IPinfo by hiddenillusion

Searches various online resources to try and get as much info about an IP/domain as possible.

created at Dec. 24, 2012, 5:50 p.m.

19 +0

100 +1

28 +0

Ragpicker by robbyFux

Ragpicker is a Plugin based malware crawler with pre-analysis and reporting functionalities. Use this tool if you are testing antivirus products, collecting malware for another analyzer/zoo.

created at July 3, 2015, 7:03 a.m.

15 +0

94 +1

25 +0

httpreplay by hatching

Replay HTTP and HTTPS requests from a PCAP based on TLS Master Secrets.

created at July 26, 2015, 6 a.m.

13 +0

94 -1

35 +0

NoMoreXOR by hiddenillusion

Tool to help guess a files 256 byte XOR key by using frequency analysis

created at Jan. 22, 2013, 9:09 p.m.

12 +0

85 +0

20 +0

sflock by hatching

Sample staging & detonation utility to be used in combination with Cuckoo Sandbox.

created at Aug. 1, 2015, 12:56 a.m.

12 +0

83 +0

46 +0

mac-a-mal by phdphuc

The current repository contains all the scripts needed to build kernel-mode mac-a-mal malicious activity hooking on macOS.

created at March 12, 2018, 1:49 p.m.

10 +0

82 +0

24 +0

threataggregator by jpsenior

Aggregates security threats from a number of online sources, and outputs to Syslog CEF, Snort Signatures, Iptables rules, hosts.deny, etc.

created at Feb. 27, 2015, 1:28 a.m.

12 +0

79 +0

27 +0

MaltegoVT by michael-yip

A set of Maltego transforms for VirusTotal Public API v2.0. This set has the added functionality of caching queries on a daily basis to speed up resolutions.

created at March 9, 2015, 6:52 a.m.

8 +0

79 +0

22 +0

squidmagic by ch3k1

analyze a web-based network traffic 🕶 to detect central command and control servers

created at Aug. 23, 2016, 9:45 a.m.

8 +0

78 +0

27 +0

ThreatTracker by michael-yip

ThreatTracker is a Python script designed to monitor and generate alerts on given sets of indicators of compromise (IOCs) indexed by a set of Google Custom Search Engines.

created at March 9, 2015, 7:19 a.m.

7 +0

66 +0

13 +0

SMRT by pidydx

Sublime Malware Research Tool

created at April 30, 2015, 4:22 p.m.

8 +0

64 +0

15 +0

DemonHunter by RevengeComing

Distributed Honeypot

created at Oct. 25, 2016, 5:43 a.m.

9 +0

60 +0

12 +0

python-icap-yara by RamadhanAmizudin

An ICAP Server with yara scanner for URL and content.

created at Feb. 6, 2017, 4:17 p.m.

6 +0

57 +0

13 +0

malpdfobj by 9b

Builds json representation of PDF malware sample

created at Jan. 1, 2011, 9:23 p.m.

8 +0

52 +0

16 +0

muninn by ytisf

A short and small memory forensics helper.

created at July 26, 2014, 9:14 a.m.

11 +0

52 +0

9 +0

TotalRecall by sketchymoose

Based on the Volatility framework, this script will run various plugins as well as create a timeline, or use YARA/ClamAV/VirusTotal to find badness.

created at Sept. 21, 2013, 12:14 p.m.

14 +0

49 +0

9 +0

python-evt by williballenthin

Pure Python parser for classic Windows Event Log files (.evt)

created at Jan. 24, 2015, 4:07 p.m.

6 +0

48 +0

11 +0

mnemosyne by johnnykv

Normalizer for honeypot data.

created at Dec. 21, 2012, 11:45 a.m.

8 +0

45 +0

39 +0

codebro by hugsy

Web based code browser using clang to provide basic code analysis.

created at Oct. 29, 2012, 8:31 a.m.

6 +0

44 +0

6 +0

packerid by sooshie

None

created at Dec. 3, 2014, 9:31 p.m.

5 +0

42 +0

9 +0