# General ## TrID Identify file type using signatures. **Website**: \ **Author**: Marco Pontello\ **License**: Free, unknown license\ **Notes**: trid, tridupdate\ **State File**: [remnux.tools.trid](https://github.com/REMnux/salt-states/blob/master/remnux/tools/trid.sls) ## Magika Identify file type using signatures. **Website**: \ **Author**: Google\ **License**: Apache License 2.0: \ **State File**: [remnux.python3-packages.magika](https://github.com/REMnux/salt-states/blob/master/remnux/python3-packages/magika.sls) ## Yara Rules Scan a file with YARA rules to identify capabilities and behaviors (packer detection, anti-debug, networking). **Website**: \ **Author**: A group of IT security researchers: \ **License**: GNU General Public License (GPL) v2: \ **Notes**: To scan a file using these rules, you can use the wrapper around Yara: `yara-rules FILE`, where `FILE` is the path to the file you wish to scan. For malware family identification, also try `yara-forge FILE`.\ **State File**: [remnux.tools.yara-rules](https://github.com/REMnux/salt-states/blob/master/remnux/tools/yara-rules.sls) ## Detect-It-Easy Determine types of files and examine file properties. **Website**: \ **Author**: hors: \ **License**: MIT License: \ **Notes**: GUI tool: `die`, command-line tool: `diec`.\ **State File**: [remnux.tools.detect-it-easy](https://github.com/REMnux/salt-states/blob/master/remnux/tools/detect-it-easy.sls) ## ExifTool Tool to read from, write to, and edit EXIF metadata of various file types. **Website**: \ **Author**: Phil Harvey\ **License**: "This is free software; you can redistribute it and/or modify it under the same terms as Perl itself": \ **Notes**: exiftool\ **State File**: [remnux.perl-packages.exiftool](https://github.com/REMnux/salt-states/blob/master/remnux/perl-packages/exiftool.sls) ## DroidLysis Perform static analysis of Android applications. **Website**: \ **Author**: cryptax\ **License**: MIT License: \ **Notes**: droidlysis\ **State File**: [remnux.python3-packages.droidlysis](https://github.com/REMnux/salt-states/blob/master/remnux/python3-packages/droidlysis.sls) ## msitools Create, inspect and extract Windows Installer (.msi) files. **Website**: \ **Author**: Paolo Bonzini, Marc-Andre Lureau: \ **License**: GNU Lesser General Public License (LGPL) v2.1 or later: \ **State File**: [remnux.packages.msitools](https://github.com/REMnux/salt-states/blob/master/remnux/packages/msitools.sls) ## numbers-to-string.py Convert decimal numbers to strings. **Website**: \ **Author**: Didier Stevens: \ **License**: Public Domain\ **State File**: [remnux.scripts.numbers-to-string](https://github.com/REMnux/salt-states/blob/master/remnux/scripts/numbers-to-string.sls) ## re-search.py Search the file for built-in regular expressions of common suspicious artifacts. **Website**: \ **Author**: Didier Stevens: \ **License**: Public Domain\ **State File**: [remnux.scripts.re-search](https://github.com/REMnux/salt-states/blob/master/remnux/scripts/re-search.sls) ## disitool Manipulate embedded digital signatures. **Website**: \ **Author**: Didier Stevens\ **License**: Public Domain\ **Notes**: disitool.py\ **State File**: [remnux.scripts.disitool](https://github.com/REMnux/salt-states/blob/master/remnux/scripts/disitool.sls) ## Name-That-Hash Identify dfferent types of hashes. **Website**: \ **Author**: Brandon / Bee: \ **License**: GNU General Public License (GPL) v3.0: \ **Notes**: nth\ **State File**: [remnux.python3-packages.name-that-hash](https://github.com/REMnux/salt-states/blob/master/remnux/python3-packages/name-that-hash.sls) ## Hash ID Identify different types of hashes. **Website**: \ **Author**: Zion3R\ **License**: GNU General Public License (GPL) v3\ **Notes**: hash-id.py\ **State File**: [remnux.scripts.hash-identifier](https://github.com/REMnux/salt-states/blob/master/remnux/scripts/hash-identifier.sls) ## signsrch Find patterns of common encryption, compression, or encoding algorithms. **Website**: \ **Author**: Luigi Auriemma\ **License**: Free, unknown license\ **State File**: [remnux.packages.signsrch](https://github.com/REMnux/salt-states/blob/master/remnux/packages/signsrch.sls) ## ssdeep Compute Context Triggered Piecewise Hashes (CTPH), also known as fuzzy hashes. **Website**: \ **Author**: Jesse Kornblum, Helmut Grohne, Tsukasa OI\ **License**: GNU General Public License (GPL) v2: \ **State File**: [remnux.packages.ssdeep](https://github.com/REMnux/salt-states/blob/master/remnux/packages/ssdeep.sls) ## 7-Zip Compress and decompress files using a variety of algorithms. **Website**: \ **Author**: Igor Pavlov\ **License**: GNU Lesser General Public License (LGPL)\ **Notes**: 7-Zip standard: 7z, 7za, 7zr. For latest alpha version, use 7zz instead of 7z.\ **State File**: [remnux.packages.7zip](https://github.com/REMnux/salt-states/blob/master/remnux/packages/7zip.sls) ## wxHexEditor Hex editor. **Website**: \ **Author**: Unknown\ **License**: GNU General Public License (GPL) v2: \ **State File**: [remnux.packages.wxhexeditor](https://github.com/REMnux/salt-states/blob/master/remnux/packages/wxhexeditor.sls) ## ClamAV Scan files for malware signatures. **Website**: \ **Author**: \ **License**: GNU General Public License (GPL): \ **Notes**: clamscan, freshclam\ **State File**: [remnux.packages.clamav-daemon](https://github.com/REMnux/salt-states/blob/master/remnux/packages/clamav-daemon.sls) ## Hachoir View, edit, and carve contents of various binary file types. **Website**: \ **Author**: \ **License**: GNU General Public License (GPL) v2: \ **Notes**: hachoir-grep, hachoir-metadata, hachoir-strip, hachoir-wx\ **State File**: [remnux.python3-packages.hachoir](https://github.com/REMnux/salt-states/blob/master/remnux/python3-packages/hachoir.sls) ## Sleuth Kit Analyze disk images and recover files from them. **Website**: \ **Author**: Brian Carrier, and others\ **License**: IBM Public License, Common Public License, GNU General Public License (GPL) v2: \ **Notes**: For a listing of commands, see **State File**: [remnux.packages.sleuthkit](https://github.com/REMnux/salt-states/blob/master/remnux/packages/sleuthkit.sls) ## binwalk Extract and analyze firmware images. **Website**: \ **Author**: Craig Heffner, ReFirmLabs\ **License**: MIT License: \ **State File**: [remnux.packages.binwalk](https://github.com/REMnux/salt-states/blob/master/remnux/packages/binwalk.sls) ## file Identify file type using "magic" numbers. **Website**: \ **Author**: Ian F. Darwin, Christos Zoulas\ **License**: BSD 2-Clause Simplified License: \ **State File**: [remnux.packages.file](https://github.com/REMnux/salt-states/blob/master/remnux/packages/file.sls) ## bulk\_extractor Extract interesting strings from binary files. **Website**: \ **Author**: \ **License**: Portions Public Domain, portions MIT License: \ **State File**: [remnux.packages.bulk-extractor](https://github.com/REMnux/salt-states/blob/master/remnux/packages/bulk-extractor.sls) ## thefuzz Fuzzy String Matching in Python. **Website**: \ **Author**: SeatGeek\ **License**: MIT License: \ **Notes**: Updated implementation of fuzzywuzzy\ **State File**: [remnux.python3-packages.thefuzz](https://github.com/REMnux/salt-states/blob/master/remnux/python3-packages/thefuzz.sls) ## strings.py Extract ASCII and Unicode strings from binary files with length sorting and filtering. **Website**: \ **Author**: Didier Stevens: \ **License**: Public Domain\ **State File**: [remnux.scripts.didier-stevens-scripts](https://github.com/REMnux/salt-states/blob/master/remnux/scripts/didier-stevens-scripts.sls) ## file-magic.py Identify file types using the Python magic module. **Website**: \ **Author**: Didier Stevens: \ **License**: Public Domain\ **State File**: [remnux.scripts.didier-stevens-scripts](https://github.com/REMnux/salt-states/blob/master/remnux/scripts/didier-stevens-scripts.sls) ## YARA-Forge Rules Scan files with curated YARA rules from 45+ sources for malware family identification. **Website**: \ **Author**: Florian Roth: \ **License**: Various (see individual rules); Elastic rules excluded\ **Notes**: Run `yara-forge FILE` to identify malware families.\ **State File**: [remnux.tools.yara-forge](https://github.com/REMnux/salt-states/blob/master/remnux/tools/yara-forge.sls) ## LIEF Parse and analyze PE, ELF, MachO, DEX, OAT, VDEX, ART, and DWARF executable formats. **Website**: \ **Author**: Romain Thomas: \ **License**: Apache License 2.0: \ **Notes**: To use, run `/opt/lief/bin/python3` then `import lief`. Use `lief.parse("sample")` to auto-detect format and extract imports, exports, sections, and signatures.\ **State File**: [remnux.python3-packages.lief](https://github.com/REMnux/salt-states/blob/master/remnux/python3-packages/lief.sls) ## Malcat Lite Analyze binary files using a hex editor, disassembler, and file dissector. **Website**: \ **Author**: Malcat EI: \ **License**: Proprietary (Lite edition free): \ **Notes**: The Lite version of the tool may not be used in a professional environment per its license.\ **State File**: [remnux.tools.malcat](https://github.com/REMnux/salt-states/blob/master/remnux/tools/malcat.sls) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.remnux.org/discover-the-tools/examine+static+properties/general.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.