23 Repos
Tools for identifying, scanning, and analyzing suspicious files.
Explore 23 awesome GitHub repositories matching part of an awesome list · Detection and Classification. Refine with filters or upvote what's useful.
Detect-It-Easy is a binary file identifier and analysis toolkit designed to determine file formats, compilers, and packers. It functions as a binary file identifier that utilizes signature matching and heuristic analysis to identify executable and archive formats. The project includes a custom file signature engine and a scriptable rule system for defining and applying detection logic to identify specific binary patterns. It features specialized detectors for Android packages, such as APK and DEX files, and a malware packer detector to identify protections, obfuscators, and virus families. T
Identifies file types, compilers, and linkers.
capa is a static analysis tool that scans executable files to identify what a program can do, detecting capabilities such as API calls, byte sequences, and structural patterns without executing the code. It supports multiple file formats including PE, ELF, .NET, and shellcode, and can also process runtime behavior traces from sandbox reports generated by CAPE, DRAKVUF, or VMRay. The tool integrates directly with reverse engineering environments through plugins for IDA Pro and Ghidra, allowing analysts to view capability matches and author detection rules within their disassembler of choice. C
Detects capabilities and behaviors in executable files.
Loki is an endpoint detection tool, forensic artifact analyzer, and threat intelligence scanner. It functions as a YARA-based indicator of compromise scanner designed to identify malicious persistence mechanisms, web shells, and unauthorized administration tools across local and remote systems. The project distinguishes itself by integrating multi-source threat intelligence, allowing for the loading of custom signature sets and encrypted indicators. It combines hash-based artifact detection with YARA rule execution to scan files, process memory, and registry hives for known malicious byte seq
Host-based scanner for detecting known IOCs.
HashCheck Shell Extension for Windows with added SHA2, SHA3, and multithreading; originally from code.kliu.org
Windows shell extension for computing file hashes.
yarGen is a generator for YARA rules
Generates YARA rules from malware samples.
Automated static analysis tools for binary programs
Generates YARA signatures for functions within executables.
Scoring system for Android malware based on obfuscation analysis.
BinaryAlert: Serverless, Real-time & Retroactive Malware Detection.
Serverless pipeline for scanning files using YARA rules.
A static analyzer for PE executables.
Static analysis tool for PE executables.
This is md5deep, a set of cross-platform tools to compute hashes, or message digests, for any number of files while optionally recursively digging through the directory structure. It can also take a list of known hashes and display the filenames of input files whose hashes either do or do not…
Computes multiple hash digests for file verification.
PEframe is a open source tool to perform static analysis on Portable Executable malware and malicious MS Office documents.
Performs static analysis on PE files and Office documents.
Modular file scanning/analysis framework
Modular framework for file scanning and analysis.
Linker/Compiler/Tool detector for Windows, Linux and MacOS.
Detects compilers and linkers for various operating systems.
Java library to analyse Portable Executable files with a special focus on malware analysis and PE malformation robustness
Java library for analyzing PE files and malformations.
File Scanning Framework
Modular solution for recursive file scanning.
Wraps around various tools and provides some additional checks/information to produce a centralized report of a PE file.
Wrapper for reporting on Windows PE file characteristics.
Malware Analysis Tool using Function Level Fuzzy Hashing
Compares malware samples at the function level.
Malware static analysis framework
Framework for automated static analysis.
Checks with NSRL RDS servers looking for for hash matches
Queries NIST's software reference library for file hashes.
Fork of packerid.py
Cross-platform tool for identifying file packers.