machinae by HurricaneLabs

Machinae Security Intelligence Collector

created at July 6, 2015, 3:14 p.m.

38 +0

495 +0

100 +0

chopshop by MITRECND

Protocol Analysis/Decoder Framework

created at Sept. 18, 2012, 5:51 p.m.

71 +0

487 +1

111 +0

iocextract by InQuest

Defanged Indicator of Compromise (IOC) Extractor.

created at April 17, 2018, 5:37 p.m.

28 +0

485 +0

88 +0

Limon by monnappa22

Limon is a sandbox developed as a research project written in python, which automatically collects, analyzes, and reports on the run time indicators of Linux malware. It allows one to inspect Linux malware before execution, during execution, and after execution (post-mortem analysis) by performing static, dynamic and memory analysis using open source tools

created at Nov. 21, 2015, 8:37 a.m.

36 +0

383 -1

121 +0

pyew by joxeankoret

Official repository for Pyew.

created at March 12, 2015, 5:05 p.m.

32 +0

379 +1

101 +0

VolUtility by kevthehermit

Web App for Volatility framework

created at March 21, 2016, 3:30 p.m.

40 +0

373 +0

81 +0

polichombr by ANSSI-FR

Collaborative malware analysis framework

created at May 31, 2016, 6:54 p.m.

38 +0

372 +1

64 +0

malsub by diogo-fernan

A Python RESTful API framework for online malware analysis and threat intelligence services.

created at Feb. 27, 2015, 10:43 p.m.

36 +0

362 +0

83 +1

PcapViz by mateuszk87

Visualize network topologies and collect graph statistics based on pcap files

created at Jan. 21, 2015, 10:57 p.m.

27 +0

324 -2

59 +0

Malcolm by idaholab

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.

created at May 13, 2019, 6:35 p.m.

18 +0

310 +1

49 +1

fsf by EmersonElectricCo

File Scanning Framework

created at Aug. 6, 2015, 1:34 a.m.

35 +0

282 +1

49 +0

ROPMEMU by Cisco-Talos

ROPMEMU is a framework to analyze, dissect and decompile complex code-reuse attacks.

created at May 24, 2016, 5:04 p.m.

31 +0

280 +0

50 +0

DC3-MWCP by Defense-Cyber-Crime-Center

DC3 Malware Configuration Parser (DC3-MWCP) is a framework for parsing configuration information from malware. The information extracted from malware includes items such as addresses, passwords, filenames, and mutex names.

created at May 6, 2015, 3:11 p.m.

43 +0

279 +0

58 +0

cuckoo-modified by brad-accuvant

Modified edition of cuckoo

created at July 30, 2014, 6:10 p.m.

57 +0

267 +0

103 +0

hostintel by keithjjones

A modular Python application to collect intelligence for malicious hosts.

created at Aug. 22, 2016, 8:25 p.m.

30 +0

258 +0

52 +0

DAMM by 504ensicsLabs

Differential Analysis of Malware in Memory

created at Sept. 16, 2014, 5:32 p.m.

31 +0

209 +0

56 +0

hpfeeds by hpfeeds

Honeynet Project generic authenticated datafeed protocol

created at April 4, 2011, 3:19 p.m.

30 +0

208 +0

110 +0

AnalyzePE by hiddenillusion

Wraps around various tools and provides some additional checks/information to produce a centralized report of a PE file.

created at Jan. 16, 2013, 2:04 p.m.

19 +0

201 +0

37 +0

ioc_writer by mandiant

None

created at July 24, 2013, 6:33 p.m.

40 +0

199 +0

60 +0

VolDiff by aim4r

VolDiff: Malware Memory Footprint Analysis based on Volatility

created at April 19, 2015, 12:30 a.m.

28 +0

192 +0

50 +0