recomposer by secretsquirrel

Randomly changes Win32/64 PE Files for 'safer' uploading to malware and sandbox sites.

created at Oct. 10, 2013, 1:42 p.m.

18 +0

130 +0

42 +0

panda by moyix

Deprecated repo for PANDA 1.0 – see PANDA 2.0 repository

created at Nov. 22, 2016, 5:12 p.m.

10 +0

102 +0

42 +0

evolve by JamesHabben

Web interface for the Volatility Memory Forensics Framework

created at April 14, 2015, 1:26 a.m.

38 +0

259 +0

42 +0

mnemosyne by johnnykv

Normalizer for honeypot data.

created at Dec. 21, 2012, 11:45 a.m.

8 +0

44 +0

41 -1

AnalyzePDF by hiddenillusion

Tool to help analyze PDF files

created at Dec. 2, 2013, 11:07 p.m.

22 +0

170 +0

40 +0

BoomBox by nbeede

Automatic deployment of Cuckoo Sandbox malware lab using Packer and Vagrant

created at July 31, 2019, 8:23 p.m.

8 +0

231 +0

39 +0

sandboxapi by InQuest

Minimal, consistent Python API for building integrations with malware sandboxes.

created at Jan. 16, 2018, 7:54 p.m.

21 +0

131 +0

39 +0

mastiff by KoreLogicSecurity

Malware static analysis framework

created at July 15, 2014, 8:23 p.m.

18 +0

173 +0

39 +0

AnalyzePE by hiddenillusion

Wraps around various tools and provides some additional checks/information to produce a centralized report of a PE file.

created at Jan. 16, 2013, 2:04 p.m.

19 +0

201 +0

37 +0

visualize_logs by keithjjones

A Python library and command line tools to provide interactive log visualization.

created at Oct. 11, 2016, 3:33 p.m.

15 +0

134 +0

36 +0

Malfunction by Dynetics

Malware Analysis Tool using Function Level Fuzzy Hashing

created at Sept. 18, 2015, 5:55 p.m.

26 +0

190 +0

35 +0

httpreplay by hatching

Replay HTTP and HTTPS requests from a PCAP based on TLS Master Secrets.

created at July 26, 2015, 6 a.m.

13 +0

94 +0

33 -3

AChoir by OMENScan

Windows Live Artifacts Acquisition Script

created at May 25, 2015, 7:48 p.m.

14 +0

176 +1

31 +0

IPinfo by hiddenillusion

Searches various online resources to try and get as much info about an IP/domain as possible.

created at Dec. 24, 2012, 5:50 p.m.

19 +0

95 +0

28 +0

threataggregator by jpsenior

Aggregates security threats from a number of online sources, and outputs to Syslog CEF, Snort Signatures, Iptables rules, hosts.deny, etc.

created at Feb. 27, 2015, 1:28 a.m.

12 +0

78 +0

27 +0

squidmagic by ch3k1

analyze a web-based network traffic 🕶 to detect central command and control servers

created at Aug. 23, 2016, 9:45 a.m.

8 +0

75 +0

27 +0

Ragpicker by robbyFux

Ragpicker is a Plugin based malware crawler with pre-analysis and reporting functionalities. Use this tool if you are testing antivirus products, collecting malware for another analyzer/zoo.

created at July 3, 2015, 7:03 a.m.

15 +0

90 +0

25 +0

bluepill by season-lab

BluePill: Neutralizing Anti-Analysis Behavior in Malware Dissection (Black Hat Europe 2019, IEEE TIFS 2020)

created at Nov. 24, 2019, 9:35 p.m.

9 +0

115 +2

25 +0

fileintel by keithjjones

A modular Python application to pull intelligence about malicious files

created at Aug. 30, 2016, 5:35 p.m.

17 +0

113 +0

25 +0

mac-a-mal by phdphuc

The current repository contains all the scripts needed to build kernel-mode mac-a-mal malicious activity hooking on macOS.

created at March 12, 2018, 1:49 p.m.

10 +0

82 +1

24 +0