mrphrazer

mrphrazer / agentic-malware-analysis

Public

Agentic malware analysis environment with MCP-connected disassemblers, RE tooling, and structured workflows for Claude Code and Codex CLI.

15
2
100% credibility
Found Mar 18, 2026 at 15 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
YARA
AI Summary

This repository offers a containerized environment with AI agents that automate initial static analysis of malware samples, generating structured artifacts like profiles, ranked signals, hypotheses, and analysis plans.

How It Works

1
🔍 Discover the smart malware checker

You come across a helpful tool that lets AI automatically dig into suspicious files to figure out what they do.

2
📦 Set up your analysis workspace

You download the package into a dedicated folder and launch the secure playground with a simple starter script.

3
🔑 Connect the AI thinker

You link it to your preferred AI service, like a clever assistant, so it can reason about the files.

4
📁 Drop in a suspicious file

You place the mystery file, perhaps unzipping an example sample, into the ready workspace.

5
💬 Ask the AI to investigate

You simply tell the AI helper: 'Analyze this file and give me the full rundown!' and it follows a guided process.

📋 Receive the complete analysis report

A organized folder appears with file details, key clues, smart guesses on behaviors, maps of parts, and next steps – all done hands-free.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 15 to 15 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is agentic-malware-analysis?

This Dockerized Kali Linux environment automates agentic AI malware analysis, pairing 50+ reverse engineering tools with MCP-connected disassemblers like Binary Ninja or Ghidra. Drop a PE, ELF, or Mach-O binary, fire up Claude Code or Codex CLI, and it fingerprints the sample with YARA rules and capa scans, extracts strings and imports, ranks signals, generates evidence-backed hypotheses, maps components, and outputs a prioritized deep-analysis plan—all stored in persistent case directories. It solves the drudgery of initial triage, turning raw binaries into structured insights without manual scripting.

Why is it gaining traction?

Agentic workflows stand out by externalizing state to disk, sidestepping AI context limits for reliable, resumable analysis across sessions. Developers hook into it via simple CLI prompts like "analyze this malware with the orchestrator skill," getting ranked evidence and plans instantly, unlike ad-hoc tools or static scanners. Early buzz comes from its tight integration with Claude and Codex for agentic malware analysis, plus bundled YARA rules for crypto, anti-debug, and packers.

Who should use this?

Malware analysts triaging high-volume samples, reverse engineers prototyping agentic AI pipelines, or security researchers testing Claude/Codex on binaries before deep dives. Ideal for teams blending static analysis (YARA, capa) with AI-driven hypothesis building in a secure Docker sandbox.

Verdict

Worth spinning up for agentic malware analysis experiments—docs and quickstart are polished, with a companion blog for context—but at 15 stars and 1.0% credibility, it's early-stage; expect non-determinism and validate AI outputs. Fork and iterate if it fits your workflow.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.