Repositories list

• VM-Packages

  Public
  Chocolatey packages supporting the analysis environment projects FLARE-VM & Commando VM.

  reverse-engineeringmalware-analysischocolatey-packages+ 1flare

  PowerShell

  •

  Apache License 2.0

  •71•152•110•10•Updated Dec 25, 2024Dec 25, 2024

• PwnAuth

  Public
  Python

  •

  Apache License 2.0

  •91•376•2•10•Updated Dec 23, 2024Dec 23, 2024

• flare-floss

  Public
  FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.

  stringsdeobfuscationflare+ 3gsoc-2024malwaremalware-analysis

  Python

  •

  Apache License 2.0

  •457•3.4k•91•8•Updated Dec 23, 2024Dec 23, 2024

• capa

  Public
  The FLARE team's open-source tool to identify capabilities in executable files.

  reverse-engineeringmalware-analysisbinary-analysis+ 1threat-intelligence

  Python

  •

  Apache License 2.0

  •567•5k•225•14•Updated Dec 23, 2024Dec 23, 2024

• dncil

  Public
  The FLARE team's open-source library to disassemble Common Intermediate Language (CIL) instructions.

  gsoc-2024

  Python

  •

  Apache License 2.0

  •17•159•2•7•Updated Dec 23, 2024Dec 23, 2024

• macos-UnifiedLogs

  Public
  Rust

  •

  Apache License 2.0

  •22•221•10•5•Updated Dec 21, 2024Dec 21, 2024

• gootloader

  Public
  Collection of scripts used to deobfuscate GOOTLOADER malware samples.

  deobfuscationgootloader

  Python

  •

  Apache License 2.0

  •10•58•1•0•Updated Dec 19, 2024Dec 19, 2024

• xrefer

  Public
  FLARE Team's Binary Navigator

  reverse-engineeringida-promalware-analysis+ 4binary-analysisidapythonthreat-intelligenceidaplugin

  Python

  •

  Apache License 2.0

  •12•166•1•0•Updated Dec 19, 2024Dec 19, 2024

• capa-rules

  Public
  Standard collection of rules for capa: the tool for enumerating the capabilities of programs

  Apache License 2.0

  •164•554•101•3•Updated Dec 18, 2024Dec 18, 2024

• flare-vm

  Public
  A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

  reverse-engineeringmalware-analysisflare

  PowerShell

  •

  Apache License 2.0

  •931•6.7k•16•2•Updated Dec 13, 2024Dec 13, 2024

• gocrack

  Public
  GoCrack is a management frontend for password cracking tools written in Go

  fireeye-flare

  Go

  •

  MIT License

  •243•1.2k•18•8•Updated Dec 11, 2024Dec 11, 2024

• gocrack-ui

  Public
  The User Interface for GoCrack

  fireeye-flare

  Vue

  •

  MIT License

  •51•86•0•33•Updated Dec 11, 2024Dec 11, 2024

• capa-testfiles

  Public
  Data to test capa's code and rules.

  Max

  •

  Apache License 2.0

  •68•41•0•6•Updated Dec 5, 2024Dec 5, 2024

• flare-fakenet-ng

  Public
  FakeNet-NG - Next Generation Dynamic Network Analysis Tool

  traffic-redirectionfakenet-ngmandiant-flare+ 2gsoc-2024malware-analysis

  Python

  •

  Apache License 2.0

  •364•1.8k•60•23•Updated Nov 22, 2024Nov 22, 2024

• flare-floss-testfiles

  Public
  Resources for testing FLOSS by the FLARE team.

  C

  •20•7•0•0•Updated Nov 12, 2024Nov 12, 2024

• STrace

  Public
  A DTrace on Windows Reimplementation

  gsoc-2024

  C++

  •

  MIT License

  •41•334•7•3•Updated Oct 30, 2024Oct 30, 2024

• flare-ida

  Public
  IDA Pro utilities from FLARE team

  reverse-engineeringida-proida-plugin+ 3idapythonfireeye-flareida

  Python

  •

  Apache License 2.0

  •462•2.3k•22•3•Updated Oct 29, 2024Oct 29, 2024

• flare-emu

  Public archive
  emulationmalware-analysisfireeye-flare

  Python

  •

  Apache License 2.0

  •122•805•4•1•Updated Oct 27, 2024Oct 27, 2024

• GoReSym

  Public
  Go symbol recovery tool

  gsoc-2024

  Go

  •

  MIT License

  •68•637•8•3•Updated Oct 19, 2024Oct 19, 2024

• Vulnerability-Disclosures

  Public
  C++

  •66•194•0•0•Updated Oct 18, 2024Oct 18, 2024

• commando-vm

  Public
  Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mandiant.com

  penetration-testingred-teamingfireeye-flare+ 1windows

  PowerShell

  •

  Apache License 2.0

  •1.3k•7k•6•2•Updated Sep 24, 2024Sep 24, 2024

• shelidate

  Public
  Go

  •

  Apache License 2.0

  •1•3•0•0•Updated Sep 5, 2024Sep 5, 2024

• GeoLogonalyzer

  Public
  GeoLogonalyzer is a utility to analyze remote access logs for anomalies such as travel feasibility and data center sources.

  Python

  •

  Apache License 2.0

  •56•197•5•4•Updated Aug 12, 2024Aug 12, 2024

• ADFSpoof

  Public
  Python

  •

  Apache License 2.0

  •61•360•2•3•Updated Aug 12, 2024Aug 12, 2024

• stringsifter

  Public
  A machine learning tool that ranks strings based on their relevance for malware analysis.

  machine-learningstringsreverse-engineering+ 4learning-to-rankfireeye-flarefireeye-data-sciencemalware-analysis

  Python

  •

  Apache License 2.0

  •125•688•6•2•Updated Jul 15, 2024Jul 15, 2024

• Ghidrathon

  Public
  The FLARE team's open-source extension to add Python 3 scripting to Ghidra.

  gsoc-2024

  Java

  •

  Apache License 2.0

  •54•709•20•2•Updated May 8, 2024May 8, 2024

• speakeasy

  Public
  Windows kernel and user mode emulation.

  emulationgsoc-2023malware-analysis

  Python

  •

  MIT License

  •234•1.5k•37•3•Updated Apr 12, 2024Apr 12, 2024

• gocat

  Public
  Provides access to libhashcat

  fireeye-flare

  Go

  •

  MIT License

  •25•30•1•4•Updated Apr 6, 2024Apr 6, 2024

• ccmpwn

  Public
  Python

  •

  Apache License 2.0

  •22•185•0•0•Updated Mar 26, 2024Mar 26, 2024

• red_team_tool_countermeasures

  Public
  YARA

  •

  BSD 2-Clause "Simplified" License

  •846•2.7k•2•1•Updated Mar 5, 2024Mar 5, 2024