mirror of
https://github.com/rshipp/awesome-malware-analysis.git
synced 2024-10-01 06:35:40 -04:00
Ryan Shipp
GitHub
commit
67e5c54c59
23
README.md
23
README.md
@ -229,6 +229,8 @@ A curated list of awesome malware analysis tools and resources. Inspired by
|
|||||||
legal concerns by the author.
|
legal concerns by the author.
|
||||||
* [DeepViz](https://www.deepviz.com/) - Multi-format file analyzer with
|
* [DeepViz](https://www.deepviz.com/) - Multi-format file analyzer with
|
||||||
machine-learning classification.
|
machine-learning classification.
|
||||||
|
* [detux](https://github.com/detuxsandbox/detux/) - A sandbox developed to do traffic analysis
|
||||||
|
of Linux malwares and capturing IOCs.
|
||||||
* [Document Analyzer](https://www.document-analyzer.net/) - Free dynamic analysis of DOC and PDF files.
|
* [Document Analyzer](https://www.document-analyzer.net/) - Free dynamic analysis of DOC and PDF files.
|
||||||
* [DRAKVUF](https://github.com/tklengyel/drakvuf) - Dynamic malware analysis
|
* [DRAKVUF](https://github.com/tklengyel/drakvuf) - Dynamic malware analysis
|
||||||
system.
|
system.
|
||||||
@ -247,6 +249,9 @@ A curated list of awesome malware analysis tools and resources. Inspired by
|
|||||||
analysis of malware.
|
analysis of malware.
|
||||||
* [Metadefender.com](https://www.metadefender.com) - Scan a file, hash or IP
|
* [Metadefender.com](https://www.metadefender.com) - Scan a file, hash or IP
|
||||||
address for malware (free)
|
address for malware (free)
|
||||||
|
* [NetworkTotal](https://www.networktotal.com/index.html) - A service that analyzes
|
||||||
|
pcap files and facilitates the quick detection of viruses, worms, trojans, and all
|
||||||
|
kinds of malware using Suricata configured with EmergingThreats Pro.
|
||||||
* [Noriben](https://github.com/Rurik/Noriben) - Uses Sysinternals Procmon to
|
* [Noriben](https://github.com/Rurik/Noriben) - Uses Sysinternals Procmon to
|
||||||
collect information about malware in a sandboxed environment.
|
collect information about malware in a sandboxed environment.
|
||||||
* [PDF Examiner](http://www.pdfexaminer.com/) - Analyse suspicious PDF files.
|
* [PDF Examiner](http://www.pdfexaminer.com/) - Analyse suspicious PDF files.
|
||||||
@ -350,6 +355,9 @@ the [browser malware](#browser-malware) section.*
|
|||||||
the backend-free version of PDF X-RAY.
|
the backend-free version of PDF X-RAY.
|
||||||
* [peepdf](http://eternal-todo.com/tools/peepdf-pdf-analysis-tool) - Python
|
* [peepdf](http://eternal-todo.com/tools/peepdf-pdf-analysis-tool) - Python
|
||||||
tool for exploring possibly malicious PDFs.
|
tool for exploring possibly malicious PDFs.
|
||||||
|
* [QuickSand](https://www.quicksand.io/) - QuickSand is a compact C framework
|
||||||
|
to analyze suspected malware documents to identify exploits in streams of different
|
||||||
|
encodings and to locate and extract embedded executables.
|
||||||
* [Spidermonkey](https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey) -
|
* [Spidermonkey](https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey) -
|
||||||
Mozilla's JavaScript engine, for debugging malicious JS.
|
Mozilla's JavaScript engine, for debugging malicious JS.
|
||||||
|
|
||||||
@ -380,10 +388,15 @@ the [browser malware](#browser-malware) section.*
|
|||||||
& [iheartxor](http://hooked-on-mnemonics.blogspot.com/p/iheartxor.html) -
|
& [iheartxor](http://hooked-on-mnemonics.blogspot.com/p/iheartxor.html) -
|
||||||
Two tools from Alexander Hanel for working with single-byte XOR encoded
|
Two tools from Alexander Hanel for working with single-byte XOR encoded
|
||||||
files.
|
files.
|
||||||
|
* [FLOSS](https://github.com/fireeye/flare-floss) - The FireEye Labs Obfuscated
|
||||||
|
String Solver uses advanced static analysis techniques to automatically
|
||||||
|
deobfuscate strings from malware binaries.
|
||||||
* [NoMoreXOR](https://github.com/hiddenillusion/NoMoreXOR) - Guess a 256 byte
|
* [NoMoreXOR](https://github.com/hiddenillusion/NoMoreXOR) - Guess a 256 byte
|
||||||
XOR key using frequency analysis.
|
XOR key using frequency analysis.
|
||||||
* [PackerAttacker](https://github.com/BromiumLabs/PackerAttacker) - A generic
|
* [PackerAttacker](https://github.com/BromiumLabs/PackerAttacker) - A generic
|
||||||
hidden code extractor for Windows malware.
|
hidden code extractor for Windows malware.
|
||||||
|
* [unpacker](https://github.com/malwaremusings/unpacker/) - Automated malware
|
||||||
|
unpacker for Windows malware based on WinAppDbg.
|
||||||
* [unxor](https://github.com/tomchop/unxor/) - Guess XOR keys using
|
* [unxor](https://github.com/tomchop/unxor/) - Guess XOR keys using
|
||||||
known-plaintext attacks.
|
known-plaintext attacks.
|
||||||
* [VirtualDeobfuscator](https://github.com/jnraber/VirtualDeobfuscator) -
|
* [VirtualDeobfuscator](https://github.com/jnraber/VirtualDeobfuscator) -
|
||||||
@ -401,6 +414,8 @@ the [browser malware](#browser-malware) section.*
|
|||||||
|
|
||||||
* [angr](https://github.com/angr/angr) - Platform-agnostic binary analysis
|
* [angr](https://github.com/angr/angr) - Platform-agnostic binary analysis
|
||||||
framework developed at UCSB's Seclab.
|
framework developed at UCSB's Seclab.
|
||||||
|
* [bamfdetect](https://github.com/bwall/bamfdetect) - Identifies and extracts
|
||||||
|
information from bots and other malware.
|
||||||
* [BARF](https://github.com/programa-stic/barf-project) - Multiplatform, open
|
* [BARF](https://github.com/programa-stic/barf-project) - Multiplatform, open
|
||||||
source Binary Analysis and Reverse engineering Framework.
|
source Binary Analysis and Reverse engineering Framework.
|
||||||
* [binnavi](https://github.com/google/binnavi) - Binary analysis IDE for
|
* [binnavi](https://github.com/google/binnavi) - Binary analysis IDE for
|
||||||
@ -549,13 +564,21 @@ the [browser malware](#browser-malware) section.*
|
|||||||
malware and threat repository.
|
malware and threat repository.
|
||||||
* [Malwarehouse](https://github.com/sroberts/malwarehouse) - Store, tag, and
|
* [Malwarehouse](https://github.com/sroberts/malwarehouse) - Store, tag, and
|
||||||
search malware.
|
search malware.
|
||||||
|
* [Polichombr](https://github.com/ANSSI-FR/polichombr) - A malware analysis
|
||||||
|
platform designed to help analysts to reverse malwares collaboratively.
|
||||||
* [Viper](http://viper.li/) - A binary management and analysis framework for
|
* [Viper](http://viper.li/) - A binary management and analysis framework for
|
||||||
analysts and researchers.
|
analysts and researchers.
|
||||||
|
|
||||||
## Miscellaneous
|
## Miscellaneous
|
||||||
|
|
||||||
|
* [al-khaser](https://github.com/LordNoteworthy/al-khaser) - A PoC malware
|
||||||
|
with good intentions that aimes to stress anti-malware systems.
|
||||||
|
* [Binarly](http://binar.ly/) - Search engine for bytes in a large corpus
|
||||||
|
of malware.
|
||||||
* [DC3-MWCP](https://github.com/Defense-Cyber-Crime-Center/DC3-MWCP) -
|
* [DC3-MWCP](https://github.com/Defense-Cyber-Crime-Center/DC3-MWCP) -
|
||||||
The Defense Cyber Crime Center's Malware Configuration Parser framework.
|
The Defense Cyber Crime Center's Malware Configuration Parser framework.
|
||||||
|
* [MalSploitBase](https://github.com/misterch0c/malSploitBase) - A database
|
||||||
|
containing exploits used by malware.
|
||||||
* [Pafish](https://github.com/a0rtega/pafish) - Paranoid Fish, a demonstration
|
* [Pafish](https://github.com/a0rtega/pafish) - Paranoid Fish, a demonstration
|
||||||
tool that employs several techniques to detect sandboxes and analysis
|
tool that employs several techniques to detect sandboxes and analysis
|
||||||
environments in the same way as malware families do.
|
environments in the same way as malware families do.
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user