JavaScript
- patriksimek/vm2 - Advanced vm/sandbox for Node.js
- laverdet/isolated-vm - Secure & isolated JS environments for nodejs
- Houfeng/safeify - Safe sandbox that can be used to execute untrusted code.
Windows
- sandboxie - The Sandboxie application 开源了
- microsoft/Windows-Sandbox-Utilities - A public repository for useful Windows Sandbox scripts and configurations
- karkason/pywinsandbox - Windows Sandbox Utillities Python Package - Windows 自带的沙箱
Cuckoo
- cert-ee/cuckoo3 - Cuckoo 3 is a Python 3 open source automated malware analysis system
- cuckoo-install.sh - Cuckoo auto installer for Ubuntu
- ashemery/CuckooVM - Cuckoo running in a nested hypervisor
- blacktop/docker-cuckoo - Cuckoo Sandbox Dockerfile
- phdphuc/mac-a-mal-cuckoo - This analyzer extends the open-source Cuckoo Sandbox (legacy) with functionality for analyzing macOS malware in macOS guest VM(s)
Online Malware Analysis
- diogo-fernan/malsub - A Python RESTful API framework for online malware analysis and threat intelligence services
- VirusTotal - Analyze suspicious files and URLs to detect types of malware,
- NoDistribute - Online Virus Scanner Without Result Distribution
- VirSCAN.org - 多引擎在线病毒扫描网
- any.run - Interactive malware hunting service
- hybrid-analysis - Free Automated Malware Analysis Service powered by Falcon Sandbox
- Free Automated Malware Analysis Service - powered by Falcon Sandbox
Malware Analysis
- janestreet/magic-trace - magic-trace collects and displays high-resolution traces of what a process is doing
- CERT-Polska/drakvuf-sandbox - DRAKVUF Sandbox - automated hypervisor-level malware analysis system
- certsocietegenerale/fame - FAME Automates Malware Evaluation 有界面
- Rurik/Noriben - Noriben - Portable, Simple, Malware Analysis Sandbox
- maliceio/malice - VirusTotal Wanna Be - Now with 100% more Hipster - 类似VT的静态扫描工具,Docker实现,用处不大
- mnrkbys/norimaci - a simple and lightweight malware analysis sandbox for macOS
- danieluhricek/LiSa - Sandbox for automated Linux malware analysis
- crhenr/freki - Malware analysis platform
- mac-a-mal
- CapacitorSet/box-js - A tool for studying JavaScript malware
Linux
- earthquake/chw00t - Unices chroot breaking tool
- genuinetools/binctr - Create fully static, including rootfs embedded, binaries that pop you directly into a container
- Zouuup/landrun - Run any Linux process in a secure, unprivileged sandbox using Landlock. Think firejail, but lightweight, user-friendly, and baked into the kernel - 基于最新的landlock SYSCALL实现,能控制文件系统访问权限,有对应的go sdk包
- adtac/fssb - A filesystem sandbox for Linux using syscall intercepts
- netblue30/firejail - Linux namespaces and seccomp-bpf sandbox
- google/nsjail - A light-weight process isolation tool, making use of Linux namespaces and seccomp-bpf syscall filters
- Tutorial: Sandboxing ImageMagick with nsjail
Uncategorized
- freedomofpress/dangerzone - Take potentially dangerous PDFs, office documents, or images and convert them to safe PDFs - 有啥用吗,居然2.7K star
- google/sandboxed-api - Generates sandboxes for C/C++ libraries automatically
- Google CTF 2022 S2: Escape from Google’s Monitoring | n132
- googleprojectzero/sandbox-attacksurface-analysis-tools - Set of tools to analyze and attack Windows sandboxes - 文件、Object、注册表都支持软连接,这个还提供了 NtApiDotNet API
- kkamagui/shadow-box-for-x86 - Lightweight and Practical Kernel Protector for x86
- CheckPointSW/InviZzzible - a tool for assessment of your virtual environments in an easy and reliable way. It contains the most recent and up to date detection and evasion techniques as well as fixes for them