Beast code in Giters

threathive's repositories

urlhaus

urlhaus api client

Language:Python5 20

binja-emotet

Language:PythonMIT010

capa

The FLARE team's open-source tool to identify capabilities in executable files.

Language:PythonApache-2.0010

CAPEv2

Malware Configuration And Payload Extraction

Language:PythonNOASSERTION010

dhp

Simple Docker Honeypot server emulating small snippets of the Docker HTTP API

Language:PythonApache-2.0010

ditto

A tool for IDN homograph attacks and detection.

Language:GoNOASSERTION010

dmon

A little app to monitor domains

Language:Python02 9

domain_generation_algorithms

Some results of my DGA reversing efforts

Language:PythonGPL-2.0010

EmerSearch

Search Emercoin NVS records

Language:PythonMIT010

EyeWitness

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

Language:PythonGPL-3.0010

flare-fakenet-ng

FakeNet-NG - Next Generation Dynamic Network Analysis Tool

Apache-2.0000

flare-qdb

Command-line and Python debugger for instrumenting and modifying native software behavior on Windows and Linux.

Language:PythonApache-2.0010

httpreplay

Replay HTTP and HTTPS requests from a PCAP based on TLS Master Secrets.

Language:PythonNOASSERTION010

karton-playground

000

kit_hunter

A basic phishing kit scanner for dedicated and semi-dedicated hosting

Language:PythonGPL-3.0010

loguru

Python logging made (stupidly) simple

Language:PythonMIT010

malwarebazaar

Malware Bazaar Python Client

020

medusa

Binary instrumentation framework based on FRIDA

Language:Python010

miasm

Reverse engineering framework in Python

Language:PythonGPL-2.0010

netinfo

Simple IP enrichment service and API wrapping PyASN and MaxMind GeoIP.

Language:PythonMIT000

passivedns

A network sniffer that logs all DNS server replies for use in a passive DNS setup

Language:C000

peframe

PEframe is a open source tool to perform static analysis on Portable Executable malware and malicious MS Office documents.

Language:YARA010

phishpond

Because phishtank was taken.. explore phishing kits in a contained environment!

Language:PHPBSD-3-Clause-Clear010

PyPDNS

Client API to query any Passive DNS implementation following the Passive DNS - Common Output Format.

Language:PythonNOASSERTION010

sflock

Sample staging & detonation utility to be used in combination with Cuckoo Sandbox.

Language:Python010

socks5man

Socks5man is a Socks5 management tool and Python library

Language:PythonGPL-3.0010

StalkPhish

StalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.

Language:PythonAGPL-3.0000

Tools

Combination of different utilities, have fun!

Language:PythonMIT010

VMwareCloak

A PowerShell script that attempts to help malware analysts hide their VMware Windows VM's from malware that may be trying to evade analysis.

GPL-2.0000

vpnrotator

VPN Rotator

Language:ShellBSD-2-Clause000