mirror of
https://github.com/rshipp/awesome-malware-analysis.git
synced 2024-06-30 21:41:19 +00:00
Ryan Shipp
commit
6b8c8acb3e
24
README.md
24
README.md
|
|
@ -102,7 +102,7 @@ A curated list of awesome malware analysis tools and resources. Inspired by
|
|||
* [AbuseHelper](https://github.com/abusesa/abusehelper) - An open-source framework for receiving and redistributing abuse feeds and threat intel.
|
||||
* [Combine](https://github.com/mlsecproject/combine) - Tool to gather Threat
|
||||
Intelligence indicators from publicly available sources.
|
||||
* [IntelMQ](https://www.enisa.europa.eu/activities/cert/support/incident-handling-automation) -
|
||||
* [IntelMQ](https://www.enisa.europa.eu/topics/csirt-cert-services/community-projects/incident-handling-automation) -
|
||||
A tool for CERTs for processing incident data using a message queue.
|
||||
* [IOC Editor](https://www.fireeye.com/services/freeware/ioc-editor.html) -
|
||||
A free editor for XML IOC files.
|
||||
|
|
@ -260,10 +260,14 @@ A curated list of awesome malware analysis tools and resources. Inspired by
|
|||
much metadata as possible for a website and to assess its good standing.
|
||||
* [Dig](http://networking.ringofsaturn.com/) - Free online dig and other
|
||||
network tools.
|
||||
* [dnstwist](https://github.com/elceef/dnstwist) - Domain name permutation
|
||||
engine for detecting typo squatting, phishing and corporate espionage.
|
||||
* [IPinfo](https://github.com/hiddenillusion/IPinfo) - Gather information
|
||||
about an IP or domain by searching online resources.
|
||||
* [Machinae](https://github.com/hurricanelabs/machinae) - OSINT tool for
|
||||
gathering information about URLs, IPs, or hashes. Similar to Automator.
|
||||
* [mailchecker](https://github.com/FGRibreau/mailchecker) - Cross-language
|
||||
temporary email detection library.
|
||||
* [MaltegoVT](https://github.com/jiachongzhi/MaltegoVT) - Maltego
|
||||
transform for the VirusTotal API. Allows domain/IP research, and searching
|
||||
for file hashes and scan reports.
|
||||
|
|
@ -296,6 +300,8 @@ A curated list of awesome malware analysis tools and resources. Inspired by
|
|||
malware analysis tool.
|
||||
* [jsunpack-n](https://github.com/urule99/jsunpack-n) - A javascript
|
||||
unpacker that emulates browser functionality.
|
||||
* [Krakatau](https://github.com/Storyyeller/Krakatau) - Java decompiler,
|
||||
assembler, and disassembler.
|
||||
* [Malzilla](http://malzilla.sourceforge.net/) - Analyze malicious web pages.
|
||||
* [RABCDAsm](https://github.com/CyberShadow/RABCDAsm) - A "Robust
|
||||
ActionScript Bytecode Disassembler."
|
||||
|
|
@ -418,6 +424,8 @@ the [browser malware](#browser-malware) section.*
|
|||
Assistance for GDB, an enhanced display with added commands.
|
||||
* [pestudio](https://winitor.com/) - Perform static analysis of Windows
|
||||
executables.
|
||||
* [plasma](https://github.com/joelpx/plasma) - Interactive disassembler for
|
||||
x86/ARM/MIPS.
|
||||
* [Process Monitor](https://technet.microsoft.com/en-us/sysinternals/bb896645.aspx) -
|
||||
Advanced monitoring tool for Windows programs.
|
||||
* [Pyew](https://github.com/joxeankoret/pyew) - Python tool for malware
|
||||
|
|
@ -428,7 +436,7 @@ the [browser malware](#browser-malware) section.*
|
|||
plugin for Sublime 3 to aid with malware analyis.
|
||||
* [strace](https://sourceforge.net/projects/strace/) - Dynamic analysis for
|
||||
Linux executables.
|
||||
* [Triton](http://triton.quarkslab.com/) - A dynamic binary analysis (DBA) framework.
|
||||
* [Triton](http://triton.quarkslab.com/) - A dynamic binary analysis (DBA) framework.
|
||||
* [Udis86](https://github.com/vmt/udis86) - Disassembler library and tool
|
||||
for x86 and x86_64.
|
||||
* [Vivisect](https://github.com/vivisect/vivisect) - Python tool for
|
||||
|
|
@ -449,9 +457,12 @@ the [browser malware](#browser-malware) section.*
|
|||
* [Fiddler](http://www.telerik.com/fiddler) - Intercepting web proxy designed
|
||||
for "web debugging."
|
||||
* [Hale](https://github.com/pjlantz/Hale) - Botnet C&C monitor.
|
||||
* [Haka](http://www.haka-security.org/) - Haka is an open source security
|
||||
oriented language which allows to describe protocols and apply security
|
||||
policies on (live) captured traffic.
|
||||
* [INetSim](http://www.inetsim.org/) - Network service emulation, useful when
|
||||
building a malware lab.
|
||||
* [Laika BOSS](https://github.com/lmco/laikaboss) - Laika BOSS is a file-centric
|
||||
* [Laika BOSS](https://github.com/lmco/laikaboss) - Laika BOSS is a file-centric
|
||||
malware analysis and intrusion detection system.
|
||||
* [Malcom](https://github.com/tomchop/malcom) - Malware Communications
|
||||
Analyzer.
|
||||
|
|
@ -481,6 +492,8 @@ the [browser malware](#browser-malware) section.*
|
|||
|
||||
* [DAMM](https://github.com/504ensicsLabs/DAMM) - Differential Analysis of
|
||||
Malware in Memory, built on Volatility
|
||||
* [evolve](https://github.com/JamesHabben/evolve) - Web interface for the
|
||||
Volatility Memory Forensics Framework.
|
||||
* [FindAES](http://jessekornblum.livejournal.com/269749.html) - Find AES
|
||||
encryption keys in memory.
|
||||
* [Muninn](https://github.com/ytisf/muninn) - A script to automate portions
|
||||
|
|
@ -493,6 +506,8 @@ the [browser malware](#browser-malware) section.*
|
|||
images before and after malware execution, and report changes.
|
||||
* [Volatility](https://github.com/volatilityfoundation/volatility) - Advanced
|
||||
memory forensics framework.
|
||||
* [VolUtility](https://github.com/kevthehermit/VolUtility) - Web Interface for
|
||||
Volatility Memory Analysis framework.
|
||||
* [WinDbg](https://msdn.microsoft.com/en-us/windows/hardware/hh852365) - Live
|
||||
memory inspection and kernel debugging for Windows systems.
|
||||
|
||||
|
|
@ -569,6 +584,8 @@ the [browser malware](#browser-malware) section.*
|
|||
|
||||
* [APT Notes](https://github.com/kbandla/APTnotes) - A collection of papers
|
||||
and notes related to Advanced Persistent Threats.
|
||||
* [File Formats posters](https://github.com/corkami/pics) - Nice visualization
|
||||
of commonly used file format (including PE & ELF).
|
||||
* [Honeynet Project](http://honeynet.org/) - Honeypot tools, papers, and
|
||||
other resources.
|
||||
* [Kernel Mode](http://www.kernelmode.info/forum/) - An active community devoted to
|
||||
|
|
@ -586,6 +603,7 @@ the [browser malware](#browser-malware) section.*
|
|||
Institute during Fall 2015.
|
||||
* [WindowsIR: Malware](http://windowsir.blogspot.com/p/malware.html) - Harlan
|
||||
Carvey's page on Malware.
|
||||
* [Windows Registry specification](https://github.com/msuhanov/regf/blob/master/Windows%20registry%20file%20format%20specification.md) - Windows registry file format specification.
|
||||
* [/r/csirt_tools](https://www.reddit.com/r/csirt_tools/) - Subreddit for CSIRT
|
||||
tools and resources, with a
|
||||
[malware analysis](https://www.reddit.com/r/csirt_tools/search?q=flair%3A%22Malware%20analysis%22&sort=new&restrict_sr=on) flair.
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user