General
Examine Static Properties
TrID
Identify file type using signatures.
Website: https://mark0.net/soft-trid-e.html Author: Marco Pontello License: Free, unknown license Notes: trid, tridupdate State File: remnux.tools.trid
Magika
Identify file type using signatures.
Website: https://google.github.io/magika Author: Google License: Apache License 2.0: https://github.com/google/magika/blob/main/LICENSE State File: remnux.python3-packages.magika
Yara Rules
Scan a file with YARA rules to identify capabilities and behaviors (packer detection, anti-debug, networking).
Website: https://github.com/Yara-Rules/rules
Author: A group of IT security researchers: https://x.com/yararules
License: GNU General Public License (GPL) v2: https://github.com/Yara-Rules/rules/blob/master/LICENSE
Notes: To scan a file using these rules, you can use the wrapper around Yara: yara-rules FILE, where FILE is the path to the file you wish to scan. For malware family identification, also try yara-forge FILE.
State File: remnux.tools.yara-rules
Detect-It-Easy
Determine types of files and examine file properties.
Website: https://github.com/horsicq/Detect-It-Easy
Author: hors: https://x.com/horsicq
License: MIT License: https://github.com/horsicq/Detect-It-Easy/blob/master/LICENSE
Notes: GUI tool: die, command-line tool: diec.
State File: remnux.tools.detect-it-easy
ExifTool
Tool to read from, write to, and edit EXIF metadata of various file types.
Website: https://exiftool.org/ Author: Phil Harvey License: "This is free software; you can redistribute it and/or modify it under the same terms as Perl itself": https://exiftool.org/#license Notes: exiftool State File: remnux.perl-packages.exiftool
DroidLysis
Perform static analysis of Android applications.
Website: https://github.com/cryptax/droidlysis Author: cryptax License: MIT License: https://github.com/cryptax/droidlysis/blob/master/LICENSE Notes: droidlysis State File: remnux.python3-packages.droidlysis
msitools
Create, inspect and extract Windows Installer (.msi) files.
Website: https://wiki.gnome.org/msitools Author: Paolo Bonzini, Marc-Andre Lureau: https://gitlab.gnome.org/GNOME/msitools/-/blob/master/AUTHORS License: GNU Lesser General Public License (LGPL) v2.1 or later: https://gitlab.gnome.org/GNOME/msitools/-/blob/master/copyright State File: remnux.packages.msitools
numbers-to-string.py
Convert decimal numbers to strings.
Website: https://blog.didierstevens.com/2020/12/12/update-numbers-to-string-py-version-0-0-11/ Author: Didier Stevens: https://x.com/DidierStevens License: Public Domain State File: remnux.scripts.numbers-to-string
re-search.py
Search the file for built-in regular expressions of common suspicious artifacts.
Website: https://blog.didierstevens.com/2021/05/23/update-re-search-py-version-0-0-17/ Author: Didier Stevens: https://x.com/DidierStevens License: Public Domain State File: remnux.scripts.re-search
disitool
Manipulate embedded digital signatures.
Website: https://blog.didierstevens.com/programs/disitool/ Author: Didier Stevens License: Public Domain Notes: disitool.py State File: remnux.scripts.disitool
Name-That-Hash
Identify dfferent types of hashes.
Website: https://github.com/HashPals/Name-That-Hash Author: Brandon / Bee: https://x.com/bee_sec_san License: GNU General Public License (GPL) v3.0: https://github.com/HashPals/Name-That-Hash/blob/main/LICENSE Notes: nth State File: remnux.python3-packages.name-that-hash
Hash ID
Identify different types of hashes.
Website: https://github.com/blackploit/hash-identifier Author: Zion3R License: GNU General Public License (GPL) v3 Notes: hash-id.py State File: remnux.scripts.hash-identifier
signsrch
Find patterns of common encryption, compression, or encoding algorithms.
Website: http://aluigi.altervista.org/mytoolz.htm Author: Luigi Auriemma License: Free, unknown license State File: remnux.packages.signsrch
ssdeep
Compute Context Triggered Piecewise Hashes (CTPH), also known as fuzzy hashes.
Website: https://ssdeep-project.github.io/ssdeep/index.html Author: Jesse Kornblum, Helmut Grohne, Tsukasa OI License: GNU General Public License (GPL) v2: https://github.com/ssdeep-project/ssdeep/blob/master/COPYING State File: remnux.packages.ssdeep
7-Zip
Compress and decompress files using a variety of algorithms.
Website: https://www.7-zip.org Author: Igor Pavlov License: GNU Lesser General Public License (LGPL) Notes: 7-Zip standard: 7z, 7za, 7zr. For latest alpha version, use 7zz instead of 7z. State File: remnux.packages.7zip
wxHexEditor
Hex editor.
Website: https://sourceforge.net/projects/wxhexeditor/ Author: Unknown License: GNU General Public License (GPL) v2: https://sourceforge.net/p/wxhexeditor/code/HEAD/tree/trunk/docs/GPL.txt State File: remnux.packages.wxhexeditor
ClamAV
Scan files for malware signatures.
Website: https://www.clamav.net Author: https://www.clamav.net/about License: GNU General Public License (GPL): https://www.clamav.net/about Notes: clamscan, freshclam State File: remnux.packages.clamav-daemon
Hachoir
View, edit, and carve contents of various binary file types.
Website: https://github.com/vstinner/hachoir Author: https://hachoir.readthedocs.io/en/latest/authors.html License: GNU General Public License (GPL) v2: https://github.com/vstinner/hachoir/blob/master/COPYING Notes: hachoir-grep, hachoir-metadata, hachoir-strip, hachoir-wx State File: remnux.python3-packages.hachoir
Sleuth Kit
Analyze disk images and recover files from them.
Website: https://www.sleuthkit.org/sleuthkit Author: Brian Carrier, and others License: IBM Public License, Common Public License, GNU General Public License (GPL) v2: https://www.sleuthkit.org/sleuthkit/licenses.php Notes: For a listing of commands, see https://wiki.sleuthkit.org/index.php?title=TSK_Tool_Overview State File: remnux.packages.sleuthkit
binwalk
Extract and analyze firmware images.
Website: https://github.com/ReFirmLabs/binwalk Author: Craig Heffner, ReFirmLabs License: MIT License: https://github.com/ReFirmLabs/binwalk/blob/master/LICENSE State File: remnux.packages.binwalk
file
Identify file type using "magic" numbers.
Website: https://github.com/file/file Author: Ian F. Darwin, Christos Zoulas License: BSD 2-Clause Simplified License: https://github.com/file/file/blob/master/COPYING State File: remnux.packages.file
bulk_extractor
Extract interesting strings from binary files.
Website: https://github.com/simsong/bulk_extractor/ Author: https://github.com/simsong/bulk_extractor/blob/master/AUTHORS License: Portions Public Domain, portions MIT License: https://github.com/simsong/bulk_extractor/blob/master/LICENSE.md State File: remnux.packages.bulk-extractor
thefuzz
Fuzzy String Matching in Python.
Website: https://github.com/seatgeek/thefuzz Author: SeatGeek License: MIT License: https://github.com/seatgeek/thefuzz/blob/master/LICENSE.txt Notes: Updated implementation of fuzzywuzzy State File: remnux.python3-packages.thefuzz
strings.py
Extract ASCII and Unicode strings from binary files with length sorting and filtering.
Website: https://blog.didierstevens.com/2020/12/19/update-strings-py-version-0-0-6/ Author: Didier Stevens: https://x.com/DidierStevens License: Public Domain State File: remnux.scripts.didier-stevens-scripts
file-magic.py
Identify file types using the Python magic module.
Website: https://blog.didierstevens.com/2018/07/11/new-tool-file-magic-py/ Author: Didier Stevens: https://x.com/DidierStevens License: Public Domain State File: remnux.scripts.didier-stevens-scripts
YARA-Forge Rules
Scan files with curated YARA rules from 45+ sources for malware family identification.
Website: https://yarahq.github.io/
Author: Florian Roth: https://x.com/cyb3rops
License: Various (see individual rules); Elastic rules excluded
Notes: Run yara-forge FILE to identify malware families.
State File: remnux.tools.yara-forge
Last updated