Gather and Analyze Data

Discover the Tools


Gather OSINT data about IPs, domains, and hashes.

Website: Author: 1aN0rmus: License: MIT License: Notes: State File:​


Decode and encode date and timestamps.

Website: Author: Corey Forman License: MIT License: Notes: State File: remnux.python-packages.time-decode​


Python library that allows for basic creation and editing of OpenIOC objects.

Website: Author: William Gibb License: Apache License 2.0: State File: remnux.python-packages.ioc-writer​


Query Shodan, a search engine for internet-connected devices.

Website: Author: John Matherly License: Custom, free license: State File: remnux.python-packages.shodan​


Query public repositories of malware data (e.g., VirusTotal, HybridAnalysis).

Website: Author: Alexandre Borges License: GNU General Public License v3: Notes:, add API keys to ~/.malwapi.conf State File: remnux.python-packages.malwoverview​


Look up MD5 file hashes in the NIST National Software Reference Library (NSRL).

Website: Author: Robert J. Hansen: License: ISC License: State File: remnux.python-packages.nsrllookup​


Organize and query a collection of malware samples.

Website: Author: Claudio Guarnieri: License: BSD 3-Clause License: Notes: Run the tool using the viper command. The first time you activate the tool, specify the update-modules command within it to download and update community modules from the tool's repository. State File: remnux.python-packages.viper-framework​


Extract IOCs from security report PDFs.

Website: Author: Armin Buescher License: MIT License: State File: remnux.python-packages.ioc-parser​


Retrieve and parse whois data for IP addresses.

Website: Author: Philip Hane License: BSD 2-Clause "Simplified" License: Notes:, State File: remnux.python-packages.ipwhois​

VirusTotal API

Query and interact with VirusTotal using a command-line interface.

Website: Author: doomedraven License: MIT License: Notes: vt State File: remnux.python-packages.virustotal-api​


Python library to query passive DNS services that follow the Passive DNS - Common Output Format

Website: Author: RaphaΓ«l Vinot, Alexandre Dulaunoy, CIRCL - Computer Incident Response Center Luxembourg License: Free, custom license: State File: remnux.python-packages.pypdns​


Query passive DNS databases for DNS data.

Website: Author: Chris Lee License: MIT License: State File: remnux.rubygems.pdnstool​


Extract and decode data fro antivirus quarantine files.

Website: Author: Hexacorn License: Free; copyright by Notes: dexray State File: remnux.scripts.dexray​


Submit files to VirusTotal.

Website: Author: Didier Stevens: License: Public Domain Notes: State File: remnux.scripts.virustotal-submit​


Search VirusTotal for file hashes.

Website: Author: Didier Stevens: License: Public Domain Notes: State File: remnux.scripts.virustotal-search​


Carve contents out of binary files, such as partitions.

Website: Author: Golden G. Richard III, Vassil Roussev License: Apache License 2.0: State File: remnux.packages.scalpel​


Identify and classify malware samples using Yara rules.

Website: Author: License: BSD 3-Clause "New" or "Revised" License: Notes: yara State File: remnux.packages.yara​