Skip to main content
Context Awesome

awesome-malware-analysis

github.com/rshipp/awesome-malware-analysis

Defund the Police.

14k
GitHub Stars
400
Curated Resources
17
Categories
7 hours ago
Last Refreshed
Malware CollectionOpen Source Threat IntelligenceDetection and ClassificationOnline Scanners and SandboxesDomain AnalysisBrowser MalwareDocuments and ShellcodeFile CarvingDeobfuscationDebugging and Reverse EngineeringNetworkMemory ForensicsWindows ArtifactsStorage and WorkflowMiscellaneousBooksOther

Use this list with your AI agent

Add the Context Awesome MCP server to Claude, Cursor, or any MCP client, then ask:

"Show me tools resources from awesome-malware-analysis"

Installation instructions →

What's inside

Open Source Threat Intelligence

Domain Analysis

  • AbuseIPDB

    AbuseIPDB is a project dedicated to helping combat the spread of hackers, spammers, and abusive activity on the internet.

  • badips.com

    Community based IP blacklist service.

  • boomerang

    A tool designed for consistent and safe capture of off network web resources.

  • Cymon

    Threat intelligence tracker, with IP/domain/hash search.

  • Desenmascara.me

    One click tool to retrieve as much metadata as possible for a website and to assess its good standing.

  • Dig

    Free online dig and other network tools.

Windows Artifacts

  • AChoir

    A live incident response script for gathering Windows artifacts.

Storage and Workflow

  • Aleph

    Open Source Malware Analysis Pipeline System.

  • CRITs

    Collaborative Research Into Threats, a malware and threat repository.

  • FAME

    A malware analysis framework featuring a pipeline that can be extended with custom modules, which can be chained and interact with each other to perform end-to-end analysis.

  • Malwarehouse

    Store, tag, and search malware.

Miscellaneous

  • al-khaser

    A PoC malware with good intentions that aimes to stress anti-malware systems.

  • CryptoKnight

    Automated cryptographic algorithm reverse engineering and classification framework.

  • DC3-MWCP

  • FLARE VM

    A fully customizable, Windows-based, security distribution for malware analysis.

  • MalSploitBase

    A database containing exploits used by malware.

Documents and Shellcode

  • AnalyzePDF

    A tool for analyzing PDFs and attempting to determine whether they are malicious.

  • box-js

    A tool for studying JavaScript malware, featuring JScript/WScript support and ActiveX emulation.

  • diStorm

    Disassembler for analyzing malicious shellcode.

  • InQuest Deep File Inspection

    Upload common malware lures for Deep File Inspection and heuristical analysis.

  • JS Beautifier

    JavaScript unpacking and deobfuscation.

  • libemu

    Library and tools for x86 shellcode emulation.

Detection and Classification

  • AnalyzePE

    Wrapper for a variety of tools for reporting on Windows PE files.

  • Assemblyline

    A scalable file triage and malware analysis system integrating the cyber security community's best tools..

  • BinaryAlert

    An open source, serverless AWS pipeline that scans and alerts on uploaded files based on a set of YARA rules.

  • capa

    Detects capabilities in executable files.

  • chkrootkit

    Local Linux rootkit detection.

  • ClamAV

    Open source antivirus engine.

Other

  • Android Security

  • AppSec

  • APT Notes

    A collection of papers and notes related to Advanced Persistent Threats.

  • CTFs

  • Ember

    Endgame Malware BEnchmark for Research, a repository that makes it easy to (re)create a machine learning model that can be used to predict a score for a PE file based on static analysis.

  • Executable Packing

Showing a sample of 400 resources. View the full list on GitHub →