Malware Analysis

VivisectPython

A Python framework for disassembly, static analysis, symbolic execution, and debugging of binaries and malware.

List of various Security APIs

A curated collection of public JSON APIs for cybersecurity professionals, covering threat intelligence, malware analysis, and security tools.

honeypotsPython

A Python package with 30 low-high level honeypots for monitoring network traffic, bots, and credential attacks.

PowerShellArsenalPowerShell

A PowerShell module for reverse engineering that disassembles code, analyzes malware, parses memory structures, and inspects Windows internals.

MuninPython

A Python utility for checking file hashes against multiple malware analysis services like VirusTotal, Hybrid Analysis, and MISP.

DECAF (Dynamic Executable Code Analysis Framework)C

A dynamic binary analysis framework based on QEMU for whole-system taint analysis and security research.

MalUnpackC

A dynamic unpacker for Windows malware that deploys packed executables, waits for payload unpacking, and dumps the extracted code.

DionaeaPython

A low-interaction honeypot that emulates vulnerable services to capture malware and analyze attacks.

DroidboxPython

Dynamic analysis tool for Android applications that monitors runtime behavior, detects information leaks, and visualizes app activity.

PE-bear

A freeware reversing tool for PE files, designed for fast and flexible malware analysis.

OSX Security Awesome

A curated collection of macOS and iOS security resources including tools, research, malware analysis, and hardening guides.

PEPackC

A command-line toolkit for analyzing and working with Portable Executable (PE) binaries on multiple platforms.

AntivmdetectPython

A script that generates VirtualBox templates to harden Windows VMs against malware detection.

Javascript Mallware CollectionJavaScript

A collection of nearly 40,000 JavaScript malware samples for security research and analysis.

un{i}packerPython

An automatic, platform-independent unpacker for Windows binaries using emulation to analyze packed malware.

StringSifterPython

A machine learning tool that ranks strings by relevance for malware analysis, helping analysts prioritize suspicious strings.

HaboMalHunterPython

An automated malware analysis tool for Linux ELF files, extracting static and dynamic features for security assessment.

Laika BOSSPython

A scalable, modular object scanner and intrusion detection system that extracts, flags, and enriches files with metadata.

CapTipperPython

A Python tool to analyze, explore, and revive malicious HTTP traffic from PCAP files for security research.

box-jsJavaScript

A utility for analyzing and studying malicious JavaScript by emulating a Windows JScript environment.

MARAPython

A comprehensive mobile application reverse engineering and analysis framework for security testing against OWASP mobile threats.

WDBGARKC++

A WinDBG extension for viewing and analyzing Windows kernel anomalies to detect rootkits and system modifications.

Gym-MalwarePython

A reinforcement learning environment for training AI agents to manipulate malware samples and evade static machine learning detection.

CuckooDroidPython

An extension of Cuckoo Sandbox that adds automated Android malware analysis capabilities for executing and analyzing Android applications.

iocextractPython

A Python library and CLI for extracting and refanging defanged Indicators of Compromise (IOCs) from text.

Nauz File DetectorC++

A portable utility that identifies linkers, compilers, and packers used to create executable files across Windows, Linux, and macOS.

MalSploitBasePython

A collection of public exploits targeting malware infrastructure for security research and analysis.

MachinaePython

A Python tool for collecting security intelligence from public feeds about IPs, domains, URLs, emails, hashes, and SSL fingerprints.

PortExScala

A Java library for static malware analysis of Portable Executable files with robust handling of malformations.

VMCloakPython

Automated tool for creating and preparing virtual machines for Cuckoo Sandbox malware analysis.

friTapJavaScript

A tool for real-time SSL/TLS key extraction and traffic decryption to simplify encrypted network analysis for security researchers.

MalConfScanPython

A Volatility plugin that extracts configuration data and decoded strings from known malware families in memory images.

AVClassPython

A Python tool for extracting malware family names and tags from antivirus engine labels, designed for large-scale malware analysis.

BitscoutShell

A customizable live OS constructor tool written in Bash for remote forensics, malware hunting, and incident response.

SnarePython

A web application honeypot sensor that clones websites to attract and analyze malicious attacks.

malware-jailJavaScript

A Node.js sandbox for semi-automatic JavaScript malware analysis, deobfuscation, and payload extraction.