πŸ“„
πŸ“„
πŸ“„
πŸ“„
REMnux Documentation
Search…
πŸ“„
πŸ“„
πŸ“„
πŸ“„
REMnux Documentation
REMnux: A Linux Toolkit for Malware Analysis
Install the Distro
Get the Virtual Appliance
Install from Scratch
Add to an Existing System
Run REMnux as a Container
Keep the Distro Up to Date
Discover the Tools
Examine Static Properties
Statically Analyze Code
General
Unpacking
PE Files
Python
Scripts
Java
.NET
Flash
Android
Dynamically Reverse-Engineer Code
Perform Memory Forensics
Explore Network Interactions
Investigate System Interactions
Analyze Documents
Gather and Analyze Data
View or Edit Files
General Utilities
Run Tools in Containers
Docker Images of Malware Analysis Tools
Behind the Scenes
People
Technologies
License
Tips and More
REMnux Configuration Tips
REMnux Tool Tips
Malware Analysis Training
REMnux Website
Get Involved
Ask and Answer Questions
Write About the Tools
Add or Update Tools
Implement Enhancements
Powered By GitBook
General
Statically Analyze Code

BinNavi

IDE that allows to inspect, navigate, edit and annotate control flow graphs and call graphs of disassembled code.
Website: https://github.com/google/binnavi Author: Google/Zynamics License: Apache License 2.0: https://github.com/google/binnavi/blob/master/LICENSE Notes: binnavi State File: remnux.tools.binnavi​

Ghidra

Software reverse engineering tool suite
Website: https://ghidra-sre.org Author: National Security Agency License: Apache License 2.0: https://github.com/NationalSecurityAgency/ghidra/blob/master/LICENSE Notes: Close CodeBrowser before exiting Ghidra to prevent Ghidra from freezing when you reopen the tool (it's a Ghidra bug). State File: remnux.packages.ghidra​

Cutter

Reverse engineering platform powered by Rizin
Website: https://cutter.re Author: https://github.com/rizinorg/cutter/graphs/contributors License: GNU General Public License (GPL) v3.0: https://github.com/rizinorg/cutter/blob/master/COPYING Notes: If you're planning to use Cutter when running REMnux as a Docker container, you'll need to include the --privileged parameter when invoking the REMnux distro image in Docker. State File: remnux.tools.cutter​

Detect-It-Easy

Determine types of files and examine file properties.
Website: https://github.com/horsicq/Detect-It-Easy Author: hors: https://twitter.com/horsicq License: MIT License: https://github.com/horsicq/Detect-It-Easy/blob/master/LICENSE Notes: GUI tool: die, command-line tool: diec. State File: remnux.tools.detect-it-easy​

Qiling

Emulate code execution of PE files, shellcode, etc. for a variety of OS and hardware platforms.
Website: https://www.qiling.io Author: https://github.com/qilingframework/qiling/blob/master/AUTHORS.TXT License: GNU General Public License (GPL) v2.0: https://github.com/qilingframework/qiling/blob/master/COPYING Notes: Use qltool to analyze artifacts. Before analyzing Windows artifacts, gather Windows DLLs and other components using the dllscollector.bat script. Read the tool's documentation to get started. State File: remnux.python3-packages.qiling​

Vivisect

Statically examine and emulate binary files.
Website: https://github.com/vivisect/vivisect Author: invisigoth: [email protected], installable vivisect module by Willi Ballenthin: https://twitter.com/williballenthin License: Apache License 2.0: https://github.com/vivisect/vivisect/blob/master/LICENSE.txt Notes: vivbin, vdbbin State File: remnux.python3-packages.vivisect​

objdump

Disassemble binary files.
Website: https://en.wikipedia.org/wiki/Objdump Author: Unknown License: GNU General Public License (GPL) State File: remnux.packages.binutils​
Discover the Tools - Previous
Statically Analyze Code
Next
Unpacking
Last modified 1yr ago
Copy link
On this page
BinNavi
Ghidra
Cutter
Detect-It-Easy
Qiling
Vivisect
objdump