📄
REMnux Documentation
📄
REMnux Documentation
📄
REMnux Documentation
📄
REMnux Documentation
REMnux: A Linux Toolkit for Malware Analysis
Install the Distro
Get the Virtual Appliance
Install from Scratch
Add to an Existing System
Run REMnux as a Container
Keep the Distro Up to Date
Discover the Tools
Examine Static Properties
Statically Analyze Code
General
Unpacking
PE Files
Python
Java
.NET
Flash
Android
Dynamically Reverse-Engineer Code
Perform Memory Forensics
Explore Network Interactions
Investigate System Interactions
Analyze Documents
Gather and Analyze Data
View or Edit Files
General Utilities
Run Tools in Containers
Docker Images of Malware Analysis Tools
Behind the Scenes
People
Technologies
License
Tips and More
REMnux Configuration Tips
REMnux Tool Tips
Malware Analysis Training
REMnux Website
Get Involved
Ask and Answer Questions
Write About the Tools
Add or Update Tools
Implement Enhancements
Powered by GitBook

General

Statically Analyze Code

BinNavi

IDE that allows to inspect, navigate, edit and annotate control flow graphs and call graphs of disassembled code.

Website: https://github.com/google/binnavi Author: Google/Zynamics License: Apache License 2.0: https://github.com/google/binnavi/blob/master/LICENSE Notes: binnavi State File: remnux.tools.binnavi​

Ghidra

Software reverse engineering tool suite

Website: https://ghidra-sre.org Author: National Security Agency License: Apache License 2.0: https://github.com/NationalSecurityAgency/ghidra/blob/master/LICENSE Notes: Close CodeBrowser before exiting Ghidra to prevent Ghidra from freezing when you reopen the tool (it's a Ghidra bug). State File: remnux.tools.ghidra​

Cutter

Reverse engineering platform powered by radare2

Website: https://cutter.re Author: Unknown License: GNU General Public License (GPL) v3.0: https://github.com/radareorg/cutter/blob/master/COPYING Notes: If you're planning to use Cutter when running REMnux as a Docker container, you'll need to include the --privileged parameter when invoking the REMnux distro image in Docker. State File: remnux.tools.cutter​

Qiling

Emulate code execution of PE files, shellcode, etc. for a variety of OS and hardware platforms.

Website: https://www.qiling.io Author: https://github.com/qilingframework/qiling/blob/master/AUTHORS.TXT License: GNU General Public License (GPL) v2.0: https://github.com/qilingframework/qiling/blob/master/COPYING Notes: Use qltool to analyze artifacts. Before analyzing Windows artifacts, gather Windows DLLs and other components using the dllscollector.bat script. Read the tool's documentation to get started. State File: remnux.python3-packages.qiling​

Vivisect

Statically examine and emulate binary files.

Website: https://github.com/vivisect/vivisect Author: invisigoth: invisigoth@kenshoto.com, installable vivisect module by Willi Ballenthin: https://twitter.com/williballenthin License: Apache License 2.0: https://github.com/vivisect/vivisect/blob/master/LICENSE.txt Notes: vivbin, vdbbin State File: remnux.python-packages.vivisect​

objdump

Disassemble binary files.

Website: https://en.wikipedia.org/wiki/Objdump Author: Unknown License: GNU General Public License (GPL) State File: remnux.packages.binutils​

pyew

Statically examine properties and code of suspicious PE and ELF executables.

Website: https://github.com/joxeankoret/pyew Author: Joxean Koret License: GNU General Public License (GPL): https://github.com/joxeankoret/pyew/blob/VERSION_3X/COPYING State File: remnux.packages.pyew​

Discover the Tools - Previous
Statically Analyze Code
Next
Unpacking
Last updated 2 months ago
Contents
BinNavi
Ghidra
Cutter
Qiling
Vivisect
objdump
pyew