Malware Analysis
Showing 36 of 187 projects
A dynamic API calls tracer for Windows and Linux applications, built on DynamoRIO for transparent malware analysis.
A modified fork of Cuckoo Sandbox with enhanced malware analysis capabilities, improved stability, and additional features.
A Python sandbox that automatically collects, analyzes, and reports runtime indicators of Linux malware through static, dynamic, and memory analysis.
A command-line Python tool for malware analysis with hex viewing, disassembly, file format support, and plugin architecture.
Go bindings for the YARA pattern matching library, providing a Go-native interface to YARA's C API.
A web interface for the Volatility memory forensics framework that runs plugins, stores results in MongoDB, and enables cross-plugin search.
A collaborative malware analysis framework for storing samples, automating analysis, and sharing insights via IDA Pro integration.
A tool for automatic analysis of malware behavior using machine learning to identify, cluster, and classify malicious software.
A Python RESTful API framework for querying multiple online malware analysis and threat intelligence services.
A binary diffing and patch analysis tool for reverse engineering and vulnerability research.
A packer for Windows x86 executable files that transforms and encrypts PE files to obstruct reverse engineering.
A framework for parsing configuration information from malware, extracting items like addresses, passwords, and filenames.
A low-level mutator for Windows PE files that obfuscates headers and metadata to break static analysis signatures without breaking execution.
A reverse engineering tool that uses DynamoRIO and Capstone to automatically recover data structures from ELF binaries by monitoring memory accesses.
A configurable sandbox for dynamic analysis of Android malware using Frida hooks to bypass anti-emulation techniques.
Archive mirror of the users section from the historical rootkit.com security research website.
A protocol-agnostic, low-interaction honeypot that intercepts and logs network traffic to analyze malicious activities.
A modular, recursive file scanning framework that extends Yara signatures to extract and analyze file objects for malware analysis and intelligence.
A curated list of tools and resources for understanding, detecting, and removing malware persistence techniques across operating systems.
A PowerShell module for remote endpoint threat hunting, scanning for indicators of compromise and collecting system state information.
A framework to analyze, dissect, and decompile complex code-reuse attacks like ROP chains from memory dumps.
A collection of OllyDbg scripts for unpacking and analyzing software protections in reverse engineering.
A C++ Windows malware analysis tool that uses memory and code hooks to detect and extract hidden code from packers.
A modular Python tool that collects threat intelligence for hosts (IPs, domains, FQDNs) from multiple sources and outputs CSV data.
A Java-based Bluetooth honeypot for Linux that detects and analyzes Bluetooth-based attacks like BlueBugging and BlueSnarfing.
A simple Linux ELF runtime crypter that encrypts and loads executables directly into memory to evade detection.
A heavily modified version of Cuckoo Sandbox with enhanced malware analysis capabilities, 64-bit support, and anti-evasion techniques.
An automated memory analysis tool for malware samples and memory dumps that extracts executables, processes, injections, and artifacts.
A multiplatform Linux sandbox for malware traffic analysis and IOC capture using QEMU emulation.
A Splunk-based platform for deploying honeypots and analyzing attacker sessions with intelligence dashboards and threat feeds.
A Windows malware unpacker using Intel PIN for dynamic binary instrumentation and Scylla for import reconstruction.
Automated deployment of a Cuckoo Sandbox malware analysis lab with Windows 10 detonation using Packer and Vagrant.
A command-line tool for macOS persistence mechanism emulation, designed for threat hunters and security testing.
A Django web application for static security analysis (SAST) and malware detection in Android APKs.
Demonstrates various persistence techniques used by malware, including COM hijacking, extension hijacking, and shim injection.
A Windows tool for malware researchers to explore and test anti-debug techniques across modern debuggers.
Related Tags
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.