Alternatives and similar repositories for malduck

Users that are interested in malduck are comparing it to the libraries listed below

• CERT-Polska / karton

  View on GitHub
  Distributed malware processing framework based on Python, Redis and S3.
  ☆462Dec 1, 2025Updated 2 months ago
• CERT-Polska / mwdb-core

  View on GitHub
  Malware repository component for samples & static configuration with REST API interface.
  ☆373Feb 6, 2026Updated last week
• CERT-Polska / mquery

  View on GitHub
  YARA malware query accelerator (web frontend)
  ☆437Feb 3, 2026Updated last week
• c3rb3ru5d3d53c / mwcfg

  View on GitHub
  A Feature Rich Modular Malware Configuration Extraction Utility for MalDuck
  ☆131Nov 25, 2023Updated 2 years ago
• CERT-Polska / drakvuf-sandbox

  View on GitHub
  DRAKVUF Sandbox - automated hypervisor-level malware analysis system
  ☆1,263Updated this week
• hatching / roach

  View on GitHub
  Cockroach is your primitive & immortal swiss army knife.
  ☆49Dec 8, 2021Updated 4 years ago
• mandiant / speakeasy

  View on GitHub
  Windows kernel and user mode emulation.
  ☆1,837Feb 4, 2026Updated last week
• CERT-Polska / karton-misp-pusher

  View on GitHub
  ☆16Apr 30, 2024Updated last year
• target / halogen

  View on GitHub
  Automatically create YARA rules from malicious documents.
  ☆212May 16, 2022Updated 3 years ago
• CERT-Polska / ursadb

  View on GitHub
  Trigram database written in C++, suited for malware indexing
  ☆130Jan 26, 2026Updated 2 weeks ago
• binref / refinery

  View on GitHub
  High Octane Triage Analysis
  ☆808Updated this week
• mandiant / dncil

  View on GitHub
  The FLARE team's open-source library to disassemble Common Intermediate Language (CIL) instructions.
  ☆171Feb 5, 2026Updated last week
• c3rb3ru5d3d53c / binlex

  View on GitHub
  A Binary Genetic Traits Lexer Framework
  ☆522Aug 14, 2025Updated 6 months ago
• DissectMalware / XLMMacroDeobfuscator

  View on GitHub
  Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)
  ☆587May 5, 2024Updated last year
• danielplohmann / apiscout

  View on GitHub
  This project aims at simplifying Windows API import recovery on arbitrary memory dumps
  ☆262Mar 27, 2023Updated 2 years ago
• KasperskyLab / klara

  View on GitHub
  Kaspersky's GReAT KLara
  ☆730Jul 24, 2024Updated last year
• carbonblack / binee

  View on GitHub
  Binee: binary emulation environment
  ☆530Feb 25, 2023Updated 2 years ago
• pan-unit42 / dotnetfile

  View on GitHub
  ☆113Sep 10, 2025Updated 5 months ago
• mandiant / stringsifter

  View on GitHub
  A machine learning tool that ranks strings based on their relevance for malware analysis.
  ☆750Jan 22, 2026Updated 3 weeks ago
• avast / yari

  View on GitHub
  YARI is an interactive debugger for YARA Language.
  ☆90Sep 10, 2025Updated 5 months ago
• advanced-threat-research / Yara-Rules

  View on GitHub
  Repository of YARA rules made by Trellix ATR Team
  ☆625Mar 18, 2025Updated 10 months ago
• alexander-hanel / gopep

  View on GitHub
  Go Lang Portable Executable Parser
  ☆39Mar 31, 2021Updated 4 years ago
• hasherezade / mal_unpack

  View on GitHub
  Dynamic unpacker based on PE-sieve
  ☆796Sep 13, 2025Updated 5 months ago
• c3rb3ru5d3d53c / karton-unpacker

  View on GitHub
  A modular Karton Framework service that unpacks common packers like UPX and others using the Qiling Framework.
  ☆58May 24, 2021Updated 4 years ago
• mandiant / capa-rules

  View on GitHub
  Standard collection of rules for capa: the tool for enumerating the capabilities of programs
  ☆685Jan 30, 2026Updated 2 weeks ago
• mandiant / capa

  View on GitHub
  The FLARE team's open-source tool to identify capabilities in executable files.
  ☆5,813Feb 5, 2026Updated last week
• CERT-Polska / mwdblib

  View on GitHub
  Client library for the mwdb service by CERT Polska.
  ☆42Sep 25, 2025Updated 4 months ago
• alexandreborges / malwoverview

  View on GitHub
  Malwoverview is a rapid response tool used to gather intelligence information from VirusTotal, Hybrid Analysis, URLHaus, Polyswarm, Malsh…
  ☆3,531Jan 20, 2026Updated 3 weeks ago
• dod-cyber-crime-center / DC3-MWCP

  View on GitHub
  DC3 Malware Configuration Parser (DC3-MWCP) is a framework for parsing configuration information from malware. The information extracted …
  ☆339Feb 7, 2025Updated last year
• JusticeRage / Manalyze

  View on GitHub
  A static analyzer for PE executables.
  ☆1,103Jan 30, 2026Updated 2 weeks ago
• mak / mlib

  View on GitHub
  Your bag of handy codes for malware researchers
  ☆120Mar 20, 2020Updated 5 years ago
• felixweyne / imaginaryC2

  View on GitHub
  Imaginary C2 is a python tool which aims to help in the behavioral (network) analysis of malware. Imaginary C2 hosts a HTTP server which …
  ☆447Oct 26, 2022Updated 3 years ago
• danielplohmann / mcrit

  View on GitHub
  The MinHash-based Code Relationship & Investigation Toolkit (MCRIT) is a framework created to simplify the application of the MinHash alg…
  ☆96Jan 13, 2026Updated last month
• OALabs / BlobRunner

  View on GitHub
  Quickly debug shellcode extracted during malware analysis
  ☆625May 23, 2023Updated 2 years ago
• Tera0017 / TAFOF-Unpacker

  View on GitHub
  TA505 unpacker Python 2.7
  ☆47Jun 22, 2020Updated 5 years ago
• kevoreilly / CAPEv2

  View on GitHub
  Malware Configuration And Payload Extraction
  ☆2,991Feb 6, 2026Updated last week
• CrowdStrike / SuperMem

  View on GitHub
  A python script developed to process Windows memory images based on triage type.
  ☆264Nov 25, 2023Updated 2 years ago
• usualsuspect / yara_vt_mock

  View on GitHub
  Emulates the VirusTotal "vt" YARA module for livehunt rule debugging/testing
  ☆25May 29, 2023Updated 2 years ago
• fox-it / mkYARA

  View on GitHub
  Generating YARA rules based on binary code
  ☆220Oct 7, 2021Updated 4 years ago