mirror of
https://github.com/rshipp/awesome-malware-analysis.git
synced 2024-12-18 10:26:07 +00:00
added a variety of open resources from InQuest.net
This commit is contained in:
parent
fc21b92dea
commit
2f7877a607
20
README.md
20
README.md
@ -77,6 +77,7 @@ View Chinese translation: [恶意软件分析大合集.md](恶意软件分析大
|
||||
* [Exploit Database](https://www.exploit-db.com/) - Exploit and shellcode
|
||||
samples.
|
||||
* [Infosec - CERT-PA](https://infosec.cert-pa.it/analyze/submission.html) - Malware samples collection and analysis.
|
||||
* [InQuest Labs](https://labs.inquest.net) - Evergrowing searchable corpus of malicious Microsoft documents.
|
||||
* [Malpedia](https://malpedia.caad.fkie.fraunhofer.de/) - A resource providing
|
||||
rapid identification and actionable context for malware investigations.
|
||||
* [Malshare](https://malshare.com) - Large repository of malware actively
|
||||
@ -139,7 +140,7 @@ View Chinese translation: [恶意软件分析大合集.md](恶意软件分析大
|
||||
* [threataggregator](https://github.com/jpsenior/threataggregator) -
|
||||
Aggregates security threats from a number of sources, including some of
|
||||
those listed below in [other resources](#other-resources).
|
||||
* [ThreatConnect](https://threatconnect.com/free/) - TC Open allows you to see and
|
||||
* [ThreatConnect](https://threatconnect.com/free/) - TC Open allows you to see and
|
||||
share open source threat data, with support and validation from our free community.
|
||||
* [ThreatCrowd](https://www.threatcrowd.org/) - A search engine for threats,
|
||||
with graphical visualization.
|
||||
@ -175,6 +176,8 @@ View Chinese translation: [恶意软件分析大合集.md](恶意软件分析大
|
||||
* [HoneyDB](https://riskdiscovery.com/honeydb) - Community driven honeypot sensor data collection and aggregation.
|
||||
* [hpfeeds](https://github.com/rep/hpfeeds) - Honeypot feed protocol.
|
||||
* [Infosec - CERT-PA lists](https://infosec.cert-pa.it/analyze/statistics.html) ([IPs](https://infosec.cert-pa.it/analyze/listip.txt) - [Domains](https://infosec.cert-pa.it/analyze/listdomains.txt) - [URLs](https://infosec.cert-pa.it/analyze/listurls.txt)) - Blocklist service.
|
||||
* [InQuest REPdb](https://labs.inquest.net/repdb) - Continuous aggregation of IOCs from a variety of open reputation sources.
|
||||
* [InQuest IOCdb](https://labs.inquest.net/iocdb) - Continuous aggregation of IOCs from a variety of blogs, Github repos, and Twitter.
|
||||
* [Internet Storm Center (DShield)](https://isc.sans.edu/) - Diary and
|
||||
searchable incident database, with a web [API](https://dshield.org/api/).
|
||||
([unofficial Python library](https://github.com/rshipp/python-dshield)).
|
||||
@ -275,7 +278,7 @@ executables.
|
||||
against multiple mobile antivirus apps.
|
||||
* [AVCaesar](https://avcaesar.malware.lu/) - Malware.lu online scanner and
|
||||
malware repository.
|
||||
* [BoomBox](https://github.com/nbeede/BoomBox) - Automatic deployment of Cuckoo
|
||||
* [BoomBox](https://github.com/nbeede/BoomBox) - Automatic deployment of Cuckoo
|
||||
Sandbox malware lab using Packer and Vagrant.
|
||||
* [Cryptam](http://www.cryptam.com/) - Analyze suspicious office documents.
|
||||
* [Cuckoo Sandbox](https://cuckoosandbox.org/) - Open source, self hosted
|
||||
@ -344,7 +347,7 @@ executables.
|
||||
*Inspect domains and IP addresses.*
|
||||
|
||||
* [AbuseIPDB](https://www.abuseipdb.com/) - AbuseIPDB is a project dedicated
|
||||
to helping combat the spread of hackers, spammers, and abusive activity on the internet.
|
||||
to helping combat the spread of hackers, spammers, and abusive activity on the internet.
|
||||
* [badips.com](https://www.badips.com/) - Community based IP blacklist service.
|
||||
* [boomerang](https://github.com/EmersonElectricCo/boomerang) - A tool designed
|
||||
for consistent and safe capture of off network web resources.
|
||||
@ -384,7 +387,7 @@ executables.
|
||||
or network owner. (Previously SenderBase.)
|
||||
* [TekDefense Automater](http://www.tekdefense.com/automater/) - OSINT tool
|
||||
for gathering information about URLs, IPs, or hashes.
|
||||
* [URLhaus](https://urlhaus.abuse.ch/) - A project from abuse.ch with the goal
|
||||
* [URLhaus](https://urlhaus.abuse.ch/) - A project from abuse.ch with the goal
|
||||
of sharing malicious URLs that are being used for malware distribution.
|
||||
* [URLQuery](http://urlquery.net/) - Free URL Scanner.
|
||||
* [urlscan.io](https://urlscan.io/) - Free URL Scanner & domain information.
|
||||
@ -430,6 +433,7 @@ the [browser malware](#browser-malware) section.*
|
||||
malware, featuring JScript/WScript support and ActiveX emulation.
|
||||
* [diStorm](http://www.ragestorm.net/distorm/) - Disassembler for analyzing
|
||||
malicious shellcode.
|
||||
* [InQuest Deep File Inspection](https://labs.inquest.net/dfi) - Upload common malware lures for Deep File Inspection and heuristical analysis.
|
||||
* [JS Beautifier](http://jsbeautifier.org/) - JavaScript unpacking and deobfuscation.
|
||||
* [JS Deobfuscator](http://www.kahusecurity.com/2015/new-javascript-deobfuscator-tool/) -
|
||||
Deobfuscate simple Javascript that use eval or document.write to conceal
|
||||
@ -545,7 +549,7 @@ the [browser malware](#browser-malware) section.*
|
||||
* [GDB](http://www.sourceware.org/gdb/) - The GNU debugger.
|
||||
* [GEF](https://github.com/hugsy/gef) - GDB Enhanced Features, for exploiters
|
||||
and reverse engineers.
|
||||
* [Ghidra](https://github.com/NationalSecurityAgency/ghidra) - A software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate.
|
||||
* [Ghidra](https://github.com/NationalSecurityAgency/ghidra) - A software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate.
|
||||
* [hackers-grep](https://github.com/codypierce/hackers-grep) - A utility to
|
||||
search for strings in PE executables including imports, exports, and debug
|
||||
symbols.
|
||||
@ -645,8 +649,8 @@ the [browser malware](#browser-malware) section.*
|
||||
building a malware lab.
|
||||
* [Laika BOSS](https://github.com/lmco/laikaboss) - Laika BOSS is a file-centric
|
||||
malware analysis and intrusion detection system.
|
||||
* [Malcolm](https://github.com/idaholab/Malcolm) - Malcolm is a powerful, easily
|
||||
deployable network traffic analysis tool suite for full packet capture artifacts
|
||||
* [Malcolm](https://github.com/idaholab/Malcolm) - Malcolm is a powerful, easily
|
||||
deployable network traffic analysis tool suite for full packet capture artifacts
|
||||
(PCAP files) and Zeek logs.
|
||||
* [Malcom](https://github.com/tomchop/malcom) - Malware Communications
|
||||
Analyzer.
|
||||
@ -772,7 +776,7 @@ the [browser malware](#browser-malware) section.*
|
||||
* [Learning Malware Analysis](https://www.packtpub.com/networking-and-servers/learning-malware-analysis) - Learning Malware Analysis: Explore the concepts, tools, and techniques to analuze and investigate Windows malware
|
||||
* [Malware Analyst's Cookbook and DVD](https://amzn.com/dp/0470613033) -
|
||||
Tools and Techniques for Fighting Malicious Code.
|
||||
* [Mastering Malware Analysis](https://www.packtpub.com/networking-and-servers/mastering-malware-analysis) - Mastering Malware Analysis: The complete malware analyst's guide to combating malicious software, APT, cybercime, and IoT attacks
|
||||
* [Mastering Malware Analysis](https://www.packtpub.com/networking-and-servers/mastering-malware-analysis) - Mastering Malware Analysis: The complete malware analyst's guide to combating malicious software, APT, cybercime, and IoT attacks
|
||||
* [Mastering Reverse Engineering](https://www.packtpub.com/networking-and-servers/mastering-reverse-engineering) - Mastering Reverse Engineering: Re-engineer your ethical hacking skills
|
||||
* [Practical Malware Analysis](https://amzn.com/dp/1593272901) - The Hands-On
|
||||
Guide to Dissecting Malicious Software.
|
||||
|
Loading…
Reference in New Issue
Block a user