decalage2 / balbuzard
Balbuzard is a package of malware analysis tools in python to extract patterns of interest from suspicious files (IP addresses, domain names, known file headers, interesting strings, etc). It can also crack malware obfuscation such as XOR, ROL, etc by bruteforcing and checking for those patterns.
☆131Updated 5 years ago
Alternatives and similar repositories for balbuzard:
Users that are interested in balbuzard are comparing it to the libraries listed below
- A modern Python-3-based alternative to RegRipper☆190Updated 2 months ago
- Various scripts for different malware families☆104Updated 3 years ago
- Various capabilities for static malware analysis.☆75Updated 4 months ago
- PE Import Hash Generator☆75Updated 7 years ago
- unXOR will search a XORed file and try to guess the key using known-plaintext attacks.☆141Updated 4 years ago
- ☆81Updated 5 years ago
- Various config files obtained during malware analysis☆67Updated 6 years ago
- ☆134Updated 6 years ago
- Python script to decode common encoded PowerShell scripts☆215Updated 6 years ago
- Malware similarity platform with modularity in mind.☆76Updated 3 years ago
- Lazy Office Analyzer☆119Updated 7 years ago
- Yet another registry parser☆130Updated 2 years ago
- A taxonomy and dictionary of malware behaviors.☆42Updated 5 years ago
- Community modules for FAME☆65Updated 2 months ago
- Mystique may be used to discover infection markers that can be used to vaccinate endpoints against malware. It receives as input a malici…☆81Updated 7 years ago
- VSCode extension for the YARA pattern matching language☆63Updated last year
- Automated malware unpacker☆120Updated 8 years ago
- Page File analysis tools.☆124Updated 9 years ago
- Set of Yara rules for finding files using magics headers☆136Updated 4 years ago
- Extract common Windows artifacts from source images and VSCs☆65Updated 3 years ago
- c2 traffic☆189Updated last year
- Tools from WFA 4/e, timeline tools, etc.☆133Updated 11 months ago
- Various Yara signatures (possibly to be included in a release later).☆86Updated 5 years ago
- EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.☆192Updated 4 years ago
- BinSequencer is a script designed to find a common pattern of bytes within a set of samples and generate a YARA rule from the identified…☆74Updated 3 years ago
- Allows you to quickly query a Windows machine for RAM artifacts☆218Updated 4 years ago
- Ursnif beacon decryptor☆27Updated last year
- Tool to help analyze PDF files☆181Updated 10 years ago
- Malquarium - Modern Malware Repository☆47Updated 5 years ago
- A VBA parser and emulation engine to analyze malicious macros.☆93Updated this week