pcodedmp v1.2.6 releases: A VBA p-code disassembler
pcodedmp.py – A VBA p-code disassembler It is not widely known, but macros are written in VBA (Visual Basic for Applications; the macro programming language used in Microsoft Office) exist...
Category: Malware Analysis
DECAF v1.91 releases: binary analysis platform based on QEMU
DECAF DECAF(short for Dynamic Executable Code Analysis Framework) is a binary analysis platform based on QEMU. This is also the home of the DroidScope dynamic Android malware analysis platform. DroidScope...
MalConfScan v1.0.5 releases: Volatility plugin for extracts configuration data of known malware
MalConfScan is a Volatility plugin extracts configuration data of known malware. Volatility is an open-source memory forensics framework for incident response and malware analysis. This tool searches for malware in memory images and...
tarnish: Chrome extension static analysis tool
tarnish tarnish is a static-analysis tool to aid researchers in security reviews of Chrome extensions. It automates much of the regular grunt work and helps you quickly identify potential security vulnerabilities....
Malcolm v24.01 releases: powerful, easily deployable network traffic analysis tool
Malcolm is a powerful network traffic analysis tool suite designed with the following goals in mind: Easy to use – Malcolm accepts network traffic data in the form of full packet capture...
EKFiddle v1.2.1 released: A framework to study Exploit Kits
EKFiddle A framework based on the Fiddler web debugger to study Exploit Kits, malvertising and malicious traffic in general. Changelog v1.2.1 – Added anti-VM setting in EKFiddle menu Features Toolbar...
PHP malware scanner v1.0.26 releases: Scans PHP files for malwares and known threats
PHP malware scanner Traversing directories for files with php extensions and testing files against text or regexp rules, the rules-based on self-gathered samples and publicly available malwares/webshells. The goal is...
munin v0.20 released: Online hash checker for Virustotal and other services
What is Munin? Munin is an online hash checker utility that retrieves valuable information from various online sources The current version of Munin queries the following services: Virustotal Malshare HybridAnalysis...
pyattck: A Python Module to interact with the Mitre ATT&CK Framework
pyattck A Python module to interact with the Mitre ATT&CK Framework pyattck has the following notable features in its current release: Retrieve all Tactics, Techniques, Actors, Malware, Tools, and Mitigations...
flightsim v2.5 releases: generate malicious network traffic and evaluate controls
Network Flight Simulator flightsim is a lightweight utility used to generate malicious network traffic and help security teams to evaluate security controls and network visibility. The tool performs tests to simulate...
PEpper: perform malware static analysis on Portable Executable
PEpper An open source tool to perform malware static analysis on Portable Executable. Feature extracted Suspicious entropy ratio Suspicious name ratio Suspicious code size Suspicious debugging time-stamp Number of export Number of anti-debugging calls Number of virtual-machine detection calls...
AMIRA v2.0.3 releases: Automated Malware Incident Response & Analysis
AMIRA: Automated Malware Incident Response & Analysis AMIRA is a service for automatically running the analysis on the OSXCollector output files. The automated analysis is performed via OSXCollector Output Filters, in particular, The...
Cmulator v0.2.1 Beta releases: Scriptable x86 RE Sandbox Emulator
Cmulator – Scriptable x86 RE Sandbox Emulator Cmulator is ( x86 – x64 ) Scriptable Reverse Engineering Sandbox Emulator for shellcode and PE binaries Based on Unicorn & Capstone Engine...
osweep v1.6.3 releases: Don’t Just Search OSINT. Sweep It
OSweep Description If you work in IT security, then you most likely use OSINT to help you understand what it is that your SIEM alerted you on and what everyone...
isodump: assist incident responders analyzing ISO files
isodump It is a simple Python script utilized to assist incident responders analyzing ISO files (ISO 9660 disk image format) containing malware. The following file systems are supported: ISO 9660...
