We have collection of more than 1 Million open source products ranging from Enterprise product to small libraries in all platforms. We aggregate information from all open source repositories. Search and find the best for your needs. Check out projects section.
simplify - Generic Android Deobfuscator
- 78
Simplify virtually executes an app to understand its behavior and then tries to optimize the code so that it behaves identically but is easier for a human to understand. Each optimization type is simple and generic, so it doesn't matter what the specific type of obfuscation is used. The code on the left is a decompilation of an obfuscated app, and the code on the right has been deobfuscated.
https://github.com/CalebFenton/simplify| Tags | deobfuscation optimization android reverse-engineering malware-analysis dalvik malware deobfuscator virtual-machine emulator malware-analyzer |
| Implementation | Java |
| License | Public |
| Platform | OS-Independent |
Related Projects
dex-oracle - A pattern based Dalvik deobfuscator which uses limited execution to improve semantic analysis
A pattern based Dalvik deobfuscator which uses limited execution to improve semantic analysis. Also, the inspiration for another Android deobfuscator: Simplify. Make sure adb is on your path.
reverse-engineering android malware malware-analysis malware-analyzer deobfuscation deobfuscator dex dalvikAndrol4b - A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis
AndroL4b is an android security virtual machine based on ubuntu-mate includes the collection of latest framework, tutorials and labs from different security geeks and researchers for reverse engineering and malware analysis.
mobile-security android malware-analyzer penetration-testing reverse-engineering application-securitymalware-jail - Sandbox for semi-automatic Javascript malware analysis, deobfuscation and payload extraction
malware-jail is written for Node's 'vm' sandbox. Currently implements WScript (Windows Scripting Host) context env/wscript.js, at least the part frequently used by malware. Internet browser context is partialy implemented env/browser.js. Runs on any operating system. Developed and tested on Linux, Node.js v6.6.0.
malware-samples wscript deobfuscation angler malware-jail payload-extraction analysis payload malware-analysis malware-research malware-analyzer node malware jail sandboxpafish - Pafish is a demonstration tool that employs several techniques to detect sandboxes and analysis environments in the same way as malware families do
Pafish is a demonstration tool that employs several techniques to detect sandboxes and analysis environments in the same way as malware families do. The project is open source, you can read the code of all anti-analysis checks. You can also download the executable of the latest stable version.
malware reverse-engineering virtual-machine malware-families analysis-environments sandboxMalware - Course materials for Malware Analysis by RPISEC
This repository contains the materials as developed and used by RPISEC to teach Malware Analysis at Rensselaer Polytechnic Institute in Fall 2015. This was a university course developed and run soley by students, primarily using the Practical Malware Analysis book by Michael Sikorski and Andrew Honig, to teach skills in reverse engineering, malicious behaviour, malware, and anti-analysis techniques. The Practical Malware Analysis (PMA) book is where many RPISEC members and alumn started. The book reads very well, is full of information, and the lab walkthroughs in the back are invaluable. We didn't want to re-invent the wheel so we structured most of the class around the book. Students were expected to have read the relevant PMA book chapters before class, allowing us to spend much more class time demonstrating skills and techniques and walking through hands-on examples with the students.
multiscanner - Modular file scanning/analysis framework
MultiScanner is a file analysis framework that assists the user in evaluating a set of files by automatically running a suite of tools for the user and aggregating the output. Tools can be custom built Python scripts, web APIs, software running on another machine, etc. Tools are incorporated by creating modules that run in the MultiScanner framework. Modules are designed to be quickly written and easily incorporated into the framework. Currently written and maintained modules are related to malware analytics, but the framework is not limited to that scope. For a list of modules you can look in modules/. Descriptions and config options can be found on the Analysis Modules page.
analytic-machines analysis-framework python-script scanning antivirus metadata yara malware malware-analysis malware-analyzer malware-research cuckooandroguard - Reverse engineering, Malware and goodware analysis of Android applications
Androguard is a full python tool to play with Android files. Androguard + tools: Anthony Desnos (desnos at t0t0.fr).
android dalvik reverse-engineering dexal-khaser - Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection
al-khaser is a PoC "malware" application with good intentions that aims to stress your anti-malware system. It performs a bunch of common malware tricks with the goal of seeing if you stay under the radar. You can download the latest release here: x86 | x64.
anti-analysis anti-debugging anti-sandbox anti-vm anti-emulation code-injection malware timing-attacks av-bypass sandbox-evasionpwndbg - Exploit Development and Reverse Engineering with GDB Made Easy
Exploit Development and Reverse Engineering with GDB Made Easy
gdb peda gdbinit pwndbg reverse-engineering debugging ctf gef hack disassembler ida-pro binary-ninja defcon capture-the-flag malware malware-analysis pwnablemalcom - Malcom - Malware Communications Analyzer
Malcom is a tool designed to analyze a system's network communication using graphical representations of network traffic, and cross-reference them with known malware sources. This comes handy when analyzing how certain malware species try to communicate with the outside world. The aim of Malcom is to make malware analysis and intel gathering faster by providing a human-readable version of network traffic originating from a given host or network. Convert network traffic information to actionable intelligence faster.
malware network-traffic pcap threat-intelligence malware-analysis infosec dfirtheZoo - A repository of LIVE malwares for your own joy and pleasure
theZoo is a project created to make the possibility of malware analysis open and available to the public. Since we have found out that almost all versions of malware are very hard to come by in a way which will allow analysis, we have decided to gather all of them for you in an accessible and safe way. theZoo was born by Yuval tisf Nativ and is now maintained by Shahak Shalev. theZoo's purpose is to allow the study of malware and enable people who are interested in malware analysis (or maybe even as a part of their job) to have access to live malware, analyse the ways they operate, and maybe even enable advanced and savvy people to block specific malware within their own environment.
malware malware-analysis malware-samplesrvmi - rVMI - A New Paradigm For Full System Analysis
rVMI is a debugger on steroids. It leverages Virtual Machine Introspection (VMI) and memory forensics to provide full system analysis. This means that an analyst can inspect userspace processes, kernel drivers, and pre-boot environments in a single tool. It was specifically designed for interactive dynamic malware analysis. rVMI isolates itself from the malware by placing its interactive debugging environment out of the virtual machine (VM) onto the hypervisor-level. Through the use of VMI the analyst still has full control of the VM, which allows her to pause the VM at any point in time and to use typical debugging features such as breakpoints and watchpoints. In addition, rVMI provides access to the entire Rekall feature set, which enables an analyst to inspect the kernel and its data structures with ease.
peframe - PEframe is a open source tool to perform static analysis on (portable executable) malware.
PEframe is a open source tool to perform static analysis on Portable Executable malware and generic suspicious file. It can help malware researchers to detect packer, xor, digital signature, mutex, anti debug, anti virtual machine, suspicious sections and functions, and much more information about the suspicious files. Documentation will be available soon.
awesome-malware-analysis - A curated list of awesome malware analysis tools and resources.
A curated list of awesome malware analysis tools and resources. Inspired by awesome-python and awesome-php. View Chinese translation: 恶意软件分析大合集.md.
malware-analysis awesome awesome-list list malware-samples analysis-framework dynamic-analysis static-analysis threat-intelligence automated-analysis domain-analysis network-traffic threatintel malware-collection malware-research threat-sharing chinese-translation chineseMobile-Security-Framework-MobSF - Mobile Security Framework is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static analysis, dynamic analysis, malware analysis and web API testing
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static, dynamic and malware analysis. It can be used for effective and fast security analysis of Android, iOS and Windows mobile applications and support both binaries (APK, IPA & APPX ) and zipped source code. MobSF can do dynamic application testing at runtime for Android apps and has Web API fuzzing capabilities powered by CapFuzz, a Web API specific security scanner. MobSF is designed to make your CI/CD or DevSecOps pipeline integration seamless. Your generous donations will keep us motivated.
static-analysis dynamic-analysis mobsf android-security mobile-security windows-mobile-security ios-security mobile-security-framework api-testing web-security malware-analysis runtime-security ci-cd devsecops apk ipagef - GEF - GDB Enhanced Features for exploit devs & reversers
GEF is a kick-ass set of commands for X86, ARM, MIPS, PowerPC and SPARC to make GDB cool again for exploit dev. It is aimed to be used mostly by exploiters and reverse-engineers, to provide additional features to GDB using the Python API to assist during the process of dynamic analysis and exploit development. It has full support for both Python2 and Python3 indifferently (as more and more distros start pushing gdb compiled with Python3 support).
exploit gdb reverse-engineering ctf ida-pro binary-ninja pwn exploit-development malware malware-research debugginggym-malware
This is a malware manipulation environment for OpenAI's gym. OpenAI Gym is a toolkit for developing and comparing reinforcement learning algorithms. This makes it possible to write agents that learn to manipulate PE files (e.g., malware) to achieve some objective (e.g., bypass AV) based on a reward provided by taking specific manipulation actions. Create an AI that learns through reinforcement learning which functionality-preserving transformations to make on a malware sample to break through / bypass machine learning static-analysis malware detection.
HaboMalHunter - HaboMalHunter is a sub-project of Habo Malware Analysis System (https://habo
HaboMalHunter is a sub-project of Habo Malware Analysis System (https://habo.qq.com), which can be used for automated malware analysis and security assessment on the Linux system. The tool help security analyst extracting the static and dynamic features from malware effectively and efficiently. The generated report provides significant information about process, file I/O, network and system calls. The tool can be used for the static and dynamic analysis of ELF files on the Linux x86/x64 platform.
malware-analysis dynamic-analysis security static-analysis elfanti-emulator - Android Anti-Emulator
Purpose of this project was intended to show various was of detecting an emulated Android environment. Some of the methods are adapted from previously seen malware on other operating systems, others are just random thoughts. Slowly over time things have been added that I've either thought of randomly, stumbled upon or came across in the wild. I'll do my best to comment if anything from the wild is added directly to the project, as this would likely be more interesting to AV/researchers attempting to hide their own sandboxes. This presentation and code are meant for education and research purposes only. Do as you please with it, but accept any and all responsibility for your actions. The tools were created specifically to assist in malware reversing and analysis - be careful.
Limon - Limon is a sandbox developed as a research project written in python, which automatically collects, analyzes, and reports on the run time indicators of Linux malware
Limon is a sandbox developed as a research project written in python, which automatically collects, analyzes, and reports on the run time indicators of Linux malware. It allows one to inspect the Linux malware before execution, during execution, and after execution (post-mortem analysis) by performing static, dynamic and memory analysis using open source tools. Limon analyzes the malware in a controlled environment, monitors its activities and its child processes to determine the nature and purpose of the malware. It determines the malware's process activity, interaction with the file system, network, it also performs memory analysis and stores the analyzed artifacts for later analysis.
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.
