massive-octo-spice by csirtgadgets

DEPRECATED - USE v3 (bearded-avenger)

created at Jan. 6, 2014, 1:02 p.m.

56 +0

227 +0

62 +0

yarGen by Neo23x0

yarGen is a generator for YARA rules

created at Dec. 28, 2013, 3:10 p.m.

92 +0

1,464 +4

273 +0

AnalyzePDF by hiddenillusion

Tool to help analyze PDF files

created at Dec. 2, 2013, 11:07 p.m.

22 +0

170 +0

40 +0

capstone by capstone-engine

Capstone disassembly/disassembler framework for ARM, ARM64 (ARMv8), Alpha, BPF, Ethereum VM, HPPA, M68K, M680X, Mips, MOS65XX, PPC, RISC-V(rv32G/rv64G), SH, Sparc, SystemZ, TMS320C64X, TriCore, Webassembly, XCore and X86.

created at Nov. 27, 2013, 2:32 a.m.

303 +0

7,075 +12

1,508 +3

binwalk by ReFirmLabs

Firmware Analysis Tool

created at Nov. 15, 2013, 8:45 p.m.

368 -1

10,215 +21

1,475 +2

recomposer by secretsquirrel

Randomly changes Win32/64 PE Files for 'safer' uploading to malware and sandbox sites.

created at Oct. 10, 2013, 1:42 p.m.

18 +0

130 +0

42 +0

EVTXtract by williballenthin

EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.

created at Oct. 5, 2013, 8:59 p.m.

18 +0

173 +0

24 +0

PortEx by katjahahn

Java library to analyse Portable Executable files with a special focus on malware analysis and PE malformation robustness

created at Sept. 27, 2013, 6:34 a.m.

43 +0

487 +0

95 +0

TotalRecall by sketchymoose

Based on the Volatility framework, this script will run various plugins as well as create a timeline, or use YARA/ClamAV/VirusTotal to find badness.

created at Sept. 21, 2013, 12:14 p.m.

14 +0

49 +0

9 +0

aleph by merces

An Open Source Malware Analysis Pipeline System

created at July 29, 2013, 5:32 a.m.

35 +0

153 +0

53 +0

ioc_writer by mandiant

None

created at July 24, 2013, 6:33 p.m.

40 +0

199 +0

60 +0

VirtualDeobfuscator by jnraber

Reverse engineering tool for virtualization wrappers

created at June 28, 2013, 6:55 p.m.

7 +0

123 +0

24 +0

scalpel by sleuthkit

Scalpel is an open source data carving tool. It is not being actively maintained.

created at June 27, 2013, 4:59 p.m.

43 +0

603 +0

100 +0

malcom by tomchop

Malcom - Malware Communications Analyzer

created at June 4, 2013, 3:06 p.m.

132 +0

1,140 +2

214 +0

Noriben by Rurik

Noriben - Portable, Simple, Malware Analysis Sandbox

created at April 10, 2013, 8:37 p.m.

90 +0

1,074 +1

221 +0

conpot by mushorg

ICS/SCADA honeypot

created at March 20, 2013, 1:04 p.m.

95 +0

1,193 +3

406 +0

mailchecker by FGRibreau

Cross-language temporary (disposable/throwaway) email detection library. Covers 55 734+ fake email providers.

created at March 4, 2013, 3 p.m.

37 +0

1,573 +5

240 +0

nsrllookup by rjhansen

Checks with NSRL RDS servers looking for for hash matches

created at March 2, 2013, 4:35 p.m.

13 +0

107 +0

10 +0

MISP by MISP

MISP (core software) - Open Source Threat Intelligence and Sharing Platform

created at Feb. 7, 2013, 5:10 p.m.

275 +0

5,025 +13

1,345 +1

NoMoreXOR by hiddenillusion

Tool to help guess a files 256 byte XOR key by using frequency analysis

created at Jan. 22, 2013, 9:09 p.m.

12 +0

82 +1

20 +0