321 Open source projects that are alternatives of or similar to Cirtkit

Educational, CTF-styled labs for individuals interested in Memory Forensics

Mach-O & Universal Binary Parser

Cortex: a Powerful Observable Analysis and Active Response Engine

Collection of scripts for different malware analysis tasks

makin - reveal anti-debugging and anti-VM tricks [This project is not maintained anymore]

Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).

HaboMalHunter is a sub-project of Habo Malware Analysis System (https://habo.qq.com), which can be used for automated malware analysis and security assessment on the Linux system.

Automagically extract forensic timeline from volatile memory dump

Windows kernel and user mode emulation.

A modular Python application to pull intelligence about malicious files

A collection of malware samples and relevant dissection information, most probably referenced from http://blog.inquest.net

A simple command-line script to interact with the virustotal-api

Script to create templates to use with VirtualBox to make vm detection harder

oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.

PS / Bash / Python / Other scripts For FUN!

A machine learning tool that ranks strings based on their relevance for malware analysis.

ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.

Automation and Scaling of Digital Forensics Tools

CLI tool to analyze PE files

Extract and aggregate threat intelligence.

This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions

The PE file analysis toolkit

Analyzing Rig Exploit Kit

Various snippets created during malware analysis

FCL (Fileless Command Lines) - Known command lines of fileless malicious executions

Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android

A binary analysis framework

Defanged Indicator of Compromise (IOC) Extractor.

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

Norimaci is a simple and lightweight malware analysis sandbox for macOS

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.

Malware Data Science Reading Diary / Notes

Android virtual machine and deobfuscator

Submits multiple domains to VirusTotal API

swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.

GDA is a new fast and powerful decompiler in C++(working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, dat…

Documentation of TheHive

BeSafe is robust threat analyzer which help to protect your desktop environment and know what's happening around you

Sandbox for semi-automatic Javascript malware analysis, deobfuscation and payload extraction. Written for Node.js

Signature base for my scanner tools

A Linux Ransomware

A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.

macOS Artifact Parsing Tool

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

idenLib - Library Function Identification [This project is not maintained anymore]

Emofishes is a collection of proof of concepts that help improve, bypass or detect virtualized execution environments (focusing on the ones setup for malware analysis).

A Tool for Automatic Analysis of Malware Behavior

[Suspended] FakeNet-NG - Next Generation Dynamic Network Analysis Tool

A Python RESTful API framework for online malware analysis and threat intelligence services.

Python API Client for Cortex

MISP (core software) - Open Source Threat Intelligence and Sharing Platform

A curated list of awesome YARA rules, tools, and people.

Bringing you the best of the worst files on the Internet.

Sandboxed Execution Environment

Windows driver with usermode interface which can hide objects of file-system and registry, protect processes and etc

yarGen is a generator for YARA rules

Indicator Extractor

Invoke-LiveResponse

A toolkit for Security Researchers