Malware Analysis Tools
Malware analysis tools whose primary job is to reverse-engineer, detonate, and classify malware samples.
Browse 163 malware analysis tools
FEATURED
USE CASES
PINCE is a front-end/reverse engineering tool for the GNU Project Debugger (GDB), focused on games, with CheatEngine-like value type support and memory searching capabilities.
Malware sandbox for executing malicious files in an isolated environment with advanced features.
A Python library to interface with a cuckoo-modified instance.
PLASMA is an interactive disassembler that generates readable assembly code with colored syntax for reverse engineering binary files across multiple architectures and formats.
JD-GUI is a graphical Java decompiler that reconstructs and displays source code from compiled ".class" files for reverse engineering and code analysis purposes.
CuckooDroid extends Cuckoo Sandbox to provide automated dynamic analysis of Android applications in a controlled sandbox environment.
ILSpy is the open-source .NET assembly browser and decompiler with various decompiler frontends and features.
A debugger tool for reverse engineers, crackers, and security analysts, with a user-friendly debugging UI and custom agent support.
A set of commands for exploit developers and reverse-engineers to enhance GDB functionality.
A backend agnostic debugger frontend for debugging binaries without source code access.
PINT is a PIN tool that enables Lua scripting for Intel's PIN dynamic instrumentation framework, allowing researchers to inject custom code during binary analysis processes.
A Python 3 tool for analyzing XOR-encrypted data that can guess key lengths and decrypt XOR ciphers based on character frequency analysis.
VMCloak is a tool for creating and preparing Virtual Machines for Cuckoo Sandbox.
A process scanning tool that detects and dumps malicious implants, shellcodes, hooks, and memory patches in running processes.
Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
StringSifter is a machine learning tool that automatically ranks strings extracted from malware samples based on their relevance for analysis.
FLARE-VM is a Windows virtual machine setup tool that automates the installation and configuration of reverse engineering and malware analysis software using Chocolatey and Boxstarter technologies.
Capa is a malware analysis tool that detects capabilities in executable files by analyzing PE, ELF, .NET modules, shellcode, and sandbox reports to identify potential malicious behaviors with ATT&CK framework mapping.
Fernflower is an analytical decompiler for Java with command-line options and support for external classes.
A malware processing and analytics tool that utilizes Pig, Django, and Elasticsearch to analyze and visualize malware data.
CFGScanDroid is a Java utility that compares control flow graph signatures to Android method control flow graphs for malicious application detection.
A C library that enables cross-platform execution of functions from stripped binaries using file names, offsets, and function signatures.
