All software tools are released under GNU/GPL licenses. Closed-source versions for commercial purposes are available, please contact the authors: reverseame (at) unizar (dot) es.
| chiton | Python library to exfiltrate data encapsulating the data into IoT protocol’s packets. Source code (GNU/AGPL v3 license). |
| IM Artifact Finder | Instant Messaging Artifact Finder (IM Artifact Finder) is a framework tool to find memory artifacts present in instant messaging (IM) applications. Source code (GNU/GPL v3 license). |
| Windows Memory Extractor | C++ tool to extract contents from the memory of Windows processes (it dumps the allocated memory). Source code (GNU/GPL v3 license). |
| rop3 | Python tool to search for gadgets, operations, and ROP chains using a backtracking algorithm in a tree-like structure. Source code (GNU/GPL v3 license). |
| dumd-mixer | Dump Module Mixer (dumd-mixer) is a Python script to generate a module from the same module extracted from a collection of memory dumps. Source code (GNU/GPL v3 license). |
| pagedmem | Volatility plugin to obtain the number of the memory pages paged per module (exe or dll) and per driver from a Windows memory dump. Source code (GNU/GPL v3 license). |
| sigcheck & sigvalidator | sigcheck is a Volatility plugin to validate Authenticode-signed processes, either with embedded signature or catalog-signed. sigvalidator is a Python module to verify signatures of PE files. Source code (GNU/GPL v3 license). More information in the paper. |
| malscan | Volatility plugin to detect malicious code thanks to ClamAV. Source code (GNU/AGPL v3 license). More information in this post. |
| winesap | Volatility plugin to analyze the registry-based Windows ASEPs in a memory dump. Source code (GNU/AGPL v3 license). More information in the paper. |
| processfuzzyhash | Volatility plugin to calculate and compare Windows processes fuzzy hashes. Source code (GNU/AGPL v3 license). More information in the paper. |
| pinVMShield | Pin-based tool to protect a sandbox application of common anti-virtual machine and anti-sandbox detection techniques. Source code (GNU/GPL v3 license). More information in the paper. |