mirror of
https://github.com/rshipp/awesome-malware-analysis.git
synced 2024-09-28 17:15:56 +00:00
Compare commits
1 Commits
3e97df9ec1
...
6f582435f0
Author | SHA1 | Date | |
---|---|---|---|
|
6f582435f0 |
19
README.md
19
README.md
@ -222,7 +222,8 @@ View Chinese translation: [恶意软件分析大合集.md](恶意软件分析大
|
|||||||
|
|
||||||
* [AnalyzePE](https://github.com/hiddenillusion/AnalyzePE) - Wrapper for a
|
* [AnalyzePE](https://github.com/hiddenillusion/AnalyzePE) - Wrapper for a
|
||||||
variety of tools for reporting on Windows PE files.
|
variety of tools for reporting on Windows PE files.
|
||||||
* [Assemblyline](https://cybercentrecanada.github.io/assemblyline4_docs/) - A scalable file triage and malware analysis system integrating the cyber security community's best tools..
|
* [Assemblyline](https://bitbucket.org/cse-assemblyline/assemblyline) - A scalable
|
||||||
|
distributed file analysis framework.
|
||||||
* [BinaryAlert](https://github.com/airbnb/binaryalert) - An open source, serverless
|
* [BinaryAlert](https://github.com/airbnb/binaryalert) - An open source, serverless
|
||||||
AWS pipeline that scans and alerts on uploaded files based on a set of
|
AWS pipeline that scans and alerts on uploaded files based on a set of
|
||||||
YARA rules.
|
YARA rules.
|
||||||
@ -256,7 +257,7 @@ executables.
|
|||||||
* [Nauz File Detector(NFD)](https://github.com/horsicq/Nauz-File-Detector) - Linker/Compiler/Tool detector for Windows, Linux and MacOS.
|
* [Nauz File Detector(NFD)](https://github.com/horsicq/Nauz-File-Detector) - Linker/Compiler/Tool detector for Windows, Linux and MacOS.
|
||||||
* [nsrllookup](https://github.com/rjhansen/nsrllookup) - A tool for looking
|
* [nsrllookup](https://github.com/rjhansen/nsrllookup) - A tool for looking
|
||||||
up hashes in NIST's National Software Reference Library database.
|
up hashes in NIST's National Software Reference Library database.
|
||||||
* [packerid](https://github.com/sooshie/packerid) - A cross-platform
|
* [packerid](http://handlers.sans.org/jclausing/packerid.py) - A cross-platform
|
||||||
Python alternative to PEiD.
|
Python alternative to PEiD.
|
||||||
* [PE-bear](https://hshrzd.wordpress.com/pe-bear/) - Reversing tool for PE
|
* [PE-bear](https://hshrzd.wordpress.com/pe-bear/) - Reversing tool for PE
|
||||||
files.
|
files.
|
||||||
@ -287,6 +288,8 @@ executables.
|
|||||||
* [any.run](https://app.any.run/) - Online interactive sandbox.
|
* [any.run](https://app.any.run/) - Online interactive sandbox.
|
||||||
* [AndroTotal](https://andrototal.org/) - Free online analysis of APKs
|
* [AndroTotal](https://andrototal.org/) - Free online analysis of APKs
|
||||||
against multiple mobile antivirus apps.
|
against multiple mobile antivirus apps.
|
||||||
|
* [AVCaesar](https://avcaesar.malware.lu/) - Malware.lu online scanner and
|
||||||
|
malware repository.
|
||||||
* [BoomBox](https://github.com/nbeede/BoomBox) - Automatic deployment of Cuckoo
|
* [BoomBox](https://github.com/nbeede/BoomBox) - Automatic deployment of Cuckoo
|
||||||
Sandbox malware lab using Packer and Vagrant.
|
Sandbox malware lab using Packer and Vagrant.
|
||||||
* [Cryptam](http://www.cryptam.com/) - Analyze suspicious office documents.
|
* [Cryptam](http://www.cryptam.com/) - Analyze suspicious office documents.
|
||||||
@ -384,7 +387,7 @@ executables.
|
|||||||
accounts.
|
accounts.
|
||||||
* [PhishStats](https://phishstats.info/) - Phishing Statistics with search for
|
* [PhishStats](https://phishstats.info/) - Phishing Statistics with search for
|
||||||
IP, domain and website title
|
IP, domain and website title
|
||||||
* [Spyse](https://spyse.com/) - subdomains, whois, realted domains, DNS, hosts AS, SSL/TLS info,
|
* [Spyse](https://spyse.com/) - subdomains, whois, realted domains, DNS, hosts AS, SSL/TLS info,
|
||||||
* [SecurityTrails](https://securitytrails.com/) - Historical and current WHOIS,
|
* [SecurityTrails](https://securitytrails.com/) - Historical and current WHOIS,
|
||||||
historical and current DNS records, similar domains, certificate information
|
historical and current DNS records, similar domains, certificate information
|
||||||
and other domain and IP related API and tools.
|
and other domain and IP related API and tools.
|
||||||
@ -620,8 +623,6 @@ the [browser malware](#browser-malware) section.*
|
|||||||
analysis.
|
analysis.
|
||||||
* [PyREBox](https://github.com/Cisco-Talos/pyrebox) - Python scriptable reverse
|
* [PyREBox](https://github.com/Cisco-Talos/pyrebox) - Python scriptable reverse
|
||||||
engineering sandbox by the Talos team at Cisco.
|
engineering sandbox by the Talos team at Cisco.
|
||||||
* [Qiling Framework](https://www.qiling.io/) - Cross platform emulation and sanboxing
|
|
||||||
framework with instruments for binary analysis.
|
|
||||||
* [QKD](https://github.com/ispras/qemu/releases/) - QEMU with embedded WinDbg
|
* [QKD](https://github.com/ispras/qemu/releases/) - QEMU with embedded WinDbg
|
||||||
server for stealth debugging.
|
server for stealth debugging.
|
||||||
* [Radare2](http://www.radare.org/r/) - Reverse engineering framework, with
|
* [Radare2](http://www.radare.org/r/) - Reverse engineering framework, with
|
||||||
@ -641,7 +642,7 @@ the [browser malware](#browser-malware) section.*
|
|||||||
plugin for Sublime 3 to aid with malware analyis.
|
plugin for Sublime 3 to aid with malware analyis.
|
||||||
* [strace](https://sourceforge.net/projects/strace/) - Dynamic analysis for
|
* [strace](https://sourceforge.net/projects/strace/) - Dynamic analysis for
|
||||||
Linux executables.
|
Linux executables.
|
||||||
* [StringSifter](https://github.com/fireeye/stringsifter) - A machine learning tool
|
* [StringSifter](https://github.com/fireeye/stringsifter) - A machine learning tool
|
||||||
that automatically ranks strings based on their relevance for malware analysis.
|
that automatically ranks strings based on their relevance for malware analysis.
|
||||||
* [Triton](https://triton.quarkslab.com/) - A dynamic binary analysis (DBA) framework.
|
* [Triton](https://triton.quarkslab.com/) - A dynamic binary analysis (DBA) framework.
|
||||||
* [Udis86](https://github.com/vmt/udis86) - Disassembler library and tool
|
* [Udis86](https://github.com/vmt/udis86) - Disassembler library and tool
|
||||||
@ -728,8 +729,6 @@ the [browser malware](#browser-malware) section.*
|
|||||||
code integrity and write support.
|
code integrity and write support.
|
||||||
* [Muninn](https://github.com/ytisf/muninn) - A script to automate portions
|
* [Muninn](https://github.com/ytisf/muninn) - A script to automate portions
|
||||||
of analysis using Volatility, and create a readable report.
|
of analysis using Volatility, and create a readable report.
|
||||||
[Orochi](https://github.com/LDO-CERT/orochi) - Orochi is an open source framework for
|
|
||||||
collaborative forensic memory dump analysis.
|
|
||||||
* [Rekall](http://www.rekall-forensic.com/) - Memory analysis framework,
|
* [Rekall](http://www.rekall-forensic.com/) - Memory analysis framework,
|
||||||
forked from Volatility in 2013.
|
forked from Volatility in 2013.
|
||||||
* [TotalRecall](https://github.com/sketchymoose/TotalRecall) - Script based
|
* [TotalRecall](https://github.com/sketchymoose/TotalRecall) - Script based
|
||||||
@ -851,8 +850,8 @@ the [browser malware](#browser-malware) section.*
|
|||||||
Presentation introducing the concepts of malware analysis, threat intelligence
|
Presentation introducing the concepts of malware analysis, threat intelligence
|
||||||
and reverse engineering. Experience or prior knowledge is not required. Labs
|
and reverse engineering. Experience or prior knowledge is not required. Labs
|
||||||
link in description.
|
link in description.
|
||||||
* [Malware Persistence](https://github.com/Karneades/malware-persistence) - Collection
|
* [Malware Persistence](https://github.com/Karneades/malware-persistence) - Collection
|
||||||
of various information focused on malware persistence: detection (techniques),
|
of various information focused on malware persistence: detection (techniques),
|
||||||
response, pitfalls and the log collection (tools).
|
response, pitfalls and the log collection (tools).
|
||||||
* [Malware Samples and Traffic](http://malware-traffic-analysis.net/) - This
|
* [Malware Samples and Traffic](http://malware-traffic-analysis.net/) - This
|
||||||
blog focuses on network traffic related to malware infections.
|
blog focuses on network traffic related to malware infections.
|
||||||
|
@ -153,7 +153,7 @@
|
|||||||
*反病毒和其他恶意软件识别工具*
|
*反病毒和其他恶意软件识别工具*
|
||||||
|
|
||||||
* [AnalyzePE](https://github.com/hiddenillusion/AnalyzePE) - Windows PE 文件的分析器
|
* [AnalyzePE](https://github.com/hiddenillusion/AnalyzePE) - Windows PE 文件的分析器
|
||||||
* [Assemblyline](https://cybercentrecanada.github.io/assemblyline4_docs/) - 大规模分布式文件分析框架
|
* [Assemblyline](https://bitbucket.org/cse-assemblyline/assemblyline) - 大规模分布式文件分析框架
|
||||||
* [BinaryAlert](https://github.com/airbnb/binaryalert) - 开源、无服务 AWS 管道,用于对上传的文件使用 YARA 进行扫描和报警
|
* [BinaryAlert](https://github.com/airbnb/binaryalert) - 开源、无服务 AWS 管道,用于对上传的文件使用 YARA 进行扫描和报警
|
||||||
* [capa](https://github.com/fireeye/capa) - 检测可执行文件的攻击能力
|
* [capa](https://github.com/fireeye/capa) - 检测可执行文件的攻击能力
|
||||||
* [chkrootkit](http://www.chkrootkit.org/) - 本地 Linux rootkit 检测
|
* [chkrootkit](http://www.chkrootkit.org/) - 本地 Linux rootkit 检测
|
||||||
@ -342,7 +342,7 @@
|
|||||||
* [Capstone](https://github.com/aquynh/capstone) - 二进制分析反汇编框架,支持多种架构和许多语言
|
* [Capstone](https://github.com/aquynh/capstone) - 二进制分析反汇编框架,支持多种架构和许多语言
|
||||||
* [codebro](https://github.com/hugsy/codebro) - 使用 clang 提供基础代码分析的 Web 端代码浏览器
|
* [codebro](https://github.com/hugsy/codebro) - 使用 clang 提供基础代码分析的 Web 端代码浏览器
|
||||||
* [Cutter](https://github.com/radareorg/cutter) - Radare2 的 GUI
|
* [Cutter](https://github.com/radareorg/cutter) - Radare2 的 GUI
|
||||||
* [DECAF (Dynamic Executable Code Analysis Framework)](https://github.com/sycurelab/DECAF)
|
* [DECAF (Dynamic Executable Code Analysis Framework)](https://github.com/sycurelab/DECAF)
|
||||||
- 基于 QEMU 的二进制分析平台,DroidScope 是 DECAF 的扩展
|
- 基于 QEMU 的二进制分析平台,DroidScope 是 DECAF 的扩展
|
||||||
* [dnSpy](https://github.com/0xd4d/dnSpy) - .NET 编辑器、编译器、调试器
|
* [dnSpy](https://github.com/0xd4d/dnSpy) - .NET 编辑器、编译器、调试器
|
||||||
* [dotPeek](https://www.jetbrains.com/decompiler/) - 免费 .NET 反编译与汇编浏览器
|
* [dotPeek](https://www.jetbrains.com/decompiler/) - 免费 .NET 反编译与汇编浏览器
|
||||||
|
Loading…
Reference in New Issue
Block a user