General
Examine Static Properties
Identify file type using signatures.
Website: https://mark0.net/soft-trid-e.html
Author: Marco Pontello
License: Free, unknown license
Notes: trid, tridupdate
State File: remnux.tools.trid
Statically scan a file to identify common malicious capabilities.
Website: https://github.com/Yara-Rules/rules
Author: A group of IT security researchers: https://twitter.com/yararules
License: GNU General Public License (GPL) v2: https://github.com/Yara-Rules/rules/blob/master/LICENSE
Notes: To scan a file using these rules, you can use the wrapper around Yara:
yara-rules FILE
, where FILE
is the path to the file you wish to scan.
State File: remnux.tools.yara-rulesDetermine types of files and examine file properties.
Website: https://github.com/horsicq/Detect-It-Easy
Author: hors: https://twitter.com/horsicq
License: https://github.com/horsicq/Detect-It-Easy/blob/master/LICENSE
Notes: GUI tool:
die
, command-line tool: diec
.
State File: remnux.tools.detect-it-easyTool to read from, write to, and edit EXIF metadata of various file types
Website: https://exiftool.org/
Author: Phil Harvey
License: "This is free software; you can redistribute it and/or modify it under the same terms as Perl itself": https://exiftool.org/#license
Notes: exiftool
State File: remnux.perl-packages.exiftool
Perform static analysis of Android applications.
Website: https://github.com/cryptax/droidlysis
Author: cryptax
License: MIT License: https://github.com/cryptax/droidlysis/blob/master/LICENSE
Notes: droidlysis
State File: remnux.python3-packages.droidlysis
Analyze zip-compressed files.
Website: https://blog.didierstevens.com/2020/07/27/update-zipdump-py-version-0-0-20/
Author: Didier Stevens: https://twitter.com/DidierStevens
License: Public Domain
State File: remnux.scripts.zipdump
Create, inspect and extract Windows Installer (.msi) files.
Website: https://wiki.gnome.org/msitools
Author: Paolo Bonzini, Marc-Andre Lureau: https://gitlab.gnome.org/GNOME/msitools/-/blob/master/AUTHORS
License: GNU Lesser General Public License (LGPL) v2.1 or later: https://gitlab.gnome.org/GNOME/msitools/-/blob/master/copyright
State File: remnux.packages.msitools
Convert decimal numbers to strings.
Website: https://blog.didierstevens.com/2020/12/12/update-numbers-to-string-py-version-0-0-11/
Author: Didier Stevens: https://twitter.com/DidierStevens
License: Public Domain
State File: remnux.scripts.numbers-to-string
Search the file for built-in regular expressions of common suspicious artifacts.
Website: https://blog.didierstevens.com/2021/05/23/update-re-search-py-version-0-0-17/
Author: Didier Stevens: https://twitter.com/DidierStevens
License: Public Domain
State File: remnux.scripts.re-search
Extract strings.
Website: https://blog.didierstevens.com/2018/12/09/release-strings-py/
Author: Didier Stevens: https://twitter.com/DidierStevens
License: Public Domain
State File: remnux.scripts.strings
Manipulate embedded digital signatures.
Website: https://blog.didierstevens.com/programs/disitool/
Author: Didier Stevens
License: Public Domain
Notes: disitool.py
State File: remnux.scripts.disitool
Identify dfferent types of hashes.
Website: https://github.com/HashPals/Name-That-Hash
Author: randon / Bee: https://twitter.com/bee_sec_san
License: GNU General Public License (GPL) v3.0: (https://github.com/HashPals/Name-That-Hash/blob/main/LICENSE)
Notes: nth
State File: remnux.python3-packages.name-that-hash
Identify dfferent types of hashes.
Website: https://github.com/blackploit/hash-identifier
Author: Zion3R
License: GNU General Public License (GPL) v3
Notes: hash-id.py
State File: remnux.scripts.hash-identifier
Find patterns of common encryption, compression, or encoding algorithms
Website: http://aluigi.altervista.org/mytoolz.htm
Author: Luigi Auriemma
License: Free, unknown license
State File: remnux.packages.signsrch
Compute Context Triggered Piecewise Hashes (CTPH), also known as fuzzy hashes.
Website: https://ssdeep-project.github.io/ssdeep/index.html
Author: Jesse Kornblum, Helmut Grohne, Tsukasa OI
License: GNU General Public License (GPL) v2: https://github.com/ssdeep-project/ssdeep/blob/master/COPYING
State File: remnux.packages.ssdeep
Compress and decompress files using a variety of algorithms.
Website: https://www.7-zip.org
Author: Igor Pavlov
License: GNU Lesser General Public License (LGPL)
Notes: 7-Zip standard: 7z, 7za, 7zr. For latest alpha verison, use 7zz instead of 7z.
State File: remnux.packages.7zip
Hex editor
Website: https://sourceforge.net/projects/wxhexeditor/
Author: Unknown
License: GNU General Public License (GPL) v2: https://sourceforge.net/p/wxhexeditor/code/HEAD/tree/trunk/docs/GPL.txt
State File: remnux.packages.wxhexeditor
Scan files for malware signatures.
Website: https://www.clamav.net
Author: https://www.clamav.net/about
License: GNU General Public License (GPL): https://www.clamav.net/about
Notes: clamscan, freshclam
State File: remnux.packages.clamav-daemon
Extract interesting strings from binary files.
Website: https://github.com/simsong/bulk_extractor/
Author: https://github.com/simsong/bulk_extractor/blob/master/AUTHORS
License: Portions Public Domain, portions MIT License: https://github.com/simsong/bulk_extractor/blob/master/LICENSE.md
State File: remnux.packages.bulk-extractor
View, edit, and carve contents of various binary file types.
Website: https://github.com/vstinner/hachoir
Author: https://hachoir.readthedocs.io/en/latest/authors.html
License: GNU General Public License (GPL) v2: https://github.com/vstinner/hachoir/blob/master/COPYING
Notes: hachoir-grep, hachoir-metadata, hachoir-strip, hachoir-wx
State File: remnux.python3-packages.hachoir
Analyze disk images and recover files from them.
Website: https://www.sleuthkit.org/sleuthkit
Author: Brian Carrier, and others
License: IBM Public License, Common Public License, GNU General Public License (GPL) v2: https://www.sleuthkit.org/sleuthkit/licenses.php
Notes: For a listing of commands, see http://wiki.sleuthkit.org/index.php?title=TSK_Tool_Overview
State File: remnux.packages.sleuthkit
Extract and analyze firmware images.
Website: https://github.com/ReFirmLabs/binwalk
Author: Craig Heffner, ReFirmLabs
License: IBM Public License, Common Public License, GNU General Public License (GPL) v2: https://www.sleuthkit.org/sleuthkit/licenses.php
Notes: MIT License: https://github.com/ReFirmLabs/binwalk/blob/master/LICENSE
State File: remnux.packages.binwalk
Identify file type using "magic" numbers.
Website: http://astron.com/pub/file/README
Author: Ian F. Darwin, Christos Zoulas
License: BSD 2-Clause "Alike" License: https://github.com/file/file/blob/master/COPYING
State File: remnux.packages.file
Identify file type using "magic" numbers.
Website: https://blog.didierstevens.com/2022/12/23/update-file-magic-py-version-0-0-5/
Author: Didier Stevens: https://twitter.com/DidierStevens
License: Public Domain
State File: remnux.scripts.file-magic
Last modified 4mo ago