malware-analysis

There are 238 repositories under malware-analysis topic.

• x64dbg

  x64dbg / x64dbg

  An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.

  binary-analysiscppctfcybersecuritydebuggerdebuggingdisassemblerdynamic-analysisexploit-developmenthackingmalware-analysisoscpprogram-analysisreverse-engineeringsecuritysecurity-toolswindowsx64x86x86-64
  Language:C++ 43176

• radareorg / radare2

  UNIX-like reverse engineering framework and command-line toolset

  radare2ccommandlinereverse-engineeringforensicssecuritybinary-analysismalware-analysisdisassemblerhacktoberfest
  Language:C 19620
• Mobile-Security-Framework-MobSF

  MobSF / Mobile-Security-Framework-MobSF

  Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

  static-analysisdynamic-analysismobsfandroid-securitymobile-securitywindows-mobile-securityios-securityapi-testingweb-securitymalware-analysisruntime-securitydevsecopsapkrestcweowaspmstgmasvsmastg
  Language:JavaScript 16313

• rshipp / awesome-malware-analysis

  Defund the Police.

  analysis-frameworkautomated-analysisawesomeawesome-listchinesechinese-translationdomain-analysisdrop-icedynamic-analysislistmalware-analysismalware-collectionmalware-researchmalware-samplesnetwork-trafficstatic-analysisthreat-intelligencethreat-sharingthreatintel
  11060

• ytisf / theZoo

  A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.

  malwaremalware-analysismalware-researchmalware-samplesmalwareanalysisthezoo
  Language:Python 10703
• Scanners-Box

  We5ter / Scanners-Box

  A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑

  apk-analysisbinary-analysiscode-analyzerdevsecopsexploitation-frameworkhacker-toolsinformation-securitymalware-analysispenetration-testingpentesting-toolsprivacy-complianceredteam-toolssecurity-auditsecurity-automationsmart-contractsstatic-analysisvulnerability-scannerswifi-hackingwifi-security
  7973
• pwndbg

  pwndbg / pwndbg

  Exploit Development and Reverse Engineering with GDB Made Easy

  binary-ninjacapture-the-flagctfdebuggingdisassemblergdbgdbinitgefhackhacktoberfestida-prolinuxmalware-analysispedapwnablepwndbgpythonreverse-engineering
  Language:Python 6713
• Detect-It-Easy

  horsicq / Detect-It-Easy

  Program for determining types of files for Windows, Linux and MacOS.

  binary-analysisdebuggerdetectdetectordisassemblerelfentropyhacktoberfesthacktoberfest2023mach-omachomalware-analysismalware-researchpackerpentestprogram-analysisreverse-engineeringscannerstatic-analysisunpacker
  Language:JavaScript 6580
• gef

  hugsy / gef

  GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux

  pythonexploitgdblinuxreverse-engineeringctfida-probinary-ninjapwnexploit-developmentdebuggingmalware-analysispwntoolspowerpcsparcmipsdiscordgefpython-api
  Language:Python 6488

• bee-san / pyWhat

  🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙‍♀️

  cybersecurityhackingcybersecuritymalwarerepythonpcapmalware-analysismalware-researchtryhackmehacktoberfest
  Language:Python 6352

• mandiant / flare-vm

  A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

  malware-analysisreverse-engineeringflare
  Language:PowerShell 5855

• MISP / MISP

  MISP (core software) - Open Source Threat Intelligence and Sharing Platform

  mispthreat-sharingthreat-huntingthreatintelmalware-analysisstixinformation-exchangefraud-managementsecuritycticybersecurityfraud-detectionfraud-preventionthreat-analysisinformation-securityinformation-sharingthreat-intelligencethreat-intelligence-platformintelligencethreat-intel
  Language:PHP 4984

• mentebinaria / retoolkit

  Reverse Engineer's Toolkit

  malware-analysisreverse-engineeringwindows
  Language:Inno Setup 4668

• CalebFenton / simplify

  Android virtual machine and deobfuscator

  androidandroid-malwaredalvikdeobfuscationdeobfuscatoremulatorjavamalwaremalware-analysismalware-analyzermalware-researchoptimizationreverse-engineer-apkreverse-engineeringvirtual-machine
  Language:Java 4366

• lief-project / LIEF

  LIEF - Library to Instrument Executable Formats

  androidartbinary-analysisdexelfexecutable-formatsliefmachomalware-analysismodificationoatparserparsingpepythonreverse-engineeringsdkvdex
  Language:C++ 4140

• charles2gan / GDA-android-reversing-Tool

  the fastest and most powerful android decompiler(native tool working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, data decryption, and encryption, etc.

  decompilervulnerability-scannersmalware-analysissecurity-auditmobile-securityprivacy-protection
  Language:Java 3879
• capa

  mandiant / capa

  The FLARE team's open-source tool to identify capabilities in executable files.

  gsoc-2024malware-analysisreverse-engineering
  Language:Python 3852

• InQuest / awesome-yara

  A curated list of awesome YARA rules, tools, and people.

  yara-rulesyara-signaturesyaramalware-rulesmalware-analysismalware-researchmalware-detectionyara-scanneryara-managerthreat-huntingawesomeawesome-yaraawesome-listioc
  3251
• IntelOwl

  intelowlproject / IntelOwl

  IntelOwl: manage your Threat Intelligence at scale

  security-toolspythonthreat-intelligenceiocincident-responsecyber-threat-intelligenceenrichmenthoneynetosintosint-pythonthreatintelmalware-analysismalware-analyzerintel-owlthreat-huntinghacktoberfestcyber-securitycybersecuritythreathuntingdfir
  Language:Python 3108

• a0rtega / pafish

  Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do

  analysis-environmentsmalwaremalware-analysismalware-familiesmalware-researchrdtscreverse-engineeringsandboxvirtual-machine
  Language:C 3080
• flare-floss

  mandiant / flare-floss

  FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.

  deobfuscationflaregsoc-2024malwaremalware-analysisstrings
  Language:Python 3016

• hasherezade / pe-sieve

  Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).

  anti-malwarehookinglibpeconvmalware-analysismemory-forensicspe-analyzerpe-dumperpe-formatpe-sieveprocess-analyzerscans
  Language:C++ 2887

• decalage2 / oletools

  oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.

  pythonpython-libraryolefilemalware-analysisms-office-documentscompoundrtfforensicsole-filessecurityparserpyparsingvbamacros
  Language:Python 2745

• alexandreborges / malwoverview

  Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest and it is able to scan Android devices against VT.

  malwarevirustotalmalpediaurlhausalienvaultmalsharethreathuntingmalwarebazaarthreatfoxcybersecuritymalware-analysisthreat-huntingthreatintelligencetriage
  Language:Python 2722
• HyperDbg

  HyperDbg / HyperDbg

  State-of-the-art native debugging tool

  binary-analysisdebugdebuggerepthookhyperdbghypervisorkernel-debuggermalware-analysisreverse-engineeringsecuritysecurity-toolswindows-kernel
  Language:C 2577

• hasherezade / pe-bear

  Portable Executable reversing tool with a friendly GUI

  bearparsermalware-analysismultiplatformpe-analyzerpe-analyzer-guipe-editorpe-filepe-format
  Language:C++ 2415
• APKLab

  APKLab / APKLab

  Android Reverse-Engineering Workbench for VS Code

  apktoolapk-decompilerapk-editorsmalidalviksmalideaapksignerapk-studioandroidjadxreverse-engineeringbytecodemitmmalware-analysisapp-analyzermalware-detectionuber-apk-signerhttps-inspection
  Language:TypeScript 2388
• BlueTeam-Tools

  A-poc / BlueTeam-Tools

  Tools and Techniques for Blue Team / Incident Response

  blue-teamblueteamcheatsheetincident-responsemalware-analysistoolsvulnerability-managementwikiincidentresourcescyber-securitydefender
  2345
• APKiD

  rednaga / APKiD

  Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android

  androidantivirusmachine-learningmalware-detectionmalware-analysismalware-researchyarayara-forensicspackersandroid-protectionandroid-protect-appsraspappshielding
  Language:YARA 1895

• hasherezade / malware_training_vol1

  Materials for Windows Malware Analysis training (volume 1)

  windows-malware-analysismalware-analysismalware-research
  Language:Assembly 1880

• hasherezade / hollows_hunter

  Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

  pe-sieveanti-malwaremalware-analysismalware-detectionmemory-forensics
  Language:C 1876

• alphaSeclab / awesome-rat

  RAT And C&C Resources. 250+ Open Source Projects, 1200+ RAT/C&C blog/video.

  c2command-and-controlcommand-controlmalware-analysisratrat-analysisrat-malwareremote-access-toolremote-administration-tool
  1719

• mandiant / flare-fakenet-ng

  FakeNet-NG - Next Generation Dynamic Network Analysis Tool

  fakenet-nggsoc-2024malware-analysismandiant-flaretraffic-redirection
  Language:Python 1692

• kevoreilly / CAPEv2

  Malware Configuration And Payload Extraction

  configsdebugging-toolsmalwaremalware-analysismalware-researchreverse-engineeringsandboxunpackingcape
  Language:Python 1667

• maliceio / malice

  VirusTotal Wanna Be - Now with 100% more Hipster

  antiviruscloudcybersecuritydfirdockerelasticsearchgolanginfosecmalicemalwaremalware-analysismalware-researchvirustotal
  Language:Go 1600

• JKornev / hidden

  🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc

  windowssecuritymalware-analysisregistrydriverkernelrootkitrce
  Language:C 1598