92 tools and resources
A cutting-edge AI-based IT security platform that identifies malware and cyber-attacks within seconds
Scan files for viruses and malware with language-agnostic REST API
A golang utility to spider through a website searching for additional links.
A free, open-source tool that uncovers persistently installed software on macOS, helping to generically reveal malware.
Yara rule generator using VirusTotal code similarity feature code-similar-to.
A project sharing malicious URLs used for malware distribution to help protect networks.
A repository of freely usable Yara rules for detection systems, with automated error detection workflows.
A tool that scans a corpus of malware and builds a YARA rule to detect similar code sections.
A collection of Yara rules for detecting malware evasion techniques
Comprehensive endpoint security solution providing proactive defenses, remediation tools, and centralized management to prevent threats and ensure uptime.
AMDH is an Android tool for automating scanning, hardening system settings, detecting malware, and protecting privacy.
A project providing open-source YARA rules for malware and malicious file detection
Repository of YARA rules for identifying and classifying malware.
Cloud-based virus scan APIs for securing files, URLs, and content uploads with advanced anti-virus and malware scanning capabilities.
Comprehensive suite for advanced file analysis and software supply chain security.
A Yara ruleset for detecting PHP shells and other webserver malware.
Intezer is a cloud-based malware analysis platform that detects and classifies malware using genetic code analysis.
Tool to bypass endpoint solutions blocking known 'malicious' signed applications by obtaining valid signed files with different hashes.
A powerful tool for detecting and identifying malware using a rule-based system.
A free software that calculates the security ranking of Internet Service Providers to detect malicious activities.
A tool that generates Yara rules from training data using logistic regression and random forest classifiers.
Collection of malware persistence information and techniques
A collection of YARA rules for public use, built from intelligence profiles and file work.
GCTI's open-source detection signatures for malware and threat detection
YARA rules for ProcFilter to detect malware and threats
VxSig is a tool to automatically generate AV byte signatures from similar binaries.
A honeypot for malware that spreads via USB storage devices, detecting infections without further information.
A technique to associate applications with TLS parameters for identifying malware and vulnerable applications.
ClamAV is an open-source antivirus engine that detects trojans, viruses, malware, and other malicious threats.
Malscan is a tool to scan process memory for YARA matches and execute Python scripts.
A tracker that detects and logs SYN packets with a specific signature generated by the Mirai malware, providing real-time information on Mirai-based campaigns.
An SDN honeypot tool for detecting and analyzing malicious activities in Software-Defined Networking environments.
A python3 application for querying sites hosting publicly pasted data and scanning for sensitive information.
Detects and handles potential malware in Microsoft Exchange 2019 messages with various techniques and third-party libraries.
Analyze suspicious files, domains, IPs, and URLs to detect malware and other breaches, and share results with the security community.
A curated list of known malicious NPM packages
APKiD is a tool that identifies compilers, packers, obfuscators, and other weird stuff in APK files.
A parsing tool for Yara Scan Service's JSON output file to help maximize benefits and automate parsing of Yara Scan Service results.
Scan files with Yara, match findings to VirusTotal comments.
A low Interaction Client honeypot designed to detect malicious websites through signature, anomaly and pattern matching techniques.
Yara Based Detection for web browsers
Maltrail is a malicious traffic detection system utilizing blacklists and heuristic mechanisms.
A tool for dynamic analysis of mobile applications in a controlled environment.
FSquaDRA is a tool for detection of repackaged Android applications based on Jaccard similarity computation over digests of files.
Collection of Yara rules for file identification and classification
A honeypot agent for running honeypots with service and data at threatwar.com.
Malware sandbox for executing malicious files in an isolated environment with advanced features.
Platform for uploading, searching, and downloading malware samples.
A library for checking potentially malicious files and archives using YARA and making a decision about their harmfulness.
Bindings for the Yara library from VirusTotal with support for Yara v4.2 and various features like rule compilation and scanning.
SHIVA: Spam Honeypot with Intelligent Virtual Analyzer for capturing and analyzing spam data.
YARA is a tool for identifying and classifying malware samples based on textual or binary patterns.
NotRuler is a tool for Exchange Admins to detect client-side Outlook rules and VBScript enabled forms, aiding in the detection of attacks created through Ruler.
Open-source rules for detecting and preventing email attacks like BEC, malware, and credential phishing.
A collection of Yara rules licensed under the DRL 1.1 License.
A strings statistics calculator for YARA rules to aid malware research.
Detect trojan source attacks that employ unicode bidi attacks to inject malicious code.
A project focusing on understanding and combating threats to the Internet economy and net citizens.
Go bindings for YARA with installation and build instructions.
JARM is a TLS server fingerprinting tool used for identifying server configurations and malicious infrastructure.
A tool that generates Yara rules for strings and their XOR encoded versions, as well as base64-encoded variations with different padding possibilities.
Official repository of YARA rules for threat detection and hunting
A behavior-based malware detection system for Android platforms that uses crowdsourcing to detect anomalies and malware in applications.
A static analysis tool for PE files that detects malicious behavior and provides information for manual analysis.
Utility for comparing control flow graph signatures to Android methods with scanning capabilities for malicious applications.
Repository of Yara signatures for detecting targeted attacks on civil society organizations
A collection of Yara rules for the Burp Yara-Scanner extension to identify malicious software on websites.
Repository of Yara Rules created by TjNel.
A collection of Yara signatures for identifying malware and other threats
Webroot Endpoint Protection provides advanced cloud-based protection against malicious files, scripts, exploits, and URLs to keep businesses safe from cyberattacks.
A tool to locally check for signs of a rootkit with various checks and tests.
An online hash checker utility that retrieves information from various online sources, including Virustotal, HybridAnalysis, and more.
Fast suspicious file finder for threat hunting and live forensics.
A static analysis tool for Android apps that detects malware and other malicious code
Valkyrie is a sophisticated file verdict system that enhances malware detection through behavioral analysis and extensive file feature examination.
Python utility for testing the existence of domain names under different TLDs to find malicious subdomains.
Scans running processes for potentially malicious implants and dumps them.
A repository of Yara signatures under the GNU-GPLv2 license for the cybersecurity community.
Advanced threat prevention and detection platform leveraging Deep CDR, Multiscanning, and Sandbox technologies to protect against data breaches and ransom attacks.
ELAT (Event Log Analysis Tool) is a tool that helps in analyzing Windows event logs for malware detection.
A tool for static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers
OCaml bindings to the YARA scanning engine for integrating YARA scanning capabilities into OCaml projects
A collaborative malware analysis framework with various features for automated analysis tasks.
Ensnare is a gem plugin for Ruby on Rails that enables quick deployment of a malicious behavior detection and response scheme using Honey Traps and Trap Responses.
MalConfScan is a Volatility plugin for extracting configuration data of known malware and analyzing memory images.
A low-interaction honeypot for detecting and analyzing security threats
Detect signed malware and track stolen code-signing certificates using osquery.
Cloud-based service for testing and analyzing Android and iOS apps for malware, vulnerabilities, and security threats.
Monitor WMI consumers and processes for potential malicious activity
A collection of publicly available YARA rules for detecting and classifying malware.
Detect capabilities in executable files and identify potential behaviors.
A Unix-based tool that scans for rootkits and other malware on a system, providing a detailed report of the scan results.
