📄
REMnux Documentation
  • REMnux: A Linux Toolkit for Malware Analysis
  • Install the Distro
    • Get the Virtual Appliance
    • Install from Scratch
    • Add to an Existing System
    • Run REMnux as a Container
    • Keep the Distro Up to Date
  • Discover the Tools
    • Examine Static Properties
      • General
      • PE Files
      • ELF Files
      • .NET
      • Deobfuscation
    • Statically Analyze Code
      • General
      • Unpacking
      • PE Files
      • Python
      • Scripts
      • Java
      • .NET
      • Flash
      • Android
    • Dynamically Reverse-Engineer Code
      • General
      • Shellcode
      • Scripts
      • ELF Files
    • Perform Memory Forensics
    • Explore Network Interactions
      • Monitoring
      • Connecting
      • Services
    • Investigate System Interactions
    • Analyze Documents
      • General
      • PDF
      • Microsoft Office
      • Email Messages
    • Gather and Analyze Data
    • View or Edit Files
    • General Utilities
  • Run Tools in Containers
    • Docker Images of Malware Analysis Tools
  • Behind the Scenes
    • People
    • Technologies
      • SaltStack Management
      • REMnux Installer
      • State Files Without the REMnux Installer
      • Debian Packages
      • Website and Docs
    • License
  • Tips and More
    • REMnux Configuration Tips
    • REMnux Tool Tips
    • Malware Analysis Training
    • REMnux Website
  • Get Involved
    • Ask and Answer Questions
    • Write About the Tools
    • Add or Update Tools
      • Contribute a Salt State File
      • Contribute a Debian Package
      • Contribute a Dockerfile
    • Implement Enhancements
Powered by GitBook
On this page
  • Install the REMnux Distro
  • Run Tools in Containers
  • Get Involved with the Project
  • Learn More About REMnux

REMnux: A Linux Toolkit for Malware Analysis

REMnux Documentation

NextGet the Virtual Appliance

Last updated 4 years ago

This site provides documentation for REMnux®, a Linux toolkit for reverse-engineering and analyzing malicious software. REMnux provides a curated collection of free tools created by the community. Analysts can use it to investigate malware without having to find, install, and configure the tools.

Install the REMnux Distro

The heart of the toolkit is the REMnux Linux distribution based on Ubuntu, which incorporates many tools that malware analysts use to:

  • Examine static properties of a suspicious file.

  • Statically analyze malicious code.

  • Dynamically reverse-engineer malicious code.

  • Perform memory forensics of an infected system.

  • Explore network interactions for behavioral analysis.

  • Investigate system-level interactions of malware.

  • Analyze malicious documents.

  • Gather and analyze threat data.

The Discover the Tools section of this documentation site provides the REMnux tools listing and offers notes for using them.

To get started with REMnux, you can:

  • Download the virtual appliance of the REMnux distro.

  • Install the REMnux distro from scratch on a dedicated system.

  • Add the REMnux distro to an existing machine.

  • Run the REMnux distro as a Docker container.

Run Tools in Containers

The REMnux toolkit also offers Docker images of popular malware analysis tools, making it possible to run them as containers without having to install the tools directly on the system.

Get Involved with the Project

You can participate in the REMnux project by:

  • Asking and answering questions related to the distro and its tools.

  • Adding or updating tools that comprise the distribution.

  • Creating articles, blog posts, and videos about the tools on REMnux.

Learn More About REMnux

You can learn about:

  • People and technologies that make REMnux possible

  • REMnux configuration tips for getting the most out of the distro

  • Tips for using the tools on REMnux

Many of the tools available in the REMnux toolkit are discussed in the SANS course FOR610: Reverse Engineering Malware. Lenny Zeltser, the founder and primary maintainer of REMnux, is also the primary author of this course.