awesome-malware-analysis

Malware toolkit

A curated collection of malware analysis tools and resources.

Defund the Police.

GitHub
12k stars
702 watching
3k forks
last commit: over 1 year ago
Linked from 17 awesome lists

analysis-frameworkautomated-analysisawesomeawesome-listchinesechinese-translationdomain-analysisdrop-icedynamic-analysislistmalware-analysismalware-collectionmalware-researchmalware-samplesnetwork-trafficstatic-analysisthreat-intelligencethreat-sharingthreatintel

Screenshot of rshipp/awesome-malware-analysis website

gazafunds.com/

Awesome Malware Analysis / Malware Collection / Anonymizers
Anonymouse.org A free, web based anonymizer
OpenVPN VPN software and hosting solutions
Privoxy An open source proxy server with some privacy features
Tor The Onion Router, for browsing the web without leaving traces of the client IP

Awesome Malware Analysis / Malware Collection / Honeypots
Conpot 1,258 over 1 year ago ICS/SCADA honeypot
Cowrie 5,260 11 months ago SSH honeypot, based on Kippo
DemoHunter 61 over 7 years ago Low interaction Distributed Honeypots
Dionaea 719 over 1 year ago Honeypot designed to trap malware
Glastopf 564 over 1 year ago Web application honeypot
Honeyd Create a virtual honeynet
HoneyDrive Honeypot bundle Linux distro
Honeytrap 1,226 about 2 years ago Opensource system for running, monitoring and managing honeypots
MHN 2,441 12 months ago MHN is a centralized server for management and data collection of honeypots. MHN allows you to deploy sensors quickly and to collect data immediately, viewable from a neat web interface
Mnemosyne 46 over 10 years ago A normalizer for honeypot data; supports Dionaea
Thug 998 11 months ago Low interaction honeyclient, for investigating malicious websites

Awesome Malware Analysis / Malware Collection / Malware Corpora
Clean MX Realtime database of malware and malicious domains
Contagio A collection of recent malware samples and analyses
Exploit Database Exploit and shellcode samples
Infosec - CERT-PA Malware samples collection and analysis
InQuest Labs Evergrowing searchable corpus of malicious Microsoft documents
Javascript Mallware Collection 684 over 1 year ago Collection of almost 40.000 javascript malware samples
Malpedia A resource providing rapid identification and actionable context for malware investigations
Malshare Large repository of malware actively scrapped from malicious sites
Ragpicker 94 over 10 years ago Plugin based malware crawler with pre-analysis and reporting functionalities
theZoo 11,409 over 1 year ago Live malware samples for analysts
Tracker h3x Agregator for malware corpus tracker and malicious download sites
vduddu malware repo Collection of various malware files and source code
VirusBay Community-Based malware repository and social network
ViruSign Malware database that detected by many anti malware programs except ClamAV
VirusShare Malware repository, registration required
VX Vault Active collection of malware samples
Zeltser's Sources A list of malware sample sources put together by Lenny Zeltser
Zeus Source Code 1,428 almost 5 years ago Source for the Zeus trojan leaked in 2011
VX Underground Massive and growing collection of free malware samples

Awesome Malware Analysis / Open Source Threat Intelligence / Tools
AbuseHelper 121 about 6 years ago An open-source framework for receiving and redistributing abuse feeds and threat intel
AlienVault Open Threat Exchange Share and collaborate in developing Threat Intelligence
Combine 657 over 6 years ago Tool to gather Threat Intelligence indicators from publicly available sources
Fileintel 119 almost 5 years ago Pull intelligence per file hash
Hostintel 264 over 4 years ago Pull intelligence per host
IntelMQ - A tool for CERTs for processing incident data using a message queue
IOC Editor - A free editor for XML IOC files
iocextract 513 about 1 year ago Advanced Indicator of Compromise (IOC) extractor, Python library and command-line tool
ioc_writer 201 over 2 years ago Python library for working with OpenIOC objects, from Mandiant
MalPipe 104 almost 7 years ago Malware/IOC ingestion and processing engine, that enriches collected data
Massive Octo Spice 228 almost 8 years ago - Previously known as CIF (Collective Intelligence Framework). Aggregates IOCs from various lists. Curated by the
MISP 5,435 11 months ago Malware Information Sharing Platform curated by
Pulsedive Free, community-driven threat intelligence platform collecting IOCs from open-source feeds
PyIOCe 18 almost 10 years ago A Python OpenIOC editor
RiskIQ Research, connect, tag and share IPs and domains. (Was PassiveTotal.)
threataggregator 80 almost 10 years ago - Aggregates security threats from a number of sources, including some of those listed below in
ThreatConnect TC Open allows you to see and share open source threat data, with support and validation from our free community
ThreatCrowd A search engine for threats, with graphical visualization
ThreatIngestor 836 almost 2 years ago Build automated threat intel pipelines sourcing from Twitter, RSS, GitHub, and more
ThreatTracker 66 over 10 years ago A Python script to monitor and generate alerts based on IOCs indexed by a set of Google Custom Search Engines
TIQ-test 173 about 10 years ago Data visualization and statistical analysis of Threat Intelligence feeds

Awesome Malware Analysis / Open Source Threat Intelligence / Other Resources
Autoshun ( ) - Snort plugin and blocklist
Bambenek Consulting Feeds - OSINT feeds based on malicious DGA algorithms
Fidelis Barncat - Extensive malware config database (must request access)
CI Army ( ) - Network security blocklists
Critical Stack- Free Intel Market Free intel aggregator with deduplication featuring 90+ feeds and over 1.2M indicators
Cybercrime tracker Multiple botnet active tracker
FireEye IOCs 465 almost 7 years ago Indicators of Compromise shared publicly by FireEye
FireHOL IP Lists Analytics for 350+ IP lists with a focus on attacks, malware and abuse. Evolution, Changes History, Country Maps, Age of IPs listed, Retention Policy, Overlaps
HoneyDB Community driven honeypot sensor data collection and aggregation
hpfeeds 213 about 2 years ago Honeypot feed protocol
Infosec - CERT-PA lists ( - - ) - Blocklist service
InQuest REPdb Continuous aggregation of IOCs from a variety of open reputation sources
InQuest IOCdb Continuous aggregation of IOCs from a variety of blogs, Github repos, and Twitter
Internet Storm Center (DShield) Diary and searchable incident database, with a web . ( )
malc0de Searchable incident database
Malware Domain List Search and share malicious URLs
MetaDefender Threat Intelligence Feed - List of the most looked up file hashes from MetaDefender Cloud
OpenIOC Framework for sharing threat intelligence
Proofpoint Threat Intelligence - Rulesets and more. (Formerly Emerging Threats.)
Ransomware overview - A list of ransomware overview with details, detection and prevention
STIX - Structured Threat Information eXpression - Standardized language to represent and share cyber threat information. Related efforts from :

Awesome Malware Analysis / Open Source Threat Intelligence / Other Resources / STIX - Structured Threat Information eXpression
CAPEC - Common Attack Pattern Enumeration and Classification
CybOX - Cyber Observables eXpression
MAEC - Malware Attribute Enumeration and Characterization
TAXII - Trusted Automated eXchange of Indicator Information

Awesome Malware Analysis / Open Source Threat Intelligence / Other Resources
SystemLookup SystemLookup hosts a collection of lists that provide information on the components of legitimate and potentially unwanted programs
ThreatMiner Data mining portal for threat intelligence, with search
threatRECON Search for indicators, up to 1000 free per month
ThreatShare C2 panel tracker
Yara rules 4,215 over 1 year ago Yara rules repository
YETI 1,766 11 months ago Yeti is a platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository
ZeuS Tracker ZeuS blocklists

Awesome Malware Analysis / Detection and Classification
AnalyzePE 204 almost 12 years ago Wrapper for a variety of tools for reporting on Windows PE files
Assemblyline A scalable file triage and malware analysis system integrating the cyber security community's best tools
BinaryAlert 1,415 almost 2 years ago An open source, serverless AWS pipeline that scans and alerts on uploaded files based on a set of YARA rules
capa 4,944 11 months ago Detects capabilities in executable files
chkrootkit Local Linux rootkit detection
ClamAV Open source antivirus engine
Detect It Easy(DiE) 7,800 11 months ago A program for determining types of files
Exeinfo PE Packer, compressor detector, unpack info, internal exe tools
ExifTool Read, write and edit file metadata
File Scanning Framework 290 about 4 years ago - Modular, recursive file scanning solution
fn2yara 1,569 about 1 year ago FN2Yara is a tool to generate Yara signatures for matching functions (code) in an executable program
Generic File Parser 1 about 7 years ago A Single Library Parser to extract meta information,static analysis and detect macros within the files
hashdeep 715 11 months ago Compute digest hashes with a variety of algorithms
HashCheck 1,776 almost 4 years ago Windows shell extension to compute hashes with a variety of algorithms
Loki 3,419 12 months ago Host based scanner for IOCs
Malfunction 192 almost 10 years ago Catalog and compare malware at a function level
Manalyze 1,024 almost 2 years ago Static analyzer for PE executables
MASTIFF 175 over 5 years ago Static analysis framework
MultiScanner 618 about 6 years ago Modular file scanning/analysis framework
Nauz File Detector(NFD) 531 11 months ago Linker/Compiler/Tool detector for Windows, Linux and MacOS
nsrllookup 112 over 4 years ago A tool for looking up hashes in NIST's National Software Reference Library database
packerid 42 over 5 years ago A cross-platform Python alternative to PEiD
PE-bear Reversing tool for PE files
PEframe 612 over 3 years ago PEframe is an open source tool to perform static analysis on Portable Executable malware and malicious MS Office documents
PEV A multiplatform toolkit to work with PE files, providing feature-rich tools for proper analysis of suspicious binaries
PortEx 499 about 1 year ago Java library to analyse PE files with a special focus on malware analysis and PE malformation robustness
Quark-Engine 1,342 11 months ago An Obfuscation-Neglect Android Malware Scoring System
Rootkit Hunter Detect Linux rootkits
ssdeep Compute fuzzy hashes
totalhash.py - Python script for easy searching of the database
TrID File identifier
YARA Pattern matching tool for analysts
Yara rules generator 1,569 over 1 year ago Generate yara rules based on a set of malware samples. Also contains a good strings DB to avoid false positives
Yara Finder 2 about 7 years ago A simple tool to yara match the file against various yara rules to find the indicators of suspicion

Awesome Malware Analysis / Online Scanners and Sandboxes
anlyz.io Online sandbox
any.run Online interactive sandbox
AndroTotal Free online analysis of APKs against multiple mobile antivirus apps
BoomBox 235 over 2 years ago Automatic deployment of Cuckoo Sandbox malware lab using Packer and Vagrant
Cryptam Analyze suspicious office documents
Cuckoo Sandbox Open source, self hosted sandbox and automated analysis system
cuckoo-modified 271 about 6 years ago Modified version of Cuckoo Sandbox released under the GPL. Not merged upstream due to legal concerns by the author
cuckoo-modified-api 22 about 9 years ago A Python API used to control a cuckoo-modified sandbox
DeepViz Multi-format file analyzer with machine-learning classification
detux 261 almost 4 years ago A sandbox developed to do traffic analysis of Linux malwares and capturing IOCs
DRAKVUF 1,074 12 months ago Dynamic malware analysis system
filescan.io Static malware analysis, VBA/Powershell/VBS/JS Emulation
firmware.re Unpacks, scans and analyzes almost any firmware package
HaboMalHunter 734 over 2 years ago An Automated Malware Analysis Tool for Linux ELF Files
Hybrid Analysis Online malware analysis tool, powered by VxSandbox
Intezer Detect, analyze, and categorize malware by identifying code reuse and code similarities
IRMA An asynchronous and customizable analysis platform for suspicious files
Joe Sandbox Deep malware analysis with Joe Sandbox
Jotti Free online multi-AV scanner
Limon 390 over 9 years ago Sandbox for Analyzing Linux Malware
Malheur 369 over 6 years ago Automatic sandboxed analysis of malware behavior
malice.io 1,658 over 2 years ago Massively scalable malware analysis framework
malsub 368 over 1 year ago A Python RESTful API framework for online malware and URL analysis services
Malware config Extract, decode and display online the configuration settings from common malwares
MalwareAnalyser.io Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning
Malwr Free analysis with an online Cuckoo Sandbox instance
MetaDefender Cloud Scan a file, hash, IP, URL or domain address for malware for free
NetworkTotal A service that analyzes pcap files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware using Suricata configured with EmergingThreats Pro
Noriben 1,130 almost 2 years ago Uses Sysinternals Procmon to collect information about malware in a sandboxed environment
PacketTotal PacketTotal is an online engine for analyzing .pcap files, and visualizing the network traffic within
PDF Examiner Analyse suspicious PDF files
ProcDot A graphical malware analysis tool kit
Recomposer 130 about 12 years ago A helper script for safely uploading binaries to sandbox sites
sandboxapi 138 almost 2 years ago Python library for building integrations with several open source and commercial malware sandboxes
SEE 816 about 5 years ago Sandboxed Execution Environment (SEE) is a framework for building test automation in secured Environments
SEKOIA Dropper Analysis Online dropper analysis (Js, VBScript, Microsoft Office, PDF)
VirusTotal Free online analysis of malware samples and URLs
Visualize_Logs 139 almost 3 years ago Open source visualization library and command line tools for logs. (Cuckoo, Procmon, more to come...)
Zeltser's List Free automated sandboxes and services, compiled by Lenny Zeltser

Awesome Malware Analysis / Domain Analysis
AbuseIPDB AbuseIPDB is a project dedicated to helping combat the spread of hackers, spammers, and abusive activity on the internet
badips.com Community based IP blacklist service
boomerang 38 over 8 years ago A tool designed for consistent and safe capture of off network web resources
Cymon Threat intelligence tracker, with IP/domain/hash search
Desenmascara.me One click tool to retrieve as much metadata as possible for a website and to assess its good standing
Dig Free online dig and other network tools
dnstwist 4,949 11 months ago Domain name permutation engine for detecting typo squatting, phishing and corporate espionage
IPinfo 100 almost 12 years ago Gather information about an IP or domain by searching online resources
Machinae 505 over 1 year ago OSINT tool for gathering information about URLs, IPs, or hashes. Similar to Automator
mailchecker 1,646 11 months ago Cross-language temporary email detection library
MaltegoVT 80 almost 10 years ago Maltego transform for the VirusTotal API. Allows domain/IP research, and searching for file hashes and scan reports
Multi rbl Multiple DNS blacklist and forward confirmed reverse DNS lookup over more than 300 RBLs
NormShield Services Free API Services for detecting possible phishing domains, blacklisted ip addresses and breached accounts
PhishStats Phishing Statistics with search for IP, domain and website title
Spyse subdomains, whois, realted domains, DNS, hosts AS, SSL/TLS info,
SecurityTrails Historical and current WHOIS, historical and current DNS records, similar domains, certificate information and other domain and IP related API and tools
SpamCop IP based spam block list
SpamHaus Block list based on domains and IPs
Sucuri SiteCheck Free Website Malware and Security Scanner
Talos Intelligence Search for IP, domain or network owner. (Previously SenderBase.)
TekDefense Automater OSINT tool for gathering information about URLs, IPs, or hashes
URLhaus A project from abuse.ch with the goal of sharing malicious URLs that are being used for malware distribution
URLQuery Free URL Scanner
urlscan.io Free URL Scanner & domain information
Whois DomainTools free online whois search
Zeltser's List Free online tools for researching malicious websites, compiled by Lenny Zeltser
ZScalar Zulu Zulu URL Risk Analyzer

Awesome Malware Analysis / Browser Malware
Bytecode Viewer 14,733 about 1 year ago Combines multiple Java bytecode viewers and decompilers into one tool, including APK/DEX support
Firebug Firefox extension for web development
Java Decompiler Decompile and inspect Java apps
Java IDX Parser 39 over 7 years ago Parses Java IDX cache files
JSDetox JavaScript malware analysis tool
jsunpack-n 163 over 10 years ago A javascript unpacker that emulates browser functionality
Krakatau 2,003 about 1 year ago Java decompiler, assembler, and disassembler
Malzilla Analyze malicious web pages
RABCDAsm 431 over 2 years ago A "Robust ActionScript Bytecode Disassembler."
SWF Investigator - Static and dynamic analysis of SWF applications
swftools Tools for working with Adobe Flash files
xxxswf A Python script for analyzing Flash files

Awesome Malware Analysis / Documents and Shellcode
AnalyzePDF 178 over 11 years ago A tool for analyzing PDFs and attempting to determine whether they are malicious
box-js 622 12 months ago A tool for studying JavaScript malware, featuring JScript/WScript support and ActiveX emulation
diStorm Disassembler for analyzing malicious shellcode
InQuest Deep File Inspection Upload common malware lures for Deep File Inspection and heuristical analysis
JS Beautifier JavaScript unpacking and deobfuscation
libemu Library and tools for x86 shellcode emulation
malpdfobj 53 over 14 years ago Deconstruct malicious PDFs into a JSON representation
OfficeMalScanner Scan for malicious traces in MS Office documents
olevba A script for parsing OLE and OpenXML documents and extracting useful information
Origami PDF A tool for analyzing malicious PDFs, and more
PDF Tools pdfid, pdf-parser, and more from Didier Stevens
PDF X-Ray Lite 35 about 14 years ago A PDF analysis tool, the backend-free version of PDF X-RAY
peepdf Python tool for exploring possibly malicious PDFs
QuickSand QuickSand is a compact C framework to analyze suspected malware documents to identify exploits in streams of different encodings and to locate and extract embedded executables
Spidermonkey - Mozilla's JavaScript engine, for debugging malicious JS

Awesome Malware Analysis / File Carving
bulk_extractor 1,129 11 months ago Fast file carving tool
EVTXtract 191 over 5 years ago Carve Windows Event Log files from raw binary data
Foremost File carving tool designed by the US Air Force
hachoir3 623 over 1 year ago Hachoir is a Python library to view and edit a binary stream field by field
Scalpel 628 over 1 year ago Another data carving tool
SFlock 82 almost 2 years ago Nested archive extraction/unpacking (used in Cuckoo Sandbox)

Awesome Malware Analysis / Deobfuscation
Balbuzard A malware analysis tool for reversing obfuscation (XOR, ROL, etc) and more
de4dot 7,002 about 5 years ago .NET deobfuscator and unpacker
ex_pe_xor & - Two tools from Alexander Hanel for working with single-byte XOR encoded files
FLOSS 3,337 11 months ago The FireEye Labs Obfuscated String Solver uses advanced static analysis techniques to automatically deobfuscate strings from malware binaries
NoMoreXOR 86 over 7 years ago Guess a 256 byte XOR key using frequency analysis
PackerAttacker 270 over 7 years ago A generic hidden code extractor for Windows malware
PyInstaller Extractor 3,033 12 months ago - A Python script to extract the contents of a PyInstaller generated Windows executable file. The contents of the pyz file (usually pyc files) present inside the executable are also extracted and automatically fixed so that a Python bytecode decompiler will recognize it
uncompyle6 3,836 11 months ago A cross-version Python bytecode decompiler. Translates Python bytecode back into equivalent Python source code
un{i}packer 666 about 1 year ago Automatic and platform-independent unpacker for Windows binaries based on emulation
unpacker 118 over 9 years ago Automated malware unpacker for Windows malware based on WinAppDbg
unxor 142 over 5 years ago Guess XOR keys using known-plaintext attacks
VirtualDeobfuscator 133 about 2 years ago - Reverse engineering tool for virtualization wrappers
XORBruteForcer - A Python script for brute forcing single-byte XOR keys
XORSearch & XORStrings - A couple programs from Didier Stevens for finding XORed data
xortool 1,402 over 2 years ago Guess XOR key length, as well as the key itself

Awesome Malware Analysis / Debugging and Reverse Engineering
angr 7,647 11 months ago Platform-agnostic binary analysis framework developed at UCSB's Seclab
bamfdetect Identifies and extracts information from bots and other malware
BAP 2,079 about 1 year ago Multiplatform and open source (MIT) binary analysis framework developed at CMU's Cylab
BARF 1,413 almost 6 years ago Multiplatform, open source Binary Analysis and Reverse engineering Framework
binnavi 2,877 about 5 years ago Binary analysis IDE for reverse engineering based on graph visualization
Binary ninja A reversing engineering platform that is an alternative to IDA
Binwalk 11,530 11 months ago Firmware analysis tool
BluePill 123 almost 4 years ago Framework for executing and debugging evasive malware and protected executables
Capstone 7,674 11 months ago Disassembly framework for binary analysis and reversing, with support for many architectures and bindings in several languages
codebro 44 over 8 years ago Web based code browser using  clang to provide basic code analysis
Cutter GUI for Radare2
DECAF (Dynamic Executable Code Analysis Framework) 808 12 months ago - A binary analysis platform based   on QEMU. DroidScope is now an extension to DECAF
dnSpy 26,802 almost 5 years ago .NET assembly editor, decompiler and debugger
dotPeek Free .NET Decompiler and Assembly Browser
Evan's Debugger (EDB) A modular debugger with a Qt GUI
Fibratus 2,246 11 months ago Tool for exploration and tracing of the Windows kernel
FPort Reports open TCP/IP and UDP ports in a live system and maps them to the owning application
GDB The GNU debugger
GEF 7,088 11 months ago GDB Enhanced Features, for exploiters and reverse engineers
Ghidra 52,492 11 months ago A software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate
hackers-grep 170 over 7 years ago A utility to search for strings in PE executables including imports, exports, and debug symbols
Hopper The macOS and Linux Disassembler
IDA Pro Windows disassembler and debugger, with a free evaluation version
IDR 975 over 2 years ago Interactive Delphi Reconstructor is a decompiler of Delphi executable files and dynamic libraries
Immunity Debugger Debugger for malware analysis and more, with a Python API
ILSpy ILSpy is the open-source .NET assembly browser and decompiler
Kaitai Struct DSL for file formats / network protocols / data structures reverse engineering and dissection, with code generation for C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby
LIEF LIEF provides a cross-platform library to parse, modify and abstract ELF, PE and MachO formats
ltrace Dynamic analysis for Linux executables
mac-a-mal 85 about 7 years ago An automated framework for mac malware hunting
objdump Part of GNU binutils, for static analysis of Linux binaries
OllyDbg An assembly-level debugger for Windows executables
OllyDumpEx Dump memory from (unpacked) malware Windows process and store raw or rebuild PE file. This is a plugin for OllyDbg, Immunity Debugger, IDA Pro, WinDbg, and x64dbg
PANDA 104 almost 9 years ago Platform for Architecture-Neutral Dynamic Analysis
PEDA 5,911 over 1 year ago Python Exploit Development Assistance for GDB, an enhanced display with added commands
pestudio Perform static analysis of Windows executables
Pharos 1,569 about 1 year ago The Pharos binary analysis framework can be used to perform automated static analysis of binaries
plasma 3,050 about 4 years ago Interactive disassembler for x86/ARM/MIPS
PPEE (puppy) A Professional PE file Explorer for reversers, malware researchers and those who want to statically inspect PE files in more detail
Process Explorer - Advanced task manager for Windows
Process Hacker Tool that monitors system resources
Process Monitor - Advanced monitoring tool for Windows programs
PSTools Windows command-line tools that help manage and investigate live systems
Pyew 386 about 6 years ago Python tool for malware analysis
PyREBox 1,656 over 1 year ago Python scriptable reverse engineering sandbox by the Talos team at Cisco
Qiling Framework Cross platform emulation and sanboxing framework with instruments for binary analysis
QKD 50 about 4 years ago QEMU with embedded WinDbg server for stealth debugging
Radare2 Reverse engineering framework, with debugger support
RegShot Registry compare utility that compares snapshots
RetDec Retargetable machine-code decompiler with an and that you can use in your tools
ROPMEMU 285 over 9 years ago A framework to analyze, dissect and decompile complex code-reuse attacks
Scylla Imports Reconstructor 1,124 over 2 years ago Find and fix the IAT of an unpacked / dumped PE32 malware
ScyllaHide 3,509 over 1 year ago An Anti-Anti-Debug library and plugin for OllyDbg, x64dbg, IDA Pro, and TitanEngine
SMRT 66 about 1 year ago Sublime Malware Research Tool, a plugin for Sublime 3 to aid with malware analyis
strace Dynamic analysis for Linux executables
StringSifter 688 over 1 year ago A machine learning tool that automatically ranks strings based on their relevance for malware analysis
Triton A dynamic binary analysis (DBA) framework
Udis86 1,028 over 2 years ago Disassembler library and tool for x86 and x86_64
Vivisect 944 11 months ago Python tool for malware analysis
WinDbg multipurpose debugger for the Microsoft Windows computer operating system, used to debug user mode applications, device drivers, and the kernel-mode memory dumps
X64dbg An open-source x64/x32 debugger for windows

Awesome Malware Analysis / Network
Bro Protocol analyzer that operates at incredible scale; both file and network protocols
BroYara 33 almost 11 years ago Use Yara rules from Bro
CapTipper 714 over 2 years ago Malicious HTTP traffic explorer
chopshop 489 almost 3 years ago Protocol analysis and decoding framework
CloudShark Web-based tool for packet analysis and malware traffic detection
FakeNet-NG 1,824 12 months ago Next generation dynamic network analysis tool
Fiddler Intercepting web proxy designed for "web debugging."
Hale 188 over 3 years ago Botnet C&C monitor
Haka An open source security oriented language for describing protocols and applying security policies on (live) captured traffic
HTTPReplay 95 almost 4 years ago Library for parsing and reading out PCAP files, including TLS streams using TLS Master Secrets (used in Cuckoo Sandbox)
INetSim Network service emulation, useful when building a malware lab
Laika BOSS 743 11 months ago Laika BOSS is a file-centric malware analysis and intrusion detection system
Malcolm 368 12 months ago Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files) and Zeek logs
Malcom 1,158 almost 8 years ago Malware Communications Analyzer
Maltrail 6,642 11 months ago A malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails and featuring an reporting and analysis interface
mitmproxy Intercept network traffic on the fly
Moloch 6,418 11 months ago IPv4 traffic capturing, indexing and database system
NetworkMiner Network forensic analysis tool, with a free version
ngrep 907 11 months ago Search through network traffic like grep
PcapViz 346 over 2 years ago Network topology and traffic visualizer
Python ICAP Yara 57 about 4 years ago An ICAP Server with yara scanner for URL or content
Squidmagic 78 over 7 years ago squidmagic is a tool designed to analyze a web-based network traffic to detect central command and control (C&C) servers and malicious sites, using Squid proxy server and Spamhaus
Tcpdump Collect network traffic
tcpick Trach and reassemble TCP streams from network traffic
tcpxtract Extract files from network traffic
Wireshark The network traffic analysis tool

Awesome Malware Analysis / Memory Forensics
BlackLight Windows/MacOS forensics client supporting hiberfil, pagefile, raw memory analysis
DAMM 211 over 8 years ago Differential Analysis of Malware in Memory, built on Volatility
evolve 259 almost 8 years ago Web interface for the Volatility Memory Forensics Framework
FindAES Find AES encryption keys in memory
inVtero.net 281 about 2 years ago High speed memory analysis framework developed in .NET supports all Windows x64, includes code integrity and write support
Muninn 52 about 8 years ago A script to automate portions of analysis using Volatility, and create a readable report. - Orochi is an open source framework for collaborative forensic memory dump analysis
Rekall Memory analysis framework, forked from Volatility in 2013
TotalRecall 49 over 8 years ago Script based on Volatility for automating various malware analysis tasks
VolDiff 194 about 8 years ago Run Volatility on memory images before and after malware execution, and report changes
Volatility 7,412 over 2 years ago Advanced memory forensics framework
VolUtility 381 12 months ago Web Interface for Volatility Memory Analysis framework
WDBGARK 618 over 5 years ago - WinDBG Anti-RootKit Extension
WinDbg - Live memory inspection and kernel debugging for Windows systems

Awesome Malware Analysis / Windows Artifacts
AChoir 184 over 3 years ago A live incident response script for gathering Windows artifacts
python-evt 49 over 2 years ago Python library for parsing Windows Event Logs
python-registry Python library for parsing registry files
RegRipper ( ) - Plugin-based registry analysis tool

Awesome Malware Analysis / Storage and Workflow
Aleph 158 over 4 years ago Open Source Malware Analysis Pipeline System
CRITs Collaborative Research Into Threats, a malware and threat repository
FAME A malware analysis framework featuring a pipeline that can be extended with custom modules, which can be chained and interact with each other to perform end-to-end analysis
Malwarehouse 134 over 12 years ago Store, tag, and search malware
Polichombr 376 almost 7 years ago A malware analysis platform designed to help analysts to reverse malwares collaboratively
stoQ Distributed content analysis framework with extensive plugin support, from input to output, and everything in between
Viper A binary management and analysis framework for analysts and researchers

Awesome Malware Analysis / Miscellaneous
al-khaser 5,990 about 1 year ago A PoC malware with good intentions that aimes to stress anti-malware systems
CryptoKnight 39 over 5 years ago Automated cryptographic algorithm reverse engineering and classification framework
DC3-MWCP 305 over 1 year ago - The Defense Cyber Crime Center's Malware Configuration Parser framework
FLARE VM 6,686 11 months ago A fully customizable, Windows-based, security distribution for malware analysis
MalSploitBase 537 about 6 years ago A database containing exploits used by malware
Malware Museum Collection of malware programs that were distributed in the 1980s and 1990s
Malware Organiser 1 about 7 years ago A simple tool to organise large malicious/benign files into a organised Structure
Pafish 3,443 over 1 year ago Paranoid Fish, a demonstration tool that employs several techniques to detect sandboxes and analysis environments in the same way as malware families do
REMnux Linux distribution and docker images for malware reverse engineering and analysis
Tsurugi Linux Linux distribution designed to support your DFIR investigations, malware analysis and OSINT (Open Source INTelligence) activities
Santoku Linux Linux distribution for mobile forensics, malware analysis, and security

Resources / Books
Learning Malware Analysis Learning Malware Analysis: Explore the concepts, tools, and techniques to analuze and investigate Windows malware
Malware Analyst's Cookbook and DVD - Tools and Techniques for Fighting Malicious Code
Mastering Malware Analysis Mastering Malware Analysis: The complete malware analyst's guide to combating malicious software, APT, cybercime, and IoT attacks
Mastering Reverse Engineering Mastering Reverse Engineering: Re-engineer your ethical hacking skills
Practical Malware Analysis The Hands-On Guide to Dissecting Malicious Software
Practical Reverse Engineering - Intermediate Reverse Engineering
Real Digital Forensics Computer Security and Incident Response
Rootkits and Bootkits Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats
The Art of Memory Forensics Detecting Malware and Threats in Windows, Linux, and Mac Memory
The IDA Pro Book The Unofficial Guide to the World's Most Popular Disassembler
The Rootkit Arsenal The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System

Resources / Other
APT Notes 1,665 over 1 year ago A collection of papers and notes related to Advanced Persistent Threats
Ember 962 12 months ago Endgame Malware BEnchmark for Research, a repository that makes it easy to (re)create a machine learning model that can be used to predict a score for a PE file based on static analysis
File Formats posters 10,579 over 1 year ago Nice visualization of commonly used file format (including PE & ELF)
Honeynet Project Honeypot tools, papers, and other resources
Kernel Mode An active community devoted to malware analysis and kernel development
Malicious Software Malware blog and resources by Lenny Zeltser
Malware Analysis Search - Custom Google search engine from
Malware Analysis Tutorials - The Malware Analysis Tutorials by Dr. Xiang Fu, a great resource for learning practical malware analysis
Malware Analysis, Threat Intelligence and Reverse Engineering - Presentation introducing the concepts of malware analysis, threat intelligence and reverse engineering. Experience or prior knowledge is not required. Labs link in description
Malware Persistence 165 11 months ago Collection of various information focused on malware persistence: detection (techniques), response, pitfalls and the log collection (tools)
Malware Samples and Traffic This blog focuses on network traffic related to malware infections
Malware Search+++ Firefox extension allows you to easily search some of the most popular malware databases
Practical Malware Analysis Starter Kit - This package contains most of the software referenced in the Practical Malware Analysis book
RPISEC Malware Analysis 3,776 about 3 years ago These are the course materials used in the Malware Analysis course at at Rensselaer Polytechnic Institute during Fall 2015
WindowsIR: Malware Harlan Carvey's page on Malware
Windows Registry specification 331 about 7 years ago - Windows registry file format specification
/r/csirt_tools Subreddit for CSIRT tools and resources, with a flair
/r/Malware The malware subreddit
/r/ReverseEngineering - Reverse engineering subreddit, not limited to just malware
Android Security 8,270 11 months ago
AppSec 6,372 over 1 year ago
CTFs 9,929 over 1 year ago
Executable Packing 1,228 11 months ago
Forensics 4,030 11 months ago
"Hacking" 13,321 over 1 year ago
Honeypots 8,732 about 1 year ago
Industrial Control System Security 1,655 about 2 years ago
Incident-Response 7,728 over 1 year ago
Infosec 5,221 over 1 year ago
PCAP Tools 3,143 over 1 year ago
Pentesting 22,116 11 months ago
Security 12,563 over 1 year ago
Threat Intelligence 8,211 about 1 year ago
YARA 3,598 12 months ago

Backlinks from these awesome lists:

More related projects: