massive-octo-spice by csirtgadgets

DEPRECATED - USE v3 (bearded-avenger)

created at Jan. 6, 2014, 1:02 p.m.

55 +0

228 +1

62 +0

yarGen by Neo23x0

yarGen is a generator for YARA rules

created at Dec. 28, 2013, 3:10 p.m.

91 +0

1,479 +4

278 +3

AnalyzePDF by hiddenillusion

Tool to help analyze PDF files

created at Dec. 2, 2013, 11:07 p.m.

22 +0

171 +0

41 +1

capstone by capstone-engine

Capstone disassembly/disassembler framework for ARM, ARM64 (ARMv8), Alpha, BPF, Ethereum VM, HPPA, M68K, M680X, Mips, MOS65XX, PPC, RISC-V(rv32G/rv64G), SH, Sparc, SystemZ, TMS320C64X, TriCore, Webassembly, XCore and X86.

created at Nov. 27, 2013, 2:32 a.m.

299 -1

7,134 +15

1,518 +0

binwalk by ReFirmLabs

Firmware Analysis Tool

created at Nov. 15, 2013, 8:45 p.m.

368 -1

10,295 +16

1,482 +2

recomposer by secretsquirrel

Randomly changes Win32/64 PE Files for 'safer' uploading to malware and sandbox sites.

created at Oct. 10, 2013, 1:42 p.m.

18 +0

130 +0

42 +0

EVTXtract by williballenthin

EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.

created at Oct. 5, 2013, 8:59 p.m.

18 +0

175 +0

24 +0

PortEx by katjahahn

Java library to analyse Portable Executable files with a special focus on malware analysis and PE malformation robustness

created at Sept. 27, 2013, 6:34 a.m.

43 +0

493 +0

95 +0

TotalRecall by sketchymoose

Based on the Volatility framework, this script will run various plugins as well as create a timeline, or use YARA/ClamAV/VirusTotal to find badness.

created at Sept. 21, 2013, 12:14 p.m.

14 +0

49 +0

9 +0

aleph by merces

An Open Source Malware Analysis Pipeline System

created at July 29, 2013, 5:32 a.m.

35 +0

154 +1

53 +0

ioc_writer by mandiant

None

created at July 24, 2013, 6:33 p.m.

40 +0

199 +0

60 +0

VirtualDeobfuscator by jnraber

Reverse engineering tool for virtualization wrappers

created at June 28, 2013, 6:55 p.m.

7 +0

124 +0

24 +0

scalpel by sleuthkit

Scalpel is an open source data carving tool. It is not being actively maintained.

created at June 27, 2013, 4:59 p.m.

43 +0

610 +0

100 +0

malcom by tomchop

Malcom - Malware Communications Analyzer

created at June 4, 2013, 3:06 p.m.

132 +0

1,143 +0

214 +0

Noriben by Rurik

Noriben - Portable, Simple, Malware Analysis Sandbox

created at April 10, 2013, 8:37 p.m.

90 +0

1,086 +1

223 +0

conpot by mushorg

ICS/SCADA honeypot

created at March 20, 2013, 1:04 p.m.

96 +0

1,198 +0

409 +1

mailchecker by FGRibreau

Cross-language temporary (disposable/throwaway) email detection library. Covers 55 734+ fake email providers.

created at March 4, 2013, 3 p.m.

37 +0

1,584 +1

239 -1

nsrllookup by rjhansen

Checks with NSRL RDS servers looking for for hash matches

created at March 2, 2013, 4:35 p.m.

13 +0

108 +0

10 +0

MISP by MISP

MISP (core software) - Open Source Threat Intelligence and Sharing Platform

created at Feb. 7, 2013, 5:10 p.m.

272 -2

5,063 +10

1,355 +4

NoMoreXOR by hiddenillusion

Tool to help guess a files 256 byte XOR key by using frequency analysis

created at Jan. 22, 2013, 9:09 p.m.

12 +0

84 +0

20 +0