π
π
π
π
REMnux Documentation
Searchβ¦
π
π
π
π
REMnux Documentation
REMnux: A Linux Toolkit for Malware Analysis
Install the Distro
Get the Virtual Appliance
Install from Scratch
Add to an Existing System
Run REMnux as a Container
Keep the Distro Up to Date
Discover the Tools
Examine Static Properties
Statically Analyze Code
Dynamically Reverse-Engineer Code
Perform Memory Forensics
Explore Network Interactions
Investigate System Interactions
Analyze Documents
Gather and Analyze Data
View or Edit Files
General Utilities
Run Tools in Containers
Docker Images of Malware Analysis Tools
Behind the Scenes
People
Technologies
License
Tips and More
REMnux Configuration Tips
REMnux Tool Tips
Malware Analysis Training
REMnux Website
Get Involved
Ask and Answer Questions
Write About the Tools
Add or Update Tools
Implement Enhancements
Powered By
GitBook
Gather and Analyze Data
Discover the Tools
Automater
Gather OSINT data about IPs, domains, and hashes.
Website
:
http://www.tekdefense.com/automater/
Author
: 1aN0rmus:
https://twitter.com/TekDefense
License
: MIT License:
https://github.com/1aN0rmus/TekDefense-Automater/blob/master/LICENSE
Notes
: Automater.py
State File
:
remnux.tools.automater
β
time-decode
Decode and encode date and timestamps.
Website
:
https://github.com/digitalsleuth/time_decode
Author
: Corey Forman
License
: MIT License:
https://github.com/digitalsleuth/time_decode/blob/master/LICENSE
State File
:
remnux.python3-packages.time-decode
β
malwoverview
Query public repositories of malware data (e.g., VirusTotal, HybridAnalysis).
Website
:
https://github.com/alexandreborges/malwoverview
Author
: Alexandre Borges
License
: GNU General Public License v3:
https://github.com/alexandreborges/malwoverview/blob/master/LICENSE
Notes
: malwoverview.py, add API keys to ~/.malwapi.conf
State File
:
remnux.python3-packages.malwoverview
β
Viper
Organize and query a collection of malware samples. (Temporarily excluded from the distro.)
Website
:
https://github.com/viper-framework/viper
Author
: Claudio Guarnieri:
https://nex.sx
License
: BSD 3-Clause License:
https://github.com/viper-framework/viper/blob/master/LICENSE
Notes
: Viper is temporarily excluded from the REMnux distro due to depdendency issues. Instead, use the remnux/viper Docker image:
https://docs.remnux.org/run-tools-in-containers/remnux-containers#viper-binary-analysis-and-management-framework
State File
:
remnux.python3-packages.viper-framework
β
ioc_parser
Extract IOCs from security report PDFs.
Website
:
https://github.com/buffer/ioc_parser
Author
: Armin Buescher
License
: MIT License:
https://github.com/buffer/ioc_parser/blob/master/LICENSE.txt
State File
:
remnux.python3-packages.ioc-parser
β
ipwhois
Retrieve and parse whois data for IP addresses.
Website
:
https://github.com/secynic/ipwhois
Author
: Philip Hane
License
: BSD 2-Clause "Simplified" License:
https://github.com/secynic/ipwhois/blob/master/LICENSE.txt
Notes
: ipwhois_cli.py, ipwhois_utils_cli.py
State File
:
remnux.python3-packages.ipwhois
β
VirusTotal API
Query and interact with VirusTotal using a command-line interface.
Website
:
https://github.com/doomedraven/VirusTotalApi
Author
: doomedraven
License
: MIT License:
https://github.com/doomedraven/VirusTotalApi/blob/master/LICENSE.md
Notes
: vt
State File
:
remnux.python3-packages.virustotal-api
β
ioc_writer
Python library that allows for basic creation and editing of OpenIOC objects.
Website
:
https://github.com/mandiant/ioc_writer
Author
: William Gibb
License
: Apache License 2.0:
https://github.com/mandiant/ioc_writer/blob/master/LICENSE
State File
:
remnux.python-packages.ioc-writer
β
shodan
Query Shodan, a search engine for internet-connected devices.
Website
:
https://github.com/achillean/shodan-python/
Author
: John Matherly
License
: Custom, free license:
https://github.com/achillean/shodan-python/blob/master/LICENSE
State File
:
remnux.python-packages.shodan
β
PyPDNS
Python library to query passive DNS services that follow the Passive DNS - Common Output Format
Website
:
https://github.com/CIRCL/PyPDNS
Author
: Raphael Vinot, Alexandre Dulaunoy, CIRCL - Computer Incident Response Center Luxembourg
License
: Free, custom license:
https://github.com/CIRCL/PyPDNS/blob/master/LICENSE
State File
:
remnux.python-packages.pypdns
β
pdnstool
Query passive DNS databases for DNS data.
Website
:
https://github.com/chrislee35/passivedns-client
Author
: Chris Lee
License
: MIT License:
https://github.com/chrislee35/passivedns-client/blob/master/LICENSE.txt
State File
:
remnux.rubygems.pdnstool
β
DeXRAY
Extract and decode data fro antivirus quarantine files.
Website
:
http://www.hexacorn.com/blog/category/software-releases/dexray/
Author
: Hexacorn
License
: Free; copyright by Hexacorn.com:
http://hexacorn.com/d/DeXRAY.pl
Notes
: dexray
State File
:
remnux.scripts.dexray
β
virustotal-submit
Submit files to VirusTotal.
Website
:
https://blog.didierstevens.com/programs/virustotal-tools/
Author
: Didier Stevens:
https://twitter.com/DidierStevens
License
: Public Domain
Notes
: virustotal-submit.py
State File
:
remnux.scripts.virustotal-submit
β
virustotal-search
Search VirusTotal for file hashes.
Website
:
https://blog.didierstevens.com/programs/virustotal-tools/
Author
: Didier Stevens:
https://twitter.com/DidierStevens
License
: Public Domain
Notes
: virustotal-search.py
State File
:
remnux.scripts.virustotal-search
β
Scalpel
Carve contents out of binary files, such as partitions.
Website
:
https://github.com/sleuthkit/scalpel
Author
: Golden G. Richard III, Vassil Roussev
License
: Apache License 2.0:
https://github.com/sleuthkit/scalpel/blob/master/LICENSE-2.0.txt
State File
:
remnux.packages.scalpel
β
nsrllookup
Look up MD5 file hashes in the NIST National Software Reference Library (NSRL).
Website
:
https://github.com/rjhansen/nsrllookup
Author
: Robert J. Hansen:
https://twitter.com/robertjhansen
License
: ISC License:
https://github.com/rjhansen/nsrllookup/blob/master/LICENSE
State File
:
remnux.packages.nsrllookup
β
Yara
Identify and classify malware samples using Yara rules.
Website
:
https://virustotal.github.io/yara/
Author
:
https://github.com/VirusTotal/yara/blob/master/AUTHORS
License
: BSD 3-Clause "New" or "Revised" License:
https://github.com/VirusTotal/yara/blob/master/COPYING
Notes
: yara
State File
:
remnux.packages.yara
β
Previous
Email Messages
Next - Discover the Tools
View or Edit Files
Last modified
8mo ago
Copy link
Contents
Automater
time-decode
malwoverview
Viper
ioc_parser
ipwhois
VirusTotal API
ioc_writer
shodan
PyPDNS
pdnstool
DeXRAY
virustotal-submit
virustotal-search
Scalpel
nsrllookup
Yara