awesome-malware-analysis/README.md

# Awesome Malware Analysis

A curated list of awesome malware analysis tools and resources. Inspired by
[awesome-python](https://github.com/vinta/awesome-python) and
[awesome-php](https://github.com/ziadoz/awesome-php).

- [Awesome Malware Analysis](#awesome-malware-analysis)
    - [Malware Collection](#malware-collection)
        - [Anonymizers](#anonymizers)
        - [Honeypots](#honeypots)
        - [Malware Corpora](#malware-corpora)
    - [Detection and Classification](#detection-and-classification)
    - [Online Scanners and Sandboxes](#online-scanners-and-sandboxes)
    - [Domain Analysis](#domain-analysis)
    - [Documents and Shellcode](#documents-and-shellcode)
    - [Memory Forensics](#memory-forensics)
    - [Miscellaneous](#miscellaneous)
- [Resources](#resources)
    - [Books](#books)
    - [Twitter](#twitter)
    - [Other](#other)
- [Related Awesome Lists](#related-awesome-lists)
- [Contributing](#contributing)

---

## Malware Collection

### Anonymizers

*Web traffic anonymizers for analysts.*

* [Anonymouse.org](http://anonymouse.org/) - A free, web based anonymizer.
* [OpenVPN](https://openvpn.net/) - VPN software and hosting solutions.
* [Privoxy](http://www.privoxy.org/) - An open source proxy server with some
  privacy features.
* [Tor](https://www.torproject.org/) - The Onion Router, for browsing the web
  without leaving traces of the client IP.

### Honeypots

*Trap and collect your own samples.*

### Malware Corpora

*Malware samples collected for analysis.*

* [Clean MX](http://support.clean-mx.de/clean-mx/viruses.php) - Realtime
  database of malware and malicious domains.
* [Contagio](http://contagiodump.blogspot.com/) - A collection of recent
  malware samples and analyses.
* [Exploit Database](https://www.exploit-db.com/) - Exploit and shellcode
  samples.
* [Zeltser's Sources](https://zeltser.com/malware-sample-sources/) - A list
  of malware sample sources put together by Lenny Zeltser.

## Detection and Classification

*Antivirus and other malware identification tools*

* [AnalyzePE](https://github.com/hiddenillusion/AnalyzePE) - Wrapper for a
  variety of tools for reporting on Windows PE files.
* [ClamAV](http://www.clamav.net/index.html) - Open source antivirus engine.
* [YARA](https://plusvic.github.io/yara/) - Pattern matching tool for
  analysts.

## Online Scanners and Sandboxes

* [Cuckoo Sandbox](http://cuckoosandbox.org/) - Open source, self hosted
  sandbox and automated analysis system.
* [Jotti]() - Free online multi-AV scanner.
* [Malwr]() - Free analysis with an online Cuckoo Sandbox instance.
* [VirusTotal](https://www.virustotal.com/) - Free online analysis of malware
  samples and URLs
* [Zeltser's List](https://zeltser.com/automated-malware-analysis/) - Free
  automated sandboxes and services, compiled by Lenny Zeltser.

## Domain Analysis

*Inspect domains and IP addresses.*

* [Dig](http://networking.ringofsaturn.com/) - Free online dig and other
  network tools.
* [IPinfo](https://github.com/hiddenillusion/IPinfo) - Gather information
  about an IP or domain by searching online resources.
* [Whois](http://whois.domaintools.com/) - DomainTools free online whois
  search.
* [Zeltser's List](https://zeltser.com/lookup-malicious-websites/) - Free
  online tools for researching malicious websites, compiled by Lenny Zeltser.

## Documents and Shellcode

* [AnalyzePDF](https://github.com/hiddenillusion/AnalyzePDF) - A tool for
  analyzing PDFs and attempting to determine whether they are malicious.
* [JSDetox](http://www.relentless-coding.com/projects/jsdetox/) - JavaScript
  malware analysis tool.
* [jsunpack-n](https://code.google.com/p/jsunpack-n/) - A javascript
  unpacker that emulates browser functionality.
* [PDF Tools](http://blog.didierstevens.com/programs/pdf-tools/) - pdfid,
  pdf-parser, and more from Didier Stevens.
* [Spidermonkey](https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey) -
  Mozilla's JavaScript engine, for debugging malicious JS.
* [diStorm](http://www.ragestorm.net/distorm/) - Disassembler for analyzing
  malicious shellcode.

## Memory Forensics

*Tools for dissecting malware in memory images or running systems.*

* [FindAES](https://jessekornblum.livejournal.com/269749.html) - Find AES
  encryption keys in memory.
* [Rekall](http://www.rekall-forensic.com/) - Memory analysis framework,
  forked from Volatility in 2013.
* [TotalRecall](https://github.com/sketchymoose/TotalRecall) - Script based
  on Volatility for automating various malware analysis tasks.
* [Volatility](https://github.com/volatilityfoundation/volatility) - Advanced
  memory forensics framework.
* [WinDbg](https://msdn.microsoft.com/en-us/windows/hardware/hh852365) - Live
  memory inspection and kernel debugging for Windows systems.

## Miscellaneous

* [REMnux](https://remnux.org/) - Linux distribution and docker images for
  malware reverse engineering and analysis.

# Resources

## Books

## Twitter

## Other

* [Malicious Software](https://zeltser.com/malicious-software/) - Malware
  blog and resources by Lenny Zeltser.
* [/r/Malware](https://www.reddit.com/r/Malware) - The malware subreddit.
* [/r/ReverseEngineering](https://www.reddit.com/r/ReverseEngineering) -
  Reverse engineering subreddit, not limited to just malware.

# Related Awesome Lists

* [Android Security](https://github.com/ashishb/android-security-awesome)
* [Pentesting](https://github.com/enaqx/awesome-pentest)
* [Security](https://github.com/sbilly/awesome-security)

# [Contributing](CONTRIBUTING.md)

Pull requests and issues with suggestions are welcome!