capstone by capstone-engine

Capstone disassembly/disassembler framework for ARM, ARM64 (ARMv8), BPF, Ethereum VM, M68K, M680X, Mips, MOS65XX, PPC, RISC-V(rv32G/rv64G), SH, Sparc, SystemZ, TMS320C64X, TriCore, Webassembly, XCore and X86.

created at Nov. 27, 2013, 2:32 a.m.

307 +0

7,023 +21

1,497 +3

pafish by a0rtega

Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do

created at July 1, 2012, 11:06 a.m.

174 +0

3,080 +7

452 +1

HashCheck by gurnec

HashCheck Shell Extension for Windows with added SHA2, SHA3, and multithreading; originally from code.kliu.org

created at Dec. 5, 2014, 2:58 a.m.

72 +1

1,675 +3

193 +1

pyrebox by Cisco-Talos

Python scriptable Reverse Engineering Sandbox, a Virtual Machine instrumentation and inspection framework based on QEMU

created at July 7, 2017, 3:41 p.m.

95 +0

1,636 +0

249 +0

Zeus by Visgean

NOT MY CODE! Zeus trojan horse - leaked in 2011, I am not the author. This repository is for study purposes only, do not message me about your lame hacking attempts.

created at May 13, 2011, 10:18 p.m.

138 +0

1,350 +2

692 +0

udis86 by vmt

Disassembler Library for x86 and x86-64

created at March 6, 2012, 7:36 a.m.

85 +0

983 +1

309 +0

ngrep by jpr5

ngrep is like GNU grep applied to the network layer. It's a PCAP-based tool that allows you to specify an extended regular or hexadecimal expression to match against data payloads of packets. It understands many kinds of protocols, including IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw, across a wide variety of interface types, and understands BPF filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.

created at Dec. 30, 2009, 8:14 a.m.

22 +0

847 -1

100 +0

DECAF by decaf-project

DECAF (short for Dynamic Executable Code Analysis Framework) is a binary analysis platform based on QEMU. This is also the home of the DroidScope dynamic Android malware analysis platform. DroidScope is now an extension to DECAF.

created at Dec. 17, 2014, 1:53 a.m.

60 +0

787 +0

168 +0

malheur by rieck

A Tool for Automatic Analysis of Malware Behavior

created at May 6, 2009, 10:03 a.m.

56 +0

362 +0

100 +0

panda by moyix

Deprecated repo for PANDA 1.0 – see PANDA 2.0 repository

created at Nov. 22, 2016, 5:12 p.m.

10 +0

102 +0

42 +0

mac-a-mal by phdphuc

The current repository contains all the scripts needed to build kernel-mode mac-a-mal malicious activity hooking on macOS.

created at March 12, 2018, 1:49 p.m.

10 +0

81 +0

24 +0