📄
REMnux Documentation
  • REMnux: A Linux Toolkit for Malware Analysis
  • Install the Distro
    • Get the Virtual Appliance
    • Install from Scratch
    • Add to an Existing System
    • Run REMnux as a Container
    • Keep the Distro Up to Date
  • Discover the Tools
    • Examine Static Properties
      • General
      • PE Files
      • ELF Files
      • .NET
      • Deobfuscation
    • Statically Analyze Code
      • General
      • Unpacking
      • PE Files
      • Python
      • Scripts
      • Java
      • .NET
      • Flash
      • Android
    • Dynamically Reverse-Engineer Code
      • General
      • Shellcode
      • Scripts
      • ELF Files
    • Perform Memory Forensics
    • Explore Network Interactions
      • Monitoring
      • Connecting
      • Services
    • Investigate System Interactions
    • Analyze Documents
      • General
      • PDF
      • Microsoft Office
      • Email Messages
    • Gather and Analyze Data
    • View or Edit Files
    • General Utilities
  • Run Tools in Containers
    • Docker Images of Malware Analysis Tools
  • Behind the Scenes
    • People
    • Technologies
      • SaltStack Management
      • REMnux Installer
      • State Files Without the REMnux Installer
      • Debian Packages
      • Website and Docs
    • License
  • Tips and More
    • REMnux Configuration Tips
    • REMnux Tool Tips
    • Malware Analysis Training
    • REMnux Website
  • Get Involved
    • Ask and Answer Questions
    • Write About the Tools
    • Add or Update Tools
      • Contribute a Salt State File
      • Contribute a Debian Package
      • Contribute a Dockerfile
    • Implement Enhancements
Powered by GitBook
On this page
  • Automater
  • dissect
  • time-decode
  • malwoverview
  • Viper
  • ioc_parser
  • ipwhois
  • VirusTotal API
  • ioc_writer
  • shodan
  • PyPDNS
  • pdnstool
  • DeXRAY
  • virustotal-submit
  • virustotal-search
  • Scalpel
  • nsrllookup
  • Yara
  1. Discover the Tools

Gather and Analyze Data

Discover the Tools

PreviousEmail MessagesNextView or Edit Files

Last updated 9 months ago

Automater

Gather OSINT data about IPs, domains, and hashes.

Website: Author: 1aN0rmus: License: MIT License: Notes: Automater.py State File:

dissect

Perform a variety of forensics and incident response tasks using this DFIR framework and toolset.

Website: Author: Dissect Team: dissect@fox-it.com License: GNU Affero General Public License v3: https://github.com/fox-it/dissect/blob/main/LICENSE Notes: acquire, target-fs, rdump, rgeoip, target-query, target-shell, target-dump, target-info, target-reg, target-dd, target-mount State File:

time-decode

Decode and encode date and timestamps.

Website: Author: Corey Forman License: MIT License: State File:

malwoverview

Query public repositories of malware data (e.g., VirusTotal, HybridAnalysis).

Website: Author: Alexandre Borges License: GNU General Public License v3: Notes: malwoverview, add API keys to ~/.malwapi.conf State File:

Viper

Organize and query a collection of malware samples. (Temporarily excluded from the distro.)

ioc_parser

Extract IOCs from security report PDFs.

ipwhois

Retrieve and parse whois data for IP addresses.

VirusTotal API

Query and interact with VirusTotal using a command-line interface.

ioc_writer

Python library that allows for basic creation and editing of OpenIOC objects.

shodan

Query Shodan, a search engine for internet-connected devices.

PyPDNS

Python library to query passive DNS services that follow the Passive DNS - Common Output Format

pdnstool

Query passive DNS databases for DNS data.

DeXRAY

Extract and decode data from antivirus quarantine files.

virustotal-submit

Submit files to VirusTotal.

virustotal-search

Search VirusTotal for file hashes.

Scalpel

Carve contents out of binary files, such as partitions.

nsrllookup

Look up MD5 file hashes in the NIST National Software Reference Library (NSRL).

Yara

Identify and classify malware samples using Yara rules.

Website: Author: Claudio Guarnieri: License: BSD 3-Clause License: Notes: Viper is temporarily excluded from the REMnux distro due to dependency issues. Instead, use the remnux/viper Docker image: State File:

Website: Author: Armin Buescher License: MIT License: State File:

Website: Author: Philip Hane License: BSD 2-Clause "Simplified" License: Notes: ipwhois_cli.py, ipwhois_utils_cli.py State File:

Website: Author: doomedraven License: MIT License: Notes: vt State File:

Website: Author: William Gibb License: Apache License 2.0: State File:

Website: Author: John Matherly License: Custom, free license: State File:

Website: Author: Raphael Vinot, Alexandre Dulaunoy, CIRCL - Computer Incident Response Center Luxembourg License: Free, custom license: State File:

Website: Author: Chris Lee License: MIT License: State File:

Website: Author: Hexacorn License: Free; copyright by Hexacorn.com: Notes: dexray State File:

Website: Author: Didier Stevens: License: Public Domain Notes: virustotal-submit.py State File:

Website: Author: Didier Stevens: License: Public Domain Notes: virustotal-search.py State File:

Website: Author: Golden G. Richard III, Vassil Roussev License: Apache License 2.0: State File:

Website: Author: Robert J. Hansen: License: ISC License: State File:

Website: Author: License: BSD 3-Clause "New" or "Revised" License: Notes: yara State File:

http://www.tekdefense.com/automater/
https://twitter.com/TekDefense
https://github.com/1aN0rmus/TekDefense-Automater/blob/master/LICENSE
remnux.tools.automater
https://github.com/fox-it/dissect
remnux.python3-packages.dissect
https://github.com/digitalsleuth/time_decode
https://github.com/digitalsleuth/time_decode/blob/master/LICENSE
remnux.python3-packages.time-decode
https://github.com/alexandreborges/malwoverview
https://github.com/alexandreborges/malwoverview/blob/master/LICENSE
remnux.python3-packages.malwoverview
https://github.com/viper-framework/viper
https://nex.sx
https://github.com/viper-framework/viper/blob/master/LICENSE
https://docs.remnux.org/run-tools-in-containers/remnux-containers#viper-binary-analysis-and-management-framework
remnux.python3-packages.viper-framework
https://github.com/buffer/ioc_parser
https://github.com/buffer/ioc_parser/blob/master/LICENSE.txt
remnux.python3-packages.ioc-parser
https://github.com/secynic/ipwhois
https://github.com/secynic/ipwhois/blob/master/LICENSE.txt
remnux.python3-packages.ipwhois
https://github.com/doomedraven/VirusTotalApi
https://github.com/doomedraven/VirusTotalApi/blob/master/LICENSE.md
remnux.python3-packages.virustotal-api
https://github.com/mandiant/ioc_writer
https://github.com/mandiant/ioc_writer/blob/master/LICENSE
remnux.python-packages.ioc-writer
https://github.com/achillean/shodan-python/
https://github.com/achillean/shodan-python/blob/master/LICENSE
remnux.python-packages.shodan
https://github.com/CIRCL/PyPDNS
https://github.com/CIRCL/PyPDNS/blob/master/LICENSE
remnux.python-packages.pypdns
https://github.com/chrislee35/passivedns-client
https://github.com/chrislee35/passivedns-client/blob/master/LICENSE.txt
remnux.rubygems.pdnstool
http://www.hexacorn.com/blog/category/software-releases/dexray/
http://hexacorn.com/d/DeXRAY.pl
remnux.scripts.dexray
https://blog.didierstevens.com/programs/virustotal-tools/
https://twitter.com/DidierStevens
remnux.scripts.virustotal-submit
https://blog.didierstevens.com/programs/virustotal-tools/
https://twitter.com/DidierStevens
remnux.scripts.virustotal-search
https://github.com/sleuthkit/scalpel
https://github.com/sleuthkit/scalpel/blob/master/LICENSE-2.0.txt
remnux.packages.scalpel
https://github.com/rjhansen/nsrllookup
https://twitter.com/robertjhansen
https://github.com/rjhansen/nsrllookup/blob/master/LICENSE
remnux.packages.nsrllookup
https://virustotal.github.io/yara/
https://github.com/VirusTotal/yara/blob/master/AUTHORS
https://github.com/VirusTotal/yara/blob/master/COPYING
remnux.packages.yara