PackerAttacker by BromiumLabs

C++ application that uses memory and code hooks to detect packers

created at April 15, 2015, 11:02 p.m.

30 +0

261 +0

72 +0

hachoir by vstinner

Hachoir is a Python library to view and edit a binary stream field by field

created at Oct. 1, 2016, 3:41 p.m.

22 +0

586 +0

69 +0

jsunpack-n by urule99

Automatically exported from code.google.com/p/jsunpack-n

created at April 1, 2015, 11:51 p.m.

16 +0

157 +0

65 +0

polichombr by ANSSI-FR

Collaborative malware analysis framework

created at May 31, 2016, 6:54 p.m.

38 +0

372 +0

64 +0

Hale by pjlantz

Botnet command & control monitor

created at June 2, 2010, 11:13 a.m.

17 +0

183 +0

63 +0

massive-octo-spice by csirtgadgets

DEPRECATED - USE v3 (bearded-avenger)

created at Jan. 6, 2014, 1:02 p.m.

56 +0

227 +0

62 +0

ioc_writer by mandiant

None

created at July 24, 2013, 6:33 p.m.

40 +0

199 +0

60 +0

PcapViz by mateuszk87

Visualize network topologies and collect graph statistics based on pcap files

created at Jan. 21, 2015, 10:57 p.m.

27 +0

326 +0

59 +0

DC3-MWCP by Defense-Cyber-Crime-Center

DC3 Malware Configuration Parser (DC3-MWCP) is a framework for parsing configuration information from malware. The information extracted from malware includes items such as addresses, passwords, filenames, and mutex names.

created at May 6, 2015, 3:11 p.m.

43 +0

280 +0

58 +0

inVtero.net by ShaneK2

inVtero.net: A high speed (Gbps) Forensics, Memory integrity & assurance. Includes offensive & defensive memory capabilities. Find/Extract processes, hypervisors (including nested) in memory dumps using microarchitechture independent Virtual Machiene Introspection techniques

created at April 29, 2011, 4:37 a.m.

31 +0

276 +0

57 +0

DAMM by 504ensicsLabs

Differential Analysis of Malware in Memory

created at Sept. 16, 2014, 5:32 p.m.

31 +0

209 +0

56 +0

aleph by merces

An Open Source Malware Analysis Pipeline System

created at July 29, 2013, 5:32 a.m.

35 +0

153 +0

53 +0

hostintel by keithjjones

A modular Python application to collect intelligence for malicious hosts.

created at Aug. 22, 2016, 8:25 p.m.

30 +0

258 +0

52 +0

Malcolm by idaholab

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.

created at May 13, 2019, 6:35 p.m.

18 +0

314 +1

50 +0

VolDiff by aim4r

VolDiff: Malware Memory Footprint Analysis based on Volatility

created at April 19, 2015, 12:30 a.m.

28 +0

192 +0

50 +0

ROPMEMU by Cisco-Talos

ROPMEMU is a framework to analyze, dissect and decompile complex code-reuse attacks.

created at May 24, 2016, 5:04 p.m.

31 +0

280 +0

50 +0

fsf by EmersonElectricCo

File Scanning Framework

created at Aug. 6, 2015, 1:34 a.m.

35 +0

282 +0

49 +0

sflock by hatching

Sample staging & detonation utility to be used in combination with Cuckoo Sandbox.

created at Aug. 1, 2015, 12:56 a.m.

12 +0

81 +0

48 +0

tiq-test by mlsecproject

Threat Intelligence Quotient Test - Dataviz and Statistical Analysis of TI feeds

created at March 30, 2014, 6:52 p.m.

24 +0

165 +0

43 +0

malwarehouse by sroberts

A warehouse for your malware

created at June 12, 2012, 4:05 a.m.

22 +0

131 +0

43 +0