Migrate from Kali to REMnux base image
- Created new Dockerfile.remnux based on remnux/remnux-distro:latest - Added comprehensive tool testing suite (test-tools.sh, test-containers.sh) - Tool comparison analysis shows we get all original tools plus additional ones from REMnux: * Additional PDF tools: qpdf, pdfresurrect, pdftool, base64dump, tesseract * All original tools preserved: pdfid.py, pdf-parser.py, peepdf, origami, capa, box-js, visidata, unfurl - Updated README.md with new usage instructions - Updated WARP.md documentation - All 21 tools tested and verified working - Migration maintains full functionality while adding REMnux capabilities
This commit is contained in:
Tobias Kessels
@@ -1,31 +1,49 @@
|
||||
# docker_file_analysis
|
||||
|
||||
## REMnux-Based File Analysis Container
|
||||
|
||||
This container is now based on the REMnux malware analysis toolkit, providing a comprehensive set of tools for file analysis, especially PDFs and malware samples.
|
||||
|
||||
## Usage
|
||||
```
|
||||
```bash
|
||||
# REMnux-based version
|
||||
docker build -f Dockerfile.remnux -t tabledevil/file-analysis:remnux .
|
||||
docker run -it --rm -v "$(pwd):/data" tabledevil/file-analysis:remnux
|
||||
|
||||
# Original Kali-based version (legacy)
|
||||
docker run -it --rm -v "$(pwd):/data" tabledevil/file-analysis
|
||||
```
|
||||
|
||||
## Included Tools
|
||||
* mraptor
|
||||
* peepdf
|
||||
* imagemagick
|
||||
* pdftk
|
||||
* docx2txt
|
||||
* catdoc
|
||||
* mpack
|
||||
* exiftool
|
||||
* origami - pdf analysis
|
||||
* pdfcop
|
||||
* pdfextract
|
||||
* pdfmetadata
|
||||
* pdfexplode
|
||||
* vipermonkey (vmonkey)
|
||||
* didierstevens-suit
|
||||
* pdf-parser.py
|
||||
* pdfid.py
|
||||
## Included Tools (REMnux Base + Additional)
|
||||
|
||||
### PDF Analysis Suite (from REMnux)
|
||||
* **peepdf** - PDF analysis framework with JavaScript detection
|
||||
* **pdf-parser.py** - Extract and analyze PDF elements (Didier Stevens)
|
||||
* **pdfid.py** - Quick PDF structure overview (Didier Stevens)
|
||||
* **origami** - Ruby gem suite (pdfcop, pdfextract, pdfmetadata)
|
||||
* **pdftk-java** - PDF manipulation and flattening
|
||||
* **qpdf** - PDF manipulation (merge, convert, transform)
|
||||
* **pdfresurrect** - Extract previous versions from PDFs
|
||||
* **pdftool** - Analyze PDF incremental updates
|
||||
|
||||
### Malware Analysis (Additional)
|
||||
* **capa** - Malware capability detection (Mandiant)
|
||||
* **box-js** - JavaScript sandbox analysis
|
||||
* **oletools** - Office document analysis suite
|
||||
* oledump.py
|
||||
* rtfdump.py
|
||||
* emldump.py
|
||||
* jpegdump.py
|
||||
* zipdump.py
|
||||
* and many more in /opt/didierstevensuite/
|
||||
* and more
|
||||
|
||||
### Data Analysis & Utilities (Additional)
|
||||
* **visidata** - Data exploration and analysis
|
||||
* **unfurl** - URL and data analysis (DFIR)
|
||||
* **base64dump** - Base64 decoder (Didier Stevens)
|
||||
* **tesseract** - OCR text extraction
|
||||
* **exiftool** - Metadata extraction
|
||||
|
||||
### System Tools
|
||||
* **mc** - Midnight Commander file manager
|
||||
* **p7zip-full** - Archive utilities
|
||||
* All standard REMnux tools and utilities
|
||||
|
||||
Reference in New Issue
Block a user