# docker_file_analysis

## REMnux-Based File Analysis Container

This container is now based on the REMnux malware analysis toolkit, providing a comprehensive set of tools for file analysis, especially PDFs and malware samples.

## Usage
```bash
# REMnux-based version
docker build -f Dockerfile.remnux -t tabledevil/file-analysis:remnux .
docker run -it --rm -v "$(pwd):/data" tabledevil/file-analysis:remnux

# Original Kali-based version (legacy)
docker run -it --rm -v "$(pwd):/data" tabledevil/file-analysis
```

## Included Tools (REMnux Base + Additional)

### PDF Analysis Suite (from REMnux)
* **peepdf** - PDF analysis framework with JavaScript detection
* **pdf-parser.py** - Extract and analyze PDF elements (Didier Stevens)
* **pdfid.py** - Quick PDF structure overview (Didier Stevens)
* **origami** - Ruby gem suite (pdfcop, pdfextract, pdfmetadata)
* **pdftk-java** - PDF manipulation and flattening
* **qpdf** - PDF manipulation (merge, convert, transform)
* **pdfresurrect** - Extract previous versions from PDFs
* **pdftool** - Analyze PDF incremental updates

### Malware Analysis (Additional)
* **capa** - Malware capability detection (Mandiant)
* **box-js** - JavaScript sandbox analysis
* **oletools** - Office document analysis suite
  * oledump.py
  * rtfdump.py
  * emldump.py
  * and more

### Data Analysis & Utilities (Additional)
* **visidata** - Data exploration and analysis
* **unfurl** - URL and data analysis (DFIR)
* **base64dump** - Base64 decoder (Didier Stevens)
* **tesseract** - OCR text extraction
* **exiftool** - Metadata extraction

### System Tools
* **mc** - Midnight Commander file manager
* **p7zip-full** - Archive utilities
* All standard REMnux tools and utilities