awesome-volatility
github.com/zarkyo/awesome-volatility ↗A curated list of ressources for Volatility 2 & 3
Use this list with your AI agent
Add the Context Awesome MCP server to Claude, Cursor, or any MCP client, then ask:
"Show me plugins resources from awesome-volatility"
Installation instructions →What's inside
Challenges
Volatility 2
- ACPI rootkit scanPlugins
Plugin to detect ACPI rootkits
- apihooksdeepPlugins
whitelist code found by apihooks based on an ssdeep hash
- apt17scanPlugins
Plugin for Detecting APT17 malware
- AutoRunsPlugins
Finding persistence points (also called "Auto-Start Extensibility Points", or ASEPs) is a recurring task of any investigation potentially involving malware.
- AutoVolatility
Run several volatility plugins at the same time
- BitLocker 1Plugins
Plugin that retrieves the Full Volume Encryption Key (FVEK) in memory
Volatility 3
- Alternate Data Stream Scanning PluginPlugins
Scans for MFT entries looking for alternate data streams that may be cached in memory
- AnyDeskPlugins
The plugin is scanning, extracting and parsing Windows AnyDesk trace files.
- ApiHashPlugins
Scans for API hashes used as arguments to functions in memory regions that wouldn’t typically have executable code. It then attempts to resolve the hashes leveraging a publicly available hash database
- apisearchPlugins
This plugin helps identifying pointers to APIs (functions defined in loaded DLLs). It does that by iterating over all loaded DLLs, enumerating their exports and searching for any pointers to the exported functions.
- AutorunsPlugins
Finding persistence points (also called "Auto-Start Extensibility Points", or ASEPs) is a recurring task of any investigation potentially involving malware. (Port of tomchop's autoruns plugin for Volatility 3)
- bpf_graph PluginPlugins
Helps visualize the state of the BPF subsystem as a graph
Resources
Showing a sample of 110 resources. View the full list on GitHub →