General

Examine Static Properties

TrID

Identify file type using signatures.

Website: https://mark0.net/soft-trid-e.html Author: Marco Pontello License: Free, unknown license Notes: trid, tridupdate State File: remnux.tools.trid

Yara Rules

Statically scan a file to identify common malicious capabilities.

Website: https://github.com/Yara-Rules/rules Author: A group of IT security researchers: https://twitter.com/yararules License: GNU General Public License (GPL) v2: https://github.com/Yara-Rules/rules/blob/master/LICENSE Notes: To scan a file using these rules, you can use the wrapper around Yara: yara-rules FILE, where FILE is the path to the file you wish to scan. State File: remnux.tools.yara-rules

ExifTool

Tool to read from, write to, and edit EXIF metadata of various file types

Website: https://exiftool.org/ Author: Phil Harvey License: "This is free software; you can redistribute it and/or modify it under the same terms as Perl itself": https://exiftool.org/#license Notes: exiftool State File: remnux.perl-packages.exiftool

DroidLysis

Perform static analysis of Android applications.

Website: https://github.com/cryptax/droidlysis Author: cryptax License: MIT License: https://github.com/cryptax/droidlysis/blob/master/LICENSE Notes: droidlysis State File: remnux.python3-packages.droidlysis

zipdump.py

Analyze zip-compressed files.

Website: https://blog.didierstevens.com/2020/07/27/update-zipdump-py-version-0-0-20/ Author: Didier Stevens: https://twitter.com/DidierStevens License: Public Domain State File: remnux.scripts.zipdump

disitool

Manipulate embedded digital signatures.

Website: https://blog.didierstevens.com/programs/disitool/ Author: Didier Stevens License: Public Domain Notes: disitool.py State File: remnux.scripts.disitool

Hash ID

Identify dfferent types of hashes.

Website: https://github.com/blackploit/hash-identifier Author: Zion3R License: GNU General Public License (GPL) v3 Notes: hash-id.py State File: remnux.scripts.hash-identifier

signsrch

Find patterns of common encryption, compression, or encoding algorithms

Website: http://aluigi.altervista.org/mytoolz.htm Author: Luigi Auriemma License: Free, unknown license State File: remnux.packages.signsrch

ssdeep

Compute Context Triggered Piecewise Hashes (CTPH), also known as fuzzy hashes.

Website: https://ssdeep-project.github.io/ssdeep/index.html Author: Jesse Kornblum, Helmut Grohne, Tsukasa OI License: GNU General Public License (GPL) v2: https://github.com/ssdeep-project/ssdeep/blob/master/COPYING State File: remnux.packages.ssdeep

7-Zip

Compress and decompress files using a variety of algorithms.

Website: https://www.7-zip.org Author: Igor Pavlov License: GNU Lesser General Public License (LGPL) Notes: 7z, 7za, 7zr State File: remnux.packages.7zip

wxHexEditor

Hex editor

Website: https://sourceforge.net/projects/wxhexeditor/ Author: Unknown License: GNU General Public License (GPL) v2: https://sourceforge.net/p/wxhexeditor/code/HEAD/tree/trunk/docs/GPL.txt State File: remnux.packages.wxhexeditor

ClamAV

Scan files for malware signatures.

Website: https://www.clamav.net Author: https://www.clamav.net/about License: GNU General Public License (GPL): https://www.clamav.net/about Notes: clamscan, freshclam State File: remnux.packages.clamav-daemon

bulk_extractor

Extract interesting strings from binary files.

Website: https://github.com/simsong/bulk_extractor/ Author: https://github.com/simsong/bulk_extractor/blob/master/AUTHORS License: Portions Public Domain, portions MIT License: https://github.com/simsong/bulk_extractor/blob/master/LICENSE.md State File: remnux.packages.bulk-extractor

pyew

Statically examine properties and code of suspicious PE and ELF executables.

Website: https://github.com/joxeankoret/pyew Author: Joxean Koret License: GNU General Public License (GPL): https://github.com/joxeankoret/pyew/blob/VERSION_3X/COPYING State File: remnux.packages.pyew

Hachoir

View, edit, and carve contents of various binary file types.

Website: https://github.com/vstinner/hachoir Author: https://hachoir.readthedocs.io/en/latest/authors.html License: GNU General Public License (GPL) v2: https://github.com/vstinner/hachoir/blob/master/COPYING Notes: hachoir-metadata, hachoir-metadata-gtk, hachoir-subfile, hachoir-urwid, hachoir-wx State File: remnux.packages.python-hachoir-core

Sleuth Kit

Analyze disk images and recover files from them.

Website: https://www.sleuthkit.org/sleuthkit Author: Brian Carrier, and others License: IBM Public License, Common Public License, GNU General Public License (GPL) v2: https://www.sleuthkit.org/sleuthkit/licenses.php Notes: For a listing of commands, see http://wiki.sleuthkit.org/index.php?title=TSK_Tool_Overview State File: remnux.packages.sleuthkit

file

Identify file type using "magic" numbers.

Website: http://astron.com/pub/file/README Author: Ian F. Darwin, Christos Zoulas License: BSD 2-Clause "Alike" License: https://github.com/file/file/blob/master/COPYING State File: remnux.packages.file