Gather and Analyze Data
Discover the Tools
Gather OSINT data about IPs, domains, and hashes.
Website: http://www.tekdefense.com/automater/
Author: 1aN0rmus: https://twitter.com/TekDefense
License: MIT License: https://github.com/1aN0rmus/TekDefense-Automater/blob/master/LICENSE
Notes: Automater.py
State File: remnux.tools.automater
Perform a variety of forensics and incident response tasks using this DFIR framework and toolset.
Website: https://github.com/fox-it/dissect
Author: Dissect Team: [email protected]
License: GNU Affero General Public License v3: https://github.com/fox-it/dissect/blob/main/LICENSE
Notes: acquire, target-fs, rdump, rgeoip, target-query, target-shell, target-dump, target-info, target-reg, target-dd, target-mount
State File: remnux.python3-packages.dissect
Decode and encode date and timestamps.
Website: https://github.com/digitalsleuth/time_decode
Author: Corey Forman
License: MIT License: https://github.com/digitalsleuth/time_decode/blob/master/LICENSE
State File: remnux.python3-packages.time-decode
Query public repositories of malware data (e.g., VirusTotal, HybridAnalysis).
Website: https://github.com/alexandreborges/malwoverview
Author: Alexandre Borges
License: GNU General Public License v3: https://github.com/alexandreborges/malwoverview/blob/master/LICENSE
Notes: malwoverview.py, add API keys to ~/.malwapi.conf
State File: remnux.python3-packages.malwoverview
Organize and query a collection of malware samples. (Temporarily excluded from the distro.)
Website: https://github.com/viper-framework/viper
Author: Claudio Guarnieri: https://nex.sx
License: BSD 3-Clause License: https://github.com/viper-framework/viper/blob/master/LICENSE
Notes: Viper is temporarily excluded from the REMnux distro due to depdendency issues. Instead, use the remnux/viper Docker image: https://docs.remnux.org/run-tools-in-containers/remnux-containers#viper-binary-analysis-and-management-framework
State File: remnux.python3-packages.viper-framework
Extract IOCs from security report PDFs.
Website: https://github.com/buffer/ioc_parser
Author: Armin Buescher
License: MIT License: https://github.com/buffer/ioc_parser/blob/master/LICENSE.txt
State File: remnux.python3-packages.ioc-parser
Retrieve and parse whois data for IP addresses.
Website: https://github.com/secynic/ipwhois
Author: Philip Hane
License: BSD 2-Clause "Simplified" License: https://github.com/secynic/ipwhois/blob/master/LICENSE.txt
Notes: ipwhois_cli.py, ipwhois_utils_cli.py
State File: remnux.python3-packages.ipwhois
Query and interact with VirusTotal using a command-line interface.
Website: https://github.com/doomedraven/VirusTotalApi
Author: doomedraven
License: MIT License: https://github.com/doomedraven/VirusTotalApi/blob/master/LICENSE.md
Notes: vt
State File: remnux.python3-packages.virustotal-api
Python library that allows for basic creation and editing of OpenIOC objects.
Website: https://github.com/mandiant/ioc_writer
Author: William Gibb
License: Apache License 2.0: https://github.com/mandiant/ioc_writer/blob/master/LICENSE
State File: remnux.python-packages.ioc-writer
Query Shodan, a search engine for internet-connected devices.
Website: https://github.com/achillean/shodan-python/
Author: John Matherly
License: Custom, free license: https://github.com/achillean/shodan-python/blob/master/LICENSE
State File: remnux.python-packages.shodan
Python library to query passive DNS services that follow the Passive DNS - Common Output Format
Website: https://github.com/CIRCL/PyPDNS
Author: Raphael Vinot, Alexandre Dulaunoy, CIRCL - Computer Incident Response Center Luxembourg
License: Free, custom license: https://github.com/CIRCL/PyPDNS/blob/master/LICENSE
State File: remnux.python-packages.pypdns
Query passive DNS databases for DNS data.
Website: https://github.com/chrislee35/passivedns-client
Author: Chris Lee
License: MIT License: https://github.com/chrislee35/passivedns-client/blob/master/LICENSE.txt
State File: remnux.rubygems.pdnstool
Extract and decode data fro antivirus quarantine files.
Website: http://www.hexacorn.com/blog/category/software-releases/dexray/
Author: Hexacorn
License: Free; copyright by Hexacorn.com: http://hexacorn.com/d/DeXRAY.pl
Notes: dexray
State File: remnux.scripts.dexray
Submit files to VirusTotal.
Website: https://blog.didierstevens.com/programs/virustotal-tools/
Author: Didier Stevens: https://twitter.com/DidierStevens
License: Public Domain
Notes: virustotal-submit.py
State File: remnux.scripts.virustotal-submit
Search VirusTotal for file hashes.
Website: https://blog.didierstevens.com/programs/virustotal-tools/
Author: Didier Stevens: https://twitter.com/DidierStevens
License: Public Domain
Notes: virustotal-search.py
State File: remnux.scripts.virustotal-search
Carve contents out of binary files, such as partitions.
Website: https://github.com/sleuthkit/scalpel
Author: Golden G. Richard III, Vassil Roussev
License: Apache License 2.0: https://github.com/sleuthkit/scalpel/blob/master/LICENSE-2.0.txt
State File: remnux.packages.scalpel
Look up MD5 file hashes in the NIST National Software Reference Library (NSRL).
Website: https://github.com/rjhansen/nsrllookup
Author: Robert J. Hansen: https://twitter.com/robertjhansen
License: ISC License: https://github.com/rjhansen/nsrllookup/blob/master/LICENSE
State File: remnux.packages.nsrllookup
Identify and classify malware samples using Yara rules.
Website: https://virustotal.github.io/yara/
Author: https://github.com/VirusTotal/yara/blob/master/AUTHORS
License: BSD 3-Clause "New" or "Revised" License: https://github.com/VirusTotal/yara/blob/master/COPYING
Notes: yara
State File: remnux.packages.yara
Last modified 1d ago