Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

Projects in Awesome Lists tagged with malware-analysis

A curated list of projects in awesome lists tagged with malware-analysis .

https://github.com/radareorg/radare2

UNIX-like reverse engineering framework and command-line toolset

binary-analysis c commandline disassembler forensics hacktoberfest malware-analysis radare2 reverse-engineering security

Last synced: 16 Dec 2025

https://github.com/mobsf/mobile-security-framework-mobsf

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

android-security api-testing apk cwe devsecops dynamic-analysis ios-security malware-analysis mastg masvs mobile-security mobsf mstg owasp rest runtime-security static-analysis web-security windows-mobile-security

Last synced: 09 Sep 2025

https://github.com/MobSF/Mobile-Security-Framework-MobSF

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

android-security api-testing apk cwe devsecops dynamic-analysis ios-security malware-analysis mastg masvs mobile-security mobsf mstg owasp rest runtime-security static-analysis web-security windows-mobile-security

Last synced: 19 Mar 2025

https://github.com/ytisf/thezoo

A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.

malware malware-analysis malware-research malware-samples malwareanalysis thezoo

Last synced: 14 May 2025

https://github.com/ytisf/theZoo

A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.

malware malware-analysis malware-research malware-samples malwareanalysis thezoo

Last synced: 24 Mar 2025

https://github.com/hugsy/gef

GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux

binary-ninja ctf debugging discord exploit exploit-development gdb gef ida-pro linux malware-analysis mips powerpc pwn pwntools python python-api reverse-engineering sparc

Last synced: 07 May 2025

https://github.com/mandiant/flare-vm

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

flare malware-analysis reverse-engineering

Last synced: 12 May 2025

https://hugsy.github.io/gef/

GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux

binary-ninja ctf debugging discord exploit exploit-development gdb gef ida-pro linux malware-analysis mips powerpc pwn pwntools python python-api reverse-engineering sparc

Last synced: 11 May 2025

https://github.com/bee-san/pywhat

🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙‍♀️

cyber cybersecurity hacking hacktoberfest malware malware-analysis malware-research pcap python re security tryhackme

Last synced: 13 May 2025

https://github.com/bee-san/pyWhat

🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙‍♀️

cyber cybersecurity hacking hacktoberfest malware malware-analysis malware-research pcap python re security tryhackme

Last synced: 17 Mar 2025

https://github.com/mandiant/capa

The FLARE team's open-source tool to identify capabilities in executable files.

binary-analysis gsoc-2025 malware-analysis reverse-engineering threat-intelligence

Last synced: 14 May 2025

https://github.com/fireeye/capa

The FLARE team's open-source tool to identify capabilities in executable files.

binary-analysis gsoc-2025 malware-analysis reverse-engineering threat-intelligence

Last synced: 02 May 2025

https://github.com/mentebinaria/retoolkit

Reverse Engineer's Toolkit

malware-analysis reverse-engineering windows

Last synced: 14 May 2025

https://github.com/charles2gan/gda-android-reversing-tool

the fastest and most powerful android decompiler(native tool working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, data decryption, and encryption, etc.

decompiler malware-analysis mobile-security privacy-protection security-audit vulnerability-scanners

Last synced: 14 May 2025

https://github.com/charles2gan/GDA-android-reversing-Tool

the fastest and most powerful android decompiler(native tool working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, data decryption, and encryption, etc.

decompiler malware-analysis mobile-security privacy-protection security-audit vulnerability-scanners

Last synced: 24 Mar 2025

https://github.com/a0rtega/pafish

Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do

analysis-environments malware malware-analysis malware-families malware-research rdtsc reverse-engineering sandbox virtual-machine

Last synced: 10 Apr 2025

https://github.com/mandiant/flare-floss

FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.

deobfuscation flare gsoc-2025 malware malware-analysis strings

Last synced: 12 May 2025

https://github.com/hasherezade/pe-sieve

Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).

anti-malware hooking libpeconv malware-analysis memory-forensics pe-analyzer pe-dumper pe-format pe-sieve process-analyzer scans

Last synced: 13 May 2025

https://github.com/alexandreborges/malwoverview

Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest, VxExchange and IPInfo, and it is also able to scan Android devices against VT.

alienvault cybersecurity malpedia malshare malware malware-analysis malwarebazaar threat-hunting threatfox threathunting threatintelligence triage urlhaus virustotal

Last synced: 16 May 2025

https://github.com/decalage2/oletools

oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.

compound forensics macros malware-analysis ms-office-documents ole-files olefile parser pyparsing python python-library rtf security vba

Last synced: 14 May 2025

https://github.com/hasherezade/pe-bear

Portable Executable reversing tool with a friendly GUI

bearparser malware-analysis multiplatform pe-analyzer pe-analyzer-gui pe-editor pe-file pe-format

Last synced: 14 May 2025

https://github.com/rednaga/apkid

Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android

android android-protect-apps android-protection antivirus appshielding machine-learning malware-analysis malware-detection malware-research obfuscation packers rasp yara yara-forensics

Last synced: 13 May 2025

https://github.com/hasherezade/hollows_hunter

Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

anti-malware malware-analysis malware-detection memory-forensics pe-sieve

Last synced: 14 May 2025

https://github.com/rednaga/APKiD

Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android

android android-protect-apps android-protection antivirus appshielding machine-learning malware-analysis malware-detection malware-research packers rasp yara yara-forensics

Last synced: 12 Jul 2025

https://github.com/hasherezade/malware_training_vol1

Materials for Windows Malware Analysis training (volume 1)

malware-analysis malware-research windows-malware-analysis

Last synced: 15 May 2025

https://github.com/jkornev/hidden

🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc

driver kernel malware-analysis rce registry rootkit security windows

Last synced: 15 May 2025

https://github.com/mandiant/flare-fakenet-ng

FakeNet-NG - Next Generation Dynamic Network Analysis Tool

fakenet-ng gsoc-2025 malware-analysis mandiant-flare traffic-redirection

Last synced: 11 Apr 2025

https://github.com/neo23x0/yargen

yarGen is a generator for YARA rules

malware malware-analysis malware-research malwareanalysis python yara

Last synced: 15 May 2025

https://github.com/mandiant/speakeasy

Windows kernel and user mode emulation.

emulation gsoc-2025 malware-analysis

Last synced: 14 May 2025

https://github.com/Neo23x0/yarGen

yarGen is a generator for YARA rules

malware malware-analysis malware-research malwareanalysis python yara

Last synced: 05 May 2025

https://github.com/tomchop/malcom

Malcom - Malware Communications Analyzer

dfir infosec malware malware-analysis network-traffic pcap threat-intelligence

Last synced: 16 May 2025

https://github.com/ergrelet/unlicense

Dynamic unpacker and import fixer for Themida/WinLicense 2.x and 3.x.

dotnet-assembly dump frida malware-analysis malware-unpacker portable-executable python scylla themida unpacker windows winlicense

Last synced: 16 May 2025

https://github.com/tklengyel/drakvuf

DRAKVUF Black-box Binary Analysis

introspection malware-analysis virtualization xen

Last synced: 14 May 2025

https://github.com/kasperskylab/hrtng

IDA Pro plugin with a rich set of features: decryption, deobfuscation, patching, lib code recognition and various pseudocode transformations

binary-analysis decryption deobfuscation hexrays ida ida-plugin ida-pro ida-pro-plugin idapro malware-analysis pattern-matching reverse-engineering

Last synced: 15 May 2025

https://github.com/decalage2/vipermonkey

A VBA parser and emulation engine to analyze malicious macros.

emulation macros malware-analysis parser pyparsing python security vba

Last synced: 16 May 2025

https://github.com/decalage2/ViperMonkey

A VBA parser and emulation engine to analyze malicious macros.

emulation macros malware-analysis parser pyparsing python security vba

Last synced: 02 Sep 2025

https://github.com/CERT-Polska/drakvuf-sandbox

DRAKVUF Sandbox - automated hypervisor-level malware analysis system

malware malware-analysis malware-research reverse-engineering sandbox

Last synced: 20 Apr 2025

https://github.com/gosecure/malboxes

Builds malware analysis Windows VMs so that you don't have to.

hacktoberfest malware-analysis malware-research packer python3 vagrant virtual-machine

Last synced: 16 May 2025

https://github.com/GoSecure/malboxes

Builds malware analysis Windows VMs so that you don't have to.

hacktoberfest malware-analysis malware-research packer python3 vagrant virtual-machine

Last synced: 19 Jul 2025

https://github.com/washi1337/asmresolver

A library for creating, reading and editing PE files and .NET modules.

assembler cil disassembler dotnet il malware-analysis msil parser pe portable-executable reader reverse-engineering writer

Last synced: 16 May 2025

https://github.com/cisagov/thorium

A scalable file analysis and data generation platform that allows users to easily orchestrate arbitrary docker/vm/shell tools at scale.

docker kubernetes malware-analysis rust rust-lang scalability

Last synced: 14 Oct 2025

https://github.com/InQuest/malware-samples

A collection of malware samples and relevant dissection information, most probably referenced from http://blog.inquest.net

malware malware-analysis malware-research malware-samples

Last synced: 14 Apr 2025

https://github.com/inquest/malware-samples

A collection of malware samples and relevant dissection information, most probably referenced from http://blog.inquest.net

malware malware-analysis malware-research malware-samples

Last synced: 13 May 2025

https://github.com/7etsuo/windows-api-function-cheatsheets

A reference of Windows API function calls, including functions for file operations, process management, memory management, thread management, dynamic-link library (DLL) management, synchronization, interprocess communication, Unicode string manipulation, error handling, Winsock networking operations, and registry operations.

cheatsheet malware-analysis malware-research reverse-engineering syscalls systems-programming win32-api windows windows-10 windows-11 windows-api windows-internals

Last synced: 02 Oct 2025

https://github.com/mrexodia/dumpulator

An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in general (sandboxing).

cross-platform debugging-tools easy-to-use emulator hacktoberfest malware malware-analysis malware-analyzer malware-research minidump python python3 reverse-engineering sandbox unicorn unpacking windows windows-internals x64

Last synced: 15 May 2025

https://github.com/HackOvert/AntiDBG

A bunch of Windows anti-debugging tricks for x86 and x64.

anti-debugging malware-analysis reverse-engineering

Last synced: 04 Apr 2025

https://github.com/qeeqbox/honeypots

30 different honeypots in one package! (dhcp, dns, elastic, ftp, http proxy, https proxy, http, https, imap, ipp, irc, ldap, memcache, mssql, mysql, ntp, oracle, pjl, pop3, postgres, rdp, redis, sip, smb, smtp, snmp, socks5, ssh, telnet, vnc)

credentials emulator honeypot honeypots malware-analysis monitoring-tool network-analysis pypi pypi-package python twisted

Last synced: 14 May 2025

https://github.com/tencent/habomalhunter

HaboMalHunter is a sub-project of Habo Malware Analysis System (https://habo.qq.com), which can be used for automated malware analysis and security assessment on the Linux system.

dynamic-analysis elf linux malware-analysis security static-analysis

Last synced: 12 Apr 2025

https://github.com/Tencent/HaboMalHunter

HaboMalHunter is a sub-project of Habo Malware Analysis System (https://habo.qq.com), which can be used for automated malware analysis and security assessment on the Linux system.

dynamic-analysis elf linux malware-analysis security static-analysis

Last synced: 11 Jul 2025

https://github.com/indetectables-net/toolkit

The essential toolkit for reversing, malware analysis, and cracking

cracking infosec infosec-reference malware-analysis reverse-engineering

Last synced: 02 Aug 2025

https://github.com/secrary/makin

makin - reveal anti-debugging and anti-VM tricks [This project is not maintained anymore]

capstone debugging hooks malware-analysis reverse-engineering

Last synced: 09 Jul 2025

https://github.com/wecooperate/iMonitor

iMonitor(冰镜 - 终端行为分析系统)

edr malware-analysis open-procmon procmon reverse-engineering systemmonitor

Last synced: 21 Jul 2025

https://github.com/mandiant/stringsifter

A machine learning tool that ranks strings based on their relevance for malware analysis.

fireeye-data-science fireeye-flare learning-to-rank machine-learning malware-analysis reverse-engineering strings

Last synced: 15 May 2025

https://github.com/nsmfoo/antivmdetection

Script to create templates to use with VirtualBox to make vm detection harder

antivm malware-analysis sandbox virtualbox

Last synced: 02 Apr 2025

https://github.com/ossillate-inc/packj

Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain

developer-tools devops devops-tools devsecops dynamic-analysis malware malware-analysis npm pypi python rubygems sandboxing security security-audit security-tools static-analysis supply-chain supply-chain-security vulnerability vulnerability-scanners

Last synced: 07 May 2025

https://github.com/jstrosch/learning-malware-analysis

This repository contains sample programs that mimick behavior found in real-world malware. The goal is to provide source code that can be compiled and used for learning purposes, without having to worry about handling live malware.

c learning malware-analysis reverse-engineering windows-api

Last synced: 04 Apr 2025

https://github.com/secana/penet

Portable Executable (PE) library written in .Net

imphash import-hash malware-analysis pe pe-header pefile portable-executable windows

Last synced: 14 May 2025

https://github.com/0x27/linux.mirai

Leaked Linux.Mirai Source Code for Research/IoC Development Purposes

botnet ioc ioc-development iot leak linux malware malware-analysis malware-development malware-research mirai mirai-source

Last synced: 15 Dec 2025