30 open-source projects similar to fireeye/flare-vm, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Flare Vm alternative.
Flare-VM is a Windows malware analysis environment consisting of installation scripts that automate the provisioning of a virtual machine. It provides a comprehensive suite of reverse engineering tools, including decompilers and debuggers, along with the necessary system configurations and environment variables for security research. The project functions as a virtual machine image orchestrator, allowing for the automated creation, management, and export of specialized analysis appliances. It features configuration-driven tool selection and the ability to extend installation logic through cus
GOAD is an Ansible-based automation tool and infrastructure orchestrator used to deploy pre-configured networks of vulnerable Windows virtual machines. It serves as a security training environment for practicing Active Directory penetration testing, privilege escalation, and lateral movement across various cloud platforms and local virtualization hypervisors. The project distinguishes itself through a multi-provider infrastructure model and a system of infrastructure recipes that simulate intentional security misconfigurations. It supports the deployment of varied attack scenarios, including
Cuckoo is an open-source automated malware analysis system that executes suspicious files inside isolated virtual machines and produces structured behavioral reports. The platform captures system calls, file operations, and network activity during execution, compiling them into comprehensive analysis documents for programmatic consumption. The system operates through a modular analysis pipeline that processes behavioral data, applying YARA signature patterns against captured artifacts to identify known malware families. Each analysis run starts from a clean virtual machine snapshot to ensure
Packer is a machine image builder and multi-platform image orchestrator used to create identical virtual machine images for multiple platforms from a single source configuration. It functions as an infrastructure as code tool, utilizing the HashiCorp Configuration Language to define versioned and reproducible templates for cloud image provisioners. The tool is distinguished by its plugin-based extension model, which allows it to load external binaries for builders and provisioners to support various cloud platforms and virtualization environments. It includes a post-processor pipeline to tran
Flare-floss is a security utility and static binary string extractor designed to uncover hidden text and configuration data within compiled binaries. It functions as an obfuscated string decoder and reverse engineering tool to translate encoded strings into readable text for security auditing. The project employs emulated execution to capture the decrypted state of strings in memory by running small chunks of binary code in a virtual CPU. It further utilizes static analysis disassembly, intermediate representation analysis, and heuristic-based pattern matching to identify and decode strings t
pe-sieve is a set of diagnostic tools for scanning Windows process memory to identify malicious implants, shellcode, and hooks. It functions as an in-memory implant detector, malware unpacker, and process callstack analyzer designed to locate and dump memory patches and injected code from running processes. The project identifies advanced evasion techniques, such as process hollowing and reflective injection, by verifying portable executable structures in memory. It distinguishes itself by analyzing process callstacks to detect anomalies and redirections and by reconstructing executable heade
Retoolkit is a reverse engineering tool orchestrator and malware analysis environment provisioner for Windows. It functions as a binary analysis workflow automator that installs and configures the specialized software toolchains required for security research. The project manages the execution and lifecycle of standalone analysis binaries through a registry-based Windows shell context menu. This integration allows users to launch external tools directly from the file system right-click menu by passing selected file paths as command line arguments to third-party executables. The system covers
Pinme is a full stack deployment platform and infrastructure orchestration tool. It functions as an LLM application builder that converts natural language prompts into functional web applications with automated interfaces and business logic. The platform provides a static site hosting service and a content-addressable data manager for transferring project assets between environments. It automates the provisioning of workers, databases, and domains to launch applications via a single command. The system covers cloud resource management, project lifecycle orchestration from templates, and incr
microvm.nix is a declarative virtual machine manager and orchestrator for defining, building, and managing isolated guest environments using Nix. It functions as a virtual machine image builder that transforms system specifications into bootable disk images and runner scripts. The project provides a hypervisor abstraction layer, enabling the deployment of guest images across multiple virtualization backends through a unified configuration. It includes specialized tools for PCI hardware passthrough, granting virtual machines direct access to physical host USB and PCI devices. The framework co
Vagrant is a virtual machine environment manager and development environment provisioner. It functions as an infrastructure as code tool and multi-hypervisor orchestrator, allowing for the definition and automation of virtualized development environments through a single configuration file. The project enables the creation of portable, virtualized development environments to ensure consistency across different host operating systems. It supports deploying these environments across various backends, including local hypervisors, cloud providers, and container runtimes, using a unified interface
Cheat Engine is a software reverse engineering suite and memory editor designed for the Windows environment. It functions as a comprehensive platform for inspecting, analyzing, and modifying the internal logic and data structures of running applications. The tool provides capabilities for real-time memory scanning and manipulation, allowing users to locate and alter specific values within a process's address space. It distinguishes itself through advanced debugging features, including hardware-assisted debugging, kernel-mode driver injection for bypassing memory protections, and dynamic binar
Vagrant is a virtual machine environment manager and infrastructure as code tool used to create and configure consistent development environments. It acts as a virtual machine provisioner and hypervisor abstraction layer, allowing users to define machine specifications and automate software installation on guest systems via declarative configuration files. The project enables cross-hypervisor orchestration by decoupling the command interface from specific virtualization backends. It ensures environment consistency through the distribution of pre-configured machine images and the orchestration
Ghidra is a software reverse engineering suite designed to analyze compiled binaries and reconstruct program logic without access to original source code. It provides an interactive environment for disassembly and decompilation, utilizing a platform-independent intermediate representation to maintain consistency across diverse hardware architectures. The framework supports automated binary analysis through programmatic routines, enabling the investigation of complex code patterns and security indicators. The platform distinguishes itself through a modular architecture that allows for extensiv
Radare2 is a comprehensive framework for reverse engineering and analyzing compiled software. It provides a command-line environment designed for disassembling, debugging, and patching binary executables across a wide range of processor architectures and operating systems. The system distinguishes itself through a modular, plugin-based architecture that supports cross-platform analysis and automated workflows. It utilizes memory-mapped file access to enable efficient structural inspection and modification of binaries without requiring full file loads. By lifting machine instructions into a un
This project is a comprehensive, community-driven directory of open-source tools, datasets, and documentation for malware analysis and cybersecurity research. It serves as a centralized index for security professionals and researchers to locate resources for investigating, reverse engineering, and analyzing malicious software. The directory organizes information through a structured taxonomy, covering specialized domains such as memory forensics, network traffic inspection, and honeypot threat research. By aggregating links to external utilities and frameworks, it provides a platform-agnostic
Pinokio is a specialized toolset for discovering, launching, and managing verified open-source AI projects. It functions as an automated browser and orchestrator that downloads, configures, and runs complex machine learning projects through a simplified graphical interface. The system utilizes a curated application launcher that executes reviewed and frozen scripts to ensure software integrity and stability. It manages dependencies through a script-based environment manager that organizes software into isolated local directories to prevent conflicts with the global system environment. The pl
This project is a set of specialized utilities for generating malformed documents, obfuscating payloads, and crafting specific attack vectors to evaluate the resilience of security scanners. It functions as a PDF fuzzing framework and security testing tool designed to create PDF files with embedded payloads for verifying how document viewers and web applications handle vulnerabilities. The toolkit provides capabilities for encoding and hiding malicious content to test the detection effectiveness of security scanners. It includes a security payload generator for crafting specific attack vector
Multipass is a virtual machine lifecycle controller and manager designed to create and orchestrate lightweight Ubuntu instances on a local workstation. It functions as a cross-platform hypervisor wrapper that provides a local cloud development environment for simulating cloud deployments. The system utilizes a hypervisor-abstraction layer and driver-based backend resolution to manage virtual machines across different host operating systems using native virtualization backends. It enables the simulation of cloud instance behavior through the injection of cloud-init metadata and initialization
JPEX Software is a comprehensive reverse engineering suite for SWF binary files, serving as an ActionScript decompiler and editor. It provides a toolkit for decompiling, analyzing, and modifying the internal structure of compiled Flash content, including the extraction of scripts and media assets. The project is distinguished by its ability to perform direct binary modification, allowing users to edit bytecode and replace embedded resources without reverting to high-level source code. It includes a runtime ActionScript bytecode debugger for variable inspection and call stack analysis, as well
Inno Setup is an open-source script-driven installer generator for Windows. It transforms a plain-text script—written in a Pascal-derived scripting language—into a standalone executable that handles file installation, registry configuration, shortcut creation, and uninstall logic. The resulting installer is a self-extracting executable that compresses all payload files using LZMA compression, producing a compact and self-contained setup package. The tool distinguishes itself with a fully programmable Pascal-based scripting language, allowing developers to write custom logic, design custom wiz
MBE is a security research educational resource providing binary exploitation courseware and a deployable CTF wargame environment. It functions as a structured curriculum of labs and materials designed for learning reverse engineering and memory corruption. The project provides containerized lab infrastructure and a binary analysis toolchain to ensure a controlled setting for vulnerability research. It utilizes isolated environments to deploy binary exploitation tasks, preventing interference and system instability. The system covers the provisioning of vulnerable environments through virtua
SpotX-Bash is a set of shell scripts used to modify the Spotify desktop client. Its primary purpose is to remove audio, banner, and video advertisements to ensure uninterrupted playback. The project employs binary patching and filesystem modifications to disable telemetry logging and block automatic software updates. It also unlocks hidden developer tools, debug windows, and experimental interface features. The utility includes capabilities for managing specific client versions across different operating systems and provides routines for clearing application cache to maintain the modified st
CloudStack is an infrastructure-as-a-service orchestration engine designed to automate the deployment and lifecycle of computing, storage, and networking resources within a software-defined data center. It serves as a management layer for provisioning private clouds and managing the delivery of virtual machines and persistent storage across virtualized physical infrastructure. The platform features a multi-hypervisor orchestrator that utilizes a hypervisor-agnostic abstraction layer to control diverse virtualization technologies through a unified set of standardized API calls. It further prov
This project is a red teaming knowledge base and offensive security playbook designed to simulate adversary behavior. It serves as a comprehensive collection of technical guides and tactics for executing red team operations. The repository provides detailed instructions for Active Directory exploitation, including Kerberos abuse and domain privilege escalation. It covers defense evasion through API unhooking and payload obfuscation, as well as Windows internals research involving the manipulation of kernel objects and system memory. The capability surface extends to network penetration testi
This project is a curated repository of remote access trojan binaries and malware samples. It serves as a structured analysis dataset and security research toolset designed for studying the behavior and inner workings of remote administration tools. The collection provides a versioned archive of malware samples and backdoor interfaces, with specific categorizations for target platforms including Windows and Android. It organizes these binaries to facilitate the study of malware evolution and the identification of technical patterns. The repository covers several security research areas, incl
vphone-cli is a command line interface for booting virtual iOS devices using Apple's native virtualization framework. It provides a sandboxed virtual mobile environment and tools for executing iOS system images on a host operating system. The project includes a firmware flashing utility capable of building signed ramdisks and applying custom firmware patches to virtual device boot chains. It facilitates the installation of custom firmware variants to remove system security restrictions. The toolset covers virtual device provisioning through system image restoration and security blob retrieva
Homestead is a virtual machine provisioner that creates a standardized PHP development environment. It provides a disposable development workspace that isolates project dependencies and server tools from the host operating system, using Vagrant to orchestrate the machine lifecycle. The system functions as a local site orchestrator, allowing users to map custom domains to specific project folders through virtual host routing and network port forwarding. It includes a dedicated local mail testing tool that intercepts outgoing application emails in a dashboard for inspection without sending them
This is a practical, step-by-step guide to Linux system administration, command-line usage, and development environment setup, written from the perspective of a Java developer. The tutorial is structured as a sequence of terminal commands with explanations, teaching system administration through direct modification of plain-text configuration files. It provides separate workflows for CentOS, Ubuntu, and Kali Linux, covering both yum and apt package managers with equivalent commands for each operation. The guide emphasizes a security-first workflow, walking through firewall configuration, SSH
Commando VM is a Windows-based penetration testing distribution and offensive security virtual machine. It serves as a toolset manager for deploying and maintaining a curated collection of security tools, scripts, and configurations designed for security auditing, red teaming, and adversary simulation. The project automates the provisioning of a specialized workstation by using PowerShell scripts and a modular repository to orchestrate the installation of offensive security software. It utilizes a community-driven package manager to handle dependency resolution and binary installations, ensur
This project is a collection of shell-based automation scripts designed to automate the deployment and configuration of Linux containers and virtual machines on Proxmox VE hosts. It provides toolsets for the scripted provisioning of virtual machine infrastructure and the creation of pre-defined containers for various applications. The toolset includes specialized utilities for Proxmox host management, such as automating post-installation setup, managing system backups, and cleaning up old kernels to reclaim disk space. It further provides automated configurations for hardware passthrough, ena