Malware Analysis Tools
Malware analysis tools whose primary job is to reverse-engineer, detonate, and classify malware samples.
Browse 163 malware analysis tools
FEATURED
USE CASES
Compact C framework for analyzing suspected malware documents and detecting exploits and embedded executables.
Repository of scripts, signatures, and IOCs related to various malware analysis topics.
Strelka is a real-time, container-based file scanning system that performs file extraction and metadata collection at enterprise scale for threat hunting, detection, and incident response.
DECAF++ is a fast whole-system dynamic taint analysis framework with improved performance and elasticity.
A collection of Python scripts that automate tasks and extend IDA Pro disassembler functionality for reverse engineering workflows.
Open Source Intelligence solution for threat intelligence data enrichment and quick analysis of suspicious files or malware.
Android Loadable Kernel Modules for reversing and debugging on controlled systems/emulators.
An Emacs major mode that provides syntax highlighting and enhanced readability for smali code files used in Android malware analysis.
A modified version of Cuckoo Sandbox with enhanced features and capabilities.
BARF is an open source binary analysis framework for supporting various binary code analysis tasks in information security.
DroidBox is a dynamic analysis framework for Android applications that monitors runtime behavior, network activity, file operations, and security events while generating behavioral visualizations.
Interactive incremental disassembler with data/control flow analysis capabilities.
CapTipper is a python tool to analyze, explore, and revive HTTP malicious traffic.
Binkit is a binary analysis tool that merged with DarunGrim and incorporates its analysis algorithms, currently in internal testing before official release.
A script to assist in creating templates for VirtualBox to enhance VM detection evasion.
Drltrace is a dynamic API calls tracer for Windows and Linux applications.
A file analysis framework that automates the evaluation of files by running a suite of tools and aggregating the output.
A command-line tool for analyzing and extracting detailed information from Windows Portable Executable (PE) files.
FLOSS is a static analysis tool that automatically extracts and deobfuscates hidden strings from malware binaries using advanced analysis techniques.
A simple framework for extracting actionable data from Android malware
A malware/botnet analysis framework with a focus on network analysis and process comparison.
Laika BOSS is a scalable object scanner and intrusion detection system that extracts child objects, applies security flags, and generates metadata from files for security analysis.
