📄
REMnux Documentation
  • REMnux: A Linux Toolkit for Malware Analysis
  • Install the Distro
    • Get the Virtual Appliance
    • Install from Scratch
    • Add to an Existing System
    • Run REMnux as a Container
    • Keep the Distro Up to Date
  • Discover the Tools
    • Examine Static Properties
      • General
      • PE Files
      • ELF Files
      • .NET
      • Deobfuscation
    • Statically Analyze Code
      • General
      • Unpacking
      • PE Files
      • Python
      • Scripts
      • Java
      • .NET
      • Flash
      • Android
    • Dynamically Reverse-Engineer Code
      • General
      • Shellcode
      • Scripts
      • ELF Files
    • Perform Memory Forensics
    • Explore Network Interactions
      • Monitoring
      • Connecting
      • Services
    • Investigate System Interactions
    • Analyze Documents
      • General
      • PDF
      • Microsoft Office
      • Email Messages
    • Gather and Analyze Data
    • View or Edit Files
    • General Utilities
  • Run Tools in Containers
    • Docker Images of Malware Analysis Tools
  • Behind the Scenes
    • People
    • Technologies
      • SaltStack Management
      • REMnux Installer
      • State Files Without the REMnux Installer
      • Debian Packages
      • Website and Docs
    • License
  • Tips and More
    • REMnux Configuration Tips
    • REMnux Tool Tips
    • Malware Analysis Training
    • REMnux Website
  • Get Involved
    • Ask and Answer Questions
    • Write About the Tools
    • Add or Update Tools
      • Contribute a Salt State File
      • Contribute a Debian Package
      • Contribute a Dockerfile
    • Implement Enhancements
Powered by GitBook
On this page
  • BinNavi
  • Ghidra
  • Cutter
  • Detect-It-Easy
  • Qiling
  • Vivisect
  • objdump
  1. Discover the Tools
  2. Statically Analyze Code

General

Statically Analyze Code

PreviousStatically Analyze CodeNextUnpacking

Last updated 3 years ago

BinNavi

IDE that allows to inspect, navigate, edit and annotate control flow graphs and call graphs of disassembled code.

Website: Author: Google/Zynamics License: Apache License 2.0: Notes: binnavi State File:

Ghidra

Software reverse engineering tool suite

Website: Author: National Security Agency License: Apache License 2.0: Notes: Close CodeBrowser before exiting Ghidra to prevent Ghidra from freezing when you reopen the tool (it's a Ghidra bug). State File:

Cutter

Reverse engineering platform powered by Rizin

Website: Author: License: GNU General Public License (GPL) v3.0: Notes: If you're planning to use Cutter when running REMnux as a Docker container, you'll need to include the --privileged parameter when invoking the REMnux distro image in Docker. State File:

Detect-It-Easy

Determine types of files and examine file properties.

Website: Author: hors: License: MIT License: Notes: GUI tool: die, command-line tool: diec. State File:

Qiling

Emulate code execution of PE files, shellcode, etc. for a variety of OS and hardware platforms.

Vivisect

Statically examine and emulate binary files.

objdump

Disassemble binary files.

Website: Author: License: GNU General Public License (GPL) v2.0: Notes: Use qltool to analyze artifacts. Before analyzing Windows artifacts, gather Windows DLLs and other components using the script. Read the tool's to get started. State File:

Website: Author: invisigoth: invisigoth@kenshoto.com, installable vivisect module by Willi Ballenthin: License: Apache License 2.0: Notes: vivbin, vdbbin State File:

Website: Author: Unknown License: GNU General Public License (GPL) State File:

https://github.com/google/binnavi
https://github.com/google/binnavi/blob/master/LICENSE
remnux.tools.binnavi
https://ghidra-sre.org
https://github.com/NationalSecurityAgency/ghidra/blob/master/LICENSE
remnux.packages.ghidra
https://cutter.re
https://github.com/rizinorg/cutter/graphs/contributors
https://github.com/rizinorg/cutter/blob/master/COPYING
remnux.tools.cutter
https://github.com/horsicq/Detect-It-Easy
https://twitter.com/horsicq
https://github.com/horsicq/Detect-It-Easy/blob/master/LICENSE
remnux.tools.detect-it-easy
https://www.qiling.io
https://github.com/qilingframework/qiling/blob/master/AUTHORS.TXT
https://github.com/qilingframework/qiling/blob/master/COPYING
dllscollector.bat
documentation
remnux.python3-packages.qiling
https://github.com/vivisect/vivisect
https://twitter.com/williballenthin
https://github.com/vivisect/vivisect/blob/master/LICENSE.txt
remnux.python3-packages.vivisect
https://en.wikipedia.org/wiki/Objdump
remnux.packages.binutils