rshipp/awesome-malware-analysis

★ 13,755Audience · researcherComplexity · 1/5Setup · easy

Mindmap

mindmap
  root((Malware Analysis))
    Collect samples
      Honeypots
      Sample archives
    Analyze
      Sandboxes
      Reverse engineering
      Network traffic
    Topics
      Memory forensics
      Shellcode
      Documents
    Audience
      Researchers
      Security students

mindmap root((Malware Analysis)) Collect samples Honeypots Sample archives Analyze Sandboxes Reverse engineering Network traffic Topics Memory forensics Shellcode Documents Audience Researchers Security students

Click or tap to explore — scroll the page freely

Things people build with this

USE CASE 1

Find an online sandbox to safely run a suspicious file and observe its behavior without risking a real machine.

USE CASE 2

Discover reverse engineering and debugging tools for analyzing obfuscated malware samples.

USE CASE 3

Locate public malware sample archives for researching known threats and building detection rules.

USE CASE 4

Find memory forensics tools to analyze running processes and extract indicators of compromise.

Getting it running

Difficulty · easy Time to first run · 5min

In plain English

Awesome Malware Analysis is not a piece of software you run. It is a curated list: a long, organized collection of links to tools, websites, and learning materials for people who analyze malicious software. Malware analysis is the practice of examining harmful programs to understand what they do, how they work, and how to defend against them. Security researchers, incident responders, and students use lists like this as a starting reference for the field. It is part of a broader family of community-maintained awesome lists on GitHub. The list is divided into clearly labeled sections. Early sections cover collecting malware safely, including honeypots, which are decoy systems set up to lure and trap attackers, and public archives of malware samples that researchers can download and study. Other sections gather open-source threat intelligence tools, which help track known attack indicators, along with online scanners and sandboxes that run suspicious files in isolated environments to observe their behavior without risking real machines. Further sections cover more specialized areas: analyzing suspicious domains, examining malicious documents and shellcode, carving hidden files out of data, undoing deliberate obfuscation in code, debugging and reverse engineering programs, inspecting network traffic, memory forensics, and Windows system artifacts. There is also a section on tools for storing and organizing analysis work. Toward the end the list points to books and other learning resources, related awesome lists from the same community, and instructions for contributing. A Chinese translation of the full list is included in the repository. The repository description and README also carry political statements from the maintainer, including phrases about defunding police and opposing ICE, which appear alongside the technical content. Because the README is very long, only a portion was available for this summary. The full README is longer than what was shown.

Copy-paste prompts

Prompt 1

I found a suspicious Windows executable. Using tools from the awesome-malware-analysis list, walk me through a static analysis workflow: hashing, strings extraction, and PE header inspection.

Prompt 2

Which sandboxes in the awesome-malware-analysis list can analyze Android APKs and how do I submit a sample to one of them?

Prompt 3

I want to set up a home malware analysis lab. Based on this list, what are the essential open-source tools to install first for a beginner?

Prompt 4

How do I use a network traffic capture tool from this list to intercept and log what a suspicious program attempts to connect to?

Open on GitHub → Explain another repo

← rshipp on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.