Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-malware-analysis
https://github.com/ravifatty/awesome-malware-analysis
Last synced: 2 days ago
JSON representation
-
Malware Collection
-
Honeypots
- Conpot - ICS/SCADA honeypot.
- Cowrie - SSH honeypot, based
- DemoHunter - Low interaction Distributed Honeypots.
- Dionaea - Honeypot designed to trap malware.
- Glastopf - Web application honeypot.
- Honeytrap - Opensource system for running, monitoring and managing honeypots.
- Mnemosyne - A normalizer for
- Thug - Low interaction honeyclient, for
- Cowrie - SSH honeypot, based
-
Anonymizers
- Anonymouse.org - A free, web based anonymizer.
- OpenVPN - VPN software and hosting solutions.
- Privoxy - An open source proxy server with some
- Tor - The Onion Router, for browsing the web
-
Malware Corpora
- Exploit Database - Exploit and shellcode
- Infosec - CERT-PA - Malware samples collection and analysis.
- Malpedia - A resource providing
- Open Malware Project - Sample information and
- Tracker h3x - Agregator for malware corpus tracker
- vduddu malware repo - Collection of
- VirusBay - Community-Based malware repository and social network.
- VirusShare - Malware repository, registration
- Zeltser's Sources - A list
- Clean MX - Realtime
- VX Vault - Active collection of malware samples.
- Malshare - Large repository of malware actively
-
-
Online Scanners and Sandboxes
-
Other Resources
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- SEKOIA Dropper Analysis - Online dropper analysis (Js, VBScript, Microsoft Office, PDF).
- Zeltser's List - Free
- anlyz.io - Online sandbox.
- any.run - Online interactive sandbox.
- AndroTotal - Free online analysis of APKs
- AVCaesar - Malware.lu online scanner and
- Cuckoo Sandbox - Open source, self hosted
- DeepViz - Multi-format file analyzer with
- firmware.re - Unpacks, scans and analyzes almost any
- Hybrid Analysis - Online malware
- IRMA - An asynchronous and customizable
- Jotti - Free online multi-AV scanner.
- Malware config - Extract, decode and display online
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- Malwr - Free analysis with an online Cuckoo Sandbox
- MetaDefender Cloud - Scan a file, hash, IP, URL or
- NetworkTotal - A service that analyzes
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MetaDefender Cloud - Scan a file, hash, IP, URL or
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- PacketTotal - PacketTotal is an online engine for analyzing .pcap files, and visualizing the network traffic within.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
-
-
Network
-
Other Resources
- CloudShark - Web-based tool for packet analysis
- Fiddler - Intercepting web proxy designed
- Haka - An open source security oriented
- mitmproxy - Intercept network traffic on the fly.
- Wireshark - The network traffic analysis
-
-
Open Source Threat Intelligence
-
Tools
- AlienVault Open Threat Exchange - Share and
- RiskIQ - Research, connect, tag and
- ThreatCrowd - A search engine for threats,
- IntelMQ
-
Other Resources
- ZeuS Tracker - ZeuS
- Bambenek Consulting Feeds
- Fidelis Barncat
- CI Army - badguys.txt)) -
- Critical Stack- Free Intel Market - Free
- Cybercrime tracker - Multiple botnet active tracker.
- FireHOL IP Lists - Analytics for 350+ IP lists
- HoneyDB - Community driven honeypot sensor data collection and aggregation.
- Infosec - CERT-PA lists - pa.it/analyze/listip.txt) - [Domains](https://infosec.cert-pa.it/analyze/listdomains.txt) - [URLs](https://infosec.cert-pa.it/analyze/listurls.txt)) - Blocklist service.
- Internet Storm Center (DShield) - Diary and
- malc0de - Searchable incident database.
- MetaDefender Threat Intelligence Feed
- Ransomware overview
- MITRE
- SystemLookup - SystemLookup hosts a collection of lists that provide information on
- ThreatMiner - Data mining portal for threat
- threatRECON - Search for indicators, up to 1000
- STIX - Structured Threat Information eXpression
- MAEC - Malware Attribute Enumeration and Characterization
- TAXII - Trusted Automated eXchange of Indicator Information
- Autoshun
-
-
Debugging and Reverse Engineering
-
Other Resources
- FPort - Reports
- strace - Dynamic analysis for
- bamfdetect - Identifies and extracts
- Binary ninja - A reversing engineering platform
- Cutter - GUI for Radare2.
- dotPeek - Free .NET Decompiler and
- Hopper - The macOS and Linux Disassembler.
- IDA Pro - Windows
- Immunity Debugger - Debugger for
- ILSpy - ILSpy is the open-source .NET assembly browser and decompiler.
- Kaitai Struct - DSL for file formats / network protocols /
- ltrace - Dynamic analysis for Linux executables.
- objdump - Part of GNU binutils,
- OllyDbg - An assembly-level debugger for Windows
- PPEE (puppy) - A Professional PE file Explorer for
- QKD - QEMU with embedded WinDbg
- RegShot - Registry compare utility
-
-
Domain Analysis
-
Other Resources
- AbuseIPDB - AbuseIPDB is a project dedicated
- badips.com - Community based IP blacklist service.
- Cymon - Threat intelligence tracker, with IP/domain/hash
- Dig - Free online dig and other
- PhishStats - Phishing Statistics with search for
- SecurityTrails - Historical and current WHOIS,
- SpamCop - IP based spam block list.
- SpamHaus - Block list based on
- Sucuri SiteCheck - Free Website Malware
- Talos Intelligence - Search for IP, domain
- TekDefense Automater - OSINT tool
- URLhaus - A project from abuse.ch with the goal
- urlscan.io - Free URL Scanner & domain information.
- Whois - DomainTools free online whois
- Zeltser's List - Free
- ZScalar Zulu - Zulu URL Risk Analyzer.
- TekDefense Automater - OSINT tool
- Multi rbl - Multiple DNS blacklist and forward
- URLQuery - Free URL Scanner.
-
-
Detection and Classification
-
Other Resources
- ClamAV - Open source antivirus engine.
- Assemblyline - A scalable
- Exeinfo PE - Packer, compressor detector, unpack
- Generic File Parser - A Single Library Parser to extract meta information,static analysis and detect macros within the files.
- packerid - A cross-platform
- PE-bear - Reversing tool for PE
- totalhash.py
- virustotal-falsepositive-detector - A Tool to Analyze Virustotal Reports to Find Potential False Positives based on similarity of Detection Naming.
- Yara Finder - A simple tool to yara match the file against various yara rules to find the indicators of suspicion.
-
-
Memory Forensics
-
Other Resources
- BlackLight - Windows/MacOS
- FindAES - Find AES
- Rekall - Memory analysis framework,
- Rekall - Memory analysis framework,
-
-
Windows Artifacts
-
Other Resources
- python-registry - Python
- RegRipper
- GitHub
-
-
Storage and Workflow
-
Miscellaneous
-
Other Resources
- Malware Museum - Collection of
- Malware Organiser - A simple tool to organise large malicious/benign files into a organised Structure.
- REMnux - Linux distribution and docker images for
- Santoku Linux - Linux distribution for mobile
-
-
Books
-
Other Resources
- Rootkits and Bootkits - Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats
- Mastering Malware Analysis - Mastering Malware Analysis: The complete malware analyst's guide to combating malicious software, APT, cybercime, and IoT attacks
- Malware Analyst's Cookbook and DVD
- Real Digital Forensics - Computer
- The Art of Memory Forensics - Detecting
-
-
Other
-
Other Resources
- Malicious Software - Malware
- Malware Analysis, Threat Intelligence and Reverse Engineering
- Malware Search+++
- Practical Malware Analysis Starter Kit
- WindowsIR: Malware - Harlan
- Windows Registry specification
- /r/csirt_tools - Subreddit for CSIRT
- malware analysis
- /r/Malware - The malware subreddit.
- /r/ReverseEngineering
- Android Security
- AppSec
- CTFs
- "Hacking"
- Honeypots
- Incident-Response
- PCAP Tools
- Security
-
-
Browser Malware
-
Other Resources
- Firebug - Firefox extension for web development.
- JSDetox - JavaScript
- SWF Investigator
- swftools - Tools for working with Adobe Flash
- xxxswf - A
-
-
Documents and Shellcode
-
Other Resources
- diStorm - Disassembler for analyzing
- JS Deobfuscator
- libemu - Library and tools for x86 shellcode
- OfficeMalScanner - Scan for
- olevba - A script for parsing OLE
- Origami PDF - A tool for
- PDF Tools - pdfid,
- QuickSand - QuickSand is a compact C framework
- Spidermonkey
- JS Beautifier - JavaScript unpacking and deobfuscation.
- peepdf - Python
-
-
Deobfuscation
-
Other Resources
- Balbuzard - A malware
- ex_pe_xor
- iheartxor
- XORSearch & XORStrings
-
Categories
Online Scanners and Sandboxes
48
Open Source Threat Intelligence
25
Malware Collection
25
Domain Analysis
19
Other
18
Debugging and Reverse Engineering
17
Documents and Shellcode
11
Detection and Classification
9
Books
5
Browser Malware
5
Network
5
Miscellaneous
4
Deobfuscation
4
Memory Forensics
4
Windows Artifacts
3
Storage and Workflow
2
Sub Categories
Keywords
security
11
honeypot
7
awesome
5
awesome-list
4
python
3
list
3
deception
3
security-tools
2
threatintel
2
threat-sharing
2
threat-analysis
2
telnet-honeypot
2
malware-analysis
2
telnet
2
ssh
2
sftp
2
scp
2
kippo
2
decoy
2
cowrie-ssh
2
cowrie
2
attacker
2
low-interaction
1
honeyclient
1
shellcode
1
virustotal
1
client-honeypot
1
framework
1
dionaea
1
distributed
1
scada
1
ics
1
incident-response-tooling
1
incident-response
1
dfir
1
cybersecurity
1
yara-rules
1
yara
1
malware-analyzer
1
malware
1
zip
1
static-analysis
1
reverse-engineering
1
rar
1
pe-executable
1
pdf-parsing
1
office-files
1
mime
1
machine-learning
1
libmagic
1