Malware Analysis
Browse 259 malware analysis tools
FEATURED
An open-source dynamic analysis framework that intercepts and monitors API calls in Android applications using the Android Substrate framework.
Joe Sandbox Community provides automated cloud-based malware analysis across multiple OS platforms.
A GNU Emacs editor mode that provides syntax highlighting, indentation, and language server integration for editing YARA rule files.
Endpoint protection platform using zero trust architecture and containment
PLASMA is an interactive disassembler that generates readable assembly code with colored syntax for reverse engineering binary files across multiple architectures and formats.
A modified version of Cuckoo Sandbox with enhanced features and capabilities.
A binary analysis and management framework for organizing and analyzing malware and exploit samples, and creating plugins.
A command-line tool that visually displays YARA rule matches, regex matches, and hex patterns in binary data with colored output and configurable context bytes.
UDcide is an Android malware analysis tool that detects and removes specific malicious behaviors from malware samples while preserving the binary for investigation purposes.
A collection of YARA rules for research and hunting purposes.
A Python 3 tool for analyzing XOR-encrypted data that can guess key lengths and decrypt XOR ciphers based on character frequency analysis.
VxSig is a Google-developed tool that automatically generates antivirus byte signatures from similar binaries for Yara and ClamAV detection engines.
Ghost USB Honeypot emulates USB storage devices to detect and analyze malware that spreads via USB without requiring prior threat intelligence.
AutoYara is a Java tool that automatically generates YARA rules from malware samples using biclustering algorithms to help analysts create detection rules for malware families.
A .NET assembly debugger and editor that enables reverse engineering and dynamic analysis of compiled .NET applications without source code access.
PyIntelOwl is a Python SDK and CLI client for interacting with IntelOwl's threat intelligence API to submit files and observables for automated security analysis.
An OCaml Ctypes wrapper for the YARA matching engine that enables malware identification capabilities in OCaml applications.
Free training sessions on Reverse Engineering, Malware Analysis, and Exploit Development.
Android security virtual machine with updated tools and frameworks for reverse engineering and malware analysis.
Malscan is a tool to scan process memory for YARA matches and execute Python scripts.
Automate the process of writing YARA rules based on executable code within malware.
PINT is a PIN tool that enables Lua scripting for Intel's PIN dynamic instrumentation framework, allowing researchers to inject custom code during binary analysis processes.
Fnord is a pattern extraction tool that analyzes obfuscated code using sliding window techniques to identify frequent byte sequences and generate experimental YARA rules for malware analysis.
An Emacs major mode that provides syntax highlighting and enhanced readability for smali code files used in Android malware analysis.
