multiscanner by mitre

Modular file scanning/analysis framework

created at April 13, 2015, 2:58 p.m.

60 +0

617 +0

125 +0

iocs by mandiant

FireEye Publicly Shared Indicators of Compromise (IOCs)

created at Aug. 29, 2014, 12:47 a.m.

161 +0

463 +1

117 +0

Limon by monnappa22

Limon is a sandbox developed as a research project written in python, which automatically collects, analyzes, and reports on the run time indicators of Linux malware. It allows one to inspect Linux malware before execution, during execution, and after execution (post-mortem analysis) by performing static, dynamic and memory analysis using open source tools

created at Nov. 21, 2015, 8:37 a.m.

38 +0

389 -1

115 +0

chopshop by MITRECND

Protocol Analysis/Decoder Framework

created at Sept. 18, 2012, 5:51 p.m.

71 +0

489 +0

112 +0

hpfeeds by hpfeeds

Honeynet Project generic authenticated datafeed protocol

created at April 4, 2011, 3:19 p.m.

30 +0

211 +0

110 +0

see by WithSecureOpenSource

Sandboxed Execution Environment

created at Oct. 26, 2015, 11:13 a.m.

57 +0

813 +0

104 +0

machinae by HurricaneLabs

Machinae Security Intelligence Collector

created at July 6, 2015, 3:14 p.m.

38 +0

504 +0

101 +0

ngrep by jpr5

ngrep is like GNU grep applied to the network layer. It's a PCAP-based tool that allows you to specify an extended regular or hexadecimal expression to match against data payloads of packets. It understands many kinds of protocols, including IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw, across a wide variety of interface types, and understands BPF filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.

created at Dec. 30, 2009, 8:14 a.m.

23 +0

902 +2

101 +0

malheur by rieck

A Tool for Automatic Analysis of Malware Behavior

created at May 6, 2009, 10:03 a.m.

56 +0

368 +0

101 +0

cuckoo-modified by brad-accuvant

Modified edition of cuckoo

created at July 30, 2014, 6:10 p.m.

57 +0

271 +0

100 +0

scalpel by sleuthkit

Scalpel is an open source data carving tool. It is not being actively maintained.

created at June 27, 2013, 4:59 p.m.

44 +0

627 +0

99 +0

PortEx by katjahahn

Java library to analyse Portable Executable files with a special focus on malware analysis and PE malformation robustness

created at Sept. 27, 2013, 6:34 a.m.

44 +0

496 +0

95 +0

pyew by joxeankoret

Official repository for Pyew.

created at March 12, 2015, 5:05 p.m.

32 +0

383 +0

95 +0

RABCDAsm by CyberShadow

Robust ABC (ActionScript Bytecode) [Dis-]Assembler

created at May 5, 2010, 7:23 a.m.

38 +0

430 +0

92 +0

iocextract by InQuest

Defanged Indicator of Compromise (IOC) Extractor.

created at April 17, 2018, 5:37 p.m.

28 +0

506 +1

91 +0

box-js by CapacitorSet

A tool for studying JavaScript malware.

created at June 17, 2016, 4:38 p.m.

39 +0

617 -1

84 +0

unipacker by unipacker

Automatic and platform-independent unpacker for Windows binaries based on emulation

created at Feb. 7, 2019, 4:39 p.m.

32 +0

654 +1

83 +0

VolUtility by kevthehermit

Web App for Volatility framework

created at March 21, 2016, 3:30 p.m.

40 +0

380 +0

82 +0

Nauz-File-Detector by horsicq

Linker/Compiler/Tool detector for Windows, Linux and MacOS.

created at Nov. 29, 2018, 2:28 p.m.

28 +0

525 +0

80 +0

malsub by diogo-fernan

A Python RESTful API framework for online malware analysis and threat intelligence services.

created at Feb. 27, 2015, 10:43 p.m.

36 +0

368 +0

80 -3