metadata: source: https://docs.remnux.org/discover-the-tools categories_scraped: 31 total_tools_extracted: 217 category_counts: Examine Static Properties > General: 28 Examine Static Properties > .NET: 3 Examine Static Properties > Go: 2 Examine Static Properties > Deobfuscation: 31 Statically Analyze Code > General: 6 Statically Analyze Code > Unpacking: 5 Statically Analyze Code > PE Files: 5 Statically Analyze Code > Python: 4 Statically Analyze Code > Scripts: 3 Statically Analyze Code > Java: 5 Statically Analyze Code > .NET: 2 Statically Analyze Code > Android: 8 Dynamically Reverse-Engineer Code > General: 4 Dynamically Reverse-Engineer Code > Shellcode: 8 Dynamically Reverse-Engineer Code > Scripts: 8 Perform Memory Forensics: 4 Explore Network Interactions > Monitoring: 12 Explore Network Interactions > Connecting: 9 Explore Network Interactions > Services: 9 Investigate System Interactions: 3 Analyze Documents > General: 2 Analyze Documents > PDF: 8 Analyze Documents > Microsoft Office: 17 Analyze Documents > Email Messages: 4 Use Artificial Intelligence: 4 Gather and Analyze Data: 14 View or Edit Files: 8 General Utilities: 22 tools: - name: 1768.py id: 1768-py category: Examine Static Properties > Deobfuscation category_path: examine+static+properties/deobfuscation description: Analyze Cobalt Strike beacons. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation anchor: id-1768.py website: https://blog.didierstevens.com/2021/05/22/update-1768-py-version-0-0-6/ - name: 7-Zip id: 7-zip category: Examine Static Properties > General category_path: examine+static+properties/general description: Compress and decompress files using a variety of algorithms. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general anchor: id-7-zip website: https://www.7-zip.org additional_categories: - General Utilities - name: accept-all-ips id: accept-all-ips category: Explore Network Interactions > Services category_path: explore+network+interactions/services description: Accept connections to all IPv4 and IPv6 addresses and redirect it to the corresponding local port. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/services anchor: accept-all-ips website: https://github.com/REMnux/distro/blob/master/files/accept-all-ips - name: AESKeyFinder id: aeskeyfinder category: Perform Memory Forensics category_path: perform+memory+forensics description: Find 128-bit and 256-bit AES keys in a memory image. docs_url: https://docs.remnux.org/discover-the-tools/perform+memory+forensics anchor: aeskeyfinder website: https://citp.princeton.edu/our-work/memory/ - name: androguard id: androguard category: Statically Analyze Code > Android category_path: statically+analyze+code/android description: Examine Android files. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/android anchor: androguard website: https://github.com/androguard/androguard - name: AndroidProjectCreator id: androidprojectcreator category: Statically Analyze Code > Android category_path: statically+analyze+code/android description: Convert an Android APK application file into an Android Studio project for easier analysis. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/android anchor: androidprojectcreator website: https://maxkersten.nl/projects/androidprojectcreator - name: Anomy id: anomy category: Explore Network Interactions > Connecting category_path: explore+network+interactions/connecting description: A wrapper around wget, ssh, sftp, ftp, and telnet to route these connections through Tor to anonymize your traffic. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/connecting anchor: anomy website: https://github.com/izm1chael/Anomy - name: APKiD id: apkid category: Statically Analyze Code > Android category_path: statically+analyze+code/android description: Identify compilers, packers, and obfuscators used to protect Android APK and DEX files. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/android anchor: apkid website: https://github.com/rednaga/APKiD - name: apktool id: apktool category: Statically Analyze Code > Android category_path: statically+analyze+code/android description: Reverse-engineer Android APK files. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/android anchor: apktool website: https://ibotpeaches.github.io/Apktool/ - name: AutoIt-Ripper id: autoit-ripper category: Statically Analyze Code > Scripts category_path: statically+analyze+code/scripts description: Extract AutoIt scripts embedded in PE binaries. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/scripts anchor: autoit-ripper website: https://github.com/nazywam/AutoIt-Ripper - name: baksmali id: baksmali category: Statically Analyze Code > Android category_path: statically+analyze+code/android description: Disassembler for the dex format used by Dalvik, Android's Java VM implementation. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/android anchor: baksmali website: https://bitbucket.org/JesusFreke/smali - name: Balbuzard id: balbuzard category: Examine Static Properties > Deobfuscation category_path: examine+static+properties/deobfuscation description: Extract and deobfuscate patterns from suspicious files. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation anchor: balbuzard website: https://github.com/digitalsleuth/balbuzard - name: base64dump.py id: base64dump-py category: Examine Static Properties > Deobfuscation category_path: examine+static+properties/deobfuscation description: Locate and decode strings encoded in Base64 and other common encodings. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation anchor: base64dump.py website: https://blog.didierstevens.com/2020/07/03/update-base64dump-py-version-0-0-12/ additional_categories: - Analyze Documents > General - name: binee (Binary Emulation Environment) id: binee-binary-emulation-environment category: Statically Analyze Code > PE Files category_path: statically+analyze+code/pe-files description: Analyze I/O operations of a suspicious PE file by emulating its execution. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/pe-files anchor: binee-binary-emulation-environment website: https://github.com/carbonblack/binee - name: binwalk id: binwalk category: Examine Static Properties > General category_path: examine+static+properties/general description: Extract and analyze firmware images. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general anchor: binwalk website: https://github.com/ReFirmLabs/binwalk additional_categories: - Statically Analyze Code > Unpacking - name: box-js id: box-js category: Dynamically Reverse-Engineer Code > Scripts category_path: dynamically+reverse-engineer+code/scripts description: Analyze suspicious JavaScript scripts. docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/scripts anchor: box-js website: https://github.com/CapacitorSet/box-js - name: brxor.py id: brxor-py category: Examine Static Properties > Deobfuscation category_path: examine+static+properties/deobfuscation description: Bruteforce XOR'ed strings to find those that are English words. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation anchor: brxor.py website: https://github.com/REMnux/distro/blob/master/files/brxor.py - name: bulk_extractor id: bulk-extractor category: Examine Static Properties > General category_path: examine+static+properties/general description: Extract interesting strings from binary files. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general anchor: bulk_extractor website: https://github.com/simsong/bulk_extractor/ additional_categories: - Perform Memory Forensics - name: Burp Suite Community Edition id: burp-suite-community-edition category: Explore Network Interactions > Monitoring category_path: explore+network+interactions/monitoring description: Investigate website interactions using this web proxy. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring anchor: burp-suite-community-edition website: https://portswigger.net - name: Bytehist id: bytehist category: Statically Analyze Code > Unpacking category_path: statically+analyze+code/unpacking description: Generate byte-usage-histograms for all types of files with a focus on PE files. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/unpacking anchor: bytehist website: https://www.cert.at/downloads/software/bytehist_en.html - name: cabextract id: cabextract category: General Utilities category_path: general+utilities description: Extract Microsoft cabinet (cab) files. docs_url: https://docs.remnux.org/discover-the-tools/general+utilities anchor: cabextract website: https://www.cabextract.org.uk - name: capa id: capa category: Statically Analyze Code > PE Files category_path: statically+analyze+code/pe-files description: Detect suspicious capabilities in PE files. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/pe-files anchor: capa website: https://github.com/mandiant/capa - name: Cast id: cast category: General Utilities category_path: general+utilities description: Install and manage SaltStack-based Linux distributions. docs_url: https://docs.remnux.org/discover-the-tools/general+utilities anchor: cast website: https://github.com/ekristen/cast - name: cfr id: cfr category: Statically Analyze Code > Java category_path: statically+analyze+code/java description: Java decompiler. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/java anchor: cfr website: https://www.benf.org/other/cfr/ - name: Chepy id: chepy category: Examine Static Properties > Deobfuscation category_path: examine+static+properties/deobfuscation description: Decode and otherwise analyze data using this command-line tool and Python library. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation anchor: chepy website: https://github.com/securisec/chepy - name: ClamAV id: clamav category: Examine Static Properties > General category_path: examine+static+properties/general description: Scan files for malware signatures. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general anchor: clamav website: https://www.clamav.net additional_categories: - Statically Analyze Code > Unpacking - name: Cobalt Strike Configuration Extractor (CSCE) and Parser id: cobalt-strike-configuration-extractor-csce-and-parser category: Examine Static Properties > Deobfuscation category_path: examine+static+properties/deobfuscation description: Analyze Cobalt Strike beacons. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation anchor: csce website: https://github.com/strozfriedberg/cobaltstrike-config-extractor - name: cs-analyze-processdump.py id: cs-analyze-processdump-py category: Examine Static Properties > Deobfuscation category_path: examine+static+properties/deobfuscation description: Analyze Cobalt Strike beacon process dumps to detect sleep mask encoding. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation anchor: cs-analyze-processdump.py website: https://blog.didierstevens.com/2021/11/25/new-tool-cs-analyze-processdump-py/ - name: cs-decrypt-metadata.py id: cs-decrypt-metadata-py category: Examine Static Properties > Deobfuscation category_path: examine+static+properties/deobfuscation description: Decrypt Cobalt Strike metadata. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation anchor: cs-decrypt-metadata.py website: https://blog.didierstevens.com/2021/11/12/update-cs-decrypt-metadata-py-version-0-0-2/ - name: cs-extract-key.py id: cs-extract-key-py category: Examine Static Properties > Deobfuscation category_path: examine+static+properties/deobfuscation description: Extract AES and HMAC keys from Cobalt Strike beacon process memory. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation anchor: cs-extract-key.py website: https://blog.didierstevens.com/2021/11/03/new-tool-cs-extract-key-py/ - name: cs-parse-traffic.py id: cs-parse-traffic-py category: Explore Network Interactions > Monitoring category_path: explore+network+interactions/monitoring description: Decrypt and parse Cobalt Strike beacon network traffic. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring anchor: cs-parse-traffic.py website: https://blog.didierstevens.com/2021/11/29/new-tool-cs-parse-traffic-py/ - name: cURL id: curl category: Explore Network Interactions > Connecting category_path: explore+network+interactions/connecting description: Interact with servers via supported protocols, including HTTP, HTTPS, FTP, IMAP, etc. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/connecting anchor: curl website: https://curl.se additional_categories: - General Utilities - name: cut-bytes.py id: cut-bytes-py category: Examine Static Properties > Deobfuscation category_path: examine+static+properties/deobfuscation description: Cut out a part of a data stream. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation anchor: cut-bytes.py website: https://blog.didierstevens.com/2015/10/14/cut-bytes-py/ - name: Cutter id: cutter category: Statically Analyze Code > General category_path: statically+analyze+code/general description: Reverse engineering platform powered by Rizin. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/general anchor: cutter website: https://cutter.re - name: CyberChef id: cyberchef category: Examine Static Properties > Deobfuscation category_path: examine+static+properties/deobfuscation description: Decode and otherwise analyze data using this browser app. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation anchor: cyberchef website: https://github.com/gchq/CyberChef/ - name: DC3-MWCP id: dc3-mwcp category: Examine Static Properties > Deobfuscation category_path: examine+static+properties/deobfuscation description: Parsing configuration information from malware. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation anchor: dc3-mwcp website: https://github.com/Defense-Cyber-Crime-Center/DC3-mwcp - name: de4dot id: de4dot category: Statically Analyze Code > .NET category_path: statically+analyze+code/.net description: Deobfuscate and unpack. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/.net anchor: de4dot website: https://github.com/0xd4d/de4dot - name: decode-vbe.py id: decode-vbe-py category: Statically Analyze Code > Scripts category_path: statically+analyze+code/scripts description: Decode encoded VBS scripts (VBE). docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/scripts anchor: decode-vbe.py website: https://blog.didierstevens.com/2016/03/29/decoding-vbe/ - name: Decompyle++ id: decompyle category: Statically Analyze Code > Python category_path: statically+analyze+code/python description: Python bytecode disassembler and decompiler. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/python anchor: decompyle website: https://github.com/zrax/pycdc - name: Detect-It-Easy id: detect-it-easy category: Examine Static Properties > General category_path: examine+static+properties/general description: Determine types of files and examine file properties. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general anchor: detect-it-easy website: https://github.com/horsicq/Detect-It-Easy additional_categories: - Statically Analyze Code > General - name: dex2jar id: dex2jar category: Statically Analyze Code > Android category_path: statically+analyze+code/android description: Examine Dalvik Executable (dex) files. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/android anchor: dex2jar website: https://github.com/pxb1988/dex2jar - name: DeXRAY id: dexray category: Gather and Analyze Data category_path: gather+and+analyze+data description: Extract and decode data from antivirus quarantine files. docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data anchor: dexray website: https://www.hexacorn.com/blog/category/software-releases/dexray/ - name: disitool id: disitool category: Examine Static Properties > General category_path: examine+static+properties/general description: Manipulate embedded digital signatures. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general anchor: disitool website: https://blog.didierstevens.com/programs/disitool/ - name: dissect id: dissect category: Gather and Analyze Data category_path: gather+and+analyze+data description: Perform a variety of forensics and incident response tasks using this DFIR framework and toolset. docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data anchor: dissect website: https://github.com/fox-it/dissect - name: dnfile id: dnfile category: Examine Static Properties > .NET category_path: examine+static+properties/.net description: Analyze static properties of. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/.net anchor: dnfile website: https://github.com/malwarefrank/dnfile - name: dnslib id: dnslib category: Gather and Analyze Data category_path: gather+and+analyze+data description: Python library to encode/decode DNS wire-format packets. docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data anchor: dnslib website: https://github.com/paulc/dnslib - name: dnsresolver.py id: dnsresolver-py category: Explore Network Interactions > Services category_path: explore+network+interactions/services description: DNS resolver tool for dynamic analysis with wildcard and tracking support. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/services anchor: dnsresolver.py website: https://blog.didierstevens.com/2021/07/15/new-tool-dnsresolver-py/ - name: Docker id: docker category: General Utilities category_path: general+utilities description: Run and manage containers. docs_url: https://docs.remnux.org/discover-the-tools/general+utilities anchor: docker website: https://www.docker.com - name: dos2unix id: dos2unix category: View or Edit Files category_path: view+or+edit+files description: Convert text files with Windows or macOS line breaks to Unix line breaks and vice versa. docs_url: https://docs.remnux.org/discover-the-tools/view+or+edit+files anchor: dos2unix website: https://waterlan.home.xs4all.nl/dos2unix.html - name: dotnetfile id: dotnetfile category: Examine Static Properties > .NET category_path: examine+static+properties/.net description: Analyze static properties of. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/.net anchor: dotnetfile website: https://github.com/pan-unit42/dotnetfile - name: DroidLysis id: droidlysis category: Examine Static Properties > General category_path: examine+static+properties/general description: Perform static analysis of Android applications. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general anchor: droidlysis website: https://github.com/cryptax/droidlysis additional_categories: - Statically Analyze Code > Android - name: emldump.py id: emldump-py category: Analyze Documents > Email Messages category_path: analyze+documents/email+messages description: Parse and analyze EML files. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/email+messages anchor: emldump.py website: https://blog.didierstevens.com/2020/11/29/update-emldump-py-version-0-0-11/ - name: EPIC IRC Client id: epic-irc-client category: Explore Network Interactions > Connecting category_path: explore+network+interactions/connecting description: Examine IRC activities with this IRC client. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/connecting anchor: epic-irc-client website: https://www.epicsol.org/ - name: EvilClippy id: evilclippy category: Analyze Documents > Microsoft Office category_path: analyze+documents/microsoft+office description: Modify aspects of Microsoft Office documents. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office anchor: evilclippy website: https://github.com/outflanknl/EvilClippy - name: Evince id: evince category: View or Edit Files category_path: view+or+edit+files description: View documents in a variety of formats, including PDF. docs_url: https://docs.remnux.org/discover-the-tools/view+or+edit+files anchor: evince website: https://wiki.gnome.org/Apps/Evince - name: ex_pe_xor.py id: ex-pe-xor-py category: Examine Static Properties > Deobfuscation category_path: examine+static+properties/deobfuscation description: Search an XOR'ed file for indications of executable binaries. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation anchor: ex_pe_xor.py website: https://hooked-on-mnemonics.blogspot.com/2014/04/expexorpy.html - name: ExifTool id: exiftool category: Examine Static Properties > General category_path: examine+static+properties/general description: Tool to read from, write to, and edit EXIF metadata of various file types. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general anchor: exiftool website: https://exiftool.org/ - name: fakedns id: fakedns category: Explore Network Interactions > Services category_path: explore+network+interactions/services description: Respond to DNS queries with the specified IP address. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/services anchor: fakedns website: https://github.com/SocialExploits/fakedns/blob/main/fakedns.py - name: fakemail id: fakemail category: Explore Network Interactions > Services category_path: explore+network+interactions/services description: Intercept and examine SMTP email activity with this fake SMTP server. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/services anchor: fakemail website: https://hg.sr.ht/~olly/fakemail - name: FakeNet-NG id: fakenet-ng category: Explore Network Interactions > Services category_path: explore+network+interactions/services description: Emulate common network services and interact with malware. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/services anchor: fakenet-ng website: https://github.com/mandiant/flare-fakenet-ng - name: feh id: feh category: View or Edit Files category_path: view+or+edit+files description: View images. docs_url: https://docs.remnux.org/discover-the-tools/view+or+edit+files anchor: feh website: https://feh.finalrewind.org - name: file id: file category: Examine Static Properties > General category_path: examine+static+properties/general description: Identify file type using "magic" numbers. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general anchor: file website: https://github.com/file/file - name: file-magic.py id: file-magic-py category: Examine Static Properties > General category_path: examine+static+properties/general description: Identify file types using the Python magic module. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general anchor: file-magic.py website: https://blog.didierstevens.com/2018/07/11/new-tool-file-magic-py/ - name: Firefox id: firefox category: General Utilities category_path: general+utilities description: Web browser. docs_url: https://docs.remnux.org/discover-the-tools/general+utilities anchor: firefox website: https://www.mozilla.org/firefox/ - name: FLOSS id: floss category: Examine Static Properties > Deobfuscation category_path: examine+static+properties/deobfuscation description: Extract and deobfuscate strings from PE executables. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation anchor: floss website: https://github.com/mandiant/flare-floss - name: format-bytes.py id: format-bytes-py category: Examine Static Properties > Deobfuscation category_path: examine+static+properties/deobfuscation description: Decompose structured binary data with format strings. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation anchor: format-bytes.py website: https://blog.didierstevens.com/2020/02/17/update-format-bytes-py-version-0-0-13/ - name: Frida id: frida category: Dynamically Reverse-Engineer Code > General category_path: dynamically+reverse-engineer+code/general description: Trace the execution of a process to analyze its behavior. docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/general anchor: frida website: https://frida.re - name: Ghidra id: ghidra category: Statically Analyze Code > General category_path: statically+analyze+code/general description: Software reverse engineering tool suite. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/general anchor: ghidra website: https://ghidra-sre.org - name: GhidrAssistMCP id: ghidrassistmcp category: Use Artificial Intelligence category_path: use+artificial+intelligence description: MCP server for AI-assisted reverse engineering in Ghidra. docs_url: https://docs.remnux.org/discover-the-tools/use+artificial+intelligence anchor: ghidrassistmcp website: https://github.com/jtang613/GhidrAssistMCP - name: GNOME Calculator id: gnome-calculator category: General Utilities category_path: general+utilities description: Calculator. docs_url: https://docs.remnux.org/discover-the-tools/general+utilities anchor: gnome-calculator website: https://wiki.gnome.org/Apps/Calculator - name: GNU Wget id: gnu-wget category: Explore Network Interactions > Connecting category_path: explore+network+interactions/connecting description: Interact with servers via HTTP, HTTPS, FTP, and FTPS using this command-line tool. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/connecting anchor: gnu-wget website: https://www.gnu.org/software/wget/ - name: GoReSym id: goresym category: Examine Static Properties > Go category_path: examine+static+properties/go description: Extract metadata and symbols from Go binaries, including stripped ones. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/go anchor: goresym website: https://github.com/mandiant/GoReSym - name: Hachoir id: hachoir category: Examine Static Properties > General category_path: examine+static+properties/general description: View, edit, and carve contents of various binary file types. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general anchor: hachoir website: https://github.com/vstinner/hachoir additional_categories: - Analyze Documents > Microsoft Office - name: Hash ID id: hash-id category: Examine Static Properties > General category_path: examine+static+properties/general description: Identify different types of hashes. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general anchor: hash-id website: https://github.com/blackploit/hash-identifier - name: hex-to-bin.py id: hex-to-bin-py category: Examine Static Properties > Deobfuscation category_path: examine+static+properties/deobfuscation description: Convert hexadecimal text dumps to binary data. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation anchor: hex-to-bin.py website: https://blog.didierstevens.com/2020/04/19/update-hex-to-bin-py-version-0-0-5/ - name: IBus id: ibus category: General Utilities category_path: general+utilities description: Adjust input methods for the GUI. docs_url: https://docs.remnux.org/discover-the-tools/general+utilities anchor: ibus website: https://github.com/ibus/ibus - name: ILSpy id: ilspy category: Statically Analyze Code > .NET category_path: statically+analyze+code/.net description: Examine and decompile. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/.net anchor: ilspy website: https://github.com/icsharpcode/ILSpy - name: ImageMagick id: imagemagick category: View or Edit Files category_path: view+or+edit+files description: View and manipulate image and related files. docs_url: https://docs.remnux.org/discover-the-tools/view+or+edit+files anchor: imagemagick website: https://imagemagick.org/ - name: INetSim id: inetsim category: Explore Network Interactions > Services category_path: explore+network+interactions/services description: Emulate common network services and interact with malware. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/services anchor: inetsim website: https://www.inetsim.org/ - name: Info-ZIP id: info-zip category: General Utilities category_path: general+utilities description: Compress and decompress files using the zip algorithm. docs_url: https://docs.remnux.org/discover-the-tools/general+utilities anchor: info-zip website: http://infozip.sourceforge.net - name: inspircd 3 id: inspircd-3 category: Explore Network Interactions > Services category_path: explore+network+interactions/services description: Examine IRC activity with this IRC server. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/services anchor: inspircd-3 website: https://www.inspircd.org/ - name: ioc_parser id: ioc-parser category: Gather and Analyze Data category_path: gather+and+analyze+data description: Extract IOCs from security report PDFs. docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data anchor: ioc_parser website: https://github.com/buffer/ioc_parser - name: ipwhois id: ipwhois category: Gather and Analyze Data category_path: gather+and+analyze+data description: Retrieve and parse whois data for IP addresses. docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data anchor: ipwhois website: https://github.com/secynic/ipwhois - name: JADX id: jadx category: Statically Analyze Code > Android category_path: statically+analyze+code/android description: Generate Java source code from Dalvik Executable (dex) and Android APK files. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/android anchor: jadx website: https://github.com/skylot/jadx - name: Java IDX Parser id: java-idx-parser category: Statically Analyze Code > Java category_path: statically+analyze+code/java description: Analyze Java IDX files. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/java anchor: java-idx-parser website: https://github.com/digitalsleuth/Java_IDX_Parser - name: Javassist id: javassist category: Statically Analyze Code > Java category_path: statically+analyze+code/java description: Java bytecode engineering toolkit/library. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/java anchor: javassist website: https://www.javassist.org/ - name: JD-GUI Java Decompiler id: jd-gui-java-decompiler category: Statically Analyze Code > Java category_path: statically+analyze+code/java description: Java decompiler with GUI. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/java anchor: jd-gui-java-decompiler website: https://java-decompiler.github.io/ - name: JS Beautifier id: js-beautifier category: Statically Analyze Code > Scripts category_path: statically+analyze+code/scripts description: Reformat JavaScript scripts for easier analysis. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/scripts anchor: js-beautifier website: https://beautifier.io/ - name: JStillery id: jstillery category: Dynamically Reverse-Engineer Code > Scripts category_path: dynamically+reverse-engineer+code/scripts description: Deobfuscate JavaScript scripts using AST and Partial Evaluation techniques. docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/scripts anchor: jstillery website: https://github.com/mindedsecurity/jstillery - name: libemu id: libemu category: Dynamically Reverse-Engineer Code > Shellcode category_path: dynamically+reverse-engineer+code/shellcode description: A library for x86 code emulation and shellcode detection. docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/shellcode anchor: libemu website: https://github.com/buffer/libemu - name: libolecf id: libolecf category: Analyze Documents > Microsoft Office category_path: analyze+documents/microsoft+office description: Microsoft Office OLE2 compound documents. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office anchor: libolecf website: https://github.com/libyal/libolecf - name: LIEF id: lief category: Examine Static Properties > General category_path: examine+static+properties/general description: Parse and analyze PE, ELF, MachO, DEX, OAT, VDEX, ART, and DWARF executable formats. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general anchor: lief website: https://lief.re - name: Magika id: magika category: Examine Static Properties > General category_path: examine+static+properties/general description: Identify file type using signatures. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general anchor: magika website: https://google.github.io/magika - name: mail-parser id: mail-parser category: Analyze Documents > Email Messages category_path: analyze+documents/email+messages description: Parse raw SMTP and. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/email+messages anchor: mail-parser website: https://github.com/SpamScope/mail-parser - name: Malcat Lite id: malcat-lite category: Examine Static Properties > General category_path: examine+static+properties/general description: Analyze binary files using a hex editor, disassembler, and file dissector. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general anchor: malcat-lite website: https://malcat.fr - name: Malchive id: malchive category: Examine Static Properties > Deobfuscation category_path: examine+static+properties/deobfuscation description: Perform static analysis of various aspects of malicious code. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation anchor: malchive website: https://github.com/MITRECND/malchive additional_categories: - Statically Analyze Code > PE Files - name: malwoverview id: malwoverview category: Gather and Analyze Data category_path: gather+and+analyze+data description: Query public repositories of malware data (e. docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data anchor: malwoverview website: https://github.com/alexandreborges/malwoverview - name: mbcscan id: mbcscan category: Statically Analyze Code > PE Files category_path: statically+analyze+code/pe-files description: Scan a PE file to list the associated Malware Behavior Catalog (MBC) details. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/pe-files anchor: mbcscan website: https://github.com/accidentalrebel/mbcscan - name: mitmproxy id: mitmproxy category: Explore Network Interactions > Monitoring category_path: explore+network+interactions/monitoring description: Investigate website interactions using this web proxy. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring anchor: mitmproxy website: https://mitmproxy.org - name: monodis id: monodis category: Examine Static Properties > .NET category_path: examine+static+properties/.net description: Disassemble and extract resources from. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/.net anchor: monodis website: https://www.mono-project.com/docs/tools+libraries/tools/monodis/ - name: msg-extractor id: msg-extractor category: Analyze Documents > Email Messages category_path: analyze+documents/email+messages description: Extract emails and attachments from MSG files. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/email+messages anchor: msg-extractor website: https://github.com/TeamMsgExtractor/msg-extractor - name: msgconvert id: msgconvert category: Analyze Documents > Email Messages category_path: analyze+documents/email+messages description: Convert MSG files to MBOX files. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/email+messages anchor: msgconvert website: https://www.matijs.net/software/msgconv/ - name: msitools id: msitools category: Examine Static Properties > General category_path: examine+static+properties/general description: Create, inspect and extract Windows Installer (. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general anchor: msitools website: https://wiki.gnome.org/msitools - name: msoffcrypto-crack.py id: msoffcrypto-crack-py category: Analyze Documents > Microsoft Office category_path: analyze+documents/microsoft+office description: Recover the password of an encrypted Microsoft Office document. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office anchor: msoffcrypto-crack.py website: https://blog.didierstevens.com/2018/12/31/new-tool-msoffcrypto-crack-py/ - name: msoffcrypto-tool id: msoffcrypto-tool category: Analyze Documents > Microsoft Office category_path: analyze+documents/microsoft+office description: Decrypt a Microsoft Office file with password, intermediate key, or private key which generated its escrow key. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office anchor: msoffcrypto-tool website: https://github.com/nolze/msoffcrypto-tool - name: msoffice-crypt id: msoffice-crypt category: Analyze Documents > Microsoft Office category_path: analyze+documents/microsoft+office description: Encrypt and decrypt OOXML Microsoft Office documents. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office anchor: msoffice-crypt website: https://github.com/herumi/msoffice - name: myip id: myip category: General Utilities category_path: general+utilities description: Determine the IP address of the default network interface. docs_url: https://docs.remnux.org/discover-the-tools/general+utilities anchor: myip website: https://github.com/REMnux/distro/blob/master/files/myip - name: myjson-filter.py id: myjson-filter-py category: General Utilities category_path: general+utilities description: Filter data formatted using the JSON format used by Didier Stevens' tools. docs_url: https://docs.remnux.org/discover-the-tools/general+utilities anchor: myjson-filter.py website: https://blog.didierstevens.com/2022/04/09/new-tool-myjson-filter-py/ - name: Name-That-Hash id: name-that-hash category: Examine Static Properties > General category_path: examine+static+properties/general description: Identify dfferent types of hashes. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general anchor: name-that-hash website: https://github.com/HashPals/Name-That-Hash - name: nasm id: nasm category: General Utilities category_path: general+utilities description: An x86-64 assembler. docs_url: https://docs.remnux.org/discover-the-tools/general+utilities anchor: nasm website: https://www.nasm.us - name: Nautilus id: nautilus category: General Utilities category_path: general+utilities description: Graphical file manager. docs_url: https://docs.remnux.org/discover-the-tools/general+utilities anchor: nautilus website: https://gitlab.gnome.org/GNOME/nautilus - name: netcat id: netcat category: Explore Network Interactions > Connecting category_path: explore+network+interactions/connecting description: Read and write data across network connections. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/connecting anchor: netcat website: https://nc110.sourceforge.io/ additional_categories: - Explore Network Interactions > Services - name: Network Miner Free Edition id: network-miner-free-edition category: Explore Network Interactions > Monitoring category_path: explore+network+interactions/monitoring description: Examine network traffic and carve PCAP capture files. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring anchor: network-miner-free-edition website: https://www.netresec.com - name: Nginx id: nginx category: Explore Network Interactions > Services category_path: explore+network+interactions/services description: Web server. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/services anchor: nginx website: https://nginx.org - name: ngrep id: ngrep category: Explore Network Interactions > Monitoring category_path: explore+network+interactions/monitoring description: Look for patterns in network traffic. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring anchor: ngrep website: https://github.com/jpr5/ngrep/ - name: NoMoreXOR.py id: nomorexor-py category: Examine Static Properties > Deobfuscation category_path: examine+static+properties/deobfuscation description: Help guess a file's 256-byte XOR by using frequency analysis. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation anchor: nomorexor.py website: https://github.com/digitalsleuth/NoMoreXOR - name: nsrllookup id: nsrllookup category: Gather and Analyze Data category_path: gather+and+analyze+data description: Look up MD5 file hashes in the NIST National Software Reference Library (NSRL). docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data anchor: nsrllookup website: https://github.com/rjhansen/nsrllookup - name: numbers-to-string.py id: numbers-to-string-py category: Examine Static Properties > General category_path: examine+static+properties/general description: Convert decimal numbers to strings. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general anchor: numbers-to-string website: https://blog.didierstevens.com/2020/12/12/update-numbers-to-string-py-version-0-0-11/ additional_categories: - Examine Static Properties > Deobfuscation - name: objdump id: objdump category: Statically Analyze Code > General category_path: statically+analyze+code/general description: Disassemble binary files. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/general anchor: objdump website: https://en.wikipedia.org/wiki/Objdump - name: objects.js id: objects-js category: Dynamically Reverse-Engineer Code > Scripts category_path: dynamically+reverse-engineer+code/scripts description: Emulate common browser and PDF viewer objects, methods, and properties when deobfuscating JavaScript. docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/scripts anchor: objects.js website: https://github.com/REMnux/salt-states/blob/master/remnux/config/objects/objects.js - name: oledump.py id: oledump-py category: Analyze Documents > Microsoft Office category_path: analyze+documents/microsoft+office description: Analyze OLE2 Structured Storage files. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office anchor: oledump.py website: https://blog.didierstevens.com/programs/oledump-py/ - name: olefile id: olefile category: Analyze Documents > Microsoft Office category_path: analyze+documents/microsoft+office description: Python package to parse, read and write MS OLE2 files. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office anchor: olefile website: https://github.com/decalage2/olefile - name: oletools id: oletools category: Analyze Documents > Microsoft Office category_path: analyze+documents/microsoft+office description: Microsoft Office OLE2 compound documents. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office anchor: oletools website: https://www.decalage.info/python/oletools - name: onedump.py id: onedump-py category: Analyze Documents > Microsoft Office category_path: analyze+documents/microsoft+office description: Extract and analyze embedded files from OneNote documents. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office anchor: onedump.py website: https://blog.didierstevens.com/2023/01/22/new-tool-onedump-py/ - name: OpenCode id: opencode category: Use Artificial Intelligence category_path: use+artificial+intelligence description: Open-source AI coding agent for the terminal. docs_url: https://docs.remnux.org/discover-the-tools/use+artificial+intelligence anchor: opencode website: https://opencode.ai - name: OpenSSH id: openssh category: General Utilities category_path: general+utilities description: Initiate and receive SSH and SFTP connections. docs_url: https://docs.remnux.org/discover-the-tools/general+utilities anchor: openssh website: https://www.openssh.com - name: Origamindee id: origamindee category: Analyze Documents > PDF category_path: analyze+documents/pdf description: Parse, modify, generate PDF files. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/pdf anchor: origamindee website: https://github.com/mindee/origamindee - name: pcode2code id: pcode2code category: Analyze Documents > Microsoft Office category_path: analyze+documents/microsoft+office description: Decompile VBA macro p-code from Microsoft Office documents. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office anchor: pcode2code website: https://github.com/Big5-sec/pcode2code - name: pcodedmp id: pcodedmp category: Analyze Documents > Microsoft Office category_path: analyze+documents/microsoft+office description: Disassemble VBA p-code. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office anchor: pcodedmp website: https://github.com/bontchev/pcodedmp - name: pdf-parser.py id: pdf-parser-py category: Analyze Documents > PDF category_path: analyze+documents/pdf description: Examine elements of the PDF file. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/pdf anchor: pdf-parser.py website: https://blog.didierstevens.com/programs/pdf-tools/ - name: pdfid.py id: pdfid-py category: Analyze Documents > PDF category_path: analyze+documents/pdf description: Identify suspicious elements of the PDF file. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/pdf anchor: pdfid.py website: https://blog.didierstevens.com/programs/pdf-tools/ - name: pdfresurrect id: pdfresurrect category: Analyze Documents > PDF category_path: analyze+documents/pdf description: Extract previous versions of content from PDF files. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/pdf anchor: pdfresurrect website: https://github.com/enferex/pdfresurrect - name: pdftk-java id: pdftk-java category: Analyze Documents > PDF category_path: analyze+documents/pdf description: Edit, create, and examine PDF files. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/pdf anchor: pdftk-java website: https://gitlab.com/pdftk-java/pdftk - name: pdftool.py id: pdftool-py category: Analyze Documents > PDF category_path: analyze+documents/pdf description: Analyze PDF files to identify incremental updates to the document. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/pdf anchor: pdftool.py website: https://blog.didierstevens.com/2021/01/31/new-tool-pdftool-py/ - name: pdnstool id: pdnstool category: Gather and Analyze Data category_path: gather+and+analyze+data description: Query passive DNS databases for DNS data. docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data anchor: pdnstool website: https://github.com/chrislee35/passivedns-client - name: peepdf-3 id: peepdf-3 category: Analyze Documents > PDF category_path: analyze+documents/pdf description: Examine elements of the PDF file. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/pdf anchor: peepdf-3 website: https://github.com/digitalsleuth/peepdf-3 - name: PolarProxy id: polarproxy category: Explore Network Interactions > Monitoring category_path: explore+network+interactions/monitoring description: Intercept and decrypt TLS traffic. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring anchor: polarproxy website: https://www.netresec.com - name: PowerShell Core id: powershell-core category: Dynamically Reverse-Engineer Code > Scripts category_path: dynamically+reverse-engineer+code/scripts description: Run PowerShell scripts and commands. docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/scripts anchor: powershell-core website: https://github.com/powershell/powershell additional_categories: - General Utilities - name: ProcDOT id: procdot category: Investigate System Interactions category_path: investigate+system+interactions description: Visualize and examine the output of Process Monitor. docs_url: https://docs.remnux.org/discover-the-tools/investigate+system+interactions anchor: procdot website: https://www.procdot.com - name: Procyon id: procyon category: Statically Analyze Code > Java category_path: statically+analyze+code/java description: Java decompiler. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/java anchor: procyon website: https://github.com/mstrobel/procyon - name: PyInstaller Extractor id: pyinstaller-extractor category: Statically Analyze Code > Python category_path: statically+analyze+code/python description: Extract contents of a PyInstaller-generated PE files. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/python anchor: pyinstaller-extractor website: https://github.com/extremecoders-re/pyinstxtractor - name: pyinstxtractor-ng id: pyinstxtractor-ng category: Statically Analyze Code > Python category_path: statically+analyze+code/python description: Extract contents of PyInstaller-generated executables without requiring a matching Python version. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/python anchor: pyinstxtractor-ng website: https://github.com/pyinstxtractor/pyinstxtractor-ng - name: Qiling id: qiling category: Statically Analyze Code > General category_path: statically+analyze+code/general description: Emulate code execution of PE files, shellcode, etc. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/general anchor: qiling website: https://www.qiling.io additional_categories: - Dynamically Reverse-Engineer Code > Shellcode - name: qpdf id: qpdf category: Analyze Documents > PDF category_path: analyze+documents/pdf description: Manipulate (merge, convert, transform) PDF files. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/pdf anchor: qpdf website: http://qpdf.sourceforge.net/ - name: r2pipe id: r2pipe category: Dynamically Reverse-Engineer Code > General category_path: dynamically+reverse-engineer+code/general description: Examine binary files, including disassembling and debugging. docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/general anchor: r2pipe website: https://rada.re/n/r2pipe.html - name: radare2 id: radare2 category: Dynamically Reverse-Engineer Code > General category_path: dynamically+reverse-engineer+code/general description: Examine binary files, including disassembling and debugging. docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/general anchor: radare2 website: https://www.radare.org/n/radare2.html additional_categories: - Use Artificial Intelligence - name: RAR id: rar category: General Utilities category_path: general+utilities description: Compress and decompress files using a variety of algorithms. docs_url: https://docs.remnux.org/discover-the-tools/general+utilities anchor: rar website: https://www.rarlab.com - name: re-search.py id: re-search-py category: Examine Static Properties > General category_path: examine+static+properties/general description: Search the file for built-in regular expressions of common suspicious artifacts. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general anchor: re-search.py website: https://blog.didierstevens.com/2021/05/23/update-re-search-py-version-0-0-17/ additional_categories: - Examine Static Properties > Deobfuscation - name: Redress id: redress category: Examine Static Properties > Go category_path: examine+static+properties/go description: Analyze stripped Go binaries to recover symbols, types, source structure, and integrate with Radare2. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/go anchor: redress website: https://github.com/goretk/redress - name: REMnux Installer id: remnux-installer category: General Utilities category_path: general+utilities description: Install and update the REMnux distro. docs_url: https://docs.remnux.org/discover-the-tools/general+utilities anchor: remnux-installer website: https://github.com/REMnux/distro/blob/master/files/remnux-installer.sh - name: REMnux MCP Server id: remnux-mcp-server category: Use Artificial Intelligence category_path: use+artificial+intelligence description: MCP server for using the REMnux malware analysis toolkit via AI assistants. docs_url: https://docs.remnux.org/discover-the-tools/use+artificial+intelligence anchor: remnux-mcp-server website: https://github.com/REMnux/remnux-mcp-server - name: Rhino Debugger id: rhino-debugger category: Dynamically Reverse-Engineer Code > Scripts category_path: dynamically+reverse-engineer+code/scripts description: GUI JavaScript debugger. docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/scripts anchor: rhino-debugger website: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Rhino/Debugger - name: RSAKeyFinder id: rsakeyfinder category: Perform Memory Forensics category_path: perform+memory+forensics description: Find BER-encoded RSA private keys in a memory image. docs_url: https://docs.remnux.org/discover-the-tools/perform+memory+forensics anchor: rsakeyfinder website: https://citp.princeton.edu/our-work/memory/ - name: rtfdump.py id: rtfdump-py category: Analyze Documents > Microsoft Office category_path: analyze+documents/microsoft+office description: Analyze a suspicious RTF file. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office anchor: rtfdump.py website: https://blog.didierstevens.com/2018/12/10/update-rtfdump-py-version-0-0-9/ - name: runsc id: runsc category: Dynamically Reverse-Engineer Code > Shellcode category_path: dynamically+reverse-engineer+code/shellcode description: Run shellcode to trace and analyze its execution. docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/shellcode anchor: runsc website: https://github.com/edygert/runsc - name: sandfly-processdecloak id: sandfly-processdecloak category: Investigate System Interactions category_path: investigate+system+interactions description: Find hidden processes on the local Linux system. docs_url: https://docs.remnux.org/discover-the-tools/investigate+system+interactions anchor: sandfly-processdecloak website: https://github.com/sandflysecurity/sandfly-processdecloak - name: Scalpel id: scalpel category: Gather and Analyze Data category_path: gather+and+analyze+data description: Carve contents out of binary files, such as partitions. docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data anchor: scalpel website: https://github.com/sleuthkit/scalpel - name: scdbg id: scdbg category: Dynamically Reverse-Engineer Code > Shellcode category_path: dynamically+reverse-engineer+code/shellcode description: Analyze shellcode by emulating its execution. docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/shellcode anchor: scdbg website: http://sandsprite.com/blogs/index.php?uid=7&pid=152 - name: SciTE id: scite category: View or Edit Files category_path: view+or+edit+files description: Edit text files. docs_url: https://docs.remnux.org/discover-the-tools/view+or+edit+files anchor: scite website: https://www.scintilla.org/SciTE.html - name: sets.py id: sets-py category: Examine Static Properties > Deobfuscation category_path: examine+static+properties/deobfuscation description: Perform set operations on lines or bytes in text files. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation anchor: sets.py website: https://blog.didierstevens.com/2017/03/05/new-tool-sets-py/ - name: shcode2exe id: shcode2exe category: Dynamically Reverse-Engineer Code > Shellcode category_path: dynamically+reverse-engineer+code/shellcode description: Convert 32 and 64-bit shellcode to a Windows executable file. docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/shellcode anchor: shcode2exe website: https://github.com/accidentalrebel/shcode2exe - name: shellcode2exe.bat id: shellcode2exe-bat category: Dynamically Reverse-Engineer Code > Shellcode category_path: dynamically+reverse-engineer+code/shellcode description: Convert 32 and 64-bit shellcode to a Windows executable file. docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/shellcode anchor: shellcode2exe.bat website: https://github.com/repnz/shellcode2exe - name: signsrch id: signsrch category: Examine Static Properties > General category_path: examine+static+properties/general description: Find patterns of common encryption, compression, or encoding algorithms. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general anchor: signsrch website: http://aluigi.altervista.org/mytoolz.htm - name: Sleuth Kit id: sleuth-kit category: Examine Static Properties > General category_path: examine+static+properties/general description: Analyze disk images and recover files from them. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general anchor: sleuth-kit website: https://www.sleuthkit.org/sleuthkit - name: sortcanon.py id: sortcanon-py category: General Utilities category_path: general+utilities description: Sort text files using canonicalization functions built into this tool. docs_url: https://docs.remnux.org/discover-the-tools/general+utilities anchor: sortcanon.py website: https://blog.didierstevens.com/2022/06/18/new-tool-sortcanon-py/ - name: Speakeasy id: speakeasy category: Statically Analyze Code > PE Files category_path: statically+analyze+code/pe-files description: Emulate code execution, including shellcode, Windows drivers, and Windows PE files. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/pe-files anchor: speakeasy website: https://github.com/mandiant/speakeasy additional_categories: - Dynamically Reverse-Engineer Code > Shellcode - name: SpiderMonkey id: spidermonkey category: Dynamically Reverse-Engineer Code > Scripts category_path: dynamically+reverse-engineer+code/scripts description: Execute and deobfuscate JavaScript using Mozilla's standalone JavaScript engine. docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/scripts anchor: spidermonkey website: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey - name: SpiderMonkey (Patched) id: spidermonkey-patched category: Dynamically Reverse-Engineer Code > Scripts category_path: dynamically+reverse-engineer+code/scripts description: Execute and deobfuscate JavaScript using a patched version of Mozilla's standalone JavaScript engine. docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/scripts anchor: spidermonkey-patched website: https://blog.didierstevens.com/2018/04/19/update-patched-spidermonkey/ - name: SQLite id: sqlite category: General Utilities category_path: general+utilities description: Manage and interact with SQL database files. docs_url: https://docs.remnux.org/discover-the-tools/general+utilities anchor: sqlite website: http://www.sqlite.org - name: ssdeep id: ssdeep category: Examine Static Properties > General category_path: examine+static+properties/general description: Compute Context Triggered Piecewise Hashes (CTPH), also known as fuzzy hashes. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general anchor: ssdeep website: https://ssdeep-project.github.io/ssdeep/index.html - name: SSView id: ssview category: Analyze Documents > Microsoft Office category_path: analyze+documents/microsoft+office description: Analyze OLE2 Structured Storage files. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office anchor: ssview website: https://www.mitec.cz/ssv.html - name: STPyV8 id: stpyv8 category: Dynamically Reverse-Engineer Code > Scripts category_path: dynamically+reverse-engineer+code/scripts description: Python3 and JavaScript interop engine, fork of the original PyV8 project. docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/scripts anchor: stpyv8 website: https://github.com/cloudflare/stpyv8 - name: strdeob.pl id: strdeob-pl category: Examine Static Properties > Deobfuscation category_path: examine+static+properties/deobfuscation description: Locate and decode stack strings in executable files. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation anchor: strdeob.pl website: https://github.com/REMnux/distro/blob/master/files/strdeob.pl - name: strings.py id: strings-py category: Examine Static Properties > General category_path: examine+static+properties/general description: Extract ASCII and Unicode strings from binary files with length sorting and filtering. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general anchor: strings.py website: https://blog.didierstevens.com/2020/12/19/update-strings-py-version-0-0-6/ - name: tcpdump id: tcpdump category: Explore Network Interactions > Monitoring category_path: explore+network+interactions/monitoring description: Capture and analyze network traffic with this command-line sniffer. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring anchor: tcpdump website: https://www.tcpdump.org - name: tcpflow id: tcpflow category: Explore Network Interactions > Monitoring category_path: explore+network+interactions/monitoring description: Analyze the flow of network traffic. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring anchor: tcpflow website: https://downloads.digitalcorpora.org/downloads/tcpflow/ - name: tcpick id: tcpick category: Explore Network Interactions > Monitoring category_path: explore+network+interactions/monitoring description: Capture and analyze network traffic with this command-line sniffer. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring anchor: tcpick website: http://tcpick.sourceforge.net - name: tcpxtract id: tcpxtract category: Explore Network Interactions > Monitoring category_path: explore+network+interactions/monitoring description: Extract files from network traffic. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring anchor: tcpxtract website: http://tcpxtract.sourceforge.net - name: Tesseract OCR id: tesseract-ocr category: Analyze Documents > General category_path: analyze+documents/general description: Examine images to identify and extract text using optical character recognition (OCR). docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/general anchor: tesseract-ocr website: https://github.com/tesseract-ocr/tesseract - name: texteditor.py id: texteditor-py category: General Utilities category_path: general+utilities description: Edit text files from the command line using search-and-replace commands. docs_url: https://docs.remnux.org/discover-the-tools/general+utilities anchor: texteditor.py website: https://blog.didierstevens.com/2021/07/05/new-tool-texteditor-py/ - name: thefuzz id: thefuzz category: Examine Static Properties > General category_path: examine+static+properties/general description: Fuzzy String Matching in Python. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general anchor: thefuzz website: https://github.com/seatgeek/thefuzz - name: thug id: thug category: Explore Network Interactions > Connecting category_path: explore+network+interactions/connecting description: Examine suspicious website using this low-interaction honeyclient. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/connecting anchor: thug website: https://github.com/buffer/thug - name: time-decode id: time-decode category: Gather and Analyze Data category_path: gather+and+analyze+data description: Decode and encode date and timestamps. docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data anchor: time-decode website: https://github.com/digitalsleuth/time_decode - name: tor id: tor category: Explore Network Interactions > Connecting category_path: explore+network+interactions/connecting description: Obfuscate your origins by routing traffic through a network of anonymizing nodes. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/connecting anchor: tor website: https://www.torproject.org - name: translate.py id: translate-py category: Examine Static Properties > Deobfuscation category_path: examine+static+properties/deobfuscation description: Translate bytes according to a Python expression. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation anchor: translate.py website: https://blog.didierstevens.com/programs/translate/ - name: TrID id: trid category: Examine Static Properties > General category_path: examine+static+properties/general description: Identify file type using signatures. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general anchor: trid website: https://mark0.net/soft-trid-e.html additional_categories: - Statically Analyze Code > Unpacking - name: tshark id: tshark category: Explore Network Interactions > Monitoring category_path: explore+network+interactions/monitoring description: Capture and analyze network traffic with this console-based sniffer. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring anchor: tshark website: https://www.wireshark.org - name: uncompyle6 id: uncompyle6 category: Statically Analyze Code > Python category_path: statically+analyze+code/python description: Python cross-version bytecode decompiler for Python 1. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/python anchor: uncompyle6 website: https://github.com/rocky/python-uncompyle6 - name: Unfurl id: unfurl category: Explore Network Interactions > Connecting category_path: explore+network+interactions/connecting description: Deconstruct and decode data from a URL. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/connecting anchor: unfurl website: https://github.com/obsidianforensics/unfurl - name: Unhide id: unhide category: Investigate System Interactions category_path: investigate+system+interactions description: Find hidden processes or connections on the local Linux system. docs_url: https://docs.remnux.org/discover-the-tools/investigate+system+interactions anchor: unhide website: http://www.unhide-forensics.info - name: unicode id: unicode category: Examine Static Properties > Deobfuscation category_path: examine+static+properties/deobfuscation description: Display Unicode character properties. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation anchor: unicode website: https://github.com/garabik/unicode - name: unrar-free id: unrar-free category: General Utilities category_path: general+utilities description: Decompress files using a variety of algorithms. docs_url: https://docs.remnux.org/discover-the-tools/general+utilities anchor: unrar-free website: https://www.rarlab.com - name: unXOR id: unxor category: Examine Static Properties > Deobfuscation category_path: examine+static+properties/deobfuscation description: Deobfuscate XOR'ed files. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation anchor: unxor website: https://github.com/tomchop/unxor/ - name: UPX id: upx category: Statically Analyze Code > Unpacking category_path: statically+analyze+code/unpacking description: Pack and unpack PE files. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/unpacking anchor: upx website: https://upx.github.io - name: VBinDiff id: vbindiff category: View or Edit Files category_path: view+or+edit+files description: Compare binary files. docs_url: https://docs.remnux.org/discover-the-tools/view+or+edit+files anchor: vbindiff website: https://www.cjmweb.net/vbindiff/ - name: virustotal-search id: virustotal-search category: Gather and Analyze Data category_path: gather+and+analyze+data description: Search VirusTotal for file hashes. docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data anchor: virustotal-search website: https://blog.didierstevens.com/programs/virustotal-tools/ - name: virustotal-submit id: virustotal-submit category: Gather and Analyze Data category_path: gather+and+analyze+data description: Submit files to VirusTotal. docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data anchor: virustotal-submit website: https://blog.didierstevens.com/programs/virustotal-tools/ - name: Visual Studio Code id: visual-studio-code category: View or Edit Files category_path: view+or+edit+files description: Powerful source code editor. docs_url: https://docs.remnux.org/discover-the-tools/view+or+edit+files anchor: visual-studio-code website: https://code.visualstudio.com/ - name: Vivisect id: vivisect category: Statically Analyze Code > General category_path: statically+analyze+code/general description: Statically examine and emulate binary files. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/general anchor: vivisect website: https://github.com/vivisect/vivisect - name: Volatility Framework id: volatility-framework category: Perform Memory Forensics category_path: perform+memory+forensics description: Memory forensics tool and framework. docs_url: https://docs.remnux.org/discover-the-tools/perform+memory+forensics anchor: volatility-framework website: https://github.com/volatilityfoundation/volatility3 - name: Wine id: wine category: Dynamically Reverse-Engineer Code > General category_path: dynamically+reverse-engineer+code/general description: Run Windows applications. docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/general anchor: wine website: https://www.winehq.org additional_categories: - General Utilities - name: wireshark id: wireshark category: Explore Network Interactions > Monitoring category_path: explore+network+interactions/monitoring description: Capture and analyze network traffic with this sniffer. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring anchor: wireshark website: https://www.wireshark.org - name: wxHexEditor id: wxhexeditor category: Examine Static Properties > General category_path: examine+static+properties/general description: Hex editor. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general anchor: wxhexeditor website: https://sourceforge.net/projects/wxhexeditor/ additional_categories: - View or Edit Files - name: XLMMacroDeobfuscator id: xlmmacrodeobfuscator category: Analyze Documents > Microsoft Office category_path: analyze+documents/microsoft+office description: Deobfuscate XLM macros (also known as Excel 4. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office anchor: xlmmacrodeobfuscator website: https://github.com/DissectMalware/XLMMacroDeobfuscator - name: xmldump.py id: xmldump-py category: Analyze Documents > Microsoft Office category_path: analyze+documents/microsoft+office description: Extract contents of XML files, in particular OOXML-formatted Microsoft Office documents. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office anchor: xmldump.py website: https://blog.didierstevens.com/2017/12/18/new-tool-xmldump-py/ - name: xor-kpa.py id: xor-kpa-py category: Examine Static Properties > Deobfuscation category_path: examine+static+properties/deobfuscation description: Implement a XOR known plaintext attack. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation anchor: xor-kpa.py website: https://blog.didierstevens.com/2017/06/06/update-xor-kpa-py-version-0-0-5/ - name: xorBruteForcer.py id: xorbruteforcer-py category: Examine Static Properties > Deobfuscation category_path: examine+static+properties/deobfuscation description: Bruteforce an XOR-encoded file. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation anchor: xorbruteforcer.py website: https://eternal-todo.com/category/bruteforcer - name: XORSearch id: xorsearch category: Examine Static Properties > Deobfuscation category_path: examine+static+properties/deobfuscation description: Locate and decode strings obfuscated using common techniques. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation anchor: xorsearch website: https://blog.didierstevens.com/programs/xorsearch/ additional_categories: - Dynamically Reverse-Engineer Code > Shellcode - name: xorsearch.py id: xorsearch-py category: Examine Static Properties > Deobfuscation category_path: examine+static+properties/deobfuscation description: Search for XOR, ROL, ROT, and SHIFT encoded strings with YARA and regex support. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation anchor: xorsearch.py website: https://blog.didierstevens.com/2020/08/23/new-tool-xorsearch-py/ - name: XORStrings id: xorstrings category: Examine Static Properties > Deobfuscation category_path: examine+static+properties/deobfuscation description: Search for XOR encoded strings in a file. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation anchor: xorstrings website: https://blog.didierstevens.com/2013/04/15/new-tool-xorstrings/ - name: xortool id: xortool category: Examine Static Properties > Deobfuscation category_path: examine+static+properties/deobfuscation description: Analyze XOR-encoded data. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation anchor: xortool website: https://github.com/hellman/xortool - name: Yara id: yara category: Gather and Analyze Data category_path: gather+and+analyze+data description: Identify and classify malware samples using Yara rules. docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data anchor: yara website: https://virustotal.github.io/yara/ - name: YARA-Forge Rules id: yara-forge-rules category: Examine Static Properties > General category_path: examine+static+properties/general description: Scan files with curated YARA rules from 45+ sources for malware family identification. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general anchor: yara-forge-rules website: https://yarahq.github.io/ - name: Yara Rules id: yara-rules category: Examine Static Properties > General category_path: examine+static+properties/general description: Scan a file with YARA rules to identify capabilities and behaviors (packer detection, anti-debug, networking). docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general anchor: yara-rules website: https://github.com/Yara-Rules/rules - name: YARA-X id: yara-x category: Gather and Analyze Data category_path: gather+and+analyze+data description: Scan files using YARA rules, the next generation of YARA written in Rust. docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data anchor: yara-x website: https://github.com/VirusTotal/yara-x - name: zbarimg id: zbarimg category: Explore Network Interactions > Connecting category_path: explore+network+interactions/connecting description: Decode QR codes and barcodes from image files. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/connecting anchor: zbarimg website: https://github.com/mchehab/zbar - name: zipdump.py id: zipdump-py category: Analyze Documents > Microsoft Office category_path: analyze+documents/microsoft+office description: Analyze zip-compressed files. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office anchor: zipdump.py website: https://blog.didierstevens.com/2020/07/27/update-zipdump-py-version-0-0-20/