Wrap some lines

2025-02-10 20:18:39 -05:00 · 2017-09-24 19:22:36 -05:00 · 2017-09-24 19:22:36 -05:00 · 6d7827d58a
commit 6d7827d58a
parent fc3125268b
1 changed files with 71 additions and 52 deletions
--- a/README.md
+++ b/README.md
@ -87,7 +87,7 @@ A curated list of awesome malware analysis tools and resources. Inspired by
  crawler with pre-analysis and reporting functionalities
 * [theZoo](https://github.com/ytisf/theZoo) - Live malware samples for
  analysts.
-* [Tracker h3x](http://tracker.h3x.eu/) - Agregator for malware corpus tracker 
+* [Tracker h3x](http://tracker.h3x.eu/) - Agregator for malware corpus tracker
  and malicious download sites.
 * [ViruSign](http://www.virussign.com/) - Malware database that detected by
  many anti malware programs except ClamAV.
@ -121,7 +121,8 @@ A curated list of awesome malware analysis tools and resources. Inspired by
  working with OpenIOC objects, from Mandiant.
 * [Massive Octo Spice](https://github.com/csirtgadgets/massive-octo-spice) -
  Previously known as CIF (Collective Intelligence Framework). Aggregates IOCs
-  from various lists. Curated by the [CSIRT Gadgets Foundation](http://csirtgadgets.org/collective-intelligence-framework).
+  from various lists. Curated by the
  [CSIRT Gadgets Foundation](http://csirtgadgets.org/collective-intelligence-framework).
 * [MISP](https://github.com/MISP/MISP) - Malware Information Sharing
  Platform curated by [The MISP Project](http://www.misp-project.org/).
 * [PyIOCe](https://github.com/pidydx/PyIOCe) - A Python OpenIOC editor.
@ -165,14 +166,14 @@ A curated list of awesome malware analysis tools and resources. Inspired by
 * [malc0de](http://malc0de.com/database/) - Searchable incident database.
 * [Malware Domain List](http://www.malwaredomainlist.com/) - Search and share
  malicious URLs.
-* [Metadefender.com Threat Intelligence Feeds](https://www.metadefender.com/threat-intelligence-feeds) - 
+* [Metadefender.com Threat Intelligence Feeds](https://www.metadefender.com/threat-intelligence-feeds) -
  List of the most looked up file hashes from Metadefender.com malware feed.
 * [OpenIOC](http://openioc.org/) - Framework for sharing threat intelligence.
 * [Palevo Blocklists](https://palevotracker.abuse.ch/blocklists.php) - Botnet
  C&C blocklists.
 * [Proofpoint Threat Intelligence](https://www.proofpoint.com/us/products/et-intelligence) -
  Rulesets and more. (Formerly Emerging Threats.)
-* [Ransomware overview](https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml) - 
+* [Ransomware overview](https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml) -
  A list of ransomware overview with details, detection and prevention.
 * [STIX - Structured Threat Information eXpression](http://stixproject.github.io) -
  Standardized language to represent and share cyber threat information.
@ -193,8 +194,8 @@ A curated list of awesome malware analysis tools and resources. Inspired by
 * [AnalyzePE](https://github.com/hiddenillusion/AnalyzePE) - Wrapper for a
  variety of tools for reporting on Windows PE files.
-* [BinaryAlert](https://github.com/airbnb/binaryalert) - An open source, serverless 
+* [BinaryAlert](https://github.com/airbnb/binaryalert) - An open source, serverless
-AWS pipeline that scans and alerts on uploaded files based on a set of 
+AWS pipeline that scans and alerts on uploaded files based on a set of
 YARA rules.
 * [chkrootkit](http://www.chkrootkit.org/) - Local Linux rootkit detection.
 * [ClamAV](http://www.clamav.net/) - Open source antivirus engine.
@ -221,8 +222,9 @@ YARA rules.
  files, providing feature-rich tools for proper analysis of suspicious binaries.
 * [Rootkit Hunter](http://rkhunter.sourceforge.net/) - Detect Linux rootkits.
 * [ssdeep](https://ssdeep-project.github.io/ssdeep/) - Compute fuzzy hashes.
-* [totalhash.py](https://gist.github.com/gleblanc1783/3c8e6b379fa9d646d401b96ab5c7877f) - Python script
+* [totalhash.py](https://gist.github.com/gleblanc1783/3c8e6b379fa9d646d401b96ab5c7877f) -
-  for easy searching of the [TotalHash.cymru.com](https://totalhash.cymru.com/) database.
+  Python script for easy searching of the [TotalHash.cymru.com](https://totalhash.cymru.com/)
  database.
 * [TrID](http://mark0.net/soft-trid-e.html) - File identifier.
 * [YARA](https://plusvic.github.io/yara/) - Pattern matching tool for
  analysts.
@ -243,16 +245,18 @@ YARA rules.
 * [cuckoo-modified](https://github.com/brad-accuvant/cuckoo-modified) - Modified
  version of Cuckoo Sandbox released under the GPL. Not merged upstream due to
  legal concerns by the author.
-* [cuckoo-modified-api](https://github.com/keithjjones/cuckoo-modified-api) - A Python API used to control
+* [cuckoo-modified-api](https://github.com/keithjjones/cuckoo-modified-api) - A
-  a cuckoo-modified sandbox.
+  Python API used to control a cuckoo-modified sandbox.
 * [DeepViz](https://www.deepviz.com/) - Multi-format file analyzer with
  machine-learning classification.
-* [detux](https://github.com/detuxsandbox/detux/) - A sandbox developed to do traffic analysis
+* [detux](https://github.com/detuxsandbox/detux/) - A sandbox developed to do
-  of Linux malwares and capturing IOCs.
+  traffic analysis of Linux malwares and capturing IOCs.
 * [DRAKVUF](https://github.com/tklengyel/drakvuf) - Dynamic malware analysis
  system.
-* [firmware.re](http://firmware.re/) - Unpacks, scans and analyzes almost any firmware package.
+* [firmware.re](http://firmware.re/) - Unpacks, scans and analyzes almost any
-* [HaboMalHunter](https://github.com/Tencent/HaboMalHunter) - An Automated Malware Analysis Tool for Linux ELF Files.
+  firmware package.
 * [HaboMalHunter](https://github.com/Tencent/HaboMalHunter) - An Automated Malware
  Analysis Tool for Linux ELF Files.
 * [Hybrid Analysis](https://www.hybrid-analysis.com/) - Online malware
  analysis tool, powered by VxSandbox.
 * [IRMA](http://irma.quarkslab.com/) - An asynchronous and customizable
@ -262,8 +266,9 @@ YARA rules.
 * [Limon](https://github.com/monnappa22/Limon) - Sandbox for Analyzing Linux Malwares
 * [Malheur](https://github.com/rieck/malheur) - Automatic sandboxed analysis
  of malware behavior.
-* [malsub](https://github.com/diogo-fernan/malsub) - A Python RESTful API framework for online malware and URL analysis services.
+* [malsub](https://github.com/diogo-fernan/malsub) - A Python RESTful API framework for
-* [Malware config](https://malwareconfig.com/) - Extract, decode and display online 
+  online malware and URL analysis services.
 * [Malware config](https://malwareconfig.com/) - Extract, decode and display online
  the configuration settings from common malwares.
 * [Malwr](https://malwr.com/) - Free analysis with an online Cuckoo Sandbox
  instance.
@ -280,14 +285,15 @@ YARA rules.
 * [ProcDot](http://www.procdot.com) - A graphical malware analysis tool kit.
 * [Recomposer](https://github.com/secretsquirrel/recomposer) - A helper
  script for safely uploading binaries to sandbox sites.
-* [Sand droid](http://sanddroid.xjtu.edu.cn/) - Automatic and complete 
+* [Sand droid](http://sanddroid.xjtu.edu.cn/) - Automatic and complete
  Android application analysis system.
 * [SEE](https://github.com/F-Secure/see) - Sandboxed Execution Environment (SEE)
  is a framework for building test automation in secured Environments.
 * [VirusTotal](https://www.virustotal.com/) - Free online analysis of malware
  samples and URLs
 * [Visualize_Logs](https://github.com/keithjjones/visualize_logs) - Open source
-  visualization library and command line tools for logs.  (Cuckoo, Procmon, more to come...)
+  visualization library and command line tools for logs.  (Cuckoo, Procmon, more
  to come...)
 * [Zeltser's List](https://zeltser.com/automated-malware-analysis/) - Free
  automated sandboxes and services, compiled by Lenny Zeltser.
@ -295,7 +301,8 @@ YARA rules.
 *Inspect domains and IP addresses.*
-* [boomerang](https://github.com/EmersonElectricCo/boomerang) - A tool designed for consistent and safe capture of off network web resources.
+* [boomerang](https://github.com/EmersonElectricCo/boomerang) - A tool designed
  for consistent and safe capture of off network web resources.
 * [Desenmascara.me](http://desenmascara.me) - One click tool to retrieve as
  much metadata as possible for a website and to assess its good standing.
 * [Dig](https://networking.ringofsaturn.com/) - Free online dig and other
@ -311,18 +318,18 @@ YARA rules.
 * [MaltegoVT](https://github.com/michael-yip/MaltegoVT) - Maltego transform
  for the VirusTotal API. Allows domain/IP research, and searching for file
  hashes and scan reports.
-* [Multi rbl](http://multirbl.valli.org/) - Multiple DNS blacklist and forward 
+* [Multi rbl](http://multirbl.valli.org/) - Multiple DNS blacklist and forward
  confirmed reverse DNS lookup over more than 300 RBLs.
-* [NormShield Services](https://services.normshield.com/) - Free API Services 
+* [NormShield Services](https://services.normshield.com/) - Free API Services
-  for detecting possible phishing domains, blacklisted ip addresses and breached 
+  for detecting possible phishing domains, blacklisted ip addresses and breached
  accounts.
 * [SpamCop](https://www.spamcop.net/bl.shtml) - IP based spam block list.
 * [SpamHaus](https://www.spamhaus.org/lookup/) - Block list based on
  domains and IPs.
 * [Sucuri SiteCheck](https://sitecheck.sucuri.net/) - Free Website Malware
  and Security Scanner.
-* [Talos Intelligence](https://talosintelligence.com/) - Search for IP, domain or network
+* [Talos Intelligence](https://talosintelligence.com/) - Search for IP, domain
-  owner. (Previously SenderBase.)
+  or network owner. (Previously SenderBase.)
 * [TekDefense Automater](http://www.tekdefense.com/automater/) - OSINT tool
  for gathering information about URLs, IPs, or hashes.
 * [URLQuery](http://urlquery.net/) - Free URL Scanner.
@ -455,7 +462,8 @@ the [browser malware](#browser-malware) section.*
  source Binary Analysis and Reverse engineering Framework.
 * [binnavi](https://github.com/google/binnavi) - Binary analysis IDE for
  reverse engineering based on graph visualization.
-* [Binary ninja](https://binary.ninja/) - A reversing engineering platform that is an alternative to IDA.
+* [Binary ninja](https://binary.ninja/) - A reversing engineering platform
  that is an alternative to IDA.
 * [Binwalk](https://github.com/devttys0/binwalk) - Firmware analysis tool.
 * [Bokken](http://www.bokken.re/) - GUI for Pyew and Radare.
  ([mirror](https://github.com/inguma/bokken))
@ -485,38 +493,42 @@ the [browser malware](#browser-malware) section.*
 * [Kaitai Struct](http://kaitai.io/) - DSL for file formats / network protocols /
  data structures reverse engineering and dissection, with code generation
  for C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby.
-* [LIEF](https://lief.quarkslab.com/) - LIEF provides a cross-platform library 
+* [LIEF](https://lief.quarkslab.com/) - LIEF provides a cross-platform library
  to parse, modify and abstract ELF, PE and MachO formats.
 * [ltrace](http://ltrace.org/) - Dynamic analysis for Linux executables.
 * [objdump](https://en.wikipedia.org/wiki/Objdump) - Part of GNU binutils,
  for static analysis of Linux binaries.
 * [OllyDbg](http://www.ollydbg.de/) - An assembly-level debugger for Windows
  executables.
-* [PANDA](https://github.com/moyix/panda) - Platform for Architecture-Neutral Dynamic Analysis
+* [PANDA](https://github.com/moyix/panda) - Platform for Architecture-Neutral
  Dynamic Analysis.
 * [PEDA](https://github.com/longld/peda) - Python Exploit Development
  Assistance for GDB, an enhanced display with added commands.
 * [pestudio](https://winitor.com/) - Perform static analysis of Windows
  executables.
-* [plasma](https://github.com/plasma-disassembler/plasma) - Interactive disassembler for
+* [plasma](https://github.com/plasma-disassembler/plasma) - Interactive
-  x86/ARM/MIPS.
+  disassembler for x86/ARM/MIPS.
 * [PPEE (puppy)](https://www.mzrst.com/) - A Professional PE file Explorer for
  reversers, malware researchers and those who want to statically inspect PE
  files in more detail.
 * [Process Explorer](https://docs.microsoft.com/sysinternals/downloads/process-explorer) -
  Advanced task manager for Windows.
-* [Process Hacker](http://processhacker.sourceforge.net/) - Tool that monitors system resources.
+* [Process Hacker](http://processhacker.sourceforge.net/) - Tool that monitors
  system resources.
 * [Process Monitor](https://docs.microsoft.com/sysinternals/downloads/procmon) -
  Advanced monitoring tool for Windows programs.
 * [PSTools](https://docs.microsoft.com/sysinternals/downloads/pstools) - Windows
  command-line tools that help manage and investigate live systems.
 * [Pyew](https://github.com/joxeankoret/pyew) - Python tool for malware
  analysis.
-* [PyREBox](https://github.com/Cisco-Talos/pyrebox) - Python scriptable reverse engineering 
+* [PyREBox](https://github.com/Cisco-Talos/pyrebox) - Python scriptable reverse
-  sandbox by the Talos team at Cisco.
+  engineering sandbox by the Talos team at Cisco.
-* [QKD](https://github.com/ispras/qemu/releases/) - QEMU with embedded WinDbg server for stealth debugging.
+* [QKD](https://github.com/ispras/qemu/releases/) - QEMU with embedded WinDbg
  server for stealth debugging.
 * [Radare2](http://www.radare.org/r/) - Reverse engineering framework, with
  debugger support.
-* [RegShot](https://sourceforge.net/projects/regshot/) - Registry compare utility that compares snapshots. 
+* [RegShot](https://sourceforge.net/projects/regshot/) - Registry compare utility
  that compares snapshots.
 * [RetDec](https://retdec.com/) - Retargetable machine-code decompiler with an
  [online decompilation service](https://retdec.com/decompilation/) and
  [API](https://retdec.com/api/) that you can use in your tools.
@ -544,7 +556,7 @@ the [browser malware](#browser-malware) section.*
  explorer.
 * [chopshop](https://github.com/MITRECND/chopshop) - Protocol analysis and
  decoding framework.
-* [CloudShark](https://www.cloudshark.org) - Web-based tool for packet analysis 
+* [CloudShark](https://www.cloudshark.org) - Web-based tool for packet analysis
  and malware traffic detection.
 * [Fiddler](http://www.telerik.com/fiddler) - Intercepting web proxy designed
  for "web debugging."
@ -572,11 +584,14 @@ the [browser malware](#browser-malware) section.*
  forensic analysis tool, with a free version.
 * [ngrep](http://ngrep.sourceforge.net/) - Search through network traffic
  like grep.
-* [PcapViz](https://github.com/mateuszk87/PcapViz) - Network topology and traffic visualizer.
+* [PcapViz](https://github.com/mateuszk87/PcapViz) - Network topology and
-* [Python ICAP Yara](https://github.com/RamadhanAmizudin/python-icap-yara) - An ICAP Server with yara scanner for URL or content. 
+  traffic visualizer.
-* [Squidmagic](https://github.com/ch3k1/squidmagic) - squidmagic is a tool 
+* [Python ICAP Yara](https://github.com/RamadhanAmizudin/python-icap-yara) - An
-  designed to analyze a web-based network traffic to detect central command 
+  ICAP Server with yara scanner for URL or content.
-  and control (C&C) servers and malicious sites, using Squid proxy server and Spamhaus.
+* [Squidmagic](https://github.com/ch3k1/squidmagic) - squidmagic is a tool
  designed to analyze a web-based network traffic to detect central command
  and control (C&C) servers and malicious sites, using Squid proxy server and
  Spamhaus.
 * [Tcpdump](http://www.tcpdump.org/) - Collect network traffic.
 * [tcpick](http://tcpick.sourceforge.net/) - Trach and reassemble TCP streams
  from network traffic.
@ -589,16 +604,17 @@ the [browser malware](#browser-malware) section.*
 *Tools for dissecting malware in memory images or running systems.*
-* [BlackLight](https://www.blackbagtech.com/blacklight.html) - Windows/MacOS forensics
+* [BlackLight](https://www.blackbagtech.com/blacklight.html) - Windows/MacOS
-  client supporting hiberfil, pagefile, raw memory analysis
+  forensics client supporting hiberfil, pagefile, raw memory analysis
 * [DAMM](https://github.com/504ensicsLabs/DAMM) - Differential Analysis of
  Malware in Memory, built on Volatility
 * [evolve](https://github.com/JamesHabben/evolve) - Web interface for the
  Volatility Memory Forensics Framework.
 * [FindAES](http://jessekornblum.livejournal.com/269749.html) - Find AES
  encryption keys in memory.
-* [inVtero.net](https://github.com/ShaneK2/inVtero.net) - High speed memory analysis framework
+* [inVtero.net](https://github.com/ShaneK2/inVtero.net) - High speed memory
-  developed in .NET supports all Windows x64, includes code integrity and write support.
+  analysis framework developed in .NET supports all Windows x64, includes
  code integrity and write support.
 * [Muninn](https://github.com/ytisf/muninn) - A script to automate portions
  of analysis using Volatility, and create a readable report.
 * [Rekall](http://www.rekall-forensic.com/) - Memory analysis framework,
@ -634,9 +650,10 @@ the [browser malware](#browser-malware) section.*
  Pipeline System.
 * [CRITs](https://crits.github.io/) - Collaborative Research Into Threats, a
  malware and threat repository.
-* [FAME](https://certsocietegenerale.github.io/fame/) - FAME is a malware analysis framework. 
+* [FAME](https://certsocietegenerale.github.io/fame/) - A malware analysis
-  It features a pipeline that can be extended with custom modules that can be chained and 
+  framework featuring a pipeline that can be extended with custom modules,
-  interact with each other to perform end-to-end analysis.  
+  which can be chained and interact with each other to perform end-to-end
  analysis.
 * [Malwarehouse](https://github.com/sroberts/malwarehouse) - Store, tag, and
  search malware.
 * [Polichombr](https://github.com/ANSSI-FR/polichombr) - A malware analysis
@ -655,7 +672,7 @@ the [browser malware](#browser-malware) section.*
  corpus of malware.
 * [DC3-MWCP](https://github.com/Defense-Cyber-Crime-Center/DC3-MWCP) -
  The Defense Cyber Crime Center's Malware Configuration Parser framework.
-* [FLARE VM](https://github.com/fireeye/flare-vm) - A fully customizable, 
+* [FLARE VM](https://github.com/fireeye/flare-vm) - A fully customizable,
  Windows-based, security distribution for malware analysis.
 * [MalSploitBase](https://github.com/misterch0c/malSploitBase) - A database
  containing exploits used by malware.
@ -677,10 +694,12 @@ the [browser malware](#browser-malware) section.*
 * [Malware Analyst's Cookbook and DVD](https://amzn.com/dp/0470613033) -
  Tools and Techniques for Fighting Malicious Code.
-* [Practical Malware Analysis](https://amzn.com/dp/1593272901) - The Hands-On Guide
+* [Practical Malware Analysis](https://amzn.com/dp/1593272901) - The Hands-On
-  to Dissecting Malicious Software.
+  Guide to Dissecting Malicious Software.
-* [Practical Reverse Engineering](https://www.amzn.com/dp/1118787315/) - Intermediate Reverse Engineering
+* [Practical Reverse Engineering](https://www.amzn.com/dp/1118787315/) -
-* [Real Digital Forensics](https://www.amzn.com/dp/0321240693) - Computer Security and Incident Response
+  Intermediate Reverse Engineering
 * [Real Digital Forensics](https://www.amzn.com/dp/0321240693) - Computer
  Security and Incident Response
 * [The Art of Memory Forensics](https://amzn.com/dp/1118825098) - Detecting
  Malware and Threats in Windows, Linux, and Mac Memory.
 * [The IDA Pro Book](https://amzn.com/dp/1593272898) - The Unofficial Guide