malware-analysis

There are 303 repositories under malware-analysis topic.

• x64dbg

  x64dbg / x64dbg

  An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.

  debuggerwindowsx64disassemblerreverse-engineeringsecurityx86x86-64malware-analysissecurity-toolsbinary-analysisctfdynamic-analysisexploit-developmenthackingoscpdebuggingprogram-analysiscybersecurityoffensive-security
  Language:C++ 47165

• radareorg / radare2

  UNIX-like reverse engineering framework and command-line toolset

  binary-analysisccommandlinedisassemblerforensicshacktoberfestmalware-analysisradare2reverse-engineeringsecurity
  Language:C 22556
• Mobile-Security-Framework-MobSF

  MobSF / Mobile-Security-Framework-MobSF

  Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

  static-analysisdynamic-analysismobsfandroid-securitymobile-securitywindows-mobile-securityios-securityapi-testingweb-securitymalware-analysisruntime-securitydevsecopsapkrestcweowaspmstgmasvsmastg
  Language:JavaScript 19749

• rshipp / awesome-malware-analysis

  Defund the Police.

  analysis-frameworkautomated-analysisawesomeawesome-listchinesechinese-translationdomain-analysisdrop-icedynamic-analysislistmalware-analysismalware-collectionmalware-researchmalware-samplesnetwork-trafficstatic-analysisthreat-intelligencethreat-sharingthreatintel
  13142

• ytisf / theZoo

  A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.

  malwaremalware-analysismalware-researchmalware-samplesmalwareanalysisthezoo
  Language:Python 12394
• Detect-It-Easy

  horsicq / Detect-It-Easy

  Program for determining types of files for Windows, Linux and MacOS.

  binary-analysisdebuggerdetectdetectordisassemblerelfentropyhacktoberfesthacktoberfest2023mach-omachomalware-analysismalware-researchpackerpentestprogram-analysisreverse-engineeringscannerstatic-analysisunpacker
  Language:JavaScript 9587
• pwndbg

  pwndbg / pwndbg

  Exploit Development and Reverse Engineering with GDB & LLDB Made Easy

  pythongdbpwndbgreverse-engineeringdebuggingctfgeflinuxdisassemblerida-probinary-ninjacapture-the-flagmalware-analysispwnableexploit-developmenthacking-toollldblow-level
  Language:Python 9564
• Scanners-Box

  We5ter / Scanners-Box

  A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑

  apk-analysisbinary-analysiscode-analyzerdevsecopsexploitation-frameworkhacker-toolsinformation-securitymalware-analysispenetration-testingpentesting-toolsprivacy-complianceredteam-toolssecurity-auditsecurity-automationsmart-contractsstatic-analysisvulnerability-scannerswifi-hackingwifi-security
  8680

• mandiant / flare-vm

  A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

  flaremalware-analysisreverse-engineering
  Language:PowerShell 7966
• gef

  hugsy / gef

  GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux

  pythonexploitgdblinuxreverse-engineeringctfida-probinary-ninjapwnexploit-developmentdebuggingmalware-analysispwntoolspowerpcsparcmipsdiscordgefpython-api
  Language:Python 7847

• bee-san / pyWhat

  🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙‍♀️

  cybersecurityhackingcybersecuritymalwarerepythonpcapmalware-analysismalware-researchtryhackmehacktoberfest
  Language:Python 7077

• MISP / MISP

  MISP (core software) - Open Source Threat Intelligence and Sharing Platform

  mispthreat-sharingthreat-huntingthreatintelmalware-analysisstixinformation-exchangefraud-managementsecuritycticybersecurityfraud-detectionfraud-preventionthreat-analysisinformation-securityinformation-sharingthreat-intelligencethreat-intelligence-platformintelligencethreat-intel
  Language:PHP 5995
• capa

  mandiant / capa

  The FLARE team's open-source tool to identify capabilities in executable files.

  malware-analysisreverse-engineeringbinary-analysisthreat-intelligencegsoc-2025
  Language:Python 5641

• lief-project / LIEF

  LIEF - Library to Instrument Executable Formats (C++, Python, Rust)

  reverse-engineeringmalware-analysisbinary-analysisparsermodificationexecutable-formatselfmachopeliefparsingsdkpythonandroiddexoatartvdexrust
  Language:C++ 5113

• mentebinaria / retoolkit

  Reverse Engineer's Toolkit

  malware-analysisreverse-engineeringwindows
  Language:Inno Setup 5110

• CalebFenton / simplify

  Android virtual machine and deobfuscator

  androidandroid-malwaredalvikdeobfuscationdeobfuscatoremulatorjavamalwaremalware-analysismalware-analyzermalware-researchoptimizationreverse-engineer-apkreverse-engineeringvirtual-machine
  Language:Java 4590

• charles2gan / GDA-android-reversing-Tool

  the fastest and most powerful android decompiler(native tool working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, data decryption, and encryption, etc.

  decompilervulnerability-scannersmalware-analysissecurity-auditmobile-securityprivacy-protection
  Language:Java 4587
• IntelOwl

  intelowlproject / IntelOwl

  IntelOwl: manage your Threat Intelligence at scale

  security-toolspythonthreat-intelligenceiocincident-responsecyber-threat-intelligenceenrichmenthoneynetosintosint-pythonthreatintelmalware-analysismalware-analyzerintel-owlthreat-huntinghacktoberfestcyber-securitycybersecuritythreathuntingdfir
  Language:Python 4342

• InQuest / awesome-yara

  A curated list of awesome YARA rules, tools, and people.

  awesomeawesome-listawesome-yaraiocmalware-analysismalware-detectionmalware-researchmalware-rulesthreat-huntingyarayara-manageryara-rulesyara-scanneryara-signatures
  4063

• a0rtega / pafish

  Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do

  malwarereverse-engineeringvirtual-machinemalware-familiesanalysis-environmentssandboxmalware-analysisrdtscmalware-research
  Language:C 3807
• flare-floss

  mandiant / flare-floss

  FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.

  deobfuscationflaregsoc-2025malwaremalware-analysisstrings
  Language:Python 3766
• APKLab

  APKLab / APKLab

  Android Reverse-Engineering Workbench for VS Code

  apktoolapk-decompilerapk-editorsmalidalviksmalideaapksignerapk-studioandroidjadxreverse-engineeringbytecodemitmmalware-analysisapp-analyzermalware-detectionuber-apk-signerhttps-inspection
  Language:TypeScript 3609
• HyperDbg

  HyperDbg / HyperDbg

  State-of-the-art native debugging tools

  hypervisorhyperdbgdebuggereptwindows-kernelhookkernel-debuggerdebugbinary-analysismalware-analysisreverse-engineeringsecuritysecurity-toolsdebuggingdebugging-toollogic-analyzervirtualizationvirtualization-framework
  Language:C 3512

• hasherezade / pe-sieve

  Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).

  pe-formathookingpe-dumperpe-analyzerlibpeconvprocess-analyzerscansanti-malwarepe-sievemalware-analysismemory-forensics
  Language:C++ 3471

• alexandreborges / malwoverview

  Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest, VxExchange and IPInfo, and it is also able to scan Android devices against VT.

  malwarevirustotalmalpediaurlhausalienvaultmalsharethreathuntingmalwarebazaarthreatfoxcybersecuritymalware-analysisthreat-huntingthreatintelligencetriage
  Language:Python 3457
• BlueTeam-Tools

  A-poc / BlueTeam-Tools

  Tools and Techniques for Blue Team / Incident Response

  blue-teamblueteamcheatsheetincident-responsemalware-analysistoolsvulnerability-managementwikiincidentresourcescyber-securitydefender
  3441

• hasherezade / pe-bear

  Portable Executable reversing tool with a friendly GUI

  pe-filepe-formatpe-analyzerpe-analyzer-guipe-editormultiplatformmalware-analysisbearparser
  Language:C++ 3340

• decalage2 / oletools

  oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.

  compoundforensicsmacrosmalware-analysisms-office-documentsole-filesolefileparserpyparsingpythonpython-libraryrtfsecurityvba
  Language:Python 3216
• Ultimate-RAT-Collection

  Cryakl / Ultimate-RAT-Collection

  For educational purposes only, exhaustive samples of 500+ classic/modern trojan builders including screenshots.

  backdoor-attacksbackdoorsmalwaremalware-analysismalware-databasemalware-datasetmalware-researchmalware-samplemalware-samplesratremote-controltrojantrojan-malware
  3151

• kevoreilly / CAPEv2

  Malware Configuration And Payload Extraction

  configsdebugging-toolsmalwaremalware-analysismalware-researchreverse-engineeringsandboxunpackingcape
  Language:Python 2784
• APKiD

  rednaga / APKiD

  Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android

  androidantivirusmachine-learningmalware-detectionmalware-analysismalware-researchyarayara-forensicspackersandroid-protectionandroid-protect-appsraspappshieldingobfuscation
  Language:YARA 2336

• hasherezade / hollows_hunter

  Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

  anti-malwaremalware-analysismalware-detectionmemory-forensicspe-sieve
  Language:C 2263

• alphaSeclab / awesome-rat

  RAT And C&C Resources. 250+ Open Source Projects, 1200+ RAT/C&C blog/video.

  c2command-and-controlcommand-controlmalware-analysisratrat-analysisrat-malwareremote-access-toolremote-administration-tool
  2129

• mandiant / flare-fakenet-ng

  FakeNet-NG - Next Generation Dynamic Network Analysis Tool

  fakenet-ngtraffic-redirectionmalware-analysismandiant-flaregsoc-2025
  Language:Python 2025

• hasherezade / malware_training_vol1

  Materials for Windows Malware Analysis training (volume 1)

  malware-analysismalware-researchwindows-malware-analysis
  Language:Assembly 2011

• JKornev / hidden

  🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc

  windowssecuritymalware-analysisregistrydriverkernelrootkitrce
  Language:C 1969