Search Results for "malware analysis"
Sort By:
Showing 70 open source projects for "malware analysis"
View related business solutions-
Relax: PRTG Monitors Your IT for YouYou’re the go-to IT person, always putting out fires and keeping things running. With PRTG, you get reliable alerts to monitor your entire IT infrastructure, without the noise. Our intuitive setup gives you a clear overview of your network, devices, and applications in real time. Get instant alerts only when something needs your attention, whether you’re at your desk or on the move. Spend less time worrying about outages and more time focusing on what matters. Set up PRTG once and let it work for you - PRTG has you covered.
-
Fully managed relational database service for MySQL, PostgreSQL, and SQL ServerCloud SQL manages your databases so you don't have to, so your business can run without disruption. It automates all your backups, replication, patches, encryption, and storage capacity increases to give your applications the reliability, scalability, and security they need.
-
1
malware-samples
A collection of malware samples and relevant dissection information
This repo is a public collection of malware samples and related dissection/analysis information, maintained by InQuest. It gathers various kinds of malicious artifacts, executables, scripts, macros, obfuscated documents, etc., with metadata (e.g., VirusTotal reports), file carriers, and sample hashes. It’s intended for malware analysts/researchers to help study how malware works, how they are delivered, and how it evolves. -
2
FLARE VM
A collection of software installations scripts for Windows systems
FLARE VM is a security-focused Windows workstation distribution designed for malware analysis, reverse engineering, penetration testing, and threat hunting. It bundles a curated set of tools—disassemblers, debuggers, decompilers, virtualization, forensics utilities, packet capture tools, exploit frameworks, and hex editors—preconfigured to work together. The environment configures paths, dependencies, environment variables, and common tool integrations so analysts can focus on tasks rather than... -
3
Ghidra
Ghidra is a software reverse engineering (SRE) framework
Ghidra is a free and open-source reverse engineering framework developed by the NSA for analyzing compiled software. It supports a wide array of instruction sets and executable formats, offering features such as decompilation, disassembly, scripting, and interactive graphing. Designed for security researchers and analysts, Ghidra provides a robust environment for understanding malware, auditing code, and performing software forensics. It includes both GUI-based and headless analysis modes. -
4
x64dbg
An open-source x64/x32 debugger for windows
An open-source binary debugger for Windows, aimed at malware analysis and reverse engineering of executables you do not have the source code for. There are many features available and a comprehensive plugin system to add your own. Fully customizable color scheme. Dynamically recognize modules and strings. Import reconstructor integrated (Scylla). Fast disassembler (Zydis). User database (JSON) for comments, labels, bookmarks, etc. Plugin support with growing API. Extendable, debuggable... -
The All-in-One Commerce Platform for Businesses - ShopifyShopify is a leading all-in-one commerce platform that enables businesses to start, build, and grow their online and physical stores. It offers tools to create customized websites, manage inventory, process payments, and sell across multiple channels including online, in-person, wholesale, and global markets. The platform includes integrated marketing tools, analytics, and customer engagement features to help merchants reach and retain customers. Shopify supports thousands of third-party apps and offers developer-friendly APIs for custom solutions. With world-class checkout technology, Shopify powers over 150 million high-intent shoppers worldwide. Its reliable, scalable infrastructure ensures fast performance and seamless operations at any business size.
-
5
Volatility
An advanced memory forensics framework
Volatility is a widely used open-source framework for analyzing memory captures (RAM dumps) from Windows, Linux, and macOS systems. It enables investigators and malware analysts to extract process lists, network connections, DLLs, strings, artifacts, and more. Volatility supports many plugins for detecting hidden processes, malware, rootkits, and event tracing. It’s essential in digital forensics and incident response workflows. -
6
LIEF
LIEF - Library to Instrument Executable Formats (C++, Python, Rust)
LIEF (Library to Instrument Executable Formats) is a cross-platform library that enables parsing, modifying, and abstracting executable formats such as ELF, PE, and Mach-O. It's widely used in reverse engineering and binary analysis. -
7
Capstone
Capstone disassembly/disassembler framework
Capstone is a disassembly framework with the target of becoming the ultimate disasm engine for binary analysis and reversing in the security community. Created by Nguyen Anh Quynh, then developed and maintained by a small community, Capstone offers some unparalleled features. Support multiple hardware architectures: ARM, ARM64 (ARMv8), Ethereum VM, M68K, Mips, MOS65XX, PPC, Sparc, SystemZ, TMS320C64X, M680X, XCore and X86 (including X86_64). Having clean/simple/lightweight/intuitive... -
8
UTMStack
Customizable SIEM and XDR powered by Real-Time correlation
Welcome to the UTMStack open-source project! UTMStack is a unified threat management platform that merges SIEM (Security Information and Event Management) and XDR (Extended Detection and Response) technologies. Our unique approach allows real-time correlation of log data, threat intelligence, and malware activity patterns from multiple sources, enabling the identification and halting of complex threats that use stealthy techniques. UTMStack stands out in threat prevention by surpassing... -
9
MemProcFS Analyzer
Automated Forensic Analysis of Windows Memory Dumps for DFIR
MemProcFS-Analyzer is a forensic analysis toolset that builds on the MemProcFS virtual filesystem to make volatile memory artefacts easier to browse and interpret. By exposing process memory, kernel objects, and derived artifacts as regular files, the framework lets analysts use familiar filesystem operations and standard tools (editors, grep, diff) to explore memory snapshots. The Analyzer layer adds higher-level parsing and extraction routines—for example, carving strings, locating injected... -
Find out just how much your login box can do for your customer | Auth0From improving customer experience through seamless sign-on to making MFA as easy as a click of a button – your login box must find the right balance between user convenience, privacy and security.
-
10
Portable Executable Parser
lightweight Go package to parse, analyze and extract metadata
Saferwall PE is a lightweight Go package for parsing, analyzing, and extracting metadata from Portable Executable (PE) binaries. Designed with malware analysis in mind, it is robust against malformed PE files and provides detailed insights into executable structures. -
11
LitterBox
A secure sandbox environment for malware developers and red teamers
LitterBox is a controlled malware-analysis and payload-testing sandbox aimed at red teams who need to validate evasions and behaviors before deployment. It provides an isolated environment to exercise payloads against modern detection stacks, verify signatures and heuristics, and observe runtime characteristics without leaking binaries to third-party vendors. The README frames typical use cases: testing evasion, validating detections, analyzing behavior, and keeping sensitive tooling in-house... -
12
SSH-MITM
Server for security audits supporting public key authentication
ssh man-in-the-middle (ssh-mitm) server for security audits supporting publickey authentication, session hijacking and file manipulation. SSH-MITM is a man in the middle SSH Server for security audits and malware analysis. Password and publickey authentication are supported and SSH-MITM is able to detect, if a user is able to login with publickey authentication on the remote server. This allows SSH-MITM to accept the same key as the destination server. If publickey authentication... -
13
REMnux
A Linux Toolkit for Malware Analysis
REMnux® is a Linux toolkit for reverse-engineering and analyzing malicious software. REMnux provides a curated collection of free tools created by the community. Analysts can use it to investigate malware without having to find, install, and configure the tools.">
-
14
Process Monitor
Advanced monitoring tool for Windows
... views with movable columns and filters applicable to any event field without losing captured data. It can log tens of millions of events with an architecture that scales to gigabytes of log data, enabling in-depth system troubleshooting and malware hunting. Additional features include a process tree viewer to understand process relationships, boot-time logging, and tooltips for quick access to detailed information. Process Monitor runs on Windows 10 and newer client versions. -
15
MalbianLinux
GNU/Linux Distribution for Malware Analysis and Reverse Engineering.
Malbian is a Light-weight Debian Based GNU/Linux Distribution for Malware Analysis and Reverse Engineering designed to aid the user in both Static and Dynamic analysis of malware samples. 100% Free to use and distribute. About: https://github.com/MalbianLinux Installation Guide in: https://github.com/MalbianLinux/Malbian-ISOs/ -
16
readpe
The PE file analysis toolkit
readpe (formerly known as pev) is a multiplatform toolkit to work with PE (Portable Executable) binaries. Its main goal is to provide feature-rich tools for properly analyze binaries with a strong focus on suspicious ones. -
17
url-checker-php-sdk
Official PHP SDK for the EmailVeritas URL Checker API
The EmailVeritas URL Checker PHP SDK provides real-time phishing and malicious link detection through the official EmailVeritas API. It enables developers to classify and analyze URLs directly from PHP applications using simple methods for URL Lookup and URL Scan. Lightweight and dependency-free, the SDK performs redirect-chain, WHOIS, and HTML metadata analysis. Composer support makes integration seamless with PSR-4 autoloading. Ideal for CRMs, contact forms, and security... -
18
Two tools able to edit your ipfilter.dat . These tools are able to edit your ipfilter.dat in order to check for big ranges and to check adjacent ranges . From the creators of ipfilterX , Nexus23 Labs . - Updates in Progress -
-
19
LSG - Linux SecureGuard
Professional antivirus solution developed for Linux systems.
Professional antivirus solution developed for Linux systems. Protects your Linux servers and desktop systems with real-time protection, network security and advanced threat detection features. -
20
WTE
Forensic Windows Triage Environment
* Files are compressed and ENCRYPTED so are identified as "Malware" by Sourceforge. Criminal Investigators auxiliary in conducting investigations on computer systems. WTE is an easy to use, integrated forensic system that enables an investigator to safely image, preview and analyze internal hard drives (DeadBox), and also to conduct live forensics (LiveBox) or data recovery, using their tool(s) of choice. Safely and Easily Search and Triage with no need to disassemble computers or laptops... -
21
TheHive
Scalable, open source and free security incident response platform
... and react to attacks you've dealt with. Additionally, when TheHive is used in conjunction with Cortex, security analysts and researchers can easily analyze tens if not hundreds of observables. Multiple analysts from one organization can work together on the same case simultaneously. For example, an analyst may deal with malware analysis while another may work on tracking C2 beaconing activity on proxy logs as soon as IOCs have been added by their coworker. -
22
What is DracOS GNU/Linux Remastered ? DracOS GNU/Linux Remastered ( https://github.com/dracos-linux ) is the Linux operating system from Indonesia , open source is built based on Debian live project under the protection of the GNU General Public License v3.0. This operating system is one variant of Linux distributions, which is used to perform security testing (penetration testing). Dracos linux in Arm by hundreds hydraulic pentest, forensics and reverse engineering. Use a GUI-based...
-
23
Abdal Map Tracker
Display people's or device transit routes based on latitude and longit
Display people's or device transit routes based on latitude and longitude graphically -
24
Abdal Header Analyzer
analyzing site and web server headers
Abdal Header Analyzer is a software for analyzing site and web server headers. As you know, headers contain information that security experts and hackers use to analyze targets. -
25
chords-malware-analyzer
Chords is binary file strings extractor, with many formats supported.
Chords is strings on steroids. Is able to extract strings from files just like strings, but it also supports windows wide string, base64 and hexadecimal strings (with decoding support) and automatic recognition of Indicators of Compromise (IOCs). It has been developed to support the malware analysis process, but is a general purpose tool.