mirror of
https://github.com/rshipp/awesome-malware-analysis.git
synced 2024-10-01 06:35:40 -04:00
A curated list of awesome malware analysis tools and resources.
analysis-frameworkautomated-analysisawesomeawesome-listchinesechinese-translationdomain-analysisdrop-icedynamic-analysislistmalware-analysismalware-collectionmalware-researchmalware-samplesnetwork-trafficstatic-analysisthreatintelthreat-intelligencethreat-sharing
LICENSE | ||
README.md |
Awesome Malware Analysis
A curated list of awesome malware analysis tools and resources. Inspired by awesome-python and awesome-php.
Malware Collection
Anonymizers
Web traffic anonymizers for analysts.
- Anonymouse.org - A free, web based anonymizer.
- OpenVPN - VPN software and hosting solutions.
- Privoxy - An open source proxy server with some privacy features.
- Tor - The Onion Router, for browsing the web without leaving traces of the client IP.
Honeypots
Trap and collect your own samples.
- Conpot - ICS/SCADA honeypot.
- Dionaea - Honeypot designed to trap malware.
- Glastopf - Web application honeypot.
- Honeyd - Create a virtual honeynet.
- Kippo - Medium interaction SSH honeypot.
- Thug - Low interaction honeyclient, for investigating malicious websites.
Malware Corpora
Malware samples collected for analysis.
- Clean MX - Realtime database of malware and malicious domains.
- Contagio - A collection of recent malware samples and analyses.
- Exploit Database - Exploit and shellcode samples.
- Zeltser's Sources - A list of malware sample sources put together by Lenny Zeltser.
Detection and Classification
Antivirus and other malware identification tools
- AnalyzePE - Wrapper for a variety of tools for reporting on Windows PE files.
- ClamAV - Open source antivirus engine.
- ExifTool - Read, write and edit file metadata.
- packerid - A cross-platform Python alternative to PEiD.
- TrID - File identifier.
- YARA - Pattern matching tool for analysts.
Online Scanners and Sandboxes
Web-based multi-AV scanners, and malware sandboxes for automated analysis.
- Cuckoo Sandbox - Open source, self hosted sandbox and automated analysis system.
- Jotti - Free online multi-AV scanner.
- Malwr - Free analysis with an online Cuckoo Sandbox instance.
- VirusTotal - Free online analysis of malware samples and URLs
- Zeltser's List - Free automated sandboxes and services, compiled by Lenny Zeltser.
Domain Analysis
Inspect domains and IP addresses.
- Dig - Free online dig and other network tools.
- IPinfo - Gather information about an IP or domain by searching online resources.
- Whois - DomainTools free online whois search.
- Zeltser's List - Free online tools for researching malicious websites, compiled by Lenny Zeltser.
Documents and Shellcode
Analyze malicious JS and shellcode from PDFs and Office documents.
- AnalyzePDF - A tool for analyzing PDFs and attempting to determine whether they are malicious.
- diStorm - Disassembler for analyzing malicious shellcode.
- JS Beautifier - JavaScript unpacking and deobfuscation.
- JSDetox - JavaScript malware analysis tool.
- jsunpack-n - A javascript unpacker that emulates browser functionality.
- libemu - Library and tools for x86 shellcode emulation.
- malpdfobj - Deconstruct malicious PDFs into a JSON representation.
- OfficeMalScanner - Scan for malicious traces in MS Office documents.
- officeparser - A Python script for parsing the MS Office OLE document format.
- Origami PDF - A tool for analyzing malicious PDFs, and more.
- PDF Tools - pdfid, pdf-parser, and more from Didier Stevens.
- PDF X-Ray Lite - A PDF analysis tool, the backend-free version of PDF X-RAY.
- peepdf - Python tool for exploring possibly malicious PDFs.
- Spidermonkey - Mozilla's JavaScript engine, for debugging malicious JS.
Debugging and Reverse Engineering
Disassemblers, debuggers, and other static and dynamic analysis tools.
- Bokken - GUI for Pyew and Radare.
- IDA Pro - Windows disassembler and debugger, with a free evaluation version.
- Pyew - Python tool for malware analysis.
- Radare2 - Reverse engineering framework, with debugger support.
Memory Forensics
Tools for dissecting malware in memory images or running systems.
- FindAES - Find AES encryption keys in memory.
- Rekall - Memory analysis framework, forked from Volatility in 2013.
- TotalRecall - Script based on Volatility for automating various malware analysis tasks.
- Volatility - Advanced memory forensics framework.
- WinDbg - Live memory inspection and kernel debugging for Windows systems.
Miscellaneous
- REMnux - Linux distribution and docker images for malware reverse engineering and analysis.
Resources
Books
Essential malware analysis reading material.
- Malware Analyst's Cookbook and DVD - Tools and Techniques for Fighting Malicious Code.
- Practical Malware Analysis - The Hands-On Guide to Dissecting Malicious Software.
- The Art of Memory Forensics - Detecting Malware and Threats in Windows, Linux, and Mac Memory.
- The IDA Pro Book - The Unofficial Guide to the World's Most Popular Disassembler.
Other
- Honeynet Project - Honeypot tools, papers, and other resources.
- Malicious Software - Malware blog and resources by Lenny Zeltser.
- /r/Malware - The malware subreddit.
- /r/ReverseEngineering - Reverse engineering subreddit, not limited to just malware.
Related Awesome Lists
Contributing
Pull requests and issues with suggestions are welcome!