Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-malware-analysis
A curated list of awesome malware analysis tools and resources
https://github.com/joesecurity/awesome-malware-analysis
- Anonymouse.org - A free, web based anonymizer.
- OpenVPN - VPN software and hosting solutions.
- Privoxy - An open source proxy server with some
- Tor - The Onion Router, for browsing the web
- Conpot - ICS/SCADA honeypot.
- Cowrie - SSH honeypot, based
- Dionaea - Honeypot designed to trap
- Glastopf - Web application honeypot.
- Honeyd - Create a virtual honeynet.
- HoneyDrive - Honeypot bundle Linux distro.
- Mnemosyne - A normalizer for
- Thug - Low interaction honeyclient, for
- Clean MX - Realtime
- Contagio - A collection of recent
- Exploit Database - Exploit and shellcode
- Malshare - Large repository of malware actively
- maltrieve - Retrieve malware
- MalwareDB - Malware samples repository.
- theZoo - Live malware samples for
- ViruSign - Malware database that detected by
- VirusShare - Malware repository, registration
- Zeltser's Sources - A list
- Zeus Source Code - Source for the Zeus
- AbuseHelper - An open-source framework for receiving and redistributing abuse feeds and threat intel.
- Combine - Tool to gather Threat
- IntelMQ
- IOC Editor
- ioc_writer - Python library for
- Massive Octo Spice
- CSIRT Gadgets Foundation
- MISP - Malware Information Sharing
- The MISP Project
- PassiveTotal - Research, connect, tag and
- PyIOCe - A Python OpenIOC editor.
- threataggregator
- ThreatCrowd - A search engine for threats,
- ThreatTracker - A Python
- TIQ-test - Data visualization
- Autoshun
- CI Army - badguys.txt)) -
- Critical Stack- Free Intel Market - Free
- CRDF ThreatCenter - List of new threats detected
- FireEye IOCs - Indicators of Compromise
- FireHOL IP Lists - Analytics for 350+ IP lists
- hpfeeds - Honeypot feed protocol.
- Internet Storm Center (DShield) - Diary and
- API
- unofficial Python library
- malc0de - Searchable incident database.
- Malware Domain List - Search and share
- OpenIOC - Framework for sharing threat intelligence.
- Palevo Blocklists - Botnet
- Proofpoint Threat Intelligence (formerly Emerging Threats)
- STIX - Structured Threat Information eXpression
- MITRE
- CAPEC - Common Attack Pattern Enumeration and Classification
- CybOX - Cyber Observables eXpression
- MAEC - Malware Attribute Enumeration and Characterization
- TAXII - Trusted Automated eXchange of Indicator Information
- threatRECON - Search for indicators, up to 1000
- Yara rules - Yara rules repository.
- ZeuS Tracker - ZeuS
- AnalyzePE - Wrapper for a
- chkrootkit - Local Linux rootkit detection.
- ClamAV - Open source antivirus engine.
- Detect-It-Easy - A program for
- ExifTool - Read, write and
- hashdeep - Compute digest hashes with
- Loki - Host based scanner for IOCs.
- Malfunction - Catalog and
- MASTIFF - Static analysis
- MultiScanner - Modular file
- nsrllookup - A tool for looking
- packerid - A cross-platform
- PEV - A multiplatform toolkit to work with PE
- Rootkit Hunter - Detect Linux rootkits.
- ssdeep - Compute fuzzy hashes.
- totalhash.py - Python script
- TotalHash.cymru.com
- TrID - File identifier.
- YARA - Pattern matching tool for
- Yara rules generator - Generate
- AndroTotal - free online analysis of APKs
- Anubis - Malware Analysis for Unknown Binaries
- AVCaesar - Malware.lu online scanner and
- Cryptam - Analyze suspicious office documents.
- Cuckoo Sandbox - Open source, self hosted
- cuckoo-modified - Modified
- DeepViz - Multi-format file analyzer with
- DRAKVUF - Dynamic malware analysis
- Hybrid Analysis - Online malware
- IRMA - An asynchronous and customizable
- Jotti - Free online multi-AV scanner.
- Malheur - Automatic sandboxed analysis
- Malwr - Free analysis with an online Cuckoo Sandbox
- MASTIFF Online - Online static
- Metadefender.com - Scan a file, hash or IP
- Noriben - Uses Sysinternals Procmon to
- PDF Examiner - Analyse suspicious PDF files.
- Recomposer - A helper
- SEE - Sandboxed Execution Environment (SEE)
- VirusTotal - Free online analysis of malware
- Zeltser's List - Free
- Desenmascara.me - One click tool to retrieve as
- Dig - Free online dig and other
- dnstwist - Domain name permutation
- IPinfo - Gather information
- Machinae - OSINT tool for
- mailchecker - Cross-language
- MaltegoVT - Maltego transform
- SenderBase - Search for IP, domain or network
- SpamCop - IP based spam block list.
- SpamHaus - Block list based on
- squidmagic - A tool designed to
- Sucuri SiteCheck - Free Website Malware
- TekDefense Automator - OSINT tool
- URLQuery - Free URL Scanner.
- Whois - DomainTools free online whois
- Zeltser's List - Free
- ZScalar Zulu - Zulu URL Risk Analyzer.
- Firebug - Firefox extension for web development.
- Java Decompiler - Decompile and inspect Java apps.
- Java IDX Parser - Parses Java
- JSDetox - JavaScript
- jsunpack-n - A javascript
- Krakatau - Java decompiler,
- Malzilla - Analyze malicious web pages.
- RABCDAsm - A "Robust
- swftools - Tools for working with Adobe Flash
- xxxswf - A
- AnalyzePDF - A tool for
- diStorm - Disassembler for analyzing
- JS Beautifier - JavaScript unpacking and deobfuscation.
- JS Deobfuscator
- libemu - Library and tools for x86 shellcode
- malpdfobj - Deconstruct malicious PDFs
- OfficeMalScanner - Scan for
- olevba - A script for parsing OLE
- Origami PDF - A tool for
- PDF Tools - pdfid,
- PDF X-Ray Lite - A PDF analysis tool,
- peepdf - Python
- Spidermonkey
- bulk_extractor - Fast file
- EVTXtract - Carve Windows
- Foremost - File carving tool designed
- Hachoir - A collection of Python
- Scalpel - Another data carving
- Balbuzard - A malware
- de4dot - .NET deobfuscator and
- ex_pe_xor
- iheartxor
- NoMoreXOR - Guess a 256 byte
- PackerAttacker - A generic
- unxor - Guess XOR keys using
- VirtualDeobfuscator
- XORBruteForcer
- XORSearch & XORStrings
- xortool - Guess XOR key length, as
- angr - Platform-agnostic binary analysis
- BARF - Multiplatform, open
- binnavi - Binary analysis IDE for
- Bokken - GUI for Pyew and Radare.
- Capstone - Disassembly framework for
- codebro - Web based code browser using
- dnSpy - .NET assembly editor, decompiler
- Evan's Debugger (EDB) - A
- Fibratus - Tool for exploration
- GDB - The GNU debugger.
- GEF - GDB Enhanced Features, for exploiters
- hackers-grep - A utility to
- IDA Pro - Windows
- Immunity Debugger - Debugger for
- ltrace - Dynamic analysis for Linux executables.
- objdump - Part of GNU binutils,
- OllyDbg - An assembly-level debugger for Windows
- PANDA - Platform for Architecture-Neutral Dynamic Analysis
- PEDA - Python Exploit Development
- pestudio - Perform static analysis of Windows
- plasma - Interactive disassembler for
- PPEE (puppy) - A Professional PE file Explorer for
- Process Monitor
- Pyew - Python tool for malware
- Radare2 - Reverse engineering framework, with
- SMRT - Sublime Malware Research Tool, a
- strace - Dynamic analysis for
- Triton - A dynamic binary analysis (DBA) framework.
- Udis86 - Disassembler library and tool
- Vivisect - Python tool for
- X64dbg - An open-source x64/x32 debugger for windows.
- Bro - Protocol analyzer that operates at incredible
- BroYara - Use Yara rules from Bro.
- CapTipper - Malicious HTTP traffic
- chopshop - Protocol analysis and
- Fiddler - Intercepting web proxy designed
- Hale - Botnet C&C monitor.
- Haka - An open source security oriented
- INetSim - Network service emulation, useful when
- Laika BOSS - Laika BOSS is a file-centric
- Malcom - Malware Communications
- Maltrail - A malicious traffic
- mitmproxy - Intercept network traffic on the fly.
- Moloch - IPv4 traffic capturing, indexing
- NetworkMiner - Network
- ngrep - Search through network traffic
- PcapViz - Network topology and traffic visualizer.
- Tcpdump - Collect network traffic.
- tcpick - Trach and reassemble TCP streams
- tcpxtract - Extract files from network
- Wireshark - The network traffic analysis
- DAMM - Differential Analysis of
- evolve - Web interface for the
- FindAES - Find AES
- Muninn - A script to automate portions
- Rekall - Memory analysis framework,
- TotalRecall - Script based
- VolDiff - Run Volatility on memory
- Volatility - Advanced
- VolUtility - Web Interface for
- WinDbg - Live
- AChoir - A live incident response
- python-evt - Python
- python-registry - Python
- RegRipper
- GitHub
- Aleph - OpenSource Malware Analysis
- CRITs - Collaborative Research Into Threats, a
- Malwarehouse - Store, tag, and
- Viper - A binary management and analysis framework for
- DC3-MWCP
- Pafish - Paranoid Fish, a demonstration
- REMnux - Linux distribution and docker images for
- Santoku Linux - Linux distribution for mobile
- Malware Analyst's Cookbook and DVD
- Practical Malware Analysis - The Hands-On Guide
- The Art of Memory Forensics - Detecting
- The IDA Pro Book - The Unofficial Guide
- @Hexacorn
- @attrc
- @botherder
- @mephux
- @hiddenillusion
- @jekil
- @skier_t
- @lennyzeltser
- @hectaman
- @repmovsb
- @iMHLv2
- @OpenMalware
- @taosecurity
- @volatility
- APT Notes - A collection of papers
- File Formats posters - Nice visualization
- Honeynet Project - Honeypot tools, papers, and
- Kernel Mode - An active community devoted to
- Malicious Software - Malware
- Malware Analysis Search
- Malware Analysis Tutorials - The Malware Analysis Tutorials by Dr. Xiang Fu, a great resource for learning
- Malware Samples and Traffic - This
- Practical Malware Analysis Starter Kit
- RPISEC Malware Analysis - These are the
- WindowsIR: Malware - Harlan
- Windows Registry specification - Windows registry file format specification.
- /r/csirt_tools - Subreddit for CSIRT
- malware analysis
- /r/Malware - The malware subreddit.
- /r/ReverseEngineering
- Android Security
- AppSec
- CTFs
- "Hacking"
- Honeypots
- Incident-Response
- Infosec
- PCAP Tools
- Pentesting
- Security
Programming Languages
Keywords
python
12
security
12
malware-analysis
9
malware
8
awesome
7
reverse-engineering
6
awesome-list
5
malware-research
4
dfir
3
list
3
scanner
3
threat-intelligence
3
infosec
3
pcap
2
threat-hunting
2
pentest
2
network-monitoring
2
disassembler
2
binary-analysis
2
ctf
2
analysis
2
cybersecurity
2
yara
2
honeypot
2
incident-response
2
malwareanalysis
2
c
2
network-traffic
2
program-analysis
1
machine-learning
1
dns
1
packer
1
macho
1
mach-o
1
hacktoberfest2023
1
domains
1
entropy
1
elf
1
fuzzing
1
homoglyph
1
detector
1
clustering
1
classification
1
xen
1
static-analysis
1
unpacker
1
antivirus
1
hash
1
ioc
1
otx
1