Gather and Analyze Data

Discover the Tools


Gather OSINT data about IPs, domains, and hashes.


Perform a variety of forensics and incident response tasks using this DFIR framework and toolset.
Website: Author: Dissect Team: [email protected] License: GNU Affero General Public License v3: Notes: acquire, target-fs, rdump, rgeoip, target-query, target-shell, target-dump, target-info, target-reg, target-dd, target-mount State File: remnux.python3-packages.dissect


Decode and encode date and timestamps.


Query public repositories of malware data (e.g., VirusTotal, HybridAnalysis).
Website: Author: Alexandre Borges License: GNU General Public License v3: Notes:, add API keys to ~/.malwapi.conf State File: remnux.python3-packages.malwoverview


Organize and query a collection of malware samples. (Temporarily excluded from the distro.)
Website: Author: Claudio Guarnieri: License: BSD 3-Clause License: Notes: Viper is temporarily excluded from the REMnux distro due to dependency issues. Instead, use the remnux/viper Docker image: State File: remnux.python3-packages.viper-framework


Extract IOCs from security report PDFs.


Retrieve and parse whois data for IP addresses.
Website: Author: Philip Hane License: BSD 2-Clause "Simplified" License: Notes:, State File: remnux.python3-packages.ipwhois

VirusTotal API

Query and interact with VirusTotal using a command-line interface.


Python library that allows for basic creation and editing of OpenIOC objects.


Query Shodan, a search engine for internet-connected devices.


Python library to query passive DNS services that follow the Passive DNS - Common Output Format
Website: Author: Raphael Vinot, Alexandre Dulaunoy, CIRCL - Computer Incident Response Center Luxembourg License: Free, custom license: State File: remnux.python-packages.pypdns


Query passive DNS databases for DNS data.


Extract and decode data from antivirus quarantine files.
Website: Author: Hexacorn License: Free; copyright by Notes: dexray State File: remnux.scripts.dexray


Submit files to VirusTotal.
Website: Author: Didier Stevens: License: Public Domain Notes: State File: remnux.scripts.virustotal-submit
Search VirusTotal for file hashes.
Website: Author: Didier Stevens: License: Public Domain Notes: State File: remnux.scripts.virustotal-search


Carve contents out of binary files, such as partitions.
Website: Author: Golden G. Richard III, Vassil Roussev License: Apache License 2.0: State File: remnux.packages.scalpel


Look up MD5 file hashes in the NIST National Software Reference Library (NSRL).


Identify and classify malware samples using Yara rules.