Inicio>código fuente JSP>Otras categorias
Descargar

herramientas-malware

Una lista seleccionada de repositorios de malware, rastreadores y herramientas de análisis de malware

Repositorios de malware:

VirusTotal - https://virustotal.com
VirusBay - https://beta.virusbay.io
MalBeacon-https://malbeacon.com
Tráfico.moe - https://traffic.moe
Análisis de tráfico de Brad: https://www.malware-traffic-analysis.net
el Zoológico: https://github.com/ytisf/theZoo/tree/master/malwares
Contagio - https://contagiodump.blogspot.com
OpenMalware-https://openmalware.com
Virusign - http://www.virusign.com
DasMelwerk - https://dasmalwerk.eu
Malquarium - https://malquarium.org
VirusShare: https://virusshare.com
MalwareOne: https://malware.one
AVCaesar - https://avcaesar.malware.lu
0xffff0800 - https://iec56w4ibovnb4wc.onion.si/Library
Malshare.com-https://malshare.com
Malshare.io-https://malshare.io

Repositorios de Github:

https://github.com/fabrimagic72/malware-samples
https://github.com/InQuest/malware-samples
https://github.com/0x48piraj/MalWAReX
https://github.com/NEUAI/MalwareLibrary
https://github.com/Tlgyt/The-Collection

Rastreadores de malware:

URLHaus - https://urlhaus.abuse.ch/browse/
ViriBack-http://tracker.viriback.com
0btemoslab - http://tracker.0btemoslab.com
Malwaresuck - https://malwaresuck.com
Benkow-http://benkow.cc/passwords.php?page=1
Haruko-https://tracker.fumik0.com
VXVault-http://vxvault.net/ViriList.php
Rastreador CC: https://cybercrime-tracker.net
Malc0de - http://malc0de.com/database
CRDF - https://threatcenter.crdf.fr
MDL: https://www.malwaredomainlist.com/mdl.php
Tweet COI - http://tweettioc.com
Rastreador de ladrones - http://malwr.cc
Amenaza compartida: https://threatshare.io/malware/

Evaluación automatizada de Sandbox:

VirusTotal - https://www.virustotal.com
Análisis híbrido: https://www.hybrid-analysis.com
VMRay - https://www.vmray.com
Sndbox-https://app.sndbox.com
VirusBay - https://beta.virusbay.io
Cualquier.run - https://app.any.run
Tria.ge - https://tria.ge
Intezer-https://analyze.intezer.com
Malwr-https://malwr.com
Malwr Cuco - http://mlwr.ee
Metadefender - https://metadefender.opswat.com
Valquiria - https://valkyrie.comodo.com
Joe Sandbox-https://www.joesandbox.com
Pikker: http://sandbox.pikker.ee
ViCheck-https://www.vicheck.ca
Jotti-https://virusscan.jotti.org
Virscan-http://virscan.org
Anubis - http://anubis.iseclab.org
Wepawet-https://wepawet.cs.ucsb.edu
Manalyzer - https://manalyzer.org
Despacme - https://www.unpac.me

Análisis de cadenas estáticas:

Linux:

archivo
trid
instrumentos de cuerda
seda floja
xdd
compensación
profundo
telfhash
autentihash
gdb
rastro
radare2
exiftool
elfdump
volcado de objetos
lectura
elfutiles
pax-utils
imphash
profundo
autentihash
extractor a granel
uudeview
principal
bisturí
esteghide
nieve
zsteg
estegosuite
estegbreak
detección de esteg
Pimiento - https://github.com/Th3Hurrican3/PEpper
pev
pecarve
pescanner.py
analizarPE.py
AnalizarPE
upx
yara
rasgarPE - https://github.com/matonis/ripPE
Unipacker-https://github.com/unipacker/unipacker

Ventanas:

Explorador de CFF: https://ntcore.com/?page_id=388
Hacker de recursos: http://www.angusj.com/resourcehacker
Hacker de recursos XN: https://stefansundin.github.io/xn_resource_editor
Caminante de dependencia - http://www.dependencywalker.com
LordPE - http://www.woodmann.com/collaborative/tools/images/Bin_LordPE_2010-6-29_3.9_LordPE_1.41_Deluxe_b.zip
Escila - https://github.com/NtQuery/Scylla
Detectarlo fácilmente - https://ntinfo.biz
Explorador de PE: http://www.heaventools.com/overview.htm
Importar REConstructor: https://github.com/NtQuery/Scylla
SeñorPE - https://www.aldeid.com/wiki/LordPE
PEiD - https://www.aldeid.com/wiki/PEiD
PEvista: https://www.aldeid.com/wiki/PEView
FileAlyzer: https://www.safer-networking.org/products/filealyzer/
PEstudio - https://www.winitor.com/
Chimprec - https://www.aldeid.com/wiki/CHimpREC
Información privilegiada de PE: https://cerbero.io/peinsider/
PEframe-https://github.com/guelfoweb/peframe
UPX-https://github.com/upx
Manalyze - https://github.com/JusticeRage/Manalyze
PortEx: https://github.com/katjahahn/PortEx
Signsrch: https://aluigi.altervista.org/mytoolz/signsrch.zip
Revelo - http://www.kahusecurity.com/2012/05/revelo-javascript-deobfuscator
UniExtract2 - https://github.com/Bioruebe/UniExtract2
MalUnpack - https://github.com/hasherezade/mal_unpack
PE_recovery_tools - https://github.com/hasherezade/pe_recovery_tools
Descifrador automático XOR: https://github.com/MRGEffitas/scripts/blob/master/auto_xor_decryptor.py

Detonación dinámica en vivo:

Apoderado

Violinista - https://www.telerik.com/fiddler
Suite Burp: https://portswigger.net/burp/communitydownload

MitM

DNS falso: https://www.fireeye.com/services/freeware/apatedns.html
ApateDNS - https://github.com/Crypt0s/FakeDns

C2

FakeNet: https://github.com/fireeye/flare-fakenet-ng
INetSim - https://www.inetsim.org
netcat-http://netcat.sourceforge.net
TCPView: https://docs.microsoft.com/en-us/sysinternals/downloads/tcpview
Wireshark-https://www.wireshark.org
C2 imaginario: https://github.com/felixweyne/imaginaryC2
Suricata - https://suricata-ids.org/download/
SIG de amenazas emergentes: https://rules.emergingthreats.net/
Tor-https://www.torproject.org/

Registro

RegShot: https://sourceforge.net/projects/regshot
Qué cambió: https://www.majorgeeks.com/files/details/what_changed.html
Captura BAT: https://www.honeynet.org/node/315

Proceso

Hacker de procesos: https://github.com/processhacker/processhacker
Monitor de proceso: https://docs.microsoft.com/en-us/sysinternals/downloads/procmon
Explorador de procesos: https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer
ProcessSpawnControl-https://github.com/felixweyne/ProcessSpawnControl
ProcDOT - http://www.procdot.com

API

Monitor API: http://www.rohitab.com/apimonitor#Download
APISpy: http://www.matcode.com/apis32.htm

Persistencia

Ejecuciones automáticas: https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns

Memoria

volatilidad: https://github.com/volatilityfoundation/volatility
Memoriaze: https://www.fireeye.com/services/freeware/memoryze.html
Cargador de controladores OSR: https://www.aldeid.com/wiki/OSR-Driver-Loader
El kit de detective: https://github.com/sleuthkit/sleuthkit
Truman-http://nsmwiki.org/Truman_Overview
yara-https://github.com/virustotal/yara

Marcos

mastín - https://github.com/KoreLogicSecurity/mastiff
IRMA-https://github.com/quarkslab/irma
VÍBORA: https://github.com/viper-framework/viper
Loki-https://github.com/Neo23x0/Loki
Escáner múltiple: https://github.com/mitre/multiscanner
taller de corte - https://github.com/MITRECND/chopshop
Munin-https://github.com/Neo23x0/munin
Fenrir-https://github.com/Neo23x0/Fenrir
Arpón: https://github.com/Neo23x0/harpoon

Ingeniería inversa manual:

educación física:

En línea: https://onlinedisassembler.com/static/home/index.html
IDA-https://www.hex-rays.com/products/ida/
Descompilador de Hex-Rays: https://www.hex-rays.com/products/decompiler/
radare2 - https://github.com/radare/radare2
Ninja binario - https://binary.ninja/
BinDiff: https://www.zynamics.com/bindiff.html
BinNavi-https://github.com/google/binnavi
Bochs-http://bochs.sourceforge.net/getcurrent.html
x64dbg - https://x64dbg.com/#start
WinDbg: https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/debugger-download-tools
OllyDbg - http://www.ollydbg.de/
ImmunityDbg: https://www.immunityinc.com/products/debugger/

Código de shell:

xorsearch: https://blog.didierstevens.com/2014/09/29/update-xorsearch-with-shellcode-detector/
scdbg-http://sandsprite.com/blogs/index.php?uid=7&pid=152
shellcode2exe - https://zeltser.com/convert-shellcode-to-assembly/
jmp2it - https://digital-forensics.sans.org/blog/2014/12/30/ Taking-control-of-the-instruction-pointer/
BlobRunner-https://github.com/OALabs/BlobRunner

.NETO:

dnSpy-https://github.com/0xd4d/dnSpy
dotPeek: https://www.jetbrains.com/decompiler
ILSpy: https://github.com/icsharpcode/ILSpy
SimplementeDecompile: https://www.telerik.com/products/decompiler.aspx
JustAssembly - https://www.telerik.com/justassembly
Reflector: https://www.red-gate.com/products/dotnet-development/reflector/index
CodeReflect - http://www.devextras.com/decompiler
Dis# - http://www.netdecompiler.com
Desensamblador IL: https://www.dotnetperls.com/il-disassembler
Diagnóstico de desmontaje: https://adamsitnik.com/Disassembly-Diagnoser

JS:

V8 - https://isc.sans.edu/diary/V8+as+an+Alternative+to+SpiderMonkey+for+JavaScript+Deobfuscation/12157
caja-js - https://github.com/CapacitorSet/box-js
js-detox - https://github.com/svent/jsdetox

Destello:

SWFDec: https://cgit.freedesktop.org/wiki/swfdec
swf_mastah.py - https://github.com/9b/pdfxray_lite/blob/master/swf_mastah.py

VBA:

ViperMonkey: https://github.com/decalage2/ViperMonkey
olevba.py - https://github.com/decalage2/oletools/wiki/olevba

VIEJO:

OfficeMalScanner - http://www.reconstructer.org/code/OfficeMalScanner.zip
Herramientas OLE: https://www.decalage.info/python/oletools
Hachoir - https://bitbucket.org/haypo/hachoir/wiki/hachoir-urwid
EXEFiltro - http://www.decalage.info/exefilter

RTF:

rtfproc
rtfprocrulo
rtfraptor
escaneo rtf
rtfobj
analizador rtf
rtfdump

PDF:

Descargador de secuencias de PDF: http://sandsprite.com/blogs/index.php?uid=7&pid=57
Disector PDF - https://blog.zynamics.com/2010/09/03/pdf-dissector-1-7-0-released/
Herramientas PDF: https://blog.didierstevens.com/programs/pdf-tools/
pdfid.py - https://blog.didierstevens.com/programs/pdf-tools/
pdfparser.py - https://blog.didierstevens.com/programs/pdf-tools/
peepdf.py - https://github.com/jesparza/peepdf
qpdf-http://qpdf.sourceforge.net/
pdfinfo
pdf2txt
pdfdesprender

Otro:

Herramientas de Kahusecurity: http://www.kahusecurity.com/tools.html
DidierStevensSuite-https://github.com/DidierStevens/DidierStevensSuite
Impresionante lista de análisis de malware: https://github.com/rshipp/awesome-malware-analysis
Impresionante lista de inversión: https://github.com/tylerha97/awesome-reversing
Remnux-https://remnux.org/
SANS SIFT - https://digital-forensics.sans.org/community/downloads
FireEye FLARE-VM-https://github.com/fireeye/flare-vm
FireEye CommandoVM: https://github.com/fireeye/commando-vm
Webshell-intel: https://github.com/Neo23x0/webshell-intel
Comportamientos de malware: https://github.com/MAECProject/malware-behaviors
MalTrail: https://github.com/stamparm/maltrail

YARA:

YaraScanner: https://github.com/mitre/yararules-python
Analizador Yara: https://github.com/Neo23x0/yarAnalyzer
Generador Yara: https://github.com/Neo23x0/yarGen
Impresionante-Yara - https://github.com/Neo23x0/awesome-yara
Firmas de malware: https://github.com/Neo23x0/malware-signatures
Conjunto de firmas: https://github.com/Neo23x0/signature-base
Reglas de Yara: https://github.com/Neo23x0/rules
mkYARA - https://blog.fox-it.com/2019/03/28/mkyara-writing-yara-rules-for-the-lazy-analyst/

Total de virus:

Documento del investigador de VT: https://storage.googleapis.com/vt-gtm-wp-media/virustotal-for-investigators.pdf

Expandir
Información adicional
Aplicaciones relacionadas
Recomendado para ti
Información relacionada Todo