📄
📄
📄
📄
REMnux Documentation
Search…
📄
📄
📄
📄
REMnux Documentation
REMnux: A Linux Toolkit for Malware Analysis
Install the Distro
Get the Virtual Appliance
Install from Scratch
Add to an Existing System
Run REMnux as a Container
Keep the Distro Up to Date
Discover the Tools
Examine Static Properties
General
PE Files
ELF Files
Deobfuscation
Statically Analyze Code
Dynamically Reverse-Engineer Code
Perform Memory Forensics
Explore Network Interactions
Investigate System Interactions
Analyze Documents
Gather and Analyze Data
View or Edit Files
General Utilities
Run Tools in Containers
Docker Images of Malware Analysis Tools
Behind the Scenes
People
Technologies
License
Tips and More
REMnux Configuration Tips
REMnux Tool Tips
Malware Analysis Training
REMnux Website
Get Involved
Ask and Answer Questions
Write About the Tools
Add or Update Tools
Implement Enhancements
Powered By GitBook
General
Examine Static Properties

TrID

Identify file type using signatures.
Website: https://mark0.net/soft-trid-e.html Author: Marco Pontello License: Free, unknown license Notes: trid, tridupdate State File: remnux.tools.trid​

Yara Rules

Statically scan a file to identify common malicious capabilities.
Website: https://github.com/Yara-Rules/rules Author: A group of IT security researchers: https://twitter.com/yararules License: GNU General Public License (GPL) v2: https://github.com/Yara-Rules/rules/blob/master/LICENSE Notes: To scan a file using these rules, you can use the wrapper around Yara: yara-rules FILE, where FILE is the path to the file you wish to scan. State File: remnux.tools.yara-rules​

Detect-It-Easy

Determine types of files and examine file properties.
Website: https://github.com/horsicq/Detect-It-Easy Author: hors: https://twitter.com/horsicq License: https://github.com/horsicq/Detect-It-Easy/blob/master/LICENSE Notes: GUI tool: die, command-line tool: diec. State File: remnux.tools.detect-it-easy​

ExifTool

Tool to read from, write to, and edit EXIF metadata of various file types
Website: https://exiftool.org/ Author: Phil Harvey License: "This is free software; you can redistribute it and/or modify it under the same terms as Perl itself": https://exiftool.org/#license Notes: exiftool State File: remnux.perl-packages.exiftool​

DroidLysis

Perform static analysis of Android applications.
Website: https://github.com/cryptax/droidlysis Author: cryptax License: MIT License: https://github.com/cryptax/droidlysis/blob/master/LICENSE Notes: droidlysis State File: remnux.python3-packages.droidlysis​

zipdump.py

Analyze zip-compressed files.
Website: https://blog.didierstevens.com/2020/07/27/update-zipdump-py-version-0-0-20/ Author: Didier Stevens: https://twitter.com/DidierStevens License: Public Domain State File: remnux.scripts.zipdump​

numbers-to-string.py

Convert decimal numbers to strings.
Website: https://blog.didierstevens.com/2020/12/12/update-numbers-to-string-py-version-0-0-11/ Author: Didier Stevens: https://twitter.com/DidierStevens License: Public Domain State File: remnux.scripts.numbers-to-string​

re-search.py

Search the file for built-in regular expressions of common suspicious artifacts.
Website: https://blog.didierstevens.com/2021/05/23/update-re-search-py-version-0-0-17/ Author: Didier Stevens: https://twitter.com/DidierStevens License: Public Domain State File: remnux.scripts.re-search​

disitool

Manipulate embedded digital signatures.
Website: https://blog.didierstevens.com/programs/disitool/ Author: Didier Stevens License: Public Domain Notes: disitool.py State File: remnux.scripts.disitool​

Name-That-Hash

Identify dfferent types of hashes.
Website: https://github.com/HashPals/Name-That-Hash Author: randon / Bee: https://twitter.com/bee_sec_san License: GNU General Public License (GPL) v3.0: (https://github.com/HashPals/Name-That-Hash/blob/main/LICENSE) Notes: nth State File: remnux.python3-packages.name-that-hash​

Hash ID

Identify dfferent types of hashes.
Website: https://github.com/blackploit/hash-identifier Author: Zion3R License: GNU General Public License (GPL) v3 Notes: hash-id.py State File: remnux.scripts.hash-identifier​

signsrch

Find patterns of common encryption, compression, or encoding algorithms
Website: http://aluigi.altervista.org/mytoolz.htm Author: Luigi Auriemma License: Free, unknown license State File: remnux.packages.signsrch​

ssdeep

Compute Context Triggered Piecewise Hashes (CTPH), also known as fuzzy hashes.
Website: https://ssdeep-project.github.io/ssdeep/index.html Author: Jesse Kornblum, Helmut Grohne, Tsukasa OI License: GNU General Public License (GPL) v2: https://github.com/ssdeep-project/ssdeep/blob/master/COPYING State File: remnux.packages.ssdeep​

7-Zip

Compress and decompress files using a variety of algorithms.
Website: https://www.7-zip.org Author: Igor Pavlov License: GNU Lesser General Public License (LGPL) Notes: 7-Zip standard: 7z, 7za, 7zr. For latest alpha verison, use 7zz instead of 7z. State File: remnux.packages.7zip​

wxHexEditor

Hex editor
Website: https://sourceforge.net/projects/wxhexeditor/ Author: Unknown License: GNU General Public License (GPL) v2: https://sourceforge.net/p/wxhexeditor/code/HEAD/tree/trunk/docs/GPL.txt State File: remnux.packages.wxhexeditor​

ClamAV

Scan files for malware signatures.
Website: https://www.clamav.net Author: https://www.clamav.net/about License: GNU General Public License (GPL): https://www.clamav.net/about Notes: clamscan, freshclam State File: remnux.packages.clamav-daemon​

bulk_extractor

Extract interesting strings from binary files.
Website: https://github.com/simsong/bulk_extractor/ Author: https://github.com/simsong/bulk_extractor/blob/master/AUTHORS License: Portions Public Domain, portions MIT License: https://github.com/simsong/bulk_extractor/blob/master/LICENSE.md State File: remnux.packages.bulk-extractor​

Hachoir

View, edit, and carve contents of various binary file types.
Website: https://github.com/vstinner/hachoir Author: https://hachoir.readthedocs.io/en/latest/authors.html License: GNU General Public License (GPL) v2: https://github.com/vstinner/hachoir/blob/master/COPYING Notes: hachoir-grep, hachoir-metadata, hachoir-strip, hachoir-wx State File: remnux.python3-packages.hachoir​

Sleuth Kit

Analyze disk images and recover files from them.
Website: https://www.sleuthkit.org/sleuthkit Author: Brian Carrier, and others License: IBM Public License, Common Public License, GNU General Public License (GPL) v2: https://www.sleuthkit.org/sleuthkit/licenses.php Notes: For a listing of commands, see http://wiki.sleuthkit.org/index.php?title=TSK_Tool_Overview State File: remnux.packages.sleuthkit​

binwalk

Extract and analyze firmware images.
Website: https://github.com/ReFirmLabs/binwalk Author: Craig Heffner, ReFirmLabs License: IBM Public License, Common Public License, GNU General Public License (GPL) v2: https://www.sleuthkit.org/sleuthkit/licenses.php Notes: MIT License: https://github.com/ReFirmLabs/binwalk/blob/master/LICENSE State File: remnux.packages.binwalk​

file

Identify file type using "magic" numbers.
Website: http://astron.com/pub/file/README Author: Ian F. Darwin, Christos Zoulas License: BSD 2-Clause "Alike" License: https://github.com/file/file/blob/master/COPYING State File: remnux.packages.file​
Discover the Tools - Previous
Examine Static Properties
Next
PE Files
Last modified 20d ago
Copy link
Contents
TrID
Yara Rules
Detect-It-Easy
ExifTool
DroidLysis
zipdump.py
numbers-to-string.py
re-search.py
disitool
Name-That-Hash
Hash ID
signsrch
ssdeep
7-Zip
wxHexEditor
ClamAV
bulk_extractor
Hachoir
Sleuth Kit
binwalk
file