mastiff by KoreLogicSecurity

Malware static analysis framework

updated at May 4, 2024, 9:59 p.m.

18 +0

173 +0

39 +0

PcapViz by mateuszk87

Visualize network topologies and collect graph statistics based on pcap files

updated at May 4, 2024, 5:21 p.m.

27 +0

326 +0

59 +0

iocextract by InQuest

Defanged Indicator of Compromise (IOC) Extractor.

updated at May 4, 2024, 11:14 a.m.

28 +0

487 +0

89 +1

HaboMalHunter by Tencent

HaboMalHunter is a sub-project of Habo Malware Analysis System (https://habo.qq.com), which can be used for automated malware analysis and security assessment on the Linux system.

updated at May 4, 2024, 10:32 a.m.

55 +0

722 +0

220 +0

muninn by ytisf

A short and small memory forensics helper.

updated at May 4, 2024, 12:45 a.m.

11 +0

51 +0

9 +0

DC3-MWCP by Defense-Cyber-Crime-Center

DC3 Malware Configuration Parser (DC3-MWCP) is a framework for parsing configuration information from malware. The information extracted from malware includes items such as addresses, passwords, filenames, and mutex names.

updated at May 2, 2024, 3:15 p.m.

43 +0

280 +0

58 +0

python-dshield by rshipp

Pythonic interface to the Internet Storm Center / DShield API.

updated at April 30, 2024, 8:17 p.m.

4 +0

23 +0

13 +0

VirtualDeobfuscator by jnraber

Reverse engineering tool for virtualization wrappers

updated at April 28, 2024, 11:32 p.m.

7 +0

123 +0

24 +0

hachoir by vstinner

Hachoir is a Python library to view and edit a binary stream field by field

updated at April 27, 2024, 4:06 p.m.

22 +0

586 +0

69 +0

fsf by EmersonElectricCo

File Scanning Framework

updated at April 26, 2024, 10:29 p.m.

35 +0

282 +0

49 +0

unipacker by unipacker

Automatic and platform-independent unpacker for Windows binaries based on emulation

updated at April 26, 2024, 10:23 a.m.

30 +0

606 +0

73 +0

chopshop by MITRECND

Protocol Analysis/Decoder Framework

updated at April 25, 2024, 11:31 a.m.

71 +0

487 +0

111 +0

AnalyzePDF by hiddenillusion

Tool to help analyze PDF files

updated at April 24, 2024, 8:36 p.m.

22 +0

170 +0

40 +0

sandboxapi by InQuest

Minimal, consistent Python API for building integrations with malware sandboxes.

updated at April 24, 2024, 6:58 p.m.

21 +0

131 +0

39 +0

polichombr by ANSSI-FR

Collaborative malware analysis framework

updated at April 24, 2024, 5:45 p.m.

38 +0

372 +0

64 +0

Limon by monnappa22

Limon is a sandbox developed as a research project written in python, which automatically collects, analyzes, and reports on the run time indicators of Linux malware. It allows one to inspect Linux malware before execution, during execution, and after execution (post-mortem analysis) by performing static, dynamic and memory analysis using open source tools

updated at April 24, 2024, 5:25 p.m.

36 +0

383 +0

121 +0

MaltegoVT by michael-yip

A set of Maltego transforms for VirusTotal Public API v2.0. This set has the added functionality of caching queries on a daily basis to speed up resolutions.

updated at April 24, 2024, 5:25 p.m.

8 +0

76 +0

22 +0

pyew by joxeankoret

Official repository for Pyew.

updated at April 24, 2024, 1:04 p.m.

32 +0

379 +0

101 +0

combine by mlsecproject

Tool to gather Threat Intelligence indicators from publicly available sources

updated at April 24, 2024, 11:48 a.m.

90 +0

648 +0

179 +0

malcom by tomchop

Malcom - Malware Communications Analyzer

updated at April 20, 2024, 3:39 p.m.

132 +0

1,138 +0

214 +0