iocextract This library extracts URLs, IP addresses, MD5/SHA hashes, email addresses, and YARA rules from text corpora. It includes some encoded and “defanged” IOCs in the output, and optionally decodes/refangs them. This library currently...
YaraGuardian A Django web interface for managing Yara rules. The manager enables users to: * Search for specific rules based on rule characteristics * Categorize and organize rules easily and in bulk * Make...
Linux Malware Detect (LMD) is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. It uses threat data from network edge...
FakeNet-NG is a next-generation dynamic network analysis tool for malware analysts and penetration testers. It is open source and designed for the latest versions of Windows (and Linux, for certain modes of operation). FakeNet-NG...
mXtract An open source Linux based tool that analyzes and dumps memory. It is developed as an offensive penetration testing tool, which is used to scan memory for private keys, ips, and passwords using...
Noriben Malware Analysis Sandbox Noriben is a Python-based script that works in conjunction with Sysinternals Procmon to automatically collect, analyze, and report on runtime indicators of malware. In a nutshell, it allows you to...
Sniffles Sniffles is a tool for creating packet captures that will test IDS that use fixed patterns or regular expressions for detecting suspicious behavior. Sniffles works very simply. It takes a set of regular...
Malware Analysis / Reverse Engineering
by do son · Published March 19, 2019 · Last modified December 9, 2022
RetDec is a retargetable machine-code decompiler based on LLVM. The decompiler is not limited to any particular target architecture, operating system, or executable file format: Supported file formats: ELF, PE, Mach-O, COFF, AR (archive), Intel HEX,...
BlobRunner is a simple tool to quickly debug shellcode extracted during malware analysis. It allocates memory for the target file and jumps to the base (or offset) of the allocated memory. This allows an...
Tcpreplay is a suite of GPLv3 licensed utilities for UNIX (and Win32 under Cygwin) operating systems for editing and replaying network traffic which was previously captured by tools like tcpdump and Ethereal/Wireshark. It allows you to classify traffic as client...
Pafish Pafish is a demonstration tool that employs several techniques to detect sandboxes and analysis environments in the same way as malware families do. The project is open-source, you can read the code of...
Defense / Forensics / Malware Analysis
by do son · Published March 3, 2019 · Last modified October 10, 2021
DARKSURGEON is a Windows packer project to empower incident response, digital forensics, malware analysis, and network defense. DARKSURGEON has three stated goals: Accelerate incident response, digital forensics, malware analysis, and network defense with a...
PHP malware finder does it is very best to detect obfuscated/dodgy code as well as files using PHP functions often used in malware/webshells. The following list of encoders/obfuscators/webshells are also detected: Best PHP Obfuscator...
makin make initial malware assessment little bit easier for me. It helps to reveal a debugger detection techniques used by a sample. Note: Only supports x64 How does it work? makin opens a sample as a...
Although the Linux system can be protected from the spread of most malware, it is not absolutely safe. If your data center erected a Linux server, especially the Web server, you should be on...
Secure Your Connection
