Randomly changes Win32/64 PE Files for 'safer' uploading to malware and sandbox sites.
created at Oct. 10, 2013, 1:42 p.m.
EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.
created at Oct. 5, 2013, 8:59 p.m.
Wraps around various tools and provides some additional checks/information to produce a centralized report of a PE file.
created at Jan. 16, 2013, 2:04 p.m.
Searches various online resources to try and get as much info about an IP/domain as possible.
created at Dec. 24, 2012, 5:50 p.m.
A framework for receiving and redistributing abuse feeds
created at Nov. 25, 2015, 12:35 p.m.
Minimal, consistent Python API for building integrations with malware sandboxes.
created at Jan. 16, 2018, 7:54 p.m.
ngrep is like GNU grep applied to the network layer. It's a PCAP-based tool that allows you to specify an extended regular or hexadecimal expression to match against data payloads of packets. It understands many kinds of protocols, including IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw, across a wide variety of interface types, and understands BPF filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.
created at Dec. 30, 2009, 8:14 a.m.
Threat Intelligence Quotient Test - Dataviz and Statistical Analysis of TI feeds
created at March 30, 2014, 6:52 p.m.
Malware Analysis Tool using Function Level Fuzzy Hashing
created at Sept. 18, 2015, 5:55 p.m.
Linker/Compiler/Tool detector for Windows, Linux and MacOS.
created at Nov. 29, 2018, 2:28 p.m.
Visualize network topologies and collect graph statistics based on pcap files
created at Jan. 21, 2015, 10:57 p.m.
Defanged Indicator of Compromise (IOC) Extractor.
created at April 17, 2018, 5:37 p.m.
A machine learning tool that ranks strings based on their relevance for malware analysis.
created at Sept. 5, 2019, 1:02 p.m.