Malware Analysis for Appsec
Tools and techniques for analyzing, reverse-engineering, and understanding malicious software. Task: AppsecExplore 25 curated tools and resources
Search by name, description, or purpose... (⌘+K)
RELATED TASKS
PINNED
Promoted • 4 tools
Commercial
Consulting
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
A tool for finding and exploiting SQL injection vulnerabilities in web applications
A tool for finding and exploiting SQL injection vulnerabilities in web applications
A tool to fuzz query strings and identify vulnerabilities
A command-line program for finding secrets and sensitive information in textual data and Git history.
A command-line program for finding secrets and sensitive information in textual data and Git history.
A Burp intruder extender for automating and validating XSS vulnerabilities
A Burp intruder extender for automating and validating XSS vulnerabilities
Interactive .NET SQL console client with enhanced SQL Server discovery, access, and data exfiltration features
Interactive .NET SQL console client with enhanced SQL Server discovery, access, and data exfiltration features
YaraHunter scans container images, running Docker containers, and filesystems to find indicators of malware.
YaraHunter scans container images, running Docker containers, and filesystems to find indicators of malware.
A collection of Android Fakebank and Tizi samples for analyzing spyware on Android devices.
A collection of Android Fakebank and Tizi samples for analyzing spyware on Android devices.
A Yara ruleset for detecting PHP shells and other webserver malware.
A Burp plugin for identifying potential vulnerabilities in web applications
A Burp plugin for identifying potential vulnerabilities in web applications
Tplmap is a tool for detecting and exploiting server-side template injection vulnerabilities.
Tplmap is a tool for detecting and exploiting server-side template injection vulnerabilities.
Yara mode for GNU Emacs to edit Yara related files
A developer added malicious code to a popular open-source package, wiping files on computers in Russia and Belarus as a protest.
A developer added malicious code to a popular open-source package, wiping files on computers in Russia and Belarus as a protest.
Original SmaliHook Java source for Android cracking and reversing.
GuardDog is a CLI tool for identifying malicious PyPI and npm packages through heuristics and Semgrep rules.
GuardDog is a CLI tool for identifying malicious PyPI and npm packages through heuristics and Semgrep rules.
FLARE-VM is a collection of software installation scripts for Windows systems designed for setting up and maintaining a reverse engineering environment on a virtual machine.
FLARE-VM is a collection of software installation scripts for Windows systems designed for setting up and maintaining a reverse engineering environment on a virtual machine.
Automated Android Malware Analysis tool
A blog post discussing INF-SCT fetch and execute techniques for bypass, evasion, and persistence
A blog post discussing INF-SCT fetch and execute techniques for bypass, evasion, and persistence
IDA Pro plugin for finding crypto constants
Multi-cloud antivirus scanning API with CLAMAV and YARA support for AWS S3, Azure Blob Storage, and GCP Cloud Storage.
A payload creation framework for the retrieval and execution of arbitrary CSharp source code.
A payload creation framework for the retrieval and execution of arbitrary CSharp source code.
A framework for reverse engineering Flutter apps with modified Flutter library for dynamic analysis and traffic monitoring.
A framework for reverse engineering Flutter apps with modified Flutter library for dynamic analysis and traffic monitoring.
