Forensic & Malware Analysis

Tools and resources for forensic and malware analysis.

198 tools in this category
Showing 198 of 198 tools
![AWS logo
From ImHex
Visit
![Build status
From sleuthkit
Visit
![Build Status
From CyLR
Visit
![Build Status
From drltrace
Visit
![Coverage Status
From mitmproxy
Visit
![JetBrains logo
From ImHex
Visit
![Latest Version
From mitmproxy
Visit
![SignPath logo
From ImHex
Visit
![Supported Python versions
From mitmproxy
Visit
[paper
From Sherloq
Visit
[paper
From Sherloq
Visit
[paper
From Sherloq
Visit
[paper
From Sherloq
Visit
[paper
From Sherloq
Visit
[paper
From Sherloq
Visit
[website
From Sherloq
Visit
@abdullah_rush
From Kuiper
Visit
@muteb_alqahtani
From Kuiper
Visit
@saleh_muhaysin
From Kuiper
Visit
010 Editor
Edit text files, XML, HTML, Unicode and UTF-8 files, C/C++ source code, PHP, etc. Unlimited undo and powerful editing and scripting tools.
Visit
Abdullah Alrasheed
From Kuiper
Visit
Add Custom Parser
From Kuiper
Visit
Alan Orlikoski
From CyLR
Visit
Android Malware Sandbox
Sandbox for analyzing Android malware.
Visit
Any Run
Interactive malware sandbox for real-time analysis and threat intelligence.
Visit
Autopsy
Digital forensics platform and graphical interface for The Sleuth Kit and other tools.
Visit
AxCut
From ImHex
Visit
Belkasoft Evidence Center
Comprehensive digital forensics and incident response platform.
Visit
Binalyze AIR
Digital forensics platform for comprehensive incident response.
Visit
Block search view
From dynStruct
Visit
Bluepot
Bluetooth honeypot for monitoring and capturing malicious activity.
Visit
Bookmarks, data information, find view and data processor
From ImHex
Visit
Bottle
From dynStruct
Visit
BruteXSS
Finds Cross-Site Scripting (XSS) vulnerabilities in web applications.
Visit
build 7.91.18109
From dynStruct
Visit
build status
From drltrace
Visit
CAINE
Ubuntu-based tool that provides a complete forensic environment with a graphical interface.
Visit
CAPE
Malware sandbox designed for executing and analyzing malicious files.
Visit
CFR
Java decompiler supporting features up to Java 14.
Visit
changes
From REKALL
Visit
Charles Proxy
A cross-platform GUI web debugging proxy for viewing intercepted HTTP and HTTPS/SSL live traffic.
Visit
Conda environment
From Sherloq
Visit
cronbuild
From dynStruct
Visit
Cuckoo Sandbox
Automated malware analysis and detection in an isolated environment.
Visit
Cyber Triage
Automated DFIR software for investigating malware, ransomware, and account takeovers.
Visit
Dalfox
Powerful open-source XSS scanner for automation.
Visit
Data Information view displaying various stats about the file
From ImHex
Visit
Data Processor decrypting some data and displaying it as an image
From ImHex
Visit
Dear ImGui
From ImHex
Visit
DFIRKuiperAPI
From Kuiper
Visit
DFTimewolf
Framework for orchestrating forensic collection, processing, and export.
Visit
directory
From drltrace
Visit
Distribute
Malware analysis tool that helps distribute files for analysis.
Visit
docker image
From Kuiper
Visit
Dumpzilla
Tool to extract forensic data from Firefox, Iceweasel, and Seamonkey browsers.
Visit
Dwarf Debugger
A debugger for reverse engineers and security analysts.
Visit
DynamoRIO
From dynStruct
Visit
DynamoRIO
From drltrace
Visit
EaseUS
Free Data Recovery Software Recover up to 2GB data for free on Windows 11/10/8/7
Visit
edit member view
From dynStruct
Visit
edlib
From ImHex
Visit
Elastic Security YARA Rules
Signature-based YARA rules for detecting threats across multiple platforms.
Visit
EnCase
Suite of digital investigation products by Guidance Software.
Visit
Eric's Registry Explorer/RECmd
From RegRipper4.0
Visit
evtkit
Tool for fixing acquired Windows Event Log files.
Visit
Example disassembly
From dynStruct
Visit
Executing Commands and Bypassing AppLocker with PowerShell Diagnostic Scripts
Demonstrates techniques for bypassing AppLocker and executing commands with PowerShell diagnostic scripts.
Visit
Fabric Platform
Automates cybersecurity reporting with open-source tools and templates.
Visit
Findom-XSS
A simple DOM-based XSS vulnerability scanner.
Visit
Findsploit
Instantly find exploits from local and online databases.
Visit
First screenshot
From dynStruct
Visit
GetFieldsScript
From Kuiper
Visit
github.com/dazinator/DotNet.Glob
From CyLR
Visit
GitHunter
Searches Git repositories for sensitive data.
Visit
GRR
From REKALL
Visit
Gscript Dropper
Introduction to using Gscript as a dropper tool in red team operations.
Visit
HashLibPlus
From ImHex
Visit
Hex editor, patterns and data information
From ImHex
Visit
Hoarder
Tool for collecting and parsing Windows artifacts for digital forensics.
Visit
Hoarder
From Kuiper
Visit
HxD
A hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size
Visit
Hybrid-Analysis
Provides in-depth static and dynamic analysis of files.
Visit
Hybrid-Analysis
Hybrid Analysis is a Malaware analysis service it's free and has ai or someone does it for free it's reliable and more accurate than total virus.
Visit
ImGuiColorTextEdit
From ImHex
Visit
ImHex Plugin Template
From ImHex
Visit
ImNodes
From ImHex
Visit
ImPlot
From ImHex
Visit
Inlyse
AI-based IT security platform for identifying and stopping advanced malware.
Visit
IPED - Indexador e Processador de Evidências Digitais
Brazilian Federal Police forensic investigation tool.
Visit
IPED Digital Forensic Tool
Open-source tool for analyzing disk images and file systems.
Visit
iTrooz
From ImHex
Visit
Jason Yegge
From CyLR
Visit
json
From ImHex
Visit
jumanji144
From ImHex
Visit
jwt-key-id-injector
Python script to test for JWT vulnerabilities.
Visit
KAPE
From Kuiper
Visit
Klara
Distributed Python system to help hunt for new malware using Yara rules.
Visit
libevt
Library for parsing Windows Event Logs for forensic analysis.
Visit
libfmt
From ImHex
Visit
libregf
Library for accessing and parsing Windows NT Registry files.
Visit
licenses directory
From sleuthkit
Visit
Log2Timeline (Plaso)
Tool for creating timelines for forensic analysis.
Visit
ltrace
From drltrace
Visit
Mailaender
From ImHex
Visit
Malheur
Tool for automatic analysis of malware behavior using machine learning.
Visit
MalShare
Platform for uploading, searching, and downloading malware samples.
Visit
Malware Traffic Analysis
Analyzes malicious network traffic to detect malware activity.
Visit
Malwover
Malware detection and prevention for advanced cyber threats.
Visit
malzilla
Malware hunting tool for analysis and detection.
Visit
Mary
From ImHex
Visit
Master Thesis
From dynStruct
Visit
Mastiff
Static analysis framework for extracting key characteristics from files.
Visit
microtar
From ImHex
Visit
miniaudio
From ImHex
Visit
Mobile Audit
SAST and malware analysis tool for Android APKs.
Visit
Mobile Verification Toolkit (MVT)
Forensic tool for gathering traces from Android and iOS devices.
Visit
Muteb Alqahtani
From Kuiper
Visit
nativefiledialog-extended
From ImHex
Visit
Neal Krawetz
From Sherloq
Visit
NodeYara
Yara module for Node.js for scanning with Yara rules.
Visit
Odin
Malware analysis platform with advanced threat detection.
Visit
official site
From Sherloq
Visit
Open Letter to the users of Skadi, CyLR, and CDQR
From CyLR
Visit
OSDFCON 2017
From CyLR
Visit
Pancake Viewer
DFVFS-backed viewer for file extraction and viewing.
Visit
PhotoRec
PhotoRec is file data recovery software designed to recover lost files including video, documents and archives from hard disks (Mechanical Hard drives, Solid State Drives...), CD-ROMs, and lost pictures (thus the Photo Recovery name) from digital camera memory.
Visit
Publication
From dynStruct
Visit
PyaraScanner
Multithreaded YARA scanner for incident response or malware zoos.
Visit
PyLibEmu
Python wrapper for Libemu for shellcode analysis.
Visit
Python
From REKALL
Visit
qsfuzz
Fuzzes query strings to identify security vulnerabilities.
Visit
Radare2
Powerful framework for reverse engineering and binary analysis.
Visit
ReClass
A reverse engineering tool for Windows executable analysis.
Visit
Recuva
Recover your deleted files quickly and easily. Accidentally deleted an important file? Lost files after a computer crash? No problem - Recuva recovers files from your Windows computer, recycle bin, digital camera card, or MP3 player!
Visit
Redline
Host investigation and data acquisition tool.
Visit
ReFlutter
Framework for reverse engineering Flutter apps.
Visit
RegRipper - Handling transaction logs
From RegRipper4.0
Visit
Rekall-Forensic.com
From REKALL
Visit
releases
From Forensic Tools
Visit
Research on CMSTP.exe
Detailed research on using CMSTP.exe for bypassing security restrictions and executing arbitrary code.
Visit
Roblabla
From ImHex
Visit
Saleh Muhaysin
From Kuiper
Visit
Sandboxie-Plus
Another Malaware sandbox and might be a better option if your testing runs.
Visit
Shotgunyara
Generates YARA rules for various string and encoded malware variations.
Visit
Silk Guardian
Anti-forensic Linux kernel module that acts as a USB port kill-switch.
Visit
Skadi
Open-source tools for forensic artifact and image analysis.
Visit
Static File Analyzer (SFA)
A deep analysis tool for malicious files using ClamAV and YARA rules.
Visit
STL Parser written in the Pattern Language visualizing a 3D model
From ImHex
Visit
StringSifter
A machine learning tool for ranking strings for malware analysis.
Visit
tcpdump
A powerful command-line packet analyzer, along with libpcap for network traffic capture.
Visit
TestDisk
Data recovery software for recovering lost partitions and undeleting files.
Visit
the Database
From ImHex
Visit
The DFIR Report
In-depth threat intelligence reports and services.
Visit
The Sleuth Kit
From sleuthkit
Visit
this guide
From Sherloq
Visit
tools/fstools
From sleuthkit
Visit
Triton
Dynamic binary analysis library with emulation capabilities.
Visit
Turbinia
Framework for automating forensic processing in cloud environments.
Visit
UHstudent
From Sherloq
Visit
UploadMachines
From Kuiper
Visit
usbmon
USB capture tool for Linux, used for monitoring USB traffic.
Visit
USBPcap
USB capture tool for Windows, useful for monitoring USB traffic.
Visit
Vaya-Ciego-Nen
Tool to detect and exploit Blind XSS vulnerabilities.
Visit
VirtualEnvWrapper
From Sherloq
Visit
Volatility
Framework for memory forensics and analysis of volatile memory.
Visit
Volatility 3
Framework for extracting data from volatile memory for system state analysis.
Visit
VxSig
Automatically generates AV byte signatures for similar binaries.
Visit
warp packer
From CyLR
Visit
Weaponised-XSS-payloads
A collection of XSS payloads for exploiting web vulnerabilities.
Visit
WerWolv
From ImHex
Visit
wiki
From sleuthkit
Visit
wiki
From drltrace
Visit
Wiki page
From drltrace
Visit
wiki/fat
From sleuthkit
Visit
wiki/filesystem
From sleuthkit
Visit
wiki/hfind
From sleuthkit
Visit
wiki/mactime
From sleuthkit
Visit
wiki/ntfs
From sleuthkit
Visit
wiki/sorter
From sleuthkit
Visit
Windows oneliners to download remote payload and execute arbitrary code
Explains one-liner PowerShell commands for downloading and executing malicious payloads.
Visit
WinHex
Universal hex editor for forensics, data recovery, and IT security tasks.
Visit
WinHex
A hexadecimal editor, helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security
Visit
Wiz
Cloud-native security platform for detecting and preventing security threats.
Visit
WSH Injection: A Case Study
A case study on exploiting Windows Script Host (WSH) injection for command execution.
Visit
xdgpp
From ImHex
Visit
XSSCon
A simple XSS scanner for detecting vulnerabilities.
Visit
XSSor
A tool for exploiting and testing XSS vulnerabilities in web apps.
Visit
xssor2
Tool for testing and exploiting XSS vulnerabilities.
Visit
Yabin
Creates Yara signatures from malware to identify similar samples.
Visit
Yara
From ImHex
Visit
YARA
From REKALL
Visit
Yara Decompressor
Tool to decompress malware samples for running YARA rules.
Visit
Yara Rule Generator
A tool for creating YARA rules quickly to isolate malware families.
Visit
Yara Station
Management portal for LoKi scanner with a centralized database.
Visit
Yara-Rust
Yara bindings for Rust supporting various features like rule compilation.
Visit
YARA-Signator
Automatically generates YARA rules for malware repositories.
Visit
YaraStation
Management portal for Yara rule-based malware scanning.
Visit
yarGen
Generates YARA rules by extracting strings from malware files.
Visit