Search Results for "malware analysis"
Sort By:
Showing 89 open source projects for "malware analysis"
View related business solutions-
Ship Agents FasterGemini Enterprise Agent Platform lets you rapidly build, scale, govern and optimize production-ready agents grounded in your organization's data. The platform enables developers to build custom or pre-built agents for virtually any use case. New customers get $300 in free credits.
-
Error to trace to log to deploy. One click. No SSH.AppSignal links every error to the trace, the trace to the log, the log to the deploy that shipped it.
-
1
malware_training_vol1
Materials for Windows Malware Analysis training (volume 1)
malware_training_vol1 is an educational repository for Windows malware analysis training. It is designed to help learners understand common malware techniques through programming, reverse engineering, and Windows internals concepts. The material focuses on analysis rather than active misuse, making it useful for students, security researchers, and defenders building foundational skills. It includes exercises that explain how malware-like behaviors can be recognized and studied in a controlled lab context. ... -
2
FLARE VM
A collection of software installations scripts for Windows systems
...Because security toolchains often clash (DLL versions, signing, privileges), FLARE VM’s packaging handles compatibility issues ahead of time. For investigations involving malware unpacking, sandboxing, static analysis, or code reversing on Windows, the platform dramatically accelerates readiness and consistency across analysts. -
3
Ghidra
Ghidra is a software reverse engineering (SRE) framework
...It supports a wide array of instruction sets and executable formats, offering features such as decompilation, disassembly, scripting, and interactive graphing. Designed for security researchers and analysts, Ghidra provides a robust environment for understanding malware, auditing code, and performing software forensics. It includes both GUI-based and headless analysis modes. -
4
PE-bear
Portable Executable reversing tool with a friendly GUI
PE-bear is a multiplatform reversing tool for inspecting Windows Portable Executable files. It is designed to give malware analysts and reverse engineers a fast first view of a PE file’s structure. The tool can handle malformed PE files, which is important when analyzing packed, damaged, or intentionally manipulated binaries. It provides a graphical interface for exploring headers, sections, imports, resources, strings, and other PE internals. PE-bear also includes analysis conveniences such as hashes, signatures, and searchable string views. ... -
$300 Free Credits for Your Google Cloud ProjectsLaunch your next project with $300 in free Google Cloud credits—no strings attached. Test, build, and deploy without risk. Use your credits across the entire Google Cloud platform to find what works best for your needs. After your credits are used, continue with always-free tier services. Only pay when you're ready to scale. Sign up in minutes and start exploring.
-
5
Hypatia
A realtime malware scanner
Hypatia is a free and open-source malware scanner for Android that aims to provide on-device, real-time scanning with minimal battery and resource impact using signature-based detection inspired by ClamAV style databases. Designed as an Android app, it scans user filesystems and installed applications either on demand or in real time when files are written or renamed, operating completely offline aside from occasional signature database downloads. The project is offered under an AGPL-3.0... -
6
Al-Khaser
Public malware techniques used in the wild: Virtual Machine, Emulation
al-khaser is an open-source proof-of-concept security tool that deliberately implements techniques commonly used by real-world malware to test and evaluate the effectiveness of antivirus and endpoint detection and response (EDR) systems. It’s written in C/C++ and designed to execute a wide range of anti-analysis, anti-debugging, anti-virtualization, timing-based evasion, and sandbox detection routines so security researchers and defenders can see how well their tools detect or ignore these behaviors. ... -
7
Portable Executable Parser
lightweight Go package to parse, analyze and extract metadata
Saferwall PE is a lightweight Go package for parsing, analyzing, and extracting metadata from Portable Executable (PE) binaries. Designed with malware analysis in mind, it is robust against malformed PE files and provides detailed insights into executable structures. -
8
IntelOwl
Centralized platform for automated threat intelligence analysis
...These plugins can collect data from external intelligence platforms or generate insights using internal analysis tools such as YARA or static malware analyzers. -
9
LitterBox
A secure sandbox environment for malware developers and red teamers
LitterBox is a controlled malware-analysis and payload-testing sandbox aimed at red teams who need to validate evasions and behaviors before deployment. It provides an isolated environment to exercise payloads against modern detection stacks, verify signatures and heuristics, and observe runtime characteristics without leaking binaries to third-party vendors. The README frames typical use cases: testing evasion, validating detections, analyzing behavior, and keeping sensitive tooling in-house. ... -
Atera - an All-in-one platform for IT managementYour IT essentials, integrated & elevated. Take your IT management from automated to autonomous, download Atera's agent to start your free trial!
-
10
hollows_hunter
Recognizes and dumps a variety of potentially malicious implants
Hollows Hunter is a command-line malware analysis tool based on the PE-sieve passive memory scanner. It scans running processes, or even the full system, to identify potentially malicious implants. The tool can recognize and dump suspicious artifacts such as replaced PEs, injected PEs, shellcode, hooks, and in-memory patches. Unlike PE-sieve’s more process-specific workflow, Hollows Hunter can select targets using broader criteria such as process IDs, process names, or creation time. ... -
11
LIEF
LIEF - Library to Instrument Executable Formats (C++, Python, Rust)
LIEF (Library to Instrument Executable Formats) is a cross-platform library that enables parsing, modifying, and abstracting executable formats such as ELF, PE, and Mach-O. It's widely used in reverse engineering and binary analysis. -
12
AndroidNativeEmu
Allows you to partly emulate an Android native library
...Instead of emulating an entire operating system, it focuses specifically on the native layer, allowing for targeted testing and reverse engineering of shared libraries (.so files). This makes it particularly useful in security research, malware analysis, and debugging of Android applications. The framework provides tools for loading binaries, simulating system calls, and interacting with native functions in a controlled environment. By abstracting away the complexity of full device emulation, it allows faster iteration and more focused analysis of specific components. ... -
13
Sogen
Windows User Space Emulator
...Unlike traditional emulators that reimplement full operating system APIs, Sogen works closer to the kernel boundary by intercepting and emulating system calls, allowing it to leverage native system libraries while maintaining granular control. This approach makes it particularly valuable for advanced use cases such as malware analysis, reverse engineering, and DRM research, where precise observation and manipulation of execution flow are critical. The emulator supports multiple backends, including Unicorn Engine and Hyper-V, enabling flexible deployment depending on performance or accuracy requirements. It also includes robust support for loading Portable Executable (PE) files, including proper handling of relocations, thread-local storage, and memory mapping. -
14
SSH-MITM
Server for security audits supporting public key authentication
ssh man-in-the-middle (ssh-mitm) server for security audits supporting publickey authentication, session hijacking and file manipulation. SSH-MITM is a man in the middle SSH Server for security audits and malware analysis. Password and publickey authentication are supported and SSH-MITM is able to detect, if a user is able to login with publickey authentication on the remote server. This allows SSH-MITM to accept the same key as the destination server. If publickey authentication is not possible, the authentication will fall back to password-authentication. ... -
15
Detect It Easy
Program for determining types of files for Windows, Linux and MacOS
Detect It Easy (DiE) is a tool for determining the type and internal features of binary and other file formats. It is widely used by malware analysts, digital forensics investigators, reverse engineers, and security researchers to quickly inspect unknown files and infer their type, architecture, compiler/packer used, and internal structure. DiE supports a large variety of file formats — from common executables (Windows PE, Linux ELF, macOS Mach-O) to archives, mobile packages (APK, IPA), legacy binaries, compressed or packed files, and more — making it a versatile first step in analysis or triage workflows. ... -
16
x64dbg
An open-source x64/x32 debugger for windows
An open-source binary debugger for Windows, aimed at malware analysis and reverse engineering of executables you do not have the source code for. There are many features available and a comprehensive plugin system to add your own. Fully customizable color scheme. Dynamically recognize modules and strings. Import reconstructor integrated (Scylla). Fast disassembler (Zydis). User database (JSON) for comments, labels, bookmarks, etc. -
17
Capstone
Capstone disassembly/disassembler framework
Capstone is a disassembly framework with the target of becoming the ultimate disasm engine for binary analysis and reversing in the security community. Created by Nguyen Anh Quynh, then developed and maintained by a small community, Capstone offers some unparalleled features. Support multiple hardware architectures: ARM, ARM64 (ARMv8), Ethereum VM, M68K, Mips, MOS65XX, PPC, Sparc, SystemZ, TMS320C64X, M680X, XCore and X86 (including X86_64). Having clean/simple/lightweight/intuitive... -
18
malware-samples
A collection of malware samples and relevant dissection information
This repo is a public collection of malware samples and related dissection/analysis information, maintained by InQuest. It gathers various kinds of malicious artifacts, executables, scripts, macros, obfuscated documents, etc., with metadata (e.g., VirusTotal reports), file carriers, and sample hashes. It’s intended for malware analysts/researchers to help study how malware works, how they are delivered, and how it evolves. -
19
MemProcFS Analyzer
Automated Forensic Analysis of Windows Memory Dumps for DFIR
...It emphasizes automation and reproducibility: parsers can be chained, results exported, and reports templated to fit incident workflows. Because memory contains transient but critical traces of running malware or misuse, the project focuses on robust parsing in the face of corruption and mismatched OS versions. -
20
UTMStack
Customizable SIEM and XDR powered by Real-Time correlation
Welcome to the UTMStack open-source project! UTMStack is a unified threat management platform that merges SIEM (Security Information and Event Management) and XDR (Extended Detection and Response) technologies. Our unique approach allows real-time correlation of log data, threat intelligence, and malware activity patterns from multiple sources, enabling the identification and halting of complex threats that use stealthy techniques. UTMStack stands out in threat prevention by surpassing the... -
21
MalbianLinux
GNU/Linux Distribution for Malware Analysis and Reverse Engineering.
Malbian is a Light-weight Debian Based GNU/Linux Distribution for Malware Analysis and Reverse Engineering designed to aid the user in both Static and Dynamic analysis of malware samples. 100% Free to use and distribute. About: https://github.com/MalbianLinux Installation Guide in: https://github.com/MalbianLinux/Malbian-ISOs/ -
22
Volatility
An advanced memory forensics framework
Volatility is a widely used open-source framework for analyzing memory captures (RAM dumps) from Windows, Linux, and macOS systems. It enables investigators and malware analysts to extract process lists, network connections, DLLs, strings, artifacts, and more. Volatility supports many plugins for detecting hidden processes, malware, rootkits, and event tracing. It’s essential in digital forensics and incident response workflows. -
23
-
24
LSG - Linux SecureGuard
Professional antivirus solution developed for Linux systems.
Professional antivirus solution developed for Linux systems. Protects your Linux servers and desktop systems with real-time protection, network security and advanced threat detection features. -
25
Thunderbird Anti Virus v3.5
Thunderbird Anti Virus Free Scanner v3.5
Thunderbird Anti-Virus v3.4 | Professional Security & Network Shield Thunderbird Anti-Virus v3.4 is a high-performance security suite engineered for users who demand elite protection without system degradation. Built on a sophisticated Heuristic Analysis Engine, it delivers surgical precision in identifying malware, ransomware, and volatile memory threats. This version introduces the Integrated Network Shield, a professional-grade firewall providing real-time perimeter control. Complemented by the new Live I/O Telemetry, users can monitor data throughput (KB/s) in real-time, identifying anomalous activity instantly. ...
