Awesome-Mirrors/awesome-malware-analysis
1
0
Fork 0
mirror of https://github.com/rshipp/awesome-malware-analysis.git synced 2024-09-28 17:15:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

added a variety of open resources from InQuest.net

Browse Source
This commit is contained in:
Pedram Amini 2019-11-01 07:47:04 -05:00
parent fc21b92dea
commit 2f7877a607
1 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
README.md
View File

@ -77,6 +77,7 @@ View Chinese translation: [恶意软件分析大合集.md](恶意软件分析大
* [Exploit Database](https://www.exploit-db.com/) - Exploit and shellcode
samples.
* [Infosec - CERT-PA](https://infosec.cert-pa.it/analyze/submission.html) - Malware samples collection and analysis.
* [InQuest Labs](https://labs.inquest.net) - Evergrowing searchable corpus of malicious Microsoft documents.
* [Malpedia](https://malpedia.caad.fkie.fraunhofer.de/) - A resource providing
rapid identification and actionable context for malware investigations.
* [Malshare](https://malshare.com) - Large repository of malware actively
@ -139,7 +140,7 @@ View Chinese translation: [恶意软件分析大合集.md](恶意软件分析大
* [threataggregator](https://github.com/jpsenior/threataggregator) -
Aggregates security threats from a number of sources, including some of
those listed below in [other resources](#other-resources).
* [ThreatConnect](https://threatconnect.com/free/) - TC Open allows you to see and
* [ThreatConnect](https://threatconnect.com/free/) - TC Open allows you to see and
share open source threat data, with support and validation from our free community.
* [ThreatCrowd](https://www.threatcrowd.org/) - A search engine for threats,
with graphical visualization.
@ -175,6 +176,8 @@ View Chinese translation: [恶意软件分析大合集.md](恶意软件分析大
* [HoneyDB](https://riskdiscovery.com/honeydb) - Community driven honeypot sensor data collection and aggregation.
* [hpfeeds](https://github.com/rep/hpfeeds) - Honeypot feed protocol.
* [Infosec - CERT-PA lists](https://infosec.cert-pa.it/analyze/statistics.html) ([IPs](https://infosec.cert-pa.it/analyze/listip.txt) - [Domains](https://infosec.cert-pa.it/analyze/listdomains.txt) - [URLs](https://infosec.cert-pa.it/analyze/listurls.txt)) - Blocklist service.
* [InQuest REPdb](https://labs.inquest.net/repdb) - Continuous aggregation of IOCs from a variety of open reputation sources.
* [InQuest IOCdb](https://labs.inquest.net/iocdb) - Continuous aggregation of IOCs from a variety of blogs, Github repos, and Twitter.
* [Internet Storm Center (DShield)](https://isc.sans.edu/) - Diary and
searchable incident database, with a web [API](https://dshield.org/api/).
([unofficial Python library](https://github.com/rshipp/python-dshield)).
@ -275,7 +278,7 @@ executables.
against multiple mobile antivirus apps.
* [AVCaesar](https://avcaesar.malware.lu/) - Malware.lu online scanner and
malware repository.
* [BoomBox](https://github.com/nbeede/BoomBox) - Automatic deployment of Cuckoo
* [BoomBox](https://github.com/nbeede/BoomBox) - Automatic deployment of Cuckoo
Sandbox malware lab using Packer and Vagrant.
* [Cryptam](http://www.cryptam.com/) - Analyze suspicious office documents.
* [Cuckoo Sandbox](https://cuckoosandbox.org/) - Open source, self hosted
@ -344,7 +347,7 @@ executables.
*Inspect domains and IP addresses.*
* [AbuseIPDB](https://www.abuseipdb.com/) - AbuseIPDB is a project dedicated
to helping combat the spread of hackers, spammers, and abusive activity on the internet.
to helping combat the spread of hackers, spammers, and abusive activity on the internet.
* [badips.com](https://www.badips.com/) - Community based IP blacklist service.
* [boomerang](https://github.com/EmersonElectricCo/boomerang) - A tool designed
for consistent and safe capture of off network web resources.
@ -384,7 +387,7 @@ executables.
or network owner. (Previously SenderBase.)
* [TekDefense Automater](http://www.tekdefense.com/automater/) - OSINT tool
for gathering information about URLs, IPs, or hashes.
* [URLhaus](https://urlhaus.abuse.ch/) - A project from abuse.ch with the goal
* [URLhaus](https://urlhaus.abuse.ch/) - A project from abuse.ch with the goal
of sharing malicious URLs that are being used for malware distribution.
* [URLQuery](http://urlquery.net/) - Free URL Scanner.
* [urlscan.io](https://urlscan.io/) - Free URL Scanner & domain information.
@ -430,6 +433,7 @@ the [browser malware](#browser-malware) section.*
malware, featuring JScript/WScript support and ActiveX emulation.
* [diStorm](http://www.ragestorm.net/distorm/) - Disassembler for analyzing
malicious shellcode.
* [InQuest Deep File Inspection](https://labs.inquest.net/dfi) - Upload common malware lures for Deep File Inspection and heuristical analysis.
* [JS Beautifier](http://jsbeautifier.org/) - JavaScript unpacking and deobfuscation.
* [JS Deobfuscator](http://www.kahusecurity.com/2015/new-javascript-deobfuscator-tool/) -
Deobfuscate simple Javascript that use eval or document.write to conceal
@ -545,7 +549,7 @@ the [browser malware](#browser-malware) section.*
* [GDB](http://www.sourceware.org/gdb/) - The GNU debugger.
* [GEF](https://github.com/hugsy/gef) - GDB Enhanced Features, for exploiters
and reverse engineers.
* [Ghidra](https://github.com/NationalSecurityAgency/ghidra) - A software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate.
* [Ghidra](https://github.com/NationalSecurityAgency/ghidra) - A software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate.
* [hackers-grep](https://github.com/codypierce/hackers-grep) - A utility to
search for strings in PE executables including imports, exports, and debug
symbols.
@ -645,8 +649,8 @@ the [browser malware](#browser-malware) section.*
building a malware lab.
* [Laika BOSS](https://github.com/lmco/laikaboss) - Laika BOSS is a file-centric
malware analysis and intrusion detection system.
* [Malcolm](https://github.com/idaholab/Malcolm) - Malcolm is a powerful, easily
deployable network traffic analysis tool suite for full packet capture artifacts
* [Malcolm](https://github.com/idaholab/Malcolm) - Malcolm is a powerful, easily
deployable network traffic analysis tool suite for full packet capture artifacts
(PCAP files) and Zeek logs.
* [Malcom](https://github.com/tomchop/malcom) - Malware Communications
Analyzer.
@ -772,7 +776,7 @@ the [browser malware](#browser-malware) section.*
* [Learning Malware Analysis](https://www.packtpub.com/networking-and-servers/learning-malware-analysis) - Learning Malware Analysis: Explore the concepts, tools, and techniques to analuze and investigate Windows malware
* [Malware Analyst's Cookbook and DVD](https://amzn.com/dp/0470613033) -
Tools and Techniques for Fighting Malicious Code.
* [Mastering Malware Analysis](https://www.packtpub.com/networking-and-servers/mastering-malware-analysis) - Mastering Malware Analysis: The complete malware analyst's guide to combating malicious software, APT, cybercime, and IoT attacks
* [Mastering Malware Analysis](https://www.packtpub.com/networking-and-servers/mastering-malware-analysis) - Mastering Malware Analysis: The complete malware analyst's guide to combating malicious software, APT, cybercime, and IoT attacks
* [Mastering Reverse Engineering](https://www.packtpub.com/networking-and-servers/mastering-reverse-engineering) - Mastering Reverse Engineering: Re-engineer your ethical hacking skills
* [Practical Malware Analysis](https://amzn.com/dp/1593272901) - The Hands-On
Guide to Dissecting Malicious Software.