mirror of
https://github.com/rshipp/awesome-malware-analysis.git
synced 2024-10-01 06:35:40 -04:00
Ryan Shipp
GitHub
commit
67e5c54c59
23
README.md
23
README.md
@ -229,6 +229,8 @@ A curated list of awesome malware analysis tools and resources. Inspired by
|
||||
legal concerns by the author.
|
||||
* [DeepViz](https://www.deepviz.com/) - Multi-format file analyzer with
|
||||
machine-learning classification.
|
||||
* [detux](https://github.com/detuxsandbox/detux/) - A sandbox developed to do traffic analysis
|
||||
of Linux malwares and capturing IOCs.
|
||||
* [Document Analyzer](https://www.document-analyzer.net/) - Free dynamic analysis of DOC and PDF files.
|
||||
* [DRAKVUF](https://github.com/tklengyel/drakvuf) - Dynamic malware analysis
|
||||
system.
|
||||
@ -247,6 +249,9 @@ A curated list of awesome malware analysis tools and resources. Inspired by
|
||||
analysis of malware.
|
||||
* [Metadefender.com](https://www.metadefender.com) - Scan a file, hash or IP
|
||||
address for malware (free)
|
||||
* [NetworkTotal](https://www.networktotal.com/index.html) - A service that analyzes
|
||||
pcap files and facilitates the quick detection of viruses, worms, trojans, and all
|
||||
kinds of malware using Suricata configured with EmergingThreats Pro.
|
||||
* [Noriben](https://github.com/Rurik/Noriben) - Uses Sysinternals Procmon to
|
||||
collect information about malware in a sandboxed environment.
|
||||
* [PDF Examiner](http://www.pdfexaminer.com/) - Analyse suspicious PDF files.
|
||||
@ -350,6 +355,9 @@ the [browser malware](#browser-malware) section.*
|
||||
the backend-free version of PDF X-RAY.
|
||||
* [peepdf](http://eternal-todo.com/tools/peepdf-pdf-analysis-tool) - Python
|
||||
tool for exploring possibly malicious PDFs.
|
||||
* [QuickSand](https://www.quicksand.io/) - QuickSand is a compact C framework
|
||||
to analyze suspected malware documents to identify exploits in streams of different
|
||||
encodings and to locate and extract embedded executables.
|
||||
* [Spidermonkey](https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey) -
|
||||
Mozilla's JavaScript engine, for debugging malicious JS.
|
||||
|
||||
@ -380,10 +388,15 @@ the [browser malware](#browser-malware) section.*
|
||||
& [iheartxor](http://hooked-on-mnemonics.blogspot.com/p/iheartxor.html) -
|
||||
Two tools from Alexander Hanel for working with single-byte XOR encoded
|
||||
files.
|
||||
* [FLOSS](https://github.com/fireeye/flare-floss) - The FireEye Labs Obfuscated
|
||||
String Solver uses advanced static analysis techniques to automatically
|
||||
deobfuscate strings from malware binaries.
|
||||
* [NoMoreXOR](https://github.com/hiddenillusion/NoMoreXOR) - Guess a 256 byte
|
||||
XOR key using frequency analysis.
|
||||
* [PackerAttacker](https://github.com/BromiumLabs/PackerAttacker) - A generic
|
||||
hidden code extractor for Windows malware.
|
||||
* [unpacker](https://github.com/malwaremusings/unpacker/) - Automated malware
|
||||
unpacker for Windows malware based on WinAppDbg.
|
||||
* [unxor](https://github.com/tomchop/unxor/) - Guess XOR keys using
|
||||
known-plaintext attacks.
|
||||
* [VirtualDeobfuscator](https://github.com/jnraber/VirtualDeobfuscator) -
|
||||
@ -401,6 +414,8 @@ the [browser malware](#browser-malware) section.*
|
||||
|
||||
* [angr](https://github.com/angr/angr) - Platform-agnostic binary analysis
|
||||
framework developed at UCSB's Seclab.
|
||||
* [bamfdetect](https://github.com/bwall/bamfdetect) - Identifies and extracts
|
||||
information from bots and other malware.
|
||||
* [BARF](https://github.com/programa-stic/barf-project) - Multiplatform, open
|
||||
source Binary Analysis and Reverse engineering Framework.
|
||||
* [binnavi](https://github.com/google/binnavi) - Binary analysis IDE for
|
||||
@ -549,13 +564,21 @@ the [browser malware](#browser-malware) section.*
|
||||
malware and threat repository.
|
||||
* [Malwarehouse](https://github.com/sroberts/malwarehouse) - Store, tag, and
|
||||
search malware.
|
||||
* [Polichombr](https://github.com/ANSSI-FR/polichombr) - A malware analysis
|
||||
platform designed to help analysts to reverse malwares collaboratively.
|
||||
* [Viper](http://viper.li/) - A binary management and analysis framework for
|
||||
analysts and researchers.
|
||||
|
||||
## Miscellaneous
|
||||
|
||||
* [al-khaser](https://github.com/LordNoteworthy/al-khaser) - A PoC malware
|
||||
with good intentions that aimes to stress anti-malware systems.
|
||||
* [Binarly](http://binar.ly/) - Search engine for bytes in a large corpus
|
||||
of malware.
|
||||
* [DC3-MWCP](https://github.com/Defense-Cyber-Crime-Center/DC3-MWCP) -
|
||||
The Defense Cyber Crime Center's Malware Configuration Parser framework.
|
||||
* [MalSploitBase](https://github.com/misterch0c/malSploitBase) - A database
|
||||
containing exploits used by malware.
|
||||
* [Pafish](https://github.com/a0rtega/pafish) - Paranoid Fish, a demonstration
|
||||
tool that employs several techniques to detect sandboxes and analysis
|
||||
environments in the same way as malware families do.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user