mirror of
https://github.com/rshipp/awesome-malware-analysis.git
synced 2024-10-01 06:35:40 -04:00
A curated list of awesome malware analysis tools and resources.
analysis-frameworkautomated-analysisawesomeawesome-listchinesechinese-translationdomain-analysisdrop-icedynamic-analysislistmalware-analysismalware-collectionmalware-researchmalware-samplesnetwork-trafficstatic-analysisthreatintelthreat-intelligencethreat-sharing
LICENSE | ||
README.md |
Awesome Malware Analysis
A curated list of awesome malware analysis tools and resources. Inspired by awesome-python and awesome-php.
Malware Collection
Anonymizers
Web traffic anonymizers for analysts.
- Anonymouse.org - A free, web based anonymizer.
- OpenVPN - VPN software and hosting solutions.
- Privoxy - An open source proxy server with some privacy features.
- Tor - The Onion Router, for browsing the web without leaving traces of the client IP.
Honeypots
Trap and collect your own samples.
Malware Corpora
Malware samples collected for analysis.
- Clean MX - Realtime database of malware and malicious domains.
- Contagio - A collection of recent malware samples and analyses.
- Exploit Database - Exploit and shellcode samples.
- Zeltser's Sources - A list of malware sample sources put together by Lenny Zeltser.
Detection and Classification
Antivirus and other malware identification tools
- AnalyzePE - Wrapper for a variety of tools for reporting on Windows PE files.
- ClamAV - Open source antivirus engine.
- YARA - Pattern matching tool for analysts.
Online Scanners and Sandboxes
- Cuckoo Sandbox - Open source, self hosted sandbox and automated analysis system.
- Jotti - Free online multi-AV scanner.
- Malwr - Free analysis with an online Cuckoo Sandbox instance.
- VirusTotal - Free online analysis of malware samples and URLs
- Zeltser's List - Free automated sandboxes and services, compiled by Lenny Zeltser.
Domain Analysis
Inspect domains and IP addresses.
- Dig - Free online dig and other network tools.
- IPinfo - Gather information about an IP or domain by searching online resources.
- Whois - DomainTools free online whois search.
- Zeltser's List - Free online tools for researching malicious websites, compiled by Lenny Zeltser.
Documents and Shellcode
- AnalyzePDF - A tool for analyzing PDFs and attempting to determine whether they are malicious.
- diStorm - Disassembler for analyzing malicious shellcode.
- JSDetox - JavaScript malware analysis tool.
- jsunpack-n - A javascript unpacker that emulates browser functionality.
- libemu - Library and tools for x86 shellcode emulation.
- malpdfobj - Deconstruct malicious PDFs into a JSON representation.
- OfficeMalScanner - Scan for malicious traces in MS Office documents.
- officeparser - A Python script for parsing the MS Office OLE document format.
- PDF Tools - pdfid, pdf-parser, and more from Didier Stevens.
- PDX X-Ray Lite - A PDF analysis tool, the backend-free version of PDF X-RAY.
- Spidermonkey - Mozilla's JavaScript engine, for debugging malicious JS.
Memory Forensics
Tools for dissecting malware in memory images or running systems.
- FindAES - Find AES encryption keys in memory.
- Rekall - Memory analysis framework, forked from Volatility in 2013.
- TotalRecall - Script based on Volatility for automating various malware analysis tasks.
- Volatility - Advanced memory forensics framework.
- WinDbg - Live memory inspection and kernel debugging for Windows systems.
Miscellaneous
- REMnux - Linux distribution and docker images for malware reverse engineering and analysis.
Resources
Books
Other
- Malicious Software - Malware blog and resources by Lenny Zeltser.
- /r/Malware - The malware subreddit.
- /r/ReverseEngineering - Reverse engineering subreddit, not limited to just malware.
Related Awesome Lists
Contributing
Pull requests and issues with suggestions are welcome!