# Malware Analysis and Reverse Engineering > Search results for `Malware Analysis and Reverse Engineering` on awesome-repositories.com. 118 total matches; showing the first 50. Explore on the web: https://awesome-repositories.com/q/malware-analysis-and-reverse-engineering **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [this search on awesome-repositories.com](https://awesome-repositories.com/q/malware-analysis-and-reverse-engineering).** ## Results - [rshipp/awesome-malware-analysis](https://awesome-repositories.com/repository/rshipp-awesome-malware-analysis.md) (13,864 ⭐) — This project is a comprehensive, community-driven directory of open-source tools, datasets, and documentation for malware analysis and cybersecurity research. It serves as a centralized index for security professionals and researchers to locate resources for investigating, reverse engineering, and analyzing malicious software. The directory organizes information through a structured taxonomy, covering specialized domains such as memory forensics, network traffic inspection, and honeypot threat research. By aggregating links to external utilities and frameworks, it provides a platform-agnostic reference for identifying tools used in static analysis, dynamic sandboxing, and threat intelligence gathering. The repository is maintained as a collection of markdown files, facilitating version control and collaborative updates from the security community. This structure allows users to navigate complex technical categories efficiently to find the specific debuggers, disassemblers, and forensic utilities required for incident investigation. - [analysis-tools-dev/static-analysis](https://awesome-repositories.com/repository/analysis-tools-dev-static-analysis.md) (14,389 ⭐) — This project is a comprehensive, curated directory of static analysis, linting, and security scanning utilities. It serves as a central resource for developers to discover, compare, and select tools based on specific programming languages, licensing models, and integration requirements. The directory distinguishes itself by providing deep metadata for each listed utility, including community-driven popularity rankings, maintenance status, and deployment methods. By aggregating these tools into a single searchable index, it enables teams to identify solutions for enforcing coding standards, managing technical debt, and auditing software supply chain security. The collection covers a broad spectrum of analysis capabilities, ranging from automated code refactoring and structural transformation to formal verification and database schema analysis. It also includes resources for orchestrating multiple linters within development workflows, visualizing code metrics, and performing security compliance audits across diverse repositories. - [cisco-talos/clamav](https://awesome-repositories.com/repository/cisco-talos-clamav.md) (6,869 ⭐) — ClamAV - Documentation is here: https://docs.clamav.net - [spiderlabs/malware-analysis](https://awesome-repositories.com/repository/spiderlabs-malware-analysis.md) (254 ⭐) — A repository of tools and scripts related to malware analysis - [hasherezade/pe-sieve](https://awesome-repositories.com/repository/hasherezade-pe-sieve.md) (3,559 ⭐) — pe-sieve is a set of diagnostic tools for scanning Windows process memory to identify malicious implants, shellcode, and hooks. It functions as an in-memory implant detector, malware unpacker, and process callstack analyzer designed to locate and dump memory patches and injected code from running processes. The project identifies advanced evasion techniques, such as process hollowing and reflective injection, by verifying portable executable structures in memory. It distinguishes itself by analyzing process callstacks to detect anomalies and redirections and by reconstructing executable headers and section alignments from raw memory dumps. The toolset covers a broad range of forensic and analysis capabilities, including dynamic malware unpacking, signature-based implant identification, and the extraction of process artifacts for offline examination. These scanning and analysis functions are available through a programmatic interface for integration into other security applications. - [avelino/awesome-go](https://awesome-repositories.com/repository/avelino-awesome-go.md) (175,576 ⭐) — This project serves as a comprehensive language ecosystem index, functioning as a centralized, community-curated directory for the Go programming language. It organizes a vast landscape of software components, libraries, and development tools into a structured, navigable hierarchy, enabling developers to efficiently discover resources tailored to specific functional domains. The repository distinguishes itself through a decentralized contribution model, where community-driven updates ensure the index remains current with the rapidly evolving software landscape. Beyond simple resource listing, it acts as a technical knowledge repository, aggregating professional literature, style guides, and best practices to support developer onboarding and professional growth across the entire software development lifecycle. The directory covers a broad capability surface, including essential utilities for distributed systems engineering, application security, data processing, and development productivity. It provides access to specialized tools for database management, web framework integration, testing, and build automation, alongside educational materials that help developers master language-specific architectural patterns. The project is maintained as a static resource aggregation, providing a holistic view of external links and documentation to orient developers within the Go ecosystem. - [0xd4d/de4dot](https://awesome-repositories.com/repository/0xd4d-de4dot.md) (7,426 ⭐) — de4dot is a .NET deobfuscator, unpacker, and assembly analysis tool. It is designed to remove obfuscation layers, restore metadata, and simplify bytecode control flow to transform protected binaries back into human-readable code. The project features specialized systems for decrypting strings and constants using both static and dynamic analysis. It identifies specific protection tools through pattern-based detection and strips anti-analysis protections, such as tamper detection and anti-debugging code. The tool provides a suite of reverse engineering capabilities, including binary wrapper unpacking, symbol renaming, and the repair of invalid intermediate language instructions. It also includes automation for recursive batch processing across directory trees. - [ytisf/thezoo](https://awesome-repositories.com/repository/ytisf-thezoo.md) (13,126 ⭐) — TheZoo is a centralized repository and management system designed for the storage, organization, and retrieval of live malicious software samples. It provides a structured environment for security researchers and educators to access, track, and analyze dangerous code for the purpose of threat intelligence and defense development. The system utilizes a command-line interface to manage the lifecycle of malware samples, including the preparation of new submissions and the querying of a centralized database. To ensure safety and authenticity, the platform stores binaries in password-protected, encrypted archives and performs cryptographic hash verification on all samples. This approach allows for the controlled distribution and study of malicious code while preventing accidental execution. The repository supports comprehensive research workflows by indexing samples based on specific attributes such as platform and architecture. This metadata-driven organization enables efficient searching and categorization, facilitating the systematic examination of attack vectors and emerging cyber threats. - [rpisec/malware](https://awesome-repositories.com/repository/rpisec-malware.md) (4,028 ⭐) — Course materials for Malware Analysis by RPISEC - [capstone-engine/capstone](https://awesome-repositories.com/repository/capstone-engine-capstone.md) (8,858 ⭐) — Capstone is a multi-architecture disassembly framework and binary analysis engine. It translates raw machine code from various CPU architectures, such as x86, ARM, and RISC-V, into human-readable assembly instructions. The engine distinguishes itself by providing instruction semantic decomposition, which lists implicit registers read and written, and the ability to customize instruction mnemonics to meet specific technical analysis standards. It also features resilient stream disassembly, allowing the process to resynchronize and continue after encountering invalid instructions or embedded data. The framework covers a broad range of binary analysis capabilities, including detailed operand extraction and multi-architecture machine code conversion. To support constrained environments, it allows for the pruning of unused architecture definitions to reduce the final binary memory footprint. - [x64dbg/x64dbg](https://awesome-repositories.com/repository/x64dbg-x64dbg.md) (48,652 ⭐) — This project is a graphical Windows debugger designed for the analysis and manipulation of compiled binary applications. It functions as a comprehensive binary analysis suite, providing a real-time environment for inspecting CPU registers, monitoring memory states, and tracing instruction execution to investigate system-level software behavior. The tool distinguishes itself through an event-driven debugging loop that allows for precise process control and state modification during runtime. It supports advanced analysis techniques, including hardware-breakpoint injection for monitoring memory access and instruction-set-aware disassembly to translate machine code into readable assembly. These capabilities facilitate specialized tasks such as malware reverse engineering, software vulnerability research, and the analysis of complex system crashes. The platform includes a modular plugin architecture that enables the integration of external libraries for custom analysis and automation. It also features memory-mapped symbol resolution to correlate machine addresses with source code labels, assisting in the interpretation of internal application logic. - [jstrosch/malware-samples](https://awesome-repositories.com/repository/jstrosch-malware-samples.md) (1,642 ⭐) — Malware samples, analysis exercises and other interesting resources. - [mikefarah/yq](https://awesome-repositories.com/repository/mikefarah-yq.md) (14,913 ⭐) — This tool is a command-line processor designed for querying, updating, and transforming structured data files. It functions as a versatile engine for manipulating YAML, JSON, TOML, and XML documents, allowing users to perform complex operations directly from the terminal. By utilizing a path-based expression language, it enables precise navigation and modification of data structures within configuration files and infrastructure-as-code workflows. What distinguishes this tool is its ability to perform in-place document mutations while preserving original formatting, comments, and metadata. It employs a format-agnostic data model that normalizes diverse inputs, facilitating seamless cross-format conversion and interoperability. The engine supports declarative pipeline execution, allowing users to chain multiple operations through standard input and output streams for automated processing in CI/CD environments. The tool provides a comprehensive suite of capabilities for data manipulation, including arithmetic and logical evaluations, collection sorting, and temporal arithmetic. It handles advanced tasks such as merging multiple files, splitting documents, and dynamically injecting environment variables or external command output into data fields. Users can also enforce security policies by restricting access to external files or system environment variables during execution. The software is distributed as a standalone binary, supporting shell completion to assist with command-line productivity. - [h3nnn4n/reverse-engineering-the-gameboy-tetris](https://awesome-repositories.com/repository/h3nnn4n-reverse-engineering-the-gameboy-tetris.md) (27 ⭐) — This is my personal attempt on reverse engineering the Tetris gameboy. - [vxunderground/malwaresourcecode](https://awesome-repositories.com/repository/vxunderground-malwaresourcecode.md) (18,415 ⭐) — This project is a curated archive and cybersecurity research dataset of raw source code from various malware families. It serves as a malware analysis library designed to help researchers study the inner workings of different threats and identify attack patterns across multiple platforms and programming languages. The repository supports security research by providing raw text distribution of original source code. This allows for the study of platform vulnerabilities, threat intelligence gathering, and the development of security products and detection signatures. The collection is organized as a flat-file repository using platform-specific directory mapping to group code by operating system or hardware architecture. It utilizes version-controlled source archiving to preserve historical versions of the source files. - [avast/retdec](https://awesome-repositories.com/repository/avast-retdec.md) (8,556 ⭐) — RetDec is a reverse engineering framework and static binary analysis tool. Its primary purpose is to function as an LLVM-based machine code decompiler that translates binary machine code from multiple architectures into high-level C source code. The system employs a multi-stage lifting pipeline to recover program logic, using an intermediate representation to apply optimizations before emitting source code. It distinguishes itself through the ability to identify compilers and packers, perform executable unpacking, and reconstruct class hierarchies and original program structures. The framework covers broad capability areas including binary metadata extraction from formats like DWARF and PDB, symbol demangling, and the generation of call and control-flow graphs. It also provides tools for object file extraction and binary signature generation. The analysis and decompilation components can be embedded into external software projects using provided headers and build scripts. - [droidefense/engine](https://awesome-repositories.com/repository/droidefense-engine.md) (0 ⭐) — droidefense (originally named atom: a nalysis t hrough o bservation m achine)* is the codename for android apps/malware analysis/reversing tool. It was built focused on security issues and tricks that malware researcher have on they every day work. For those situations on where the malware has… - [juliangarnier/anime](https://awesome-repositories.com/repository/juliangarnier-anime.md) (69,932 ⭐) — This project is a declarative motion framework and JavaScript animation engine designed to transition CSS properties, SVG attributes, and DOM elements. It provides a comprehensive set of tools for creating complex, multi-part motion sequences by synchronizing animations, timers, and callbacks into a single, unified timeline. The library distinguishes itself through a robust timeline-based sequence orchestrator that allows for precise timing, label-based control, and hierarchical nesting of animations. It also features a physics-driven interaction library that enables draggable elements with configurable friction, damping, mass, and snapping behavior, facilitating natural user interactions within web applications. Beyond its core animation capabilities, the framework supports high-performance frame rendering and provides extensive lifecycle hooks for state synchronization. It offers flexible configuration options for easing, units, and playback control, allowing developers to manage complex UI motion through a consistent, object-based parameter interface. The engine is compatible with standard JavaScript environments and can be integrated into component-based architectures. It is available for installation via package managers, or it can be loaded directly via content delivery networks and import maps for browser-native usage. - [avast-tl/retdec](https://awesome-repositories.com/repository/avast-tl-retdec.md) (8,556 ⭐) — Retdec is an LLVM-based machine code decompiler and static binary analysis tool designed for binary reverse engineering. It translates binary executable code into high-level representations to facilitate the reconstruction of program logic from compiled machine code. The system utilizes a retargetable frontend architecture and a multi-stage lifting pipeline to convert raw bytes into a common intermediate language. It differentiates custom program logic from known library code through signature-based identification and provides utilities for binary symbol demangling to restore human-readable names. The toolkit covers a broad range of static analysis capabilities, including the reconstruction of high-level functions, types, and class hierarchies. It also provides visualization tools to generate call graphs and control-flow diagrams to map the execution structure of decompiled binaries. - [citizenlab/malware-indicators](https://awesome-repositories.com/repository/citizenlab-malware-indicators.md) (0 ⭐) — malware-indicators - [letianzj/quantresearch](https://awesome-repositories.com/repository/letianzj-quantresearch.md) (2,808 ⭐) — QuantResearch is a quantitative research framework and specialized toolkit for algorithmic simulation, financial time-series analysis, and systematic trading. It provides an event-driven backtesting environment for validating strategies against historical tick and bar data, alongside a dedicated portfolio optimization engine for calculating asset weights and risk metrics. The project distinguishes itself through a machine learning finance toolkit that implements recurrent neural networks for price prediction and reinforcement learning for derivative pricing. It also features advanced statistical capabilities for market regime detection using Hidden Markov Models and Bayesian inference tools for parameter estimation via Markov Chain Monte Carlo sampling. The framework covers a broad surface of systematic investment capabilities, including statistical arbitrage implementation with cointegration testing and mean-reversion strategies. It further includes tools for portfolio risk optimization, market risk analysis, and financial time-series modeling using ARIMA and GARCH models. The repository is primarily implemented as a collection of Jupyter Notebooks. - [ashishb/android-malware](https://awesome-repositories.com/repository/ashishb-android-malware.md) (1,209 ⭐) — Collection of android malware samples - [virustotal/yara](https://awesome-repositories.com/repository/virustotal-yara.md) (9,420 ⭐) — YARA is a pattern matching engine and binary analysis tool used to identify and classify malware samples. It functions as a malware research framework that allows for the definition of file descriptions and detection rules to find indicators of compromise within binaries. The system enables the creation of custom detection rules using strings, wildcards, and regular expressions. These rules use boolean logic to match textual or binary patterns, allowing for the classification of files into specific malware families and the automation of threat intelligence. The engine utilizes Aho-Corasick string matching and a regular expression engine to scan files. It processes data via buffer-based stream processing and transforms human-readable rules into a bytecode format for execution. - [labstack/echo](https://awesome-repositories.com/repository/labstack-echo.md) (32,451 ⭐) — Echo is a high-performance, lightweight web framework for Go designed for building scalable RESTful APIs and web services. It provides a centralized environment for mapping network requests to handler functions, utilizing a fast radix-tree routing engine to ensure efficient request dispatching. The framework is built around a modular, middleware-centric pipeline that allows developers to execute reusable logic for cross-cutting concerns like authentication, logging, and security across the entire application. What distinguishes Echo is its focus on developer productivity through structured data binding and a unified response interface. It automatically maps incoming request payloads into typed objects while validating content against defined schemas, significantly reducing manual parsing boilerplate. The framework also includes built-in support for real-time communication via WebSockets and server-sent events, alongside advanced traffic management capabilities such as rate limiting, load balancing, and reverse proxying. The framework covers a broad surface of operational and security requirements, including automated TLS certificate management, CSRF protection, and CORS policy enforcement. It provides comprehensive utilities for request and response management, including support for streaming large data, template rendering, and graceful server shutdowns to ensure reliable service termination. Observability is integrated through distributed tracing, performance metrics export, and detailed request logging. - [karneades/malware-persistence](https://awesome-repositories.com/repository/karneades-malware-persistence.md) (188 ⭐) — Collection of malware persistence and hunting information. Be a persistent persistence hunter! - [juanfont/headscale](https://awesome-repositories.com/repository/juanfont-headscale.md) (40,074 ⭐) — Headscale is a self-hosted control plane for private mesh networking that enables the creation of secure, encrypted peer-to-peer networks. By acting as a centralized coordination server, it manages device authentication, cryptographic key exchange, and network topology, allowing distributed infrastructure to communicate without relying on third-party services. It implements a zero-trust security architecture, verifying device and user identity before granting access to internal resources. The project distinguishes itself by providing a fully independent, self-hosted alternative for managing network overlays. It integrates with external identity providers to automate user authentication and enforces granular, declarative access control policies across a fleet of devices. Administrators can manage the network through a web-based dashboard, a REST API, or a gRPC interface, providing flexibility for both manual oversight and programmatic automation. The system supports a wide range of networking capabilities, including remote subnet routing, exit node configuration, and automated DNS management. It ensures connectivity across diverse environments through relay-based NAT traversal, which facilitates communication even when direct peer-to-peer connections are blocked by firewalls. The platform also maintains state persistence using a relational database and automates security through integrated TLS certificate management. The software is available as a standalone binary or via containerized deployment, with support for cross-platform clients across various mobile and desktop operating systems. - [smicallef/spiderfoot](https://awesome-repositories.com/repository/smicallef-spiderfoot.md) (18,189 ⭐) — SpiderFoot is an open-source reconnaissance and intelligence automation framework designed to streamline the collection and correlation of data for security investigations. It functions as a comprehensive platform that automates the querying of hundreds of public data sources to map digital footprints, identify exposed assets, and uncover potential security threats across an organization's external perimeter. The platform distinguishes itself through a modular, plugin-based architecture that executes data gathering tasks in parallel, supported by a directed graph data model that tracks relationships between discovered entities. It utilizes dynamic workflow orchestration and event-driven correlation to guide users through multi-stage investigations, automatically triggering follow-up queries based on newly discovered indicators of compromise. Beyond core reconnaissance, the system provides extensive capabilities for attack surface management, credential leak monitoring, and threat actor tracking. It supports proactive security operations by facilitating automated threat hunting, generating detection signatures, and simulating attack scenarios to identify visibility gaps. The platform also manages the full intelligence lifecycle, from aggregating disparate data feeds and enriching findings with contextual analysis to producing actionable reports for risk evaluation. - [pret/pokemon-reverse-engineering-tools](https://awesome-repositories.com/repository/pret-pokemon-reverse-engineering-tools.md) (351 ⭐) — Tools for building and disassembling Pokémon Red and Pokémon Crystal - [mightymoud/sidekick](https://awesome-repositories.com/repository/mightymoud-sidekick.md) (7,465 ⭐) — Sidekick is a command-line tool that provisions bare VPS servers, transfers Docker images, manages secrets, and orchestrates zero-downtime deployments across single or multiple server instances. It handles the full deployment pipeline from a local machine, building container images locally and transferring them directly to the server without requiring a remote container registry. The tool distinguishes itself through an integrated approach to security and automation. It encrypts environment variables locally using SOPS and Age keys, then decrypts them on the server at deploy time for runtime injection, keeping credentials off disk. Deployments use health checks to switch traffic to new containers only after they pass, ensuring no requests are dropped during updates. A single command provisions a bare VPS with Docker, Traefik, and security hardening, including disabling root login and configuring firewalls. The system also supports preview environments tied to git commits, accessible on unique subdomains for testing before production promotion. Beyond core deployment, Sidekick includes an interactive configuration wizard that walks through setup, database provisioning on the remote server, live container log streaming from the VPS to the local terminal, and Prometheus metrics exposure through the reverse proxy. It can trigger automatic redeployment when a new Docker image is pushed to a registry, and manages traffic routing across multiple applications on a single VPS with automatic TLS certificate generation and renewal. - [sensepost/objection](https://awesome-repositories.com/repository/sensepost-objection.md) (8,896 ⭐) — Objection is a dynamic instrumentation framework and runtime exploration toolkit for mobile application security analysis. It provides a command-line interface to interact with the memory and state of iOS and Android applications during active execution, serving as a toolkit for runtime analysis and security testing. The project distinguishes itself by providing specialized capabilities to bypass common mobile security controls, including SSL pinning, biometric authentication, and root or jailbreak detection. It enables the extraction of sensitive credentials and data from secure storage systems, such as keychains and SQLite databases, while allowing for the interception of cryptographic operations. The toolkit covers a broad range of analysis capabilities, including process memory manipulation, heap object inspection, and container filesystem exploration. It also includes monitoring tools for tracing method arguments, analyzing application intents, and configuring application-specific network proxies. Instrumentation is achieved by injecting a JavaScript engine into a running process or embedding a binary gadget into the application to enable analysis on devices without root or jailbreak access. - [f/prompts.chat](https://awesome-repositories.com/repository/f-prompts-chat.md) (163,814 ⭐) — This platform serves as a centralized management system for organizing, refining, and versioning AI instructions and agent skills. It functions as a repository that enables users to store, categorize, and retrieve structured prompts, ensuring consistent performance across various artificial intelligence models. By integrating with the Model Context Protocol, the system allows external AI assistants and development environments to discover and access these instruction libraries directly. The platform distinguishes itself through its focus on prompt engineering and automated refinement, utilizing generative analysis to transform basic user instructions into structured, high-performance prompts. It supports multi-tenant white-labeling, allowing for isolated, custom-branded deployments that include secure identity management and granular access control. Additionally, the system incorporates an interactive educational environment designed to teach users effective techniques for constructing and optimizing AI interactions. Beyond core management, the platform provides semantic search indexing to facilitate efficient discovery of relevant instructions based on user intent. It also supports the development of complex agent skills and includes automated workflows that enforce behavioral standards for AI interactions. The system is designed for both individual use and enterprise-grade infrastructure deployment, offering tools for visual customization and interface localization to meet diverse organizational requirements. - [snsinfu/reverse-tunnel](https://awesome-repositories.com/repository/snsinfu-reverse-tunnel.md) (241 ⭐) — Reverse tunnel TCP and UDP - [cryakl/ultimate-rat-collection](https://awesome-repositories.com/repository/cryakl-ultimate-rat-collection.md) (3,558 ⭐) — This project is a curated repository of remote access trojan binaries and malware samples. It serves as a structured analysis dataset and security research toolset designed for studying the behavior and inner workings of remote administration tools. The collection provides a versioned archive of malware samples and backdoor interfaces, with specific categorizations for target platforms including Windows and Android. It organizes these binaries to facilitate the study of malware evolution and the identification of technical patterns. The repository covers several security research areas, including behavioral analysis, threat modeling, and the examination of mobile attack vectors. It enables the archiving of static assets to ensure reproducible results during forensic analysis. - [executemalware/malware-iocs](https://awesome-repositories.com/repository/executemalware-malware-iocs.md) (0 ⭐) — This is where I'll post IOCs from malware investigations - [gofiber/fiber](https://awesome-repositories.com/repository/gofiber-fiber.md) (39,849 ⭐) — Fiber is a high-performance web framework designed for building scalable HTTP services with minimal memory overhead. It provides a comprehensive runtime environment for managing the full request lifecycle, utilizing an optimized radix tree for high-speed route matching and an object pooling system to reduce garbage collection pressure during traffic processing. The framework distinguishes itself through its multi-process architecture, which supports prefork socket reuse to distribute incoming traffic across all available CPU cores. It offers a modular approach to application development, featuring fluent route grouping, middleware chaining, and automated data binding that maps request payloads to structured objects using field tags. Developers can also leverage a built-in HTTP client for outgoing requests, complete with support for connection pooling, request hooks, and streaming responses. Beyond core routing and request handling, the project includes extensive tools for server-side HTML rendering, centralized error management, and context-aware logging. It maintains broad compatibility with the broader ecosystem by providing adapter layers that allow for the integration of standard library handlers and middleware. The framework is configured through a central application controller that manages lifecycle hooks, service registration, and dynamic route updates. It is designed to be installed and integrated into Go projects to facilitate the development of structured, high-throughput web interfaces. - [citizenlab/malware-signatures](https://awesome-repositories.com/repository/citizenlab-malware-signatures.md) (143 ⭐) — Yara rules for malware families seen as part of targeted threats project - [fincept-corporation/finceptterminal](https://awesome-repositories.com/repository/fincept-corporation-finceptterminal.md) (26,900 ⭐) — FinceptTerminal is a quantitative finance platform and financial engineering library designed for asset valuation, risk management, and fixed-income analytics. It provides a comprehensive suite for algorithmic trading and investment strategy automation, integrating specialized language model agents and node-based workflows to automate market research and alpha generation. The project distinguishes itself with a dedicated game theory analysis engine for calculating Nash equilibria and simulating strategic interactions in competitive markets. It also features a specialized credit risk modeling tool for estimating default probabilities, building credit scorecards, and calculating expected losses. The system covers a broad range of capability areas, including derivatives pricing, yield curve construction, and multi-asset portfolio analysis. It incorporates machine learning tools for credit scorecard development and feature engineering, as well as economic analysis frameworks for utility theory and exchange economies. The platform includes an algorithmic trading suite for real-time trade execution and an LLM investment agent framework for geopolitical and market modeling. - [radare/radare2](https://awesome-repositories.com/repository/radare-radare2.md) (24,129 ⭐) — radare2 is a reverse engineering framework and binary analysis toolset. It functions as a multi-architecture disassembler, low-level binary debugger, and hexadecimal editor for inspecting executable structures and interpreting machine code when original source files are unavailable. The framework provides capabilities for decompiling machine instructions, performing symbolic analysis, and diffing binary files to identify structural changes across versions. It also includes a digital forensic analyzer and disk analyzer for browsing filesystem formats in userland. The toolset supports binary patching, malware analysis, and software vulnerability research. It features a plugin-based architecture to extend core functionality and an embedded scripting engine to automate analysis workflows. - [adamchainz/pytest-reverse](https://awesome-repositories.com/repository/adamchainz-pytest-reverse.md) (0 ⭐) — pytest-reverse - [mandiant/flare-floss](https://awesome-repositories.com/repository/mandiant-flare-floss.md) (3,886 ⭐) — Flare-floss is a security utility and static binary string extractor designed to uncover hidden text and configuration data within compiled binaries. It functions as an obfuscated string decoder and reverse engineering tool to translate encoded strings into readable text for security auditing. The project employs emulated execution to capture the decrypted state of strings in memory by running small chunks of binary code in a virtual CPU. It further utilizes static analysis disassembly, intermediate representation analysis, and heuristic-based pattern matching to identify and decode strings that use non-standard encodings or lack standard null terminators. The toolset supports workflows for malware binary analysis, security research, and reverse engineering to identify embedded secrets and constants. It also provides capabilities for exporting extracted binary data to external analysis platforms. - [amruthpillai/reactive-resume](https://awesome-repositories.com/repository/amruthpillai-reactive-resume.md) (38,613 ⭐) — This project is a web-based platform designed for creating, managing, and sharing professional resumes. It functions as a structured document builder that integrates artificial intelligence to assist with content generation, editing, and analysis. Users can maintain a collection of resumes, customize their visual presentation through various templates, and export them into multiple formats for job applications. The platform distinguishes itself through its autonomous AI agent capabilities, which can perform research, suggest incremental edits, and apply data patches directly to documents. It also provides a secure, self-hostable environment that allows users to maintain full control over their data and infrastructure. The system supports advanced authentication methods, including passkeys and federated identity providers, ensuring that personal and professional information remains protected. Beyond core editing, the application includes tools for document organization, such as tagging, filtering, and legacy data migration. It features a robust document generation engine that separates content from design, allowing for precise layout control and styling. Users can share their resumes via password-protected public URLs and monitor document performance through integrated analytics. The application is designed for containerized deployment, utilizing Docker Compose to facilitate consistent installation across private infrastructure. It includes built-in health monitoring and feature flagging to manage system performance and functionality without requiring code redeployments. - [graphiteeditor/graphite](https://awesome-repositories.com/repository/graphiteeditor-graphite.md) (24,258 ⭐) — Graphite is a node-based visual design environment that integrates vector illustration, raster image processing, and motion graphics generation into a single platform. It utilizes a functional reactive pipeline and a data-flow execution model to propagate state changes through a graph of interconnected nodes, allowing users to construct complex, automated design workflows. The platform distinguishes itself through a context-aware evaluation engine that injects runtime metadata—such as coordinate data and loop indices—directly into the node graph. This enables the creation of procedural geometry and dynamic, position-dependent design logic that responds to real-time inputs. By combining these mathematical operations with time-based animation primitives, the system allows for the creation of interactive visual effects and motion graphics that synchronize with system clocks or pointer movement. The software provides a comprehensive suite of tools for both vector and raster manipulation, including layer-based composition, procedural texture generation, and advanced color management. Users can perform non-destructive image adjustments, apply clipping masks, and generate complex patterns through algorithmic definitions. The environment also supports external integration by fetching remote data and serializing graphical properties into standardized formats. - [jonaslejon/malicious-pdf](https://awesome-repositories.com/repository/jonaslejon-malicious-pdf.md) (4,070 ⭐) — This project is a set of specialized utilities for generating malformed documents, obfuscating payloads, and crafting specific attack vectors to evaluate the resilience of security scanners. It functions as a PDF fuzzing framework and security testing tool designed to create PDF files with embedded payloads for verifying how document viewers and web applications handle vulnerabilities. The toolkit provides capabilities for encoding and hiding malicious content to test the detection effectiveness of security scanners. It includes a security payload generator for crafting specific attack vectors, such as credential theft and remote execution, to facilitate security verification. The system supports the assembly of automated file suites and the organization of attack vectors into modular libraries. It utilizes template-based generation and payload-driven synthesis to construct documents that identify security gaps in PDF processing logic and document converters. - [areizen/android-malware-sandbox](https://awesome-repositories.com/repository/areizen-android-malware-sandbox.md) (306 ⭐) — Android Malware Sandbox - [simoneavogadro/android-reverse-engineering-skill](https://awesome-repositories.com/repository/simoneavogadro-android-reverse-engineering-skill.md) (0 ⭐) - [jgamblin/mirai-source-code](https://awesome-repositories.com/repository/jgamblin-mirai-source-code.md) (9,363 ⭐) — This repository contains the source code for a C-based network botnet designed to compromise Internet of Things devices. It serves as a functional implementation of malware used for security research, behavioral analysis, and the development of threat detection signatures. The project includes a command and control server architecture that manages infected devices via a custom binary protocol and TCP-based command distribution. It employs a cross-compilation toolchain to build and deliver architecture-specific binary payloads across multiple hardware platforms. The codebase covers capabilities for credential-based brute forcing to spread across network ports and multi-platform target mapping. It provides a dataset for studying malware propagation patterns, simulating network communications, and creating intrusion detection rules based on the botnet's internal logic. - [docmost/docmost](https://awesome-repositories.com/repository/docmost-docmost.md) (19,049 ⭐) — Docmost is an open-source knowledge management system designed as a collaborative documentation platform for teams. It functions as an enterprise wiki that centralizes organizational information into structured, searchable workspaces, enabling users to create, organize, and share content through a hierarchical system of spaces and pages. The platform distinguishes itself by integrating artificial intelligence directly into the documentation lifecycle. It utilizes vector-based semantic search to allow for natural language queries across stored content and provides AI-assisted tools for drafting, summarizing, and refining documents. To support team workflows, it features a block-based editor for rich text authoring and visual diagramming, paired with real-time collaboration capabilities that synchronize changes across multiple users. The system is built for enterprise environments, offering granular access control, multi-factor authentication, and identity provider integration for centralized user management. It also includes programmatic access through a REST API, allowing for the automation of resource management and integration with external software tools. The platform supports flexible deployment with configurable storage backends and automated security certificate management. It is designed to be self-hosted, providing the necessary infrastructure to manage documentation security and lifecycle workflows within an organization. - [biggranger/canbus-vehicle-reverse-engineering](https://awesome-repositories.com/repository/biggranger-canbus-vehicle-reverse-engineering.md) (0 ⭐) — My CANBUS documentation for my 2006 Grand Cherokee, 2008 Durango, 2010 Wrangler - [apify/crawlee](https://awesome-repositories.com/repository/apify-crawlee.md) (24,002 ⭐) — Crawlee is a web scraping framework designed for building scalable, reliable, and distributed data extraction pipelines. It provides a unified interface for managing headless browser automation and lightweight HTTP requests, allowing developers to handle complex web navigation, dynamic content rendering, and large-scale data collection within a single, modular architecture. The project distinguishes itself through its resource-aware concurrency controller, which dynamically scales task execution based on real-time CPU and memory usage to prevent host machine exhaustion. It also features a robust session-based fingerprint isolation system that manages unique browser contexts, TLS fingerprints, and proxy rotation to mimic human behavior and bypass anti-bot protections. These capabilities are supported by a persistent request queueing system that ensures crawl operations can survive process restarts and resume from their last state. The framework offers a comprehensive suite of tools for the entire scraping lifecycle, including event-driven lifecycle hooks for custom logic, a middleware-based request pipeline for handling authentication and data transformation, and a pluggable storage backend interface that decouples data persistence from application logic. It supports advanced automation tasks such as AI-driven navigation, sitemap discovery, and multi-engine browser orchestration, while providing extensive observability through performance metrics, error snapshots, and configurable logging. The project is implemented in TypeScript and provides a command-line interface for scaffolding, managing, and deploying scraping projects to cloud or serverless environments. - [ibotpeaches/apktool](https://awesome-repositories.com/repository/ibotpeaches-apktool.md) (24,788 ⭐) — Apktool is an Android APK reverse engineering tool designed to decode application packages into human-readable form and rebuild them after modification. It functions as a Dalvik bytecode disassembler and a resource decoder, transforming binary Android XML and DEX files into editable text and Smali representation. The project serves as an application rebuilder, packing modified resources and Smali code back into a functional Android application package. This capability enables the modification of application logic and resources for testing and deployment. The tool covers a broad surface of analysis and modification, including Android app modding, malware analysis, and Smali bytecode debugging to identify vulnerabilities or examine internal software structures.