📄
REMnux Documentation
  • REMnux: A Linux Toolkit for Malware Analysis
  • Install the Distro
    • Get the Virtual Appliance
    • Install from Scratch
    • Add to an Existing System
    • Run REMnux as a Container
    • Keep the Distro Up to Date
  • Discover the Tools
    • Examine Static Properties
      • General
      • PE Files
      • ELF Files
      • .NET
      • Deobfuscation
    • Statically Analyze Code
      • General
      • Unpacking
      • PE Files
      • Python
      • Scripts
      • Java
      • .NET
      • Flash
      • Android
    • Dynamically Reverse-Engineer Code
      • General
      • Shellcode
      • Scripts
      • ELF Files
    • Perform Memory Forensics
    • Explore Network Interactions
      • Monitoring
      • Connecting
      • Services
    • Investigate System Interactions
    • Analyze Documents
      • General
      • PDF
      • Microsoft Office
      • Email Messages
    • Gather and Analyze Data
    • View or Edit Files
    • General Utilities
  • Run Tools in Containers
    • Docker Images of Malware Analysis Tools
  • Behind the Scenes
    • People
    • Technologies
      • SaltStack Management
      • REMnux Installer
      • State Files Without the REMnux Installer
      • Debian Packages
      • Website and Docs
    • License
  • Tips and More
    • REMnux Configuration Tips
    • REMnux Tool Tips
    • Malware Analysis Training
    • REMnux Website
  • Get Involved
    • Ask and Answer Questions
    • Write About the Tools
    • Add or Update Tools
      • Contribute a Salt State File
      • Contribute a Debian Package
      • Contribute a Dockerfile
    • Implement Enhancements
Powered by GitBook
On this page
  • BinNavi
  • Ghidra
  • Cutter
  • Detect-It-Easy
  • Qiling
  • Vivisect
  • objdump
  1. Discover the Tools
  2. Statically Analyze Code

General

Statically Analyze Code

BinNavi

IDE that allows to inspect, navigate, edit and annotate control flow graphs and call graphs of disassembled code.

Website: https://github.com/google/binnavi Author: Google/Zynamics License: Apache License 2.0: https://github.com/google/binnavi/blob/master/LICENSE Notes: binnavi State File: remnux.tools.binnavi

Ghidra

Software reverse engineering tool suite

Website: https://ghidra-sre.org Author: National Security Agency License: Apache License 2.0: https://github.com/NationalSecurityAgency/ghidra/blob/master/LICENSE Notes: Close CodeBrowser before exiting Ghidra to prevent Ghidra from freezing when you reopen the tool (it's a Ghidra bug). State File: remnux.packages.ghidra

Cutter

Reverse engineering platform powered by Rizin

Website: https://cutter.re Author: https://github.com/rizinorg/cutter/graphs/contributors License: GNU General Public License (GPL) v3.0: https://github.com/rizinorg/cutter/blob/master/COPYING Notes: If you're planning to use Cutter when running REMnux as a Docker container, you'll need to include the --privileged parameter when invoking the REMnux distro image in Docker. State File: remnux.tools.cutter

Detect-It-Easy

Determine types of files and examine file properties.

Website: https://github.com/horsicq/Detect-It-Easy Author: hors: https://twitter.com/horsicq License: MIT License: https://github.com/horsicq/Detect-It-Easy/blob/master/LICENSE Notes: GUI tool: die, command-line tool: diec. State File: remnux.tools.detect-it-easy

Qiling

Emulate code execution of PE files, shellcode, etc. for a variety of OS and hardware platforms.

Website: https://www.qiling.io Author: https://github.com/qilingframework/qiling/blob/master/AUTHORS.TXT License: GNU General Public License (GPL) v2.0: https://github.com/qilingframework/qiling/blob/master/COPYING Notes: Use qltool to analyze artifacts. Before analyzing Windows artifacts, gather Windows DLLs and other components using the dllscollector.bat script. Read the tool's documentation to get started. State File: remnux.python3-packages.qiling

Vivisect

Statically examine and emulate binary files.

Website: https://github.com/vivisect/vivisect Author: invisigoth: invisigoth@kenshoto.com, installable vivisect module by Willi Ballenthin: https://twitter.com/williballenthin License: Apache License 2.0: https://github.com/vivisect/vivisect/blob/master/LICENSE.txt Notes: vivbin, vdbbin State File: remnux.python3-packages.vivisect

objdump

Disassemble binary files.

Website: https://en.wikipedia.org/wiki/Objdump Author: Unknown License: GNU General Public License (GPL) State File: remnux.packages.binutils

PreviousStatically Analyze CodeNextUnpacking

Last updated 3 years ago