User Experience on mobile might not be great yet, but I'm working on it.

Your first time on this page? Allow me to give some explanations.

Awesome Malware Analysis

Defund the Police.

Here you can see meta information about this topic like the time we last updated this page, the original creator of the awesome list and a link to the original GitHub repository.

Last Update: Sept. 25, 2022, 10:06 p.m.

Thank you rshipp & contributors
View Topic on GitHub:
rshipp/awesome-malware-analysis

Search for resources by name or description.
Simply type in what you are looking for and the results will be filtered on the fly.

Further filter the resources on this page by type (repository/other resource), number of stars on GitHub and time of last commit in months.

Anonymizers

Honeypots

ICS/SCADA honeypot

937
358
1y 5d
GPL-2.0

Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io

2
0
11m
n/a

Distributed Honeypot

45
6
4y 5m
MIT

Home of the dionaea honeypot

558
149
1y 7m
GPL-2.0

Web Application Honeypot

458
174
11m
n/a

Advanced Honeypot framework.

1.01K
162
1y 62d
n/a

Modern Honey Network

2.17K
621
11m
n/a

Normalizer for honeypot data.

42
38
7y 101d
GPL-3.0

Python low-interaction honeyclient

852
201
10m
GPL-2.0

Malware Corpora

Collection of almost 40.000 javascript malware samples

427
180
2y 21d
n/a

Ragpicker is a Plugin based malware crawler with pre-analysis and reporting functionalities. Use this tool if you are testing antivirus products, collecting malware for another analyzer/zoo.

83
22
7y 52d
n/a

A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.

7.72K
2.05K
10m
n/a

NOT MY CODE! Zeus trojan horse - leaked in 2011, I am not the author. This repository is for study purposes only, do not message me about your lame hacking attempts.

1.11K
680
1y 9m
n/a

Tools

A framework for receiving and redistributing abuse feeds

108
17
3y 0d
MIT

Tool to gather Threat Intelligence indicators from publicly available sources

615
174
3y 6m
GPL-3.0

A modular Python application to pull intelligence about malicious files

102
23
1y 9m
n/a

A modular Python application to collect intelligence for malicious hosts.

229
50
1y 5m
n/a

Defanged Indicator of Compromise (IOC) Extractor.

331
73
1y 115d
GPL-2.0
176
59
4y 9m
Apache-2.0

Malware/IOC ingestion and processing engine

95
23
3y 10m
GPL-3.0

DEPRECATED - USE v3 (bearded-avenger)

224
65
4y 8m
LGPL-3.0

MISP (core software) - Open Source Threat Intelligence and Sharing Platform (formely known as Malware Information Sharing Platform)

3.42K
1.06K
10m
AGPL-3.0

Python OpenIOC Editor

17
5
6y 9m
n/a

Aggregates security threats from a number of online sources, and outputs to Syslog CEF, Snort Signatures, Iptables rules, hosts.deny, etc.

75
26
6y 7m
MIT

Extract and aggregate threat intelligence.

505
108
1y 54d
GPL-2.0

ThreatTracker is a Python script designed to monitor and generate alerts on given sets of indicators of compromise (IOCs) indexed by a set of Google Custom Search Engines.

54
10
7y 6m
n/a

Threat Intelligence Quotient Test - Dataviz and Statistical Analysis of TI feeds

154
40
6y 11m
GPL-3.0

Other Resources

FireEye Publicly Shared Indicators of Compromise (IOCs)

429
109
3y 8m
Apache-2.0

Honeynet Project generic authenticated datafeed protocol

197
106
1y 6m
GPL-3.0

Repository of yara rules

2.8K
749
11m
GPL-2.0

Your Everyday Threat Intelligence

1.16K
241
10m
Apache-2.0

Detection and Classification

Wraps around various tools and provides some additional checks/information to produce a centralized report of a PE file.

179
35
8y 8m
n/a

BinaryAlert: Serverless, Real-time & Retroactive Malware Detection.

1.19K
175
11m
Apache-2.0

The FLARE team's open-source tool to identify capabilities in executable files.

1.93K
264
10m
Apache-2.0

Program for determining types of files for Windows, Linux and MacOS.

2.7K
383
11m
MIT

File Scanning Framework

240
47
1y 11d
Apache-2.0

Automated static analysis tools for binary programs

1.11K
158
1y 61d
n/a

A Single Library Parser to extract meta information,static analysis and detect macros within the files.

14
7
4y 13d
MIT
564
118
4y 20d
n/a

HashCheck Shell Extension for Windows with added SHA2, SHA3, and multithreading; originally from code.kliu.org

1.2K
143
1y 9m
n/a

Loki - Simple IOC and Incident Response Scanner

2.17K
477
12m
GPL-3.0

Malware Analysis Tool using Function Level Fuzzy Hashing

183
34
6y 9m
LGPL-2.1

A static analyzer for PE executables.

781
154
1y 61d
GPL-3.0

Malware static analysis framework

149
44
2y 5m
n/a

Modular file scanning/analysis framework

524
121
2y 11m
MPL-2.0

Linker/Compiler/Tool detector for Windows, Linux and MacOS.

244
53
10m
MIT

Checks with NSRL RDS servers looking for for hash matches

92
10
1y 7m
ISC

PEframe is a open source tool to perform static analysis on Portable Executable malware and malicious MS Office documents.

513
139
1y 20d
n/a

Java library to analyse Portable Executable files with a special focus on malware analysis and PE malformation robustness

352
72
11m
Apache-2.0

Android Malware (Analysis | Scoring) System

716
109
10m
GPL-3.0

yarGen is a generator for YARA rules

921
205
11m
n/a

Simple tool to find the yara matches on a file

19
5
4y 31d
MIT

Online Scanners and Sandboxes

Automatic deployment of Cuckoo Sandbox malware lab using Packer and Vagrant

204
27
1y 24d
MPL-2.0

Modified edition of cuckoo

253
103
3y 18d
n/a

A Python library to interface with a cuckoo-modified instance

16
4
5y 11m
n/a

The Multiplatform Linux Sandbox

237
64
4y 17d
MIT

DRAKVUF Black-box Binary Analysis

717
203
10m
n/a

HaboMalHunter is a sub-project of Habo Malware Analysis System (https://habo.qq.com), which can be used for automated malware analysis and security assessment on the Linux system.

656
220
2y 11m
n/a

Limon is a sandbox developed as a research project written in python, which automatically collects, analyzes, and reports on the run time indicators of Linux malware. It allows one to inspect Linux malware before execution, during execution, and after execution (post-mortem analysis) by performing static, dynamic and memory analysis using open source tools

340
117
6y 4m
GPL-3.0

A Tool for Automatic Analysis of Malware Behavior

322
94
3y 4m
GPL-3.0

VirusTotal Wanna Be - Now with 100% more Hipster

1.32K
238
3y 6m
Apache-2.0

A Python RESTful API framework for online malware analysis and threat intelligence services.

319
83
1y 6m
n/a

Noriben - Portable, Simple, Malware Analysis Sandbox

838
207
1y 102d
n/a

Randomly changes Win32/64 PE Files for 'safer' uploading to malware and sandbox sites.

123
39
8y 11m
n/a

Minimal, consistent Python API for building integrations with malware sandboxes.

107
34
1y 4m
GPL-2.0

Sandboxed Execution Environment

781
100
1y 11m
Apache-2.0

A Python library and command line tools to provide interactive log visualization.

129
35
5y 10m
n/a

Domain Analysis

A tool designed for consistent and safe capture of off network web resources.

33
4
5y 6m
Apache-2.0

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

3.08K
558
10m
n/a

Searches various online resources to try and get as much info about an IP/domain as possible.

81
25
8y 8m
n/a

Machinae Security Intelligence Collector

457
102
1y 4m
MIT

Cross-language temporary (disposable/throwaway) email detection library. Covers 33600 fake email providers.

1.3K
182
10m
MIT

A set of Maltego transforms for VirusTotal Public API v2.0. This set has the added functionality of caching queries on a daily basis to speed up resolutions.

70
20
6y 10m
n/a

Browser Malware

A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)

12.73K
972
7m
GPL-3.0

Parses Java Cache IDX files

38
10
4y 7m
n/a

Automatically exported from code.google.com/p/jsunpack-n

143
61
7y 5m
GPL-2.0

Java decompiler, assembler, and disassembler

1.45K
176
1y 4m
GPL-3.0

Robust ABC (ActionScript Bytecode) [Dis-]Assembler

391
89
11m
GPL-3.0

Documents and Shellcode

File Carving

This is the development tree. For downloads please see:

558
133
10m
n/a

EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.

143
20
2y 6m
Apache-2.0

Hachoir is a Python library to view and edit a binary stream field by field

446
61
11m
GPL-2.0

Scalpel is an open source data carving tool. It is not being actively maintained.

471
87
1y 6m
n/a

Sample staging & detonation utility to be used in combination with Cuckoo Sandbox.

66
37
1y 20d
n/a

Deobfuscation

.NET deobfuscator and unpacker.

5.39K
2K
2y 28d
GPL-3.0

FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.

2K
349
10m
Apache-2.0

Tool to help guess a files 256 byte XOR key by using frequency analysis

70
20
4y 108d
n/a

C++ application that uses memory and code hooks to detect packers

241
68
4y 6m
GPL-2.0

PyInstaller Extractor

583
221
1y 16d
GPL-3.0

A cross-version Python bytecode decompiler

2.4K
285
10m
GPL-3.0

Automatic and platform-independent unpacker for Windows binaries based on emulation

403
57
1y 60d
GPL-2.0

Automated malware unpacker

99
23
6y 6m
n/a

unXOR will search a XORed file and try to guess the key using known-plaintext attacks.

115
20
2y 5m
Apache-2.0

Reverse engineering tool for virtualization wrappers

72
14
2y 4m
n/a

A tool to analyze multi-byte xor cipher

1.07K
156
1y 4m
n/a

Debugging and Reverse Engineering

A powerful and user-friendly binary analysis platform!

5.46K
860
10m
BSD-2-Clause

Identifies and extracts information from bots and other malware

145
29
6y 9m
MIT

Binary Analysis Platform

1.57K
246
7m
MIT

BARF : A multiplatform open source Binary Analysis and Reverse engineering Framework

1.31K
174
2y 10m
BSD-2-Clause

BinNavi is a binary analysis IDE that allows to inspect, navigate, edit and annotate control flow graphs and call graphs of disassembled code.

2.77K
475
1y 11m
Apache-2.0

Firmware Analysis Tool

7.84K
1.21K
10m
MIT

BluePill: Neutralizing Anti-Analysis Behavior in Malware Dissection (Black Hat Europe 2019, TIFS 2020)

76
20
11m
LGPL-3.0

Capstone disassembly/disassembler framework: Core (Arm, Arm64, BPF, EVM, M68K, M680X, MOS65xx, Mips, PPC, RISCV, Sparc, SystemZ, TMS320C64x, Web Assembly, X86, X86_64, XCore) + bindings.

5.45K
1.26K
10m
n/a

Web based code browser using clang to provide basic code analysis.

39
5
5y 69d
n/a

Free and Open Source Reverse Engineering Platform powered by rizin

9.86K
787
11m
GPL-3.0

DECAF (short for Dynamic Executable Code Analysis Framework) is a binary analysis platform based on QEMU. This is also the home of the DroidScope dynamic Android malware analysis platform. DroidScope is now an extension to DECAF.

667
172
1y 7m
GPL-3.0

.NET debugger and assembly editor

20.1K
3.86K
1y 9m
n/a

A modern tool for the Windows kernel exploration and tracing

1.44K
150
11m
n/a

GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging features for exploit developers & reverse engineers ☢

4.07K
560
10m
MIT

Ghidra is a software reverse engineering (SRE) framework

29.48K
3.84K
10m
Apache-2.0

hackers-grep is a utility to search for strings in PE executables including imports, exports, and debug symbols

152
16
4y 82d
n/a

Interactive Delphi Reconstructor

583
163
1y 7d
MIT
64
18
4y 5d
MIT

Deprecated repo for PANDA 1.0 – see PANDA 2.0 repository

91
38
5y 9m
n/a

PEDA - Python Exploit Development Assistance for GDB

4.8K
763
11m
n/a

Automated static analysis tools for binary programs

1.11K
158
1y 61d
n/a

Plasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax.

2.95K
305
1y 26d
GPL-3.0

Official repository for Pyew.

341
97
3y 21d
GPL-2.0

Python scriptable Reverse Engineering Sandbox, a Virtual Machine instrumentation and inspection framework based on QEMU

1.5K
244
2y 60d
GPL-2.0
35
10
11m
n/a

ROPMEMU is a framework to analyze, dissect and decompile complex code-reuse attacks.

270
47
6y 4m
LGPL-2.1

Imports Reconstructor

670
175
3y 6m
GPL-3.0

Advanced usermode anti-anti-debugger. Forked from https://bitbucket.org/NtQuery/scyllahide

2.14K
269
11m
GPL-3.0

Sublime Malware Research Tool

59
14
1y 4m
n/a

A machine learning tool that ranks strings based on their relevance for malware analysis.

519
107
1y 9m
Apache-2.0

Disassembler Library for x86 and x86-64

807
267
11m
BSD-2-Clause
712
168
10m
n/a

Network

integrating bro into yara

30
4
7y 9m
n/a

Malicious HTTP traffic explorer

666
164
1y 11m
GPL-3.0

Protocol Analysis/Decoder Framework

450
117
2y 6m
n/a

[Suspended] FakeNet-NG - Next Generation Dynamic Network Analysis Tool

1.29K
298
11m
Apache-2.0

Botnet command & control monitor

155
62
4y 11m
n/a

Replay HTTP and HTTPS requests from a PCAP based on TLS Master Secrets.

76
31
1y 9m
n/a

Laika BOSS: Object Scanning System

686
156
3y 11m
Apache-2.0

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files) and Zeek logs.

104
12
10m
n/a

Malcom - Malware Communications Analyzer

1.02K
208
4y 10m
n/a

Malicious traffic detection system

4.2K
804
10m
MIT

Arkime (formerly Moloch) is an open source, large scale, full packet capturing, indexing, and database system.

4.96K
909
10m
n/a

ngrep is like GNU grep applied to the network layer. It's a PCAP-based tool that allows you to specify an extended regular or hexadecimal expression to match against data payloads of packets. It understands many kinds of protocols, including IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw, across a wide variety of interface types, and understands BPF filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.

613
85
1y 29d
n/a

Visualize network topologies and collect graph statistics based on pcap files

261
59
2y 8m
n/a

An ICAP Server with yara scanner for URL and content.

49
12
1y 18d
n/a

analyze a web-based network traffic 🕶 to detect central command and control servers

73
24
4y 89d
n/a

Memory Forensics

Differential Analysis of Malware in Memory

185
52
5y 5m
GPL-2.0

Web interface for the Volatility Memory Forensics Framework

243
41
4y 10m
n/a

inVtero.net: A high speed (Gbps) Forensics, Memory integrity & assurance. Includes offensive & defensive memory capabilities. Find/Extract processes, hypervisors (including nested) in memory dumps using microarchitechture independent Virtual Machiene Introspection techniques

245
55
4y 10m
AGPL-3.0

A short and small memory forensics helper.

42
8
4y 11m
n/a

Based on the Volatility framework, this script will run various plugins as well as create a timeline, or use YARA/ClamAV/VirusTotal to find badness.

45
8
5y 119d
n/a

VolDiff: Malware Memory Footprint Analysis based on Volatility

179
51
5y 15d
BSD-2-Clause

An advanced memory forensics framework

4.96K
1.04K
1y 23d
GPL-2.0

Web App for Volatility framework

330
89
2y 8m
GPL-3.0

WinDBG Anti-RootKit Extension

484
167
2y 59d
n/a

Windows Artifacts

Windows Live Artifacts Acquisition Script

153
29
1y 43d
GPL-2.0

Pure Python parser for classic Windows Event Log files (.evt)

30
9
6y 11m
Apache-2.0

Storage and Workflow

An Open Source Malware Analysis Pipeline System

138
54
1y 117d
n/a

A warehouse for your malware

119
41
9y 4m
n/a

Collaborative malware analysis framework

320
59
3y 8m
n/a

Miscellaneous

Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.

3.52K
868
11m
GPL-2.0

Cryptographic Dataset Generation & Modelling Framework

27
11
2y 5m
Apache-2.0
3.12K
562
11m
Apache-2.0

Malware exploits

477
202
3y 28d
n/a

A simple tool to organise large malicious/benign files into a organised Structure.

12
4
4y 8d
MIT

Pafish is a demonstration tool that employs several techniques to detect sandboxes and analysis environments in the same way as malware families do.

1.98K
374
11m
GPL-3.0

Books

Other

Related Awesome Lists

A collection of android security related resources

5.58K
1.29K
11m
Apache-2.0

A curated list of resources for learning about application security

4.69K
578
10m
MIT

A curated list of CTF frameworks, libraries, resources and softwares

6.35K
1.22K
11m
CC0-1.0

A curated list of awesome forensic analysis tools and resources

1.73K
366
11m
CC0-1.0

A curated list of awesome Hacking tutorials, tools and resources

7.6K
1.3K
11m
MIT

an awesome list of honeypot resources

5.44K
1K
12m
Artistic-2.0

A curated list of resources related to Industrial Control System (ICS) security.

930
340
10m
Apache-2.0

A curated list of tools for incident response

4.66K
1.18K
11m
Apache-2.0

A curated list of awesome infosec courses and training resources.

3.73K
649
1y 11d
n/a

A collection of tools developed by other researchers in the Computer Science area to process network traces. All the right reserved for the original authors.

2.34K
396
1y 8d
CC0-1.0

A collection of awesome penetration testing resources, tools and other shiny things

14.99K
3.8K
10m
n/a

A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.

7.46K
1.41K
10m
MIT

A curated list of Awesome Threat Intelligence resources

4.66K
1.06K
10m
Apache-2.0

A curated list of awesome YARA rules, tools, and people.

1.69K
290
10m
n/a