Displaying 1 to 9 from 9 results

simplify - Generic Android Deobfuscator

  •    Java

Simplify virtually executes an app to understand its behavior and then tries to optimize the code so that it behaves identically but is easier for a human to understand. Each optimization type is simple and generic, so it doesn't matter what the specific type of obfuscation is used. The code on the left is a decompilation of an obfuscated app, and the code on the right has been deobfuscated.

Androl4b - A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis

  •    

AndroL4b is an android security virtual machine based on ubuntu-mate includes the collection of latest framework, tutorials and labs from different security geeks and researchers for reverse engineering and malware analysis.

multiscanner - Modular file scanning/analysis framework

  •    Javascript

MultiScanner is a file analysis framework that assists the user in evaluating a set of files by automatically running a suite of tools for the user and aggregating the output. Tools can be custom built Python scripts, web APIs, software running on another machine, etc. Tools are incorporated by creating modules that run in the MultiScanner framework. Modules are designed to be quickly written and easily incorporated into the framework. Currently written and maintained modules are related to malware analytics, but the framework is not limited to that scope. For a list of modules you can look in modules/. Descriptions and config options can be found on the Analysis Modules page.

dex-oracle - A pattern based Dalvik deobfuscator which uses limited execution to improve semantic analysis

  •    Ruby

A pattern based Dalvik deobfuscator which uses limited execution to improve semantic analysis. Also, the inspiration for another Android deobfuscator: Simplify. Make sure adb is on your path.




malware-jail - Sandbox for semi-automatic Javascript malware analysis, deobfuscation and payload extraction

  •    Javascript

malware-jail is written for Node's 'vm' sandbox. Currently implements WScript (Windows Scripting Host) context env/wscript.js, at least the part frequently used by malware. Internet browser context is partialy implemented env/browser.js. Runs on any operating system. Developed and tested on Linux, Node.js v6.6.0.

maz - Malware Analysis Zoo

  •    Ruby

MAZ, short of Malware Analysis Zoo, is a Ruby based application for performing static malware analysis, and submitting samples and gathering the reports from 3rd party analysis services. The raw samples and all metadata and IOCs are stored within a local (or remote) MongoDB. Full documentation, license details and otherr information is available in the docs directory. In the meantime, I recommend checking out projects like stoQ, Viper, Aleph, and Polichombr.

pdf - Malice PDF Plugin

  •    Python

This repository contains a Dockerfile of malice/pdf. It runs PDFiD and pdf-parser.py on samples and will extract and (eventually) submit extracted files as children back to malice for analysis. This will output to stdout and POST to malice results API webhook endpoint.

yara - Malice Yara Plugin

  •    YARA

This repository contains a Dockerfile of the Yara malice plugin malice/yara. This will output to stdout and POST to malice results API webhook endpoint.


malgazer - A Python malware analysis library.

  •    Python

A Python malware analysis library. Mostly for machine learning purposes. More info coming soon, along with my dissertation, which will go much deeper into what this is. For now, this page is all of the documentation for this project.