# Awesome Malware Analysis A curated list of awesome malware analysis tools and resources. Inspired by [awesome-python](https://github.com/vinta/awesome-python) and [awesome-php](https://github.com/ziadoz/awesome-php). - [Awesome Malware Analysis](#awesome-malware-analysis) - [Malware Collection](#malware-collection) - [Anonymizers](#anonymizers) - [Honeypots](#honeypots) - [Malware Corpora](#malware-corpora) - [Detection and Classification](#detection-and-classification) - [Online Scanners and Sandboxes](#online-scanners-and-sandboxes) - [Domain Analysis](#domain-analysis) - [Documents and Shellcode](#documents-and-shellcode) - [File Carving](#file-carving) - [Deobfuscation](#deobfuscation) - [Static Executable Analysis](#static-executable-analysis) - [Windows Binaries](#windows-binaries) - [Linux Binaries](#linux-binaries) - [Debugging](#debugging) - [Network](#network) - [Memory Forensics](#memory-forensics) - [Miscellaneous](#miscellaneous) - [Resources](#resources) - [Books](#books) - [Twitter](#twitter) - [Other](#other) - [Related Awesome Lists](#related-awesome-lists) - [Contributing](#contributing) --- ## Malware Collection ### Anonymizers *Web traffic anonymizers for analysts.* * [Anonymouse.org](http://anonymouse.org/) - A free, web based anonymizer. * [OpenVPN](https://openvpn.net/) - VPN software and hosting solutions. * [Privoxy](http://www.privoxy.org/) - An open source proxy server with some privacy features. * [Tor](https://www.torproject.org/) - The Onion Router, for browsing the web without leaving traces of the client IP. ### Honeypots *Trap and collect your own samples.* * [Thug](https://github.com/buffer/thug) - Low interaction honeyclient, for investigating malicious websites. ### Malware Corpora *Malware samples collected for analysis.* * [Clean MX](http://support.clean-mx.de/clean-mx/viruses.php) - Realtime database of malware and malicious domains. * [Contagio](http://contagiodump.blogspot.com/) - A collection of recent malware samples and analyses. * [Exploit Database](https://www.exploit-db.com/) - Exploit and shellcode samples. * [Zeltser's Sources](https://zeltser.com/malware-sample-sources/) - A list of malware sample sources put together by Lenny Zeltser. ## Detection and Classification *Antivirus and other malware identification tools* * [AnalyzePE](https://github.com/hiddenillusion/AnalyzePE) - Wrapper for a variety of tools for reporting on Windows PE files. * [ClamAV](http://www.clamav.net/index.html) - Open source antivirus engine. * [YARA](https://plusvic.github.io/yara/) - Pattern matching tool for analysts. ## Online Scanners and Sandboxes * [Cuckoo Sandbox](http://cuckoosandbox.org/) - Open source, self hosted sandbox and automated analysis system. * [Jotti]() - Free online multi-AV scanner. * [Malwr]() - Free analysis with an online Cuckoo Sandbox instance. * [VirusTotal](https://www.virustotal.com/) - Free online analysis of malware samples and URLs * [Zeltser's List](https://zeltser.com/automated-malware-analysis/) - Free automated sandboxes and services, compiled by Lenny Zeltser. ## Domain Analysis *Inspect domains and IP addresses.* * [Dig](http://networking.ringofsaturn.com/) - Free online dig and other network tools. * [IPinfo](https://github.com/hiddenillusion/IPinfo) - Gather information about an IP or domain by searching online resources. * [Whois](http://whois.domaintools.com/) - DomainTools free online whois search. * [Zeltser's List](https://zeltser.com/lookup-malicious-websites/) - Free online tools for researching malicious websites, compiled by Lenny Zeltser. ## Documents and Shellcode * [AnalyzePDF](https://github.com/hiddenillusion/AnalyzePDF) - A tool for analyzing PDFs and attempting to determine whether they are malicious. * [diStorm](http://www.ragestorm.net/distorm/) - Disassembler for analyzing malicious shellcode. * [JSDetox](http://www.relentless-coding.com/projects/jsdetox/) - JavaScript malware analysis tool. * [jsunpack-n](https://code.google.com/p/jsunpack-n/) - A javascript unpacker that emulates browser functionality. * [libemu](http://libemu.carnivore.it/) - Library and tools for x86 shellcode emulation. * [malpdfobj](https://github.com/9b/malpdfobj) - Deconstruct malicious PDFs into a JSON representation. * [OfficeMalScanner](http://www.reconstructer.org/code.html) - Scan for malicious traces in MS Office documents. * [officeparser](https://github.com/unixfreak0037/officeparser) - A Python script for parsing the MS Office OLE document format. * [Origami PDF](https://code.google.com/p/origami-pdf/) - A tool for analyzing malicious PDFs, and more. * [PDF Tools](http://blog.didierstevens.com/programs/pdf-tools/) - pdfid, pdf-parser, and more from Didier Stevens. * [PDF X-Ray Lite](https://github.com/9b/pdfxray_lite) - A PDF analysis tool, the backend-free version of PDF X-RAY. * [peepdf](http://eternal-todo.com/tools/peepdf-pdf-analysis-tool) - Python tool for exploring possibly malicious PDFs. * [Spidermonkey](https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey) - Mozilla's JavaScript engine, for debugging malicious JS. ## Memory Forensics *Tools for dissecting malware in memory images or running systems.* * [FindAES](https://jessekornblum.livejournal.com/269749.html) - Find AES encryption keys in memory. * [Rekall](http://www.rekall-forensic.com/) - Memory analysis framework, forked from Volatility in 2013. * [TotalRecall](https://github.com/sketchymoose/TotalRecall) - Script based on Volatility for automating various malware analysis tasks. * [Volatility](https://github.com/volatilityfoundation/volatility) - Advanced memory forensics framework. * [WinDbg](https://msdn.microsoft.com/en-us/windows/hardware/hh852365) - Live memory inspection and kernel debugging for Windows systems. ## Miscellaneous * [REMnux](https://remnux.org/) - Linux distribution and docker images for malware reverse engineering and analysis. # Resources ## Books ## Twitter ## Other * [Malicious Software](https://zeltser.com/malicious-software/) - Malware blog and resources by Lenny Zeltser. * [/r/Malware](https://www.reddit.com/r/Malware) - The malware subreddit. * [/r/ReverseEngineering](https://www.reddit.com/r/ReverseEngineering) - Reverse engineering subreddit, not limited to just malware. # Related Awesome Lists * [Android Security](https://github.com/ashishb/android-security-awesome) * [Pentesting](https://github.com/enaqx/awesome-pentest) * [Security](https://github.com/sbilly/awesome-security) # [Contributing](CONTRIBUTING.md) Pull requests and issues with suggestions are welcome!