tklengyel/drakvuf tklengyel/drakvuf

  • Stars
    star
    1,013
  • Rank 45,397 (Top 0.9 %)
  • Language
    C++
  • License
    Other
  • Created over 10 years ago
  • Updated 6 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
tklengyel/drakvuf
github

tklengyel

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

DRAKVUF Black-box Binary Analysis

DRAKVUF©

OpenSSF Best Practices OpenSSF Scorecard ci Coverity

Introduction

DRAKVUF is a virtualization based agentless black-box binary analysis system. DRAKVUF allows for in-depth execution tracing of arbitrary binaries (including operating systems), all without having to install any special software within the virtual machine used for analysis.

Hardware requirements

DRAKVUF uses hardware virtualization extensions found in Intel CPUs. You will need an Intel CPU with virtualization support (VT-x) and with Extended Page Tables (EPT). DRAKVUF is not going to work on any other CPUs (such as AMD) or on Intel CPUs without the required virtualization extensions.

Supported guests

DRAKVUF currently supports:

  • Windows 7 - 8, both 32 and 64-bit
  • Windows 10 64-bit
  • Linux 2.6.x - 6.x, both 32-bit and 64-bit

Pre-built Debian packages

You can find pre-built Debian packages of the latest DRAKVUF builds at https://github.com/tklengyel/drakvuf-builds/releases

Malware analysis

DRAKVUF provides a perfect platform for stealthy malware analysis as its footprint is nearly undectebable from the malware's perspective. While DRAKVUF has been mainly developed with malware analysis in mind, it is certainly not limited to that task as it can be used to monitor the execution of anything that executes within a VM, including firmware, OS kernels and user-space processes.

Graphical frontend

If you would like a full-featured DRAKVUF GUI to setup as automated analysis sandbox, check out the DRAKVUF Sandbox project.

Installation steps

Installation steps can be found on the project website: https://drakvuf.com

More Repositories

1

valgrind

Unofficial mirror of git://sourceware.org/git/valgrind.git
C
34
star
2

honeybrid

Honeybrid is a network application built to 1) administrate network of honeypots, and 2) transparently redirect live network sessions (TCP or UDP) from one primary destination host to a secondary destination host.
C
32
star
3

xen-uefi

Instructions and tools to boot Xen in UEFI mode with TPM measurements of Xen and dom0
Shell
28
star
4

dionaea

Dionaea is meant to be a nepenthes successor, embedding python as scripting language, using libemu to detect shellcodes, supporting ipv6 and tls
Python
13
star
5

tboot

Unofficial mirror of https://sourceforge.net/p/tboot
C
11
star
6

troopers-training

C
11
star
7

guestrace

Unofficial mirror of
C
10
star
8

xen

C
9
star
9

VirtualDeobfuscator

Reverse engineering tool for virtualization wrappers
Python
8
star
10

drakvuf-builds

7
star
11

libnetfilter_queue

libnetfilter_queue is a userspace library providing an API to packets that have been queued by the kernel packet filter. It is is part of a system that deprecates the old ip_queue / libipq mechanism.
C
4
star
12

drakvuf-doppelganging

Shellcode used for Doppelganging with DRAKVUF
C
3
star
13

crwatcher

Watch MOV-TO-CR0/CR3/CR4 events on Xen via LibVMI
C
3
star
14

vchan-aes

Xen vchan based AES client/server implementation
C
2
star
15

drakvuf-deployer

C
2
star
16

xen-privcmd-lkm

An out-of-tree LKM version of the Linux xen-privcmd kernel module
C
1
star
17

vmi-honeymon

C
1
star
18

TheWorksOfZeusHammer

Python
1
star
19

patchwork

Mirror of git://git.ozlabs.org/home/jk/git/patchwork
Python
1
star
20

drakvuf-ci

Shell
1
star
21

xen-test-framework

Unofficial mirror of git://xenbits.xen.org/xtf.git
C
1
star