Balbuzard is a package of malware analysis tools in python to extract patterns of interest from suspicious files (IP addresses, domain names, known file headers, interesting strings, etc). It can also crack malware obfuscation such as XOR, ROL, etc by bruteforcing and checking for those patterns.
☆140Jan 10, 2020Updated 6 years ago
Alternatives and similar repositories for balbuzard
Users that are interested in balbuzard are comparing it to the libraries listed below
Sorting:
- ExeFilter is an open-source tool and framework to filter file formats in e-mails, web pages or files. It detects many common file formats…☆71Dec 13, 2021Updated 4 years ago
- Tool to help guess a files 256 byte XOR key by using frequency analysis☆88Jun 11, 2018Updated 7 years ago
- unXOR will search a XORed file and try to guess the key using known-plaintext attacks.☆145Apr 23, 2020Updated 5 years ago
- A VBA parser and emulation engine to analyze malicious macros.☆1,119Jul 10, 2024Updated last year
- A GC link parser for both linkfiles and jumplists.☆18Oct 28, 2016Updated 9 years ago
- Yara rules for malware families seen as part of targeted threats project☆141Nov 17, 2016Updated 9 years ago
- hopefully a source-to-source deobfuscator, aiming at deobfuscating common scripts languages such as Powershell, VBA and Javascript. Curre…☆40Aug 17, 2019Updated 6 years ago
- FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.☆3,923Updated this week
- Yara rules for quick reverse engineering of malware.☆19Dec 9, 2015Updated 10 years ago
- oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware a…☆3,300Feb 14, 2026Updated last month
- VB Exe Parser is an IDA script written in Python. This script will help you to parse VB program internal structures. It can find: Event, …☆17Oct 8, 2016Updated 9 years ago
- APIInfo Plugin (x86) - A Plugin For x64dbg☆50Jul 17, 2018Updated 7 years ago
- Set of Yara rules for finding files using magics headers☆142Sep 8, 2020Updated 5 years ago
- This repository hosts community contributed Kestrel huntflows (.hf) and huntbooks (.ipynb)☆37Jan 2, 2024Updated 2 years ago
- Tools for parsing Forensic images☆41Dec 14, 2018Updated 7 years ago
- Malware.lu configuration extractor☆26Mar 27, 2014Updated 11 years ago
- A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.☆13Apr 1, 2019Updated 6 years ago
- MAEC Schemas and Schema Development☆89Jan 29, 2020Updated 6 years ago
- Detect malicious domain, Blablablablabla☆27Jan 8, 2017Updated 9 years ago
- Volatility plugin for extracts configuration data of known malware☆495Dec 22, 2023Updated 2 years ago
- Carve Windows Prefetch files from arbitrary binary data☆16Jun 11, 2017Updated 8 years ago
- The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted driv…☆343Jun 25, 2022Updated 3 years ago
- Noriben - Portable, Simple, Malware Analysis Sandbox☆1,239Aug 7, 2025Updated 7 months ago
- A collection of YARA rules we wish to share with the world, most probably referenced from http://blog.inquest.net.☆388May 11, 2022Updated 3 years ago
- Plugins to add funtionality to ProcDOT. http://www.procdot.com☆25Sep 26, 2023Updated 2 years ago
- A machine learning tool that ranks strings based on their relevance for malware analysis.☆754Mar 11, 2026Updated last week
- ☆12Dec 14, 2016Updated 9 years ago
- Generic data DEcoding/ENcoding application built with PyQt5.☆48Mar 29, 2025Updated 11 months ago
- A collection of YARA rules for public use. Built from information in intelligence profiles, dossiers and file work.☆18Sep 10, 2023Updated 2 years ago
- Malware similarity platform with modularity in mind.☆80Jul 18, 2021Updated 4 years ago
- Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux☆506Oct 21, 2022Updated 3 years ago
- PEframe is a open source tool to perform static analysis on Portable Executable malware and malicious MS Office documents.☆619Aug 8, 2022Updated 3 years ago
- YARA duplicate rule detection and removal. YARA rule index creation. YARA rule file merger.☆10Jan 19, 2026Updated 2 months ago
- A python script for easy static analysis and automatic signature generation of malware.☆12Sep 30, 2013Updated 12 years ago
- A taxonomy and dictionary of malware behaviors.☆43Aug 20, 2019Updated 6 years ago
- FileInsight-plugins: decoding toolbox of McAfee FileInsight hex editor for malware analysis☆164Dec 15, 2024Updated last year
- Malware analysis tool☆22Apr 27, 2025Updated 10 months ago
- Windows Prefetch parser. Supports all known versions from Windows XP to Windows 10.☆116Jan 8, 2025Updated last year
- Fast Evidence Collector Toolkit is an incident response toolkit to collect evidences on a suspicious windows computer☆41Jul 29, 2020Updated 5 years ago