Hale by pjlantz

Botnet command & control monitor

created at June 2, 2010, 11:13 a.m.

17 +0

186 +0

64 +0

malpdfobj by 9b

Builds json representation of PDF malware sample

created at Jan. 1, 2011, 9:23 p.m.

8 +0

52 +0

16 +0

xortool by hellman

A tool to analyze multi-byte xor cipher

created at Jan. 18, 2011, 5:26 p.m.

48 +0

1,398 +3

173 +1

hpfeeds by hpfeeds

Honeynet Project generic authenticated datafeed protocol

created at April 4, 2011, 3:19 p.m.

30 +0

211 +0

110 +0

pdfxray_lite by 9b

Lite version of PDF X-RAY that uses no backend

created at Nov. 11, 2011, 4:49 a.m.

7 +0

35 +0

9 +0

thug by buffer

Python low-interaction honeyclient

created at Feb. 20, 2012, 11:56 a.m.

76 +0

994 +3

204 +2

malwarehouse by sroberts

A warehouse for your malware

created at June 12, 2012, 4:05 a.m.

22 +0

133 +0

43 +0

peda by longld

PEDA - Python Exploit Development Assistance for GDB

created at Aug. 3, 2012, 6:26 a.m.

200 +0

5,900 +8

807 +1

chopshop by MITRECND

Protocol Analysis/Decoder Framework

created at Sept. 18, 2012, 5:51 p.m.

71 +0

489 +0

112 +0

glastopf by mushorg

Web Application Honeypot

created at Nov. 15, 2012, 9:57 p.m.

51 +0

561 +0

168 +0

mnemosyne by johnnykv

Normalizer for honeypot data.

created at Dec. 21, 2012, 11:45 a.m.

8 +0

45 +0

39 +0

IPinfo by hiddenillusion

Searches various online resources to try and get as much info about an IP/domain as possible.

created at Dec. 24, 2012, 5:50 p.m.

19 +0

100 +1

28 +0

AnalyzePE by hiddenillusion

Wraps around various tools and provides some additional checks/information to produce a centralized report of a PE file.

created at Jan. 16, 2013, 2:04 p.m.

19 +0

204 +0

35 +0

NoMoreXOR by hiddenillusion

Tool to help guess a files 256 byte XOR key by using frequency analysis

created at Jan. 22, 2013, 9:09 p.m.

12 +0

85 +0

20 +0

conpot by mushorg

ICS/SCADA honeypot

created at March 20, 2013, 1:04 p.m.

96 +0

1,242 +2

414 +0

Noriben by Rurik

Noriben - Portable, Simple, Malware Analysis Sandbox

created at April 10, 2013, 8:37 p.m.

90 +0

1,120 +3

222 +0

malcom by tomchop

Malcom - Malware Communications Analyzer

created at June 4, 2013, 3:06 p.m.

131 +0

1,155 +1

215 +0

VirtualDeobfuscator by jnraber

Reverse engineering tool for virtualization wrappers

created at June 28, 2013, 6:55 p.m.

7 +0

133 +1

24 +0

ioc_writer by mandiant

None

created at July 24, 2013, 6:33 p.m.

40 +0

200 +0

61 +0

TotalRecall by sketchymoose

Based on the Volatility framework, this script will run various plugins as well as create a timeline, or use YARA/ClamAV/VirusTotal to find badness.

created at Sept. 21, 2013, 12:14 p.m.

14 +0

49 +0

9 +0