mirror of
https://github.com/rshipp/awesome-malware-analysis.git
synced 2024-06-28 20:42:11 +00:00
Compare commits
11 Commits
d97a0d193d
...
a444efde8a
Author | SHA1 | Date | |
---|---|---|---|
|
a444efde8a | ||
|
a3f07a0452 | ||
|
d9be38e887 | ||
|
19554e7df1 | ||
|
73a5b0c76c | ||
|
8541aedf3f | ||
|
4790b43f92 | ||
|
16e814114d | ||
|
6d6e44b320 | ||
|
9dbc8c084f | ||
|
1037a22b1a |
41
README.md
41
README.md
|
@ -6,26 +6,27 @@ A curated list of awesome malware analysis tools and resources. Inspired by
|
||||||
|
|
||||||
[![Drop ICE](drop.png)](https://twitter.com/githubbers/status/1182017616740663296)
|
[![Drop ICE](drop.png)](https://twitter.com/githubbers/status/1182017616740663296)
|
||||||
|
|
||||||
- [Malware Collection](#malware-collection)
|
- [Awesome Malware Analysis ![Awesome](https://github.com/sindresorhus/awesome)](#awesome-malware-analysis-)
|
||||||
|
- [Malware Collection](#malware-collection)
|
||||||
- [Anonymizers](#anonymizers)
|
- [Anonymizers](#anonymizers)
|
||||||
- [Honeypots](#honeypots)
|
- [Honeypots](#honeypots)
|
||||||
- [Malware Corpora](#malware-corpora)
|
- [Malware Corpora](#malware-corpora)
|
||||||
- [Open Source Threat Intelligence](#open-source-threat-intelligence)
|
- [Open Source Threat Intelligence](#open-source-threat-intelligence)
|
||||||
- [Tools](#tools)
|
- [Tools](#tools)
|
||||||
- [Other Resources](#other-resources)
|
- [Other Resources](#other-resources)
|
||||||
- [Detection and Classification](#detection-and-classification)
|
- [Detection and Classification](#detection-and-classification)
|
||||||
- [Online Scanners and Sandboxes](#online-scanners-and-sandboxes)
|
- [Online Scanners and Sandboxes](#online-scanners-and-sandboxes)
|
||||||
- [Domain Analysis](#domain-analysis)
|
- [Domain Analysis](#domain-analysis)
|
||||||
- [Browser Malware](#browser-malware)
|
- [Browser Malware](#browser-malware)
|
||||||
- [Documents and Shellcode](#documents-and-shellcode)
|
- [Documents and Shellcode](#documents-and-shellcode)
|
||||||
- [File Carving](#file-carving)
|
- [File Carving](#file-carving)
|
||||||
- [Deobfuscation](#deobfuscation)
|
- [Deobfuscation](#deobfuscation)
|
||||||
- [Debugging and Reverse Engineering](#debugging-and-reverse-engineering)
|
- [Debugging and Reverse Engineering](#debugging-and-reverse-engineering)
|
||||||
- [Network](#network)
|
- [Network](#network)
|
||||||
- [Memory Forensics](#memory-forensics)
|
- [Memory Forensics](#memory-forensics)
|
||||||
- [Windows Artifacts](#windows-artifacts)
|
- [Windows Artifacts](#windows-artifacts)
|
||||||
- [Storage and Workflow](#storage-and-workflow)
|
- [Storage and Workflow](#storage-and-workflow)
|
||||||
- [Miscellaneous](#miscellaneous)
|
- [Miscellaneous](#miscellaneous)
|
||||||
- [Resources](#resources)
|
- [Resources](#resources)
|
||||||
- [Books](#books)
|
- [Books](#books)
|
||||||
- [Other](#other)
|
- [Other](#other)
|
||||||
|
@ -222,8 +223,7 @@ View Chinese translation: [恶意软件分析大合集.md](恶意软件分析大
|
||||||
|
|
||||||
* [AnalyzePE](https://github.com/hiddenillusion/AnalyzePE) - Wrapper for a
|
* [AnalyzePE](https://github.com/hiddenillusion/AnalyzePE) - Wrapper for a
|
||||||
variety of tools for reporting on Windows PE files.
|
variety of tools for reporting on Windows PE files.
|
||||||
* [Assemblyline](https://bitbucket.org/cse-assemblyline/assemblyline) - A scalable
|
* [Assemblyline](https://cybercentrecanada.github.io/assemblyline4_docs/) - A scalable file triage and malware analysis system integrating the cyber security community's best tools..
|
||||||
distributed file analysis framework.
|
|
||||||
* [BinaryAlert](https://github.com/airbnb/binaryalert) - An open source, serverless
|
* [BinaryAlert](https://github.com/airbnb/binaryalert) - An open source, serverless
|
||||||
AWS pipeline that scans and alerts on uploaded files based on a set of
|
AWS pipeline that scans and alerts on uploaded files based on a set of
|
||||||
YARA rules.
|
YARA rules.
|
||||||
|
@ -257,7 +257,7 @@ executables.
|
||||||
* [Nauz File Detector(NFD)](https://github.com/horsicq/Nauz-File-Detector) - Linker/Compiler/Tool detector for Windows, Linux and MacOS.
|
* [Nauz File Detector(NFD)](https://github.com/horsicq/Nauz-File-Detector) - Linker/Compiler/Tool detector for Windows, Linux and MacOS.
|
||||||
* [nsrllookup](https://github.com/rjhansen/nsrllookup) - A tool for looking
|
* [nsrllookup](https://github.com/rjhansen/nsrllookup) - A tool for looking
|
||||||
up hashes in NIST's National Software Reference Library database.
|
up hashes in NIST's National Software Reference Library database.
|
||||||
* [packerid](http://handlers.sans.org/jclausing/packerid.py) - A cross-platform
|
* [packerid](https://github.com/sooshie/packerid) - A cross-platform
|
||||||
Python alternative to PEiD.
|
Python alternative to PEiD.
|
||||||
* [PE-bear](https://hshrzd.wordpress.com/pe-bear/) - Reversing tool for PE
|
* [PE-bear](https://hshrzd.wordpress.com/pe-bear/) - Reversing tool for PE
|
||||||
files.
|
files.
|
||||||
|
@ -265,6 +265,7 @@ executables.
|
||||||
* [PEV](http://pev.sourceforge.net/) - A multiplatform toolkit to work with PE
|
* [PEV](http://pev.sourceforge.net/) - A multiplatform toolkit to work with PE
|
||||||
files, providing feature-rich tools for proper analysis of suspicious binaries.
|
files, providing feature-rich tools for proper analysis of suspicious binaries.
|
||||||
* [PortEx](https://github.com/katjahahn/PortEx) - Java library to analyse PE files with a special focus on malware analysis and PE malformation robustness.
|
* [PortEx](https://github.com/katjahahn/PortEx) - Java library to analyse PE files with a special focus on malware analysis and PE malformation robustness.
|
||||||
|
* [python_mmdt](https://github.com/a232319779/python_mmdt) - Malicious code detection tool based on local sensitive hashing and machine learning.
|
||||||
* [Quark-Engine](https://github.com/quark-engine/quark-engine) - An Obfuscation-Neglect Android Malware Scoring System
|
* [Quark-Engine](https://github.com/quark-engine/quark-engine) - An Obfuscation-Neglect Android Malware Scoring System
|
||||||
* [Rootkit Hunter](http://rkhunter.sourceforge.net/) - Detect Linux rootkits.
|
* [Rootkit Hunter](http://rkhunter.sourceforge.net/) - Detect Linux rootkits.
|
||||||
* [ssdeep](https://ssdeep-project.github.io/ssdeep/) - Compute fuzzy hashes.
|
* [ssdeep](https://ssdeep-project.github.io/ssdeep/) - Compute fuzzy hashes.
|
||||||
|
@ -621,6 +622,8 @@ the [browser malware](#browser-malware) section.*
|
||||||
analysis.
|
analysis.
|
||||||
* [PyREBox](https://github.com/Cisco-Talos/pyrebox) - Python scriptable reverse
|
* [PyREBox](https://github.com/Cisco-Talos/pyrebox) - Python scriptable reverse
|
||||||
engineering sandbox by the Talos team at Cisco.
|
engineering sandbox by the Talos team at Cisco.
|
||||||
|
* [Qiling Framework](https://www.qiling.io/) - Cross platform emulation and sanboxing
|
||||||
|
framework with instruments for binary analysis.
|
||||||
* [QKD](https://github.com/ispras/qemu/releases/) - QEMU with embedded WinDbg
|
* [QKD](https://github.com/ispras/qemu/releases/) - QEMU with embedded WinDbg
|
||||||
server for stealth debugging.
|
server for stealth debugging.
|
||||||
* [Radare2](http://www.radare.org/r/) - Reverse engineering framework, with
|
* [Radare2](http://www.radare.org/r/) - Reverse engineering framework, with
|
||||||
|
@ -727,6 +730,8 @@ the [browser malware](#browser-malware) section.*
|
||||||
code integrity and write support.
|
code integrity and write support.
|
||||||
* [Muninn](https://github.com/ytisf/muninn) - A script to automate portions
|
* [Muninn](https://github.com/ytisf/muninn) - A script to automate portions
|
||||||
of analysis using Volatility, and create a readable report.
|
of analysis using Volatility, and create a readable report.
|
||||||
|
[Orochi](https://github.com/LDO-CERT/orochi) - Orochi is an open source framework for
|
||||||
|
collaborative forensic memory dump analysis.
|
||||||
* [Rekall](http://www.rekall-forensic.com/) - Memory analysis framework,
|
* [Rekall](http://www.rekall-forensic.com/) - Memory analysis framework,
|
||||||
forked from Volatility in 2013.
|
forked from Volatility in 2013.
|
||||||
* [TotalRecall](https://github.com/sketchymoose/TotalRecall) - Script based
|
* [TotalRecall](https://github.com/sketchymoose/TotalRecall) - Script based
|
||||||
|
|
38
恶意软件分析大合集.md
38
恶意软件分析大合集.md
|
@ -3,31 +3,32 @@
|
||||||
|
|
||||||
这个列表记录着那些令人称赞的恶意软件分析工具和资源。受到 [awesome-python](https://github.com/vinta/awesome-python) 和 [awesome-php](https://github.com/ziadoz/awesome-php) 的启迪。
|
这个列表记录着那些令人称赞的恶意软件分析工具和资源。受到 [awesome-python](https://github.com/vinta/awesome-python) 和 [awesome-php](https://github.com/ziadoz/awesome-php) 的启迪。
|
||||||
|
|
||||||
- [恶意软件集合](#恶意软件集合)
|
- [恶意软件分析大合集 ![Awesome](https://github.com/sindresorhus/awesome)](#恶意软件分析大合集-)
|
||||||
|
- [恶意软件集合](#恶意软件集合)
|
||||||
- [匿名代理](#匿名代理)
|
- [匿名代理](#匿名代理)
|
||||||
- [蜜罐](#蜜罐)
|
- [蜜罐](#蜜罐)
|
||||||
- [恶意软件样本库](#恶意软件样本库)
|
- [恶意软件样本库](#恶意软件样本库)
|
||||||
- [开源威胁情报](#开源威胁情报)
|
- [开源威胁情报](#开源威胁情报)
|
||||||
- [工具](#工具)
|
- [工具](#工具)
|
||||||
- [其他资源](#其他资源)
|
- [其他资源](#其他资源)
|
||||||
- [检测与分类](#检测与分类)
|
- [检测与分类](#检测与分类)
|
||||||
- [在线扫描与沙盒](#在线扫描与沙盒)
|
- [在线扫描与沙盒](#在线扫描与沙盒)
|
||||||
- [域名分析](#域名分析)
|
- [域名分析](#域名分析)
|
||||||
- [浏览器恶意软件](#浏览器恶意软件)
|
- [浏览器恶意软件](#浏览器恶意软件)
|
||||||
- [文档和 Shellcode](#文档和-Shellcode)
|
- [文档和 Shellcode](#文档和-shellcode)
|
||||||
- [文件提取](#文件提取)
|
- [文件提取](#文件提取)
|
||||||
- [去混淆](#去混淆)
|
- [去混淆](#去混淆)
|
||||||
- [调试与逆向工程](#调试与逆向工程)
|
- [调试和逆向工程](#调试和逆向工程)
|
||||||
- [网络](#网络)
|
- [网络](#网络)
|
||||||
- [内存取证](#内存取证)
|
- [内存取证](#内存取证)
|
||||||
- [Windows 神器](#Windows-神器)
|
- [Windows 神器](#windows-神器)
|
||||||
- [存储和工作流](#存储和工作流)
|
- [存储和工作流](#存储和工作流)
|
||||||
- [杂项](#杂项)
|
- [杂项](#杂项)
|
||||||
- [资源](#资源)
|
- [资源](#资源)
|
||||||
- [书籍](#书籍)
|
- [书籍](#书籍)
|
||||||
- [其它](#其它)
|
- [其它](#其它)
|
||||||
- [相关 Awesome 清单](#相关-Awesome-清单)
|
- [相关 Awesome 清单](#相关-awesome-清单)
|
||||||
- [贡献者](#做出贡献)
|
- [做出贡献](#做出贡献)
|
||||||
- [致谢](#致谢)
|
- [致谢](#致谢)
|
||||||
|
|
||||||
---
|
---
|
||||||
|
@ -153,7 +154,7 @@
|
||||||
*反病毒和其他恶意软件识别工具*
|
*反病毒和其他恶意软件识别工具*
|
||||||
|
|
||||||
* [AnalyzePE](https://github.com/hiddenillusion/AnalyzePE) - Windows PE 文件的分析器
|
* [AnalyzePE](https://github.com/hiddenillusion/AnalyzePE) - Windows PE 文件的分析器
|
||||||
* [Assemblyline](https://bitbucket.org/cse-assemblyline/assemblyline) - 大规模分布式文件分析框架
|
* [Assemblyline](https://cybercentrecanada.github.io/assemblyline4_docs/) - 大规模分布式文件分析框架
|
||||||
* [BinaryAlert](https://github.com/airbnb/binaryalert) - 开源、无服务 AWS 管道,用于对上传的文件使用 YARA 进行扫描和报警
|
* [BinaryAlert](https://github.com/airbnb/binaryalert) - 开源、无服务 AWS 管道,用于对上传的文件使用 YARA 进行扫描和报警
|
||||||
* [capa](https://github.com/fireeye/capa) - 检测可执行文件的攻击能力
|
* [capa](https://github.com/fireeye/capa) - 检测可执行文件的攻击能力
|
||||||
* [chkrootkit](http://www.chkrootkit.org/) - 本地 Linux rootkit 检测
|
* [chkrootkit](http://www.chkrootkit.org/) - 本地 Linux rootkit 检测
|
||||||
|
@ -177,6 +178,7 @@
|
||||||
* [PEframe](https://github.com/guelfoweb/peframe) - PEframe 可以对 PE 文件与 Office 文档文件进行静态分析
|
* [PEframe](https://github.com/guelfoweb/peframe) - PEframe 可以对 PE 文件与 Office 文档文件进行静态分析
|
||||||
* [PEV](http://pev.sourceforge.net/) - 为正确分析可疑的二进制文件提供功能丰富工具的 PE 文件多平台分析工具集
|
* [PEV](http://pev.sourceforge.net/) - 为正确分析可疑的二进制文件提供功能丰富工具的 PE 文件多平台分析工具集
|
||||||
* [PortEx](https://github.com/katjahahn/PortEx) - 聚焦于与 PE 文件相关恶意软件分析的 Java 库
|
* [PortEx](https://github.com/katjahahn/PortEx) - 聚焦于与 PE 文件相关恶意软件分析的 Java 库
|
||||||
|
* [python_mmdt](https://github.com/a232319779/python_mmdt) - 基于局部敏感哈希与机器学习的恶意代码检测工具
|
||||||
* [Quark-Engine](https://github.com/quark-engine/quark-engine) - 能够对抗混淆的 Android 恶意软件评估系统
|
* [Quark-Engine](https://github.com/quark-engine/quark-engine) - 能够对抗混淆的 Android 恶意软件评估系统
|
||||||
* [Rootkit Hunter](http://rkhunter.sourceforge.net/) - 检测 Linux 的 rootkits
|
* [Rootkit Hunter](http://rkhunter.sourceforge.net/) - 检测 Linux 的 rootkits
|
||||||
* [ssdeep](https://ssdeep-project.github.io/ssdeep/) - 计算模糊哈希值
|
* [ssdeep](https://ssdeep-project.github.io/ssdeep/) - 计算模糊哈希值
|
||||||
|
|
Loading…
Reference in New Issue
Block a user