Hfinger Logo

Hfinger

0
Free
Visit Website

Tool for fingerprinting HTTP requests of malware. Based on Tshark and written in Python3. Working prototype stage :-) Its main objective is to provide unique representations (fingerprints) of malware requests, which help in their identification. Unique means here that each fingerprint should be seen only in one particular malware family, yet one family can have multiple fingerprints. Hfinger represents the request in a shorter form than printing the whole request, but still human interpretable. Hfinger can be used in manual malware analysis but also in sandbox systems or SIEMs. The generated fingerprints are useful for grouping requests, pinpointing requests to particular malware families, identifying different operations of one family, or discovering unknown malicious requests omitted by other security systems but which share fingerprint. An academic paper accompanies work on this tool, describing, for example, the motivation of design choices, and the evaluation of the tool compared to p0f, FATT, and Mercury.

FEATURES

ALTERNATIVES

Abusing the COM Registry Structure: CLSID, LocalServer32, & InprocServer32

Binary Ninja is an interactive decompiler, disassembler, debugger, and binary analysis platform with a focus on automation and a clean GUI.

An online hash checker utility that retrieves information from various online sources, including Virustotal, HybridAnalysis, and more.

Platform for uploading, searching, and downloading malware samples.

A collection of Android Applications with malware analysis results

A tool for translating Dalvik bytecode to Java bytecode for analyzing Android applications.

Interactive malware hunting service with live access to the heart of an incident.

A serverless, real-time, and retroactive malware detection tool that scans files with YARA rules and alerts incident response teams.