Awesome-Mirrors/awesome-malware-analysis
1
0
Fork 0
mirror of https://github.com/rshipp/awesome-malware-analysis.git synced 2024-10-01 06:35:40 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #194 from pedramamini/master

Browse Source 
Added a variety of open resources from InQuest.net
This commit is contained in:
Ryan Shipp 2019-11-09 11:48:14 -06:00 committed by GitHub
commit 964740ab02
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
README.md
View File

@ -77,6 +77,7 @@ View Chinese translation: [恶意软件分析大合集.md](恶意软件分析大
* [Exploit Database](https://www.exploit-db.com/) - Exploit and shellcode * [Exploit Database](https://www.exploit-db.com/) - Exploit and shellcode
samples. samples.
* [Infosec - CERT-PA](https://infosec.cert-pa.it/analyze/submission.html) - Malware samples collection and analysis. * [Infosec - CERT-PA](https://infosec.cert-pa.it/analyze/submission.html) - Malware samples collection and analysis.
* [InQuest Labs](https://labs.inquest.net) - Evergrowing searchable corpus of malicious Microsoft documents.
* [Malpedia](https://malpedia.caad.fkie.fraunhofer.de/) - A resource providing * [Malpedia](https://malpedia.caad.fkie.fraunhofer.de/) - A resource providing
rapid identification and actionable context for malware investigations. rapid identification and actionable context for malware investigations.
* [Malshare](https://malshare.com) - Large repository of malware actively * [Malshare](https://malshare.com) - Large repository of malware actively
@ -139,7 +140,7 @@ View Chinese translation: [恶意软件分析大合集.md](恶意软件分析大
* [threataggregator](https://github.com/jpsenior/threataggregator) - * [threataggregator](https://github.com/jpsenior/threataggregator) -
Aggregates security threats from a number of sources, including some of Aggregates security threats from a number of sources, including some of
those listed below in [other resources](#other-resources). those listed below in [other resources](#other-resources).
* [ThreatConnect](https://threatconnect.com/free/) - TC Open allows you to see and * [ThreatConnect](https://threatconnect.com/free/) - TC Open allows you to see and
share open source threat data, with support and validation from our free community. share open source threat data, with support and validation from our free community.
* [ThreatCrowd](https://www.threatcrowd.org/) - A search engine for threats, * [ThreatCrowd](https://www.threatcrowd.org/) - A search engine for threats,
with graphical visualization. with graphical visualization.
@ -175,6 +176,8 @@ View Chinese translation: [恶意软件分析大合集.md](恶意软件分析大
* [HoneyDB](https://riskdiscovery.com/honeydb) - Community driven honeypot sensor data collection and aggregation. * [HoneyDB](https://riskdiscovery.com/honeydb) - Community driven honeypot sensor data collection and aggregation.
* [hpfeeds](https://github.com/rep/hpfeeds) - Honeypot feed protocol. * [hpfeeds](https://github.com/rep/hpfeeds) - Honeypot feed protocol.
* [Infosec - CERT-PA lists](https://infosec.cert-pa.it/analyze/statistics.html) ([IPs](https://infosec.cert-pa.it/analyze/listip.txt) - [Domains](https://infosec.cert-pa.it/analyze/listdomains.txt) - [URLs](https://infosec.cert-pa.it/analyze/listurls.txt)) - Blocklist service. * [Infosec - CERT-PA lists](https://infosec.cert-pa.it/analyze/statistics.html) ([IPs](https://infosec.cert-pa.it/analyze/listip.txt) - [Domains](https://infosec.cert-pa.it/analyze/listdomains.txt) - [URLs](https://infosec.cert-pa.it/analyze/listurls.txt)) - Blocklist service.
* [InQuest REPdb](https://labs.inquest.net/repdb) - Continuous aggregation of IOCs from a variety of open reputation sources.
* [InQuest IOCdb](https://labs.inquest.net/iocdb) - Continuous aggregation of IOCs from a variety of blogs, Github repos, and Twitter.
* [Internet Storm Center (DShield)](https://isc.sans.edu/) - Diary and * [Internet Storm Center (DShield)](https://isc.sans.edu/) - Diary and
searchable incident database, with a web [API](https://dshield.org/api/). searchable incident database, with a web [API](https://dshield.org/api/).
([unofficial Python library](https://github.com/rshipp/python-dshield)). ([unofficial Python library](https://github.com/rshipp/python-dshield)).
@ -276,7 +279,7 @@ executables.
against multiple mobile antivirus apps. against multiple mobile antivirus apps.
* [AVCaesar](https://avcaesar.malware.lu/) - Malware.lu online scanner and * [AVCaesar](https://avcaesar.malware.lu/) - Malware.lu online scanner and
malware repository. malware repository.
* [BoomBox](https://github.com/nbeede/BoomBox) - Automatic deployment of Cuckoo * [BoomBox](https://github.com/nbeede/BoomBox) - Automatic deployment of Cuckoo
Sandbox malware lab using Packer and Vagrant. Sandbox malware lab using Packer and Vagrant.
* [Cryptam](http://www.cryptam.com/) - Analyze suspicious office documents. * [Cryptam](http://www.cryptam.com/) - Analyze suspicious office documents.
* [Cuckoo Sandbox](https://cuckoosandbox.org/) - Open source, self hosted * [Cuckoo Sandbox](https://cuckoosandbox.org/) - Open source, self hosted
@ -345,7 +348,7 @@ executables.
*Inspect domains and IP addresses.* *Inspect domains and IP addresses.*
* [AbuseIPDB](https://www.abuseipdb.com/) - AbuseIPDB is a project dedicated * [AbuseIPDB](https://www.abuseipdb.com/) - AbuseIPDB is a project dedicated
to helping combat the spread of hackers, spammers, and abusive activity on the internet. to helping combat the spread of hackers, spammers, and abusive activity on the internet.
* [badips.com](https://www.badips.com/) - Community based IP blacklist service. * [badips.com](https://www.badips.com/) - Community based IP blacklist service.
* [boomerang](https://github.com/EmersonElectricCo/boomerang) - A tool designed * [boomerang](https://github.com/EmersonElectricCo/boomerang) - A tool designed
for consistent and safe capture of off network web resources. for consistent and safe capture of off network web resources.
@ -385,7 +388,7 @@ executables.
or network owner. (Previously SenderBase.) or network owner. (Previously SenderBase.)
* [TekDefense Automater](http://www.tekdefense.com/automater/) - OSINT tool * [TekDefense Automater](http://www.tekdefense.com/automater/) - OSINT tool
for gathering information about URLs, IPs, or hashes. for gathering information about URLs, IPs, or hashes.
* [URLhaus](https://urlhaus.abuse.ch/) - A project from abuse.ch with the goal * [URLhaus](https://urlhaus.abuse.ch/) - A project from abuse.ch with the goal
of sharing malicious URLs that are being used for malware distribution. of sharing malicious URLs that are being used for malware distribution.
* [URLQuery](http://urlquery.net/) - Free URL Scanner. * [URLQuery](http://urlquery.net/) - Free URL Scanner.
* [urlscan.io](https://urlscan.io/) - Free URL Scanner & domain information. * [urlscan.io](https://urlscan.io/) - Free URL Scanner & domain information.
@ -431,6 +434,7 @@ the [browser malware](#browser-malware) section.*
malware, featuring JScript/WScript support and ActiveX emulation. malware, featuring JScript/WScript support and ActiveX emulation.
* [diStorm](http://www.ragestorm.net/distorm/) - Disassembler for analyzing * [diStorm](http://www.ragestorm.net/distorm/) - Disassembler for analyzing
malicious shellcode. malicious shellcode.
* [InQuest Deep File Inspection](https://labs.inquest.net/dfi) - Upload common malware lures for Deep File Inspection and heuristical analysis.
* [JS Beautifier](http://jsbeautifier.org/) - JavaScript unpacking and deobfuscation. * [JS Beautifier](http://jsbeautifier.org/) - JavaScript unpacking and deobfuscation.
* [JS Deobfuscator](http://www.kahusecurity.com/2015/new-javascript-deobfuscator-tool/) - * [JS Deobfuscator](http://www.kahusecurity.com/2015/new-javascript-deobfuscator-tool/) -
Deobfuscate simple Javascript that use eval or document.write to conceal Deobfuscate simple Javascript that use eval or document.write to conceal
@ -546,7 +550,7 @@ the [browser malware](#browser-malware) section.*
* [GDB](http://www.sourceware.org/gdb/) - The GNU debugger. * [GDB](http://www.sourceware.org/gdb/) - The GNU debugger.
* [GEF](https://github.com/hugsy/gef) - GDB Enhanced Features, for exploiters * [GEF](https://github.com/hugsy/gef) - GDB Enhanced Features, for exploiters
and reverse engineers. and reverse engineers.
* [Ghidra](https://github.com/NationalSecurityAgency/ghidra) - A software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. * [Ghidra](https://github.com/NationalSecurityAgency/ghidra) - A software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate.
* [hackers-grep](https://github.com/codypierce/hackers-grep) - A utility to * [hackers-grep](https://github.com/codypierce/hackers-grep) - A utility to
search for strings in PE executables including imports, exports, and debug search for strings in PE executables including imports, exports, and debug
symbols. symbols.
@ -646,8 +650,8 @@ the [browser malware](#browser-malware) section.*
building a malware lab. building a malware lab.
* [Laika BOSS](https://github.com/lmco/laikaboss) - Laika BOSS is a file-centric * [Laika BOSS](https://github.com/lmco/laikaboss) - Laika BOSS is a file-centric
malware analysis and intrusion detection system. malware analysis and intrusion detection system.
* [Malcolm](https://github.com/idaholab/Malcolm) - Malcolm is a powerful, easily * [Malcolm](https://github.com/idaholab/Malcolm) - Malcolm is a powerful, easily
deployable network traffic analysis tool suite for full packet capture artifacts deployable network traffic analysis tool suite for full packet capture artifacts
(PCAP files) and Zeek logs. (PCAP files) and Zeek logs.
* [Malcom](https://github.com/tomchop/malcom) - Malware Communications * [Malcom](https://github.com/tomchop/malcom) - Malware Communications
Analyzer. Analyzer.
@ -773,7 +777,7 @@ the [browser malware](#browser-malware) section.*
* [Learning Malware Analysis](https://www.packtpub.com/networking-and-servers/learning-malware-analysis) - Learning Malware Analysis: Explore the concepts, tools, and techniques to analuze and investigate Windows malware * [Learning Malware Analysis](https://www.packtpub.com/networking-and-servers/learning-malware-analysis) - Learning Malware Analysis: Explore the concepts, tools, and techniques to analuze and investigate Windows malware
* [Malware Analyst's Cookbook and DVD](https://amzn.com/dp/0470613033) - * [Malware Analyst's Cookbook and DVD](https://amzn.com/dp/0470613033) -
Tools and Techniques for Fighting Malicious Code. Tools and Techniques for Fighting Malicious Code.
* [Mastering Malware Analysis](https://www.packtpub.com/networking-and-servers/mastering-malware-analysis) - Mastering Malware Analysis: The complete malware analyst's guide to combating malicious software, APT, cybercime, and IoT attacks * [Mastering Malware Analysis](https://www.packtpub.com/networking-and-servers/mastering-malware-analysis) - Mastering Malware Analysis: The complete malware analyst's guide to combating malicious software, APT, cybercime, and IoT attacks
* [Mastering Reverse Engineering](https://www.packtpub.com/networking-and-servers/mastering-reverse-engineering) - Mastering Reverse Engineering: Re-engineer your ethical hacking skills * [Mastering Reverse Engineering](https://www.packtpub.com/networking-and-servers/mastering-reverse-engineering) - Mastering Reverse Engineering: Re-engineer your ethical hacking skills
* [Practical Malware Analysis](https://amzn.com/dp/1593272901) - The Hands-On * [Practical Malware Analysis](https://amzn.com/dp/1593272901) - The Hands-On
Guide to Dissecting Malicious Software. Guide to Dissecting Malicious Software.