awesome-malware-analysis

awesome-malware-analysis

全面的恶意软件分析工具和资源列表

该项目汇集了多种恶意软件分析工具和资源,涵盖恶意软件收集、开源威胁情报、检测和分类等方面。列表包含匿名器、蜜罐、样本库、威胁情报平台、IOC提取工具等实用资源。安全研究人员和分析师可以利用这些工具更高效地开展恶意软件分析和威胁情报工作。

恶意软件分析威胁情报检测分类沙箱逆向工程Github开源项目

Awesome Malware Analysis Awesome

A curated list of awesome malware analysis tools and resources. Inspired by awesome-python and awesome-php.

Drop ICE

View Chinese translation: 恶意软件分析大合集.md.


Malware Collection

Anonymizers

Web traffic anonymizers for analysts.

  • Anonymouse.org - A free, web based anonymizer.
  • OpenVPN - VPN software and hosting solutions.
  • Privoxy - An open source proxy server with some privacy features.
  • Tor - The Onion Router, for browsing the web without leaving traces of the client IP.

Honeypots

Trap and collect your own samples.

  • Conpot - ICS/SCADA honeypot.
  • Cowrie - SSH honeypot, based on Kippo.
  • DemoHunter - Low interaction Distributed Honeypots.
  • Dionaea - Honeypot designed to trap malware.
  • Glastopf - Web application honeypot.
  • Honeyd - Create a virtual honeynet.
  • HoneyDrive - Honeypot bundle Linux distro.
  • Honeytrap - Opensource system for running, monitoring and managing honeypots.
  • MHN - MHN is a centralized server for management and data collection of honeypots. MHN allows you to deploy sensors quickly and to collect data immediately, viewable from a neat web interface.
  • Mnemosyne - A normalizer for honeypot data; supports Dionaea.
  • Thug - Low interaction honeyclient, for investigating malicious websites.

Malware Corpora

Malware samples collected for analysis.

  • Clean MX - Realtime database of malware and malicious domains.
  • Contagio - A collection of recent malware samples and analyses.
  • Exploit Database - Exploit and shellcode samples.
  • Infosec - CERT-PA - Malware samples collection and analysis.
  • InQuest Labs - Evergrowing searchable corpus of malicious Microsoft documents.
  • Javascript Mallware Collection - Collection of almost 40.000 javascript malware samples
  • Malpedia - A resource providing rapid identification and actionable context for malware investigations.
  • Malshare - Large repository of malware actively scrapped from malicious sites.
  • Ragpicker - Plugin based malware crawler with pre-analysis and reporting functionalities
  • theZoo - Live malware samples for analysts.
  • Tracker h3x - Agregator for malware corpus tracker and malicious download sites.
  • vduddu malware repo - Collection of various malware files and source code.
  • VirusBay - Community-Based malware repository and social network.
  • ViruSign - Malware database that detected by many anti malware programs except ClamAV.
  • VirusShare - Malware repository, registration required.
  • VX Vault - Active collection of malware samples.
  • Zeltser's Sources - A list of malware sample sources put together by Lenny Zeltser.
  • Zeus Source Code - Source for the Zeus trojan leaked in 2011.
  • VX Underground - Massive and growing collection of free malware samples.

Open Source Threat Intelligence

Tools

Harvest and analyze IOCs.

  • AbuseHelper - An open-source framework for receiving and redistributing abuse feeds and threat intel.
  • AlienVault Open Threat Exchange - Share and collaborate in developing Threat Intelligence.
  • Combine - Tool to gather Threat Intelligence indicators from publicly available sources.
  • Fileintel - Pull intelligence per file hash.
  • Hostintel - Pull intelligence per host.
  • IntelMQ - A tool for CERTs for processing incident data using a message queue.
  • IOC Editor - A free editor for XML IOC files.
  • iocextract - Advanced Indicator of Compromise (IOC) extractor, Python library and command-line tool.
  • ioc_writer - Python library for working with OpenIOC objects, from Mandiant.
  • MalPipe - Malware/IOC ingestion and processing engine, that enriches collected data.
  • Massive Octo Spice - Previously known as CIF (Collective Intelligence Framework). Aggregates IOCs from various lists. Curated by the CSIRT Gadgets Foundation.
  • MISP - Malware Information Sharing Platform curated by The MISP Project.
  • Pulsedive - Free, community-driven threat intelligence platform collecting IOCs from open-source feeds.
  • PyIOCe - A Python OpenIOC editor.
  • RiskIQ - Research, connect, tag and share IPs and domains. (Was PassiveTotal.)
  • threataggregator - Aggregates security threats from a number of sources, including some of those listed below in other resources.
  • ThreatConnect - TC Open allows you to see and share open source threat data, with support and validation from our free community.
  • ThreatCrowd - A search engine for threats, with graphical visualization.
  • ThreatIngestor - Build automated threat intel pipelines sourcing from Twitter, RSS, GitHub, and more.
  • ThreatTracker - A Python script to monitor and generate alerts based on IOCs indexed by a set of Google Custom Search Engines.
  • TIQ-test - Data visualization and statistical analysis of Threat Intelligence feeds.

Other Resources

Threat intelligence and IOC resources.

Detection and Classification

Antivirus and other malware identification tools

  • AnalyzePE - Wrapper for a variety of tools for reporting on Windows PE files.
  • Assemblyline - A scalable file triage and malware analysis system integrating the cyber security community's best tools..
  • BinaryAlert - An open source, serverless AWS pipeline that scans and alerts on uploaded files based on a set of YARA rules.
  • capa - Detects capabilities in executable files.
  • chkrootkit - Local Linux rootkit detection.
  • ClamAV - Open source antivirus engine.
  • Detect It Easy(DiE) - A program for determining types of files.
  • Exeinfo PE - Packer, compressor detector, unpack info, internal exe tools.
  • ExifTool - Read, write and edit file metadata.
  • File Scanning Framework - Modular, recursive file scanning solution.
  • fn2yara - FN2Yara is a tool to generate Yara signatures for matching functions (code) in an executable program.
  • Generic File Parser - A Single Library Parser to extract meta information,static analysis and detect macros within the files.
  • hashdeep - Compute digest hashes with a variety of algorithms.
  • HashCheck - Windows shell extension to compute hashes with a variety of algorithms.
  • Loki - Host based scanner for IOCs.
  • Malfunction - Catalog and compare malware at a function level.
  • Manalyze - Static analyzer for PE executables.
  • MASTIFF - Static analysis framework.
  • MultiScanner - Modular file scanning/analysis framework
  • [Nauz File

编辑推荐精选

TRAE编程

TRAE编程

AI辅助编程,代码自动修复

Trae是一种自适应的集成开发环境(IDE),通过自动化和多元协作改变开发流程。利用Trae,团队能够更快速、精确地编写和部署代码,从而提高编程效率和项目交付速度。Trae具备上下文感知和代码自动完成功能,是提升开发效率的理想工具。

AI工具TraeAI IDE协作生产力转型热门
蛙蛙写作

蛙蛙写作

AI小说写作助手,一站式润色、改写、扩写

蛙蛙写作—国内先进的AI写作平台,涵盖小说、学术、社交媒体等多场景。提供续写、改写、润色等功能,助力创作者高效优化写作流程。界面简洁,功能全面,适合各类写作者提升内容品质和工作效率。

AI辅助写作AI工具蛙蛙写作AI写作工具学术助手办公助手营销助手AI助手
问小白

问小白

全能AI智能助手,随时解答生活与工作的多样问题

问小白,由元石科技研发的AI智能助手,快速准确地解答各种生活和工作问题,包括但不限于搜索、规划和社交互动,帮助用户在日常生活中提高效率,轻松管理个人事务。

热门AI助手AI对话AI工具聊天机器人
Transly

Transly

实时语音翻译/同声传译工具

Transly是一个多场景的AI大语言模型驱动的同声传译、专业翻译助手,它拥有超精准的音频识别翻译能力,几乎零延迟的使用体验和支持多国语言可以让你带它走遍全球,无论你是留学生、商务人士、韩剧美剧爱好者,还是出国游玩、多国会议、跨国追星等等,都可以满足你所有需要同传的场景需求,线上线下通用,扫除语言障碍,让全世界的语言交流不再有国界。

讯飞智文

讯飞智文

一键生成PPT和Word,让学习生活更轻松

讯飞智文是一个利用 AI 技术的项目,能够帮助用户生成 PPT 以及各类文档。无论是商业领域的市场分析报告、年度目标制定,还是学生群体的职业生涯规划、实习避坑指南,亦或是活动策划、旅游攻略等内容,它都能提供支持,帮助用户精准表达,轻松呈现各种信息。

AI办公办公工具AI工具讯飞智文AI在线生成PPTAI撰写助手多语种文档生成AI自动配图热门
讯飞星火

讯飞星火

深度推理能力全新升级,全面对标OpenAI o1

科大讯飞的星火大模型,支持语言理解、知识问答和文本创作等多功能,适用于多种文件和业务场景,提升办公和日常生活的效率。讯飞星火是一个提供丰富智能服务的平台,涵盖科技资讯、图像创作、写作辅助、编程解答、科研文献解读等功能,能为不同需求的用户提供便捷高效的帮助,助力用户轻松获取信息、解决问题,满足多样化使用场景。

热门AI开发模型训练AI工具讯飞星火大模型智能问答内容创作多语种支持智慧生活
Spark-TTS

Spark-TTS

一种基于大语言模型的高效单流解耦语音令牌文本到语音合成模型

Spark-TTS 是一个基于 PyTorch 的开源文本到语音合成项目,由多个知名机构联合参与。该项目提供了高效的 LLM(大语言模型)驱动的语音合成方案,支持语音克隆和语音创建功能,可通过命令行界面(CLI)和 Web UI 两种方式使用。用户可以根据需求调整语音的性别、音高、速度等参数,生成高质量的语音。该项目适用于多种场景,如有声读物制作、智能语音助手开发等。

咔片PPT

咔片PPT

AI助力,做PPT更简单!

咔片是一款轻量化在线演示设计工具,借助 AI 技术,实现从内容生成到智能设计的一站式 PPT 制作服务。支持多种文档格式导入生成 PPT,提供海量模板、智能美化、素材替换等功能,适用于销售、教师、学生等各类人群,能高效制作出高品质 PPT,满足不同场景演示需求。

讯飞绘文

讯飞绘文

选题、配图、成文,一站式创作,让内容运营更高效

讯飞绘文,一个AI集成平台,支持写作、选题、配图、排版和发布。高效生成适用于各类媒体的定制内容,加速品牌传播,提升内容营销效果。

热门AI辅助写作AI工具讯飞绘文内容运营AI创作个性化文章多平台分发AI助手
材料星

材料星

专业的AI公文写作平台,公文写作神器

AI 材料星,专业的 AI 公文写作辅助平台,为体制内工作人员提供高效的公文写作解决方案。拥有海量公文文库、9 大核心 AI 功能,支持 30 + 文稿类型生成,助力快速完成领导讲话、工作总结、述职报告等材料,提升办公效率,是体制打工人的得力写作神器。

下拉加载更多