malware tools
1.0.0
Кураторский список репозиториев вредоносного ПО, средств отслеживания и инструментов анализа вредоносного ПО.
ВирусТотал - https://virustotal.com
VirusBay - https://beta.virusbay.io
Малбеакон - https://malbeacon.com
Трафик.моэ - https://traffic.moe
Бред анализа трафика - https://www.malware-traffic-anasis.net
theZoo — https://github.com/ytisf/theZoo/tree/master/malwares
Контагио - https://contagiodump.blogspot.com
OpenMalware — https://openmalware.com
Вирусинг - http://www.virusign.com
ДасМельверк - https://dasmalwerk.eu
Мальквариум - https://malquarium.org
VirusShare - https://virusshare.com
MalwareOne — https://malware.one
AVCesar - https://avcaesar.malware.lu
0xffff0800 — https://iec56w4ibovnb4wc.onion.si/Library
Malshare.com - https://malshare.com
Malshare.io - https://malshare.io
https://github.com/fabrimagic72/malware-samples
https://github.com/InQuest/malware-samples
https://github.com/0x48piaj/MalWAReX
https://github.com/NEUAI/MalwareLibrary
https://github.com/Tlgyt/The-Collection
URLHaus - https://urlhaus.abuse.ch/browse/
ВириБак - http://tracker.viriback.com
0btemoslab - http://tracker.0btemoslab.com
Вредоносное ПО — https://malwaresuck.com
Бенкоу - http://benkow.cc/passwords.php?page=1
Харуко - https://tracker.fumik0.com
VXVault — http://vxvault.net/ViriList.php
CC Tracker - https://cybercrime-tracker.net
Malc0de — http://malc0de.com/database
CRDF - https://threatcenter.crdf.fr
MDL — https://www.malwaredomainlist.com/mdl.php
Твит МОК — http://tweettioc.com
Трекер воров — http://malwr.cc
ThreatShare — https://threatshare.io/malware/
VirusTotal - https://www.virustotal.com.
Гибридный анализ - https://www.hybrid-anaанализ.com
ВМрей - https://www.vmray.com
Сндбокс - https://app.sndbox.com
VirusBay - https://beta.virusbay.io
Any.run - https://app.any.run
Триа.ге - https://tria.ge
Интезер - https://analyze.intezer.com
Малвр - https://malwr.com
Малвр Кукушка - http://mlwr.ee
Метазащитник - https://metadefender.opswat.com
Валькирия - https://valkyrie.comodo.com
Джо Песочница - https://www.joesandbox.com
Пиккер - http://sandbox.pikker.ee
ВиЧек - https://www.vicheck.ca
Джотти - https://virusscan.jotti.org
Вирскан - http://virscan.org
Анубис - http://anubis.iseclab.org
Wepawet - https://wepawet.cs.ucsb.edu
Анализатор - https://manalyzer.org
Unpacme - https://www.unpac.me
файл
трид
струны
нить
ххд
возмещение
ссглубокий
телфхэш
аутентифеш
БДБ
след
радар2
exiftool
эльфдамп
объектный дамп
ридельф
эльфутилс
pax-utils
импхэш
ссглубокий
аутентифеш
массовый экстрактор
уудвью
прежде всего
скальпель
Стегид
Стегснег
зстег
стеголюкс
Стегбрейк
стегдетект
перец - https://github.com/Th3Hurrican3/PEpper
Пев
пекарвирование
pescanner.py
анализPE.py
АнализироватьPE
упх
яра
ripPE - https://github.com/matonis/ripPE
Юнипакер — https://github.com/unipacker/unipacker
CFF Explorer — https://ntcore.com/?page_id=388
Ресурсный хакер - http://www.angusj.com/resourcehacker
Хакер ресурсов XN — https://stefansundin.github.io/xn_resource_editor
Dependency Walker - http://www.dependentwalker.com
LordPE - http://www.woodmann.com/collaborative/tools/images/Bin_LordPE_2010-6-29_3.9_LordPE_1.41_Deluxe_b.zip
Сцилла - https://github.com/NtQuery/Scylla
Обнаружить это легко - https://ntinfo.biz
PE Explorer — http://www.heaventools.com/overview.htm
Импортировать REConstructor - https://github.com/NtQuery/Scylla
LordPE - https://www.aldeid.com/wiki/LordPE
ПЭиД - https://www.aldeid.com/wiki/PEiD
PEview — https://www.aldeid.com/wiki/PEView
FileAlyzer — https://www.safer-networking.org/products/filealyzer/
PEstudio - https://www.winitor.com/
Шимпрек - https://www.aldeid.com/wiki/CHimpREC
PE Insider — https://cerbero.io/peinsider/
PEframe — https://github.com/guelfoweb/peframe
ЮПХ — https://github.com/upx
Анализировать - https://github.com/JusticeRage/Manalyze
ПортЭкс — https://github.com/katjahahn/PortEx
Signsrch - https://aluigi.altervista.org/mytoolz/signsrch.zip
Ревело — http://www.kahusecurity.com/2012/05/revelo-javascript-deobfuscator
UniExtract2 — https://github.com/Bioruebe/UniExtract2
MalUnpack — https://github.com/hasherezade/mal_unpack
PE_recovery_tools — https://github.com/hasherezade/pe_recovery_tools
Автоматический дешифратор XOR — https://github.com/MRGEffitas/scripts/blob/master/auto_xor_decryptor.py
Скрипач - https://www.telerik.com/fiddler
Burp Suite — https://portswigger.net/burp/communitydownload
FakeDNS — https://www.fireeye.com/services/freeware/apatedns.html
АпатеDNS — https://github.com/Crypt0s/FakeDns
FakeNet — https://github.com/fireeye/flare-fakenet-ng
INetSim - https://www.inetsim.org
netcat — http://netcat.sourceforge.net
TCPView — https://docs.microsoft.com/en-us/sysinternals/downloads/tcpview
Wireshark — https://www.wireshark.org
Воображаемый C2 — https://github.com/felixweyne/imaginaryC2
Суриката - https://suricata-ids.org/download/
SIG о новых угрозах — https://rules.emergingthreats.net/
Тор - https://www.torproject.org/
RegShot — https://sourceforge.net/projects/regshot
ЧтоИзменено - https://www.majorgeeks.com/files/details/what_changed.html
CaptureBAT — https://www.honeynet.org/node/315
Хакер процессов — https://github.com/processhacker/processhacker
Монитор процессов — https://docs.microsoft.com/en-us/sysinternals/downloads/procmon
Обозреватель процессов — https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer
ProcessSpawnControl — https://github.com/felixweyne/ProcessSpawnControl
ПрокДОТ - http://www.procdot.com
API-монитор — http://www.rohitab.com/apimonitor#Download
APISpy — http://www.matcode.com/apis32.htm
Автозапуск — https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns.
волатильность - https://github.com/volatilityfoundation/volatility
Memoryze - https://www.fireeye.com/services/freeware/memoryze.html
Загрузчик драйверов OSR — https://www.aldeid.com/wiki/OSR-Driver-Loader
Набор сыщика — https://github.com/sleuthkit/sleuthkit
Трумэн - http://nsmwiki.org/Truman_Overview
Яра - https://github.com/virustotal/yara
мастиф - https://github.com/KoreLogicSecurity/mastiff
ИРМА - https://github.com/quarkslab/irma
VIPER - https://github.com/viper-framework/viper
Локи - https://github.com/Neo23x0/Loki
Мультисканер — https://github.com/mitre/multiscanner
магазин - https://github.com/MITRECND/chopshop
Мунин - https://github.com/Neo23x0/munin
Фенрир - https://github.com/Neo23x0/Fenrir
Гарпун - https://github.com/Neo23x0/harpoon
Онлайн - https://onlinedisassembler.com/static/home/index.html.
МАР - https://www.hex-rays.com/products/ida/
Декомпилятор Hex-Rays — https://www.hex-rays.com/products/decompiler/
радар2 - https://github.com/radare/radare2
Бинарный ниндзя - https://binary.ninja/
BinDiff — https://www.zynamics.com/bindiff.html
БинНави - https://github.com/google/binnavi
Бохс - http://bochs.sourceforge.net/getcurrent.html
x64dbg - https://x64dbg.com/#start
WinDbg — https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/debugger-download-tools
OllyDbg - http://www.ollydbg.de/
ImmunityDbg — https://www.immunityinc.com/products/debugger/
xorsearch - https://blog.didierstevens.com/2014/09/29/update-xorsearch-with-shellcode-detector/
scdbg - http://sandsprite.com/blogs/index.php?uid=7&pid=152
shellcode2exe - https://zeltser.com/convert-shellcode-to-assembly/
jmp2it - https://digital-forensics.sans.org/blog/2014/12/30/take-control-of-the-instruction-pointer/
BlobRunner — https://github.com/OALabs/BlobRunner
dnSpy — https://github.com/0xd4d/dnSpy
dotPeek — https://www.jetbrains.com/decompiler
ILSpy — https://github.com/icsharpcode/ILSpy
JustDecompile - https://www.telerik.com/products/decompiler.aspx
JustAssembly - https://www.telerik.com/justassembly
Отражатель — https://www.red-gate.com/products/dotnet-development/reflector/index
CodeReflect — http://www.devextras.com/decompiler
Dis# — http://www.netdecompiler.com
Дизассемблер IL - https://www.dotnetperls.com/il-disassembler
Диагностика разборки - https://adamsitnik.com/Disassembly-Diagnoser
V8 - https://isc.sans.edu/diary/V8+as+an+Alternative+to+SpiderMonkey+for+JavaScript+Deobfuscation/12157
box-js — https://github.com/CapacitorSet/box-js
js-детокс - https://github.com/svent/jsdetox
SWFDec — https://cgit.freedesktop.org/wiki/swfdec
swf_mastah.py — https://github.com/9b/pdfxray_lite/blob/master/swf_mastah.py
ViperMonkey — https://github.com/decalage2/ViperMonkey
olevba.py — https://github.com/decalage2/oletools/wiki/olevba
OfficeMalScanner — http://www.reconstructer.org/code/OfficeMalScanner.zip
OLETools — https://www.decalage.info/python/oletools
Хачойр - https://bitbucket.org/haypo/hachoir/wiki/hachoir-urwid
EXEFilter - http://www.decalage.info/exefilter
rtfproc
rtfprocrule
ртфраптор
rtfscan
rtfobj
rtfparser
rtfdump
Дамп потока PDF — http://sandsprite.com/blogs/index.php?uid=7&pid=57
PDF Dissector — https://blog.zynamics.com/2010/09/03/pdf-dissector-1-7-0-released/
PDF-инструменты — https://blog.didierstevens.com/programs/pdf-tools/
pdfid.py — https://blog.didierstevens.com/programs/pdf-tools/
pdfparser.py — https://blog.didierstevens.com/programs/pdf-tools/
peepdf.py - https://github.com/jesparza/peepdf
qpdf - http://qpdf.sourceforge.net/
pdfinfo
pdf2txt
pdfdetach
Инструменты Kahusecurity — http://www.kahusecurity.com/tools.html
DidierStevensSuite — https://github.com/DidierStevens/DidierStevensSuite
Потрясающий список анализа вредоносных программ — https://github.com/rshipp/awesome-malware-anaанализ
Потрясающий список реверса — https://github.com/tylerha97/awesome-reversing
Ремнукс - https://remnux.org/
SANS SIFT — https://digital-forensics.sans.org/community/downloads
FireEye FLARE-VM — https://github.com/fireeye/flare-vm
FireEye CommandoVM — https://github.com/fireeye/commando-vm
Webshell-intel - https://github.com/Neo23x0/webshell-intel
Поведение вредоносных программ — https://github.com/MAECProject/malware-behaviors
MalTrail — https://github.com/stamparm/maltrail
YaraScanner — https://github.com/mitre/yararules-python
Анализатор Yara — https://github.com/Neo23x0/yarAnalyzer
Генератор Yara - https://github.com/Neo23x0/yarGen
Awesome-Yara - https://github.com/Neo23x0/awesome-yara
Вредоносные подписи - https://github.com/Neo23x0/malware-signatures
Набор подписей - https://github.com/Neo23x0/signature-base
Правила Yara - https://github.com/Neo23x0/rules
mkYARA - https://blog.fox-it.com/2019/03/28/mkyara-writing-yara-rules-for-the-lazy-analyst/
Документ VT Investigator – https://storage.googleapis.com/vt-gtm-wp-media/virustotal-for-investigators.pdf
