awesome-malware-analysis

Defund the Police.
https://github.com/rshipp/awesome-malware-analysis

Last synced: 5 days ago
JSON representation

Online Scanners and Sandboxes
- Other Resources
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - anlyz.io - Online sandbox.
  - any.run - Online interactive sandbox.
  - AndroTotal - Free online analysis of APKs
  - AVCaesar - Malware.lu online scanner and
  - Cuckoo Sandbox - Open source, self hosted
  - DeepViz - Multi-format file analyzer with
  - firmware.re - Unpacks, scans and analyzes almost any
  - Hybrid Analysis - Online malware
  - Intezer - Detect, analyze, and categorize malware by
  - IRMA - An asynchronous and customizable
  - Joe Sandbox - Deep malware analysis with Joe Sandbox.
  - Jotti - Free online multi-AV scanner.
  - Malware config - Extract, decode and display online
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - Malwr - Free analysis with an online Cuckoo Sandbox
  - MetaDefender Cloud - Scan a file, hash, IP, URL or
  - NetworkTotal - A service that analyzes
  - PacketTotal - PacketTotal is an online engine for analyzing .pcap files, and visualizing the network traffic within.
  - PDF Examiner - Analyse suspicious PDF files.
  - ProcDot - A graphical malware analysis tool kit.
  - SEKOIA Dropper Analysis - Online dropper analysis (Js, VBScript, Microsoft Office, PDF).
  - VirusTotal - Free online analysis of malware
  - Zeltser's List - Free
  - VirusTotal - Free online analysis of malware
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - MetaDefender Cloud - Scan a file, hash, IP, URL or
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - filescan.io - Static malware analysis, VBA/Powershell/VBS/JS Emulation
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
  - MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
Malware Collection
- Anonymizers
  - Anonymouse.org - A free, web based anonymizer.
  - OpenVPN - VPN software and hosting solutions.
  - Privoxy - An open source proxy server with some
  - Tor - The Onion Router, for browsing the web
- Honeypots
  - Cowrie - SSH honeypot, based
  - Honeyd - Create a virtual honeynet.
  - Conpot - ICS/SCADA honeypot.
  - DemoHunter - Low interaction Distributed Honeypots.
  - Dionaea - Honeypot designed to trap malware.
  - Glastopf - Web application honeypot.
  - Honeytrap - Opensource system for running, monitoring and managing honeypots.
  - MHN - MHN is a centralized server for management and data collection of honeypots. MHN allows you to deploy sensors quickly and to collect data immediately, viewable from a neat web interface.
  - Mnemosyne - A normalizer for
  - Thug - Low interaction honeyclient, for
  - HoneyDrive - Honeypot bundle Linux distro.
- Malware Corpora
  - Clean MX - Realtime
  - Contagio - A collection of recent
  - Exploit Database - Exploit and shellcode
  - Infosec - CERT-PA - Malware samples collection and analysis.
  - InQuest Labs - Evergrowing searchable corpus of malicious Microsoft documents.
  - Malpedia - A resource providing
  - Malshare - Large repository of malware actively
  - Open Malware Project - Sample information and
  - Tracker h3x - Agregator for malware corpus tracker
  - vduddu malware repo - Collection of
  - VirusBay - Community-Based malware repository and social network.
  - ViruSign - Malware database that detected by
  - VirusShare - Malware repository, registration
  - VX Vault - Active collection of malware samples.
  - Zeltser's Sources - A list
  - VX Underground - Massive and growing collection of free malware samples.
  - Clean MX - Realtime
  - VX Vault - Active collection of malware samples.
  - Malshare - Large repository of malware actively
  - Clean MX - Realtime
Open Source Threat Intelligence
- Tools
  - AlienVault Open Threat Exchange - Share and
  - IntelMQ
  - IOC Editor
  - CSIRT Gadgets Foundation
  - The MISP Project
  - Pulsedive - Free, community-driven threat intelligence platform collecting IOCs from open-source feeds.
  - RiskIQ - Research, connect, tag and
  - ThreatConnect - TC Open allows you to see and
  - ThreatCrowd - A search engine for threats,
  - iocextract - Advanced Indicator
  - IntelMQ
- Other Resources
  - Autoshun
  - Bambenek Consulting Feeds
  - Fidelis Barncat
  - CI Army - badguys.txt)) -
  - Critical Stack- Free Intel Market - Free
  - Cybercrime tracker - Multiple botnet active tracker.
  - FireEye IOCs - Indicators of Compromise
  - FireHOL IP Lists - Analytics for 350+ IP lists
  - HoneyDB - Community driven honeypot sensor data collection and aggregation.
  - Infosec - CERT-PA lists - pa.it/analyze/listip.txt) - [Domains](https://infosec.cert-pa.it/analyze/listdomains.txt) - [URLs](https://infosec.cert-pa.it/analyze/listurls.txt)) - Blocklist service.
  - InQuest REPdb - Continuous aggregation of IOCs from a variety of open reputation sources.
  - InQuest IOCdb - Continuous aggregation of IOCs from a variety of blogs, Github repos, and Twitter.
  - Internet Storm Center (DShield) - Diary and
  - malc0de - Searchable incident database.
  - Malware Domain List - Search and share
  - MetaDefender Threat Intelligence Feed
  - OpenIOC - Framework for sharing threat intelligence.
  - Proofpoint Threat Intelligence
  - Ransomware overview
  - STIX - Structured Threat Information eXpression
  - MITRE
  - CAPEC - Common Attack Pattern Enumeration and Classification
  - CybOX - Cyber Observables eXpression
  - TAXII - Trusted Automated eXchange of Indicator Information
  - SystemLookup - SystemLookup hosts a collection of lists that provide information on
  - ThreatMiner - Data mining portal for threat
  - threatRECON - Search for indicators, up to 1000
  - ThreatShare - C2 panel tracker
  - ZeuS Tracker - ZeuS
  - Autoshun
  - FireEye IOCs - Indicators of Compromise
  - TAXII - Trusted Automated eXchange of Indicator Information
  - Autoshun
Detection and Classification
- Other Resources
  - Assemblyline - A scalable
  - capa - Detects capabilities in executable files.
  - chkrootkit - Local Linux rootkit detection.
  - ClamAV - Open source antivirus engine.
  - Exeinfo PE - Packer, compressor detector, unpack
  - ExifTool - Read, write and
  - Generic File Parser - A Single Library Parser to extract meta information,static analysis and detect macros within the files.
  - packerid - A cross-platform
  - PE-bear - Reversing tool for PE
  - PEV - A multiplatform toolkit to work with PE
  - PortEx - Java library to analyse PE files with a special focus on malware analysis and PE malformation robustness.
  - Rootkit Hunter - Detect Linux rootkits.
  - totalhash.py
  - TotalHash.cymru.com
  - TrID - File identifier.
  - Yara Finder - A simple tool to yara match the file against various yara rules to find the indicators of suspicion.
  - chkrootkit - Local Linux rootkit detection.
  - Rootkit Hunter - Detect Linux rootkits.
Domain Analysis
- Other Resources
  - AbuseIPDB - AbuseIPDB is a project dedicated
  - Cymon - Threat intelligence tracker, with IP/domain/hash
  - badips.com - Community based IP blacklist service.
  - Desenmascara.me - One click tool to retrieve as
  - Dig - Free online dig and other
  - Multi rbl - Multiple DNS blacklist and forward
  - PhishStats - Phishing Statistics with search for
  - Spyse - subdomains, whois, realted domains, DNS, hosts AS, SSL/TLS info,
  - SecurityTrails - Historical and current WHOIS,
  - SpamCop - IP based spam block list.
  - SpamHaus - Block list based on
  - Sucuri SiteCheck - Free Website Malware
  - Talos Intelligence - Search for IP, domain
  - TekDefense Automater - OSINT tool
  - URLhaus - A project from abuse.ch with the goal
  - URLQuery - Free URL Scanner.
  - urlscan.io - Free URL Scanner & domain information.
  - Whois - DomainTools free online whois
  - Zeltser's List - Free
  - ZScalar Zulu - Zulu URL Risk Analyzer.
  - Spyse - subdomains, whois, realted domains, DNS, hosts AS, SSL/TLS info,
Browser Malware
- Other Resources
  - Firebug - Firefox extension for web development.
  - Java Decompiler - Decompile and inspect Java apps.
  - JSDetox - JavaScript
  - Malzilla - Analyze malicious web pages.
  - SWF Investigator
  - swftools - Tools for working with Adobe Flash
  - xxxswf - A
Documents and Shellcode
- Other Resources
  - diStorm - Disassembler for analyzing
  - InQuest Deep File Inspection - Upload common malware lures for Deep File Inspection and heuristical analysis.
  - JS Beautifier - JavaScript unpacking and deobfuscation.
  - libemu - Library and tools for x86 shellcode
  - OfficeMalScanner - Scan for
  - olevba - A script for parsing OLE
  - Origami PDF - A tool for
  - PDF Tools - pdfid,
  - peepdf - Python
  - Spidermonkey
File Carving
- Other Resources
  - Foremost - File carving tool designed
Deobfuscation
- Other Resources
  - Balbuzard - A malware
  - de4dot - .NET deobfuscator and
  - ex_pe_xor
  - iheartxor
  - FLOSS - The FireEye Labs Obfuscated
  - XORBruteForcer
  - XORSearch & XORStrings
  - FLOSS - The FireEye Labs Obfuscated
Debugging and Reverse Engineering
- Other Resources
  - bamfdetect - Identifies and extracts
  - Binary ninja - A reversing engineering platform
  - Binwalk - Firmware analysis tool.
  - Capstone - Disassembly framework for
  - Cutter - GUI for Radare2.
  - dnSpy - .NET assembly editor, decompiler
  - dotPeek - Free .NET Decompiler and
  - Hopper - The macOS and Linux Disassembler.
  - Immunity Debugger - Debugger for
  - ILSpy - ILSpy is the open-source .NET assembly browser and decompiler.
  - Kaitai Struct - DSL for file formats / network protocols /
  - LIEF - LIEF provides a cross-platform library
  - ltrace - Dynamic analysis for Linux executables.
  - objdump - Part of GNU binutils,
  - OllyDbg - An assembly-level debugger for Windows
  - OllyDumpEx - Dump memory
  - pestudio - Perform static analysis of Windows
  - PPEE (puppy) - A Professional PE file Explorer for
  - Process Explorer
  - Process Hacker - Tool that monitors
  - Process Monitor
  - PSTools - Windows
  - Capstone - Disassembly framework for
  - dnSpy - .NET assembly editor, decompiler
  - LIEF - LIEF provides a cross-platform library
  - QKD - QEMU with embedded WinDbg
  - Radare2 - Reverse engineering framework, with
  - RegShot - Registry compare utility
  - RetDec - Retargetable machine-code decompiler with an
  - online decompilation service
  - API
  - strace - Dynamic analysis for
  - StringSifter - A machine learning tool
  - Triton - A dynamic binary analysis (DBA) framework.
  - WinDbg - multipurpose debugger for the Microsoft Windows computer operating system, used to debug user mode applications, device drivers, and the kernel-mode memory dumps.
  - X64dbg - An open-source x64/x32 debugger for windows.
  - FPort - Reports
Network
- Other Resources
  - Bro - Protocol analyzer that operates at incredible
  - CloudShark - Web-based tool for packet analysis
  - FakeNet-NG - Next generation
  - Fiddler - Intercepting web proxy designed
  - Haka - An open source security oriented
  - HTTPReplay - Library for parsing
  - INetSim - Network service emulation, useful when
  - mitmproxy - Intercept network traffic on the fly.
  - Moloch - IPv4 traffic capturing, indexing
  - NetworkMiner - Network
  - Tcpdump - Collect network traffic.
  - tcpick - Trach and reassemble TCP streams
  - tcpxtract - Extract files from network
  - Wireshark - The network traffic analysis
Memory Forensics
- Other Resources
  - BlackLight - Windows/MacOS
  - FindAES - Find AES
  - Rekall - Memory analysis framework,
  - WinDbg
  - Rekall - Memory analysis framework,
Windows Artifacts
- Other Resources
  - python-registry - Python
  - RegRipper
  - GitHub
Storage and Workflow
- Other Resources
  - CRITs - Collaborative Research Into Threats, a
  - stoQ - Distributed content analysis
  - Viper - A binary management and analysis framework for
Miscellaneous
- Other Resources
  - FLARE VM - A fully customizable,
  - Malware Museum - Collection of
  - Malware Organiser - A simple tool to organise large malicious/benign files into a organised Structure.
  - REMnux - Linux distribution and docker images for
  - Tsurugi Linux - Linux distribution designed to support your DFIR investigations, malware analysis and OSINT (Open Source INTelligence) activities.
  - Santoku Linux - Linux distribution for mobile
Books
- Other Resources
  - Learning Malware Analysis - Learning Malware Analysis: Explore the concepts, tools, and techniques to analuze and investigate Windows malware
  - Malware Analyst's Cookbook and DVD
  - Mastering Malware Analysis - Mastering Malware Analysis: The complete malware analyst's guide to combating malicious software, APT, cybercime, and IoT attacks
  - Practical Malware Analysis - The Hands-On
  - Real Digital Forensics - Computer
  - Rootkits and Bootkits - Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats
  - The Art of Memory Forensics - Detecting
  - The IDA Pro Book - The Unofficial Guide
  - The Rootkit Arsenal - The Rootkit Arsenal:
  - Practical Reverse Engineering
  - Mastering Malware Analysis - Mastering Malware Analysis: The complete malware analyst's guide to combating malicious software, APT, cybercime, and IoT attacks
  - Malware Analyst's Cookbook and DVD
  - The Art of Memory Forensics - Detecting
Other
- Other Resources
  - Ember - Endgame Malware BEnchmark for Research,
  - File Formats posters - Nice visualization
  - Honeynet Project - Honeypot tools, papers, and
  - Kernel Mode - An active community
  - Malicious Software - Malware
  - Malware Analysis Search
  - Malware Analysis Tutorials
  - Malware Analysis, Threat Intelligence and Reverse Engineering
  - Malware Samples and Traffic - This
  - Malware Search+++
  - Practical Malware Analysis Starter Kit
  - WindowsIR: Malware - Harlan
  - Windows Registry specification
  - /r/csirt_tools - Subreddit for CSIRT
  - malware analysis
  - /r/Malware - The malware subreddit.
  - /r/ReverseEngineering
  - Android Security
  - AppSec
  - CTFs
  - "Hacking"
  - Honeypots
  - Incident-Response
  - PCAP Tools
  - Security

Programming Languages

Python 11 Go 1 JavaScript 1 PHP 1 Shell 1 python 1

awesome-malware-analysis

Online Scanners and Sandboxes

Other Resources

Malware Collection

Anonymizers

Honeypots

Malware Corpora

Open Source Threat Intelligence

Tools

Other Resources

Detection and Classification

Other Resources

Domain Analysis

Other Resources

Browser Malware

Other Resources

Documents and Shellcode

Other Resources

File Carving

Other Resources

Deobfuscation

Other Resources

Debugging and Reverse Engineering

Other Resources

Network

Other Resources

Memory Forensics

Other Resources

Windows Artifacts

Other Resources

Storage and Workflow

Other Resources

Miscellaneous

Other Resources

Books

Other Resources

Other

Other Resources