search

Gather and Analyze Data

Discover the Tools

hashtag
dissect

Perform a variety of forensics and incident response tasks using this DFIR framework and toolset.

Website: https://github.com/fox-it/dissectarrow-up-right Author: Dissect Team: [email protected] License: GNU Affero General Public License v3: https://github.com/fox-it/dissect/blob/main/LICENSEarrow-up-right Notes: acquire, target-fs, rdump, rgeoip, target-query, target-shell, target-dump, target-info, target-reg, target-dd, target-mount State File: remnux.python3-packages.dissectarrow-up-right

hashtag
time-decode

Decode and encode date and timestamps.

Website: https://github.com/digitalsleuth/time_decodearrow-up-right Author: Corey Forman License: MIT License: https://github.com/digitalsleuth/time_decode/blob/master/LICENSEarrow-up-right State File: remnux.python3-packages.time-decodearrow-up-right

hashtag
malwoverview

Query public repositories of malware data (e.g., VirusTotal, HybridAnalysis).

Website: https://github.com/alexandreborges/malwoverviewarrow-up-right Author: Alexandre Borges License: GNU General Public License v3: https://github.com/alexandreborges/malwoverview/blob/master/LICENSEarrow-up-right Notes: malwoverview, add API keys to ~/.malwapi.conf State File: remnux.python3-packages.malwoverviewarrow-up-right

hashtag
ipwhois

Retrieve and parse whois data for IP addresses.

Website: https://github.com/secynic/ipwhoisarrow-up-right Author: Philip Hane License: BSD 2-Clause "Simplified" License: https://github.com/secynic/ipwhois/blob/master/LICENSE.txtarrow-up-right Notes: ipwhois_cli.py, ipwhois_utils_cli.py State File: remnux.python3-packages.ipwhoisarrow-up-right

hashtag
pdnstool

Query passive DNS databases for DNS data.

Website: https://github.com/chrislee35/passivedns-clientarrow-up-right Author: Chris Lee License: MIT License: https://github.com/chrislee35/passivedns-client/blob/master/LICENSE.txtarrow-up-right State File: remnux.rubygems.pdnstoolarrow-up-right

hashtag
DeXRAY

Extract and decode data from antivirus quarantine files.

Website: https://www.hexacorn.com/blog/category/software-releases/dexray/arrow-up-right Author: Hexacorn License: Free; copyright by Hexacorn.com: https://hexacorn.com/d/DeXRAY.plarrow-up-right Notes: dexray State File: remnux.scripts.dexrayarrow-up-right

hashtag
virustotal-submit

Submit files to VirusTotal.

Website: https://blog.didierstevens.com/programs/virustotal-tools/arrow-up-right Author: Didier Stevens: https://x.com/DidierStevensarrow-up-right License: Public Domain Notes: virustotal-submit.py State File: remnux.scripts.virustotal-submitarrow-up-right

hashtag
virustotal-search

Search VirusTotal for file hashes.

Website: https://blog.didierstevens.com/programs/virustotal-tools/arrow-up-right Author: Didier Stevens: https://x.com/DidierStevensarrow-up-right License: Public Domain Notes: virustotal-search.py State File: remnux.scripts.virustotal-searcharrow-up-right

hashtag
Scalpel

Carve contents out of binary files, such as partitions.

Website: https://github.com/sleuthkit/scalpelarrow-up-right Author: Golden G. Richard III, Vassil Roussev License: Apache License 2.0: https://github.com/sleuthkit/scalpel/blob/master/LICENSE-2.0.txtarrow-up-right State File: remnux.packages.scalpelarrow-up-right

hashtag
nsrllookup

Look up MD5 file hashes in the NIST National Software Reference Library (NSRL).

Website: https://github.com/rjhansen/nsrllookuparrow-up-right Author: Robert J. Hansen: https://x.com/robertjhansenarrow-up-right License: ISC License: https://github.com/rjhansen/nsrllookup/blob/master/LICENSEarrow-up-right State File: remnux.packages.nsrllookuparrow-up-right

hashtag
Yara

Identify and classify malware samples using Yara rules.

Website: https://virustotal.github.io/yara/arrow-up-right Author: https://github.com/VirusTotal/yara/blob/master/AUTHORSarrow-up-right License: BSD 3-Clause "New" or "Revised" License: https://github.com/VirusTotal/yara/blob/master/COPYINGarrow-up-right Notes: yara State File: remnux.packages.yaraarrow-up-right

hashtag
ioc_parser

Extract IOCs from security report PDFs.

Website: https://github.com/buffer/ioc_parserarrow-up-right Author: Armin Buescher License: MIT License: https://github.com/buffer/ioc_parser/blob/master/LICENSE.txtarrow-up-right State File: remnux.python3-packages.ioc-parserarrow-up-right

hashtag
dnslib

Python library to encode/decode DNS wire-format packets.

Website: https://github.com/paulc/dnslibarrow-up-right Author: Paul Chakravarti License: BSD 2-Clause "Simplified" License: https://github.com/paulc/dnslib/blob/master/LICENSEarrow-up-right Notes: Library - /opt/dnslib/bin/python3 - import dnslib State File: remnux.python3-packages.dnslibarrow-up-right

hashtag
YARA-X

Scan files using YARA rules, the next generation of YARA written in Rust.

Website: https://github.com/VirusTotal/yara-xarrow-up-right Author: Victor M. Alvarez, VirusTotal: https://github.com/VirusTotalarrow-up-right License: BSD-3-Clause License: https://github.com/VirusTotal/yara-x/blob/main/LICENSEarrow-up-right Notes: yr scan, yr compile. Coexists with classic YARA; uses yr command. State File: remnux.tools.yara-xarrow-up-right

PreviousUse Artificial IntelligenceNextView or Edit Files

Last updated