awesome-malware-analysis
Defund the Police.
https://github.com/rshipp/awesome-malware-analysis
Last synced: 14 days ago
JSON representation
-
Books
-
Other Resources
- Learning Malware Analysis - Learning Malware Analysis: Explore the concepts, tools, and techniques to analuze and investigate Windows malware
- Malware Analyst's Cookbook and DVD
- Mastering Malware Analysis - Mastering Malware Analysis: The complete malware analyst's guide to combating malicious software, APT, cybercime, and IoT attacks
- Practical Malware Analysis - The Hands-On
- Real Digital Forensics - Computer
- Rootkits and Bootkits - Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats
- The Art of Memory Forensics - Detecting
- The IDA Pro Book - The Unofficial Guide
- The Rootkit Arsenal - The Rootkit Arsenal:
- Practical Reverse Engineering
- Mastering Malware Analysis - Mastering Malware Analysis: The complete malware analyst's guide to combating malicious software, APT, cybercime, and IoT attacks
- Real Digital Forensics - Computer
- Practical Malware Analysis - The Hands-On
- Practical Reverse Engineering
- The Art of Memory Forensics - Detecting
- The Rootkit Arsenal - The Rootkit Arsenal:
- Malware Analyst's Cookbook and DVD
- Practical Reverse Engineering
- The IDA Pro Book - The Unofficial Guide
- Learning Malware Analysis - Learning Malware Analysis: Explore the concepts, tools, and techniques to analuze and investigate Windows malware
- Mastering Malware Analysis - Mastering Malware Analysis: The complete malware analyst's guide to combating malicious software, APT, cybercime, and IoT attacks
- Mastering Reverse Engineering - Mastering Reverse Engineering: Re-engineer your ethical hacking skills
-
-
Browser Malware
-
Other Resources
- Firebug - Firefox extension for web development.
- JSDetox - JavaScript
- SWF Investigator
- swftools - Tools for working with Adobe Flash
- xxxswf - A
- Bytecode Viewer - Combines
- Java IDX Parser - Parses Java
- jsunpack-n - A javascript
- Krakatau - Java decompiler,
- RABCDAsm - A "Robust
- xxxswf - A
- Java IDX Parser - Parses Java
- Malzilla - Analyze malicious web pages.
-
-
Debugging and Reverse Engineering
-
Other Resources
- bamfdetect - Identifies and extracts
- Binary ninja - A reversing engineering platform
- Cutter - GUI for Radare2.
- dotPeek - Free .NET Decompiler and
- Hopper - The macOS and Linux Disassembler.
- Immunity Debugger - Debugger for
- ILSpy - ILSpy is the open-source .NET assembly browser and decompiler.
- ltrace - Dynamic analysis for Linux executables.
- objdump - Part of GNU binutils,
- OllyDbg - An assembly-level debugger for Windows
- OllyDumpEx - Dump memory
- PPEE (puppy) - A Professional PE file Explorer for
- PSTools - Windows
- QKD - QEMU with embedded WinDbg
- RegShot - Registry compare utility
- strace - Dynamic analysis for
- X64dbg - An open-source x64/x32 debugger for windows.
- FPort - Reports
- angr - Platform-agnostic binary analysis
- BAP - Multiplatform and
- BARF - Multiplatform, open
- binnavi - Binary analysis IDE for
- BluePill - Framework for executing and debugging evasive malware and protected executables.
- Capstone - Disassembly framework for
- codebro - Web based code browser using
- dnSpy - .NET assembly editor, decompiler
- Fibratus - Tool for exploration
- GEF - GDB Enhanced Features, for exploiters
- Ghidra - A software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate.
- hackers-grep - A utility to
- IDR - Interactive Delphi Reconstructor
- Immunity Debugger - Debugger for
- ltrace - Dynamic analysis for Linux executables.
- mac-a-mal - An automated framework
- OllyDbg - An assembly-level debugger for Windows
- PANDA - Platform for Architecture-Neutral
- PEDA - Python Exploit Development
- pestudio - Perform static analysis of Windows
- plasma - Interactive
- Pyew - Python tool for malware
- PyREBox - Python scriptable reverse
- ROPMEMU - A framework to analyze, dissect
- Scylla Imports Reconstructor - Find and fix
- ScyllaHide - An Anti-Anti-Debug library
- SMRT - Sublime Malware Research Tool, a
- Udis86 - Disassembler library and tool
- Vivisect - Python tool for
- GDB - The GNU debugger.
- DECAF (Dynamic Executable Code Analysis Framework)
- RetDec - Retargetable machine-code decompiler with an
- StringSifter - A machine learning tool
- Binwalk - Firmware analysis tool.
- online decompilation service
- Process Hacker - Tool that monitors
-
-
Deobfuscation
-
Other Resources
- Balbuzard - A malware
- ex_pe_xor
- iheartxor
- XORBruteForcer
- XORSearch & XORStrings
- ex_pe_xor
- iheartxor
- FLOSS - The FireEye Labs Obfuscated
- NoMoreXOR - Guess a 256 byte
- PackerAttacker - A generic
- PyInstaller Extractor
- un{i}packer - Automatic and
- unpacker - Automated malware
- VirtualDeobfuscator
- xortool - Guess XOR key length, as
- de4dot - .NET deobfuscator and
-
-
Detection and Classification
-
Other Resources
- Assemblyline - A scalable
- ClamAV - Open source antivirus engine.
- Exeinfo PE - Packer, compressor detector, unpack
- Generic File Parser - A Single Library Parser to extract meta information,static analysis and detect macros within the files.
- packerid - A cross-platform
- PE-bear - Reversing tool for PE
- PEV - A multiplatform toolkit to work with PE
- totalhash.py
- TotalHash.cymru.com
- Yara Finder - A simple tool to yara match the file against various yara rules to find the indicators of suspicion.
- AnalyzePE - Wrapper for a
- Assemblyline - A scalable file triage and malware analysis system integrating the cyber security community's best tools..
- BinaryAlert - An open source, serverless
- capa - Detects capabilities in executable files.
- Detect It Easy(DiE) - A program for
- File Scanning Framework
- fn2yara - FN2Yara is a tool to generate
- hashdeep - Compute digest hashes with
- HashCheck - Windows shell extension
- Loki - Host based scanner for IOCs.
- Malfunction - Catalog and
- Manalyze - Static analyzer for PE
- MASTIFF - Static analysis
- MultiScanner - Modular file
- Nauz File Detector(NFD) - Linker/Compiler/Tool detector for Windows, Linux and MacOS.
- nsrllookup - A tool for looking
- packerid - A cross-platform
- PEframe - PEframe is an open source tool to perform static analysis on Portable Executable malware and malicious MS Office documents.
- Quark-Engine - An Obfuscation-Neglect Android Malware Scoring System
- ssdeep - Compute fuzzy hashes.
- YARA - Pattern matching tool for
- Yara rules generator - Generate
- chkrootkit - Local Linux rootkit detection.
- TotalHash.cymru.com
- Rootkit Hunter - Detect Linux rootkits.
-
-
Documents and Shellcode
-
Other Resources
- diStorm - Disassembler for analyzing
- InQuest Deep File Inspection - Upload common malware lures for Deep File Inspection and heuristical analysis.
- libemu - Library and tools for x86 shellcode
- OfficeMalScanner - Scan for
- olevba - A script for parsing OLE
- Origami PDF - A tool for
- PDF Tools - pdfid,
- Spidermonkey
- AnalyzePDF - A tool for
- box-js - A tool for studying JavaScript
- libemu - Library and tools for x86 shellcode
- malpdfobj - Deconstruct malicious PDFs
- OfficeMalScanner - Scan for
- PDF X-Ray Lite - A PDF analysis tool,
- QuickSand - QuickSand is a compact C framework
- olevba - A script for parsing OLE
- olevba - A script for parsing OLE
-
-
Domain Analysis
-
Other Resources
- AbuseIPDB - AbuseIPDB is a project dedicated
- badips.com - Community based IP blacklist service.
- Cymon - Threat intelligence tracker, with IP/domain/hash
- Desenmascara.me - One click tool to retrieve as
- Dig - Free online dig and other
- Multi rbl - Multiple DNS blacklist and forward
- PhishStats - Phishing Statistics with search for
- Spyse - subdomains, whois, realted domains, DNS, hosts AS, SSL/TLS info,
- SecurityTrails - Historical and current WHOIS,
- SpamCop - IP based spam block list.
- SpamHaus - Block list based on
- Sucuri SiteCheck - Free Website Malware
- Talos Intelligence - Search for IP, domain
- TekDefense Automater - OSINT tool
- URLhaus - A project from abuse.ch with the goal
- urlscan.io - Free URL Scanner & domain information.
- Whois - DomainTools free online whois
- Zeltser's List - Free
- ZScalar Zulu - Zulu URL Risk Analyzer.
- Spyse - subdomains, whois, realted domains, DNS, hosts AS, SSL/TLS info,
- boomerang - A tool designed
- dnstwist - Domain name permutation
- IPinfo - Gather information
- Machinae - OSINT tool for
- mailchecker - Cross-language
- MaltegoVT - Maltego transform
- NormShield Services - Free API Services
- TekDefense Automater - OSINT tool
- Multi rbl - Multiple DNS blacklist and forward
- Desenmascara.me - One click tool to retrieve as
- URLQuery - Free URL Scanner.
-
-
File Carving
-
Malware Collection
-
Anonymizers
- Anonymouse.org - A free, web based anonymizer.
- OpenVPN - VPN software and hosting solutions.
- Privoxy - An open source proxy server with some
- Tor - The Onion Router, for browsing the web
-
Categories
Online Scanners and Sandboxes
96
Open Source Threat Intelligence
58
Debugging and Reverse Engineering
54
Malware Collection
37
Other
36
Detection and Classification
35
Domain Analysis
31
Network
23
Books
22
Documents and Shellcode
17
Deobfuscation
16
Memory Forensics
15
Browser Malware
13
Miscellaneous
11
File Carving
8
Storage and Workflow
8
Windows Artifacts
5
Sub Categories
Keywords
malware-analysis
25
security
22
reverse-engineering
18
python
17
malware
15
malware-research
13
awesome
10
awesome-list
8
yara
8
cybersecurity
7
dfir
6
infosec
6
disassembler
6
threat-intelligence
5
honeypot
5
static-analysis
5
binary-analysis
5
threat-hunting
5
malware-detection
4
mips
4
arm
4
security-tools
4
x86
4
linux
3
windows
3
scanner
3
virustotal
3
yara-rules
3
powerpc
3
analysis
3
malwareanalysis
3
antivirus
3
dynamic-analysis
3
debugger
3
list
3
android
3
elf
2
hacktoberfest2023
2
virtual-machine
2
pentest
2
program-analysis
2
detect
2
volatility-framework
2
sparc
2
memory-dump
2
memory-forensics
2
signature
2
volatility
2
forensic-analysis
2
ics
2