Malware Analysis
Tools and techniques for analyzing, reverse-engineering, and understanding malicious software.Explore 253 curated tools and resources
Search by name, description, or purpose... (⌘+K)
RELATED TASKS
PINNED
Promoted • 6 toolsCommercial
Data Protection
Commercial
Network Security
Commercial
Consulting
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
A tool that generates YARA rules to search for specific terms within base64-encoded malware samples by enumerating all possible encoding variations.
A tool that generates YARA rules to search for specific terms within base64-encoded malware samples by enumerating all possible encoding variations.
CAPA is a static analysis tool that detects and reports capabilities in executable files across multiple formats, mapping findings to MITRE ATT&CK tactics and techniques.
CAPA is a static analysis tool that detects and reports capabilities in executable files across multiple formats, mapping findings to MITRE ATT&CK tactics and techniques.
Management portal for LoKi scanner with centralized database for scanning activities.
Management portal for LoKi scanner with centralized database for scanning activities.
A javascript malware analysis tool with backend code execution.
A declarative language for describing binary data structures that compiles into parsers for multiple programming languages.
A declarative language for describing binary data structures that compiles into parsers for multiple programming languages.
A minimal, consistent API for building integrations with malware sandboxes
A minimal, consistent API for building integrations with malware sandboxes
A Django web interface for managing Yara rules with features like search, categorization, and bulk edits.
A Django web interface for managing Yara rules with features like search, categorization, and bulk edits.
A sandbox for quickly sandboxing known or unknown families of Android Malware
A sandbox for quickly sandboxing known or unknown families of Android Malware
Leading open source automated malware analysis system.
Educational resources for reverse engineering tutorials by lena151.
Educational resources for reverse engineering tutorials by lena151.
Java decompiler GUI tool for Procyon under Apache License.
A multithreaded YARA scanner for incident response or malware zoos.
A multithreaded YARA scanner for incident response or malware zoos.
A collaborative malware analysis framework with various features for automated analysis tasks.
A collaborative malware analysis framework with various features for automated analysis tasks.
Androwarn performs static analysis of Android applications using Dalvik bytecode examination to detect and report potentially malicious behaviors.
Androwarn performs static analysis of Android applications using Dalvik bytecode examination to detect and report potentially malicious behaviors.
A Python library to interface with a cuckoo-modified instance.
A Python library to interface with a cuckoo-modified instance.
A generator for YARA rules that creates rules from strings found in malware files while removing strings from goodware files.
A generator for YARA rules that creates rules from strings found in malware files while removing strings from goodware files.
Halogen automates the creation of YARA rules based on image files embedded in malicious documents to assist in threat detection and identification.
Halogen automates the creation of YARA rules based on image files embedded in malicious documents to assist in threat detection and identification.
Compact C framework for analyzing suspected malware documents and detecting exploits and embedded executables.
Compact C framework for analyzing suspected malware documents and detecting exploits and embedded executables.
FLOSS is a static analysis tool that automatically extracts and deobfuscates hidden strings from malware binaries using advanced analysis techniques.
FLOSS is a static analysis tool that automatically extracts and deobfuscates hidden strings from malware binaries using advanced analysis techniques.
A file analysis framework that automates the evaluation of files by running a suite of tools and aggregating the output.
A file analysis framework that automates the evaluation of files by running a suite of tools and aggregating the output.
Fernflower is an analytical decompiler for Java with command-line options and support for external classes.
Fernflower is an analytical decompiler for Java with command-line options and support for external classes.
An open source .NET deobfuscator and unpacker that restores packed and obfuscated assemblies by reversing various obfuscation techniques.
An open source .NET deobfuscator and unpacker that restores packed and obfuscated assemblies by reversing various obfuscation techniques.
Binary analysis and management framework for organizing malware and exploit samples.
Binary analysis and management framework for organizing malware and exploit samples.
Repository of TRISIS/TRITON/HatMan malware samples and decompiled sources targeting ICS Triconex SIS controllers.
Repository of TRISIS/TRITON/HatMan malware samples and decompiled sources targeting ICS Triconex SIS controllers.