PyaraScanner
A multithreaded YARA scanner for incident response or malware zoos.
Capa detects capabilities in executable files by analyzing PE, ELF, .NET modules, shellcode files, or sandbox reports to identify potential behaviors such as backdoors, service installation, or communication methods like HTTP. Check out our capa blog posts for more information: Dynamic capa: Exploring Executable Run-Time Behavior with the CAPE Sandbox, capa v4: casting a wider .NET (.NET support), ELFant in the Room – capa v3 (ELF support), capa 2.0: Better, Stronger, Faster, capa: Automatically Identify Malware Capabilities. Usage: $ capa.exe suspicious.exe. ATT&CK Tactic and Technique mapping available.
A multithreaded YARA scanner for incident response or malware zoos.
Tool for decompressing malware samples to run Yara rules against them.
UDcide provides an alternative approach to dealing with Android malware by targeting specific behaviors for removal.
A simple JWT token brute force cracker
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
dynStruct is a tool for monitoring memory accesses of an ELF binary and recovering structures of the original code.