Add tools

README.md

@@ -260,10 +260,12 @@ A curated list of awesome malware analysis tools and resources. Inspired by
   much metadata as possible for a website and to assess its good standing.
 * [Dig](http://networking.ringofsaturn.com/) - Free online dig and other
   network tools.
+* [dnstwist](https://github.com/elceef/dnstwist) - Domain name permutation engine for detecting typo squatting, phishing and corporate espionage
 * [IPinfo](https://github.com/hiddenillusion/IPinfo) - Gather information
   about an IP or domain by searching online resources.
 * [Machinae](https://github.com/hurricanelabs/machinae) - OSINT tool for
   gathering information about URLs, IPs, or hashes. Similar to Automator.
+* [mailchecker](https://github.com/FGRibreau/mailchecker) - Cross-language temporary email detection library
 * [MaltegoVT](https://github.com/jiachongzhi/MaltegoVT) - Maltego
   transform for the VirusTotal API. Allows domain/IP research, and searching
   for file hashes and scan reports.
@@ -296,6 +298,7 @@ A curated list of awesome malware analysis tools and resources. Inspired by
   malware analysis tool.
 * [jsunpack-n](https://github.com/urule99/jsunpack-n) - A javascript
   unpacker that emulates browser functionality.
+* [Krakatau](https://github.com/Storyyeller/Krakatau) - Java decompiler, assembler, and disassembler
 * [Malzilla](http://malzilla.sourceforge.net/) - Analyze malicious web pages.
 * [RABCDAsm](https://github.com/CyberShadow/RABCDAsm) - A "Robust
   ActionScript Bytecode Disassembler."
@@ -418,6 +421,7 @@ the [browser malware](#browser-malware) section.*
   Assistance for GDB, an enhanced display with added commands.
 * [pestudio](https://winitor.com/) - Perform static analysis of Windows
   executables.
+* [plasma](https://github.com/joelpx/plasma) - Interactive disassembler for x86/ARM/MIPS
 * [Process Monitor](https://technet.microsoft.com/en-us/sysinternals/bb896645.aspx) -
   Advanced monitoring tool for Windows programs.
 * [Pyew](https://github.com/joxeankoret/pyew) - Python tool for malware
@@ -428,7 +432,7 @@ the [browser malware](#browser-malware) section.*
   plugin for Sublime 3 to aid with malware analyis.
 * [strace](https://sourceforge.net/projects/strace/) - Dynamic analysis for
   Linux executables.
-* [Triton](http://triton.quarkslab.com/) - A dynamic binary analysis (DBA) framework. 
+* [Triton](http://triton.quarkslab.com/) - A dynamic binary analysis (DBA) framework.
 * [Udis86](https://github.com/vmt/udis86) - Disassembler library and tool
   for x86 and x86_64.
 * [Vivisect](https://github.com/vivisect/vivisect) - Python tool for
@@ -449,9 +453,10 @@ the [browser malware](#browser-malware) section.*
 * [Fiddler](http://www.telerik.com/fiddler) - Intercepting web proxy designed
   for "web debugging."
 * [Hale](https://github.com/pjlantz/Hale) - Botnet C&C monitor.
+* [Haka](http://www.haka-security.org/) - Haka is an open source security oriented language which allows to describe protocols and apply security policies on (live) captured traffic
 * [INetSim](http://www.inetsim.org/) - Network service emulation, useful when
   building a malware lab.
-* [Laika BOSS](https://github.com/lmco/laikaboss) - Laika BOSS is a file-centric 
+* [Laika BOSS](https://github.com/lmco/laikaboss) - Laika BOSS is a file-centric
   malware analysis and intrusion detection system.
 * [Malcom](https://github.com/tomchop/malcom) - Malware Communications
   Analyzer.
@@ -481,6 +486,7 @@ the [browser malware](#browser-malware) section.*
 
 * [DAMM](https://github.com/504ensicsLabs/DAMM) - Differential Analysis of
   Malware in Memory, built on Volatility
+* [evolve](https://github.com/JamesHabben/evolve) - Web interface for the Volatility Memory Forensics Framework
 * [FindAES](http://jessekornblum.livejournal.com/269749.html) - Find AES
   encryption keys in memory.
 * [Muninn](https://github.com/ytisf/muninn) - A script to automate portions
@@ -493,6 +499,7 @@ the [browser malware](#browser-malware) section.*
   images before and after malware execution, and report changes.
 * [Volatility](https://github.com/volatilityfoundation/volatility) - Advanced
   memory forensics framework.
+* [VolUtility](https://github.com/kevthehermit/VolUtility) - Web Interface for Volatility Memory Analysis framework
 * [WinDbg](https://msdn.microsoft.com/en-us/windows/hardware/hh852365) - Live
   memory inspection and kernel debugging for Windows systems.
 
@@ -514,6 +521,7 @@ the [browser malware](#browser-malware) section.*
   Pipeline System.
 * [CRITs](https://crits.github.io/) - Collaborative Research Into Threats, a
   malware and threat repository.
+* [Laika BOSS](https://github.com/lmco/laikaboss) - Object Scanning System
 * [Malwarehouse](https://github.com/sroberts/malwarehouse) - Store, tag, and
   search malware.
 * [Viper](http://viper.li/) - A binary management and analysis framework for
@@ -569,6 +577,7 @@ the [browser malware](#browser-malware) section.*
 
 * [APT Notes](https://github.com/kbandla/APTnotes) - A collection of papers
   and notes related to Advanced Persistent Threats.
+* [File Formats posters](https://github.com/corkami/pics) - Nice visualization of commonly used file format (including PE & ELF)
 * [Honeynet Project](http://honeynet.org/) - Honeypot tools, papers, and
   other resources.
 * [Kernel Mode](http://www.kernelmode.info/forum/) - An active community devoted to
@@ -586,6 +595,7 @@ the [browser malware](#browser-malware) section.*
   Institute during Fall 2015.
 * [WindowsIR: Malware](http://windowsir.blogspot.com/p/malware.html) - Harlan
   Carvey's page on Malware.
+* [Windows Registry specification](https://github.com/msuhanov/regf/blob/master/Windows%20registry%20file%20format%20specification.md) - Windows registry file format specification
 * [/r/csirt_tools](https://www.reddit.com/r/csirt_tools/) - Subreddit for CSIRT
   tools and resources, with a
   [malware analysis](https://www.reddit.com/r/csirt_tools/search?q=flair%3A%22Malware%20analysis%22&sort=new&restrict_sr=on) flair.