mirror of
https://github.com/rshipp/awesome-malware-analysis.git
synced 2024-12-18 10:26:07 +00:00
commit
577019c73a
20
README.md
20
README.md
@ -238,6 +238,8 @@ View Chinese translation: [恶意软件分析大合集.md](恶意软件分析大
|
||||
edit file metadata.
|
||||
* [File Scanning Framework](https://github.com/EmersonElectricCo/fsf) -
|
||||
Modular, recursive file scanning solution.
|
||||
* [fn2yara](https://github.com/cmu-sei/pharos) - FN2Yara is a tool to generate
|
||||
Yara signatures for matching functions (code) in an executable program.
|
||||
* [Generic File Parser](https://github.com/uppusaikiran/generic-parser) - A Single Library Parser to extract meta information,static analysis and detect macros within the files.
|
||||
* [hashdeep](https://github.com/jessek/hashdeep) - Compute digest hashes with
|
||||
a variety of algorithms.
|
||||
@ -413,6 +415,9 @@ executables.
|
||||
*Analyze malicious URLs. See also the [domain analysis](#domain-analysis) and
|
||||
[documents and shellcode](#documents-and-shellcode) sections.*
|
||||
|
||||
* [Bytecode Viewer](https://github.com/Konloch/bytecode-viewer) - Combines
|
||||
multiple Java bytecode viewers and decompilers into one tool, including
|
||||
APK/DEX support.
|
||||
* [Firebug](https://getfirebug.com/) - Firefox extension for web development.
|
||||
* [Java Decompiler](http://jd.benow.ca/) - Decompile and inspect Java apps.
|
||||
* [Java IDX Parser](https://github.com/Rurik/Java_IDX_Parser/) - Parses Java
|
||||
@ -504,6 +509,14 @@ the [browser malware](#browser-malware) section.*
|
||||
XOR key using frequency analysis.
|
||||
* [PackerAttacker](https://github.com/BromiumLabs/PackerAttacker) - A generic
|
||||
hidden code extractor for Windows malware.
|
||||
* [PyInstaller Extractor](https://github.com/extremecoders-re/pyinstxtractor) -
|
||||
A Python script to extract the contents of a PyInstaller generated Windows
|
||||
executable file. The contents of the pyz file (usually pyc files) present
|
||||
inside the executable are also extracted and automatically fixed so that a
|
||||
Python bytecode decompiler will recognize it.
|
||||
* [uncompyle6](https://github.com/rocky/python-uncompyle6/) - A cross-version
|
||||
Python bytecode decompiler. Translates Python bytecode back into equivalent
|
||||
Python source code.
|
||||
* [un{i}packer](https://github.com/unipacker/unipacker) - Automatic and
|
||||
platform-independent unpacker for Windows binaries based on emulation.
|
||||
* [unpacker](https://github.com/malwaremusings/unpacker/) - Automated malware
|
||||
@ -582,6 +595,9 @@ the [browser malware](#browser-malware) section.*
|
||||
for static analysis of Linux binaries.
|
||||
* [OllyDbg](http://www.ollydbg.de/) - An assembly-level debugger for Windows
|
||||
executables.
|
||||
* [OllyDumpEx](https://low-priority.appspot.com/ollydumpex/) - Dump memory
|
||||
from (unpacked) malware Windows process and store raw or rebuild PE file.
|
||||
This is a plugin for OllyDbg, Immunity Debugger, IDA Pro, WinDbg, and x64dbg.
|
||||
* [PANDA](https://github.com/moyix/panda) - Platform for Architecture-Neutral
|
||||
Dynamic Analysis.
|
||||
* [PEDA](https://github.com/longld/peda) - Python Exploit Development
|
||||
@ -618,6 +634,10 @@ the [browser malware](#browser-malware) section.*
|
||||
[API](https://retdec.com/api/) that you can use in your tools.
|
||||
* [ROPMEMU](https://github.com/Cisco-Talos/ROPMEMU) - A framework to analyze, dissect
|
||||
and decompile complex code-reuse attacks.
|
||||
* [Scylla Imports Reconstructor](https://github.com/NtQuery/Scylla) - Find and fix
|
||||
the IAT of an unpacked / dumped PE32 malware.
|
||||
* [ScyllaHide](https://github.com/x64dbg/ScyllaHide) - An Anti-Anti-Debug library
|
||||
and plugin for OllyDbg, x64dbg, IDA Pro, and TitanEngine.
|
||||
* [SMRT](https://github.com/pidydx/SMRT) - Sublime Malware Research Tool, a
|
||||
plugin for Sublime 3 to aid with malware analyis.
|
||||
* [strace](https://sourceforge.net/projects/strace/) - Dynamic analysis for
|
||||
|
Loading…
Reference in New Issue
Block a user