awesome-malware-analysis

Defund the Police.

GitHub

12k stars
701 watching
3k forks
last commit: 4 months ago
Linked from 17 awesome lists

analysis-frameworkautomated-analysisawesomeawesome-listchinesechinese-translationdomain-analysisdrop-icedynamic-analysislistmalware-analysismalware-collectionmalware-researchmalware-samplesnetwork-trafficstatic-analysisthreat-intelligencethreat-sharingthreatintel

Awesome Malware Analysis / Malware Collection / Anonymizers

Anonymouse.org A free, web based anonymizer
OpenVPN VPN software and hosting solutions
Privoxy An open source proxy server with some privacy features
Tor The Onion Router, for browsing the web without leaving traces of the client IP

Awesome Malware Analysis / Malware Collection / Honeypots

Conpot 1,233 7 months ago ICS/SCADA honeypot
Cowrie 5,138 3 days ago SSH honeypot, based on Kippo
DemoHunter 59 over 6 years ago Low interaction Distributed Honeypots
Dionaea 702 2 months ago Honeypot designed to trap malware
Glastopf 556 3 months ago Web application honeypot
Honeyd Create a virtual honeynet
HoneyDrive Honeypot bundle Linux distro
Honeytrap 1,222 about 1 year ago Opensource system for running, monitoring and managing honeypots
MHN 2,430 5 months ago MHN is a centralized server for management and data collection of honeypots. MHN allows you to deploy sensors quickly and to collect data immediately, viewable from a neat web interface
Mnemosyne 45 over 9 years ago A normalizer for honeypot data; supports Dionaea
Thug 984 16 days ago Low interaction honeyclient, for investigating malicious websites

Awesome Malware Analysis / Malware Collection / Malware Corpora

Clean MX Realtime database of malware and malicious domains
Contagio A collection of recent malware samples and analyses
Exploit Database Exploit and shellcode samples
Infosec - CERT-PA Malware samples collection and analysis
InQuest Labs Evergrowing searchable corpus of malicious Microsoft documents
Javascript Mallware Collection 672 3 months ago Collection of almost 40.000 javascript malware samples
Malpedia A resource providing rapid identification and actionable context for malware investigations
Malshare Large repository of malware actively scrapped from malicious sites
Ragpicker 93 about 9 years ago Plugin based malware crawler with pre-analysis and reporting functionalities
theZoo 11,186 5 months ago Live malware samples for analysts
Tracker h3x Agregator for malware corpus tracker and malicious download sites
vduddu malware repo Collection of various malware files and source code
VirusBay Community-Based malware repository and social network
ViruSign Malware database that detected by many anti malware programs except ClamAV
VirusShare Malware repository, registration required
VX Vault Active collection of malware samples
Zeltser's Sources A list of malware sample sources put together by Lenny Zeltser
Zeus Source Code 1,407 almost 4 years ago Source for the Zeus trojan leaked in 2011
VX Underground Massive and growing collection of free malware samples

Awesome Malware Analysis / Open Source Threat Intelligence / Tools

AbuseHelper 117 about 5 years ago An open-source framework for receiving and redistributing abuse feeds and threat intel
AlienVault Open Threat Exchange Share and collaborate in developing Threat Intelligence
Combine 654 over 5 years ago Tool to gather Threat Intelligence indicators from publicly available sources
Fileintel 118 almost 4 years ago Pull intelligence per file hash
Hostintel 262 over 3 years ago Pull intelligence per host
IntelMQ - A tool for CERTs for processing incident data using a message queue
IOC Editor - A free editor for XML IOC files
iocextract 500 about 2 months ago Advanced Indicator of Compromise (IOC) extractor, Python library and command-line tool
ioc_writer 200 over 1 year ago Python library for working with OpenIOC objects, from Mandiant
MalPipe 103 almost 6 years ago Malware/IOC ingestion and processing engine, that enriches collected data
Massive Octo Spice 227 over 6 years ago - Previously known as CIF (Collective Intelligence Framework). Aggregates IOCs from various lists. Curated by the
MISP 5,309 1 day ago Malware Information Sharing Platform curated by
Pulsedive Free, community-driven threat intelligence platform collecting IOCs from open-source feeds
PyIOCe 17 almost 9 years ago A Python OpenIOC editor
RiskIQ Research, connect, tag and share IPs and domains. (Was PassiveTotal.)
threataggregator 79 over 8 years ago - Aggregates security threats from a number of sources, including some of those listed below in
ThreatConnect TC Open allows you to see and share open source threat data, with support and validation from our free community
ThreatCrowd A search engine for threats, with graphical visualization
ThreatIngestor 823 8 months ago Build automated threat intel pipelines sourcing from Twitter, RSS, GitHub, and more
ThreatTracker 66 over 9 years ago A Python script to monitor and generate alerts based on IOCs indexed by a set of Google Custom Search Engines
TIQ-test 169 almost 9 years ago Data visualization and statistical analysis of Threat Intelligence feeds

Awesome Malware Analysis / Open Source Threat Intelligence / Other Resources

Autoshun ( ) - Snort plugin and blocklist
Bambenek Consulting Feeds - OSINT feeds based on malicious DGA algorithms
Fidelis Barncat - Extensive malware config database (must request access)
CI Army ( ) - Network security blocklists
Critical Stack- Free Intel Market Free intel aggregator with deduplication featuring 90+ feeds and over 1.2M indicators
Cybercrime tracker Multiple botnet active tracker
FireEye IOCs 463 over 5 years ago Indicators of Compromise shared publicly by FireEye
FireHOL IP Lists Analytics for 350+ IP lists with a focus on attacks, malware and abuse. Evolution, Changes History, Country Maps, Age of IPs listed, Retention Policy, Overlaps
HoneyDB Community driven honeypot sensor data collection and aggregation
hpfeeds 212 12 months ago Honeypot feed protocol
Infosec - CERT-PA lists ( - - ) - Blocklist service
InQuest REPdb Continuous aggregation of IOCs from a variety of open reputation sources
InQuest IOCdb Continuous aggregation of IOCs from a variety of blogs, Github repos, and Twitter
Internet Storm Center (DShield) Diary and searchable incident database, with a web . ( )
malc0de Searchable incident database
Malware Domain List Search and share malicious URLs
MetaDefender Threat Intelligence Feed - List of the most looked up file hashes from MetaDefender Cloud
OpenIOC Framework for sharing threat intelligence
Proofpoint Threat Intelligence - Rulesets and more. (Formerly Emerging Threats.)
Ransomware overview - A list of ransomware overview with details, detection and prevention
STIX - Structured Threat Information eXpression - Standardized language to represent and share cyber threat information. Related efforts from :

Awesome Malware Analysis / Open Source Threat Intelligence / Other Resources / STIX - Structured Threat Information eXpression

CAPEC - Common Attack Pattern Enumeration and Classification
CybOX - Cyber Observables eXpression
MAEC - Malware Attribute Enumeration and Characterization
TAXII - Trusted Automated eXchange of Indicator Information

Awesome Malware Analysis / Open Source Threat Intelligence / Other Resources

SystemLookup SystemLookup hosts a collection of lists that provide information on the components of legitimate and potentially unwanted programs
ThreatMiner Data mining portal for threat intelligence, with search
threatRECON Search for indicators, up to 1000 free per month
ThreatShare C2 panel tracker
Yara rules 4,146 6 months ago Yara rules repository
YETI 1,724 1 day ago Yeti is a platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository
ZeuS Tracker ZeuS blocklists

Awesome Malware Analysis / Detection and Classification

AnalyzePE 202 over 10 years ago Wrapper for a variety of tools for reporting on Windows PE files
Assemblyline A scalable file triage and malware analysis system integrating the cyber security community's best tools
BinaryAlert 1,405 10 months ago An open source, serverless AWS pipeline that scans and alerts on uploaded files based on a set of YARA rules
capa 4,127 12 days ago Detects capabilities in executable files
chkrootkit Local Linux rootkit detection
ClamAV Open source antivirus engine
Detect It Easy(DiE) 7,379 4 days ago A program for determining types of files
Exeinfo PE Packer, compressor detector, unpack info, internal exe tools
ExifTool Read, write and edit file metadata
File Scanning Framework 287 about 3 years ago - Modular, recursive file scanning solution
fn2yara 1,543 about 1 month ago FN2Yara is a tool to generate Yara signatures for matching functions (code) in an executable program
Generic File Parser 1 about 6 years ago A Single Library Parser to extract meta information,static analysis and detect macros within the files
hashdeep 703 2 months ago Compute digest hashes with a variety of algorithms
HashCheck 1,752 almost 3 years ago Windows shell extension to compute hashes with a variety of algorithms
Loki 3,364 7 months ago Host based scanner for IOCs
Malfunction 191 almost 9 years ago Catalog and compare malware at a function level
Manalyze 1,011 9 months ago Static analyzer for PE executables
MASTIFF 175 over 4 years ago Static analysis framework
MultiScanner 617 about 5 years ago Modular file scanning/analysis framework
Nauz File Detector(NFD) 523 1 day ago Linker/Compiler/Tool detector for Windows, Linux and MacOS
nsrllookup 111 over 3 years ago A tool for looking up hashes in NIST's National Software Reference Library database
packerid 42 over 4 years ago A cross-platform Python alternative to PEiD
PE-bear Reversing tool for PE files
PEframe 606 about 2 years ago PEframe is an open source tool to perform static analysis on Portable Executable malware and malicious MS Office documents
PEV A multiplatform toolkit to work with PE files, providing feature-rich tools for proper analysis of suspicious binaries
PortEx 496 21 days ago Java library to analyse PE files with a special focus on malware analysis and PE malformation robustness
Quark-Engine 1,306 1 day ago An Obfuscation-Neglect Android Malware Scoring System
Rootkit Hunter Detect Linux rootkits
ssdeep Compute fuzzy hashes
totalhash.py - Python script for easy searching of the database
TrID File identifier
YARA Pattern matching tool for analysts
Yara rules generator 1,543 4 months ago Generate yara rules based on a set of malware samples. Also contains a good strings DB to avoid false positives
Yara Finder 1 about 6 years ago A simple tool to yara match the file against various yara rules to find the indicators of suspicion

Awesome Malware Analysis / Online Scanners and Sandboxes

anlyz.io Online sandbox
any.run Online interactive sandbox
AndroTotal Free online analysis of APKs against multiple mobile antivirus apps
BoomBox 233 over 1 year ago Automatic deployment of Cuckoo Sandbox malware lab using Packer and Vagrant
Cryptam Analyze suspicious office documents
Cuckoo Sandbox Open source, self hosted sandbox and automated analysis system
cuckoo-modified 270 about 5 years ago Modified version of Cuckoo Sandbox released under the GPL. Not merged upstream due to legal concerns by the author
cuckoo-modified-api 21 almost 8 years ago A Python API used to control a cuckoo-modified sandbox
DeepViz Multi-format file analyzer with machine-learning classification
detux 260 almost 3 years ago A sandbox developed to do traffic analysis of Linux malwares and capturing IOCs
DRAKVUF 1,055 12 days ago Dynamic malware analysis system
filescan.io Static malware analysis, VBA/Powershell/VBS/JS Emulation
firmware.re Unpacks, scans and analyzes almost any firmware package
HaboMalHunter 730 over 1 year ago An Automated Malware Analysis Tool for Linux ELF Files
Hybrid Analysis Online malware analysis tool, powered by VxSandbox
Intezer Detect, analyze, and categorize malware by identifying code reuse and code similarities
IRMA An asynchronous and customizable analysis platform for suspicious files
Joe Sandbox Deep malware analysis with Joe Sandbox
Jotti Free online multi-AV scanner
Limon 389 over 8 years ago Sandbox for Analyzing Linux Malware
Malheur 368 over 5 years ago Automatic sandboxed analysis of malware behavior
malice.io 1,646 over 1 year ago Massively scalable malware analysis framework
malsub 367 5 months ago A Python RESTful API framework for online malware and URL analysis services
Malware config Extract, decode and display online the configuration settings from common malwares
MalwareAnalyser.io Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning
Malwr Free analysis with an online Cuckoo Sandbox instance
MetaDefender Cloud Scan a file, hash, IP, URL or domain address for malware for free
NetworkTotal A service that analyzes pcap files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware using Suricata configured with EmergingThreats Pro
Noriben 1,111 11 months ago Uses Sysinternals Procmon to collect information about malware in a sandboxed environment
PacketTotal PacketTotal is an online engine for analyzing .pcap files, and visualizing the network traffic within
PDF Examiner Analyse suspicious PDF files
ProcDot A graphical malware analysis tool kit
Recomposer 130 almost 11 years ago A helper script for safely uploading binaries to sandbox sites
sandboxapi 137 8 months ago Python library for building integrations with several open source and commercial malware sandboxes
SEE 812 about 4 years ago Sandboxed Execution Environment (SEE) is a framework for building test automation in secured Environments
SEKOIA Dropper Analysis Online dropper analysis (Js, VBScript, Microsoft Office, PDF)
VirusTotal Free online analysis of malware samples and URLs
Visualize_Logs 137 almost 2 years ago Open source visualization library and command line tools for logs. (Cuckoo, Procmon, more to come...)
Zeltser's List Free automated sandboxes and services, compiled by Lenny Zeltser

Awesome Malware Analysis / Domain Analysis

AbuseIPDB AbuseIPDB is a project dedicated to helping combat the spread of hackers, spammers, and abusive activity on the internet
badips.com Community based IP blacklist service
boomerang 37 over 7 years ago A tool designed for consistent and safe capture of off network web resources
Cymon Threat intelligence tracker, with IP/domain/hash search
Desenmascara.me One click tool to retrieve as much metadata as possible for a website and to assess its good standing
Dig Free online dig and other network tools
dnstwist 4,859 14 days ago Domain name permutation engine for detecting typo squatting, phishing and corporate espionage
IPinfo 97 over 10 years ago Gather information about an IP or domain by searching online resources
Machinae 503 5 months ago OSINT tool for gathering information about URLs, IPs, or hashes. Similar to Automator
mailchecker 1,613 5 days ago Cross-language temporary email detection library
MaltegoVT 79 almost 9 years ago Maltego transform for the VirusTotal API. Allows domain/IP research, and searching for file hashes and scan reports
Multi rbl Multiple DNS blacklist and forward confirmed reverse DNS lookup over more than 300 RBLs
NormShield Services Free API Services for detecting possible phishing domains, blacklisted ip addresses and breached accounts
PhishStats Phishing Statistics with search for IP, domain and website title
Spyse subdomains, whois, realted domains, DNS, hosts AS, SSL/TLS info,
SecurityTrails Historical and current WHOIS, historical and current DNS records, similar domains, certificate information and other domain and IP related API and tools
SpamCop IP based spam block list
SpamHaus Block list based on domains and IPs
Sucuri SiteCheck Free Website Malware and Security Scanner
Talos Intelligence Search for IP, domain or network owner. (Previously SenderBase.)
TekDefense Automater OSINT tool for gathering information about URLs, IPs, or hashes
URLhaus A project from abuse.ch with the goal of sharing malicious URLs that are being used for malware distribution
URLQuery Free URL Scanner
urlscan.io Free URL Scanner & domain information
Whois DomainTools free online whois search
Zeltser's List Free online tools for researching malicious websites, compiled by Lenny Zeltser
ZScalar Zulu Zulu URL Risk Analyzer

Awesome Malware Analysis / Browser Malware

Bytecode Viewer 14,626 13 days ago Combines multiple Java bytecode viewers and decompilers into one tool, including APK/DEX support
Firebug Firefox extension for web development
Java Decompiler Decompile and inspect Java apps
Java IDX Parser 39 over 6 years ago Parses Java IDX cache files
JSDetox JavaScript malware analysis tool
jsunpack-n 161 over 9 years ago A javascript unpacker that emulates browser functionality
Krakatau 1,974 6 months ago Java decompiler, assembler, and disassembler
Malzilla Analyze malicious web pages
RABCDAsm 431 over 1 year ago A "Robust ActionScript Bytecode Disassembler."
SWF Investigator - Static and dynamic analysis of SWF applications
swftools Tools for working with Adobe Flash files
xxxswf A Python script for analyzing Flash files

Awesome Malware Analysis / Documents and Shellcode

AnalyzePDF 176 over 10 years ago A tool for analyzing PDFs and attempting to determine whether they are malicious
box-js 614 about 2 months ago A tool for studying JavaScript malware, featuring JScript/WScript support and ActiveX emulation
diStorm Disassembler for analyzing malicious shellcode
InQuest Deep File Inspection Upload common malware lures for Deep File Inspection and heuristical analysis
JS Beautifier JavaScript unpacking and deobfuscation
libemu Library and tools for x86 shellcode emulation
malpdfobj 52 over 13 years ago Deconstruct malicious PDFs into a JSON representation
OfficeMalScanner Scan for malicious traces in MS Office documents
olevba A script for parsing OLE and OpenXML documents and extracting useful information
Origami PDF A tool for analyzing malicious PDFs, and more
PDF Tools pdfid, pdf-parser, and more from Didier Stevens
PDF X-Ray Lite 35 almost 13 years ago A PDF analysis tool, the backend-free version of PDF X-RAY
peepdf Python tool for exploring possibly malicious PDFs
QuickSand QuickSand is a compact C framework to analyze suspected malware documents to identify exploits in streams of different encodings and to locate and extract embedded executables
Spidermonkey - Mozilla's JavaScript engine, for debugging malicious JS

Awesome Malware Analysis / File Carving

bulk_extractor 1,090 6 months ago Fast file carving tool
EVTXtract 184 over 4 years ago Carve Windows Event Log files from raw binary data
Foremost File carving tool designed by the US Air Force
hachoir3 612 3 months ago Hachoir is a Python library to view and edit a binary stream field by field
Scalpel 625 7 months ago Another data carving tool
SFlock 83 10 months ago Nested archive extraction/unpacking (used in Cuckoo Sandbox)

Awesome Malware Analysis / Deobfuscation

Balbuzard A malware analysis tool for reversing obfuscation (XOR, ROL, etc) and more
de4dot 6,912 about 4 years ago .NET deobfuscator and unpacker
ex_pe_xor & - Two tools from Alexander Hanel for working with single-byte XOR encoded files
FLOSS 3,207 4 days ago The FireEye Labs Obfuscated String Solver uses advanced static analysis techniques to automatically deobfuscate strings from malware binaries
NoMoreXOR 84 over 6 years ago Guess a 256 byte XOR key using frequency analysis
PackerAttacker 266 over 6 years ago A generic hidden code extractor for Windows malware
PyInstaller Extractor 2,867 3 months ago - A Python script to extract the contents of a PyInstaller generated Windows executable file. The contents of the pyz file (usually pyc files) present inside the executable are also extracted and automatically fixed so that a Python bytecode decompiler will recognize it
uncompyle6 3,759 5 days ago A cross-version Python bytecode decompiler. Translates Python bytecode back into equivalent Python source code
un{i}packer 649 15 days ago Automatic and platform-independent unpacker for Windows binaries based on emulation
unpacker 117 over 8 years ago Automated malware unpacker for Windows malware based on WinAppDbg
unxor 141 over 4 years ago Guess XOR keys using known-plaintext attacks
VirtualDeobfuscator 133 about 1 year ago - Reverse engineering tool for virtualization wrappers
XORBruteForcer - A Python script for brute forcing single-byte XOR keys
XORSearch & XORStrings - A couple programs from Didier Stevens for finding XORed data
xortool 1,382 over 1 year ago Guess XOR key length, as well as the key itself

Awesome Malware Analysis / Debugging and Reverse Engineering

angr 7,508 9 days ago Platform-agnostic binary analysis framework developed at UCSB's Seclab
bamfdetect Identifies and extracts information from bots and other malware
BAP 2,055 about 2 months ago Multiplatform and open source (MIT) binary analysis framework developed at CMU's Cylab
BARF 1,408 almost 5 years ago Multiplatform, open source Binary Analysis and Reverse engineering Framework
binnavi 2,873 almost 4 years ago Binary analysis IDE for reverse engineering based on graph visualization
Binary ninja A reversing engineering platform that is an alternative to IDA
Binwalk 10,749 9 days ago Firmware analysis tool
BluePill 121 almost 3 years ago Framework for executing and debugging evasive malware and protected executables
Capstone 7,509 12 days ago Disassembly framework for binary analysis and reversing, with support for many architectures and bindings in several languages
codebro 44 about 7 years ago Web based code browser using  clang to provide basic code analysis
Cutter GUI for Radare2
DECAF (Dynamic Executable Code Analysis Framework) 802 3 months ago - A binary analysis platform based   on QEMU. DroidScope is now an extension to DECAF
dnSpy 26,416 almost 4 years ago .NET assembly editor, decompiler and debugger
dotPeek Free .NET Decompiler and Assembly Browser
Evan's Debugger (EDB) A modular debugger with a Qt GUI
Fibratus 2,205 9 days ago Tool for exploration and tracing of the Windows kernel
FPort Reports open TCP/IP and UDP ports in a live system and maps them to the owning application
GDB The GNU debugger
GEF 6,875 10 days ago GDB Enhanced Features, for exploiters and reverse engineers
Ghidra 50,988 5 days ago A software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate
hackers-grep 169 over 6 years ago A utility to search for strings in PE executables including imports, exports, and debug symbols
Hopper The macOS and Linux Disassembler
IDA Pro Windows disassembler and debugger, with a free evaluation version
IDR 959 about 1 year ago Interactive Delphi Reconstructor is a decompiler of Delphi executable files and dynamic libraries
Immunity Debugger Debugger for malware analysis and more, with a Python API
ILSpy ILSpy is the open-source .NET assembly browser and decompiler
Kaitai Struct DSL for file formats / network protocols / data structures reverse engineering and dissection, with code generation for C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby
LIEF LIEF provides a cross-platform library to parse, modify and abstract ELF, PE and MachO formats
ltrace Dynamic analysis for Linux executables
mac-a-mal 82 about 6 years ago An automated framework for mac malware hunting
objdump Part of GNU binutils, for static analysis of Linux binaries
OllyDbg An assembly-level debugger for Windows executables
OllyDumpEx Dump memory from (unpacked) malware Windows process and store raw or rebuild PE file. This is a plugin for OllyDbg, Immunity Debugger, IDA Pro, WinDbg, and x64dbg
PANDA 103 almost 8 years ago Platform for Architecture-Neutral Dynamic Analysis
PEDA 5,861 3 months ago Python Exploit Development Assistance for GDB, an enhanced display with added commands
pestudio Perform static analysis of Windows executables
Pharos 1,543 about 1 month ago The Pharos binary analysis framework can be used to perform automated static analysis of binaries
plasma 3,050 about 3 years ago Interactive disassembler for x86/ARM/MIPS
PPEE (puppy) A Professional PE file Explorer for reversers, malware researchers and those who want to statically inspect PE files in more detail
Process Explorer - Advanced task manager for Windows
Process Hacker Tool that monitors system resources
Process Monitor - Advanced monitoring tool for Windows programs
PSTools Windows command-line tools that help manage and investigate live systems
Pyew 383 about 5 years ago Python tool for malware analysis
PyREBox 1,652 8 months ago Python scriptable reverse engineering sandbox by the Talos team at Cisco
Qiling Framework Cross platform emulation and sanboxing framework with instruments for binary analysis
QKD 50 about 3 years ago QEMU with embedded WinDbg server for stealth debugging
Radare2 Reverse engineering framework, with debugger support
RegShot Registry compare utility that compares snapshots
RetDec Retargetable machine-code decompiler with an and that you can use in your tools
ROPMEMU 284 over 8 years ago A framework to analyze, dissect and decompile complex code-reuse attacks
Scylla Imports Reconstructor 1,108 over 1 year ago Find and fix the IAT of an unpacked / dumped PE32 malware
ScyllaHide 3,426 4 months ago An Anti-Anti-Debug library and plugin for OllyDbg, x64dbg, IDA Pro, and TitanEngine
SMRT 64 over 3 years ago Sublime Malware Research Tool, a plugin for Sublime 3 to aid with malware analyis
strace Dynamic analysis for Linux executables
StringSifter 675 3 months ago A machine learning tool that automatically ranks strings based on their relevance for malware analysis
Triton A dynamic binary analysis (DBA) framework
Udis86 1,016 over 1 year ago Disassembler library and tool for x86 and x86_64
Vivisect 934 about 1 month ago Python tool for malware analysis
WinDbg multipurpose debugger for the Microsoft Windows computer operating system, used to debug user mode applications, device drivers, and the kernel-mode memory dumps
X64dbg An open-source x64/x32 debugger for windows

Awesome Malware Analysis / Network

Bro Protocol analyzer that operates at incredible scale; both file and network protocols
BroYara 33 almost 10 years ago Use Yara rules from Bro
CapTipper 709 over 1 year ago Malicious HTTP traffic explorer
chopshop 489 almost 2 years ago Protocol analysis and decoding framework
CloudShark Web-based tool for packet analysis and malware traffic detection
FakeNet-NG 1,778 4 months ago Next generation dynamic network analysis tool
Fiddler Intercepting web proxy designed for "web debugging."
Hale 185 over 2 years ago Botnet C&C monitor
Haka An open source security oriented language for describing protocols and applying security policies on (live) captured traffic
HTTPReplay 95 almost 3 years ago Library for parsing and reading out PCAP files, including TLS streams using TLS Master Secrets (used in Cuckoo Sandbox)
INetSim Network service emulation, useful when building a malware lab
Laika BOSS 736 over 1 year ago Laika BOSS is a file-centric malware analysis and intrusion detection system
Malcolm 353 3 days ago Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files) and Zeek logs
Malcom 1,155 almost 7 years ago Malware Communications Analyzer
Maltrail 6,447 3 days ago A malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails and featuring an reporting and analysis interface
mitmproxy Intercept network traffic on the fly
Moloch 6,286 19 days ago IPv4 traffic capturing, indexing and database system
NetworkMiner Network forensic analysis tool, with a free version
ngrep 892 about 1 year ago Search through network traffic like grep
PcapViz 340 over 1 year ago Network topology and traffic visualizer
Python ICAP Yara 57 about 3 years ago An ICAP Server with yara scanner for URL or content
Squidmagic 78 over 6 years ago squidmagic is a tool designed to analyze a web-based network traffic to detect central command and control (C&C) servers and malicious sites, using Squid proxy server and Spamhaus
Tcpdump Collect network traffic
tcpick Trach and reassemble TCP streams from network traffic
tcpxtract Extract files from network traffic
Wireshark The network traffic analysis tool

Awesome Malware Analysis / Memory Forensics

BlackLight Windows/MacOS forensics client supporting hiberfil, pagefile, raw memory analysis
DAMM 209 over 7 years ago Differential Analysis of Malware in Memory, built on Volatility
evolve 259 almost 7 years ago Web interface for the Volatility Memory Forensics Framework
FindAES Find AES encryption keys in memory
inVtero.net 278 about 1 year ago High speed memory analysis framework developed in .NET supports all Windows x64, includes code integrity and write support
Muninn 52 almost 7 years ago A script to automate portions of analysis using Volatility, and create a readable report. - Orochi is an open source framework for collaborative forensic memory dump analysis
Rekall Memory analysis framework, forked from Volatility in 2013
TotalRecall 49 over 7 years ago Script based on Volatility for automating various malware analysis tasks
VolDiff 192 about 7 years ago Run Volatility on memory images before and after malware execution, and report changes
Volatility 7,219 over 1 year ago Advanced memory forensics framework
VolUtility 378 about 1 month ago Web Interface for Volatility Memory Analysis framework
WDBGARK 611 about 4 years ago - WinDBG Anti-RootKit Extension
WinDbg - Live memory inspection and kernel debugging for Windows systems

Awesome Malware Analysis / Windows Artifacts

AChoir 183 over 2 years ago A live incident response script for gathering Windows artifacts
python-evt 48 over 1 year ago Python library for parsing Windows Event Logs
python-registry Python library for parsing registry files
RegRipper ( ) - Plugin-based registry analysis tool

Awesome Malware Analysis / Storage and Workflow

Aleph 158 over 3 years ago Open Source Malware Analysis Pipeline System
CRITs Collaborative Research Into Threats, a malware and threat repository
FAME A malware analysis framework featuring a pipeline that can be extended with custom modules, which can be chained and interact with each other to perform end-to-end analysis
Malwarehouse 133 over 11 years ago Store, tag, and search malware
Polichombr 374 over 5 years ago A malware analysis platform designed to help analysts to reverse malwares collaboratively
stoQ Distributed content analysis framework with extensive plugin support, from input to output, and everything in between
Viper A binary management and analysis framework for analysts and researchers

Awesome Malware Analysis / Miscellaneous

al-khaser 5,827 6 days ago A PoC malware with good intentions that aimes to stress anti-malware systems
CryptoKnight 38 over 4 years ago Automated cryptographic algorithm reverse engineering and classification framework
DC3-MWCP 295 4 months ago - The Defense Cyber Crime Center's Malware Configuration Parser framework
FLARE VM 6,440 10 days ago A fully customizable, Windows-based, security distribution for malware analysis
MalSploitBase 536 about 5 years ago A database containing exploits used by malware
Malware Museum Collection of malware programs that were distributed in the 1980s and 1990s
Malware Organiser 1 about 6 years ago A simple tool to organise large malicious/benign files into a organised Structure
Pafish 3,337 4 months ago Paranoid Fish, a demonstration tool that employs several techniques to detect sandboxes and analysis environments in the same way as malware families do
REMnux Linux distribution and docker images for malware reverse engineering and analysis
Tsurugi Linux Linux distribution designed to support your DFIR investigations, malware analysis and OSINT (Open Source INTelligence) activities
Santoku Linux Linux distribution for mobile forensics, malware analysis, and security

Resources / Books

Learning Malware Analysis Learning Malware Analysis: Explore the concepts, tools, and techniques to analuze and investigate Windows malware
Malware Analyst's Cookbook and DVD - Tools and Techniques for Fighting Malicious Code
Mastering Malware Analysis Mastering Malware Analysis: The complete malware analyst's guide to combating malicious software, APT, cybercime, and IoT attacks
Mastering Reverse Engineering Mastering Reverse Engineering: Re-engineer your ethical hacking skills
Practical Malware Analysis The Hands-On Guide to Dissecting Malicious Software
Practical Reverse Engineering - Intermediate Reverse Engineering
Real Digital Forensics Computer Security and Incident Response
Rootkits and Bootkits Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats
The Art of Memory Forensics Detecting Malware and Threats in Windows, Linux, and Mac Memory
The IDA Pro Book The Unofficial Guide to the World's Most Popular Disassembler
The Rootkit Arsenal The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System

Resources / Other

APT Notes 1,647 2 months ago A collection of papers and notes related to Advanced Persistent Threats
Ember 934 2 months ago Endgame Malware BEnchmark for Research, a repository that makes it easy to (re)create a machine learning model that can be used to predict a score for a PE file based on static analysis
File Formats posters 10,468 8 months ago Nice visualization of commonly used file format (including PE & ELF)
Honeynet Project Honeypot tools, papers, and other resources
Kernel Mode An active community devoted to malware analysis and kernel development
Malicious Software Malware blog and resources by Lenny Zeltser
Malware Analysis Search - Custom Google search engine from
Malware Analysis Tutorials - The Malware Analysis Tutorials by Dr. Xiang Fu, a great resource for learning practical malware analysis
Malware Analysis, Threat Intelligence and Reverse Engineering - Presentation introducing the concepts of malware analysis, threat intelligence and reverse engineering. Experience or prior knowledge is not required. Labs link in description
Malware Persistence 164 about 2 months ago Collection of various information focused on malware persistence: detection (techniques), response, pitfalls and the log collection (tools)
Malware Samples and Traffic This blog focuses on network traffic related to malware infections
Malware Search+++ Firefox extension allows you to easily search some of the most popular malware databases
Practical Malware Analysis Starter Kit - This package contains most of the software referenced in the Practical Malware Analysis book
RPISEC Malware Analysis 3,742 about 2 years ago These are the course materials used in the Malware Analysis course at at Rensselaer Polytechnic Institute during Fall 2015
WindowsIR: Malware Harlan Carvey's page on Malware
Windows Registry specification 318 almost 6 years ago - Windows registry file format specification
/r/csirt_tools Subreddit for CSIRT tools and resources, with a flair
/r/Malware The malware subreddit
/r/ReverseEngineering - Reverse engineering subreddit, not limited to just malware
Android Security 8,099 about 1 month ago
AppSec 6,276 3 months ago
CTFs 9,715 3 months ago
Executable Packing 1,179 4 months ago
Forensics 3,927 about 20 hours ago
"Hacking" 12,967 4 months ago
Honeypots 8,520 about 2 months ago
Industrial Control System Security 1,610 12 months ago
Incident-Response 7,584 3 months ago
Infosec 5,165 8 months ago
PCAP Tools 3,116 5 months ago
Pentesting 21,566 about 24 hours ago
Security 12,322 3 months ago
Threat Intelligence 7,958 about 2 months ago
YARA 3,515 about 2 months ago

Backlinks from these awesome lists: