A list of useful tools for Malware Analysis (will be updated regularly)
☆159Aug 5, 2025Updated 6 months ago
Alternatives and similar repositories for malware-tools
Users that are interested in malware-tools are comparing it to the libraries listed below
Sorting:
- FileSigExtractor is a python based tool which extracts the file signatures of all files within a directory and writes the output to a CSV…☆10Jul 15, 2023Updated 2 years ago
- Rolling Timeline for Incident Recorder.☆14Dec 4, 2023Updated 2 years ago
- Track previous changes on specific AD accounts (users, computers) and Groups (online DC), even if event logs were wiped/not collected (e.��…☆16Feb 25, 2025Updated last year
- PowerShell scripts to aid investigators when utilizing O365 and Magnet Axiom.☆12Aug 26, 2024Updated last year
- A tool for fetching DFIR and other GitHub tools.☆25Aug 2, 2025Updated 7 months ago
- Redirects a specified API for a one time execution of code upon injection into a process.☆15Nov 24, 2020Updated 5 years ago
- This tool parses Windows EVTX logs to extract login and logout sessions from a security.evtx file. It uses a Tkinter GUI to let you selec…☆31Feb 22, 2025Updated last year
- ☆24Mar 12, 2025Updated 11 months ago
- Basic Deobfuscator for SaintFuscator, Using CCFlow with this tool is recommended☆16Jun 4, 2021Updated 4 years ago
- CLI tools for forensic investigation of Windows artifacts☆349Jul 21, 2025Updated 7 months ago
- Just Another broken Registry Parser (JARP)☆16May 23, 2024Updated last year
- Forensic cheatsheets for use with cheat☆15Dec 2, 2021Updated 4 years ago
- A collaboration effort by the DFIR community to provide definitions (sometimes multiple) for common forensic terms!☆26Dec 1, 2022Updated 3 years ago
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆89Feb 9, 2025Updated last year
- Just load this .js module and it will start tracking all external calls by a JS-application☆44Dec 17, 2024Updated last year
- Windows Forensics Environment Builder☆179Dec 5, 2025Updated 2 months ago
- PowerShell scripts for running Magnet RESPONSE forensic collection tool in large enterprises.☆30Jan 9, 2025Updated last year
- Parser fo macOS/iOS FSEvents Logs☆43May 6, 2024Updated last year
- An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.☆341Dec 3, 2025Updated 2 months ago
- Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)☆68Sep 13, 2023Updated 2 years ago
- Python web app for previewing data in a Chrome Profile Folder☆23Jul 1, 2024Updated last year
- Web app built to allow digital forensic professionals to search for the forensic tools that will parse artifacts from various apps.☆19Apr 30, 2025Updated 10 months ago
- PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.☆36Jul 11, 2023Updated 2 years ago
- PowerShell Digital Forensics & Incident Response Scripts.☆771Jan 14, 2026Updated last month
- xLCB plugin for x64dbg☆20Oct 4, 2016Updated 9 years ago
- Google Filestream Forensic Tool☆22Mar 10, 2022Updated 3 years ago
- ☆22Jan 31, 2023Updated 3 years ago
- A Model Context Protocol (MCP) server that integrates Volatility 3 memory forensics framework with Claude☆30Jul 7, 2025Updated 7 months ago
- A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.☆162Apr 6, 2025Updated 10 months ago
- This repository contains sample programs written primarily in C and C++ for learning native code reverse engineering.☆742Nov 30, 2025Updated 3 months ago
- 🟩 NanoMC – A lightweight, portable Minecraft 1.8.9 build under 300MB. Runs anywhere, no install required.☆11Sep 7, 2025Updated 5 months ago
- paste string formatted byte data block into x64dbg easy.☆42Jan 2, 2021Updated 5 years ago
- Plugin for x64Dbg adding Lua scripting.☆21May 3, 2019Updated 6 years ago
- A series of python scripts to extract information from SQLite Data Files☆21Nov 15, 2025Updated 3 months ago
- anti cheat drv open source☆19Apr 18, 2024Updated last year
- A KISS Rust crate to parse Windows kernel crash-dumps created by Windows & its debugger.☆42Jan 2, 2026Updated 2 months ago
- Memory Scaner☆65Sep 9, 2022Updated 3 years ago
- A PowerShell incident response script for quick triage☆81Jul 18, 2022Updated 3 years ago
- A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as …☆431Feb 18, 2026Updated last week