Malcolm by idaholab

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.

created at May 13, 2019, 6:35 p.m.

19 +0

360 +1

59 +0

DC3-MWCP by Defense-Cyber-Crime-Center

DC3 Malware Configuration Parser (DC3-MWCP) is a framework for parsing configuration information from malware. The information extracted from malware includes items such as addresses, passwords, filenames, and mutex names.

created at May 6, 2015, 3:11 p.m.

43 +0

300 +1

59 +0

PcapViz by mateuszk87

Visualize network topologies and collect graph statistics based on pcap files

created at Jan. 21, 2015, 10:57 p.m.

27 +0

342 +1

60 +0

polichombr by ANSSI-FR

Collaborative malware analysis framework

created at May 31, 2016, 6:54 p.m.

38 +0

375 +0

60 +0

massive-octo-spice by csirtgadgets

DEPRECATED - USE v3 (bearded-avenger)

created at Jan. 6, 2014, 1:02 p.m.

55 +0

227 +0

60 +0

ioc_writer by mandiant

None

created at July 24, 2013, 6:33 p.m.

40 +0

200 +0

61 +0

Hale by pjlantz

Botnet command & control monitor

created at June 2, 2010, 11:13 a.m.

17 +0

186 +0

64 +0

jsunpack-n by urule99

Automatically exported from code.google.com/p/jsunpack-n

created at April 1, 2015, 11:51 p.m.

16 +0

162 +1

65 +0

hachoir by vstinner

Hachoir is a Python library to view and edit a binary stream field by field

created at Oct. 1, 2016, 3:41 p.m.

24 +0

615 +0

69 +0

PackerAttacker by BromiumLabs

C++ application that uses memory and code hooks to detect packers

created at April 15, 2015, 11:02 p.m.

30 +0

268 +0

72 +0

Nauz-File-Detector by horsicq

Linker/Compiler/Tool detector for Windows, Linux and MacOS.

created at Nov. 29, 2018, 2:28 p.m.

28 +0

525 +0

80 +0

malsub by diogo-fernan

A Python RESTful API framework for online malware analysis and threat intelligence services.

created at Feb. 27, 2015, 10:43 p.m.

36 +0

368 +0

80 -3

VolUtility by kevthehermit

Web App for Volatility framework

created at March 21, 2016, 3:30 p.m.

40 +0

380 +0

82 +0

unipacker by unipacker

Automatic and platform-independent unpacker for Windows binaries based on emulation

created at Feb. 7, 2019, 4:39 p.m.

32 +0

654 +1

83 +0

box-js by CapacitorSet

A tool for studying JavaScript malware.

created at June 17, 2016, 4:38 p.m.

39 +0

617 -1

84 +0

iocextract by InQuest

Defanged Indicator of Compromise (IOC) Extractor.

created at April 17, 2018, 5:37 p.m.

28 +0

506 +1

91 +0

RABCDAsm by CyberShadow

Robust ABC (ActionScript Bytecode) [Dis-]Assembler

created at May 5, 2010, 7:23 a.m.

38 +0

430 +0

92 +0

PortEx by katjahahn

Java library to analyse Portable Executable files with a special focus on malware analysis and PE malformation robustness

created at Sept. 27, 2013, 6:34 a.m.

44 +0

496 +0

95 +0

pyew by joxeankoret

Official repository for Pyew.

created at March 12, 2015, 5:05 p.m.

32 +0

383 +0

95 +0

scalpel by sleuthkit

Scalpel is an open source data carving tool. It is not being actively maintained.

created at June 27, 2013, 4:59 p.m.

44 +0

627 +0

99 +0