Search Results for "malware"

Hollows Hunter is a command-line malware analysis tool based on the PE-sieve passive memory scanner. It scans running processes, or even the full system, to identify potentially malicious implants. The tool can recognize and dump suspicious artifacts such as replaced PEs, injected PEs, shellcode, hooks, and in-memory patches. Unlike PE-sieve’s more process-specific workflow, Hollows Hunter can select targets using broader criteria such as process IDs, process names, or creation time. ...

LIEF (Library to Instrument Executable Formats) is a cross-platform library that enables parsing, modifying, and abstracting executable formats such as ELF, PE, and Mach-O. It's widely used in reverse engineering and binary analysis.​

Volatility is a widely used open-source framework for analyzing memory captures (RAM dumps) from Windows, Linux, and macOS systems. It enables investigators and malware analysts to extract process lists, network connections, DLLs, strings, artifacts, and more. Volatility supports many plugins for detecting hidden processes, malware, rootkits, and event tracing. It’s essential in digital forensics and incident response workflows.

The EmailVeritas URL Checker PHP SDK provides real-time phishing and malicious link detection through the official EmailVeritas API. It enables developers to classify and analyze URLs directly from PHP applications using simple methods for URL Lookup and URL Scan. Lightweight and dependency-free, the SDK performs redirect-chain, WHOIS, and HTML metadata analysis. Composer support makes integration seamless with PSR-4 autoloading. Ideal for CRMs, contact forms, and security...

readpe (formerly known as pev) is a multiplatform toolkit to work with PE (Portable Executable) binaries. Its main goal is to provide feature-rich tools for properly analyze binaries with a strong focus on suspicious ones.

Dr0p1t-Framework is a penetration testing tool designed to generate advanced and stealthy droppers capable of delivering and executing payloads on target systems while evading detection mechanisms. A dropper is a type of malware used to download and install additional malicious software, and this framework focuses on making that process more flexible and difficult to detect. It provides a wide range of modules that allow users to customize payload delivery, persistence mechanisms, and execution methods. The framework includes features such as antivirus evasion, privilege escalation, and system persistence, enabling it to maintain access on compromised systems. ...

A hardware supported hypervisor originally built for malware analysis. Features: Linux VM introspection, minimal detectability, small (~150KB), simple, and well documented. Can be used for other purposes. Support for Intel-VT & Windows coming soon.

Clam AntiVirus Client Library provides a simple API to the ClamAV daemon. ClamAVC does not require ClamAV to be installed. ClamAVC communicates with clamd using clamd's documented protocol using either TCP or a local Unix domain socket.