - Community based IP blacklist service.
- Cymon - Threat intelligence tracker, with IP/domain/hash
- Dig - Free online dig and other
- PhishStats - Phishing Statistics with search for
- Spyse - subdomains, whois, realted domains, DNS, hosts AS, SSL/TLS info,
- SecurityTrails - Historical and current WHOIS,
- SpamCop - IP based spam block list.
- SpamHaus - Block list based on
- Sucuri SiteCheck - Free Website Malware
- Talos Intelligence - Search for IP, domain
- URLhaus - A project from abuse.ch with the goal
- urlscan.io - Free URL Scanner & domain information.
- Whois - DomainTools free online whois
- Zeltser's List - Free
- ZScalar Zulu - Zulu URL Risk Analyzer.
- Multi rbl - Multiple DNS blacklist and forward
- URLQuery - Free URL Scanner.
- TekDefense Automater - OSINT tool
-
-
Browser Malware
-
Other Resources
- Firebug - Firefox extension for web development.
- JSDetox - JavaScript
- SWF Investigator
- swftools - Tools for working with Adobe Flash
- xxxswf - A
-
-
Documents and Shellcode
-
Other Resources
- diStorm - Disassembler for analyzing
- InQuest Deep File Inspection - Upload common malware lures for Deep File Inspection and heuristical analysis.
- libemu - Library and tools for x86 shellcode
- OfficeMalScanner - Scan for
- olevba - A script for parsing OLE
- Origami PDF - A tool for
- PDF Tools - pdfid,
- QuickSand - QuickSand is a compact C framework
- Spidermonkey
- peepdf - Python
- JS Beautifier - JavaScript unpacking and deobfuscation.
-
-
Deobfuscation
-
Other Resources
- Balbuzard - A malware
- ex_pe_xor
- iheartxor
- XORSearch & XORStrings
-
Categories
Online Scanners and Sandboxes
43
Open Source Threat Intelligence
29
Malware Collection
26
Domain Analysis
19
Other
18
Debugging and Reverse Engineering
16
Documents and Shellcode
11
Detection and Classification
8
Books
6
Browser Malware
5
Network
5
Miscellaneous
4
Deobfuscation
4
Memory Forensics
3
Windows Artifacts
3
Storage and Workflow
2
Sub Categories
Keywords
security
10
honeypot
6
awesome
5
awesome-list
4
python
3
list
3
security-tools
2
deception
2
malware-analysis
2
threatintel
1
distributed
1
dionaea
1
framework
1
client-honeypot
1
honeyclient
1
low-interaction
1
shellcode
1
virustotal
1
application-security
1
curated
1
threat-sharing
1
threat-analysis
1
telnet-honeypot
1
telnet
1
ssh
1
sftp
1
scp
1
kippo
1
decoy
1
cowrie-ssh
1
cowrie
1
attacker
1
scada
1
ics
1
malware-samples
1
malware-research
1
malware-jail
1
javascript
1
yara-rules
1
yara
1
malware-analyzer
1
malware
1
zip
1
static-analysis
1
reverse-engineering
1
rar
1
pe-executable
1
pdf-parsing
1
office-files
1
mime
1