Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-malware-analysis
A curated list of awesome malware analysis tools and resources
https://github.com/hslatman/awesome-malware-analysis
Last synced: about 24 hours ago
JSON representation
-
Online Scanners and Sandboxes
-
Other Resources
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- anlyz.io - Online sandbox.
- any.run - Online interactive sandbox.
- AndroTotal - Free online analysis of APKs
- AVCaesar - Malware.lu online scanner and
- Cuckoo Sandbox - Open source, self hosted
- DeepViz - Multi-format file analyzer with
- firmware.re - Unpacks, scans and analyzes almost any
- Hybrid Analysis - Online malware
- IRMA - An asynchronous and customizable
- Jotti - Free online multi-AV scanner.
- Malware config - Extract, decode and display online
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- Malwr - Free analysis with an online Cuckoo Sandbox
- MetaDefender Cloud - Scan a file, hash, IP, URL or
- NetworkTotal - A service that analyzes
- SEKOIA Dropper Analysis - Online dropper analysis (Js, VBScript, Microsoft Office, PDF).
- Zeltser's List - Free
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
-
-
Malware Collection
-
Honeypots
- Conpot - ICS/SCADA honeypot.
- Cowrie - SSH honeypot, based
- DemoHunter - Low interaction Distributed Honeypots.
- Dionaea - Honeypot designed to trap malware.
- Glastopf - Web application honeypot.
- Honeytrap - Opensource system for running, monitoring and managing honeypots.
- MHN - MHN is a centralized server for management and data collection of honeypots. MHN allows you to deploy sensors quickly and to collect data immediately, viewable from a neat web interface.
- Mnemosyne - A normalizer for
- Thug - Low interaction honeyclient, for
-
Malware Corpora
- VX Vault - Active collection of malware samples.
- Clean MX - Realtime
- Exploit Database - Exploit and shellcode
- Infosec - CERT-PA - Malware samples collection and analysis.
- Malpedia - A resource providing
- Open Malware Project - Sample information and
- Tracker h3x - Agregator for malware corpus tracker
- vduddu malware repo - Collection of
- VirusBay - Community-Based malware repository and social network.
- VirusShare - Malware repository, registration
- Zeltser's Sources - A list
- Malshare - Large repository of malware actively
- Javascript Mallware Collection - Collection of almost 40.000 javascript malware samples
-
Anonymizers
- Anonymouse.org - A free, web based anonymizer.
- OpenVPN - VPN software and hosting solutions.
- Privoxy - An open source proxy server with some
- Tor - The Onion Router, for browsing the web
-
-
Network
-
Memory Forensics
-
Other Resources
- BlackLight - Windows/MacOS
- FindAES - Find AES
- Rekall - Memory analysis framework,
-
-
Windows Artifacts
-
Other Resources
- python-registry - Python
- RegRipper
- GitHub
-
-
Storage and Workflow
-
Miscellaneous
-
Other Resources
- Malware Museum - Collection of
- Malware Organiser - A simple tool to organise large malicious/benign files into a organised Structure.
- REMnux - Linux distribution and docker images for
- Santoku Linux - Linux distribution for mobile
-
-
Books
-
Other Resources
- Rootkits and Bootkits - Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats
- Mastering Malware Analysis - Mastering Malware Analysis: The complete malware analyst's guide to combating malicious software, APT, cybercime, and IoT attacks
- Malware Analyst's Cookbook and DVD
- Practical Reverse Engineering
- Real Digital Forensics - Computer
- The Art of Memory Forensics - Detecting
-
-
Other
-
Other Resources
- Malicious Software - Malware
- Malware Analysis, Threat Intelligence and Reverse Engineering
- Malware Search+++
- Practical Malware Analysis Starter Kit
- WindowsIR: Malware - Harlan
- Windows Registry specification
- /r/csirt_tools - Subreddit for CSIRT
- malware analysis
- /r/Malware - The malware subreddit.
- /r/ReverseEngineering
- AppSec
- CTFs
- "Hacking"
- Honeypots
- Android Security
- Incident-Response
- PCAP Tools
- Security
-
-
Detection and Classification
-
Other Resources
- packerid - A cross-platform
- PE-bear - Reversing tool for PE
- Assemblyline - A scalable
- ClamAV - Open source antivirus engine.
- Exeinfo PE - Packer, compressor detector, unpack
- Generic File Parser - A Single Library Parser to extract meta information,static analysis and detect macros within the files.
- totalhash.py
- Yara Finder - A simple tool to yara match the file against various yara rules to find the indicators of suspicion.
-
-
Debugging and Reverse Engineering
-
Other Resources
- FPort - Reports
- bamfdetect - Identifies and extracts
- Binary ninja - A reversing engineering platform
- Cutter - GUI for Radare2.
- dotPeek - Free .NET Decompiler and
- Hopper - The macOS and Linux Disassembler.
- IDA Pro - Windows
- Immunity Debugger - Debugger for
- ILSpy - ILSpy is the open-source .NET assembly browser and decompiler.
- Kaitai Struct - DSL for file formats / network protocols /
- ltrace - Dynamic analysis for Linux executables.
- objdump - Part of GNU binutils,
- OllyDbg - An assembly-level debugger for Windows
- PPEE (puppy) - A Professional PE file Explorer for
- RegShot - Registry compare utility
- strace - Dynamic analysis for
-
-
Open Source Threat Intelligence
-
Tools
- AlienVault Open Threat Exchange - Share and
- RiskIQ - Research, connect, tag and
- ThreatCrowd - A search engine for threats,
- IntelMQ
-
Other Resources
- Bambenek Consulting Feeds
- Fidelis Barncat
- CI Army - badguys.txt)) -
- Critical Stack- Free Intel Market - Free
- Cybercrime tracker - Multiple botnet active tracker.
- FireHOL IP Lists - Analytics for 350+ IP lists
- HoneyDB - Community driven honeypot sensor data collection and aggregation.
- Infosec - CERT-PA lists - pa.it/analyze/listip.txt) - [Domains](https://infosec.cert-pa.it/analyze/listdomains.txt) - [URLs](https://infosec.cert-pa.it/analyze/listurls.txt)) - Blocklist service.
- InQuest REPdb - Continuous aggregation of IOCs from a variety of open reputation sources.
- InQuest IOCdb - Continuous aggregation of IOCs from a variety of blogs, Github repos, and Twitter.
- Internet Storm Center (DShield) - Diary and
- malc0de - Searchable incident database.
- MetaDefender Threat Intelligence Feed
- Ransomware overview
- MITRE
- SystemLookup - SystemLookup hosts a collection of lists that provide information on
- ThreatMiner - Data mining portal for threat
- threatRECON - Search for indicators, up to 1000
- ThreatShare - C2 panel tracker
- ZeuS Tracker - ZeuS
- MAEC - Malware Attribute Enumeration and Characterization
- TAXII - Trusted Automated eXchange of Indicator Information
- Autoshun
-
-
Domain Analysis
-
Other Resources
- AbuseIPDB - AbuseIPDB is a project dedicated
- badips.com - Community based IP blacklist service.
- Cymon - Threat intelligence tracker, with IP/domain/hash
- Dig - Free online dig and other
- PhishStats - Phishing Statistics with search for
- Spyse - subdomains, whois, realted domains, DNS, hosts AS, SSL/TLS info,
- SecurityTrails - Historical and current WHOIS,
- SpamCop - IP based spam block list.
- SpamHaus - Block list based on
- Sucuri SiteCheck - Free Website Malware
- Talos Intelligence - Search for IP, domain
- URLhaus - A project from abuse.ch with the goal
- urlscan.io - Free URL Scanner & domain information.
- Whois - DomainTools free online whois
- Zeltser's List - Free
- ZScalar Zulu - Zulu URL Risk Analyzer.
-
-
Browser Malware
-
Other Resources
- Firebug - Firefox extension for web development.
- JSDetox - JavaScript
- SWF Investigator
- swftools - Tools for working with Adobe Flash
- xxxswf - A
-
-
Documents and Shellcode
-
Other Resources
- diStorm - Disassembler for analyzing
- InQuest Deep File Inspection - Upload common malware lures for Deep File Inspection and heuristical analysis.
- libemu - Library and tools for x86 shellcode
- OfficeMalScanner - Scan for
- olevba - A script for parsing OLE
- Origami PDF - A tool for
- PDF Tools - pdfid,
- QuickSand - QuickSand is a compact C framework
- Spidermonkey
-
-
Deobfuscation
-
Other Resources
- Balbuzard - A malware
- ex_pe_xor
- iheartxor
- XORSearch & XORStrings
-
Categories
Online Scanners and Sandboxes
42
Open Source Threat Intelligence
27
Malware Collection
26
Other
18
Domain Analysis
16
Debugging and Reverse Engineering
16
Documents and Shellcode
9
Detection and Classification
8
Books
6
Browser Malware
5
Miscellaneous
4
Deobfuscation
4
Network
4
Memory Forensics
3
Windows Artifacts
3
Storage and Workflow
2
Sub Categories
Keywords
security
10
honeypot
6
awesome
5
awesome-list
4
python
3
list
3
security-tools
2
deception
2
malware-analysis
2
threatintel
1
distributed
1
dionaea
1
framework
1
client-honeypot
1
honeyclient
1
low-interaction
1
shellcode
1
virustotal
1
application-security
1
curated
1
threat-sharing
1
threat-analysis
1
telnet-honeypot
1
telnet
1
ssh
1
sftp
1
scp
1
kippo
1
decoy
1
cowrie-ssh
1
cowrie
1
attacker
1
scada
1
ics
1
malware-samples
1
malware-research
1
malware-jail
1
javascript
1
yara-rules
1
yara
1
malware-analyzer
1
malware
1
zip
1
static-analysis
1
reverse-engineering
1
rar
1
pe-executable
1
pdf-parsing
1
office-files
1
mime
1