irt/docker_file_analysis
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add FOR610 tool/workflow knowledge base and data pipeline

Browse Source 
Build comprehensive malware analysis knowledge base from 3 sources:
- SANS FOR610 course: 120 tools, 47 labs, 15 workflows, 27 recipes
- REMnux salt-states: 340 packages parsed from GitHub
- REMnux docs: 280+ tools scraped from docs.remnux.org

Master inventory merges all sources into 447 tools with help tiers
(rich/standard/basic). Pipeline generates: tools.db (397 entries),
397 cheatsheets with multi-tool recipes, 15 workflow guides, 224
TLDR pages, and coverage reports.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
tobias
2026-03-28 17:38:15 +01:00
parent 06ebb09ab0
commit f3ccc09c3d
663 changed files with 36339 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
data/generated/coverage-report.md
+433
View File
@@ -0,0 +1,433 @@
# Tool Coverage Report
## Summary
| Metric | Count |
|--------|-------|
| Total tools in master inventory | 447 |
| Tools in REMnux container | 397 |
| Rich help (FOR610 coverage) | 156 |
| Standard help (REMnux docs) | 118 |
| Basic help (salt-states only) | 173 |
| Stub (no documentation) | 0 |
## Source Overlap
| Combination | Count |
|-------------|-------|
| for610 only | 58 |
| remnux docs only | 51 |
| salt states only | 173 |
| all three | 65 |
| for610 and docs | 92 |
| for610 and salt | 71 |
| docs and salt | 132 |
| no coverage | 0 |
## Priority: REMnux Tools Needing Help
These 173 tools are installed in the container but have minimal or no documentation:
- `7zip` [basic]
- `aeskeyfind` [basic]
- `android-project-creator` [basic]
- `apt-utils` [basic]
- `archive-zip` [basic]
- `autoconf` [basic]
- `autologin` [basic]
- `automake` [basic]
- `bash-history` [basic]
- `bash-rc` [basic]
- `bearparser` [basic]
- `binee` [basic]
- `binutils` [basic]
- `build-essential` [basic]
- `bundler` [basic]
- `burpsuite-community` [basic]
- `cffi` [basic]
- `clamav-daemon` [basic]
- `compatibility` [basic]
- `default-jdk` [basic]
- `default-jre` [basic]
- `dialog` [basic]
- `didier-stevens-scripts` [basic]
- `display` [basic]
- `distro-info` [basic]
- `dllcharacteristics` [basic]
- `dog` [basic]
- `dot-cache` [basic]
- `dot-config` [basic]
- `dot-cpan` [basic]
- `dot-dbus` [basic]
- `dot-local` [basic]
- `dotnet-runtime-3-1` [basic]
- `edb-debugger` [basic]
- `enchant` [basic]
- `epic5` [basic]
- `exfat-utils` [basic]
- `flare-floss` [basic]
- `flex` [basic]
- `galculator` [basic]
- `gdb` [basic]
- `gdm3` [basic]
- `gift` [basic]
- `git` [basic]
- `gnome-session` [basic]
- `gnome-shell-extensions` [basic]
- `gnome-terminal` [basic]
- `gnome-tweaks` [basic]
- `gnutls-bin` [basic]
- `graphviz` [basic]
- `grub-kvm` [basic]
- `guest-tools` [basic]
- `i386-architecture` [basic]
- `iproute2` [basic]
- `iputils-ping` [basic]
- `ipython3` [basic]
- `lame` [basic]
- `libboost-dev` [basic]
- `libboost-python-dev` [basic]
- `libboost-system-dev` [basic]
- `libdpkg-perl` [basic]
- `libemail-outlook-message-perl` [basic]
- `libffi-dev` [basic]
- `libfuse2` [basic]
- `libfuzzy-dev` [basic]
- `libfuzzy2` [basic]
- `libglib2` [basic]
- `libglu1-mesa-dev` [basic]
- `libgraphviz-dev` [basic]
- `libgtk-3-0` [basic]
- `libjavassist-java` [basic]
- `libjpeg-dev` [basic]
- `libjpeg8-dev` [basic]
- `liblzma-dev` [basic]
- `liblzo2-dev` [basic]
- `libmagic-dev` [basic]
- `libmysqlclient21` [basic]
- `libncurses` [basic]
- `libnetfilter-queue-dev` [basic]
- `libnfnetlink-dev` [basic]
- `libpq5` [basic]
- `libqt5scripttools5` [basic]
- `libre2` [basic]
- `libsm6` [basic]
- `libsqlite3-dev` [basic]
- `libssl-dev` [basic]
- `libtool` [basic]
- `libtre5` [basic]
- `libusb-1` [basic]
- `libxml2-dev` [basic]
- `libxslt1-dev` [basic]
- `linux-headers` [basic]
- `ltrace` [basic]
- `malcat` [basic]
- `manalyze` [basic]
- `mercurial` [basic]
- `microsoft` [basic]
- `microsoft-vscode` [basic]
- `mono` [basic]
- `mono-devel` [basic]
- `mono-utils` [basic]
- `mynic` [basic]
- `nano` [basic]
- `ndg-httpsclient` [basic]
- `net-tools` [basic]
- `nodejs` [basic]
- `openjdk` [basic]
- `openssl` [basic]
- `osarch` [basic]
- `pe-tree` [basic]
- `pedump` [basic]
- `perl` [basic]
- `pev` [basic]
- `pgadmin` [basic]
- `pip` [basic]
- `pkg-config` [basic]
- `portex` [basic]
- `prefer-ipv4` [basic]
- `procyon-decompiler` [basic]
- `protobuf` [basic]
- `pycdc` [basic]
- `pyelftools` [basic]
- `python-debian` [basic]
- `python3` [basic]
- `python3-cryptography` [basic]
- `python3-dev` [basic]
- `python3-dnspython` [basic]
- `python3-magic` [basic]
- `python3-netifaces` [basic]
- `python3-numpy` [basic]
- `python3-pil` [basic]
- `python3-pip` [basic]
- `python3-pyasn1` [basic]
- `python3-pyqt5` [basic]
- `python3-requests` [basic]
- `python3-setuptools` [basic]
- `python3-ssdeep` [basic]
- `python3-tk` [basic]
- `python3-venv` [basic]
- `python3-virtualenv` [basic]
- `python3-wheel` [basic]
- `qtbase5-dev` [basic]
- `refresh` [basic]
- `remnux` [basic]
- `remove-app-icons` [basic]
- `rhino` [basic]
- `rsakeyfind` [basic]
- `ruby` [basic]
- `ruby-dev` [basic]
- `salt-minion` [basic]
- `sharutils` [basic]
- `sift` [basic]
- `sleuthkit` [basic]
- `snap` [basic]
- `snapd` [basic]
- `software-properties-common` [basic]
- `ssh` [basic]
- `strace` [basic]
- `subversion` [basic]
- `sudo` [basic]
- `sudoers` [basic]
- `tzdata` [basic]
- `ubuntu` [basic]
- `ubuntu-universe` [basic]
- `user` [basic]
- `vim` [basic]
- `vscode` [basic]
- `wireshark-dev` [basic]
- `xdg-utils` [basic]
- `xmlstarlet` [basic]
- `xterm` [basic]
- `zbar-tools` [basic]
- `zlib1g-dev` [basic]
## Rich Help Tools (106 tools with FOR610 coverage)
- `1768.py` (Labs: 3.4)
- `Bytehist`
- `ClamAV`
- `Cutter`
- `CyberChef` (Labs: 1.5, 3.8, 3.12)
- `FLOSS` (Labs: 5.2, 5.3)
- `Frida`
- `Ghidra` (Labs: 2.1, 2.2, 2.3, 2.4, 2.5, 2.6, 2.7, 2.8, 4.9, 5.2, 5.4, 5.5, 5.6, 5.7, 5.9)
- `ILSpy` (Labs: 3.12, 4.8)
- `INetSim` (Labs: 1.7)
- `Malchive`
- `ProcDOT` (Labs: 1.2, 4.5)
- `SpiderMonkey` (Labs: 3.6, 3.7, 4.5)
- `Thug`
- `UPX` (Labs: 4.2)
- `Unfurl`
- `Visual Studio Code` (Labs: 1.3, 1.4, 1.5, 3.3, 3.6, 3.7, 4.5, 4.8, 5.2, 5.3)
- `Vivisect`
- `Wine` (Labs: 3.5)
- `Wireshark` (Labs: 1.2, 1.3, 1.6, 1.7, 1.8, 5.1)
- `XLMMacroDeobfuscator`
- `XORSearch` (Labs: 3.5, 5.2)
- `androguard`
- `apktool`
- `base64dump.py` (Labs: 3.4, 4.5)
- `bbcrack` (Labs: 5.2)
- `binwalk`
- `box-js`
- `brxor.py` (Labs: 5.2)
- `capa` (Labs: 1.4, 5.4)
- `cfr`
- `cs-analyze-processdump.py`
- `cs-decrypt-metadata.py`
- `cs-extract-key.py`
- `cs-parse-traffic.py`
- `curl`
- `dc3-mwcp`
- `de4dot` (Labs: 4.8)
- `diec` (Labs: 4.1)
- `emldump.py`
- `evilclippy`
- `exiftool`
- `fakedns` (Labs: 1.3, 1.6, 1.7, 1.8)
- `fakenet-ng`
- `feh` (Labs: 3.1)
- `file` (Labs: 3.4, 3.5)
- `gunzip` (Labs: 3.4)
- `hexdump`
- `httpd` (Labs: 1.3, 1.6, 1.8)
- `ilspycmd` (Labs: 4.8)
- `ioc-parser`
- `iptables` (Labs: 1.8)
- `jadx`
- `jd-gui`
- `jq` (Labs: 1.4)
- `js-beautify` (Labs: 3.6, 4.5)
- `mail-parser`
- `malwoverview`
- `mitmproxy`
- `msg-extractor`
- `msoffcrypto-tool`
- `nc`
- `networkminer`
- `ngrep`
- `nslookup` (Labs: 1.3)
- `numbers-to-string.py` (Labs: 3.3)
- `oledump.py` (Labs: 3.3, 3.4, 4.5)
- `olevba`
- `pcode2code`
- `pdf-parser.py` (Labs: 3.1)
- `pdfid.py` (Labs: 3.1)
- `pdfresurrect`
- `pdftk`
- `pdftool.py`
- `peepdf`
- `peframe` (Labs: 1.1, 4.8)
- `pestr` (Labs: 1.1, 4.8)
- `polarproxy`
- `pyinstxtractor-ng`
- `qiling`
- `qpdf`
- `radare2`
- `rar` (Labs: 3.5)
- `rtfdump.py` (Labs: 3.5)
- `runsc32` (Labs: 3.5, 4.6)
- `scdbgc` (Labs: 3.4, 3.5, 4.6)
- `shcode2exe`
- `speakeasy` (Labs: 1.4)
- `ssdeep`
- `strdeob.pl` (Labs: 5.2)
- `strings` (Labs: 3.4, 5.2)
- `tcpdump`
- `tcpflow`
- `tcpxtract`
- `torsocks`
- `translate.py` (Labs: 3.4)
- `trid` (Labs: 3.3, 3.4)
- `tshark`
- `uncompyle6`
- `unzip` (Labs: 1.1, 3.1, 3.3, 3.4, 3.5, 3.6, 3.7, 4.1, 4.8, 5.2, 5.3, 5.4)
- `volatility3`
- `wget`
- `xortool`
- `xxd`
- `yara` (Labs: 3.4)
- `zipdump.py`
## Standard Help Tools (118 tools with REMnux docs only)
- `7-Zip` — Examine Static Properties > General
- `AESKeyFinder` — Perform Memory Forensics
- `AndroidProjectCreator` — Statically Analyze Code > Android
- `Burp Suite Community Edition` — Explore Network Interactions > Monitoring
- `Cobalt Strike Configuration Extractor (CSCE) and Parser` — Examine Static Properties > Deobfuscation
- `Decompyle++` — Statically Analyze Code > Python
- `EPIC IRC Client` — Explore Network Interactions > Connecting
- `GNOME Calculator` — General Utilities
- `GNU Wget` — Explore Network Interactions > Connecting
- `GhidrAssistMCP` — Use Artificial Intelligence
- `Hachoir` — Examine Static Properties > General
- `Hash ID` — Examine Static Properties > General
- `JD-GUI Java Decompiler` — Statically Analyze Code > Java
- `Javassist` — Statically Analyze Code > Java
- `Malcat Lite` — Examine Static Properties > General
- `Network Miner Free Edition` — Explore Network Interactions > Monitoring
- `Procyon` — Statically Analyze Code > Java
- `REMnux Installer` — General Utilities
- `RSAKeyFinder` — Perform Memory Forensics
- `SQLite` — General Utilities
- `Sleuth Kit` — Examine Static Properties > General
- `YARA-Forge Rules` — Examine Static Properties > General
- `anomy` — Explore Network Interactions > Connecting
- `apkid` — Statically Analyze Code > Android
- `autoit-ripper` — Statically Analyze Code > Scripts
- `baksmali` — Statically Analyze Code > Android
- `balbuzard` — Examine Static Properties > Deobfuscation
- `binee (Binary Emulation Environment)` — Statically Analyze Code > PE Files
- `bulk-extractor` — Examine Static Properties > General
- `cabextract` — General Utilities
- `cast` — General Utilities
- `chepy` — Examine Static Properties > Deobfuscation
- `cut-bytes.py` — Examine Static Properties > Deobfuscation
- `decode-vbe.py` — Statically Analyze Code > Scripts
- `dex2jar` — Statically Analyze Code > Android
- `dexray` — Gather and Analyze Data
- `disitool` — Examine Static Properties > General
- `dissect` — Gather and Analyze Data
- `dnfile` — Examine Static Properties > .NET
- `dnslib` — Gather and Analyze Data
- `dnsresolver.py` — Explore Network Interactions > Services
- `docker` — General Utilities
- `dos2unix` — View or Edit Files
- `dotnetfile` — Examine Static Properties > .NET
- `droidlysis` — Examine Static Properties > General
- `evince` — View or Edit Files
- `ex-pe-xor` — Examine Static Properties > Deobfuscation
- `fakemail` — Explore Network Interactions > Services
- `file-magic.py` — Examine Static Properties > General
- `firefox` — General Utilities
- `format-bytes.py` — Examine Static Properties > Deobfuscation
- `goresym` — Examine Static Properties > Go
- `hex-to-bin.py` — Examine Static Properties > Deobfuscation
- `ibus` — General Utilities
- `imagemagick` — View or Edit Files
- `inspircd` — Explore Network Interactions > Services
- `ipwhois` — Gather and Analyze Data
- `java-idx-parser` — Statically Analyze Code > Java
- `jstillery` — Dynamically Reverse-Engineer Code > Scripts
- `libemu` — Dynamically Reverse-Engineer Code > Shellcode
- `libolecf` — Analyze Documents > Microsoft Office
- `lief` — Examine Static Properties > General
- `magika` — Examine Static Properties > General
- `mbcscan` — Statically Analyze Code > PE Files
- `monodis` — Examine Static Properties > .NET
- `msgconvert` — Analyze Documents > Email Messages
- `msitools` — Examine Static Properties > General
- `msoffcrypto-crack.py` — Analyze Documents > Microsoft Office
- `msoffice-crypt` — Analyze Documents > Microsoft Office
- `myip` — General Utilities
- `myjson-filter.py` — General Utilities
- `name-that-hash` — Examine Static Properties > General
- `nasm` — General Utilities
- `nautilus` — General Utilities
- `nginx` — Explore Network Interactions > Services
- `nomorexor` — Examine Static Properties > Deobfuscation
- `nsrllookup` — Gather and Analyze Data
- `objdump` — Statically Analyze Code > General
- `objects.js` — Dynamically Reverse-Engineer Code > Scripts
- `olefile` — Analyze Documents > Microsoft Office
- `onedump.py` — Analyze Documents > Microsoft Office
- `opencode` — Use Artificial Intelligence
- `openssh` — General Utilities
- `origamindee` — Analyze Documents > PDF
- `pcodedmp` — Analyze Documents > Microsoft Office
- `pdnstool` — Gather and Analyze Data
- `powershell` — Dynamically Reverse-Engineer Code > Scripts
- `pyinstaller-extractor` — Statically Analyze Code > Python
- `re-search.py` — Examine Static Properties > General
- `redress` — Examine Static Properties > Go
- `remnux-mcp-server` — Use Artificial Intelligence
- `sandfly-processdecloak` — Investigate System Interactions
- `scalpel` — Gather and Analyze Data
- `scite` — View or Edit Files
- `sets.py` — Examine Static Properties > Deobfuscation
- `shellcode2exe-bat` — Dynamically Reverse-Engineer Code > Shellcode
- `signsrch` — Examine Static Properties > General
- `sortcanon.py` — General Utilities
- `ssview` — Analyze Documents > Microsoft Office
- `tcpick` — Explore Network Interactions > Monitoring
- `tesseract-ocr` — Analyze Documents > General
- `texteditor.py` — General Utilities
- `thefuzz` — Examine Static Properties > General
- `time-decode` — Gather and Analyze Data
- `tor` — Explore Network Interactions > Connecting
- `unhide` — Investigate System Interactions
- `unicode` — Examine Static Properties > Deobfuscation
- `unxor` — Examine Static Properties > Deobfuscation
- `vbindiff` — View or Edit Files
- `virustotal-search` — Gather and Analyze Data
- `virustotal-submit` — Gather and Analyze Data
- `wxhexeditor` — Examine Static Properties > General
- `xmldump.py` — Analyze Documents > Microsoft Office
- `xor-kpa.py` — Examine Static Properties > Deobfuscation
- `xorbruteforcer` — Examine Static Properties > Deobfuscation
- `xorstrings` — Examine Static Properties > Deobfuscation
- `yara-x` — Gather and Analyze Data
- `zbarimg` — Explore Network Interactions > Connecting