mirror of
https://github.com/rshipp/awesome-malware-analysis.git
synced 2024-07-01 05:51:21 +00:00
Clean up whitespace and redirects
This commit is contained in:
rshipp
parent
e4046baa69
commit
fe57646480
38
README.md
38
README.md
|
|
@ -137,7 +137,7 @@ A curated list of awesome malware analysis tools and resources. Inspired by
|
||||||
|
|
||||||
*Threat intelligence and IOC resources.*
|
*Threat intelligence and IOC resources.*
|
||||||
|
|
||||||
* [Autoshun](http://autoshun.org/) ([list](http://autoshun.org/files/shunlist.csv)) -
|
* [Autoshun](https://autoshun.org/) ([list](https://autoshun.org/files/shunlist.csv)) -
|
||||||
Snort plugin and blocklist.
|
Snort plugin and blocklist.
|
||||||
* [CI Army](http://cinsscore.com/) ([list](http://cinsscore.com/list/ci-badguys.txt)) -
|
* [CI Army](http://cinsscore.com/) ([list](http://cinsscore.com/list/ci-badguys.txt)) -
|
||||||
Network security blocklists.
|
Network security blocklists.
|
||||||
|
|
@ -229,7 +229,7 @@ A curated list of awesome malware analysis tools and resources. Inspired by
|
||||||
legal concerns by the author.
|
legal concerns by the author.
|
||||||
* [DeepViz](https://www.deepviz.com/) - Multi-format file analyzer with
|
* [DeepViz](https://www.deepviz.com/) - Multi-format file analyzer with
|
||||||
machine-learning classification.
|
machine-learning classification.
|
||||||
* [detux](https://github.com/detuxsandbox/detux/) - A sandbox developed to do traffic analysis
|
* [detux](https://github.com/detuxsandbox/detux/) - A sandbox developed to do traffic analysis
|
||||||
of Linux malwares and capturing IOCs.
|
of Linux malwares and capturing IOCs.
|
||||||
* [Document Analyzer](https://www.document-analyzer.net/) - Free dynamic analysis of DOC and PDF files.
|
* [Document Analyzer](https://www.document-analyzer.net/) - Free dynamic analysis of DOC and PDF files.
|
||||||
* [DRAKVUF](https://github.com/tklengyel/drakvuf) - Dynamic malware analysis
|
* [DRAKVUF](https://github.com/tklengyel/drakvuf) - Dynamic malware analysis
|
||||||
|
|
@ -239,7 +239,7 @@ A curated list of awesome malware analysis tools and resources. Inspired by
|
||||||
analysis tool, powered by VxSandbox.
|
analysis tool, powered by VxSandbox.
|
||||||
* [IRMA](http://irma.quarkslab.com/) - An asynchronous and customizable
|
* [IRMA](http://irma.quarkslab.com/) - An asynchronous and customizable
|
||||||
analysis platform for suspicious files.
|
analysis platform for suspicious files.
|
||||||
* [Joe Sandbox](https://www.joesecurity.org) - Deep malware analysis with Joe Sandbox.
|
* [Joe Sandbox](https://www.joesecurity.org) - Deep malware analysis with Joe Sandbox.
|
||||||
* [Jotti](https://virusscan.jotti.org/en) - Free online multi-AV scanner.
|
* [Jotti](https://virusscan.jotti.org/en) - Free online multi-AV scanner.
|
||||||
* [Malheur](https://github.com/rieck/malheur) - Automatic sandboxed analysis
|
* [Malheur](https://github.com/rieck/malheur) - Automatic sandboxed analysis
|
||||||
of malware behavior.
|
of malware behavior.
|
||||||
|
|
@ -249,8 +249,8 @@ A curated list of awesome malware analysis tools and resources. Inspired by
|
||||||
analysis of malware.
|
analysis of malware.
|
||||||
* [Metadefender.com](https://www.metadefender.com) - Scan a file, hash or IP
|
* [Metadefender.com](https://www.metadefender.com) - Scan a file, hash or IP
|
||||||
address for malware (free)
|
address for malware (free)
|
||||||
* [NetworkTotal](https://www.networktotal.com/index.html) - A service that analyzes
|
* [NetworkTotal](https://www.networktotal.com/index.html) - A service that analyzes
|
||||||
pcap files and facilitates the quick detection of viruses, worms, trojans, and all
|
pcap files and facilitates the quick detection of viruses, worms, trojans, and all
|
||||||
kinds of malware using Suricata configured with EmergingThreats Pro.
|
kinds of malware using Suricata configured with EmergingThreats Pro.
|
||||||
* [Noriben](https://github.com/Rurik/Noriben) - Uses Sysinternals Procmon to
|
* [Noriben](https://github.com/Rurik/Noriben) - Uses Sysinternals Procmon to
|
||||||
collect information about malware in a sandboxed environment.
|
collect information about malware in a sandboxed environment.
|
||||||
|
|
@ -355,8 +355,8 @@ the [browser malware](#browser-malware) section.*
|
||||||
the backend-free version of PDF X-RAY.
|
the backend-free version of PDF X-RAY.
|
||||||
* [peepdf](http://eternal-todo.com/tools/peepdf-pdf-analysis-tool) - Python
|
* [peepdf](http://eternal-todo.com/tools/peepdf-pdf-analysis-tool) - Python
|
||||||
tool for exploring possibly malicious PDFs.
|
tool for exploring possibly malicious PDFs.
|
||||||
* [QuickSand](https://www.quicksand.io/) - QuickSand is a compact C framework
|
* [QuickSand](https://www.quicksand.io/) - QuickSand is a compact C framework
|
||||||
to analyze suspected malware documents to identify exploits in streams of different
|
to analyze suspected malware documents to identify exploits in streams of different
|
||||||
encodings and to locate and extract embedded executables.
|
encodings and to locate and extract embedded executables.
|
||||||
* [Spidermonkey](https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey) -
|
* [Spidermonkey](https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey) -
|
||||||
Mozilla's JavaScript engine, for debugging malicious JS.
|
Mozilla's JavaScript engine, for debugging malicious JS.
|
||||||
|
|
@ -388,14 +388,14 @@ the [browser malware](#browser-malware) section.*
|
||||||
& [iheartxor](http://hooked-on-mnemonics.blogspot.com/p/iheartxor.html) -
|
& [iheartxor](http://hooked-on-mnemonics.blogspot.com/p/iheartxor.html) -
|
||||||
Two tools from Alexander Hanel for working with single-byte XOR encoded
|
Two tools from Alexander Hanel for working with single-byte XOR encoded
|
||||||
files.
|
files.
|
||||||
* [FLOSS](https://github.com/fireeye/flare-floss) - The FireEye Labs Obfuscated
|
* [FLOSS](https://github.com/fireeye/flare-floss) - The FireEye Labs Obfuscated
|
||||||
String Solver uses advanced static analysis techniques to automatically
|
String Solver uses advanced static analysis techniques to automatically
|
||||||
deobfuscate strings from malware binaries.
|
deobfuscate strings from malware binaries.
|
||||||
* [NoMoreXOR](https://github.com/hiddenillusion/NoMoreXOR) - Guess a 256 byte
|
* [NoMoreXOR](https://github.com/hiddenillusion/NoMoreXOR) - Guess a 256 byte
|
||||||
XOR key using frequency analysis.
|
XOR key using frequency analysis.
|
||||||
* [PackerAttacker](https://github.com/BromiumLabs/PackerAttacker) - A generic
|
* [PackerAttacker](https://github.com/BromiumLabs/PackerAttacker) - A generic
|
||||||
hidden code extractor for Windows malware.
|
hidden code extractor for Windows malware.
|
||||||
* [unpacker](https://github.com/malwaremusings/unpacker/) - Automated malware
|
* [unpacker](https://github.com/malwaremusings/unpacker/) - Automated malware
|
||||||
unpacker for Windows malware based on WinAppDbg.
|
unpacker for Windows malware based on WinAppDbg.
|
||||||
* [unxor](https://github.com/tomchop/unxor/) - Guess XOR keys using
|
* [unxor](https://github.com/tomchop/unxor/) - Guess XOR keys using
|
||||||
known-plaintext attacks.
|
known-plaintext attacks.
|
||||||
|
|
@ -414,7 +414,7 @@ the [browser malware](#browser-malware) section.*
|
||||||
|
|
||||||
* [angr](https://github.com/angr/angr) - Platform-agnostic binary analysis
|
* [angr](https://github.com/angr/angr) - Platform-agnostic binary analysis
|
||||||
framework developed at UCSB's Seclab.
|
framework developed at UCSB's Seclab.
|
||||||
* [bamfdetect](https://github.com/bwall/bamfdetect) - Identifies and extracts
|
* [bamfdetect](https://github.com/bwall/bamfdetect) - Identifies and extracts
|
||||||
information from bots and other malware.
|
information from bots and other malware.
|
||||||
* [BARF](https://github.com/programa-stic/barf-project) - Multiplatform, open
|
* [BARF](https://github.com/programa-stic/barf-project) - Multiplatform, open
|
||||||
source Binary Analysis and Reverse engineering Framework.
|
source Binary Analysis and Reverse engineering Framework.
|
||||||
|
|
@ -463,7 +463,7 @@ the [browser malware](#browser-malware) section.*
|
||||||
analysis.
|
analysis.
|
||||||
* [Radare2](http://www.radare.org/r/) - Reverse engineering framework, with
|
* [Radare2](http://www.radare.org/r/) - Reverse engineering framework, with
|
||||||
debugger support.
|
debugger support.
|
||||||
* [ROPMEMU](https://github.com/vrtadmin/ROPMEMU) - A framework to analyze, dissect
|
* [ROPMEMU](https://github.com/vrtadmin/ROPMEMU) - A framework to analyze, dissect
|
||||||
and decompile complex code-reuse attacks.
|
and decompile complex code-reuse attacks.
|
||||||
* [SMRT](https://github.com/pidydx/SMRT) - Sublime Malware Research Tool, a
|
* [SMRT](https://github.com/pidydx/SMRT) - Sublime Malware Research Tool, a
|
||||||
plugin for Sublime 3 to aid with malware analyis.
|
plugin for Sublime 3 to aid with malware analyis.
|
||||||
|
|
@ -541,8 +541,8 @@ the [browser malware](#browser-malware) section.*
|
||||||
memory forensics framework.
|
memory forensics framework.
|
||||||
* [VolUtility](https://github.com/kevthehermit/VolUtility) - Web Interface for
|
* [VolUtility](https://github.com/kevthehermit/VolUtility) - Web Interface for
|
||||||
Volatility Memory Analysis framework.
|
Volatility Memory Analysis framework.
|
||||||
* [WinDbg](https://msdn.microsoft.com/en-us/windows/hardware/hh852365) - Live
|
* [WinDbg](https://developer.microsoft.com/en-us/windows/hardware/windows-driver-kit) -
|
||||||
memory inspection and kernel debugging for Windows systems.
|
Live memory inspection and kernel debugging for Windows systems.
|
||||||
|
|
||||||
## Windows Artifacts
|
## Windows Artifacts
|
||||||
|
|
||||||
|
|
@ -564,20 +564,20 @@ the [browser malware](#browser-malware) section.*
|
||||||
malware and threat repository.
|
malware and threat repository.
|
||||||
* [Malwarehouse](https://github.com/sroberts/malwarehouse) - Store, tag, and
|
* [Malwarehouse](https://github.com/sroberts/malwarehouse) - Store, tag, and
|
||||||
search malware.
|
search malware.
|
||||||
* [Polichombr](https://github.com/ANSSI-FR/polichombr) - A malware analysis
|
* [Polichombr](https://github.com/ANSSI-FR/polichombr) - A malware analysis
|
||||||
platform designed to help analysts to reverse malwares collaboratively.
|
platform designed to help analysts to reverse malwares collaboratively.
|
||||||
* [Viper](http://viper.li/) - A binary management and analysis framework for
|
* [Viper](http://viper.li/) - A binary management and analysis framework for
|
||||||
analysts and researchers.
|
analysts and researchers.
|
||||||
|
|
||||||
## Miscellaneous
|
## Miscellaneous
|
||||||
|
|
||||||
* [al-khaser](https://github.com/LordNoteworthy/al-khaser) - A PoC malware
|
* [al-khaser](https://github.com/LordNoteworthy/al-khaser) - A PoC malware
|
||||||
with good intentions that aimes to stress anti-malware systems.
|
with good intentions that aimes to stress anti-malware systems.
|
||||||
* [Binarly](http://binar.ly/) - Search engine for bytes in a large corpus
|
* [Binarly](http://www.binar.ly/search) - Search engine for bytes in a large
|
||||||
of malware.
|
corpus of malware.
|
||||||
* [DC3-MWCP](https://github.com/Defense-Cyber-Crime-Center/DC3-MWCP) -
|
* [DC3-MWCP](https://github.com/Defense-Cyber-Crime-Center/DC3-MWCP) -
|
||||||
The Defense Cyber Crime Center's Malware Configuration Parser framework.
|
The Defense Cyber Crime Center's Malware Configuration Parser framework.
|
||||||
* [MalSploitBase](https://github.com/misterch0c/malSploitBase) - A database
|
* [MalSploitBase](https://github.com/misterch0c/malSploitBase) - A database
|
||||||
containing exploits used by malware.
|
containing exploits used by malware.
|
||||||
* [Pafish](https://github.com/a0rtega/pafish) - Paranoid Fish, a demonstration
|
* [Pafish](https://github.com/a0rtega/pafish) - Paranoid Fish, a demonstration
|
||||||
tool that employs several techniques to detect sandboxes and analysis
|
tool that employs several techniques to detect sandboxes and analysis
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user