Gather OSINT data about IPs, domains, and hashes.
Website: http://www.tekdefense.com/automater/ Author: 1aN0rmus: https://twitter.com/TekDefense License: MIT License: https://github.com/1aN0rmus/TekDefense-Automater/blob/master/LICENSE Notes: Automater.py State File: remnux.tools.automaterβ
Decode and encode date and timestamps.
Website: https://github.com/digitalsleuth/time_decode Author: Corey Forman License: MIT License: https://github.com/digitalsleuth/time_decode/blob/master/LICENSE Notes: time_decode.py State File: remnux.python-packages.time-decodeβ
Python library that allows for basic creation and editing of OpenIOC objects.
Website: https://github.com/mandiant/ioc_writer Author: William Gibb License: Apache License 2.0: https://github.com/mandiant/ioc_writer/blob/master/LICENSE State File: remnux.python-packages.ioc-writerβ
Query Shodan, a search engine for internet-connected devices.
Website: https://github.com/achillean/shodan-python/ Author: John Matherly License: Custom, free license: https://github.com/achillean/shodan-python/blob/master/LICENSE State File: remnux.python-packages.shodanβ
Query public repositories of malware data (e.g., VirusTotal, HybridAnalysis).
Website: https://github.com/alexandreborges/malwoverview Author: Alexandre Borges License: GNU General Public License v3: https://github.com/alexandreborges/malwoverview/blob/master/LICENSE Notes: malwoverview.py, add API keys to ~/.malwapi.conf State File: remnux.python-packages.malwoverviewβ
Look up MD5 file hashes in the NIST National Software Reference Library (NSRL).
Website: https://github.com/rjhansen/nsrllookup Author: Robert J. Hansen: https://twitter.com/robertjhansen License: ISC License: https://github.com/rjhansen/nsrllookup/blob/master/LICENSE State File: remnux.python-packages.nsrllookupβ
Organize and query a collection of malware samples.
Website: https://github.com/viper-framework/viper
Author: Claudio Guarnieri: https://nex.sx
License: BSD 3-Clause License: https://github.com/viper-framework/viper/blob/master/LICENSE
Notes: Run the tool using the viper command. The first time you activate the tool, specify the update-modules command within it to download and update community modules from the tool's repository.
State File: remnux.python-packages.viper-frameworkβ
Extract IOCs from security report PDFs.
Website: https://github.com/buffer/ioc_parser Author: Armin Buescher License: MIT License: https://github.com/buffer/ioc_parser/blob/master/LICENSE.txt State File: remnux.python-packages.ioc-parserβ
Retrieve and parse whois data for IP addresses.
Website: https://github.com/secynic/ipwhois Author: Philip Hane License: BSD 2-Clause "Simplified" License: https://github.com/secynic/ipwhois/blob/master/LICENSE.txt Notes: ipwhois_cli.py, ipwhois_utils_cli.py State File: remnux.python-packages.ipwhoisβ
Query and interact with VirusTotal using a command-line interface.
Website: https://github.com/doomedraven/VirusTotalApi Author: doomedraven License: MIT License: https://github.com/doomedraven/VirusTotalApi/blob/master/LICENSE.md Notes: vt State File: remnux.python-packages.virustotal-apiβ
Python library to query passive DNS services that follow the Passive DNS - Common Output Format
Website: https://github.com/CIRCL/PyPDNS Author: RaphaΓ«l Vinot, Alexandre Dulaunoy, CIRCL - Computer Incident Response Center Luxembourg License: Free, custom license: https://github.com/CIRCL/PyPDNS/blob/master/LICENSE State File: remnux.python-packages.pypdnsβ
Query passive DNS databases for DNS data.
Website: https://github.com/chrislee35/passivedns-client Author: Chris Lee License: MIT License: https://github.com/chrislee35/passivedns-client/blob/master/LICENSE.txt State File: remnux.rubygems.pdnstoolβ
Extract and decode data fro antivirus quarantine files.
Website: http://www.hexacorn.com/blog/category/software-releases/dexray/ Author: Hexacorn License: Free; copyright by Hexacorn.com: http://hexacorn.com/d/DeXRAY.pl Notes: dexray State File: remnux.scripts.dexrayβ
Submit files to VirusTotal.
Website: https://blog.didierstevens.com/programs/virustotal-tools/ Author: Didier Stevens: https://twitter.com/DidierStevens License: Public Domain Notes: virustotal-submit.py State File: remnux.scripts.virustotal-submitβ
Search VirusTotal for file hashes.
Website: https://blog.didierstevens.com/programs/virustotal-tools/ Author: Didier Stevens: https://twitter.com/DidierStevens License: Public Domain Notes: virustotal-search.py State File: remnux.scripts.virustotal-searchβ
Carve contents out of binary files, such as partitions.
Website: https://github.com/sleuthkit/scalpel Author: Golden G. Richard III, Vassil Roussev License: Apache License 2.0: https://github.com/sleuthkit/scalpel/blob/master/LICENSE-2.0.txt State File: remnux.packages.scalpelβ
Identify and classify malware samples using Yara rules.
Website: https://virustotal.github.io/yara/ Author: https://github.com/VirusTotal/yara/blob/master/AUTHORS License: BSD 3-Clause "New" or "Revised" License: https://github.com/VirusTotal/yara/blob/master/COPYING Notes: yara State File: remnux.packages.yaraβ