decalage2 / balbuzardView external linksLinks
Balbuzard is a package of malware analysis tools in python to extract patterns of interest from suspicious files (IP addresses, domain names, known file headers, interesting strings, etc). It can also crack malware obfuscation such as XOR, ROL, etc by bruteforcing and checking for those patterns.
☆140Jan 10, 2020Updated 6 years ago
Alternatives and similar repositories for balbuzard
Users that are interested in balbuzard are comparing it to the libraries listed below
Sorting:
- ExeFilter is an open-source tool and framework to filter file formats in e-mails, web pages or files. It detects many common file formats…☆70Dec 13, 2021Updated 4 years ago
- Tool to help guess a files 256 byte XOR key by using frequency analysis☆88Jun 11, 2018Updated 7 years ago
- unXOR will search a XORed file and try to guess the key using known-plaintext attacks.☆145Apr 23, 2020Updated 5 years ago
- A VBA parser and emulation engine to analyze malicious macros.☆1,118Jul 10, 2024Updated last year
- A GC link parser for both linkfiles and jumplists.☆18Oct 28, 2016Updated 9 years ago
- hopefully a source-to-source deobfuscator, aiming at deobfuscating common scripts languages such as Powershell, VBA and Javascript. Curre…☆40Aug 17, 2019Updated 6 years ago
- VB Exe Parser is an IDA script written in Python. This script will help you to parse VB program internal structures. It can find: Event, …☆17Oct 8, 2016Updated 9 years ago
- Server for receiving autorun data from the clients☆13Sep 26, 2017Updated 8 years ago
- Yara rules for malware families seen as part of targeted threats project☆142Nov 17, 2016Updated 9 years ago
- Collection of single use scripts I worte for windows forensics☆27Feb 1, 2012Updated 14 years ago
- A python script for easy static analysis and automatic signature generation of malware.☆12Sep 30, 2013Updated 12 years ago
- FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.☆3,877Feb 3, 2026Updated last week
- Yara rules for quick reverse engineering of malware.☆19Dec 9, 2015Updated 10 years ago
- ☆60Jan 28, 2026Updated 2 weeks ago
- Egressbuster is a method to check egress filtering and identify if ports are allowed. If they are, you can automatically spawn a shell.☆12Mar 14, 2018Updated 7 years ago
- BabelDeobfuscator is an open-source deobfuscator for BabelObfuscator☆11May 15, 2015Updated 10 years ago
- Scripts that I've written that others may find useful☆14Aug 17, 2022Updated 3 years ago
- Decoders for 7ev3n ransomware☆17Oct 24, 2016Updated 9 years ago
- A collection of useful scripts for penetration testers☆83Oct 23, 2012Updated 13 years ago
- olefile is a Python package to parse, read and write Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or…☆259Oct 28, 2024Updated last year
- A DFVFS Backed Forensic Viewer☆42Apr 13, 2020Updated 5 years ago
- Volatility plugin for extracts configuration data of known malware☆495Dec 22, 2023Updated 2 years ago
- MAEC Schemas and Schema Development☆89Jan 29, 2020Updated 6 years ago
- Tools for parsing Forensic images☆41Dec 14, 2018Updated 7 years ago
- This is a framework written in EnScript to utilize the network capabilities of EnCase. The purpose is to allow for someone to build a qui…☆13Apr 22, 2015Updated 10 years ago
- Checks with NSRL RDS servers looking for for hash matches☆114Feb 26, 2021Updated 4 years ago
- Automated malware unpacker☆120Mar 5, 2016Updated 9 years ago
- FileInsight-plugins: decoding toolbox of McAfee FileInsight hex editor for malware analysis☆163Dec 15, 2024Updated last year
- oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware a…☆3,280Jan 26, 2026Updated 2 weeks ago
- Noriben - Portable, Simple, Malware Analysis Sandbox☆1,229Aug 7, 2025Updated 6 months ago
- Windows Live Artifacts Acquisition Script☆190Jun 20, 2022Updated 3 years ago
- Windows Prefetch parser. Supports all known versions from Windows XP to Windows 10.☆116Jan 8, 2025Updated last year
- Set of Yara rules for finding files using magics headers☆142Sep 8, 2020Updated 5 years ago
- Registry Explorer bookmark definitions☆44Dec 19, 2024Updated last year
- Browse Windows Prefetch versions: 17,23,26,30v1/2,31 & some of SuperFetch .7db/.db's☆64Dec 18, 2024Updated last year
- IP addresses exploiting recent log4j2 vulnerability CVE-2021-44228☆16Dec 19, 2021Updated 4 years ago
- Sandbox for semi-automatic Javascript malware analysis, deobfuscation and payload extraction. Written for Node.js☆479Jun 16, 2023Updated 2 years ago
- The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted driv…☆345Jun 25, 2022Updated 3 years ago
- PEframe is a open source tool to perform static analysis on Portable Executable malware and malicious MS Office documents.☆619Aug 8, 2022Updated 3 years ago