angr by angr

A powerful and user-friendly binary analysis platform!

updated at April 27, 2024, 7:42 p.m.

185 +0

7,214 +12

1,036 +4

pafish by a0rtega

Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do

updated at April 27, 2024, 4:15 p.m.

174 +0

3,084 +4

454 +2

mhn by pwnlandia

Modern Honey Network

updated at April 27, 2024, 4:12 p.m.

243 +0

2,408 +1

629 +1

hachoir by vstinner

Hachoir is a Python library to view and edit a binary stream field by field

updated at April 27, 2024, 4:06 p.m.

22 +0

586 -1

69 -7

yarGen by Neo23x0

yarGen is a generator for YARA rules

updated at April 27, 2024, 2:11 p.m.

92 +0

1,451 +4

272 +0

Scylla by NtQuery

Imports Reconstructor

updated at April 27, 2024, 2:10 p.m.

55 +0

1,018 +4

217 +0

flare-floss by mandiant

FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.

updated at April 27, 2024, 11:57 a.m.

131 +0

3,017 +6

442 +1

pharos by cmu-sei

Automated static analysis tools for binary programs

updated at April 27, 2024, 11:21 a.m.

77 +0

1,483 +2

183 +0

DC3-MWCP by Defense-Cyber-Crime-Center

DC3 Malware Configuration Parser (DC3-MWCP) is a framework for parsing configuration information from malware. The information extracted from malware includes items such as addresses, passwords, filenames, and mutex names.

updated at April 27, 2024, 8:49 a.m.

43 +0

279 +0

58 +0

Loki by Neo23x0

Loki - Simple IOC and YARA Scanner

updated at April 27, 2024, 8:49 a.m.

187 +0

3,226 +7

572 +0

PcapViz by mateuszk87

Visualize network topologies and collect graph statistics based on pcap files

updated at April 27, 2024, 8:49 a.m.

27 +0

324 -2

59 +0

arkime by arkime

Arkime is an open source, large scale, full packet capturing, indexing, and database system.

updated at April 27, 2024, 8:49 a.m.

349 +0

6,118 +11

1,029 -1

Krakatau by Storyyeller

Java decompiler, assembler, and disassembler

updated at April 27, 2024, 8:27 a.m.

95 +0

1,931 +4

266 +0

drakvuf by tklengyel

DRAKVUF Black-box Binary Analysis

updated at April 27, 2024, 3:47 a.m.

61 +0

1,005 +2

244 +0

thug by buffer

Python low-interaction honeyclient

updated at April 26, 2024, 11:46 p.m.

75 +0

955 +2

204 +0

orochi by LDO-CERT

The Volatility Collaborative GUI

updated at April 26, 2024, 10:36 p.m.

12 +0

190 +1

17 +0

fsf by EmersonElectricCo

File Scanning Framework

updated at April 26, 2024, 10:29 p.m.

35 +0

282 +1

49 +0

capstone by capstone-engine

Capstone disassembly/disassembler framework for ARM, ARM64 (ARMv8), BPF, Ethereum VM, M68K, M680X, Mips, MOS65XX, PPC, RISC-V(rv32G/rv64G), SH, Sparc, SystemZ, TMS320C64X, TriCore, Webassembly, XCore and X86.

updated at April 26, 2024, 10:15 p.m.

304 -3

7,036 +13

1,501 +4

peframe by guelfoweb

PEframe is a open source tool to perform static analysis on Portable Executable malware and malicious MS Office documents.

updated at April 26, 2024, 5:16 p.m.

52 +0

594 +1

150 +0

xortool by hellman

A tool to analyze multi-byte xor cipher

updated at April 26, 2024, 1:40 p.m.

47 +0

1,335 +2

170 +0