Awesome-Mirrors/awesome-malware-analysis

mirror of https://github.com/rshipp/awesome-malware-analysis.git synced 2024-10-01 06:35:40 -04:00

A curated list of awesome malware analysis tools and resources.

analysis-framework automated-analysis awesome awesome-list chinese chinese-translation domain-analysis drop-ice dynamic-analysis list malware-analysis malware-collection malware-research malware-samples network-traffic static-analysis threatintel threat-intelligence threat-sharing

Go to file

rshipp c50ab83268 Add browser malware section		2015-05-09 11:19:48 -06:00
LICENSE	Add CC-BY-4.0 license	2015-05-08 18:16:07 -06:00
README.md	Add browser malware section	2015-05-09 11:19:48 -06:00

README.md

Awesome Malware Analysis

A curated list of awesome malware analysis tools and resources. Inspired by awesome-python and awesome-php.

Awesome Malware Analysis
Resources
- Books
- Twitter
- Other
Related Awesome Lists
Contributing

Malware Collection

Anonymizers

Web traffic anonymizers for analysts.

Anonymouse.org - A free, web based anonymizer.
OpenVPN - VPN software and hosting solutions.
Privoxy - An open source proxy server with some privacy features.
Tor - The Onion Router, for browsing the web without leaving traces of the client IP.

Honeypots

Trap and collect your own samples.

Conpot - ICS/SCADA honeypot.
Dionaea - Honeypot designed to trap malware.
Glastopf - Web application honeypot.
Honeyd - Create a virtual honeynet.
Kippo - Medium interaction SSH honeypot.
Thug - Low interaction honeyclient, for investigating malicious websites.

Malware Corpora

Malware samples collected for analysis.

Clean MX - Realtime database of malware and malicious domains.
Contagio - A collection of recent malware samples and analyses.
Exploit Database - Exploit and shellcode samples.
Zeltser's Sources - A list of malware sample sources put together by Lenny Zeltser.

Detection and Classification

Antivirus and other malware identification tools

AnalyzePE - Wrapper for a variety of tools for reporting on Windows PE files.
ClamAV - Open source antivirus engine.
ExifTool - Read, write and edit file metadata.
hashdeep - Compute digest hashes with a variety of algorithms.
nsrllookup - A tool for looking up hashes in NIST's National Software Reference Library database.
packerid - A cross-platform Python alternative to PEiD.
ssdeep - Compute fuzzy hashes.
TrID - File identifier.
YARA - Pattern matching tool for analysts.

Online Scanners and Sandboxes

Web-based multi-AV scanners, and malware sandboxes for automated analysis.

Cuckoo Sandbox - Open source, self hosted sandbox and automated analysis system.
Jotti - Free online multi-AV scanner.
Malwr - Free analysis with an online Cuckoo Sandbox instance.
VirusTotal - Free online analysis of malware samples and URLs
Zeltser's List - Free automated sandboxes and services, compiled by Lenny Zeltser.

Domain Analysis

Inspect domains and IP addresses.

Dig - Free online dig and other network tools.
IPinfo - Gather information about an IP or domain by searching online resources.
TekDefense Automator - OSINT tool for gatherig information about URLs, IPs, or hashes.
Whois - DomainTools free online whois search.
Zeltser's List - Free online tools for researching malicious websites, compiled by Lenny Zeltser.

Browser Malware

Malicious URLs. See also the domain analysis and documents and shellcode sections.

Documents and Shellcode

Analyze malicious JS and shellcode from PDFs and Office documents.

AnalyzePDF - A tool for analyzing PDFs and attempting to determine whether they are malicious.
diStorm - Disassembler for analyzing malicious shellcode.
JS Beautifier - JavaScript unpacking and deobfuscation.
JSDetox - JavaScript malware analysis tool.
jsunpack-n - A javascript unpacker that emulates browser functionality.
libemu - Library and tools for x86 shellcode emulation.
malpdfobj - Deconstruct malicious PDFs into a JSON representation.
OfficeMalScanner - Scan for malicious traces in MS Office documents.
officeparser - A Python script for parsing the MS Office OLE document format.
Origami PDF - A tool for analyzing malicious PDFs, and more.
PDF Tools - pdfid, pdf-parser, and more from Didier Stevens.
PDF X-Ray Lite - A PDF analysis tool, the backend-free version of PDF X-RAY.
peepdf - Python tool for exploring possibly malicious PDFs.
Spidermonkey - Mozilla's JavaScript engine, for debugging malicious JS.

File Carving

For extracting files from inside disk and memory images.

bulk_extractor - Fast file carving tool.
Foremost - File carving tool designed by the US Air Force.
Hachoir - A collection of Python libraries for dealing with binary files.
Scalpel - Another data carving tool.

Deobfuscation

Reverse XOR and other code obfuscation methods

Debugging and Reverse Engineering

Disassemblers, debuggers, and other static and dynamic analysis tools.

Bokken - GUI for Pyew and Radare.
Evan's Debugger (EDB) - A modular debugger with a Qt GUI.
GDB - The GNU debugger.
IDA Pro - Windows disassembler and debugger, with a free evaluation version.
ltrace - Dynamic analysis for Linux executables.
objdump - Part of GNU binutils, for static analysis of Linux binaries.
OllyDbg - An assembly-level debugger for Windows executables.
Pyew - Python tool for malware analysis.
strace - Dynamic analysis for Linux executables.
Radare2 - Reverse engineering framework, with debugger support.
Udis86 - Disassembler library and tool for x86 and x86_64.
Vivisect - Python tool for malware analysis.

Network

Analyze network interactions.

Memory Forensics

Tools for dissecting malware in memory images or running systems.

FindAES - Find AES encryption keys in memory.
Rekall - Memory analysis framework, forked from Volatility in 2013.
TotalRecall - Script based on Volatility for automating various malware analysis tasks.
Volatility - Advanced memory forensics framework.
WinDbg - Live memory inspection and kernel debugging for Windows systems.

Miscellaneous

REMnux - Linux distribution and docker images for malware reverse engineering and analysis.

Resources

Books

Essential malware analysis reading material.

Malware Analyst's Cookbook and DVD - Tools and Techniques for Fighting Malicious Code.
Practical Malware Analysis - The Hands-On Guide to Dissecting Malicious Software.
The Art of Memory Forensics - Detecting Malware and Threats in Windows, Linux, and Mac Memory.
The IDA Pro Book - The Unofficial Guide to the World's Most Popular Disassembler.

Twitter

Other

Honeynet Project - Honeypot tools, papers, and other resources.
Malicious Software - Malware blog and resources by Lenny Zeltser.
/r/Malware - The malware subreddit.
/r/ReverseEngineering - Reverse engineering subreddit, not limited to just malware.

Contributing

Pull requests and issues with suggestions are welcome!