Krakatau
Krakatau provides an assembler and disassembler for Java bytecode, supporting conversion, creation, examination, comparison, and decompilation of Java binaries.
Fernflower is the first actually working analytical decompiler for Java and probably for a high-level programming language in general. Naturally, it is still under development. Please send your bug reports and improvement suggestions to the issue tracker. Fernflower is licensed under the Apache Licence Version 2.0. Running from the command line: java -jar fernflower.jar [-<option>=<value>]* [<source>]+ <destination>. * means 0 or more times, + means 1 or more times. <source>: file or directory with files to be decompiled. Directories are recursively scanned. Allowed file extensions are class, zip, and jar. Sources prefixed with -e= mean 'library' files that won't be decompiled but taken into account when analyzing relationships between classes or methods. Especially renaming of identifiers (s. option 'ren') can benefit from information about external classes. <destination>: destination directory. <option>, <value>: a command-line option with the corresponding value (see 'Command-line options' below). Examples: java -jar fernflower.jar -hes=0 -hdc=0 c:\Temp\binary\ -e=c:\Java\rt.jar c:\Temp\source\ java -jar fernflower.jar -dgs=1 c:\Temp\binary\library.jar c:\Temp\bin
Krakatau provides an assembler and disassembler for Java bytecode, supporting conversion, creation, examination, comparison, and decompilation of Java binaries.
Define and validate YARA rule metadata with CCCS YARA Specification.
YaraHunter scans container images, running Docker containers, and filesystems to find indicators of malware.
A Yara ruleset for detecting PHP shells and other webserver malware.
A tool that executes programs in memory from various sources
Python 3 tool for parsing Yara rules with ongoing development.