hachoir by vstinner

Hachoir is a Python library to view and edit a binary stream field by field

created at Oct. 1, 2016, 3:41 p.m.

22 +0

586 +0

69 +0

ngrep by jpr5

ngrep is like GNU grep applied to the network layer. It's a PCAP-based tool that allows you to specify an extended regular or hexadecimal expression to match against data payloads of packets. It understands many kinds of protocols, including IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw, across a wide variety of interface types, and understands BPF filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.

created at Dec. 30, 2009, 8:14 a.m.

23 +1

851 +3

98 +0

yeti by yeti-platform

Your Everyday Threat Intelligence

created at Dec. 13, 2015, 4:54 p.m.

100 +0

1,635 +1

279 +0

malice by maliceio

VirusTotal Wanna Be - Now with 100% more Hipster

created at Dec. 20, 2015, 11:12 p.m.

96 +0

1,614 +14

262 +1

cowrie by cowrie

Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io

created at May 12, 2015, 2:58 p.m.

123 +0

4,924 +13

850 +1

sflock by hatching

Sample staging & detonation utility to be used in combination with Cuckoo Sandbox.

created at Aug. 1, 2015, 12:56 a.m.

12 +0

81 +0

48 +0

httpreplay by hatching

Replay HTTP and HTTPS requests from a PCAP based on TLS Master Secrets.

created at July 26, 2015, 6 a.m.

13 +0

94 +0

33 -3

CryptoKnight by AbertayMachineLearningGroup

Cryptographic Dataset Generation & Modelling Framework

created at Sept. 2, 2018, 3:15 p.m.

6 +0

38 +0

12 +0

mac-a-mal by phdphuc

The current repository contains all the scripts needed to build kernel-mode mac-a-mal malicious activity hooking on macOS.

created at March 12, 2018, 1:49 p.m.

10 +0

82 +1

24 +0

IDR by crypto2011

Interactive Delphi Reconstructor

created at Feb. 16, 2016, 12:39 p.m.

80 +0

901 +4

214 +0

unipacker by unipacker

Automatic and platform-independent unpacker for Windows binaries based on emulation

created at Feb. 7, 2019, 4:39 p.m.

30 +0

606 +0

73 +0

hpfeeds by hpfeeds

Honeynet Project generic authenticated datafeed protocol

created at April 4, 2011, 3:19 p.m.

30 +0

208 +0

110 +0

ghidra by NationalSecurityAgency

Ghidra is a software reverse engineering (SRE) framework

created at March 1, 2019, 3:27 a.m.

1,023 +2

47,946 +132

5,556 +14

Malcolm by idaholab

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.

created at May 13, 2019, 6:35 p.m.

18 +0

314 +1

50 +0

DECAF by decaf-project

DECAF (short for Dynamic Executable Code Analysis Framework) is a binary analysis platform based on QEMU. This is also the home of the DroidScope dynamic Android malware analysis platform. DroidScope is now an extension to DECAF.

created at Dec. 17, 2014, 1:53 a.m.

60 +0

791 +0

168 +0

BoomBox by nbeede

Automatic deployment of Cuckoo Sandbox malware lab using Packer and Vagrant

created at July 31, 2019, 8:23 p.m.

8 +0

231 +0

39 +0

cuckoo-modified by brad-accuvant

Modified edition of cuckoo

created at July 30, 2014, 6:10 p.m.

57 +0

268 +1

103 +0

mhn by pwnlandia

Modern Honey Network

created at May 28, 2014, 11:35 p.m.

243 +0

2,410 +2

630 +0

quark-engine by quark-engine

Dig Vulnerabilities in the BlackBox

created at Oct. 22, 2019, 1:19 a.m.

41 +0

1,231 +1

163 +0

Nauz-File-Detector by horsicq

Linker/Compiler/Tool detector for Windows, Linux and MacOS.

created at Nov. 29, 2018, 2:28 p.m.

26 +0

486 +0

80 +0