Crawlector Crawlector (the name Crawlector is a combination of Crawler & Detector) is a threat hunting framework designed for scanning websites for malicious objects. Note-1: The framework was first presented at the No Hat conference in Bergamo, Italy on...
WhacAMole WhacAMole is a program that analyzes processes in memory in an integral way, detecting and alerting of anomalies related to the malware and presenting and saving in files all the relevant information for...
YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe)...
Defense / Forensics / Malware Analysis
by do son · Published August 2, 2019 · Last modified September 17, 2023
MISP – Malware Information Sharing Platform and Threat Sharing MISP, Malware Information Sharing Platform, and Threat Sharing is an open-source software solution for collecting, storing, distributing, and sharing cybersecurity indicators and threats about cybersecurity...
Forensics / Malware Analysis / Web Information Gathering
by do son · Published August 3, 2019 · Last modified September 17, 2023
Mitaka Mitaka is an OSINT friendly IOC (Indicator of Compromise) search tool. It works as a Chrome extension and it makes it possible to search/scan IOC via the context menu. Features Supported IOC types...
Malcolm is a powerful network traffic analysis tool suite designed with the following goals in mind: Easy to use – Malcolm accepts network traffic data in the form of full packet capture (PCAP) files and Zeek...
YAMA YAMA is a system for generating scanners that can inspect specific malware during incident response. The scanner generated by YAMA is designed to explore the memory of Windows OS and detect malware. With...
EKFiddle A framework based on the Fiddler web debugger to study Exploit Kits, malvertising and malicious traffic in general. Changelog v1.2 – Updated upstream proxy menu – Google Ads collection Features Toolbar buttons The...
ThreatIngestor An extendable tool to extract and aggregate IOCs from threat feeds. Integrates out-of-the-box with ThreatKB and MISP, and can fit seamlessly into any existing workflow with SQS, Beanstalk, and custom plugins. ThreatIngestor can be configured to watch Twitter, RSS feeds,...
Karton Distributed malware processing framework based on Python, Redis, and MinIO. The idea Karton is a robust framework for creating flexible and lightweight malware analysis backends. It can be used to connect malware* analysis systems into a robust...
