malheur by rieck

A Tool for Automatic Analysis of Malware Behavior

created at May 6, 2009, 10:03 a.m.

56 +0

362 +0

100 +0

ngrep by jpr5

ngrep is like GNU grep applied to the network layer. It's a PCAP-based tool that allows you to specify an extended regular or hexadecimal expression to match against data payloads of packets. It understands many kinds of protocols, including IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw, across a wide variety of interface types, and understands BPF filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.

created at Dec. 30, 2009, 8:14 a.m.

22 +0

847 -1

100 +0

RABCDAsm by CyberShadow

Robust ABC (ActionScript Bytecode) [Dis-]Assembler

created at May 5, 2010, 7:23 a.m.

39 +0

419 +0

91 +0

Hale by pjlantz

Botnet command & control monitor

created at June 2, 2010, 11:13 a.m.

17 +0

183 -1

63 +1

malpdfobj by 9b

Builds json representation of PDF malware sample

created at Jan. 1, 2011, 9:23 p.m.

8 +0

51 +0

16 +0

xortool by hellman

A tool to analyze multi-byte xor cipher

created at Jan. 18, 2011, 5:26 p.m.

47 +0

1,333 +2

170 +0

hpfeeds by hpfeeds

Honeynet Project generic authenticated datafeed protocol

created at April 4, 2011, 3:19 p.m.

30 +0

208 +0

110 +0

inVtero.net by ShaneK2

inVtero.net: A high speed (Gbps) Forensics, Memory integrity & assurance. Includes offensive & defensive memory capabilities. Find/Extract processes, hypervisors (including nested) in memory dumps using microarchitechture independent Virtual Machiene Introspection techniques

created at April 29, 2011, 4:37 a.m.

31 +0

276 +0

57 +0

Zeus by Visgean

NOT MY CODE! Zeus trojan horse - leaked in 2011, I am not the author. This repository is for study purposes only, do not message me about your lame hacking attempts.

created at May 13, 2011, 10:18 p.m.

138 +0

1,350 +2

692 +0

Scylla by NtQuery

Imports Reconstructor

created at Sept. 13, 2011, 6:58 p.m.

55 +0

1,014 +5

217 +0

de4dot by de4dot

.NET deobfuscator and unpacker.

created at Sept. 20, 2011, 1:50 a.m.

511 +0

6,718 +9

2,636 +4

pdfxray_lite by 9b

Lite version of PDF X-RAY that uses no backend

created at Nov. 11, 2011, 4:49 a.m.

7 +0

34 +0

9 +0

thug by buffer

Python low-interaction honeyclient

created at Feb. 20, 2012, 11:56 a.m.

75 +0

953 -1

204 +1

udis86 by vmt

Disassembler Library for x86 and x86-64

created at March 6, 2012, 7:36 a.m.

85 +0

983 +1

309 +0

bulk_extractor by simsong

This is the development tree. Production downloads are at:

created at April 3, 2012, 4:36 a.m.

74 +0

998 +2

180 +1

malwarehouse by sroberts

A warehouse for your malware

created at June 12, 2012, 4:05 a.m.

22 +0

131 +0

43 +0

hashdeep by jessek

None

created at June 12, 2012, 11:35 a.m.

61 +0

686 +1

129 +0

pafish by a0rtega

Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do

created at July 1, 2012, 11:06 a.m.

174 +0

3,080 +7

452 +1

arkime by arkime

Arkime is an open source, large scale, full packet capturing, indexing, and database system.

created at July 6, 2012, 4:10 p.m.

349 +0

6,107 +16

1,030 +4

peda by longld

PEDA - Python Exploit Development Assistance for GDB

created at Aug. 3, 2012, 6:26 a.m.

206 +0

5,745 +9

788 +1