الفريق العربي للهندسة العكسية

نسخة كاملة : Detection and Classification أدوات كشف تلغيم والفيروسات
أنت حالياً تتصفح نسخة خفيفة من المنتدى . مشاهدة نسخة كاملة مع جميع الأشكال الجمالية .
 Antivirus and other malware identification tools
https://github.com/hiddenillusion/AnalyzePE]AnalyzePE
 - Wrapper for a variety of tools for reporting on Windows PE files.
https://bitbucket.org/cse-assemblyline/assemblyline]Assemblyline
 - A scalable distributed file analysis framework.
https://github.com/airbnb/binaryalert]BinaryAlert
 - An open source, serverless AWS pipeline that scans and alerts on uploaded files based on a set of YARA rules.
http://www.chkrootkit.org/]chkrootkit
 - Local Linux rootkit detection.
http://www.clamav.net/]ClamAV
 - Open source antivirus engine.
https://github.com/horsicq/Detect-It-Easy]Detect-It-Easy
 - A program for determining types of files.
http://exeinfo.pe.hu/]Exeinfo PE
 - Packer, compressor detector, unpack info, internal exe tools.
https://sno.phy.queensu.ca/~phil/exiftool/]ExifTool
 - Read, write and edit file metadata.
https://github.com/EmersonElectricCo/fsf]File Scanning Framework
 - Modular, recursive file scanning solution.
https://github.com/uppusaikiran/generic-parser]Generic File Parser
 - A Single Library Parser to extract meta information,static analysis and detect macros within the files.
https://github.com/jessek/hashdeep]hashdeep
 - Compute digest hashes with a variety of algorithms.
https://github.com/gurnec/HashCheck]HashCheck
 - Windows shell extension to compute hashes with a variety of algorithms.
https://github.com/Neo23x0/Loki]Loki
 - Host based scanner for IOCs.
https://github.com/Dynetics/Malfunction]Malfunction
 - Catalog and compare malware at a function level.
https://github.com/JusticeRage/Manalyze]Manalyze
 - Static analyzer for PE executables.
https://github.com/KoreLogicSecurity/mastiff]MASTIFF
 - Static analysis framework.
https://github.com/mitre/multiscanner]MultiScanner
 - Modular file scanning/analysis framework
https://github.com/rjhansen/nsrllookup]nsrllookup
 - A tool for looking up hashes in NIST's National Software Reference Library database.
http://handlers.sans.org/jclausing/packerid.py]packerid
 - A cross-platform Python alternative to PEiD.
https://hshrzd.wordpress.com/pe-bear/]PE-bear
 - Reversing tool for PE files.
http://pev.sourceforge.net/]PEV
 - A multiplatform toolkit to work with PE files, providing feature-rich tools for proper analysis of suspicious binaries.
http://rkhunter.sourceforge.net/]Rootkit Hunter
 - Detect Linux rootkits.
https://ssdeep-project.github.io/ssdeep/]ssdeep
 - Compute fuzzy hashes.
https://gist.github.com/gleblanc1783/3c8e6b379fa9d646d401b96ab5c7877f]totalhash.py
 - Python script for easy searching of the 
https://totalhash.cymru.com/]TotalHash.cymru.com
 database.
http://mark0.net/soft-trid-e.html]TrID
 - File identifier.
https://github.com/uppusaikiran/virustotal-falsepositive-detector]virustotal-falsepositive-detector
 - A Tool to Analyze Virustotal Reports to Find Potential False Positives based on similarity of Detection Naming.
https://plusvic.github.io/yara/]YARA
 - Pattern matching tool for analysts.
https://github.com/Neo23x0/yarGen]Yara rules generator
 - Generate yara rules based on a set of malware samples. Also contains a good strings DB to avoid false positives.
https://github.com/uppusaikiran/yara-finder]Yara Finder
 - A simple tool to yara match the file against various yara rules to find the indicators of suspicion