whatisgithub

What is awesome-malware-analysis?

rshipp/awesome-malware-analysis — explained in plain English

Analysis updated 2026-06-24

13,755Audience · researcherComplexity · 1/5Setup · easy

In one sentence

A curated, community-maintained list of tools, sandboxes, online scanners, and learning resources for security researchers and students who study how malicious software works.

Mindmap

mindmap
  root((Malware Analysis))
    Collect samples
      Honeypots
      Sample archives
    Analyze
      Sandboxes
      Reverse engineering
      Network traffic
    Topics
      Memory forensics
      Shellcode
      Documents
    Audience
      Researchers
      Security students
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Find an online sandbox to safely run a suspicious file and observe its behavior without risking a real machine.

USE CASE 2

Discover reverse engineering and debugging tools for analyzing obfuscated malware samples.

USE CASE 3

Locate public malware sample archives for researching known threats and building detection rules.

USE CASE 4

Find memory forensics tools to analyze running processes and extract indicators of compromise.

How does it compare?

rshipp/awesome-malware-analysisdenoland/freshseaswalker/spring-analysis
Stars13,75513,75513,751
LanguageTypeScriptJava
Setup difficultyeasyeasyeasy
Complexity1/53/51/5
Audienceresearcherdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · easy Time to first run · 5min

So what is it?

Awesome Malware Analysis is not a piece of software you run. It is a curated list: a long, organized collection of links to tools, websites, and learning materials for people who analyze malicious software. Malware analysis is the practice of examining harmful programs to understand what they do, how they work, and how to defend against them. Security researchers, incident responders, and students use lists like this as a starting reference for the field. It is part of a broader family of community-maintained awesome lists on GitHub. The list is divided into clearly labeled sections. Early sections cover collecting malware safely, including honeypots, which are decoy systems set up to lure and trap attackers, and public archives of malware samples that researchers can download and study. Other sections gather open-source threat intelligence tools, which help track known attack indicators, along with online scanners and sandboxes that run suspicious files in isolated environments to observe their behavior without risking real machines. Further sections cover more specialized areas: analyzing suspicious domains, examining malicious documents and shellcode, carving hidden files out of data, undoing deliberate obfuscation in code, debugging and reverse engineering programs, inspecting network traffic, memory forensics, and Windows system artifacts. There is also a section on tools for storing and organizing analysis work. Toward the end the list points to books and other learning resources, related awesome lists from the same community, and instructions for contributing. A Chinese translation of the full list is included in the repository. The repository description and README also carry political statements from the maintainer, including phrases about defunding police and opposing ICE, which appear alongside the technical content. Because the README is very long, only a portion was available for this summary. The full README is longer than what was shown.

Copy-paste prompts

Prompt 1
I found a suspicious Windows executable. Using tools from the awesome-malware-analysis list, walk me through a static analysis workflow: hashing, strings extraction, and PE header inspection.
Prompt 2
Which sandboxes in the awesome-malware-analysis list can analyze Android APKs and how do I submit a sample to one of them?
Prompt 3
I want to set up a home malware analysis lab. Based on this list, what are the essential open-source tools to install first for a beginner?
Prompt 4
How do I use a network traffic capture tool from this list to intercept and log what a suspicious program attempts to connect to?

Frequently asked questions

What is awesome-malware-analysis?

A curated, community-maintained list of tools, sandboxes, online scanners, and learning resources for security researchers and students who study how malicious software works.

How hard is awesome-malware-analysis to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is awesome-malware-analysis for?

Mainly researcher.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.