File Analysis
Explore 202 curated tools and resources
Search tools and resources by name, description, or purpose... (⌘+K)
PINNED
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
LATEST ADDITIONS
A forensic analysis tool that extracts and parses logs, notifications, and system information from iOS/iPadOS devices and backups.
A forensic analysis tool that extracts and parses logs, notifications, and system information from iOS/iPadOS devices and backups.
A GitHub repository for fuzzing and testing file formats
A command-line program for finding secrets and sensitive information in textual data and Git history.
A command-line program for finding secrets and sensitive information in textual data and Git history.
A deserialization payload generator for .NET formatters
A security tool to identify interesting files in AWS S3 buckets
A collection of tools for extracting and analyzing information from .git repositories
A collection of tools for extracting and analyzing information from .git repositories
A free, open-source tool that uncovers persistently installed software on macOS, helping to generically reveal malware.
A free, open-source tool that uncovers persistently installed software on macOS, helping to generically reveal malware.
A comprehensive malware-analysis tool that utilizes external AV scanners to identify malicious elements in binary files.
A comprehensive malware-analysis tool that utilizes external AV scanners to identify malicious elements in binary files.
A collection of Yara rules for identifying malicious PEs with unique or suspicious PDB paths.
A collection of Yara rules for identifying malicious PEs with unique or suspicious PDB paths.
Embeddable Yara library for Java with support for loading rules and scanning data.
Embeddable Yara library for Java with support for loading rules and scanning data.
Yara rule generator using VirusTotal code similarity feature code-similar-to.
Yara rule generator using VirusTotal code similarity feature code-similar-to.
A modified version of GNU dd with added features like hashing and fast disk wiping.
A modified version of GNU dd with added features like hashing and fast disk wiping.
Copy executables with execute, but no read permission on Unix systems.
YaraHunter scans container images, running Docker containers, and filesystems to find indicators of malware.
YaraHunter scans container images, running Docker containers, and filesystems to find indicators of malware.
A threat intelligence domain/IP/hash threat feeds checker that checks IPVoid, URLVoid, Virustotal, and Cymon.
A threat intelligence domain/IP/hash threat feeds checker that checks IPVoid, URLVoid, Virustotal, and Cymon.
HxD is a freeware hex editor and disk editor with advanced features for editing files, memory, and disks.
HxD is a freeware hex editor and disk editor with advanced features for editing files, memory, and disks.
A tool that scans a corpus of malware and builds a YARA rule to detect similar code sections.
A tool that scans a corpus of malware and builds a YARA rule to detect similar code sections.
A Python library for loading and executing Beacon Object Files (BOFs) in-memory.
A Python library for loading and executing Beacon Object Files (BOFs) in-memory.
A tool for analyzing Android applications in local storage with various functionalities.
A tool for analyzing Android applications in local storage with various functionalities.
A tool for triaging crash files with various output formats and debugging engine options.
A tool for triaging crash files with various output formats and debugging engine options.
A project providing open-source YARA rules for malware and malicious file detection
A project providing open-source YARA rules for malware and malicious file detection
Java decompiler for modern Java features up to Java 14.
Stealing Signatures and Making One Invalid Signature at a Time.
Comprehensive suite for advanced file analysis and software supply chain security.
Comprehensive suite for advanced file analysis and software supply chain security.
Verify scripts and executables to mitigate chain of supply attacks.
Verify scripts and executables to mitigate chain of supply attacks.
MetaDefender Cloud offers advanced threat prevention using technologies like Multiscanning, Deep CDR, and Sandbox.
MetaDefender Cloud offers advanced threat prevention using technologies like Multiscanning, Deep CDR, and Sandbox.
Generates shellcode that loads Windows payloads from memory and runs them with parameters.
Generates shellcode that loads Windows payloads from memory and runs them with parameters.
Online platform for image steganography analysis
Ropper is a tool for analyzing binary files and searching for gadgets to build rop chains for different architectures.
Ropper is a tool for analyzing binary files and searching for gadgets to build rop chains for different architectures.
A command-line tool for creating hex dumps, converting between binary and human-readable representations, and patching binary files.
A command-line tool for creating hex dumps, converting between binary and human-readable representations, and patching binary files.
Online Java decompiler tool with support for modern Java features.
Online Java decompiler tool with support for modern Java features.
A tool for signature analysis of RTF files to detect potentially unique parts and malicious documents.
A tool for signature analysis of RTF files to detect potentially unique parts and malicious documents.
A Docker image with tools for solving Steganography challenges and screening scripts for analyzing files.
A Docker image with tools for solving Steganography challenges and screening scripts for analyzing files.
CapTipper is a python tool to analyze, explore, and revive HTTP malicious traffic.
CapTipper is a python tool to analyze, explore, and revive HTTP malicious traffic.
Tool to bypass endpoint solutions blocking known 'malicious' signed applications by obtaining valid signed files with different hashes.
Tool to bypass endpoint solutions blocking known 'malicious' signed applications by obtaining valid signed files with different hashes.
A software reverse engineering framework with full-featured analysis tools and support for multiple platforms, instruction sets, and executable formats.
A software reverse engineering framework with full-featured analysis tools and support for multiple platforms, instruction sets, and executable formats.
Python script to parse the NTFS USN Change Journal.
Binwalk is a tool for analyzing, reverse engineering, and extracting firmware images with security and Python 2.7 deprecation notices.
Binwalk is a tool for analyzing, reverse engineering, and extracting firmware images with security and Python 2.7 deprecation notices.
A library to access and parse Windows NT Registry File (REGF) format.
Joe Sandbox Community provides automated cloud-based malware analysis across multiple OS platforms.
Joe Sandbox Community provides automated cloud-based malware analysis across multiple OS platforms.
Yara mode for GNU Emacs to edit Yara related files
A collection of YARA rules for public use, built from intelligence profiles and file work.
A collection of YARA rules for public use, built from intelligence profiles and file work.
A file search and query tool for ops and security experts.
PLASMA is an interactive disassembler with support for various architectures and formats, offering a Python API for scripting.
PLASMA is an interactive disassembler with support for various architectures and formats, offering a Python API for scripting.
A modified version of Cuckoo Sandbox with enhanced features and capabilities.
A modified version of Cuckoo Sandbox with enhanced features and capabilities.
Visually inspect regex matches in binary data/text with YARA and regular expressions, displaying matched bytes and surrounding context.
Visually inspect regex matches in binary data/text with YARA and regular expressions, displaying matched bytes and surrounding context.
UDcide provides an alternative approach to dealing with Android malware by targeting specific behaviors for removal.
UDcide provides an alternative approach to dealing with Android malware by targeting specific behaviors for removal.
SWFTools is a collection of utilities for working with Adobe Flash files, including tools for converting PDFs, images, audio, and video files to SWF format.
SWFTools is a collection of utilities for working with Adobe Flash files, including tools for converting PDFs, images, audio, and video files to SWF format.
Exiv2 is a C++ library and command-line utility for image metadata manipulation.
Exiv2 is a C++ library and command-line utility for image metadata manipulation.
A portable volatile memory acquisition tool for Linux.
A portable volatile memory acquisition tool for Linux.
A report on detecting lateral movement through tracking event logs, updated to include analysis of various tools and commands used by attackers.
A report on detecting lateral movement through tracking event logs, updated to include analysis of various tools and commands used by attackers.
A tool for xor analysis to guess key length and key based on most frequent characters.
A tool for xor analysis to guess key length and key based on most frequent characters.
VxSig is a tool to automatically generate AV byte signatures from similar binaries.
VxSig is a tool to automatically generate AV byte signatures from similar binaries.
A honeypot for malware that spreads via USB storage devices, detecting infections without further information.
A honeypot for malware that spreads via USB storage devices, detecting infections without further information.
IE10Analyzer can parse and recover records from WebCacheV01.dat, providing detailed information and conversion capabilities.
IE10Analyzer can parse and recover records from WebCacheV01.dat, providing detailed information and conversion capabilities.
AMExtractor is an Android Memory Extractor tool.
Search engine for Windows executable files and hashes, providing insights into file prevalence, behavior, and security information.
Search engine for Windows executable files and hashes, providing insights into file prevalence, behavior, and security information.
A Mac OS X computer forensics tool for analyzing system artifacts, user files, and logs with reputation verification and log aggregation capabilities.
A Mac OS X computer forensics tool for analyzing system artifacts, user files, and logs with reputation verification and log aggregation capabilities.
Java code implementing the AutoYara algorithm for automatic Yara rule generation from input samples.
Java code implementing the AutoYara algorithm for automatic Yara rule generation from input samples.
yarAnalyzer creates statistics on a yara rule set and files in a sample directory, generating tables and CSV files, including an inventory feature.
yarAnalyzer creates statistics on a yara rule set and files in a sample directory, generating tables and CSV files, including an inventory feature.
Microservice for scanning files with Yara
A tool that executes programs in memory from various sources
A high-performance digital forensics exploitation tool for extracting structured information from various inputs without parsing file system structures.
A high-performance digital forensics exploitation tool for extracting structured information from various inputs without parsing file system structures.
A wargame that challenges your hacking skills
steg86 is a format-agnostic steganographic tool for x86 and AMD64 binaries.
steg86 is a format-agnostic steganographic tool for x86 and AMD64 binaries.
A Windows Registry hive extraction library that reads and writes Windows Registry 'hive' binary files.
A Windows Registry hive extraction library that reads and writes Windows Registry 'hive' binary files.
FOCA is a tool used to find metadata and hidden information in scanned documents, with capabilities to analyze various file types and extract EXIF information.
FOCA is a tool used to find metadata and hidden information in scanned documents, with capabilities to analyze various file types and extract EXIF information.
A versatile steganography tool with various installation options and detailed usage instructions.
A versatile steganography tool with various installation options and detailed usage instructions.
A collection of binary tools for various purposes including linking, assembling, profiling, and more.
A collection of binary tools for various purposes including linking, assembling, profiling, and more.
Fnord is a pattern extractor for obfuscated code that extracts byte sequences and creates statistics, as well as generates experimental YARA rules.
Fnord is a pattern extractor for obfuscated code that extracts byte sequences and creates statistics, as well as generates experimental YARA rules.
Enhances the reading experience of smali code in Emacs.
Enhances the reading experience of smali code in Emacs.
Cybersecurity tool merging DarunGrim's analysis algorithms, currently in internal testing for official release.
Cybersecurity tool merging DarunGrim's analysis algorithms, currently in internal testing for official release.
An open source format for storing digital evidence and data, with a C/C++ library for creating, reading, and manipulating AFF4 images.
An open source format for storing digital evidence and data, with a C/C++ library for creating, reading, and manipulating AFF4 images.
A serverless, real-time, and retroactive malware detection tool that scans files with YARA rules and alerts incident response teams.
A serverless, real-time, and retroactive malware detection tool that scans files with YARA rules and alerts incident response teams.
Python forensic tool for extracting and analyzing information from Firefox, Iceweasel, and Seamonkey browsers.
Python forensic tool for extracting and analyzing information from Firefox, Iceweasel, and Seamonkey browsers.
A library and tools to access and manipulate VMware Virtual Disk (VMDK) files.
A library and tools to access and manipulate VMware Virtual Disk (VMDK) files.
A library to access and parse OLE 2 Compound File (OLECF) format files.
A library to access and parse OLE 2 Compound File (OLECF) format files.
Holistic malware analysis platform with interactive sandbox, static analyzer, and emulation capabilities.
Holistic malware analysis platform with interactive sandbox, static analyzer, and emulation capabilities.
Detects and handles potential malware in Microsoft Exchange 2019 messages with various techniques and third-party libraries.
Detects and handles potential malware in Microsoft Exchange 2019 messages with various techniques and third-party libraries.
A command-line utility and Python package for mounting and unmounting various disk image formats with support for different volume systems and filesystems.
A command-line utility and Python package for mounting and unmounting various disk image formats with support for different volume systems and filesystems.
A tool designed to extract additional value from enterprise-wide AppCompat / AmCache data
A tool designed to extract additional value from enterprise-wide AppCompat / AmCache data
A tool to verify the integrity of PNG, JNG, and MNG files and extract detailed information about the image.
A tool to verify the integrity of PNG, JNG, and MNG files and extract detailed information about the image.
A tool for extracting IOCs from various input sources and converting them into JSON format.
A tool for extracting IOCs from various input sources and converting them into JSON format.
A parsing tool for Yara Scan Service's JSON output file to help maximize benefits and automate parsing of Yara Scan Service results.
A parsing tool for Yara Scan Service's JSON output file to help maximize benefits and automate parsing of Yara Scan Service results.
PLCinject is a tool for injecting and patching blocks on PLCs with a call instruction.
PLCinject is a tool for injecting and patching blocks on PLCs with a call instruction.
Analyse a forensic target to find and report files found and not found in hashlookup CIRCL public service.
Analyse a forensic target to find and report files found and not found in hashlookup CIRCL public service.
Collection of Windows oneliners for executing arbitrary code and downloading remote payloads.
Collection of Windows oneliners for executing arbitrary code and downloading remote payloads.
A library to access and parse the Microsoft Internet Explorer Cache File format.
A library to access and parse the Microsoft Internet Explorer Cache File format.
A tool for breaking crypto and identifying weak cryptosystems, with a humorous name and a separate library called Cryptanalib.
A tool for breaking crypto and identifying weak cryptosystems, with a humorous name and a separate library called Cryptanalib.
A tool for recovering files by scanning block devices and extracting them based on 'magic bytes' in file contents.
A tool for recovering files by scanning block devices and extracting them based on 'magic bytes' in file contents.
Charlotte is an undetected C++ shellcode launcher for executing shellcode with stealth.
Charlotte is an undetected C++ shellcode launcher for executing shellcode with stealth.
Tool for decompressing malware samples to run Yara rules against them.
Tool for decompressing malware samples to run Yara rules against them.
A tool to extract indicators of compromise from security reports in PDF format.
A tool to extract indicators of compromise from security reports in PDF format.
FSquaDRA is a tool for detection of repackaged Android applications based on Jaccard similarity computation over digests of files.
FSquaDRA is a tool for detection of repackaged Android applications based on Jaccard similarity computation over digests of files.
A set of YARA rules for identifying files containing sensitive information
A set of YARA rules for identifying files containing sensitive information
Collection of Yara rules for file identification and classification
Collection of Yara rules for file identification and classification
ShadowCopy Analyzer is a tool for cybersecurity researchers to analyze and utilize the ShadowCopy technology for file recovery and system restoration.
ShadowCopy Analyzer is a tool for cybersecurity researchers to analyze and utilize the ShadowCopy technology for file recovery and system restoration.
SauronEye helps in identifying files containing sensitive data such as passwords through targeted directory searches.
SauronEye helps in identifying files containing sensitive data such as passwords through targeted directory searches.
A user-friendly and fast Forensic Analysis tool with features like tagging files and generating preview reports.
A user-friendly and fast Forensic Analysis tool with features like tagging files and generating preview reports.
Analyzing WiFiConfigStore.xml file for digital forensics on Android devices.
Analyzing WiFiConfigStore.xml file for digital forensics on Android devices.
Recover event log entries from an image by heuristically looking for record structures.
Recover event log entries from an image by heuristically looking for record structures.
Malware sandbox for executing malicious files in an isolated environment with advanced features.
Malware sandbox for executing malicious files in an isolated environment with advanced features.
A simple IOC scanner bash script for Linux/Unix/OSX systems
A simple IOC scanner bash script for Linux/Unix/OSX systems
A library for checking potentially malicious files and archives using YARA and making a decision about their harmfulness.
A library for checking potentially malicious files and archives using YARA and making a decision about their harmfulness.
A network-based panic button to overwrite LUKS header and shutdown the computer in emergencies, making data recovery impossible.
A network-based panic button to overwrite LUKS header and shutdown the computer in emergencies, making data recovery impossible.
iOS Mobile Backup Xtractor tool for extracting iOS backups.
A command-line tool for extracting detailed information from JPEG files, including image dimensions, compression, and metadata.
A command-line tool for extracting detailed information from JPEG files, including image dimensions, compression, and metadata.
Real-time, container-based file scanning system for threat hunting and incident response.
Real-time, container-based file scanning system for threat hunting and incident response.
Vim syntax-highlighting plugin for YARA rules with support up to v4.3.
Vim syntax-highlighting plugin for YARA rules with support up to v4.3.
Hoarder is a tool to collect and parse windows artifacts.
A freeware suite of tools for PE editing and process viewing, including CFF Explorer and Resource Editor.
A freeware suite of tools for PE editing and process viewing, including CFF Explorer and Resource Editor.
A yara module for searching strings inside zip files
Comprehensive cheat sheet for SQLite SQL injection techniques and payloads.
Comprehensive cheat sheet for SQLite SQL injection techniques and payloads.
YARA is a tool for identifying and classifying malware samples based on textual or binary patterns.
YARA is a tool for identifying and classifying malware samples based on textual or binary patterns.
A tool for extracting files from packet capture files with ease of use and extensibility for Python developers.
A tool for extracting files from packet capture files with ease of use and extensibility for Python developers.
A command-line utility to show and change EXIF information in JPEG files
A command-line tool for searching and extracting strings from files with various options like ASCII and Unicode string search.
A command-line tool for searching and extracting strings from files with various options like ASCII and Unicode string search.
Object scanning system with scalable and flexible architecture for intrusion detection.
Object scanning system with scalable and flexible architecture for intrusion detection.
Web-based tool for browsing mobile applications sandbox and previewing SQLite databases.
Web-based tool for browsing mobile applications sandbox and previewing SQLite databases.
A pure Python parser for Windows Event Log files with access to File and Chunk headers, record templates, and event entries.
FSF is a modular, recursive file scanning solution that enables analysts to extend the utility of Yara signatures and define actionable intelligence within a file.
FSF is a modular, recursive file scanning solution that enables analysts to extend the utility of Yara signatures and define actionable intelligence within a file.
A tool for building and installing PhoneyC with optional Python version configuration and root privileges.
A tool for building and installing PhoneyC with optional Python version configuration and root privileges.
A command line tool for running SQL queries on PCAP files with various output options and a simplistic web-server.
A command line tool for running SQL queries on PCAP files with various output options and a simplistic web-server.
A VMware image for penetration testing purposes
A VMware image for penetration testing purposes
A full python tool for analyzing Android files with various functionalities.
A full python tool for analyzing Android files with various functionalities.
A new age tool for binary analysis that uses statistical visualizations to help find patterns in large amounts of binary data.
A new age tool for binary analysis that uses statistical visualizations to help find patterns in large amounts of binary data.
A static analysis framework for extracting key characteristics from various file formats
A static analysis framework for extracting key characteristics from various file formats
A tool for reading Portable Executable (PE) files with detailed information about the file structure.
A tool for reading Portable Executable (PE) files with detailed information about the file structure.
A tool for parsing Google Protobuf encoded blobs without the accompanying definition, providing a colored representation of the contents.
A tool for parsing Google Protobuf encoded blobs without the accompanying definition, providing a colored representation of the contents.
A tool for creating compact Linux memory dumps compatible with popular debugging tools.
A tool for creating compact Linux memory dumps compatible with popular debugging tools.
Official repository of YARA rules for threat detection and hunting
Official repository of YARA rules for threat detection and hunting
A tool for reverse engineering Android apk files.
Bmaptool is a project no longer maintained by Intel, users are advised to create their own fork for ongoing use.
Bmaptool is a project no longer maintained by Intel, users are advised to create their own fork for ongoing use.
A static analysis tool for PE files that detects malicious behavior and provides information for manual analysis.
A static analysis tool for PE files that detects malicious behavior and provides information for manual analysis.
Yara pattern matching tool for forensic investigations with predefined rules for magic headers in files and raw images.
Yara pattern matching tool for forensic investigations with predefined rules for magic headers in files and raw images.
A modular tool for collecting intelligence sources for files and outputting in CSV format.
A modular tool for collecting intelligence sources for files and outputting in CSV format.
A PE/COFF file viewer that displays header, section, directory, import table, export table, and resource information within various file types.
A PE/COFF file viewer that displays header, section, directory, import table, export table, and resource information within various file types.
A static code analysis tool for parsing common data formats to detect hardcoded credentials and dangerous functions.
A static code analysis tool for parsing common data formats to detect hardcoded credentials and dangerous functions.
LOKI is a simple IOC and YARA Scanner for Indicators of Compromise Detection.
LOKI is a simple IOC and YARA Scanner for Indicators of Compromise Detection.
UPX is a high-performance executable packer for various executable formats.
A PowerShell module for interacting with VirusTotal to analyze suspicious files and URLs.
A PowerShell module for interacting with VirusTotal to analyze suspicious files and URLs.
A tool for deep analysis of malicious files using ClamAV and YARA rules, with features like scoring suspect files, building visual tree graphs, and extracting specific patterns.
A tool for deep analysis of malicious files using ClamAV and YARA rules, with features like scoring suspect files, building visual tree graphs, and extracting specific patterns.
Checksec is a bash script to check the properties of executables like PIE, RELRO, Canaries, ASLR, Fortify Source.
Checksec is a bash script to check the properties of executables like PIE, RELRO, Canaries, ASLR, Fortify Source.
A collection of Yara rules for the Burp Yara-Scanner extension to identify malicious software on websites.
A collection of Yara rules for the Burp Yara-Scanner extension to identify malicious software on websites.
StringSifter is a machine learning tool for automatically ranking strings for malware analysis.
StringSifter is a machine learning tool for automatically ranking strings for malware analysis.
A PoC tool for generating Excel files with embedded macros without using Excel.
A PoC tool for generating Excel files with embedded macros without using Excel.
A Rust-based command-line tool for analyzing .apk files to detect vulnerabilities.
A Rust-based command-line tool for analyzing .apk files to detect vulnerabilities.
TestDisk checks disk partitions and recovers lost partitions, while PhotoRec specializes in recovering lost pictures from digital camera memory or hard disks.
TestDisk checks disk partitions and recovers lost partitions, while PhotoRec specializes in recovering lost pictures from digital camera memory or hard disks.
Krakatau provides an assembler and disassembler for Java bytecode, supporting conversion, creation, examination, comparison, and decompilation of Java binaries.
Krakatau provides an assembler and disassembler for Java bytecode, supporting conversion, creation, examination, comparison, and decompilation of Java binaries.
A tool to locally check for signs of a rootkit with various checks and tests.
A tool to locally check for signs of a rootkit with various checks and tests.
A command-line utility for examining Objective-C runtime information in Mach-O files and generating class declarations.
A command-line utility for examining Objective-C runtime information in Mach-O files and generating class declarations.
Tool for analyzing Windows Recycle Bin INFO2 file
Standalone graphical utility for viewing Java source codes from ".class" files.
Standalone graphical utility for viewing Java source codes from ".class" files.
Falcon Sandbox is a malware analysis framework that provides in-depth static and dynamic analysis of files, offering hybrid analysis, behavior indicators, and integrations with various security tools.
Falcon Sandbox is a malware analysis framework that provides in-depth static and dynamic analysis of files, offering hybrid analysis, behavior indicators, and integrations with various security tools.
A free endpoint security tool for host investigative capabilities to find signs of malicious activity through memory and file analysis.
A free endpoint security tool for host investigative capabilities to find signs of malicious activity through memory and file analysis.
Valkyrie is a sophisticated file verdict system that enhances malware detection through behavioral analysis and extensive file feature examination.
Valkyrie is a sophisticated file verdict system that enhances malware detection through behavioral analysis and extensive file feature examination.
A console program for file recovery through data carving.
A Python script for scanning data within an IDB using Yara
Scans running processes for potentially malicious implants and dumps them.
Scans running processes for potentially malicious implants and dumps them.
A library to access and read QEMU Copy-On-Write (QCOW) image file formats with support for zlib compression and AES-CBC encryption.
A library to access and read QEMU Copy-On-Write (QCOW) image file formats with support for zlib compression and AES-CBC encryption.
RetDec is a versatile machine-code decompiler with support for various file formats and architectures.
RetDec is a versatile machine-code decompiler with support for various file formats and architectures.
Advanced threat prevention and detection platform leveraging Deep CDR, Multiscanning, and Sandbox technologies to protect against data breaches and ransom attacks.
Advanced threat prevention and detection platform leveraging Deep CDR, Multiscanning, and Sandbox technologies to protect against data breaches and ransom attacks.
A library and tools for accessing and analyzing Linux Logical Volume Manager (LVM) volume system format.
A library and tools for accessing and analyzing Linux Logical Volume Manager (LVM) volume system format.
A command-line utility for extracting human-readable text from binary files.
A command-line utility for extracting human-readable text from binary files.
A tool for malware analysts to search through base64-encoded samples and generate yara rules.
A tool for malware analysts to search through base64-encoded samples and generate yara rules.
An Open Source solution for management of Threat Intelligence at scale, integrating multiple analyzers and malware analysis tools.
An Open Source solution for management of Threat Intelligence at scale, integrating multiple analyzers and malware analysis tools.
A tool for detecting capabilities in executable files, providing insights into a program's behavior and potential malicious activities.
A tool for detecting capabilities in executable files, providing insights into a program's behavior and potential malicious activities.
Inceptor is a template-driven framework for evading Anti-Virus and Endpoint Detection and Response solutions, allowing users to create custom evasion techniques and test their security controls.
Inceptor is a template-driven framework for evading Anti-Virus and Endpoint Detection and Response solutions, allowing users to create custom evasion techniques and test their security controls.
Kaitai Struct is a declarative language for describing binary data structures.
Kaitai Struct is a declarative language for describing binary data structures.
Red October is a software-based two-man rule style encryption and decryption server.
Red October is a software-based two-man rule style encryption and decryption server.
A medium interaction printer honeypot that simulates a standard networked printer
A medium interaction printer honeypot that simulates a standard networked printer
Emulates browser functionality to detect exploits targeting browser vulnerabilities.
Emulates browser functionality to detect exploits targeting browser vulnerabilities.
Truehunter is a tool designed to detect encrypted containers with a focus on Truecrypt and Veracrypt, utilizing a fast and memory efficient approach.
Truehunter is a tool designed to detect encrypted containers with a focus on Truecrypt and Veracrypt, utilizing a fast and memory efficient approach.
Generate a variety of suspect actions detected by Falco rulesets.
Generate a variety of suspect actions detected by Falco rulesets.
A Cross-Platform Forensic Framework for Google Chrome that allows investigation of history, downloads, bookmarks, cookies, and provides a full report.
A Cross-Platform Forensic Framework for Google Chrome that allows investigation of history, downloads, bookmarks, cookies, and provides a full report.
Leading open source automated malware analysis system.
Steganography brute-force utility with performance issues, deprecated in favor of stegseek.
Steganography brute-force utility with performance issues, deprecated in favor of stegseek.
Open source tool for generating YARA rules about installed software from a running OS.
Open source tool for generating YARA rules about installed software from a running OS.
Detect and warn about potential malicious behaviors in Android applications through static analysis.
Detect and warn about potential malicious behaviors in Android applications through static analysis.
Automatically create yara rules based on images embedded in office documents.
Automatically create yara rules based on images embedded in office documents.
Compact C framework for analyzing suspected malware documents and detecting exploits and embedded executables.
Compact C framework for analyzing suspected malware documents and detecting exploits and embedded executables.
WinSearchDBAnalyzer can parse and recover records in Windows.edb, providing detailed insights into various data types.
WinSearchDBAnalyzer can parse and recover records in Windows.edb, providing detailed insights into various data types.
FLARE Obfuscated String Solver (FLOSS) automatically extracts and deobfuscates strings from malware binaries using advanced static analysis techniques.
FLARE Obfuscated String Solver (FLOSS) automatically extracts and deobfuscates strings from malware binaries using advanced static analysis techniques.
A file analysis framework that automates the evaluation of files by running a suite of tools and aggregating the output.
A file analysis framework that automates the evaluation of files by running a suite of tools and aggregating the output.
Fernflower is an analytical decompiler for Java with command-line options and support for external classes.
Fernflower is an analytical decompiler for Java with command-line options and support for external classes.
wxHexEditor is a free hex editor / disk editor with various data manipulation operations and visualization functionalities.
wxHexEditor is a free hex editor / disk editor with various data manipulation operations and visualization functionalities.
de4dot is a .NET deobfuscator and unpacker with the ability to restore packed and obfuscated assemblies to their original form.
de4dot is a .NET deobfuscator and unpacker with the ability to restore packed and obfuscated assemblies to their original form.
Repository of TRISIS/TRITON/HatMan malware samples and decompiled sources targeting ICS Triconex SIS controllers.
Repository of TRISIS/TRITON/HatMan malware samples and decompiled sources targeting ICS Triconex SIS controllers.
Blazingly fast Yara queries for malware analysts with an analyst-friendly web GUI.
Blazingly fast Yara queries for malware analysts with an analyst-friendly web GUI.
Browse and analyze iPhone/iPad backups with detailed file properties and various viewers.
Browse and analyze iPhone/iPad backups with detailed file properties and various viewers.
Universal hexadecimal editor for computer forensics, data recovery, and IT security.
Universal hexadecimal editor for computer forensics, data recovery, and IT security.
Extracts resources (bitmaps, icons, cursors, AVI movies, HTML files, and more) from dll files
Extracts resources (bitmaps, icons, cursors, AVI movies, HTML files, and more) from dll files
A tool designed to handle archive file data and augment Yara's capabilities.
A tool designed to handle archive file data and augment Yara's capabilities.
PinCTF is a tool for using Intel's Pin Tool to instrument reverse engineering binaries and count instructions.
PinCTF is a tool for using Intel's Pin Tool to instrument reverse engineering binaries and count instructions.
DumpsterDiver is a tool for analyzing big volumes of data to find hardcoded secrets like keys and passwords.
DumpsterDiver is a tool for analyzing big volumes of data to find hardcoded secrets like keys and passwords.
Tool for parsing NTFS journal files, $Logfile, and $MFT.
Chaosreader is a tool for ripping files from network sniffing dumps and replaying various protocols and file transfers.
Chaosreader is a tool for ripping files from network sniffing dumps and replaying various protocols and file transfers.
Open Source Intelligence solution for threat intelligence data enrichment and quick analysis of suspicious files or malware.
Open Source Intelligence solution for threat intelligence data enrichment and quick analysis of suspicious files or malware.
Detect capabilities in executable files and identify potential behaviors.