Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-malware-analysis
A curated list of awesome malware analysis tools and resources
https://github.com/shmilylty/awesome-malware-analysis
- Anonymouse.org - A free, web based anonymizer.
- OpenVPN - VPN software and hosting solutions.
- Privoxy - An open source proxy server with some
- Tor - The Onion Router, for browsing the web
- Conpot - ICS/SCADA honeypot.
- Cowrie - SSH honeypot, based
- Dionaea - Honeypot designed to trap malware.
- Glastopf - Web application honeypot.
- Honeyd - Create a virtual honeynet.
- HoneyDrive - Honeypot bundle Linux distro.
- Mnemosyne - A normalizer for
- Thug - Low interaction honeyclient, for
- Clean MX - Realtime
- Contagio - A collection of recent
- Exploit Database - Exploit and shellcode
- Malshare - Large repository of malware actively
- MalwareDB - Malware samples repository.
- Open Malware Project - Sample information and
- Ragpicker - Plugin based malware
- theZoo - Live malware samples for
- Tracker h3x - Agregator for malware corpus tracker
- ViruSign - Malware database that detected by
- VirusShare - Malware repository, registration
- VX Vault - Active collection of malware samples.
- Zeltser's Sources - A list
- Zeus Source Code - Source for the Zeus
- AbuseHelper - An open-source
- AlienVault Open Threat Exchange - Share and
- Combine - Tool to gather Threat
- Fileintel - Pull intelligence per file hash.
- Hostintel - Pull intelligence per host.
- IntelMQ
- IOC Editor
- ioc_writer - Python library for
- Massive Octo Spice
- CSIRT Gadgets Foundation
- MISP - Malware Information Sharing
- The MISP Project
- PassiveTotal - Research, connect, tag and
- PyIOCe - A Python OpenIOC editor.
- threataggregator
- ThreatCrowd - A search engine for threats,
- ThreatTracker - A Python
- TIQ-test - Data visualization
- Autoshun
- Bambenek Consulting Feeds
- Fidelis Barncat
- CI Army - badguys.txt)) -
- Critical Stack- Free Intel Market - Free
- Cybercrime tracker - Multiple botnet active tracker.
- FireEye IOCs - Indicators of Compromise
- FireHOL IP Lists - Analytics for 350+ IP lists
- hpfeeds - Honeypot feed protocol.
- Internet Storm Center (DShield) - Diary and
- API
- unofficial Python library
- malc0de - Searchable incident database.
- Malware Domain List - Search and share
- Metadefender.com Threat Intelligence Feeds
- OpenIOC - Framework for sharing threat intelligence.
- Palevo Blocklists - Botnet
- Proofpoint Threat Intelligence
- Ransomware overview
- STIX - Structured Threat Information eXpression
- MITRE
- CAPEC - Common Attack Pattern Enumeration and Classification
- CybOX - Cyber Observables eXpression
- MAEC - Malware Attribute Enumeration and Characterization
- TAXII - Trusted Automated eXchange of Indicator Information
- threatRECON - Search for indicators, up to 1000
- Yara rules - Yara rules repository.
- ZeuS Tracker - ZeuS
- AnalyzePE - Wrapper for a
- BinaryAlert - An open source, serverless
- chkrootkit - Local Linux rootkit detection.
- ClamAV - Open source antivirus engine.
- Detect-It-Easy - A program for
- ExifTool - Read, write and
- File Scanning Framework
- hashdeep - Compute digest hashes with
- Loki - Host based scanner for IOCs.
- Malfunction - Catalog and
- MASTIFF - Static analysis
- MultiScanner - Modular file
- nsrllookup - A tool for looking
- packerid - A cross-platform
- PEV - A multiplatform toolkit to work with PE
- Rootkit Hunter - Detect Linux rootkits.
- ssdeep - Compute fuzzy hashes.
- totalhash.py - Python script
- TotalHash.cymru.com
- TrID - File identifier.
- YARA - Pattern matching tool for
- Yara rules generator - Generate
- APK Analyzer - Free dynamic analysis of APKs.
- AndroTotal - Free online analysis of APKs
- AVCaesar - Malware.lu online scanner and
- Cryptam - Analyze suspicious office documents.
- Cuckoo Sandbox - Open source, self hosted
- cuckoo-modified - Modified
- cuckoo-modified-api - A Python API used to control
- DeepViz - Multi-format file analyzer with
- detux - A sandbox developed to do traffic analysis
- Document Analyzer - Free dynamic analysis of DOC and PDF files.
- DRAKVUF - Dynamic malware analysis
- File Analyzer - Free dynamic analysis of PE files.
- firmware.re - Unpacks, scans and analyzes almost any firmware package.
- Hybrid Analysis - Online malware
- IRMA - An asynchronous and customizable
- Joe Sandbox - Deep malware analysis with Joe Sandbox.
- Jotti - Free online multi-AV scanner.
- Limon - Sandbox for Analyzing Linux Malwares
- Malheur - Automatic sandboxed analysis
- malsub - A Python RESTful API framework for online malware and URL analysis services.
- Malware config - Extract, decode and display online
- Malwr - Free analysis with an online Cuckoo Sandbox
- MASTIFF Online - Online static
- Metadefender.com - Scan a file, hash or IP
- NetworkTotal - A service that analyzes
- Noriben - Uses Sysinternals Procmon to
- PDF Examiner - Analyse suspicious PDF files.
- ProcDot - A graphical malware analysis tool kit.
- Recomposer - A helper
- Sand droid - Automatic and complete
- SEE - Sandboxed Execution Environment (SEE)
- URL Analyzer - Free dynamic analysis of URL files.
- VirusTotal - Free online analysis of malware
- Visualize_Logs - Open source
- Zeltser's List - Free
- boomerang - A tool designed for consistent and safe capture of off network web resources.
- Desenmascara.me - One click tool to retrieve as
- Dig - Free online dig and other
- dnstwist - Domain name permutation
- IPinfo - Gather information
- Machinae - OSINT tool for
- mailchecker - Cross-language
- MaltegoVT - Maltego transform
- Multi rbl - Multiple DNS blacklist and forward
- NormShield Services - Free API Services
- SenderBase - Search for IP, domain or network
- SpamCop - IP based spam block list.
- SpamHaus - Block list based on
- Sucuri SiteCheck - Free Website Malware
- TekDefense Automater - OSINT tool
- URLQuery - Free URL Scanner.
- Whois - DomainTools free online whois
- Zeltser's List - Free
- ZScalar Zulu - Zulu URL Risk Analyzer.
- Firebug - Firefox extension for web development.
- Java Decompiler - Decompile and inspect Java apps.
- Java IDX Parser - Parses Java
- JSDetox - JavaScript
- jsunpack-n - A javascript
- Krakatau - Java decompiler,
- Malzilla - Analyze malicious web pages.
- RABCDAsm - A "Robust
- swftools - Tools for working with Adobe Flash
- xxxswf - A
- AnalyzePDF - A tool for
- box-js - A tool for studying JavaScript
- diStorm - Disassembler for analyzing
- JS Beautifier - JavaScript unpacking and deobfuscation.
- JS Deobfuscator
- libemu - Library and tools for x86 shellcode
- malpdfobj - Deconstruct malicious PDFs
- OfficeMalScanner - Scan for
- olevba - A script for parsing OLE
- Origami PDF - A tool for
- PDF Tools - pdfid,
- PDF X-Ray Lite - A PDF analysis tool,
- peepdf - Python
- QuickSand - QuickSand is a compact C framework
- Spidermonkey
- bulk_extractor - Fast file
- EVTXtract - Carve Windows
- Foremost - File carving tool designed
- Hachoir - A collection of Python
- Scalpel - Another data carving
- SFlock - Nested archive
- Balbuzard - A malware
- de4dot - .NET deobfuscator and
- ex_pe_xor
- iheartxor
- FLOSS - The FireEye Labs Obfuscated
- NoMoreXOR - Guess a 256 byte
- PackerAttacker - A generic
- unpacker - Automated malware
- unxor - Guess XOR keys using
- VirtualDeobfuscator
- XORBruteForcer
- XORSearch & XORStrings
- xortool - Guess XOR key length, as
- angr - Platform-agnostic binary analysis
- bamfdetect - Identifies and extracts
- BAP - Multiplatform and
- BARF - Multiplatform, open
- binnavi - Binary analysis IDE for
- Binary ninja - A reversing engineering platform that is an alternative to IDA.
- Binwalk - Firmware analysis tool.
- Bokken - GUI for Pyew and Radare.
- mirror
- Capstone - Disassembly framework for
- codebro - Web based code browser using
- dnSpy - .NET assembly editor, decompiler
- Evan's Debugger (EDB) - A
- Fibratus - Tool for exploration
- FPort - Reports
- GDB - The GNU debugger.
- GEF - GDB Enhanced Features, for exploiters
- hackers-grep - A utility to
- IDA Pro - Windows
- Immunity Debugger - Debugger for
- Kaitai Struct - DSL for file formats / network protocols /
- LIEF - LIEF provides a cross-platform library
- ltrace - Dynamic analysis for Linux executables.
- objdump - Part of GNU binutils,
- OllyDbg - An assembly-level debugger for Windows
- PANDA - Platform for Architecture-Neutral Dynamic Analysis
- PEDA - Python Exploit Development
- pestudio - Perform static analysis of Windows
- plasma - Interactive disassembler for
- PPEE (puppy) - A Professional PE file Explorer for
- Process Explorer
- Process Hacker - Tool that monitors system resources.
- Process Monitor
- PSTools - Windows
- Pyew - Python tool for malware
- PyREBox - Python scriptable reverse engineering
- QKD - QEMU with embedded WinDbg server for stealth debugging.
- Radare2 - Reverse engineering framework, with
- RegShot - Registry compare utility that compares snapshots.
- RetDec - Retargetable machine-code decompiler with an
- online decompilation service
- API
- ROPMEMU - A framework to analyze, dissect
- SMRT - Sublime Malware Research Tool, a
- strace - Dynamic analysis for
- Triton - A dynamic binary analysis (DBA) framework.
- Udis86 - Disassembler library and tool
- Vivisect - Python tool for
- X64dbg - An open-source x64/x32 debugger for windows.
- Bro - Protocol analyzer that operates at incredible
- BroYara - Use Yara rules from Bro.
- CapTipper - Malicious HTTP traffic
- chopshop - Protocol analysis and
- CloudShark - Web-based tool for packet analysis
- Fiddler - Intercepting web proxy designed
- Hale - Botnet C&C monitor.
- Haka - An open source security oriented
- HTTPReplay - Library for parsing
- INetSim - Network service emulation, useful when
- Laika BOSS - Laika BOSS is a file-centric
- Malcom - Malware Communications
- Maltrail - A malicious traffic
- mitmproxy - Intercept network traffic on the fly.
- Moloch - IPv4 traffic capturing, indexing
- NetworkMiner - Network
- ngrep - Search through network traffic
- PcapViz - Network topology and traffic visualizer.
- Python ICAP Yara - An ICAP Server with yara scanner for URL or content.
- Squidmagic - squidmagic is a tool
- Tcpdump - Collect network traffic.
- tcpick - Trach and reassemble TCP streams
- tcpxtract - Extract files from network
- Wireshark - The network traffic analysis
- BlackLight - Windows/MacOS forensics
- DAMM - Differential Analysis of
- evolve - Web interface for the
- FindAES - Find AES
- inVtero.net - High speed memory analysis framework
- Muninn - A script to automate portions
- Rekall - Memory analysis framework,
- TotalRecall - Script based
- VolDiff - Run Volatility on memory
- Volatility - Advanced
- VolUtility - Web Interface for
- WDBGARK
- WinDbg
- AChoir - A live incident response
- python-evt - Python
- python-registry - Python
- RegRipper
- GitHub
- Aleph - Open Source Malware Analysis
- CRITs - Collaborative Research Into Threats, a
- FAME - FAME is a malware analysis framework.
- Malwarehouse - Store, tag, and
- Polichombr - A malware analysis
- stoQ - Distributed content analysis
- Viper - A binary management and analysis framework for
- al-khaser - A PoC malware
- Binarly - Search engine for bytes in a large
- DC3-MWCP
- FLARE VM - A fully customizable,
- MalSploitBase - A database
- Malware Museum - Collection of
- Pafish - Paranoid Fish, a demonstration
- REMnux - Linux distribution and docker images for
- Santoku Linux - Linux distribution for mobile
- Malware Analyst's Cookbook and DVD
- Practical Malware Analysis - The Hands-On Guide
- Practical Reverse Engineering - Intermediate Reverse Engineering
- Real Digital Forensics - Computer Security and Incident Response
- The Art of Memory Forensics - Detecting
- The IDA Pro Book - The Unofficial Guide
- The Rootkit Arsenal - The Rootkit Arsenal:
- @Hexacorn
- @attrc
- @binitamshah
- @botherder
- @mephux
- @hiddenillusion
- @jekil
- @skier_t
- @lennyzeltser
- @hectaman
- @repmovsb
- @iMHLv2
- @monnappa22
- @OpenMalware
- @taosecurity
- @volatility
- APT Notes - A collection of papers
- File Formats posters - Nice visualization
- Honeynet Project - Honeypot tools, papers, and
- Kernel Mode - An active community devoted to
- Malicious Software - Malware
- Malware Analysis Search
- Malware Analysis Tutorials - The Malware Analysis Tutorials by Dr. Xiang Fu, a great resource for learning
- Malware Samples and Traffic - This
- Practical Malware Analysis Starter Kit
- RPISEC Malware Analysis - These are the
- WindowsIR: Malware - Harlan
- Windows Registry specification - Windows registry file format specification.
- /r/csirt_tools - Subreddit for CSIRT
- malware analysis
- /r/Malware - The malware subreddit.
- /r/ReverseEngineering
- Android Security
- AppSec
- CTFs
- Forensics
- "Hacking"
- Honeypots
- Industrial Control System Security
- Incident-Response
- Infosec
- PCAP Tools
- Pentesting
- Security
- Threat Intelligence
Programming Languages
Keywords
security
17
malware-analysis
17
python
15
malware
15
malware-research
10
reverse-engineering
10
awesome
9
awesome-list
7
cybersecurity
6
yara
6
dfir
4
security-tools
4
infosec
4
disassembler
4
honeypot
3
list
3
binary-analysis
3
x86
3
incident-response
3
mips
3
arm
3
investigation
3
malwareanalysis
3
analysis
3
threat-intelligence
3
scanner
3
forensic-analysis
2
c-plus-plus
2
network-traffic
2
antivirus
2
program-analysis
2
pentest
2
network-monitoring
2
ctf
2
windows
2
javascript
2
c
2
powerpc
2
pcap
2
api-client
2
threat-hunting
2
network-defense
2
virustotal
2
ics
2
virtual-machine
2
linux
2
static-analysis
2
memory-forensics
2
framework
1
ida
1