Repositories list

• capa

  Public
  The FLARE team's open-source tool to identify capabilities in executable files.

  reverse-engineeringmalware-analysisbinary-analysis+ 2threat-intelligencegsoc-2025

  Python

  •

  Apache License 2.0

  •639•5.7k•246•23•Updated Jan 9, 2026Jan 9, 2026

• harbinger

  Public
  Python

  •

  Apache License 2.0

  •15•142•0•13•Updated Jan 9, 2026Jan 9, 2026

• flare-floss

  Public

  mandiant/flare-floss’s past year of commit activity
  FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.

  stringsmalwaredeobfuscation+ 3malware-analysisflaregsoc-2025

  Python

  •

  Apache License 2.0

  •510•3.8k•98•11•Updated Jan 8, 2026Jan 8, 2026

• PwnAuth

  Public
  Python

  •

  Apache License 2.0

  •97•396•2•10•Updated Jan 7, 2026Jan 7, 2026

• speakeasy

  Public

  mandiant/speakeasy’s past year of commit activity
  Windows kernel and user mode emulation.

  emulationmalware-analysisgsoc-2025

  Python

  •

  MIT License

  •272•1.8k•43•4•Updated Jan 6, 2026Jan 6, 2026

• dncil

  Public
  The FLARE team's open-source library to disassemble Common Intermediate Language (CIL) instructions.

  gsoc-2025

  Python

  •

  Apache License 2.0

  •19•169•2•2•Updated Jan 5, 2026Jan 5, 2026

• gootloader

  Public
  Collection of scripts used to deobfuscate GOOTLOADER malware samples.

  deobfuscationgootloader

  Python

  •

  Apache License 2.0

  •9•76•1•0•Updated Dec 29, 2025Dec 29, 2025

• xrefer

  Public
  FLARE Team's Binary Navigator

  reverse-engineeringida-promalware-analysis+ 5binary-analysisidapythonthreat-intelligenceidaplugingsoc-2025

  Python

  •

  Apache License 2.0

  •37•298•8•5•Updated Dec 16, 2025Dec 16, 2025

• flare-fakenet-ng

  Public

  mandiant/flare-fakenet-ng’s past year of commit activity
  FakeNet-NG - Next Generation Dynamic Network Analysis Tool

  malware-analysistraffic-redirectionfakenet-ng+ 2mandiant-flaregsoc-2025

  Python

  •

  Apache License 2.0

  •378•2k•64•20•Updated Dec 9, 2025Dec 9, 2025

• vrt-sdk

  Public
  Python

  •

  Apache License 2.0

  •3•1•0•0•Updated Nov 24, 2025Nov 24, 2025

• vrt-auto

  Public
  Python

  •

  Apache License 2.0

  •3•1•0•0•Updated Aug 29, 2025Aug 29, 2025

• flare-emu

  Public
  emulationmalware-analysisfireeye-flare

  Python

  •

  Apache License 2.0

  •140•916•5•1•Updated Aug 14, 2025Aug 14, 2025

• ADFSpoof

  Public
  Python

  •

  Apache License 2.0

  •68•407•2•5•Updated Jun 5, 2025Jun 5, 2025

• stringsifter

  Public
  A machine learning tool that ranks strings based on their relevance for malware analysis.

  machine-learningstringsreverse-engineering+ 4learning-to-rankmalware-analysisfireeye-flarefireeye-data-science

  Python

  •

  Apache License 2.0

  •127•747•8•2•Updated May 19, 2025May 19, 2025

• poisonplug-scatterbrain

  Public
  Deobfuscation library for PoisionPlug.SHADOW's ScatterBrain obfuscator

  Python

  •

  Apache License 2.0

  •10•75•0•0•Updated Mar 14, 2025Mar 14, 2025

• gostringungarbler

  Public
  Python tool to resolve all strings in Go binaries obfuscated by garble

  Python

  •

  Apache License 2.0

  •8•180•2•0•Updated Feb 21, 2025Feb 21, 2025

• flare-ida

  Public archive
  IDA Pro utilities from FLARE team

  reverse-engineeringidaida-pro+ 3ida-pluginidapythonfireeye-flare

  Python

  •

  Apache License 2.0

  •475•2.4k•23•4•Updated Oct 29, 2024Oct 29, 2024

• GeoLogonalyzer

  Public archive
  GeoLogonalyzer is a utility to analyze remote access logs for anomalies such as travel feasibility and data center sources.

  Python

  •

  Apache License 2.0

  •57•196•5•3•Updated Aug 12, 2024Aug 12, 2024

• ccmpwn

  Public archive
  Python

  •

  Apache License 2.0

  •26•215•0•0•Updated Mar 26, 2024Mar 26, 2024

• ReelPhish

  Public
  Python

  •

  GNU General Public License v3.0

  •155•523•4•1•Updated Aug 11, 2023Aug 11, 2023

• SSSDKCMExtractor

  Public
  Python

  •

  Apache License 2.0

  •27•59•1•1•Updated Aug 11, 2023Aug 11, 2023

• rpdebug_qnx

  Public archive
  Python

  •

  Apache License 2.0

  •5•14•1•0•Updated Jun 1, 2023Jun 1, 2023

• ARDvark

  Public archive
  ARDvark parses the Apple Remote Desktop (ARD) files to pull out application usage, user activity, and filesystem listings.

  Python

  •

  Apache License 2.0

  •14•35•0•0•Updated Jun 1, 2023Jun 1, 2023

• apooxml

  Public archive
  Generate YARA rules for OOXML documents.

  securitydetectionmalware+ 2ooxmlyara

  Python

  •

  Apache License 2.0

  •8•38•1•0•Updated Jun 1, 2023Jun 1, 2023

• ioc_writer

  Public archive
  Python

  •

  Apache License 2.0

  •61•206•1•1•Updated May 3, 2023May 3, 2023

• flare-bytecode_graph

  Public archive
  fireeye-flare

  Python

  •

  Apache License 2.0

  •27•85•1•1•Updated Apr 10, 2023Apr 10, 2023

• flare-qdb

  Public archive
  Command-line and Python debugger for instrumenting and modifying native software behavior on Windows and Linux.

  fireeye-flare

  Python

  •

  Apache License 2.0

  •54•164•8•0•Updated Apr 10, 2023Apr 10, 2023

• FIDL

  Public archive
  A sane API for IDA Pro's decompiler. Useful for malware RE and vulnerability research

  apiresearchdecompiler+ 4malwareidavulnerabilityreversing

  Python

  •

  MIT License

  •69•466•2•0•Updated Apr 10, 2023Apr 10, 2023

• ShimCacheParser

  Public archive
  Python

  •

  Apache License 2.0

  •95•280•2•3•Updated Apr 6, 2023Apr 6, 2023

• thiri-notebook

  Public archive
  The Threat Hunting In Rapid Iterations (THIRI) Jupyter notebook is designed as a research aide to let you rapidly prototype threat hunting rules.

  threat-huntingyarasnort+ 1detection-rules

  Python

  •

  Apache License 2.0

  •16•154•0•1•Updated Apr 25, 2022Apr 25, 2022