drakvuf by tklengyel

DRAKVUF Black-box Binary Analysis

created at Aug. 23, 2014, 10 a.m.

62 +1

1,062 +2

255 +1

udis86 by vmt

Disassembler Library for x86 and x86-64

created at March 6, 2012, 7:36 a.m.

84 +0

1,019 +0

298 +0

Manalyze by JusticeRage

A static analyzer for PE executables.

created at Aug. 16, 2015, 12:19 p.m.

64 +0

1,018 +2

161 +1

thug by buffer

Python low-interaction honeyclient

created at Feb. 20, 2012, 11:56 a.m.

76 +0

994 +3

204 +2

IDR by crypto2011

Interactive Delphi Reconstructor

created at Feb. 16, 2016, 12:39 p.m.

83 +0

968 +4

224 -1

ember by elastic

Elastic Malware Benchmark for Empowering Researchers

created at April 11, 2018, 5:48 p.m.

52 +0

946 +1

277 +0

vivisect by vivisect

None

created at Nov. 14, 2014, 6:28 p.m.

70 +0

939 +1

187 +0

ngrep by jpr5

ngrep is like GNU grep applied to the network layer. It's a PCAP-based tool that allows you to specify an extended regular or hexadecimal expression to match against data payloads of packets. It understands many kinds of protocols, including IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw, across a wide variety of interface types, and understands BPF filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.

created at Dec. 30, 2009, 8:14 a.m.

23 +0

902 +2

101 +0

see by WithSecureOpenSource

Sandboxed Execution Environment

created at Oct. 26, 2015, 11:13 a.m.

57 +0

813 +0

104 +0

DECAF by decaf-project

DECAF (short for Dynamic Executable Code Analysis Framework) is a binary analysis platform based on QEMU. This is also the home of the DroidScope dynamic Android malware analysis platform. DroidScope is now an extension to DECAF.

created at Dec. 17, 2014, 1:53 a.m.

61 +0

805 +2

168 +0

laikaboss by lmco

Laika BOSS: Object Scanning System

created at June 12, 2015, 2:49 p.m.

132 +0

740 +1

156 +0

HaboMalHunter by Tencent

HaboMalHunter is a sub-project of Habo Malware Analysis System (https://habo.qq.com), which can be used for automated malware analysis and security assessment on the Linux system.

created at Jan. 12, 2017, 6:17 a.m.

55 +0

732 +0

220 +0

dionaea by DinoTools

Home of the dionaea honeypot

created at Dec. 21, 2015, 8:13 p.m.

45 +0

713 +1

182 +0

CapTipper by omriher

Malicious HTTP traffic explorer

created at Jan. 13, 2015, 9:05 a.m.

63 +0

711 +1

159 +0

hashdeep by jessek

None

created at June 12, 2012, 11:35 a.m.

60 +0

709 +3

132 +0

javascript-malware-collection by HynekPetrak

Collection of almost 40.000 javascript malware samples

created at May 7, 2017, 7:17 p.m.

37 +0

682 +5

237 +0

stringsifter by mandiant

A machine learning tool that ranks strings based on their relevance for malware analysis.

created at Sept. 5, 2019, 1:02 p.m.

29 +0

681 +2

125 +0

combine by mlsecproject

Tool to gather Threat Intelligence indicators from publicly available sources

created at Feb. 21, 2014, 5:33 p.m.

89 +0

655 +0

171 +0

unipacker by unipacker

Automatic and platform-independent unpacker for Windows binaries based on emulation

created at Feb. 7, 2019, 4:39 p.m.

32 +0

654 +1

83 +0

scalpel by sleuthkit

Scalpel is an open source data carving tool. It is not being actively maintained.

created at June 27, 2013, 4:59 p.m.

44 +0

627 +0

99 +0