drakvuf by tklengyel

DRAKVUF Black-box Binary Analysis

created at Aug. 23, 2014, 10 a.m.

C++

62 +0

1,067 +1

255 +0

GitHub
udis86 by vmt

Disassembler Library for x86 and x86-64

created at March 6, 2012, 7:36 a.m.

C

84 +0

1,022 +2

298 -1

GitHub
Manalyze by JusticeRage

A static analyzer for PE executables.

created at Aug. 16, 2015, 12:19 p.m.

YARA

64 +0

1,022 +4

161 +0

GitHub
thug by buffer

Python low-interaction honeyclient

created at Feb. 20, 2012, 11:56 a.m.

Python

76 +0

994 +0

204 +0

GitHub
IDR by crypto2011

Interactive Delphi Reconstructor

created at Feb. 16, 2016, 12:39 p.m.

C++

83 +0

968 +0

225 +1

GitHub
ember by elastic

Elastic Malware Benchmark for Empowering Researchers

created at April 11, 2018, 5:48 p.m.

Jupyter Notebook

52 +0

957 +8

279 +2

GitHub
vivisect by vivisect

None

created at Nov. 14, 2014, 6:28 p.m.

Python

70 +0

941 +1

187 +0

GitHub
ngrep by jpr5

ngrep is like GNU grep applied to the network layer. It's a PCAP-based tool that allows you to specify an extended regular or hexadecimal expression to match against data payloads of packets. It understands many kinds of protocols, including IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw, across a wide variety of interface types, and understands BPF filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.

created at Dec. 30, 2009, 8:14 a.m.

C

23 +0

904 +4

101 +0

GitHub
see by WithSecureOpenSource

Sandboxed Execution Environment

created at Oct. 26, 2015, 11:13 a.m.

Python

57 +0

815 +0

104 +0

GitHub
DECAF by decaf-project

DECAF (short for Dynamic Executable Code Analysis Framework) is a binary analysis platform based on QEMU. This is also the home of the DroidScope dynamic Android malware analysis platform. DroidScope is now an extension to DECAF.

created at Dec. 17, 2014, 1:53 a.m.

C

61 +0

807 +1

168 +0

GitHub
laikaboss by lmco

Laika BOSS: Object Scanning System

created at June 12, 2015, 2:49 p.m.

Python

132 +0

741 +0

156 +0

GitHub
HaboMalHunter by Tencent

HaboMalHunter is a sub-project of Habo Malware Analysis System (https://habo.qq.com), which can be used for automated malware analysis and security assessment on the Linux system.

created at Jan. 12, 2017, 6:17 a.m.

Python

55 +0

732 +0

220 +0

GitHub
dionaea by DinoTools

Home of the dionaea honeypot

created at Dec. 21, 2015, 8:13 p.m.

Python

45 +0

718 +1

183 +1

GitHub
CapTipper by omriher

Malicious HTTP traffic explorer

created at Jan. 13, 2015, 9:05 a.m.

Python

63 +0

712 +1

159 +0

GitHub
hashdeep by jessek

None

created at June 12, 2012, 11:35 a.m.

C++

60 +0

710 +1

132 +0

GitHub
stringsifter by mandiant

A machine learning tool that ranks strings based on their relevance for malware analysis.

created at Sept. 5, 2019, 1:02 p.m.

Python

29 +0

684 +1

125 +0

GitHub
javascript-malware-collection by HynekPetrak

Collection of almost 40.000 javascript malware samples

created at May 7, 2017, 7:17 p.m.

JavaScript

37 +0

683 +2

237 +0

GitHub
unipacker by unipacker

Automatic and platform-independent unpacker for Windows binaries based on emulation

created at Feb. 7, 2019, 4:39 p.m.

Python

32 +0

663 +4

83 +0

GitHub
combine by mlsecproject

Tool to gather Threat Intelligence indicators from publicly available sources

created at Feb. 21, 2014, 5:33 p.m.

Python

89 +0

655 +0

171 +0

GitHub
scalpel by sleuthkit

Scalpel is an open source data carving tool. It is not being actively maintained.

created at June 27, 2013, 4:59 p.m.

Shell

44 +0

627 +0

99 +0

GitHub