Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-malware-analysis
https://github.com/Soldie/awesome-malware-analysis
Last synced: about 13 hours ago
JSON representation
-
Malware Collection
-
Honeypots
- Conpot - ICS/SCADA honeypot.
- DemoHunter - Low interaction Distributed Honeypots.
- Dionaea - Honeypot designed to trap malware.
- Glastopf - Web application honeypot.
- Honeytrap - Opensource system for running, monitoring and managing honeypots.
- Mnemosyne - A normalizer for
- Thug - Low interaction honeyclient, for
- Cowrie - SSH honeypot, based
-
Anonymizers
- Anonymouse.org - A free, web based anonymizer.
- OpenVPN - VPN software and hosting solutions.
- Privoxy - An open source proxy server with some
- Tor - The Onion Router, for browsing the web
-
Malware Corpora
- Exploit Database - Exploit and shellcode
- Infosec - CERT-PA - Malware samples collection and analysis.
- Malpedia - A resource providing
- MalwareDB - Malware samples repository.
- Open Malware Project - Sample information and
- Tracker h3x - Agregator for malware corpus tracker
- vduddu malware repo - Collection of
- VirusBay - Community-Based malware repository and social network.
- VirusShare - Malware repository, registration
- Zeltser's Sources - A list
- Clean MX - Realtime
- VX Vault - Active collection of malware samples.
- Malshare - Large repository of malware actively
-
-
Open Source Threat Intelligence
-
Tools
- AlienVault Open Threat Exchange - Share and
- RiskIQ - Research, connect, tag and
- ThreatCrowd - A search engine for threats,
- IntelMQ
-
Other Resources
- Bambenek Consulting Feeds
- Fidelis Barncat
- CI Army - badguys.txt)) -
- Critical Stack- Free Intel Market - Free
- Cybercrime tracker - Multiple botnet active tracker.
- FireHOL IP Lists - Analytics for 350+ IP lists
- HoneyDB - Community driven honeypot sensor data collection and aggregation.
- Infosec - CERT-PA lists - pa.it/analyze/listip.txt) - [Domains](https://infosec.cert-pa.it/analyze/listdomains.txt) - [URLs](https://infosec.cert-pa.it/analyze/listurls.txt)) - Blocklist service.
- Internet Storm Center (DShield) - Diary and
- malc0de - Searchable incident database.
- MetaDefender Threat Intelligence Feed
- Ransomware overview
- MITRE
- ThreatMiner - Data mining portal for threat
- threatRECON - Search for indicators, up to 1000
- ZeuS Tracker - ZeuS
- MAEC - Malware Attribute Enumeration and Characterization
- TAXII - Trusted Automated eXchange of Indicator Information
- Autoshun
-
-
Detection and Classification
-
Other Resources
- Assemblyline - A scalable
- ClamAV - Open source antivirus engine.
- Exeinfo PE - Packer, compressor detector, unpack
- Generic File Parser - A Single Library Parser to extract meta information,static analysis and detect macros within the files.
- packerid - A cross-platform
- PE-bear - Reversing tool for PE
- totalhash.py
- virustotal-falsepositive-detector - A Tool to Analyze Virustotal Reports to Find Potential False Positives based on similarity of Detection Naming.
- Yara Finder - A simple tool to yara match the file against various yara rules to find the indicators of suspicion.
- TotalHash.cymru.com
-
-
Online Scanners and Sandboxes
-
Other Resources
- anlyz.io - Online sandbox.
- any.run - Online interactive sandbox.
- AndroTotal - Free online analysis of APKs
- AVCaesar - Malware.lu online scanner and
- Cuckoo Sandbox - Open source, self hosted
- DeepViz - Multi-format file analyzer with
- firmware.re - Unpacks, scans and analyzes almost any
- Hybrid Analysis - Online malware
- IRMA - An asynchronous and customizable
- Jotti - Free online multi-AV scanner.
- Malware config - Extract, decode and display online
- Malwr - Free analysis with an online Cuckoo Sandbox
- MetaDefender Cloud - Scan a file, hash, IP, URL or
- NetworkTotal - A service that analyzes
- SEKOIA Dropper Analysis - Online dropper analysis (Js, VBScript, Microsoft Office, PDF).
- Zeltser's List - Free
-
-
Domain Analysis
-
Other Resources
- badips.com - Community based IP blacklist service.
- Cymon - Threat intelligence tracker, with IP/domain/hash
- Dig - Free online dig and other
- PhishStats - Phishing Statistics with search for
- SecurityTrails - Historical and current WHOIS,
- SpamCop - IP based spam block list.
- SpamHaus - Block list based on
- Sucuri SiteCheck - Free Website Malware
- Talos Intelligence - Search for IP, domain
- urlscan.io - Free URL Scanner & domain information.
- Whois - DomainTools free online whois
- Zeltser's List - Free
- ZScalar Zulu - Zulu URL Risk Analyzer.
-
-
Browser Malware
-
Other Resources
- Firebug - Firefox extension for web development.
- JSDetox - JavaScript
- SWF Investigator
- swftools - Tools for working with Adobe Flash
- xxxswf - A
-
-
Documents and Shellcode
-
Other Resources
- diStorm - Disassembler for analyzing
- JS Deobfuscator
- libemu - Library and tools for x86 shellcode
- OfficeMalScanner - Scan for
- olevba - A script for parsing OLE
- Origami PDF - A tool for
- PDF Tools - pdfid,
- QuickSand - QuickSand is a compact C framework
- Spidermonkey
-
-
Deobfuscation
-
Other Resources
- Balbuzard - A malware
- ex_pe_xor
- iheartxor
- XORSearch & XORStrings
-
-
Debugging and Reverse Engineering
-
Other Resources
- bamfdetect - Identifies and extracts
- Binary ninja - A reversing engineering platform
- Cutter - GUI for Radare2.
- dotPeek - Free .NET Decompiler and
- Hopper - The macOS and Linux Disassembler.
- IDA Pro - Windows
- Immunity Debugger - Debugger for
- ILSpy - ILSpy is the open-source .NET assembly browser and decompiler.
- Kaitai Struct - DSL for file formats / network protocols /
- ltrace - Dynamic analysis for Linux executables.
- objdump - Part of GNU binutils,
- OllyDbg - An assembly-level debugger for Windows
- PPEE (puppy) - A Professional PE file Explorer for
- RegShot - Registry compare utility
- strace - Dynamic analysis for
- FPort - Reports
-
-
Network
-
Memory Forensics
-
Other Resources
- BlackLight - Windows/MacOS
- FindAES - Find AES
- Rekall - Memory analysis framework,
-
-
Windows Artifacts
-
Other Resources
- python-registry - Python
- RegRipper
- GitHub
-
-
Storage and Workflow
-
Miscellaneous
-
Other Resources
- Malware Museum - Collection of
- Malware Organiser - A simple tool to organise large malicious/benign files into a organised Structure.
- REMnux - Linux distribution and docker images for
- Santoku Linux - Linux distribution for mobile
-
-
Twitter
-
Other
-
Other Resources
- Malicious Software - Malware
- Malware Analysis, Threat Intelligence and Reverse Engineering
- Practical Malware Analysis Starter Kit
- WindowsIR: Malware - Harlan
- Windows Registry specification
- /r/csirt_tools - Subreddit for CSIRT
- malware analysis
- /r/Malware - The malware subreddit.
- /r/ReverseEngineering
- Android Security
- AppSec
- CTFs
- "Hacking"
- Honeypots
- Incident-Response
- PCAP Tools
- Security
-
-
Books
-
Other Resources
- Malware Analyst's Cookbook and DVD
- Real Digital Forensics - Computer
- The Art of Memory Forensics - Detecting
-
Categories
Malware Collection
25
Open Source Threat Intelligence
23
Other
17
Twitter
16
Debugging and Reverse Engineering
16
Online Scanners and Sandboxes
16
Domain Analysis
13
Detection and Classification
10
Documents and Shellcode
9
Browser Malware
5
Miscellaneous
4
Deobfuscation
4
Network
4
Books
3
Memory Forensics
3
Windows Artifacts
3
Storage and Workflow
2
Sub Categories
Keywords
security
10
honeypot
6
awesome
5
awesome-list
4
list
3
python
3
malware-analysis
2
security-tools
2
deception
2
static-analysis
1
zip
1
malware
1
reverse-engineering
1
rar
1
pe-executable
1
pdf-parsing
1
office-files
1
mime
1
malware-analyzer
1
machine-learning
1
libmagic
1
dynamic-analysis
1
virustotal
1
shellcode
1
low-interaction
1
honeyclient
1
client-honeypot
1
framework
1
dionaea
1
distributed
1
scada
1
ics
1
threatintel
1
threat-sharing
1
threat-analysis
1
telnet-honeypot
1
telnet
1
ssh
1
sftp
1
scp
1
kippo
1
decoy
1
cowrie-ssh
1
cowrie
1
attacker
1
incident-response-tooling
1
incident-response
1
dfir
1
cybersecurity
1
honeyd
1