Malware Detection
Explore 96 curated tools and resources
Search tools and resources by name, description, or purpose... (⌘+K)
PINNED
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
LATEST ADDITIONS
A software supply chain security platform that analyzes binaries and software components to detect malware, vulnerabilities, exposed secrets, and tampering throughout the development lifecycle.
A software supply chain security platform that analyzes binaries and software components to detect malware, vulnerabilities, exposed secrets, and tampering throughout the development lifecycle.
A static application security testing (SAST) platform that performs comprehensive source code analysis to identify vulnerabilities, malware, and security issues in application code and dependencies.
A static application security testing (SAST) platform that performs comprehensive source code analysis to identify vulnerabilities, malware, and security issues in application code and dependencies.
FortiMail is an email security solution that protects organizations against phishing, ransomware, zero-day attacks, and business email compromise through multi-layered detection and prevention capabilities.
FortiMail is an email security solution that protects organizations against phishing, ransomware, zero-day attacks, and business email compromise through multi-layered detection and prevention capabilities.
WPMissionControl is a WordPress-focused security and uptime monitoring tool that offers continuous website checks, alerts, and malware cleanup services.
WPMissionControl is a WordPress-focused security and uptime monitoring tool that offers continuous website checks, alerts, and malware cleanup services.
A cutting-edge AI-based IT security platform that identifies malware and cyber-attacks within seconds
A cutting-edge AI-based IT security platform that identifies malware and cyber-attacks within seconds
Scan files for viruses and malware with language-agnostic REST API
Scan files for viruses and malware with language-agnostic REST API
A golang utility to spider through a website searching for additional links.
A golang utility to spider through a website searching for additional links.
A free, open-source tool that uncovers persistently installed software on macOS, helping to generically reveal malware.
A free, open-source tool that uncovers persistently installed software on macOS, helping to generically reveal malware.
Yara rule generator using VirusTotal code similarity feature code-similar-to.
Yara rule generator using VirusTotal code similarity feature code-similar-to.
A project sharing malicious URLs used for malware distribution to help protect networks.
A project sharing malicious URLs used for malware distribution to help protect networks.
A repository of freely usable Yara rules for detection systems, with automated error detection workflows.
A repository of freely usable Yara rules for detection systems, with automated error detection workflows.
A tool that scans a corpus of malware and builds a YARA rule to detect similar code sections.
A tool that scans a corpus of malware and builds a YARA rule to detect similar code sections.
A collection of Yara rules for detecting malware evasion techniques
A collection of Yara rules for detecting malware evasion techniques
Comprehensive endpoint security solution providing proactive defenses, remediation tools, and centralized management to prevent threats and ensure uptime.
Comprehensive endpoint security solution providing proactive defenses, remediation tools, and centralized management to prevent threats and ensure uptime.
AMDH is an Android tool for automating scanning, hardening system settings, detecting malware, and protecting privacy.
AMDH is an Android tool for automating scanning, hardening system settings, detecting malware, and protecting privacy.
A project providing open-source YARA rules for malware and malicious file detection
A project providing open-source YARA rules for malware and malicious file detection
Repository of YARA rules for identifying and classifying malware.
Cloud-based virus scan APIs for securing files, URLs, and content uploads with advanced anti-virus and malware scanning capabilities.
Cloud-based virus scan APIs for securing files, URLs, and content uploads with advanced anti-virus and malware scanning capabilities.
Comprehensive suite for advanced file analysis and software supply chain security.
Comprehensive suite for advanced file analysis and software supply chain security.
A Yara ruleset for detecting PHP shells and other webserver malware.
Intezer is a cloud-based malware analysis platform that detects and classifies malware using genetic code analysis.
Intezer is a cloud-based malware analysis platform that detects and classifies malware using genetic code analysis.
Tool to bypass endpoint solutions blocking known 'malicious' signed applications by obtaining valid signed files with different hashes.
Tool to bypass endpoint solutions blocking known 'malicious' signed applications by obtaining valid signed files with different hashes.
A powerful tool for detecting and identifying malware using a rule-based system.
A powerful tool for detecting and identifying malware using a rule-based system.
A free software that calculates the security ranking of Internet Service Providers to detect malicious activities.
A free software that calculates the security ranking of Internet Service Providers to detect malicious activities.
A tool that generates Yara rules from training data using logistic regression and random forest classifiers.
A tool that generates Yara rules from training data using logistic regression and random forest classifiers.
Collection of malware persistence information and techniques
Collection of malware persistence information and techniques
A collection of YARA rules for public use, built from intelligence profiles and file work.
A collection of YARA rules for public use, built from intelligence profiles and file work.
GCTI's open-source detection signatures for malware and threat detection
GCTI's open-source detection signatures for malware and threat detection
YARA rules for ProcFilter to detect malware and threats
YARA rules for ProcFilter to detect malware and threats
VxSig is a tool to automatically generate AV byte signatures from similar binaries.
VxSig is a tool to automatically generate AV byte signatures from similar binaries.
A honeypot for malware that spreads via USB storage devices, detecting infections without further information.
A honeypot for malware that spreads via USB storage devices, detecting infections without further information.
A technique to associate applications with TLS parameters for identifying malware and vulnerable applications.
A technique to associate applications with TLS parameters for identifying malware and vulnerable applications.
ClamAV is an open-source antivirus engine that detects trojans, viruses, malware, and other malicious threats.
ClamAV is an open-source antivirus engine that detects trojans, viruses, malware, and other malicious threats.
Malscan is a tool to scan process memory for YARA matches and execute Python scripts.
Malscan is a tool to scan process memory for YARA matches and execute Python scripts.
A tracker that detects and logs SYN packets with a specific signature generated by the Mirai malware, providing real-time information on Mirai-based campaigns.
A tracker that detects and logs SYN packets with a specific signature generated by the Mirai malware, providing real-time information on Mirai-based campaigns.
An SDN honeypot tool for detecting and analyzing malicious activities in Software-Defined Networking environments.
An SDN honeypot tool for detecting and analyzing malicious activities in Software-Defined Networking environments.
A python3 application for querying sites hosting publicly pasted data and scanning for sensitive information.
A python3 application for querying sites hosting publicly pasted data and scanning for sensitive information.
Detects and handles potential malware in Microsoft Exchange 2019 messages with various techniques and third-party libraries.
Detects and handles potential malware in Microsoft Exchange 2019 messages with various techniques and third-party libraries.
Analyze suspicious files, domains, IPs, and URLs to detect malware and other breaches, and share results with the security community.
Analyze suspicious files, domains, IPs, and URLs to detect malware and other breaches, and share results with the security community.
A curated list of known malicious NPM packages
APKiD is a tool that identifies compilers, packers, obfuscators, and other weird stuff in APK files.
APKiD is a tool that identifies compilers, packers, obfuscators, and other weird stuff in APK files.
A parsing tool for Yara Scan Service's JSON output file to help maximize benefits and automate parsing of Yara Scan Service results.
A parsing tool for Yara Scan Service's JSON output file to help maximize benefits and automate parsing of Yara Scan Service results.
Scan files with Yara, match findings to VirusTotal comments.
Scan files with Yara, match findings to VirusTotal comments.
A low Interaction Client honeypot designed to detect malicious websites through signature, anomaly and pattern matching techniques.
Yara Based Detection for web browsers
Maltrail is a malicious traffic detection system utilizing blacklists and heuristic mechanisms.
Maltrail is a malicious traffic detection system utilizing blacklists and heuristic mechanisms.
A tool for dynamic analysis of mobile applications in a controlled environment.
A tool for dynamic analysis of mobile applications in a controlled environment.
FSquaDRA is a tool for detection of repackaged Android applications based on Jaccard similarity computation over digests of files.
FSquaDRA is a tool for detection of repackaged Android applications based on Jaccard similarity computation over digests of files.
Collection of Yara rules for file identification and classification
Collection of Yara rules for file identification and classification
A honeypot agent for running honeypots with service and data at threatwar.com.
A honeypot agent for running honeypots with service and data at threatwar.com.
Malware sandbox for executing malicious files in an isolated environment with advanced features.
Malware sandbox for executing malicious files in an isolated environment with advanced features.
Platform for uploading, searching, and downloading malware samples.
A library for checking potentially malicious files and archives using YARA and making a decision about their harmfulness.
A library for checking potentially malicious files and archives using YARA and making a decision about their harmfulness.
Bindings for the Yara library from VirusTotal with support for Yara v4.2 and various features like rule compilation and scanning.
Bindings for the Yara library from VirusTotal with support for Yara v4.2 and various features like rule compilation and scanning.
SHIVA: Spam Honeypot with Intelligent Virtual Analyzer for capturing and analyzing spam data.
SHIVA: Spam Honeypot with Intelligent Virtual Analyzer for capturing and analyzing spam data.
YARA is a tool for identifying and classifying malware samples based on textual or binary patterns.
YARA is a tool for identifying and classifying malware samples based on textual or binary patterns.
NotRuler is a tool for Exchange Admins to detect client-side Outlook rules and VBScript enabled forms, aiding in the detection of attacks created through Ruler.
NotRuler is a tool for Exchange Admins to detect client-side Outlook rules and VBScript enabled forms, aiding in the detection of attacks created through Ruler.
Open-source rules for detecting and preventing email attacks like BEC, malware, and credential phishing.
Open-source rules for detecting and preventing email attacks like BEC, malware, and credential phishing.
A collection of Yara rules licensed under the DRL 1.1 License.
A collection of Yara rules licensed under the DRL 1.1 License.
A strings statistics calculator for YARA rules to aid malware research.
A strings statistics calculator for YARA rules to aid malware research.
Detect trojan source attacks that employ unicode bidi attacks to inject malicious code.
Detect trojan source attacks that employ unicode bidi attacks to inject malicious code.
A project focusing on understanding and combating threats to the Internet economy and net citizens.
A project focusing on understanding and combating threats to the Internet economy and net citizens.
Go bindings for YARA with installation and build instructions.
JARM is a TLS server fingerprinting tool used for identifying server configurations and malicious infrastructure.
JARM is a TLS server fingerprinting tool used for identifying server configurations and malicious infrastructure.
A tool that generates Yara rules for strings and their XOR encoded versions, as well as base64-encoded variations with different padding possibilities.
A tool that generates Yara rules for strings and their XOR encoded versions, as well as base64-encoded variations with different padding possibilities.
Official repository of YARA rules for threat detection and hunting
Official repository of YARA rules for threat detection and hunting
A behavior-based malware detection system for Android platforms that uses crowdsourcing to detect anomalies and malware in applications.
A behavior-based malware detection system for Android platforms that uses crowdsourcing to detect anomalies and malware in applications.
A static analysis tool for PE files that detects malicious behavior and provides information for manual analysis.
A static analysis tool for PE files that detects malicious behavior and provides information for manual analysis.
Utility for comparing control flow graph signatures to Android methods with scanning capabilities for malicious applications.
Utility for comparing control flow graph signatures to Android methods with scanning capabilities for malicious applications.
Repository of Yara signatures for detecting targeted attacks on civil society organizations
Repository of Yara signatures for detecting targeted attacks on civil society organizations
A collection of Yara rules for the Burp Yara-Scanner extension to identify malicious software on websites.
A collection of Yara rules for the Burp Yara-Scanner extension to identify malicious software on websites.
Repository of Yara Rules created by TjNel.
A collection of Yara signatures for identifying malware and other threats
A collection of Yara signatures for identifying malware and other threats
Webroot Endpoint Protection provides advanced cloud-based protection against malicious files, scripts, exploits, and URLs to keep businesses safe from cyberattacks.
Webroot Endpoint Protection provides advanced cloud-based protection against malicious files, scripts, exploits, and URLs to keep businesses safe from cyberattacks.
A tool to locally check for signs of a rootkit with various checks and tests.
A tool to locally check for signs of a rootkit with various checks and tests.
An online hash checker utility that retrieves information from various online sources, including Virustotal, HybridAnalysis, and more.
An online hash checker utility that retrieves information from various online sources, including Virustotal, HybridAnalysis, and more.
Fast suspicious file finder for threat hunting and live forensics.
Fast suspicious file finder for threat hunting and live forensics.
A static analysis tool for Android apps that detects malware and other malicious code
A static analysis tool for Android apps that detects malware and other malicious code
Valkyrie is a sophisticated file verdict system that enhances malware detection through behavioral analysis and extensive file feature examination.
Valkyrie is a sophisticated file verdict system that enhances malware detection through behavioral analysis and extensive file feature examination.
Python utility for testing the existence of domain names under different TLDs to find malicious subdomains.
Scans running processes for potentially malicious implants and dumps them.
Scans running processes for potentially malicious implants and dumps them.
A repository of Yara signatures under the GNU-GPLv2 license for the cybersecurity community.
A repository of Yara signatures under the GNU-GPLv2 license for the cybersecurity community.
Advanced threat prevention and detection platform leveraging Deep CDR, Multiscanning, and Sandbox technologies to protect against data breaches and ransom attacks.
Advanced threat prevention and detection platform leveraging Deep CDR, Multiscanning, and Sandbox technologies to protect against data breaches and ransom attacks.
ELAT (Event Log Analysis Tool) is a tool that helps in analyzing Windows event logs for malware detection.
ELAT (Event Log Analysis Tool) is a tool that helps in analyzing Windows event logs for malware detection.
A tool for static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers
A tool for static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers
OCaml bindings to the YARA scanning engine for integrating YARA scanning capabilities into OCaml projects
OCaml bindings to the YARA scanning engine for integrating YARA scanning capabilities into OCaml projects
A collaborative malware analysis framework with various features for automated analysis tasks.
A collaborative malware analysis framework with various features for automated analysis tasks.
Ensnare is a gem plugin for Ruby on Rails that enables quick deployment of a malicious behavior detection and response scheme using Honey Traps and Trap Responses.
MalConfScan is a Volatility plugin for extracting configuration data of known malware and analyzing memory images.
MalConfScan is a Volatility plugin for extracting configuration data of known malware and analyzing memory images.
A low-interaction honeypot for detecting and analyzing security threats
Detect signed malware and track stolen code-signing certificates using osquery.
Detect signed malware and track stolen code-signing certificates using osquery.
Cloud-based service for testing and analyzing Android and iOS apps for malware, vulnerabilities, and security threats.
Cloud-based service for testing and analyzing Android and iOS apps for malware, vulnerabilities, and security threats.
Monitor WMI consumers and processes for potential malicious activity
Monitor WMI consumers and processes for potential malicious activity
A collection of publicly available YARA rules for detecting and classifying malware.
A collection of publicly available YARA rules for detecting and classifying malware.
Detect capabilities in executable files and identify potential behaviors.
A Unix-based tool that scans for rootkits and other malware on a system, providing a detailed report of the scan results.
A Unix-based tool that scans for rootkits and other malware on a system, providing a detailed report of the scan results.