Malware Analysis
Showing 36 of 187 projects
Loadable kernel modules for Android reversing and debugging on controlled systems and emulators.
An open-source memory forensics tool built on Volatility for differential analysis and data reduction in malware investigations.
A dynamic Java code instrumentation SDK for Android apps to profile runtime, examine coverage, and track high-risk behaviors without source code.
A Ruby framework for automated malware and botnet analysis using sandboxed virtual machines and network traffic dissection.
A Python script that uses Volatility to analyze malware memory footprints by comparing Windows memory images before and after infection.
A Python toolset for malware analysis using function-level fuzzy hashing to catalog and compare malicious binaries.
A curated collection of information and tools for detecting, analyzing, and hunting malware persistence mechanisms across operating systems.
A toolkit for extracting and simplifying virtualized binary code from 32-bit execution traces.
A low-interaction honeypot that mimics Android Debug Bridge (ADB) over TCP/IP to capture malware targeting exposed port 5555.
A Python utility to search for strings, imports, exports, and debug symbols within Windows PE executables using regular expressions.
A TypeDB schema for representing STIX 2.1 cyber threat intelligence data, enabling structured querying of threat actors, malware, and infrastructure.
A Python-based Telnet honeypot that emulates a Telnet service inside a chroot environment to capture malicious activity.
An open-source malware analysis pipeline system that automates sample collection, processing, and JSON-based artifact storage.
A unified console for digital forensics and incident response built on the Viper Framework.
A unified console for digital forensics and incident response (DFIR) built on the Viper Framework.
A reverse engineering tool that removes virtual machine-based obfuscation from malware by analyzing runtraces and extracting original bytecode.
A tool that uses known-plaintext attacks to decrypt XOR-encoded files by deducing the original keystream.
Python implementation of PEiD for detecting packers in Windows PE files using signature databases.
A Python library and CLI for creating interactive visualizations of security and system logs like Cuckoo JSON and ProcMon CSV.
A scalable malware processing and analytics platform built on Hadoop Pig for binary data extraction and analysis.
A command-line utility for storing, tagging, and searching malware samples to help analysts manage their workflow.
Randomly modifies Win32/64 PE files to change their hashes for safer uploading to malware analysis sites.
An open-source dynamic analysis framework that neutralizes anti-analysis behavior in evasive malware during dissection.
A PowerShell module for interacting with VirusTotal's API to analyze suspicious files, URLs, domains, and IP addresses.
A modular Python tool that collects threat intelligence from multiple sources for files identified by their hash.
A benchmark dataset with 3.2 million malicious and benign files across 6 file types for evaluating malware classifiers.
A WinAppDbg script that automates malware unpacking by detecting unpacking behaviors and dumping decrypted memory.
A pre-configured Ubuntu-based virtual machine for mobile application security testing and malware analysis.
A modular malware and IOC ingestion framework that collects, enriches, and exports threat intelligence from multiple feeds.
A plugin-based malware crawler for collecting and pre-analyzing malware samples, useful for antivirus testing and malware analysis.
An open dataset for learning-based temporal analysis of PE malware, containing over 130,000 Windows PE files with feature vectors and metadata.
A research project investigating how packers affect the accuracy of static machine-learning malware classifiers.
Kernel-mode malicious activity hooking framework for macOS security analysis and malware research.
A Python utility for securely unpacking and staging suspicious files, designed for integration with malware analysis tools like Cuckoo Sandbox.
Analyzes web traffic via Squid proxy to detect command and control servers and malicious sites using Spamhaus data.
A collection of Splunk SPL queries for detecting vulnerability exploits, malware, and MITRE ATT&CK TTPs in security logs.
Related Tags
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.