CAPEv2
Malware sandbox forked from Cuckoo lineage: automated unpacking, configurable machinery, and rich reporting for analysts.
Why it is included
Leading open self-hosted sandbox stack for malware triage when commercial sandboxes are unavailable.
Best for
CERTs, SOCs, and researchers isolating Windows-targeted samples in controlled VMs.
Strengths
- Unpacking focus
- Active community
- Extensible signatures
Limitations
- Heavy VM ops; legal and safety barriers for handling live malware
Good alternatives
Cuckoo · DRAKVUF · commercial sandboxes
Related tools
Security & Privacy
Volatility 3
Advanced memory forensics framework for extracting artifacts from RAM dumps across OS versions.
Security & Privacy
YARA
Pattern matching for malware researchers—rules over files, memory, and streams in IR pipelines.
Security & Privacy
MISP
Threat intelligence sharing platform: IOCs, galaxies, taxonomies, sync between communities, and API automation.
Security & Privacy
MWDB
CERT.pl malware repository and collaboration platform: samples, configs, tags, Karton pipeline integration, and REST API for teams.
Security & Privacy
Wireshark
Network protocol analyzer for deep packet inspection and forensic debugging.
Security & Privacy
Ghidra
NSA-released reverse engineering suite: decompiler, disassembler, scripting, and collaboration features.