Merge pull request #211 from knowmalware/additions

Add several tools
This commit is contained in:
Ryan Shipp 2020-08-23 22:31:20 -05:00 committed by GitHub
commit 577019c73a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -238,6 +238,8 @@ View Chinese translation: [恶意软件分析大合集.md](恶意软件分析大
edit file metadata. edit file metadata.
* [File Scanning Framework](https://github.com/EmersonElectricCo/fsf) - * [File Scanning Framework](https://github.com/EmersonElectricCo/fsf) -
Modular, recursive file scanning solution. Modular, recursive file scanning solution.
* [fn2yara](https://github.com/cmu-sei/pharos) - FN2Yara is a tool to generate
Yara signatures for matching functions (code) in an executable program.
* [Generic File Parser](https://github.com/uppusaikiran/generic-parser) - A Single Library Parser to extract meta information,static analysis and detect macros within the files. * [Generic File Parser](https://github.com/uppusaikiran/generic-parser) - A Single Library Parser to extract meta information,static analysis and detect macros within the files.
* [hashdeep](https://github.com/jessek/hashdeep) - Compute digest hashes with * [hashdeep](https://github.com/jessek/hashdeep) - Compute digest hashes with
a variety of algorithms. a variety of algorithms.
@ -413,6 +415,9 @@ executables.
*Analyze malicious URLs. See also the [domain analysis](#domain-analysis) and *Analyze malicious URLs. See also the [domain analysis](#domain-analysis) and
[documents and shellcode](#documents-and-shellcode) sections.* [documents and shellcode](#documents-and-shellcode) sections.*
* [Bytecode Viewer](https://github.com/Konloch/bytecode-viewer) - Combines
multiple Java bytecode viewers and decompilers into one tool, including
APK/DEX support.
* [Firebug](https://getfirebug.com/) - Firefox extension for web development. * [Firebug](https://getfirebug.com/) - Firefox extension for web development.
* [Java Decompiler](http://jd.benow.ca/) - Decompile and inspect Java apps. * [Java Decompiler](http://jd.benow.ca/) - Decompile and inspect Java apps.
* [Java IDX Parser](https://github.com/Rurik/Java_IDX_Parser/) - Parses Java * [Java IDX Parser](https://github.com/Rurik/Java_IDX_Parser/) - Parses Java
@ -504,6 +509,14 @@ the [browser malware](#browser-malware) section.*
XOR key using frequency analysis. XOR key using frequency analysis.
* [PackerAttacker](https://github.com/BromiumLabs/PackerAttacker) - A generic * [PackerAttacker](https://github.com/BromiumLabs/PackerAttacker) - A generic
hidden code extractor for Windows malware. hidden code extractor for Windows malware.
* [PyInstaller Extractor](https://github.com/extremecoders-re/pyinstxtractor) -
A Python script to extract the contents of a PyInstaller generated Windows
executable file. The contents of the pyz file (usually pyc files) present
inside the executable are also extracted and automatically fixed so that a
Python bytecode decompiler will recognize it.
* [uncompyle6](https://github.com/rocky/python-uncompyle6/) - A cross-version
Python bytecode decompiler. Translates Python bytecode back into equivalent
Python source code.
* [un{i}packer](https://github.com/unipacker/unipacker) - Automatic and * [un{i}packer](https://github.com/unipacker/unipacker) - Automatic and
platform-independent unpacker for Windows binaries based on emulation. platform-independent unpacker for Windows binaries based on emulation.
* [unpacker](https://github.com/malwaremusings/unpacker/) - Automated malware * [unpacker](https://github.com/malwaremusings/unpacker/) - Automated malware
@ -582,6 +595,9 @@ the [browser malware](#browser-malware) section.*
for static analysis of Linux binaries. for static analysis of Linux binaries.
* [OllyDbg](http://www.ollydbg.de/) - An assembly-level debugger for Windows * [OllyDbg](http://www.ollydbg.de/) - An assembly-level debugger for Windows
executables. executables.
* [OllyDumpEx](https://low-priority.appspot.com/ollydumpex/) - Dump memory
from (unpacked) malware Windows process and store raw or rebuild PE file.
This is a plugin for OllyDbg, Immunity Debugger, IDA Pro, WinDbg, and x64dbg.
* [PANDA](https://github.com/moyix/panda) - Platform for Architecture-Neutral * [PANDA](https://github.com/moyix/panda) - Platform for Architecture-Neutral
Dynamic Analysis. Dynamic Analysis.
* [PEDA](https://github.com/longld/peda) - Python Exploit Development * [PEDA](https://github.com/longld/peda) - Python Exploit Development
@ -618,6 +634,10 @@ the [browser malware](#browser-malware) section.*
[API](https://retdec.com/api/) that you can use in your tools. [API](https://retdec.com/api/) that you can use in your tools.
* [ROPMEMU](https://github.com/Cisco-Talos/ROPMEMU) - A framework to analyze, dissect * [ROPMEMU](https://github.com/Cisco-Talos/ROPMEMU) - A framework to analyze, dissect
and decompile complex code-reuse attacks. and decompile complex code-reuse attacks.
* [Scylla Imports Reconstructor](https://github.com/NtQuery/Scylla) - Find and fix
the IAT of an unpacked / dumped PE32 malware.
* [ScyllaHide](https://github.com/x64dbg/ScyllaHide) - An Anti-Anti-Debug library
and plugin for OllyDbg, x64dbg, IDA Pro, and TitanEngine.
* [SMRT](https://github.com/pidydx/SMRT) - Sublime Malware Research Tool, a * [SMRT](https://github.com/pidydx/SMRT) - Sublime Malware Research Tool, a
plugin for Sublime 3 to aid with malware analyis. plugin for Sublime 3 to aid with malware analyis.
* [strace](https://sourceforge.net/projects/strace/) - Dynamic analysis for * [strace](https://sourceforge.net/projects/strace/) - Dynamic analysis for