mirror of
https://github.com/rshipp/awesome-malware-analysis.git
synced 2024-12-18 10:26:07 +00:00
Update outdated links
This commit is contained in:
rshipp
parent
62d8100381
commit
fc3125268b
28
README.md
28
README.md
@ -77,7 +77,7 @@ A curated list of awesome malware analysis tools and resources. Inspired by
|
||||
malware samples and analyses.
|
||||
* [Exploit Database](https://www.exploit-db.com/) - Exploit and shellcode
|
||||
samples.
|
||||
* [Malshare](http://malshare.com) - Large repository of malware actively
|
||||
* [Malshare](https://malshare.com) - Large repository of malware actively
|
||||
scrapped from malicious sites.
|
||||
samples directly from a number of online sources.
|
||||
* [MalwareDB](http://malwaredb.malekal.com/) - Malware samples repository.
|
||||
@ -124,9 +124,9 @@ A curated list of awesome malware analysis tools and resources. Inspired by
|
||||
from various lists. Curated by the [CSIRT Gadgets Foundation](http://csirtgadgets.org/collective-intelligence-framework).
|
||||
* [MISP](https://github.com/MISP/MISP) - Malware Information Sharing
|
||||
Platform curated by [The MISP Project](http://www.misp-project.org/).
|
||||
* [PassiveTotal](https://www.passivetotal.org/) - Research, connect, tag and
|
||||
share IPs and domains.
|
||||
* [PyIOCe](https://github.com/pidydx/PyIOCe) - A Python OpenIOC editor.
|
||||
* [RiskIQ](https://community.riskiq.com/) - Research, connect, tag and
|
||||
share IPs and domains. (Was PassiveTotal.)
|
||||
* [threataggregator](https://github.com/jpsenior/threataggregator) -
|
||||
Aggregates security threats from a number of sources, including some of
|
||||
those listed below in [other resources](#other-resources).
|
||||
@ -200,7 +200,7 @@ YARA rules.
|
||||
* [ClamAV](http://www.clamav.net/) - Open source antivirus engine.
|
||||
* [Detect-It-Easy](https://github.com/horsicq/Detect-It-Easy) - A program for
|
||||
determining types of files.
|
||||
* [ExifTool](http://www.sno.phy.queensu.ca/~phil/exiftool/) - Read, write and
|
||||
* [ExifTool](https://sno.phy.queensu.ca/~phil/exiftool/) - Read, write and
|
||||
edit file metadata.
|
||||
* [File Scanning Framework](https://github.com/EmersonElectricCo/fsf) -
|
||||
Modular, recursive file scanning solution.
|
||||
@ -220,7 +220,7 @@ YARA rules.
|
||||
* [PEV](http://pev.sourceforge.net/) - A multiplatform toolkit to work with PE
|
||||
files, providing feature-rich tools for proper analysis of suspicious binaries.
|
||||
* [Rootkit Hunter](http://rkhunter.sourceforge.net/) - Detect Linux rootkits.
|
||||
* [ssdeep](http://ssdeep.sourceforge.net/) - Compute fuzzy hashes.
|
||||
* [ssdeep](https://ssdeep-project.github.io/ssdeep/) - Compute fuzzy hashes.
|
||||
* [totalhash.py](https://gist.github.com/gleblanc1783/3c8e6b379fa9d646d401b96ab5c7877f) - Python script
|
||||
for easy searching of the [TotalHash.cymru.com](https://totalhash.cymru.com/) database.
|
||||
* [TrID](http://mark0.net/soft-trid-e.html) - File identifier.
|
||||
@ -233,7 +233,6 @@ YARA rules.
|
||||
## Online Scanners and Sandboxes
|
||||
|
||||
*Web-based multi-AV scanners, and malware sandboxes for automated analysis.*
|
||||
* [APK Analyzer](https://www.apk-analyzer.net/) - Free dynamic analysis of APKs.
|
||||
* [AndroTotal](https://andrototal.org/) - Free online analysis of APKs
|
||||
against multiple mobile antivirus apps.
|
||||
* [AVCaesar](https://avcaesar.malware.lu/) - Malware.lu online scanner and
|
||||
@ -250,10 +249,8 @@ YARA rules.
|
||||
machine-learning classification.
|
||||
* [detux](https://github.com/detuxsandbox/detux/) - A sandbox developed to do traffic analysis
|
||||
of Linux malwares and capturing IOCs.
|
||||
* [Document Analyzer](https://www.document-analyzer.net/) - Free dynamic analysis of DOC and PDF files.
|
||||
* [DRAKVUF](https://github.com/tklengyel/drakvuf) - Dynamic malware analysis
|
||||
system.
|
||||
* [File Analyzer](https://www.file-analyzer.net/) - Free dynamic analysis of PE files.
|
||||
* [firmware.re](http://firmware.re/) - Unpacks, scans and analyzes almost any firmware package.
|
||||
* [HaboMalHunter](https://github.com/Tencent/HaboMalHunter) - An Automated Malware Analysis Tool for Linux ELF Files.
|
||||
* [Hybrid Analysis](https://www.hybrid-analysis.com/) - Online malware
|
||||
@ -287,7 +284,6 @@ YARA rules.
|
||||
Android application analysis system.
|
||||
* [SEE](https://github.com/F-Secure/see) - Sandboxed Execution Environment (SEE)
|
||||
is a framework for building test automation in secured Environments.
|
||||
* [URL Analyzer](https://www.url-analyzer.net/) - Free dynamic analysis of URL files.
|
||||
* [VirusTotal](https://www.virustotal.com/) - Free online analysis of malware
|
||||
samples and URLs
|
||||
* [Visualize_Logs](https://github.com/keithjjones/visualize_logs) - Open source
|
||||
@ -320,13 +316,13 @@ YARA rules.
|
||||
* [NormShield Services](https://services.normshield.com/) - Free API Services
|
||||
for detecting possible phishing domains, blacklisted ip addresses and breached
|
||||
accounts.
|
||||
* [SenderBase](http://www.senderbase.org/) - Search for IP, domain or network
|
||||
owner.
|
||||
* [SpamCop](https://www.spamcop.net/bl.shtml) - IP based spam block list.
|
||||
* [SpamHaus](https://www.spamhaus.org/lookup/) - Block list based on
|
||||
domains and IPs.
|
||||
* [Sucuri SiteCheck](https://sitecheck.sucuri.net/) - Free Website Malware
|
||||
and Security Scanner.
|
||||
* [Talos Intelligence](https://talosintelligence.com/) - Search for IP, domain or network
|
||||
owner. (Previously SenderBase.)
|
||||
* [TekDefense Automater](http://www.tekdefense.com/automater/) - OSINT tool
|
||||
for gathering information about URLs, IPs, or hashes.
|
||||
* [URLQuery](http://urlquery.net/) - Free URL Scanner.
|
||||
@ -334,14 +330,14 @@ YARA rules.
|
||||
search.
|
||||
* [Zeltser's List](https://zeltser.com/lookup-malicious-websites/) - Free
|
||||
online tools for researching malicious websites, compiled by Lenny Zeltser.
|
||||
* [ZScalar Zulu](http://zulu.zscaler.com/#) - Zulu URL Risk Analyzer.
|
||||
* [ZScalar Zulu](https://zulu.zscaler.com/#) - Zulu URL Risk Analyzer.
|
||||
|
||||
## Browser Malware
|
||||
|
||||
*Analyze malicious URLs. See also the [domain analysis](#domain-analysis) and
|
||||
[documents and shellcode](#documents-and-shellcode) sections.*
|
||||
|
||||
* [Firebug](http://getfirebug.com/) - Firefox extension for web development.
|
||||
* [Firebug](https://getfirebug.com/) - Firefox extension for web development.
|
||||
* [Java Decompiler](http://jd.benow.ca/) - Decompile and inspect Java apps.
|
||||
* [Java IDX Parser](https://github.com/Rurik/Java_IDX_Parser/) - Parses Java
|
||||
IDX cache files.
|
||||
@ -506,12 +502,12 @@ the [browser malware](#browser-malware) section.*
|
||||
* [PPEE (puppy)](https://www.mzrst.com/) - A Professional PE file Explorer for
|
||||
reversers, malware researchers and those who want to statically inspect PE
|
||||
files in more detail.
|
||||
* [Process Explorer](https://technet.microsoft.com/en-us/sysinternals/processexplorer.aspx) -
|
||||
* [Process Explorer](https://docs.microsoft.com/sysinternals/downloads/process-explorer) -
|
||||
Advanced task manager for Windows.
|
||||
* [Process Hacker](http://processhacker.sourceforge.net/) - Tool that monitors system resources.
|
||||
* [Process Monitor](https://technet.microsoft.com/en-us/sysinternals/bb896645.aspx) -
|
||||
* [Process Monitor](https://docs.microsoft.com/sysinternals/downloads/procmon) -
|
||||
Advanced monitoring tool for Windows programs.
|
||||
* [PSTools](https://technet.microsoft.com/en-us/sysinternals/pstools.aspx) - Windows
|
||||
* [PSTools](https://docs.microsoft.com/sysinternals/downloads/pstools) - Windows
|
||||
command-line tools that help manage and investigate live systems.
|
||||
* [Pyew](https://github.com/joxeankoret/pyew) - Python tool for malware
|
||||
analysis.
|
||||
|
||||
24
恶意软件分析大合集.md
24
恶意软件分析大合集.md
@ -65,7 +65,7 @@
|
||||
* [Clean MX](http://support.clean-mx.de/clean-mx/viruses.php) - 恶意软件和恶意域名的实时数据库
|
||||
* [Contagio](http://contagiodump.blogspot.com/) - 近期的恶意软件样本和分析的收集
|
||||
* [Exploit Database](https://www.exploit-db.com/) - Exploit 和 shellcode 样本
|
||||
* [Malshare](http://malshare.com) - 在恶意网站上得到的大量恶意样本库
|
||||
* [Malshare](https://malshare.com) - 在恶意网站上得到的大量恶意样本库
|
||||
* [MalwareDB](http://malwaredb.malekal.com/) - 恶意软件样本库
|
||||
* [Open Malware Project](http://openmalware.org/) - 样本信息和下载
|
||||
* [Ragpicker](https://github.com/robbyFux/Ragpicker) - 基于 malware crawler 的一个插件
|
||||
@ -93,8 +93,8 @@
|
||||
* [ioc_writer](https://github.com/mandiant/ioc_writer) - 开发的用于 OpenIOC 对象的 Python 库
|
||||
* [Massive Octo Spice](https://github.com/csirtgadgets/massive-octo-spice) - 由 [CSIRT Gadgets Foundation](http://csirtgadgets.org/collective-intelligence-framework)发起,之前叫做 CIF (Collective Intelligence Framework),从各种信息源聚合 IOC 信息
|
||||
* [MISP](https://github.com/MISP/MISP) - 由 [The MISP Project](http://www.misp-project.org/) 发起的恶意软件信息共享平台
|
||||
* [PassiveTotal](https://www.passivetotal.org/) - 研究、链接、标注和分享 IP 与 域名
|
||||
* [PyIOCe](https://github.com/pidydx/PyIOCe) - 一个 Python OpenIOC 编辑器
|
||||
* [RiskIQ](https://community.riskiq.com/) - 研究、链接、标注和分享 IP 与 域名
|
||||
* [threataggregator](https://github.com/jpsenior/threataggregator) - 聚合来自多个信息源的安全威胁,包括 [other resources](#other-resources) 列表中的一些
|
||||
* [ThreatCrowd](https://www.threatcrowd.org/) - 带有图形可视化的威胁搜索引擎
|
||||
* [TIQ-test](https://github.com/mlsecproject/tiq-test) - 威胁情报源的数据可视化和统计分析
|
||||
@ -138,7 +138,7 @@
|
||||
* [chkrootkit](http://www.chkrootkit.org/) - 本地 Linux rootkit 检测
|
||||
* [ClamAV](http://www.clamav.net/) - 开源反病毒引擎
|
||||
* [Detect-It-Easy](https://github.com/horsicq/Detect-It-Easy) - 用于确定文件类型的程序
|
||||
* [ExifTool](http://www.sno.phy.queensu.ca/~phil/exiftool/) - 读、写、编辑文件的元数据
|
||||
* [ExifTool](https://sno.phy.queensu.ca/~phil/exiftool/) - 读、写、编辑文件的元数据
|
||||
* [File Scanning Framework](http://www.sno.phy.queensu.ca/%7Ephil/exiftool/) - 模块化的递归文件扫描解决方案
|
||||
* [hashdeep](https://github.com/jessek/hashdeep) - 用各种算法计算哈希值
|
||||
* [Loki](https://github.com/Neo23x0/Loki) - 基于主机的 IOC 扫描器
|
||||
@ -149,7 +149,7 @@
|
||||
* [packerid](http://handlers.sans.org/jclausing/packerid.py) - 跨平台的 PEiD 的替代品
|
||||
* [PEV](http://pev.sourceforge.net/) - 为正确分析可疑的二进制文件提供功能丰富工具的 PE 文件多平台分析工具集
|
||||
* [Rootkit Hunter](http://rkhunter.sourceforge.net/) - 检测 Linux 的 rootkits
|
||||
* [ssdeep](http://ssdeep.sourceforge.net/) - 计算模糊哈希值
|
||||
* [ssdeep](https://ssdeep-project.github.io/ssdeep/) - 计算模糊哈希值
|
||||
* [totalhash.py](https://gist.github.com/malc0de/10270150) - 一个简单搜索[TotalHash.com](http://totalhash.com/) 数据库的 Python 脚本
|
||||
* [TrID](http://mark0.net/soft-trid-e.html) - 文件识别
|
||||
* [YARA](https://plusvic.github.io/yara/) - 分析师利用的模式识别工具
|
||||
@ -159,7 +159,6 @@
|
||||
|
||||
*基于 Web 的多反病毒引擎扫描器和恶意软件自动分析的沙盒*
|
||||
|
||||
* [APK Analyzer](https://www.apk-analyzer.net/) - APK 免费动态分析
|
||||
* [AndroTotal](https://andrototal.org/) - 利用多个移动反病毒软件进行免费在线分析 App
|
||||
* [AVCaesar](https://avcaesar.malware.lu/) - Malware.lu 在线扫描器和恶意软件集合
|
||||
* [Cryptam](http://www.cryptam.com/) - 分析可疑的 Office 文档
|
||||
@ -168,9 +167,7 @@
|
||||
* [cuckoo-modified-api](https://github.com/brad-accuvant/cuckoo-modified) - 用于控制 cuckoo-modified 沙盒的 Python API
|
||||
* [DeepViz](https://www.deepviz.com/) - 通过机器学习分类来分析的多格式文件分析器
|
||||
* [detux](https://github.com/detuxsandbox/detux/) - 一个用于对 Linux 恶意软件流量分析与 IOC 信息捕获的沙盒
|
||||
* [Document Analyzer](https://www.document-analyzer.net/) - DOC 和 PDF 文件的免费动态分析
|
||||
* [DRAKVUF](https://github.com/tklengyel/drakvuf) - 动态恶意软件分析系统
|
||||
* [File Analyzer](https://www.file-analyzer.net/) - 免费 PE 文件动态分析
|
||||
* [firmware.re](http://firmware.re/) - 解包、扫描、分析绝大多数固件包
|
||||
* [HaboMalHunter](https://github.com/Tencent/HaboMalHunter) - Linux平台上的自动化恶意代码分析工具.
|
||||
* [Hybrid Analysis](https://www.hybrid-analysis.com/) - 由 VxSandbox 支持的在线恶意软件分析工具
|
||||
@ -190,7 +187,6 @@
|
||||
* [Recomposer](https://github.com/secretsquirrel/recomposer) - 安全上传二进制程序到沙盒网站的辅助脚本
|
||||
* [Sand droid](http://sanddroid.xjtu.edu.cn/) - 自动化、完整的 Android 应用程序分析系统
|
||||
* [SEE](https://github.com/F-Secure/see) - 在安全环境中构建测试自动化的框架
|
||||
* [URL Analyzer](https://www.url-analyzer.net/) - 对 URL 文件的动态分析
|
||||
* [VirusTotal](https://www.virustotal.com/) - 免费的在线恶意软件样本和 URL 分析
|
||||
* [Visualize_Logs](https://github.com/keithjjones/visualize_logs) - 用于日志的开源可视化库和命令行工具(Cuckoo、Procmon 等)
|
||||
* [Zeltser's List](https://zeltser.com/automated-malware-analysis/) - Lenny Zeltser 创建的免费自动沙盒服务
|
||||
@ -207,21 +203,21 @@
|
||||
* [mailchecker](https://github.com/FGRibreau/mailchecker) - 跨语言临时邮件检测库
|
||||
* [MaltegoVT](https://github.com/michael-yip/MaltegoVT) - 让 Maltego 使用 VirusTotal API,允许搜索域名、IP 地址、文件哈希、报告
|
||||
* [Multi rbl](http://multirbl.valli.org/) - 多个 DNS 黑名单,反向查找超过 300 个 RBL。
|
||||
* [SenderBase](http://www.senderbase.org/) - 搜索 IP、域名或网络的所有者
|
||||
* [SpamCop](https://www.spamcop.net/bl.shtml) - 垃圾邮件 IP 黑名单IP
|
||||
* [SpamHaus](http://www.spamhaus.org/lookup/) - 基于域名和 IP 的黑名单
|
||||
* [Sucuri SiteCheck](https://sitecheck.sucuri.net/) - 免费的网站恶意软件与安全扫描器
|
||||
* [Talos Intelligence](https://talosintelligence.com/) - 搜索 IP、域名或网络的所有者
|
||||
* [TekDefense Automator](http://www.tekdefense.com/automater/) - 收集关于 URL、IP 和哈希值的 OSINT 工具
|
||||
* [URLQuery](http://urlquery.net/) - 免费的 URL 扫描器
|
||||
* [Whois](http://whois.domaintools.com/) - DomainTools 家免费的 whois 搜索
|
||||
* [Zeltser's List](https://zeltser.com/lookup-malicious-websites/) - 由 Lenny Zeltser 整理的免费在线恶意软件工具集
|
||||
* [ZScalar Zulu](http://zulu.zscaler.com/#) - Zulu URL 风险分析
|
||||
* [ZScalar Zulu](https://zulu.zscaler.com/#) - Zulu URL 风险分析
|
||||
|
||||
## 浏览器恶意软件
|
||||
|
||||
*分析恶意 URL,也可以参考 [domain analysis](#domain-analysis) 和 [documents and shellcode](#documents-and-shellcode) 部分*
|
||||
|
||||
* [Firebug](http://getfirebug.com/) - Firefox Web 开发扩展
|
||||
* [Firebug](https://getfirebug.com/) - Firefox Web 开发扩展
|
||||
* [Java Decompiler](http://jd.benow.ca/) - 反编译并检查 Java 的应用
|
||||
* [Java IDX Parser](https://github.com/Rurik/Java_IDX_Parser/) - 解析 Java IDX 缓存文件
|
||||
* [JSDetox](http://www.relentless-coding.com/projects/jsdetox/) - JavaScript 恶意软件分析工具
|
||||
@ -309,9 +305,9 @@
|
||||
* [pestudio](https://winitor.com/) - Windows 可执行程序的静态分析
|
||||
* [plasma](https://github.com/joelpx/plasma) - 面向 x86/ARM/MIPS 的交互式反汇编器
|
||||
* [PPEE (puppy)](https://www.mzrst.com/) - 专业的 PE 文件资源管理器
|
||||
* [Process Explorer ](https://technet.microsoft.com/en-us/sysinternals/processexplorer.aspx) - 高级 Windows 任务管理器
|
||||
* [Process Monitor](https://technet.microsoft.com/en-us/sysinternals/bb896645.aspx) - Windows 下高级程序监控工具
|
||||
* [PSTools](https://technet.microsoft.com/en-us/sysinternals/pstools.aspx) - 可以帮助管理员实时管理系统的 Windows 命令行工具
|
||||
* [Process Explorer](https://technet.microsoft.com/en-us/sysinternals/processexplorer.aspx) - 高级 Windows 任务管理器
|
||||
* [Process Monitor](https://docs.microsoft.com/sysinternals/downloads/procmon) - Windows 下高级程序监控工具
|
||||
* [PSTools](https://docs.microsoft.com/sysinternals/downloads/pstools) - 可以帮助管理员实时管理系统的 Windows 命令行工具
|
||||
* [Pyew](https://github.com/joxeankoret/pyew) - 恶意软件分析的 Python 工具
|
||||
* [Radare2](http://www.radare.org/r/) - 带有调试器支持的逆向工程框架
|
||||
* [RetDec](https://retdec.com/) - 可重定向的机器码反编译器,同时有在线反编译服务和 API
|
||||
|
||||
Loading…
Reference in New Issue
Block a user