📄
REMnux Documentation
  • REMnux: A Linux Toolkit for Malware Analysis
  • Install the Distro
    • Get the Virtual Appliance
    • Install from Scratch
    • Add to an Existing System
    • Run REMnux as a Container
    • Keep the Distro Up to Date
  • Discover the Tools
    • Examine Static Properties
      • General
      • PE Files
      • ELF Files
      • .NET
      • Deobfuscation
    • Statically Analyze Code
      • General
      • Unpacking
      • PE Files
      • Python
      • Scripts
      • Java
      • .NET
      • Flash
      • Android
    • Dynamically Reverse-Engineer Code
      • General
      • Shellcode
      • Scripts
      • ELF Files
    • Perform Memory Forensics
    • Explore Network Interactions
      • Monitoring
      • Connecting
      • Services
    • Investigate System Interactions
    • Analyze Documents
      • General
      • PDF
      • Microsoft Office
      • Email Messages
    • Gather and Analyze Data
    • View or Edit Files
    • General Utilities
  • Run Tools in Containers
    • Docker Images of Malware Analysis Tools
  • Behind the Scenes
    • People
    • Technologies
      • SaltStack Management
      • REMnux Installer
      • State Files Without the REMnux Installer
      • Debian Packages
      • Website and Docs
    • License
  • Tips and More
    • REMnux Configuration Tips
    • REMnux Tool Tips
    • Malware Analysis Training
    • REMnux Website
  • Get Involved
    • Ask and Answer Questions
    • Write About the Tools
    • Add or Update Tools
      • Contribute a Salt State File
      • Contribute a Debian Package
      • Contribute a Dockerfile
    • Implement Enhancements
Powered by GitBook
On this page
  • Install the REMnux Distro
  • Run Tools in Containers
  • Get Involved with the Project
  • Learn More About REMnux

REMnux: A Linux Toolkit for Malware Analysis

REMnux Documentation

NextGet the Virtual Appliance

Last updated 4 years ago

This site provides documentation for ®, a Linux toolkit for reverse-engineering and analyzing malicious software. REMnux provides a curated collection of free tools created by the community. Analysts can use it to investigate malware without having to find, install, and configure the tools.

Install the REMnux Distro

To get started with REMnux, you can:

Run Tools in Containers

Get Involved with the Project

You can participate in the REMnux project by:

Learn More About REMnux

You can learn about:

The heart of the toolkit is the REMnux Linux distribution based on , which incorporates many tools that malware analysts use to:

The section of this documentation site provides the REMnux tools listing and offers notes for using them.

of the REMnux distro.

on a dedicated system.

to an existing machine.

The REMnux toolkit also offers , making it possible to run them as containers without having to install the tools directly on the system.

related to the distro and its tools.

that comprise the distribution.

about the tools on REMnux.

and that make REMnux possible

for getting the most out of the distro

on REMnux

Many of the tools available in the REMnux toolkit are discussed in the SANS course . Lenny Zeltser, the founder and primary maintainer of REMnux, is also the primary author of this course.

Ubuntu
Examine static properties of a suspicious file.
Statically analyze malicious code.
Dynamically reverse-engineer malicious code.
Perform memory forensics of an infected system.
Explore network interactions for behavioral analysis.
Investigate system-level interactions of malware.
Analyze malicious documents.
Gather and analyze threat data.
Discover the Tools
Download the virtual appliance
Install the REMnux distro from scratch
Add the REMnux distro
Run the REMnux distro as a Docker container.
Docker images of popular malware analysis tools
Asking and answering questions
Adding or updating tools
Creating articles, blog posts, and videos
People
technologies
REMnux configuration tips
Tips for using the tools
FOR610: Reverse Engineering Malware
REMnux