#1 楼
不是GUI工具,但是FakeNet是一个不错的选择。FakeNet是有助于对恶意软件进行动态分析的工具。该工具可以模拟网络,从而使恶意软件与远程主机进行交互
继续运行,从而使分析人员可以在安全的环境中观察恶意软件的网络活动。该项目的目标是:
- Be easy to install and use; the tool runs on Windows and requires no 3rd party libraries
- Support the most common protocols used by malware
- Perform all activity on the local machine to avoid the need for a second virtual machine
- Provide python extensions for adding new or custom protocols
- Keep the malware running so that you can observe as much of its functionality as possible
- Have a flexible configuration, but no required configuration
Mandiant的ApateDNS是用于响应假DNS响应的好工具:
Mandiant ApateDNS是一个通过易于使用的GUI控制DNS响应的工具。作为伪造的DNS服务器,Mandiant ApateDNS通过侦听本地计算机上的UDP端口53
来欺骗DNS对用户指定的IP地址的响应。 Mandiant ApateDNS还自动将
本地DNS设置为localhost。退出该工具后,它会重新设置原始的本地DNS设置。
