pftriage. Python tool and library to help analyze files during malware triage and analysis.
79stackstack. Python
32IRScripts. Incident Response Scripts
30OLEPackagerFormat. OLE Package Format Documentation
23activemime-format. ActiveMime File Format Documentation
19hollows_hunter. A process scanner detecting and dumping hollowed PE modules.
3capa. The FLARE team's open-source tool to identify capabilities in executable files.
3Open-Source-YARA-rules. YARA Rules I come across on the internet
2officeparser. Extract embedded files and macros from office documents.
2nucleus. Clone of Nucleus function detector.
2EmerSearch. Search Emercoin NVS records
2al-khaser. Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
2SiT. Simple Instruction Tracer
2iocs. Machine-digestible malware indicators.
2capa-rules. Standard collection of rules for capa: the tool for enumerating the capabilities of programs
1Yara-detection-rules. Yara Rules for Modern Malware
1vxsig. Automatically generate AV byte signatures from sets of similar binaries.
1pefile. pefile is a Python module to read and work with PE (Portable Executable) files
1phoenix. Cuckoo Sandbox is an automated dynamic malware analysis system
1dirhistory. Remember previous directories in bash and define keyboard shortcuts to change current directory to previous/next entries in history.
1flare-fakenet-ng. FakeNet-NG - Next Generation Dynamic Network Analysis Tool
1signature-base. Signature base for my scanner tools
1MISP. MISP (core software) - Open Source Threat Intelligence Platform (formely known as Malware Information Sharing Platform)
1capstone. Capstone disassembly/disassembler framework: Core (Arm, Arm64, BPF, EVM, M68K, M680X, MOS65xx, Mips, PPC, RISCV, Sparc, SystemZ, TMS320C64x, Web Assembly, X86, X86_64, XCore) + bindings.
1malware_analysis. Various snippets created during malware analysis
1unicorn. Unicorn CPU emulator framework (ARM, AArch64, M68K, Mips, Sparc, X86)
1elfesteem. Automatically exported from code.google.com/p/elfesteem
1frida-python. Frida python bindings
1binlex. A Binary Genetic Traits Lexer Framework
1flare-floss. FireEye Labs Obfuscated String Solver - Automatically extract obfuscated strings from malware.
1libpeconv. A small library for mapping and unmapping PE files.
1flare-ida. IDA Pro utilities from FLARE team
1ABD. Course materials for Advanced Binary Deobfuscation by NTT Secure Platform Laboratories
1yeti. Your Everyday Threat Intelligence
1MalShare-Toolkit. Set of tools for interacting with Malshare
1ADVobfuscator. Obfuscation library based on C++11/14 and metaprogramming
1RunPE. Code that allows running another windows PE in the same address space as the host process.
1idapython6to7. Python
1smda. SMDA is a minimalist recursive disassembler library that is optimized for accurate Control Flow Graph (CFG) recovery from memory dumps.
1LIEF. LIEF - Library to Instrument Executable Formats
1gopep. Go Lang Portable Executable Parser
1mlib. Your bag of handy codes for malware researchers
1shiva. Spam Honeypot with Intelligent Virtual Analyzer
1ollydbg-script. 收集一些ollydbg的脱壳脚本 collect some ollydbg scripts.
1volatility. An advanced memory forensics framework
1sems. Virtualbox, VirtualMachine, Cuckoo, Anubis, ThreatExpert, Sandboxie, QEMU, Analysis Tools Detection Tools
1blip. Python
1punbup. Python unbup script for McAfee .bup files (with some additional fun features). This script is fully implemented in python it's not just another wrapper around 7zip!
1metasploit-framework. Metasploit Framework
1dllinjector. dll injection tool that implements various methods
1frida. Clone this repo to build Frida
1yatp. Yet Another TNEF Parser
1