REMnux: A Linux Toolkit for Malware Analysis

REMnux Documentation

This site provides documentation for REMnux®, a Linux toolkit for reverse-engineering and analyzing malicious software. REMnux provides a curated collection of free tools created by the community. Analysts can use it to investigate malware without having to find, install, and configure the tools.

Install the REMnux Distro

The heart of the toolkit is the REMnux Linux distribution based on Ubuntu, which incorporates many tools that malware analysts use to:

The Discover the Tools section of this documentation site provides the REMnux tools listing and offers notes for using them.

To get started with REMnux, you can:

Run Tools in Containers

The REMnux toolkit also offers Docker images of popular malware analysis tools, making it possible to run them as containers without having to install the tools directly on the system.

Get Involved with the Project

You can participate in the REMnux project by:

Learn More About REMnux

You can learn about:

Many of the tools available in the REMnux toolkit are discussed in the SANS course FOR610: Reverse Engineering Malware. Lenny Zeltser, the founder and primary maintainer of REMnux, is also the primary author of this course.

Last updated