AntiJOP is an anti-malware solution that recodes assembly language to remove JOP attack gadgets. JOP attacks on x86 often hinge on the availability of 0xFF bytes in preexisting code, which can be co-opted to serve as register-indirect call instructions. AntiJOP removes instances of 0xFF bytes that may exist, for example, in immediate values, MOD/RM bytes, etc.
CIRCLean aims to be used by someone receiving a USB key from an untrusted source who wants to see the content without opening the original and potentially malicious files. The code runs on a Raspberry Pi, which means it is never required to plug the original USB key into a computer.
Bokken is a GUI for the Pyew and Radare2 projects. It provides an interface to almost all the features of Pyew, and many in radare2. It's intended to be a multi-architecture disassembler and binary analysis tool, and maybe some day an alternative for commercial alternatives as IDA Pro. Currently, Bokken is neither a hexadecimal editor nor a full featured disassembler, so it should not be used for deep code analysis or for modifying files.
radare2 aims to create a complete, portable, multi-architecture, Unix-like toolchain for reverse engineering. It is composed of a hexadecimal editor (radare) with a wrapped I/O layer supporting multiple backends for local/remote files, debugger (OS X, BSD, Linux, W32), stream analyzer, assembler/disassembler (rasm) for x86, ARM, PPC, m68k, Java, MSIL, and SPARC, code analysis modules, and scripting facilities. It also has a bindiffer named radiff, base converter (rax), a shellcode development helper (rasc), a binary information extractor supporting PE, Mach0, ELF, class, etc. named rabin, and a block-based hash utility called rahash. Radare was rewritten as radare2, and the old version is only maintained for bugfixes.
Bluepot is a Bluetooth honeypot. It is designed to accept and store any malware sent to it and to interact with common Bluetooth attacks such as “BlueBugging” and “BlueSnarfing”. Bluetooth connectivity is provided via hardware Bluetooth dongles. The system also allows monitoring of attacks via a graphical user interface that provides graphs, lists, a dashboard, and further detailed analysis from log files. The system is also highly configurable through said interface.
ClamAV Unofficial Signatures Updater is a script that provides a simple way to download, test, and use third-party ClamAV signatures. It checks for updated unofficial clamav signature database files and can download them. It randomizes download time to help distribute the load more evenly for the database host mirror sites. Signature bypass entries can be created for temporarily resolving false-positive issues with third-party signatures. It can report which mirror site a download came from. It reports if a downloaded database is actually different than the running copy. Many other features are supported.