A curated list of awesome malware analysis tools and resources. Inspired by awesome-python and awesome-php .
Malware Collection Anonymizers Honeypots Malware Corpora Open Source Threat Intelligence Detection and Classification Online Scanners and Sandboxes Domain Analysis Browser Malware Documents and Shellcode File Carving Deobfuscation Debugging and Reverse Engineering Network Memory Forensics Windows Artifacts Storage and Workflow Miscellaneous Resources Related Awesome Lists Contributing Thanks Malware Collection Anonymizers Web traffic anonymizers for analysts.
Anonymouse.org – A free, web based anonymizer.OpenVPN – VPN software and hosting solutions.Privoxy – An open source proxy server with some privacy features.Tor – The Onion Router, for browsing the web without leaving traces of the client IP. Honeypots Trap and collect your own samples.
Conpot – ICS/SCADA honeypot.Cowrie – SSH honeypot, based on Kippo.DemoHunter – Low interaction Distributed Honeypots.Dionaea – Honeypot designed to trap malware.Glastopf – Web application honeypot.Honeyd – Create a virtual honeynet.HoneyDrive – Honeypot bundle Linux distro.Honeytrap – Opensource system for running, monitoring and managing honeypots.MHN – MHN is a centralized server for management and data collection of honeypots. MHN allows you to deploy sensors quickly and to collect data immediately, viewable from a neat web interface.Mnemosyne – A normalizer for honeypot data; supports Dionaea.Thug – Low interaction honeyclient, for investigating malicious websites. Malware Corpora Malware samples collected for analysis.
Clean MX – Realtime database of malware and malicious domains.Contagio – A collection of recent malware samples and analyses.Exploit Database – Exploit and shellcode samples.Infosec – CERT-PA – Malware samples collection and analysis.InQuest Labs – Evergrowing searchable corpus of malicious Microsoft documents.Javascript Mallware Collection – Collection of almost 40.000 javascript malware samplesMalpedia – A resource providing rapid identification and actionable context for malware investigations.Malshare – Large repository of malware actively scrapped from malicious sites.Open Malware Project – Sample information and downloads. Formerly Offensive Computing.Ragpicker – Plugin based malware crawler with pre-analysis and reporting functionalitiestheZoo – Live malware samples for analysts.Tracker h3x – Agregator for malware corpus tracker and malicious download sites.vduddu malware repo – Collection of various malware files and source code.VirusBay – Community-Based malware repository and social network.ViruSign – Malware database that detected by many anti malware programs except ClamAV.VirusShare – Malware repository, registration required.VX Vault – Active collection of malware samples.Zeltser’s Sources – A list of malware sample sources put together by Lenny Zeltser.Zeus Source Code – Source for the Zeus trojan leaked in 2011.VX Underground – Massive and growing collection of free malware samples. Open Source Threat Intelligence Tools Harvest and analyze IOCs.
AbuseHelper – An open-source framework for receiving and redistributing abuse feeds and threat intel.AlienVault Open Threat Exchange – Share and collaborate in developing Threat Intelligence.Combine – Tool to gather Threat Intelligence indicators from publicly available sources.Fileintel – Pull intelligence per file hash.Hostintel – Pull intelligence per host.IntelMQ – A tool for CERTs for processing incident data using a message queue.IOC Editor – A free editor for XML IOC files.iocextract – Advanced Indicator of Compromise (IOC) extractor, Python library and command-line tool.ioc_writer – Python library for working with OpenIOC objects, from Mandiant.MalPipe – Malware/IOC ingestion and processing engine, that enriches collected data.Massive Octo Spice – Previously known as CIF (Collective Intelligence Framework). Aggregates IOCs from various lists. Curated by the CSIRT Gadgets Foundation .MISP – Malware Information Sharing Platform curated by The MISP Project .Pulsedive – Free, community-driven threat intelligence platform collecting IOCs from open-source feeds.PyIOCe – A Python OpenIOC editor.RiskIQ – Research, connect, tag and share IPs and domains. (Was PassiveTotal.)threataggregator – Aggregates security threats from a number of sources, including some of those listed below in other resources .ThreatConnect – TC Open allows you to see and share open source threat data, with support and validation from our free community.ThreatCrowd – A search engine for threats, with graphical visualization.ThreatIngestor – Build automated threat intel pipelines sourcing from Twitter, RSS, GitHub, and more.ThreatTracker – A Python script to monitor and generate alerts based on IOCs indexed by a set of Google Custom Search Engines.TIQ-test – Data visualization and statistical analysis of Threat Intelligence feeds. Related March 12, 2024 In "Cyber security"
November 4, 2020 In "Kali Linux"
March 13, 2024 In "Cyber security"