πŸ“„
πŸ“„
πŸ“„
πŸ“„
REMnux Documentation
Search…
πŸ“„
πŸ“„
πŸ“„
πŸ“„
REMnux Documentation
REMnux: A Linux Toolkit for Malware Analysis
Install the Distro
Get the Virtual Appliance
Install from Scratch
Add to an Existing System
Run REMnux as a Container
Keep the Distro Up to Date
Discover the Tools
Examine Static Properties
General
PE Files
ELF Files
Deobfuscation
Statically Analyze Code
Dynamically Reverse-Engineer Code
Perform Memory Forensics
Explore Network Interactions
Investigate System Interactions
Analyze Documents
Gather and Analyze Data
View or Edit Files
General Utilities
Run Tools in Containers
Docker Images of Malware Analysis Tools
Behind the Scenes
People
Technologies
License
Tips and More
REMnux Configuration Tips
REMnux Tool Tips
Malware Analysis Training
REMnux Website
Get Involved
Ask and Answer Questions
Write About the Tools
Add or Update Tools
Implement Enhancements
Powered By GitBook
General
Examine Static Properties

TrID

Identify file type using signatures.
Website: https://mark0.net/soft-trid-e.html Author: Marco Pontello License: Free, unknown license Notes: trid, tridupdate State File: remnux.tools.trid​

Yara Rules

Statically scan a file to identify common malicious capabilities.
Website: https://github.com/Yara-Rules/rules Author: A group of IT security researchers: https://twitter.com/yararules License: GNU General Public License (GPL) v2: https://github.com/Yara-Rules/rules/blob/master/LICENSE Notes: To scan a file using these rules, you can use the wrapper around Yara: yara-rules FILE, where FILE is the path to the file you wish to scan. State File: remnux.tools.yara-rules​

Detect-It-Easy

Determine types of files and examine file properties.

ExifTool

Tool to read from, write to, and edit EXIF metadata of various file types
Website: https://exiftool.org/ Author: Phil Harvey License: "This is free software; you can redistribute it and/or modify it under the same terms as Perl itself": https://exiftool.org/#license Notes: exiftool State File: remnux.perl-packages.exiftool​

DroidLysis

Perform static analysis of Android applications.

zipdump.py

Analyze zip-compressed files.

msitools

Create, inspect and extract Windows Installer (.msi) files.
Website: https://wiki.gnome.org/msitools Author: Paolo Bonzini, Marc-Andre Lureau: https://gitlab.gnome.org/GNOME/msitools/-/blob/master/AUTHORS License: GNU Lesser General Public License (LGPL) v2.1 or later: https://gitlab.gnome.org/GNOME/msitools/-/blob/master/copyright State File: remnux.packages.msitools​

numbers-to-string.py

Convert decimal numbers to strings.

re-search.py

Search the file for built-in regular expressions of common suspicious artifacts.

disitool

Manipulate embedded digital signatures.
Website: https://blog.didierstevens.com/programs/disitool/ Author: Didier Stevens License: Public Domain Notes: disitool.py State File: remnux.scripts.disitool​

Name-That-Hash

Identify dfferent types of hashes.

Hash ID

Identify dfferent types of hashes.
Website: https://github.com/blackploit/hash-identifier Author: Zion3R License: GNU General Public License (GPL) v3 Notes: hash-id.py State File: remnux.scripts.hash-identifier​

signsrch

Find patterns of common encryption, compression, or encoding algorithms
Website: http://aluigi.altervista.org/mytoolz.htm Author: Luigi Auriemma License: Free, unknown license State File: remnux.packages.signsrch​

ssdeep

Compute Context Triggered Piecewise Hashes (CTPH), also known as fuzzy hashes.
Website: https://ssdeep-project.github.io/ssdeep/index.html Author: Jesse Kornblum, Helmut Grohne, Tsukasa OI License: GNU General Public License (GPL) v2: https://github.com/ssdeep-project/ssdeep/blob/master/COPYING State File: remnux.packages.ssdeep​

7-Zip

Compress and decompress files using a variety of algorithms.
Website: https://www.7-zip.org Author: Igor Pavlov License: GNU Lesser General Public License (LGPL) Notes: 7-Zip standard: 7z, 7za, 7zr. For latest alpha verison, use 7zz instead of 7z. State File: remnux.packages.7zip​

wxHexEditor

Hex editor

ClamAV

Scan files for malware signatures.
Website: https://www.clamav.net Author: https://www.clamav.net/about License: GNU General Public License (GPL): https://www.clamav.net/about Notes: clamscan, freshclam State File: remnux.packages.clamav-daemon​

bulk_extractor

Extract interesting strings from binary files.

Hachoir

View, edit, and carve contents of various binary file types.
Website: https://github.com/vstinner/hachoir Author: https://hachoir.readthedocs.io/en/latest/authors.html License: GNU General Public License (GPL) v2: https://github.com/vstinner/hachoir/blob/master/COPYING Notes: hachoir-grep, hachoir-metadata, hachoir-strip, hachoir-wx State File: remnux.python3-packages.hachoir​

Sleuth Kit

Analyze disk images and recover files from them.
Website: https://www.sleuthkit.org/sleuthkit Author: Brian Carrier, and others License: IBM Public License, Common Public License, GNU General Public License (GPL) v2: https://www.sleuthkit.org/sleuthkit/licenses.php Notes: For a listing of commands, see http://wiki.sleuthkit.org/index.php?title=TSK_Tool_Overview State File: remnux.packages.sleuthkit​

binwalk

Extract and analyze firmware images.
Website: https://github.com/ReFirmLabs/binwalk Author: Craig Heffner, ReFirmLabs License: IBM Public License, Common Public License, GNU General Public License (GPL) v2: https://www.sleuthkit.org/sleuthkit/licenses.php Notes: MIT License: https://github.com/ReFirmLabs/binwalk/blob/master/LICENSE State File: remnux.packages.binwalk​

file

Identify file type using "magic" numbers.
Website: http://astron.com/pub/file/README Author: Ian F. Darwin, Christos Zoulas License: BSD 2-Clause "Alike" License: https://github.com/file/file/blob/master/COPYING State File: remnux.packages.file​
Discover the Tools - Previous
Examine Static Properties
Next
PE Files
Last modified 7mo ago
Copy link
On this page
TrID
Yara Rules
Detect-It-Easy
ExifTool
DroidLysis
zipdump.py
msitools
numbers-to-string.py
re-search.py
disitool
Name-That-Hash
Hash ID
signsrch
ssdeep
7-Zip
wxHexEditor
ClamAV
bulk_extractor
Hachoir
Sleuth Kit
binwalk
file