Defund the Police.
Go to file
2015-05-09 10:06:09 -06:00
LICENSE Add CC-BY-4.0 license 2015-05-08 18:16:07 -06:00
README.md Add @buffer Thug honeyclient 2015-05-09 10:06:09 -06:00

Awesome Malware Analysis

A curated list of awesome malware analysis tools and resources. Inspired by awesome-python and awesome-php.


Malware Collection

Anonymizers

Web traffic anonymizers for analysts.

  • Anonymouse.org - A free, web based anonymizer.
  • OpenVPN - VPN software and hosting solutions.
  • Privoxy - An open source proxy server with some privacy features.
  • Tor - The Onion Router, for browsing the web without leaving traces of the client IP.

Honeypots

Trap and collect your own samples.

  • Thug - Low interaction honeyclient, for investigating malicious websites.

Malware Corpora

Malware samples collected for analysis.

  • Clean MX - Realtime database of malware and malicious domains.
  • Contagio - A collection of recent malware samples and analyses.
  • Exploit Database - Exploit and shellcode samples.
  • Zeltser's Sources - A list of malware sample sources put together by Lenny Zeltser.

Detection and Classification

Antivirus and other malware identification tools

  • AnalyzePE - Wrapper for a variety of tools for reporting on Windows PE files.
  • ClamAV - Open source antivirus engine.
  • YARA - Pattern matching tool for analysts.

Online Scanners and Sandboxes

  • Cuckoo Sandbox - Open source, self hosted sandbox and automated analysis system.
  • Jotti - Free online multi-AV scanner.
  • Malwr - Free analysis with an online Cuckoo Sandbox instance.
  • VirusTotal - Free online analysis of malware samples and URLs
  • Zeltser's List - Free automated sandboxes and services, compiled by Lenny Zeltser.

Domain Analysis

Inspect domains and IP addresses.

  • Dig - Free online dig and other network tools.
  • IPinfo - Gather information about an IP or domain by searching online resources.
  • Whois - DomainTools free online whois search.
  • Zeltser's List - Free online tools for researching malicious websites, compiled by Lenny Zeltser.

Documents and Shellcode

  • AnalyzePDF - A tool for analyzing PDFs and attempting to determine whether they are malicious.
  • diStorm - Disassembler for analyzing malicious shellcode.
  • JSDetox - JavaScript malware analysis tool.
  • jsunpack-n - A javascript unpacker that emulates browser functionality.
  • libemu - Library and tools for x86 shellcode emulation.
  • malpdfobj - Deconstruct malicious PDFs into a JSON representation.
  • OfficeMalScanner - Scan for malicious traces in MS Office documents.
  • officeparser - A Python script for parsing the MS Office OLE document format.
  • Origami PDF - A tool for analyzing malicious PDFs, and more.
  • PDF Tools - pdfid, pdf-parser, and more from Didier Stevens.
  • PDF X-Ray Lite - A PDF analysis tool, the backend-free version of PDF X-RAY.
  • peepdf - Python tool for exploring possibly malicious PDFs.
  • Spidermonkey - Mozilla's JavaScript engine, for debugging malicious JS.

Memory Forensics

Tools for dissecting malware in memory images or running systems.

  • FindAES - Find AES encryption keys in memory.
  • Rekall - Memory analysis framework, forked from Volatility in 2013.
  • TotalRecall - Script based on Volatility for automating various malware analysis tasks.
  • Volatility - Advanced memory forensics framework.
  • WinDbg - Live memory inspection and kernel debugging for Windows systems.

Miscellaneous

  • REMnux - Linux distribution and docker images for malware reverse engineering and analysis.

Resources

Books

Twitter

Other

Related Awesome Lists

Contributing

Pull requests and issues with suggestions are welcome!