mirror of
https://github.com/rshipp/awesome-malware-analysis.git
synced 2024-12-20 19:26:09 +00:00
Ryan Shipp
commit
6213712bfa
16
README.md
16
README.md
@ -54,7 +54,7 @@ A curated list of awesome malware analysis tools and resources. Inspired by
|
|||||||
|
|
||||||
*Trap and collect your own samples.*
|
*Trap and collect your own samples.*
|
||||||
|
|
||||||
* [Conpot](https://github.com/glastopf/conpot) - ICS/SCADA honeypot.
|
* [Conpot](https://github.com/mushorg/conpot) - ICS/SCADA honeypot.
|
||||||
* [Dionaea](http://dionaea.carnivore.it/) - Honeypot designed to trap
|
* [Dionaea](http://dionaea.carnivore.it/) - Honeypot designed to trap
|
||||||
malware.
|
malware.
|
||||||
* [Glastopf](http://glastopf.org/) - Web application honeypot.
|
* [Glastopf](http://glastopf.org/) - Web application honeypot.
|
||||||
@ -166,7 +166,7 @@ A curated list of awesome malware analysis tools and resources. Inspired by
|
|||||||
* [AnalyzePE](https://github.com/hiddenillusion/AnalyzePE) - Wrapper for a
|
* [AnalyzePE](https://github.com/hiddenillusion/AnalyzePE) - Wrapper for a
|
||||||
variety of tools for reporting on Windows PE files.
|
variety of tools for reporting on Windows PE files.
|
||||||
* [chkrootkit](http://www.chkrootkit.org/) - Local Linux rootkit detection.
|
* [chkrootkit](http://www.chkrootkit.org/) - Local Linux rootkit detection.
|
||||||
* [ClamAV](http://www.clamav.net/index.html) - Open source antivirus engine.
|
* [ClamAV](http://www.clamav.net/) - Open source antivirus engine.
|
||||||
* [ExifTool](http://www.sno.phy.queensu.ca/~phil/exiftool/) - Read, write and
|
* [ExifTool](http://www.sno.phy.queensu.ca/~phil/exiftool/) - Read, write and
|
||||||
edit file metadata.
|
edit file metadata.
|
||||||
* [hashdeep](https://github.com/jessek/hashdeep) - Compute digest hashes with
|
* [hashdeep](https://github.com/jessek/hashdeep) - Compute digest hashes with
|
||||||
@ -219,14 +219,14 @@ A curated list of awesome malware analysis tools and resources. Inspired by
|
|||||||
analysis tool, powered by VxSandbox.
|
analysis tool, powered by VxSandbox.
|
||||||
* [IRMA](http://irma.quarkslab.com/) - An asynchronous and customizable
|
* [IRMA](http://irma.quarkslab.com/) - An asynchronous and customizable
|
||||||
analysis platform for suspicious files.
|
analysis platform for suspicious files.
|
||||||
* [Jotti](http://virusscan.jotti.org/en) - Free online multi-AV scanner.
|
* [Jotti](https://virusscan.jotti.org/en) - Free online multi-AV scanner.
|
||||||
* [Malheur](https://github.com/rieck/malheur) - Automatic sandboxed analysis
|
* [Malheur](https://github.com/rieck/malheur) - Automatic sandboxed analysis
|
||||||
of malware behavior.
|
of malware behavior.
|
||||||
* [Malwr](https://malwr.com/) - Free analysis with an online Cuckoo Sandbox
|
* [Malwr](https://malwr.com/) - Free analysis with an online Cuckoo Sandbox
|
||||||
instance.
|
instance.
|
||||||
* [MASTIFF Online](https://mastiff-online.korelogic.com/) - Online static
|
* [MASTIFF Online](https://mastiff-online.korelogic.com/) - Online static
|
||||||
analysis of malware.
|
analysis of malware.
|
||||||
* [Metascan Online](https://www.metascan-online.com/en) - Free file scanning
|
* [Metascan Online](https://live.metascan-online.com/) - Free file scanning
|
||||||
with multiple antivirus engines.
|
with multiple antivirus engines.
|
||||||
* [Noriben](https://github.com/Rurik/Noriben) - Uses Sysinternals Procmon to
|
* [Noriben](https://github.com/Rurik/Noriben) - Uses Sysinternals Procmon to
|
||||||
collect information about malware in a sandboxed environment.
|
collect information about malware in a sandboxed environment.
|
||||||
@ -273,7 +273,7 @@ A curated list of awesome malware analysis tools and resources. Inspired by
|
|||||||
IDX cache files.
|
IDX cache files.
|
||||||
* [JSDetox](http://www.relentless-coding.com/projects/jsdetox/) - JavaScript
|
* [JSDetox](http://www.relentless-coding.com/projects/jsdetox/) - JavaScript
|
||||||
malware analysis tool.
|
malware analysis tool.
|
||||||
* [jsunpack-n](https://code.google.com/p/jsunpack-n/) - A javascript
|
* [jsunpack-n](https://github.com/urule99/jsunpack-n) - A javascript
|
||||||
unpacker that emulates browser functionality.
|
unpacker that emulates browser functionality.
|
||||||
* [Malzilla](http://malzilla.sourceforge.net/) - Analyze malicious web pages.
|
* [Malzilla](http://malzilla.sourceforge.net/) - Analyze malicious web pages.
|
||||||
* [RABCDAsm](https://github.com/CyberShadow/RABCDAsm) - A "Robust
|
* [RABCDAsm](https://github.com/CyberShadow/RABCDAsm) - A "Robust
|
||||||
@ -380,7 +380,7 @@ the [browser malware](#browser-malware) section.*
|
|||||||
analysis.
|
analysis.
|
||||||
* [Radare2](http://www.radare.org/r/) - Reverse engineering framework, with
|
* [Radare2](http://www.radare.org/r/) - Reverse engineering framework, with
|
||||||
debugger support.
|
debugger support.
|
||||||
* [strace](https://sourceforge.net/projects/strace/) - Dynamic analysis for
|
* [strace](http://sourceforge.net/projects/strace/) - Dynamic analysis for
|
||||||
Linux executables.
|
Linux executables.
|
||||||
* [Udis86](https://github.com/vmt/udis86) - Disassembler library and tool
|
* [Udis86](https://github.com/vmt/udis86) - Disassembler library and tool
|
||||||
for x86 and x86_64.
|
for x86 and x86_64.
|
||||||
@ -426,7 +426,7 @@ the [browser malware](#browser-malware) section.*
|
|||||||
|
|
||||||
* [DAMM](https://github.com/504ensicsLabs/DAMM) - Differential Analysis of
|
* [DAMM](https://github.com/504ensicsLabs/DAMM) - Differential Analysis of
|
||||||
Malware in Memory, built on Volatility
|
Malware in Memory, built on Volatility
|
||||||
* [FindAES](https://jessekornblum.livejournal.com/269749.html) - Find AES
|
* [FindAES](http://jessekornblum.livejournal.com/269749.html) - Find AES
|
||||||
encryption keys in memory.
|
encryption keys in memory.
|
||||||
* [Muninn](https://github.com/ytisf/muninn) - A script to automate portions
|
* [Muninn](https://github.com/ytisf/muninn) - A script to automate portions
|
||||||
of analysis using Volatility, and create a readable report.
|
of analysis using Volatility, and create a readable report.
|
||||||
@ -520,7 +520,7 @@ the [browser malware](#browser-malware) section.*
|
|||||||
other resources.
|
other resources.
|
||||||
* [Malicious Software](https://zeltser.com/malicious-software/) - Malware
|
* [Malicious Software](https://zeltser.com/malicious-software/) - Malware
|
||||||
blog and resources by Lenny Zeltser.
|
blog and resources by Lenny Zeltser.
|
||||||
* [Malware Analysis Search](http://www.google.com/cse/home?cx=011750002002865445766:pc60zx1rliu) -
|
* [Malware Analysis Search](https://cse.google.com/cse/home?cx=011750002002865445766%3Apc60zx1rliu) -
|
||||||
Custom Google search engine from [Corey Harrell](journeyintoir.blogspot.com/).
|
Custom Google search engine from [Corey Harrell](journeyintoir.blogspot.com/).
|
||||||
* [WindowsIR: Malware](http://windowsir.blogspot.com/p/malware.html) - Harlan
|
* [WindowsIR: Malware](http://windowsir.blogspot.com/p/malware.html) - Harlan
|
||||||
Carvey's page on Malware.
|
Carvey's page on Malware.
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user