metadata: total_tools: 447 in_remnux_count: 397 help_tier_counts: rich: 156 standard: 118 basic: 173 source_coverage: for610_only: 58 remnux_docs_only: 51 salt_states_only: 173 all_three: 65 for610_and_docs: 92 for610_and_salt: 71 docs_and_salt: 132 no_coverage: 0 tools: - id: 1768-py name: 1768.py aliases: [] description: Parse Cobalt Strike beacon configuration from shellcode or memory dumps in_remnux: true platform: linux sources: for610: covered: true description: Parse Cobalt Strike beacon configuration from shellcode or memory dumps category: yara-detection labs: - '3.4' sections: - 3 typical_usage: - 1768.py shellcode.bin tags: - cobalt-strike - beacon - c2-config - didier-stevens author: Didier Stevens salt_states: covered: false remnux_docs: covered: true category: Examine Static Properties > Deobfuscation description: Analyze Cobalt Strike beacons. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation website: https://blog.didierstevens.com/2021/05/22/update-1768-py-version-0-0-6/ anchor: id-1768.py has_for610_coverage: true has_remnux_docs: true has_salt_state: false help_tier: rich - id: 7-zip name: 7-Zip aliases: [] description: Compress and decompress files using a variety of algorithms. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: Examine Static Properties > General description: Compress and decompress files using a variety of algorithms. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general website: https://www.7-zip.org has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: 7zip name: 7zip aliases: - remnux-packages-p7zip-full - remnux-packages-7zz - p7zip-full description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: remnux-packages-p7zip-full salt_state_path: remnux/packages/7zip.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: aeskeyfind name: aeskeyfind aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: aeskeyfind salt_state_path: remnux/packages/aeskeyfind.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: aeskeyfinder name: AESKeyFinder aliases: [] description: Find 128-bit and 256-bit AES keys in a memory image. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: Perform Memory Forensics description: Find 128-bit and 256-bit AES keys in a memory image. docs_url: https://docs.remnux.org/discover-the-tools/perform+memory+forensics website: https://citp.princeton.edu/our-work/memory/ has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: amsiscriptcontentretrieval name: AMSIScriptContentRetrieval aliases: [] description: Extract monitored script content from AMSI Event Trace logs in_remnux: false platform: windows sources: for610: covered: true description: Extract monitored script content from AMSI Event Trace logs category: powershell-analysis labs: - '3.6' sections: - 3 typical_usage: - AMSIScriptContentRetrieval AMSITrace.etl > output.txt tags: - amsi - script-extraction salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: androguard name: androguard aliases: - remnux-python3-packages-androguard description: Analyze Android APK files — extract permissions, activities, intents, and decompile DEX code in_remnux: true platform: linux sources: for610: covered: true typical_usage: - androguard analyze - androguard decompile -o output/ - androgui.py tags: - android - apk - permissions - decompilation description: Analyze Android APK files — extract permissions, activities, intents, and decompile DEX code salt_states: covered: true install_method: pip package_name: remnux-python3-packages-androguard salt_state_path: remnux/python3-packages/androguard.sls remnux_docs: covered: true category: Statically Analyze Code > Android description: Examine Android files. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/android website: https://github.com/androguard/androguard anchor: androguard has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: android-project-creator name: android-project-creator aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: unknown package_name: android-project-creator salt_state_path: remnux/config/android-project-creator.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: androidprojectcreator name: AndroidProjectCreator aliases: [] description: Convert an Android APK application file into an Android Studio project for easier analysis. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: Statically Analyze Code > Android description: Convert an Android APK application file into an Android Studio project for easier analysis. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/android website: https://maxkersten.nl/projects/androidprojectcreator has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: anomy name: anomy aliases: [] description: A wrapper around wget, ssh, sftp, ftp, and telnet to route these connections through Tor to anonymize your traffic. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: script package_name: anomy salt_state_path: remnux/scripts/anomy.sls remnux_docs: covered: true category: Explore Network Interactions > Connecting description: A wrapper around wget, ssh, sftp, ftp, and telnet to route these connections through Tor to anonymize your traffic. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/connecting website: https://github.com/izm1chael/Anomy anchor: anomy has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: any-run name: Any.run aliases: [] description: Interactive online malware analysis sandbox with real-time process monitoring in_remnux: false platform: online sources: for610: covered: true description: Interactive online malware analysis sandbox with real-time process monitoring category: online-platforms labs: [] sections: - 1 typical_usage: - https://any.run tags: - sandbox - interactive - real-time salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: api-monitor name: API Monitor aliases: [] description: Monitor and record API calls made by processes in_remnux: false platform: windows sources: for610: covered: true description: Monitor and record API calls made by processes category: behavioral-analysis labs: [] sections: - 1 typical_usage: - apimonitor-x64.exe tags: - api-calls - monitoring - dynamic-analysis salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: apkid name: apkid aliases: - remnux-python3-packages-apkid description: Identify compilers, packers, and obfuscators used to protect Android APK and DEX files. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: pip package_name: remnux-python3-packages-apkid salt_state_path: remnux/python3-packages/apkid.sls remnux_docs: covered: true category: Statically Analyze Code > Android description: Identify compilers, packers, and obfuscators used to protect Android APK and DEX files. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/android website: https://github.com/rednaga/APKiD anchor: apkid has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: apktool name: apktool aliases: [] description: Decompile and recompile Android APK files — extract resources, smali code, and manifest in_remnux: true platform: linux sources: for610: covered: true typical_usage: - apktool d -o output/ - apktool b output/ -o rebuilt.apk tags: - android - apk - decompilation - resources description: Decompile and recompile Android APK files — extract resources, smali code, and manifest salt_states: covered: true install_method: manual package_name: apktool salt_state_path: remnux/tools/apktool.sls remnux_docs: covered: true category: Statically Analyze Code > Android description: Reverse-engineer Android APK files. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/android website: https://ibotpeaches.github.io/Apktool/ anchor: apktool has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: apt-utils name: apt-utils aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: apt-utils salt_state_path: remnux/packages/apt-utils.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: archive-zip name: archive-zip aliases: - cpan description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: perl package_name: cpan salt_state_path: remnux/perl-packages/ole-storagelite.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: autoconf name: autoconf aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: autoconf salt_state_path: remnux/packages/autoconf.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: autoit-ripper name: autoit-ripper aliases: - remnux-python3-packages-autoit-ripper-install description: Extract AutoIt scripts embedded in PE binaries. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: pip package_name: remnux-python3-packages-autoit-ripper-install salt_state_path: remnux/python3-packages/autoit-ripper.sls remnux_docs: covered: true category: Statically Analyze Code > Scripts description: Extract AutoIt scripts embedded in PE binaries. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/scripts website: https://github.com/nazywam/AutoIt-Ripper anchor: autoit-ripper has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: autologin name: autologin aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: unknown package_name: autologin salt_state_path: remnux/theme/autologin.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: automake name: automake aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: automake salt_state_path: remnux/packages/automake.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: autoruns name: Autoruns aliases: [] description: View and manage all autostart locations — startup programs, services, drivers, scheduled tasks in_remnux: false platform: windows sources: for610: covered: true description: View and manage all autostart locations — startup programs, services, drivers, scheduled tasks category: behavioral-analysis labs: [] sections: - 1 typical_usage: - Autoruns.exe tags: - persistence - autostart - startup salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: baksmali name: baksmali aliases: [] description: Disassembler for the dex format used by Dalvik, Android's Java VM implementation. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: baksmali salt_state_path: remnux/packages/baksmali.sls remnux_docs: covered: true category: Statically Analyze Code > Android description: Disassembler for the dex format used by Dalvik, Android's Java VM implementation. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/android website: https://bitbucket.org/JesusFreke/smali anchor: baksmali has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: balbuzard name: balbuzard aliases: - remnux-python3-packages-balbuzard-install - balbuzard-3 - '{{' description: Extract and deobfuscate patterns from suspicious files. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: pip package_name: remnux-python3-packages-debloat salt_state_path: remnux/python3-packages/debloat.sls remnux_docs: covered: true category: Examine Static Properties > Deobfuscation description: Extract and deobfuscate patterns from suspicious files. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation website: https://github.com/digitalsleuth/balbuzard anchor: balbuzard has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: base64dump-py name: base64dump.py aliases: - base64dump description: Extract and decode Base64-encoded strings from files in_remnux: true platform: linux sources: for610: covered: true description: Extract and decode Base64-encoded strings from files category: document-analysis labs: - '3.4' - '4.5' sections: - 3 - 4 typical_usage: - base64dump.py file.txt - base64dump.py file.ps1 -n 10 - base64dump.py file.ps1 -s 2 -d tags: - base64 - decoding - didier-stevens author: Didier Stevens salt_states: covered: false remnux_docs: covered: true category: Examine Static Properties > Deobfuscation description: Locate and decode strings encoded in Base64 and other common encodings. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation website: https://blog.didierstevens.com/2020/07/03/update-base64dump-py-version-0-0-12/ anchor: base64dump.py has_for610_coverage: true has_remnux_docs: true has_salt_state: false help_tier: rich - id: bash-history name: bash-history aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: unknown package_name: bash-history salt_state_path: remnux/config/bash-history.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: bash-rc name: bash-rc aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: unknown package_name: bash-rc salt_state_path: remnux/config/bash-rc.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: bbcrack name: bbcrack aliases: [] description: Detect and decode strings obfuscated with XOR, ROL, and ADD algorithms in_remnux: true platform: linux sources: for610: covered: true description: Detect and decode strings obfuscated with XOR, ROL, and ADD algorithms category: string-deobfuscation labs: - '5.2' sections: - 5 typical_usage: - bbcrack -l 1 specimen.dll tags: - xor - rol - add - deobfuscation - balbuzard salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: bearparser name: bearparser aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: bearparser salt_state_path: remnux/packages/bearparser.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: binary-ninja name: Binary Ninja aliases: [] description: Commercial disassembler with strong automated analysis and scripting in_remnux: false platform: both sources: for610: covered: true description: Commercial disassembler with strong automated analysis and scripting category: code-analysis labs: [] sections: - 2 typical_usage: - binaryninja specimen.exe tags: - disassembly - commercial salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: binee name: binee aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: unknown package_name: binee salt_state_path: remnux/config/binee.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: binee-binary-emulation-environment name: binee (Binary Emulation Environment) aliases: [] description: Analyze I/O operations of a suspicious PE file by emulating its execution. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: Statically Analyze Code > PE Files description: Analyze I/O operations of a suspicious PE file by emulating its execution. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/pe-files website: https://github.com/carbonblack/binee has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: binutils name: binutils aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: binutils salt_state_path: remnux/packages/binutils.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: binwalk name: binwalk aliases: [] description: Analyze and extract embedded files and firmware images in_remnux: true platform: linux sources: for610: covered: true description: Analyze and extract embedded files and firmware images category: utilities labs: [] sections: - 1 typical_usage: - binwalk firmware.bin - binwalk -e firmware.bin tags: - firmware - extraction - embedded-files salt_states: covered: true install_method: apt package_name: binwalk salt_state_path: remnux/packages/binwalk.sls remnux_docs: covered: true category: Examine Static Properties > General description: Extract and analyze firmware images. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general website: https://github.com/ReFirmLabs/binwalk anchor: binwalk has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: box-js name: box-js aliases: [] description: JavaScript sandbox for analyzing malicious scripts by emulating browser/WScript APIs in_remnux: true platform: linux sources: for610: covered: true description: JavaScript sandbox for analyzing malicious scripts by emulating browser/WScript APIs category: emulation labs: [] sections: - 3 typical_usage: - box-js --output-dir=/tmp suspicious.js tags: - javascript - sandbox - emulation salt_states: covered: true install_method: npm package_name: box-js salt_state_path: remnux/node-packages/box-js.sls remnux_docs: covered: true category: Dynamically Reverse-Engineer Code > Scripts description: Analyze suspicious JavaScript scripts. docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/scripts website: https://github.com/CapacitorSet/box-js anchor: box-js has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: brxor-py name: brxor.py aliases: [] description: Brute-force XOR key detection for single-byte XOR-encoded strings in_remnux: true platform: linux sources: for610: covered: true description: Brute-force XOR key detection for single-byte XOR-encoded strings category: string-deobfuscation labs: - '5.2' sections: - 5 typical_usage: - brxor.py specimen.dll tags: - xor - brute-force - deobfuscation salt_states: covered: true install_method: pip package_name: brxor.py salt_state_path: remnux/python3-packages/brxor.sls remnux_docs: covered: true category: Examine Static Properties > Deobfuscation description: Bruteforce XOR'ed strings to find those that are English words. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation website: https://github.com/REMnux/distro/blob/master/files/brxor.py anchor: brxor.py has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: build-essential name: build-essential aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: build-essential salt_state_path: remnux/packages/build-essential.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: bulk-extractor name: bulk-extractor aliases: [] description: Extract interesting strings from binary files. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: bulk-extractor salt_state_path: remnux/packages/bulk-extractor.sls remnux_docs: covered: true category: Examine Static Properties > General description: Extract interesting strings from binary files. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general website: https://github.com/simsong/bulk_extractor/ anchor: bulk_extractor has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: bundler name: bundler aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: bundler salt_state_path: remnux/packages/bundler.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: burp-suite name: Burp Suite aliases: - Burp description: Web application security proxy for intercepting and modifying HTTP/HTTPS traffic in_remnux: false platform: both sources: for610: covered: true description: Web application security proxy for intercepting and modifying HTTP/HTTPS traffic category: network-analysis labs: [] sections: - 3 typical_usage: - burpsuite tags: - http - https - proxy - web-security salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: burp-suite-community-edition name: Burp Suite Community Edition aliases: [] description: Investigate website interactions using this web proxy. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: Explore Network Interactions > Monitoring description: Investigate website interactions using this web proxy. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring website: https://portswigger.net has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: burpsuite-community name: burpsuite-community aliases: - remnux-packages-burpsuite-community description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: remnux-packages-burpsuite-community salt_state_path: remnux/packages/burpsuite-community.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: bytehist name: Bytehist aliases: [] description: Generate byte-usage histograms to visually identify packed or encrypted sections in binaries in_remnux: true platform: both sources: for610: covered: true description: Generate byte-usage histograms to visually identify packed or encrypted sections in binaries category: static-analysis-pe labs: [] sections: - 1 - 4 typical_usage: - bytehist specimen.exe tags: - pe - entropy - packing-detection - histogram salt_states: covered: true install_method: manual package_name: bytehist salt_state_path: remnux/tools/bytehist.sls remnux_docs: covered: true category: Statically Analyze Code > Unpacking description: Generate byte-usage-histograms for all types of files with a focus on PE files. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/unpacking website: https://www.cert.at/downloads/software/bytehist_en.html anchor: bytehist has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: cabextract name: cabextract aliases: [] description: Extract Microsoft cabinet (cab) files. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: cabextract salt_state_path: remnux/packages/cabextract.sls remnux_docs: covered: true category: General Utilities description: Extract Microsoft cabinet (cab) files. docs_url: https://docs.remnux.org/discover-the-tools/general+utilities website: https://www.cabextract.org.uk anchor: cabextract has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: capa name: capa aliases: [] description: Identify malware capabilities mapped to MITRE ATT&CK framework and Malware Behavior Catalog in_remnux: true platform: both sources: for610: covered: true description: Identify malware capabilities mapped to MITRE ATT&CK framework and Malware Behavior Catalog category: yara-detection labs: - '1.4' - '5.4' sections: - 1 - 5 typical_usage: - capa specimen.exe - capa -vv specimen.exe - capa -vv specimen.exe | grep -A7 'Suspended Process' tags: - capabilities - mitre-attack - automated-analysis salt_states: covered: true install_method: manual package_name: capa salt_state_path: remnux/tools/capa.sls remnux_docs: covered: true category: Statically Analyze Code > PE Files description: Detect suspicious capabilities in PE files. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/pe-files website: https://github.com/mandiant/capa anchor: capa has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: cape-sandbox name: CAPE Sandbox aliases: - CAPE description: Automated malware analysis sandbox with payload extraction and config dumping in_remnux: false platform: online sources: for610: covered: true description: Automated malware analysis sandbox with payload extraction and config dumping category: online-platforms labs: [] sections: - 1 typical_usage: - https://capesandbox.com tags: - sandbox - automated - payload-extraction salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: cast name: cast aliases: - remnux-packages-cast description: Install and manage SaltStack-based Linux distributions. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: remnux-packages-cast salt_state_path: remnux/packages/cast.sls remnux_docs: covered: true category: General Utilities description: Install and manage SaltStack-based Linux distributions. docs_url: https://docs.remnux.org/discover-the-tools/general+utilities website: https://github.com/ekristen/cast anchor: cast has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: cff-explorer name: CFF Explorer aliases: [] description: View and edit PE file headers, sections, imports, and resources in_remnux: false platform: windows sources: for610: covered: true description: View and edit PE file headers, sections, imports, and resources category: static-analysis-pe labs: [] sections: - 1 typical_usage: - CFF Explorer specimen.exe tags: - pe - header-editing - resources salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: cffi name: cffi aliases: - remnux-python3-packages-cffi description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: pip package_name: remnux-python3-packages-cffi salt_state_path: remnux/python3-packages/cffi.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: cfr name: cfr aliases: [] description: Modern Java decompiler — handles Java 8+ features including lambdas and try-with-resources in_remnux: true platform: linux sources: for610: covered: true typical_usage: - cfr --outputdir output/ - cfr tags: - java - decompilation - jar description: Modern Java decompiler — handles Java 8+ features including lambdas and try-with-resources salt_states: covered: true install_method: manual package_name: cfr salt_state_path: remnux/tools/cfr.sls remnux_docs: covered: true category: Statically Analyze Code > Java description: Java decompiler. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/java website: https://www.benf.org/other/cfr/ anchor: cfr has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: chepy name: chepy aliases: - remnux-python3-packages-chepy - remnux-python3-packages-chepy-extras - chepy[extras] description: Decode and otherwise analyze data using this command-line tool and Python library. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: pip package_name: remnux-python3-packages-chepy salt_state_path: remnux/python3-packages/chepy.sls remnux_docs: covered: true category: Examine Static Properties > Deobfuscation description: Decode and otherwise analyze data using this command-line tool and Python library. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation website: https://github.com/securisec/chepy anchor: chepy has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: clamav name: ClamAV aliases: [] description: Open-source antivirus — scan files for known malware signatures in_remnux: true platform: linux sources: for610: covered: true typical_usage: - clamscan - clamscan -r / - freshclam tags: - antivirus - scanning - signatures description: Open-source antivirus — scan files for known malware signatures salt_states: covered: false remnux_docs: covered: true category: Examine Static Properties > General description: Scan files for malware signatures. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general website: https://www.clamav.net has_for610_coverage: true has_remnux_docs: true has_salt_state: false help_tier: rich - id: clamav-daemon name: clamav-daemon aliases: - clamav-freshclam description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: clamav-daemon salt_state_path: remnux/packages/clamav-daemon.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: cobalt-strike-configuration-extractor-csce-and-parser name: Cobalt Strike Configuration Extractor (CSCE) and Parser aliases: [] description: Analyze Cobalt Strike beacons. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: Examine Static Properties > Deobfuscation description: Analyze Cobalt Strike beacons. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation website: https://github.com/strozfriedberg/cobaltstrike-config-extractor has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: compatibility name: compatibility aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: unknown package_name: compatibility salt_state_path: remnux/theme/compatibility.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: cs-analyze-processdump-py name: cs-analyze-processdump.py aliases: [] description: Analyze Cobalt Strike beacon process dumps for sleep mask encoding in_remnux: true platform: linux sources: for610: covered: true typical_usage: - cs-analyze-processdump.py tags: - cobalt-strike - sleep-mask - memory description: Analyze Cobalt Strike beacon process dumps for sleep mask encoding salt_states: covered: false remnux_docs: covered: true category: Examine Static Properties > Deobfuscation description: Analyze Cobalt Strike beacon process dumps to detect sleep mask encoding. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation website: https://blog.didierstevens.com/2021/11/25/new-tool-cs-analyze-processdump-py/ has_for610_coverage: true has_remnux_docs: true has_salt_state: false help_tier: rich - id: cs-decrypt-metadata-py name: cs-decrypt-metadata.py aliases: [] description: Decrypt Cobalt Strike beacon metadata from network captures in_remnux: true platform: linux sources: for610: covered: true typical_usage: - cs-decrypt-metadata.py tags: - cobalt-strike - decryption - metadata description: Decrypt Cobalt Strike beacon metadata from network captures salt_states: covered: false remnux_docs: covered: true category: Examine Static Properties > Deobfuscation description: Decrypt Cobalt Strike metadata. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation website: https://blog.didierstevens.com/2021/11/12/update-cs-decrypt-metadata-py-version-0-0-2/ has_for610_coverage: true has_remnux_docs: true has_salt_state: false help_tier: rich - id: cs-extract-key-py name: cs-extract-key.py aliases: [] description: Extract AES and HMAC encryption keys from Cobalt Strike beacon process memory dumps in_remnux: true platform: linux sources: for610: covered: true typical_usage: - cs-extract-key.py -f tags: - cobalt-strike - encryption - key-extraction description: Extract AES and HMAC encryption keys from Cobalt Strike beacon process memory dumps salt_states: covered: false remnux_docs: covered: true category: Examine Static Properties > Deobfuscation description: Extract AES and HMAC keys from Cobalt Strike beacon process memory. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation website: https://blog.didierstevens.com/2021/11/03/new-tool-cs-extract-key-py/ has_for610_coverage: true has_remnux_docs: true has_salt_state: false help_tier: rich - id: cs-parse-traffic-py name: cs-parse-traffic.py aliases: [] description: Decrypt and parse Cobalt Strike beacon network traffic using extracted keys in_remnux: true platform: linux sources: for610: covered: true typical_usage: - cs-parse-traffic.py -f -k tags: - cobalt-strike - traffic - decryption description: Decrypt and parse Cobalt Strike beacon network traffic using extracted keys salt_states: covered: false remnux_docs: covered: true category: Explore Network Interactions > Monitoring description: Decrypt and parse Cobalt Strike beacon network traffic. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring website: https://blog.didierstevens.com/2021/11/29/new-tool-cs-parse-traffic-py/ has_for610_coverage: true has_remnux_docs: true has_salt_state: false help_tier: rich - id: cscript name: CScript aliases: - cscript.exe description: Windows Script Host command-line — execute JScript/VBScript for AMSI monitoring in_remnux: false platform: windows sources: for610: covered: true description: Windows Script Host command-line — execute JScript/VBScript for AMSI monitoring category: javascript-analysis labs: - '3.6' sections: - 3 typical_usage: - cscript malicious.js tags: - javascript - vbscript - windows-script-host salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: curl name: curl aliases: [] description: Transfer data to/from servers using various protocols in_remnux: true platform: linux sources: for610: covered: true description: Transfer data to/from servers using various protocols category: utilities labs: [] sections: - 1 typical_usage: - curl -L http://example.com - curl -o output.bin http://example.com/file tags: - download - http - transfer salt_states: covered: true install_method: apt package_name: remnux-packages-curl salt_state_path: remnux/packages/curl.sls remnux_docs: covered: true category: Explore Network Interactions > Connecting description: Interact with servers via supported protocols, including HTTP, HTTPS, FTP, IMAP, etc. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/connecting website: https://curl.se anchor: curl has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: cut-bytes-py name: cut-bytes.py aliases: [] description: Cut out a part of a data stream. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: Examine Static Properties > Deobfuscation description: Cut out a part of a data stream. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation website: https://blog.didierstevens.com/2015/10/14/cut-bytes-py/ has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: cutter name: Cutter aliases: [] description: Open-source reverse engineering platform — Qt-based GUI for radare2 in_remnux: true platform: both sources: for610: covered: true description: Open-source reverse engineering platform — Qt-based GUI for radare2 category: code-analysis labs: [] sections: - 2 typical_usage: - cutter specimen.exe tags: - disassembly - radare2 - open-source salt_states: covered: true install_method: manual package_name: cutter salt_state_path: remnux/tools/cutter.sls remnux_docs: covered: true category: Statically Analyze Code > General description: Reverse engineering platform powered by Rizin. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/general website: https://cutter.re anchor: cutter has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: cyberchef name: CyberChef aliases: [] description: Web-based data transformation tool — decode Base64, XOR, hex, decompress, and chain operations in_remnux: true platform: both sources: for610: covered: true description: Web-based data transformation tool — decode Base64, XOR, hex, decompress, and chain operations category: string-deobfuscation labs: - '1.5' - '3.8' - '3.12' sections: - 1 - 3 typical_usage: - cyberchef tags: - decoding - encoding - transformation - web-based salt_states: covered: true install_method: manual package_name: cyberchef salt_state_path: remnux/tools/cyberchef.sls remnux_docs: covered: true category: Examine Static Properties > Deobfuscation description: Decode and otherwise analyze data using this browser app. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation website: https://github.com/gchq/CyberChef/ anchor: cyberchef has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: dc3-mwcp name: dc3-mwcp aliases: - remnux-python3-packages-dc3-mwcp - mwcp description: DC3 Malware Configuration Parser — extract C2 configs from known malware families in_remnux: true platform: linux sources: for610: covered: true typical_usage: - mwcp parse - mwcp parse -p Emotet tags: - malware - config-extraction - c2 description: DC3 Malware Configuration Parser — extract C2 configs from known malware families salt_states: covered: true install_method: pip package_name: remnux-python3-packages-dc3-mwcp salt_state_path: remnux/python3-packages/dc3-mwcp.sls remnux_docs: covered: true category: Examine Static Properties > Deobfuscation description: Parsing configuration information from malware. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation website: https://github.com/Defense-Cyber-Crime-Center/DC3-mwcp anchor: dc3-mwcp has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: de4dot name: de4dot aliases: [] description: .NET deobfuscator — remove obfuscation from .NET assemblies in_remnux: true platform: both sources: for610: covered: true description: .NET deobfuscator — remove obfuscation from .NET assemblies category: dotnet-analysis labs: - '4.8' sections: - 4 typical_usage: - de4dot obfuscated.exe tags: - dotnet - deobfuscation salt_states: covered: false remnux_docs: covered: true category: Statically Analyze Code > .NET description: Deobfuscate and unpack. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/.net website: https://github.com/0xd4d/de4dot anchor: de4dot has_for610_coverage: true has_remnux_docs: true has_salt_state: false help_tier: rich - id: decode-vbe-py name: decode-vbe.py aliases: [] description: Decode encoded VBS scripts (VBE). in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: Statically Analyze Code > Scripts description: Decode encoded VBS scripts (VBE). docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/scripts website: https://blog.didierstevens.com/2016/03/29/decoding-vbe/ has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: decompyle name: Decompyle++ aliases: [] description: Python bytecode disassembler and decompiler. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: Statically Analyze Code > Python description: Python bytecode disassembler and decompiler. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/python website: https://github.com/zrax/pycdc has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: default-jdk name: default-jdk aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: default-jdk salt_state_path: remnux/packages/default-jdk.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: default-jre name: default-jre aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: default-jre salt_state_path: remnux/packages/default-jre.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: dex2jar name: dex2jar aliases: [] description: Examine Dalvik Executable (dex) files. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: dex2jar salt_state_path: remnux/packages/dex2jar.sls remnux_docs: covered: true category: Statically Analyze Code > Android description: Examine Dalvik Executable (dex) files. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/android website: https://github.com/pxb1988/dex2jar anchor: dex2jar has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: dexray name: dexray aliases: [] description: Extract and decode data from antivirus quarantine files. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: script package_name: dexray salt_state_path: remnux/scripts/dexray.sls remnux_docs: covered: true category: Gather and Analyze Data description: Extract and decode data from antivirus quarantine files. docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data website: https://www.hexacorn.com/blog/category/software-releases/dexray/ anchor: dexray has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: dialog name: dialog aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: dialog salt_state_path: remnux/packages/dialog.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: didier-stevens-suite name: didier-stevens-scripts aliases: - '{{' description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: pip package_name: remnux-python3-packages-dissect-fusepy-prereq salt_state_path: remnux/python3-packages/dissect.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: diec name: diec aliases: - Detect It Easy - DIE description: Detect packers, compilers, and tools used to create executables in_remnux: true platform: both sources: for610: covered: true description: Detect packers, compilers, and tools used to create executables category: static-analysis-pe labs: - '4.1' sections: - 1 - 4 typical_usage: - diec specimen.exe tags: - pe - packer-detection - compiler-detection salt_states: covered: true install_method: manual package_name: remnux-tools-detect-it-easy-install salt_state_path: remnux/tools/detect-it-easy.sls remnux_docs: covered: true category: Examine Static Properties > General description: Determine types of files and examine file properties. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general website: https://github.com/horsicq/Detect-It-Easy anchor: detect-it-easy has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: disitool name: disitool aliases: [] description: Manipulate embedded digital signatures. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: Examine Static Properties > General description: Manipulate embedded digital signatures. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general website: https://blog.didierstevens.com/programs/disitool/ has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: display name: display aliases: - set-scaling description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: unknown package_name: set-scaling salt_state_path: remnux/config/display.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: dissect name: dissect aliases: [] description: Perform a variety of forensics and incident response tasks using this DFIR framework and toolset. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: Gather and Analyze Data description: Perform a variety of forensics and incident response tasks using this DFIR framework and toolset. docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data website: https://github.com/fox-it/dissect has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: distro-info name: distro-info aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: pip package_name: distro-info salt_state_path: remnux/python3-packages/distro-info.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: dllcharacteristics name: dllcharacteristics aliases: - dllcharacteristics.py description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: script package_name: dllcharacteristics.py salt_state_path: remnux/scripts/dllcharacteristics.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: dnfile name: dnfile aliases: - remnux-python3-packages-dnfile description: Analyze static properties of. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: pip package_name: remnux-python3-packages-dnfile salt_state_path: remnux/python3-packages/dnfile.sls remnux_docs: covered: true category: Examine Static Properties > .NET description: Analyze static properties of. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/.net website: https://github.com/malwarefrank/dnfile anchor: dnfile has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: dnslib name: dnslib aliases: - remnux-python3-packages-dnslib description: Python library to encode/decode DNS wire-format packets. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: pip package_name: remnux-python3-packages-dnslib salt_state_path: remnux/python3-packages/dnslib.sls remnux_docs: covered: true category: Gather and Analyze Data description: Python library to encode/decode DNS wire-format packets. docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data website: https://github.com/paulc/dnslib anchor: dnslib has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: dnspyex name: dnSpyEx aliases: - dnSpy description: .NET debugger and decompiler — debug obfuscated/packed .NET malware with breakpoints in_remnux: false platform: windows sources: for610: covered: true description: .NET debugger and decompiler — debug obfuscated/packed .NET malware with breakpoints category: dotnet-analysis labs: - '4.8' sections: - 4 typical_usage: - dnSpyEx.exe assembly.exe tags: - dotnet - debugger - decompiler salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: dnsresolver-py name: dnsresolver.py aliases: [] description: DNS resolver tool for dynamic analysis with wildcard and tracking support. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: Explore Network Interactions > Services description: DNS resolver tool for dynamic analysis with wildcard and tracking support. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/services website: https://blog.didierstevens.com/2021/07/15/new-tool-dnsresolver-py/ has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: docker name: docker aliases: - docker-docker-ce - docker-engine - docker-ce description: Run and manage containers. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: manual package_name: docker-compose salt_state_path: remnux/tools/docker-compose.sls remnux_docs: covered: true category: General Utilities description: Run and manage containers. docs_url: https://docs.remnux.org/discover-the-tools/general+utilities website: https://www.docker.com anchor: docker has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: dog name: dog aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: unknown package_name: dog salt_state_path: remnux/theme/dog.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: dos2unix name: dos2unix aliases: [] description: Convert text files with Windows or macOS line breaks to Unix line breaks and vice versa. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: dos2unix salt_state_path: remnux/packages/dos2unix.sls remnux_docs: covered: true category: View or Edit Files description: Convert text files with Windows or macOS line breaks to Unix line breaks and vice versa. docs_url: https://docs.remnux.org/discover-the-tools/view+or+edit+files website: https://waterlan.home.xs4all.nl/dos2unix.html anchor: dos2unix has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: dot-cache name: dot-cache aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: unknown package_name: dot-cache salt_state_path: remnux/config/dot-cache.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: dot-config name: dot-config aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: unknown package_name: dot-config salt_state_path: remnux/config/dot-config.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: dot-cpan name: dot-cpan aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: unknown package_name: dot-cpan salt_state_path: remnux/config/dot-cpan.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: dot-dbus name: dot-dbus aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: unknown package_name: dot-dbus salt_state_path: remnux/config/dot-dbus.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: dot-local name: dot-local aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: unknown package_name: dot-local salt_state_path: remnux/config/dot-local.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: dotdumper name: DotDumper aliases: [] description: Execution monitor and memory extractor for automatic .NET malware unpacking in_remnux: false platform: windows sources: for610: covered: true description: Execution monitor and memory extractor for automatic .NET malware unpacking category: dotnet-analysis labs: [] sections: - 4 typical_usage: - DotDumper.exe -file chatroom.exe tags: - dotnet - unpacking - memory-extraction - automated salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: dotnet-runtime-3-1 name: dotnet-runtime-3-1 aliases: - dotnet3 description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: dotnet3 salt_state_path: remnux/packages/dotnet-runtime-3-1.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: dotnetfile name: dotnetfile aliases: - dotnetfile_dump.py description: Analyze static properties of. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: pip package_name: dotnetfile_dump.py salt_state_path: remnux/python3-packages/dotnetfile.sls remnux_docs: covered: true category: Examine Static Properties > .NET description: Analyze static properties of. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/.net website: https://github.com/pan-unit42/dotnetfile anchor: dotnetfile has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: dotpeek name: dotPeek aliases: [] description: Free JetBrains .NET decompiler — alternative to ILSpy for viewing .NET source in_remnux: false platform: windows sources: for610: covered: true description: Free JetBrains .NET decompiler — alternative to ILSpy for viewing .NET source category: dotnet-analysis labs: [] sections: - 4 typical_usage: - dotPeek.exe assembly.exe tags: - dotnet - decompiler - jetbrains salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: droidlysis name: droidlysis aliases: - remnux-python3-packages-droidlysis description: Perform static analysis of Android applications. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: pip package_name: remnux-python3-packages-droidlysis salt_state_path: remnux/python3-packages/droidlysis.sls remnux_docs: covered: true category: Examine Static Properties > General description: Perform static analysis of Android applications. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general website: https://github.com/cryptax/droidlysis anchor: droidlysis has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: edb-debugger name: edb-debugger aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: edb-debugger salt_state_path: remnux/packages/edb-debugger.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: emldump-py name: emldump.py aliases: - emldump description: Parse and analyze EML email message files in_remnux: true platform: linux sources: for610: covered: true description: Parse and analyze EML email message files category: document-analysis labs: [] sections: - 3 typical_usage: - emldump.py message.eml tags: - email - eml - didier-stevens author: Didier Stevens salt_states: covered: false remnux_docs: covered: true category: Analyze Documents > Email Messages description: Parse and analyze EML files. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/email+messages website: https://blog.didierstevens.com/2020/11/29/update-emldump-py-version-0-0-11/ anchor: emldump.py has_for610_coverage: true has_remnux_docs: true has_salt_state: false help_tier: rich - id: enchant name: enchant aliases: - remnux-packages-enchant - enchant-2 description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: remnux-packages-enchant salt_state_path: remnux/packages/enchant.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: epic-irc-client name: EPIC IRC Client aliases: [] description: Examine IRC activities with this IRC client. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: Explore Network Interactions > Connecting description: Examine IRC activities with this IRC client. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/connecting website: https://www.epicsol.org/ has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: epic5 name: epic5 aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: epic5 salt_state_path: remnux/packages/epic5.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: evilclippy name: evilclippy aliases: [] description: Remove VBA project password protection and manipulate Office macro settings in_remnux: true platform: both sources: for610: covered: true description: Remove VBA project password protection and manipulate Office macro settings category: document-analysis labs: [] sections: - 3 typical_usage: - evilclippy -uu document.docm tags: - office - vba - password-removal salt_states: covered: true install_method: apt package_name: remnux-packages-evilclippy salt_state_path: remnux/packages/evilclippy.sls remnux_docs: covered: true category: Analyze Documents > Microsoft Office description: Modify aspects of Microsoft Office documents. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office website: https://github.com/outflanknl/EvilClippy anchor: evilclippy has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: evince name: evince aliases: [] description: View documents in a variety of formats, including PDF. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: evince salt_state_path: remnux/packages/evince.sls remnux_docs: covered: true category: View or Edit Files description: View documents in a variety of formats, including PDF. docs_url: https://docs.remnux.org/discover-the-tools/view+or+edit+files website: https://wiki.gnome.org/Apps/Evince anchor: evince has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: ex-pe-xor name: ex-pe-xor aliases: - ex-pe-xor.py description: Search an XOR'ed file for indications of executable binaries. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: script package_name: ex-pe-xor.py salt_state_path: remnux/scripts/ex-pe-xor.sls remnux_docs: covered: true category: Examine Static Properties > Deobfuscation description: Search an XOR'ed file for indications of executable binaries. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation website: https://hooked-on-mnemonics.blogspot.com/2014/04/expexorpy.html anchor: ex_pe_xor.py has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: exeinfo-pe name: ExeInfo PE aliases: - ExeInfoPE - ExeInfo description: Identify tools and packers used to create PE executables in_remnux: false platform: windows sources: for610: covered: true description: Identify tools and packers used to create PE executables category: static-analysis-pe labs: - '3.12' sections: - 1 - 3 typical_usage: - ExeInfoPE.exe specimen.exe tags: - pe - packer-detection salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: exfat-utils name: exfat-utils aliases: - remnux-packages-exfat-utils - exfatprogs description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: remnux-packages-exfat-utils salt_state_path: remnux/packages/exfat-utils.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: exiftool name: exiftool aliases: [] description: Extract metadata from files (PDF, images, documents, executables) in_remnux: true platform: linux sources: for610: covered: true description: Extract metadata from files (PDF, images, documents, executables) category: static-analysis-pe labs: [] sections: - 1 typical_usage: - exiftool document.pdf - exiftool specimen.exe tags: - metadata - triage salt_states: covered: true install_method: perl package_name: perl salt_state_path: remnux/perl-packages/exiftool.sls remnux_docs: covered: true category: Examine Static Properties > General description: Tool to read from, write to, and edit EXIF metadata of various file types. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general website: https://exiftool.org/ anchor: exiftool has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: fakedns name: fakedns aliases: [] description: Fake DNS server that resolves all queries to a specified IP for traffic interception in_remnux: true platform: linux sources: for610: covered: true description: Fake DNS server that resolves all queries to a specified IP for traffic interception category: network-analysis labs: - '1.3' - '1.6' - '1.7' - '1.8' sections: - 1 typical_usage: - fakedns tags: - dns - spoofing - interception - lab-setup salt_states: covered: true install_method: manual package_name: fakedns.py salt_state_path: remnux/tools/fakedns.sls remnux_docs: covered: true category: Explore Network Interactions > Services description: Respond to DNS queries with the specified IP address. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/services website: https://github.com/SocialExploits/fakedns/blob/main/fakedns.py anchor: fakedns has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: fakemail name: fakemail aliases: - remnux-python3-packages-fakemail description: Intercept and examine SMTP email activity with this fake SMTP server. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: pip package_name: remnux-python3-packages-fakemail salt_state_path: remnux/python3-packages/fakemail.sls remnux_docs: covered: true category: Explore Network Interactions > Services description: Intercept and examine SMTP email activity with this fake SMTP server. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/services website: https://hg.sr.ht/~olly/fakemail anchor: fakemail has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: fakenet-ng name: fakenet-ng aliases: - remnux-python3-package-fakenet-ng - git+https://github.com/mandiant/flare-fakenet-ng.git@{{ - '{{' description: Emulate network services (HTTP, DNS, SMTP, FTP) to intercept and analyze malware traffic dynamically in_remnux: true platform: linux sources: for610: covered: true typical_usage: - fakenet - fakenet -c custom_config.ini tags: - network - emulation - dynamic-analysis - c2 description: Emulate network services (HTTP, DNS, SMTP, FTP) to intercept and analyze malware traffic dynamically salt_states: covered: true install_method: pip package_name: remnux-python3-packages-xlmmacrodeobfuscator salt_state_path: remnux/python3-packages/xlmmacrodeobfuscator.sls remnux_docs: covered: true category: Explore Network Interactions > Services description: Emulate common network services and interact with malware. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/services website: https://github.com/mandiant/flare-fakenet-ng anchor: fakenet-ng has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: feh name: feh aliases: [] description: Lightweight image viewer for viewing extracted images from documents in_remnux: true platform: linux sources: for610: covered: true description: Lightweight image viewer for viewing extracted images from documents category: utilities labs: - '3.1' sections: - 3 typical_usage: - feh extracted_image.jpg tags: - image-viewer salt_states: covered: true install_method: apt package_name: feh salt_state_path: remnux/packages/feh.sls remnux_docs: covered: true category: View or Edit Files description: View images. docs_url: https://docs.remnux.org/discover-the-tools/view+or+edit+files website: https://feh.finalrewind.org anchor: feh has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: fiddler name: Fiddler aliases: [] description: HTTP/HTTPS debugging proxy for intercepting, inspecting, and modifying web traffic in_remnux: false platform: windows sources: for610: covered: true description: HTTP/HTTPS debugging proxy for intercepting, inspecting, and modifying web traffic category: network-analysis labs: - '3.2' - '3.8' - '3.9' - '3.10' - '3.11' - '3.12' - '4.5' sections: - 3 - 4 typical_usage: - Fiddler.exe tags: - http - https - proxy - web-traffic salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: file name: file aliases: [] description: Determine file type and MIME type using magic bytes in_remnux: true platform: linux sources: for610: covered: true description: Determine file type and MIME type using magic bytes category: static-analysis-pe labs: - '3.4' - '3.5' sections: - 3 typical_usage: - file specimen.exe - file document.doc tags: - file-identification - triage salt_states: covered: true install_method: apt package_name: file salt_state_path: remnux/packages/file.sls remnux_docs: covered: true category: Examine Static Properties > General description: Identify file type using "magic" numbers. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general website: https://github.com/file/file anchor: file has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: file-magic-py name: file-magic.py aliases: [] description: Identify file types using the Python magic module. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: Examine Static Properties > General description: Identify file types using the Python magic module. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general website: https://blog.didierstevens.com/2018/07/11/new-tool-file-magic-py/ has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: filescan-io name: FileScan.IO aliases: [] description: Online malware analysis sandbox with multi-format support in_remnux: false platform: online sources: for610: covered: true description: Online malware analysis sandbox with multi-format support category: online-platforms labs: [] sections: - 1 typical_usage: - https://filescan.io tags: - sandbox - online salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: firefox name: firefox aliases: [] description: Web browser. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: firefox salt_state_path: remnux/packages/firefox.sls remnux_docs: covered: true category: General Utilities description: Web browser. docs_url: https://docs.remnux.org/discover-the-tools/general+utilities website: https://www.mozilla.org/firefox/ anchor: firefox has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: flare-floss name: flare-floss aliases: - remnux-packages-flare-floss description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: remnux-packages-flare-floss salt_state_path: remnux/packages/flare-floss.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: flex name: flex aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: flex salt_state_path: remnux/packages/flex.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: floss name: FLOSS aliases: - floss description: Automatically extract obfuscated strings from malware using static analysis, stack strings, and emulation in_remnux: true platform: both sources: for610: covered: true description: Automatically extract obfuscated strings from malware using static analysis, stack strings, and emulation category: string-deobfuscation labs: - '5.2' - '5.3' sections: - 5 typical_usage: - floss specimen.exe - floss specimen.exe > strings-output.txt - floss --no-static -- specimen.exe tags: - strings - deobfuscation - automated salt_states: covered: false remnux_docs: covered: true category: Examine Static Properties > Deobfuscation description: Extract and deobfuscate strings from PE executables. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation website: https://github.com/mandiant/flare-floss anchor: floss has_for610_coverage: true has_remnux_docs: true has_salt_state: false help_tier: rich - id: format-bytes-py name: format-bytes.py aliases: [] description: Decompose structured binary data with format strings. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: Examine Static Properties > Deobfuscation description: Decompose structured binary data with format strings. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation website: https://blog.didierstevens.com/2020/02/17/update-format-bytes-py-version-0-0-13/ has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: frida name: Frida aliases: [] description: Dynamic instrumentation toolkit — hook and trace running processes, intercept function calls in real time in_remnux: true platform: linux sources: for610: covered: true typical_usage: - frida -l hook.js - frida-trace -i 'recv*' - frida-ps -U tags: - dynamic - instrumentation - hooking - tracing description: Dynamic instrumentation toolkit — hook and trace running processes, intercept function calls in real time salt_states: covered: false remnux_docs: covered: true category: Dynamically Reverse-Engineer Code > General description: Trace the execution of a process to analyze its behavior. docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/general website: https://frida.re has_for610_coverage: true has_remnux_docs: true has_salt_state: false help_tier: rich - id: galculator name: galculator aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: galculator salt_state_path: remnux/packages/galculator.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: gdb name: gdb aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: gdb salt_state_path: remnux/packages/gdb.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: gdm3 name: gdm3 aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: unknown package_name: gdm3 salt_state_path: remnux/theme/core/gdm3.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: ghidra name: Ghidra aliases: [] description: Open-source disassembler and decompiler from NSA with scripting, function graphs, and data type management in_remnux: true platform: both sources: for610: covered: true description: Open-source disassembler and decompiler from NSA with scripting, function graphs, and data type management category: code-analysis labs: - '2.1' - '2.2' - '2.3' - '2.4' - '2.5' - '2.6' - '2.7' - '2.8' - '4.9' - '5.2' - '5.4' - '5.5' - '5.6' - '5.7' - '5.9' sections: - 2 - 4 - 5 typical_usage: - ghidra tags: - disassembly - decompilation - code-analysis - function-graph salt_states: covered: true install_method: manual package_name: ghidrassist-mcp salt_state_path: remnux/tools/ghidrassist-mcp.sls remnux_docs: covered: true category: Statically Analyze Code > General description: Software reverse engineering tool suite. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/general website: https://ghidra-sre.org anchor: ghidra has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: ghidrassistmcp name: GhidrAssistMCP aliases: [] description: MCP server for AI-assisted reverse engineering in Ghidra. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: Use Artificial Intelligence description: MCP server for AI-assisted reverse engineering in Ghidra. docs_url: https://docs.remnux.org/discover-the-tools/use+artificial+intelligence website: https://github.com/jtang613/GhidrAssistMCP has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: gift name: gift aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: unknown package_name: gift salt_state_path: remnux/repos/gift.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: git name: git aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: git salt_state_path: remnux/packages/git.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: gnome-calculator name: GNOME Calculator aliases: [] description: Calculator. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: General Utilities description: Calculator. docs_url: https://docs.remnux.org/discover-the-tools/general+utilities website: https://wiki.gnome.org/Apps/Calculator has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: gnome-session name: gnome-session aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: unknown package_name: gnome-session salt_state_path: remnux/theme/core/gnome-session.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: gnome-shell-extensions name: gnome-shell-extensions aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: unknown package_name: gnome-shell-extensions salt_state_path: remnux/theme/core/gnome-shell-extensions.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: gnome-terminal name: gnome-terminal aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: unknown package_name: gnome-terminal salt_state_path: remnux/theme/core/gnome-terminal.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: gnome-tweaks name: gnome-tweaks aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: unknown package_name: gnome-tweaks salt_state_path: remnux/theme/core/gnome-tweaks.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: gnu-wget name: GNU Wget aliases: [] description: Interact with servers via HTTP, HTTPS, FTP, and FTPS using this command-line tool. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: Explore Network Interactions > Connecting description: Interact with servers via HTTP, HTTPS, FTP, and FTPS using this command-line tool. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/connecting website: https://www.gnu.org/software/wget/ has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: gnutls-bin name: gnutls-bin aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: gnutls-bin salt_state_path: remnux/packages/gnutls-bin.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: goresym name: goresym aliases: - GoReSym description: Extract metadata and symbols from Go binaries, including stripped ones. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: manual package_name: GoReSym salt_state_path: remnux/tools/goresym.sls remnux_docs: covered: true category: Examine Static Properties > Go description: Extract metadata and symbols from Go binaries, including stripped ones. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/go website: https://github.com/mandiant/GoReSym anchor: goresym has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: graphviz name: graphviz aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: graphviz salt_state_path: remnux/packages/graphviz.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: grub-kvm name: grub-kvm aliases: - update-grub description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: unknown package_name: update-grub salt_state_path: remnux/config/grub-kvm.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: guest-tools name: guest-tools aliases: - open-vm-tools-desktop - qemu-guest-agent - spice-vdagent description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: manual package_name: open-vm-tools-desktop salt_state_path: remnux/theme/core/guest-tools.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: gunzip name: gunzip aliases: [] description: Decompress gzip-compressed data (often used in multi-stage payload extraction) in_remnux: true platform: linux sources: for610: covered: true description: Decompress gzip-compressed data (often used in multi-stage payload extraction) category: utilities labs: - '3.4' sections: - 3 typical_usage: - gunzip -c compressed.gz > output.bin tags: - compression - extraction salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: hachoir name: Hachoir aliases: [] description: View, edit, and carve contents of various binary file types. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: Examine Static Properties > General description: View, edit, and carve contents of various binary file types. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general website: https://github.com/vstinner/hachoir has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: hash-id name: Hash ID aliases: [] description: Identify different types of hashes. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: Examine Static Properties > General description: Identify different types of hashes. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general website: https://github.com/blackploit/hash-identifier has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: hex-to-bin-py name: hex-to-bin.py aliases: [] description: Convert hexadecimal text dumps to binary data. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: Examine Static Properties > Deobfuscation description: Convert hexadecimal text dumps to binary data. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation website: https://blog.didierstevens.com/2020/04/19/update-hex-to-bin-py-version-0-0-5/ has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: hexdump name: hexdump aliases: [] description: Display file content in hexadecimal format in_remnux: true platform: linux sources: for610: covered: true description: Display file content in hexadecimal format category: utilities labs: [] sections: - 1 typical_usage: - hexdump -C binary.dat tags: - hex - binary-viewing salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: httpd name: httpd aliases: - accept-all-ips description: Simple HTTP server on REMnux for simulating C2 web servers in_remnux: true platform: linux sources: for610: covered: true description: Simple HTTP server on REMnux for simulating C2 web servers category: network-analysis labs: - '1.3' - '1.6' - '1.8' sections: - 1 typical_usage: - httpd tags: - http - web-server - c2-simulation - lab-setup salt_states: covered: true install_method: script package_name: accept-all-ips salt_state_path: remnux/scripts/accept-all-ips.sls remnux_docs: covered: true category: Explore Network Interactions > Services description: Accept connections to all IPv4 and IPv6 addresses and redirect it to the corresponding local port. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/services website: https://github.com/REMnux/distro/blob/master/files/accept-all-ips anchor: accept-all-ips has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: hybrid-analysis name: Hybrid Analysis aliases: [] description: CrowdStrike automated sandbox for malware detonation and behavioral reporting in_remnux: false platform: online sources: for610: covered: true description: CrowdStrike automated sandbox for malware detonation and behavioral reporting category: online-platforms labs: [] sections: - 1 typical_usage: - https://hybrid-analysis.com tags: - sandbox - behavioral - crowdstrike salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: i386-architecture name: i386-architecture aliases: - libc6 - i386 - dpkg description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: libc6 salt_state_path: remnux/packages/i386-architecture.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: ibus name: ibus aliases: [] description: Adjust input methods for the GUI. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: ibus salt_state_path: remnux/packages/ibus.sls remnux_docs: covered: true category: General Utilities description: Adjust input methods for the GUI. docs_url: https://docs.remnux.org/discover-the-tools/general+utilities website: https://github.com/ibus/ibus anchor: ibus has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: ida name: IDA aliases: - IDA Pro - IDA Freeware description: Commercial interactive disassembler and debugger from Hex-Rays in_remnux: false platform: both sources: for610: covered: true description: Commercial interactive disassembler and debugger from Hex-Rays category: code-analysis labs: [] sections: - 2 typical_usage: - ida64.exe specimen.exe tags: - disassembly - decompilation - commercial salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: ilspy name: ILSpy aliases: [] description: .NET assembly decompiler — view C#/VB.NET source from compiled .NET binaries in_remnux: true platform: windows sources: for610: covered: true description: .NET assembly decompiler — view C#/VB.NET source from compiled .NET binaries category: dotnet-analysis labs: - '3.12' - '4.8' sections: - 3 - 4 typical_usage: - ILSpy.exe assembly.exe tags: - dotnet - decompiler - csharp salt_states: covered: true install_method: apt package_name: ilspycmd salt_state_path: remnux/packages/ilspy.sls remnux_docs: covered: true category: Statically Analyze Code > .NET description: Examine and decompile. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/.net website: https://github.com/icsharpcode/ILSpy anchor: ilspy has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: ilspycmd name: ilspycmd aliases: [] description: Command-line .NET decompiler (CLI version of ILSpy) in_remnux: true platform: linux sources: for610: covered: true description: Command-line .NET decompiler (CLI version of ILSpy) category: dotnet-analysis labs: - '4.8' sections: - 4 typical_usage: - ilspycmd assembly.exe > decompiled.cs tags: - dotnet - decompiler - cli salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: imagemagick name: imagemagick aliases: [] description: View and manipulate image and related files. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: imagemagick salt_state_path: remnux/packages/imagemagick.sls remnux_docs: covered: true category: View or Edit Files description: View and manipulate image and related files. docs_url: https://docs.remnux.org/discover-the-tools/view+or+edit+files website: https://imagemagick.org/ anchor: imagemagick has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: inetsim name: INetSim aliases: [] description: Emulate internet services (HTTP, HTTPS, DNS, FTP, SMTP) for malware analysis in isolated labs in_remnux: true platform: linux sources: for610: covered: true description: Emulate internet services (HTTP, HTTPS, DNS, FTP, SMTP) for malware analysis in isolated labs category: network-analysis labs: - '1.7' sections: - 1 typical_usage: - inetsim tags: - service-emulation - network-simulation - lab-setup salt_states: covered: true install_method: apt package_name: remnux-packages-inetsim salt_state_path: remnux/packages/inetsim.sls remnux_docs: covered: true category: Explore Network Interactions > Services description: Emulate common network services and interact with malware. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/services website: https://www.inetsim.org/ anchor: inetsim has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: inspircd name: inspircd aliases: - remnux-packages-inspircd-install description: Examine IRC activity with this IRC server. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: remnux-packages-inspircd-install salt_state_path: remnux/packages/inspircd.sls remnux_docs: covered: true category: Explore Network Interactions > Services description: Examine IRC activity with this IRC server. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/services website: https://www.inspircd.org/ anchor: inspircd-3 has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: intezer-analyze name: Intezer Analyze aliases: [] description: Automated code analysis platform for malware classification using code reuse detection in_remnux: false platform: online sources: for610: covered: true description: Automated code analysis platform for malware classification using code reuse detection category: online-platforms labs: [] sections: - 1 typical_usage: - https://analyze.intezer.com tags: - code-reuse - classification - automated salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: ioc-parser name: ioc-parser aliases: - remnux-python3-packages-ioc-parser - git+https://github.com/buffer/ioc_parser.git - iocp description: Extract indicators of compromise (IOCs) from PDF reports and text files in_remnux: true platform: linux sources: for610: covered: true typical_usage: - ioc_parser tags: - ioc - extraction - threat-intel description: Extract indicators of compromise (IOCs) from PDF reports and text files salt_states: covered: true install_method: pip package_name: remnux-python3-packages-ioc-parser salt_state_path: remnux/python3-packages/ioc-parser.sls remnux_docs: covered: true category: Gather and Analyze Data description: Extract IOCs from security report PDFs. docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data website: https://github.com/buffer/ioc_parser anchor: ioc_parser has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: iproute2 name: iproute2 aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: iproute2 salt_state_path: remnux/packages/iproute2.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: iptables name: iptables aliases: [] description: Linux firewall and NAT tool for redirecting IP-based malware traffic in_remnux: true platform: linux sources: for610: covered: true description: Linux firewall and NAT tool for redirecting IP-based malware traffic category: network-analysis labs: - '1.8' sections: - 1 typical_usage: - iptables -t nat -A PREROUTING -i ens32 -j REDIRECT tags: - firewall - nat - traffic-redirection salt_states: covered: true install_method: apt package_name: iptables salt_state_path: remnux/packages/iptables.sls remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: true help_tier: rich - id: iputils-ping name: iputils-ping aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: iputils-ping salt_state_path: remnux/packages/iputils-ping.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: ipwhois name: ipwhois aliases: [] description: Retrieve and parse whois data for IP addresses. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: Gather and Analyze Data description: Retrieve and parse whois data for IP addresses. docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data website: https://github.com/secynic/ipwhois has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: ipython3 name: ipython3 aliases: - remnux-packages-ipython3 description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: remnux-packages-ipython3 salt_state_path: remnux/packages/ipython3.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: jadx name: jadx aliases: - jadx-gui description: Decompile Android DEX/APK to Java source code with a GUI or command line in_remnux: true platform: linux sources: for610: covered: true typical_usage: - jadx -d output/ - jadx-gui tags: - android - dex - java - decompilation description: Decompile Android DEX/APK to Java source code with a GUI or command line salt_states: covered: true install_method: manual package_name: jadx salt_state_path: remnux/tools/jadx.sls remnux_docs: covered: true category: Statically Analyze Code > Android description: Generate Java source code from Dalvik Executable (dex) and Android APK files. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/android website: https://github.com/skylot/jadx anchor: jadx has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: java-idx-parser name: java-idx-parser aliases: - idx_parser.py description: Analyze Java IDX files. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: script package_name: idx_parser.py salt_state_path: remnux/scripts/java-idx-parser.sls remnux_docs: covered: true category: Statically Analyze Code > Java description: Analyze Java IDX files. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/java website: https://github.com/digitalsleuth/Java_IDX_Parser anchor: java-idx-parser has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: javassist name: Javassist aliases: [] description: Java bytecode engineering toolkit/library. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: Statically Analyze Code > Java description: Java bytecode engineering toolkit/library. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/java website: https://www.javassist.org/ has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: jd-gui name: jd-gui aliases: [] description: Visual Java decompiler with GUI — browse and search decompiled JAR/class files in_remnux: true platform: linux sources: for610: covered: true typical_usage: - jd-gui tags: - java - decompilation - gui description: Visual Java decompiler with GUI — browse and search decompiled JAR/class files salt_states: covered: true install_method: manual package_name: jd-gui salt_state_path: remnux/tools/jd-gui.sls remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: true help_tier: rich - id: jd-gui-java-decompiler name: JD-GUI Java Decompiler aliases: [] description: Java decompiler with GUI. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: Statically Analyze Code > Java description: Java decompiler with GUI. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/java website: https://java-decompiler.github.io/ has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: jq name: jq aliases: [] description: Command-line JSON processor for extracting and transforming structured data in_remnux: true platform: linux sources: for610: covered: true description: Command-line JSON processor for extracting and transforming structured data category: utilities labs: - '1.4' sections: - 1 typical_usage: - cat report.json | jq '.apis' - jq -r '.entry' report.json tags: - json - data-processing salt_states: covered: true install_method: apt package_name: jq salt_state_path: remnux/packages/jq.sls remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: true help_tier: rich - id: js-beautify name: js-beautify aliases: [] description: Format and beautify obfuscated JavaScript code for readability in_remnux: true platform: linux sources: for610: covered: true description: Format and beautify obfuscated JavaScript code for readability category: javascript-analysis labs: - '3.6' - '4.5' sections: - 3 typical_usage: - js-beautify malicious.js > beautified.js tags: - javascript - formatting - readability salt_states: covered: true install_method: pip package_name: remnux-python3-packages-jsbeautifier salt_state_path: remnux/python3-packages/jsbeautifier.sls remnux_docs: covered: true category: Statically Analyze Code > Scripts description: Reformat JavaScript scripts for easier analysis. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/scripts website: https://beautifier.io/ anchor: js-beautifier has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: jstillery name: jstillery aliases: - remnux-node-packages-jstillery - git+https://github.com/mindedsecurity/JStillery.git description: Deobfuscate JavaScript scripts using AST and Partial Evaluation techniques. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: npm package_name: remnux-node-packages-jstillery salt_state_path: remnux/node-packages/jstillery.sls remnux_docs: covered: true category: Dynamically Reverse-Engineer Code > Scripts description: Deobfuscate JavaScript scripts using AST and Partial Evaluation techniques. docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/scripts website: https://github.com/mindedsecurity/jstillery anchor: jstillery has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: lame name: lame aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: lame salt_state_path: remnux/packages/lame.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: libboost-dev name: libboost-dev aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: libboost-dev salt_state_path: remnux/packages/libboost-dev.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: libboost-python-dev name: libboost-python-dev aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: libboost-python-dev salt_state_path: remnux/packages/libboost-python-dev.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: libboost-system-dev name: libboost-system-dev aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: libboost-system-dev salt_state_path: remnux/packages/libboost-system-dev.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: libdpkg-perl name: libdpkg-perl aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: libdpkg-perl salt_state_path: remnux/packages/libdpkg-perl.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: libemail-outlook-message-perl name: libemail-outlook-message-perl aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: libemail-outlook-message-perl salt_state_path: remnux/packages/libemail-outlook-message-perl.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: libemu name: libemu aliases: - libemu-dev - ldconfig description: A library for x86 code emulation and shellcode detection. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: libemu salt_state_path: remnux/packages/libemu.sls remnux_docs: covered: true category: Dynamically Reverse-Engineer Code > Shellcode description: A library for x86 code emulation and shellcode detection. docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/shellcode website: https://github.com/buffer/libemu anchor: libemu has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: libffi-dev name: libffi-dev aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: libffi-dev salt_state_path: remnux/packages/libffi-dev.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: libfuse2 name: libfuse2 aliases: - remnux-packages-libfuse2 - libfuse2t64 description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: remnux-packages-libfuse2 salt_state_path: remnux/packages/libfuse2.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: libfuzzy-dev name: libfuzzy-dev aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: libfuzzy-dev salt_state_path: remnux/packages/libfuzzy-dev.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: libfuzzy2 name: libfuzzy2 aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: libfuzzy2 salt_state_path: remnux/packages/libfuzzy2.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: libglib2 name: libglib2 aliases: - remnux-packages-libglib2 - libglib2.0-0t64 description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: remnux-packages-libglib2 salt_state_path: remnux/packages/libglib2.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: libglu1-mesa-dev name: libglu1-mesa-dev aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: libglu1-mesa-dev salt_state_path: remnux/packages/libglu1-mesa-dev.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: libgraphviz-dev name: libgraphviz-dev aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: libgraphviz-dev salt_state_path: remnux/packages/libgraphviz-dev.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: libgtk-3-0 name: libgtk-3-0 aliases: - remnux-packages-libgtk-3-0 - libgtk-3-0t64 description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: remnux-packages-libgtk-3-0 salt_state_path: remnux/packages/libgtk-3-0.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: libjavassist-java name: libjavassist-java aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: libjavassist-java salt_state_path: remnux/packages/libjavassist-java.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: libjpeg-dev name: libjpeg-dev aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: libjpeg-dev salt_state_path: remnux/packages/libjpeg-dev.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: libjpeg8-dev name: libjpeg8-dev aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: libjpeg8-dev salt_state_path: remnux/packages/libjpeg8-dev.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: liblzma-dev name: liblzma-dev aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: liblzma-dev salt_state_path: remnux/packages/liblzma-dev.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: liblzo2-dev name: liblzo2-dev aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: liblzo2-dev salt_state_path: remnux/packages/liblzo2-dev.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: libmagic-dev name: libmagic-dev aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: libmagic-dev salt_state_path: remnux/packages/libmagic-dev.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: libmysqlclient21 name: libmysqlclient21 aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: libmysqlclient21 salt_state_path: remnux/packages/libmysqlclient21.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: libncurses name: libncurses aliases: - libncurses-dev description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: libncurses salt_state_path: remnux/packages/libncurses.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: libnetfilter-queue-dev name: libnetfilter-queue-dev aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: libnetfilter-queue-dev salt_state_path: remnux/packages/libnetfilter-queue-dev.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: libnfnetlink-dev name: libnfnetlink-dev aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: libnfnetlink-dev salt_state_path: remnux/packages/libnfnetlink-dev.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: libolecf name: libolecf aliases: [] description: Microsoft Office OLE2 compound documents. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: libolecf salt_state_path: remnux/packages/libolecf.sls remnux_docs: covered: true category: Analyze Documents > Microsoft Office description: Microsoft Office OLE2 compound documents. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office website: https://github.com/libyal/libolecf anchor: libolecf has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: libpq5 name: libpq5 aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: libpq5 salt_state_path: remnux/packages/libpq5.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: libqt5scripttools5 name: libqt5scripttools5 aliases: - remnux-package-libqt5scripttools5 description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: remnux-package-libqt5scripttools5 salt_state_path: remnux/packages/libqt5scripttools5.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: libre2 name: libre2 aliases: - remnux-packages-libre2 - libre2-10 description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: remnux-packages-libre2 salt_state_path: remnux/packages/libre2.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: libsm6 name: libsm6 aliases: - remnux-packages-libsm6 description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: remnux-packages-libsm6 salt_state_path: remnux/packages/libsm6.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: libsqlite3-dev name: libsqlite3-dev aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: libsqlite3-dev salt_state_path: remnux/packages/libsqlite3-dev.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: libssl-dev name: libssl-dev aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: libssl-dev salt_state_path: remnux/packages/libssl-dev.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: libtool name: libtool aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: libtool salt_state_path: remnux/packages/libtool.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: libtre5 name: libtre5 aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: libtre5 salt_state_path: remnux/packages/libtre5.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: libusb-1 name: libusb-1 aliases: - libusb-1.0-0 description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: libusb-1.0-0 salt_state_path: remnux/packages/libusb-1.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: libxml2-dev name: libxml2-dev aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: libxml2-dev salt_state_path: remnux/packages/libxml2-dev.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: libxslt1-dev name: libxslt1-dev aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: libxslt1-dev salt_state_path: remnux/packages/libxslt1-dev.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: lief name: lief aliases: - remnux-python3-packages-lief description: Parse and analyze PE, ELF, MachO, DEX, OAT, VDEX, ART, and DWARF executable formats. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: pip package_name: remnux-python3-packages-lief salt_state_path: remnux/python3-packages/lief.sls remnux_docs: covered: true category: Examine Static Properties > General description: Parse and analyze PE, ELF, MachO, DEX, OAT, VDEX, ART, and DWARF executable formats. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general website: https://lief.re anchor: lief has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: linux-headers name: linux-headers aliases: - linux-headers-generic - remnux-packages-linux-headers - linux-headers-{{ description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: linux-headers-generic salt_state_path: remnux/packages/linux-headers.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: logman name: logman aliases: [] description: Windows Event Trace session manager — enable AMSI script content logging in_remnux: false platform: windows sources: for610: covered: true description: Windows Event Trace session manager — enable AMSI script content logging category: powershell-analysis labs: - '3.6' sections: - 3 typical_usage: - logman start AMSITrace -p Microsoft-Antimalware-Scan-Interface Event1 -o AMSITrace.etl -ets - logman stop AMSITrace -ets tags: - amsi - event-tracing - monitoring salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: ltrace name: ltrace aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: ltrace salt_state_path: remnux/packages/ltrace.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: magika name: magika aliases: - remnux-python3-packages-magika-install description: Identify file type using signatures. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: pip package_name: remnux-python3-packages-magika-install salt_state_path: remnux/python3-packages/magika.sls remnux_docs: covered: true category: Examine Static Properties > General description: Identify file type using signatures. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general website: https://google.github.io/magika anchor: magika has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: mail-parser name: mail-parser aliases: - remnux-python3-packages-mail-parser description: Parse raw SMTP email messages and extract headers, body, and attachments in_remnux: true platform: linux sources: for610: covered: true typical_usage: - python3 -c "import mailparser; mail = mailparser.parse_from_file(''); print(mail.subject)" tags: - email - parsing - attachments description: Parse raw SMTP email messages and extract headers, body, and attachments salt_states: covered: true install_method: pip package_name: remnux-python3-packages-mail-parser salt_state_path: remnux/python3-packages/mail-parser.sls remnux_docs: covered: true category: Analyze Documents > Email Messages description: Parse raw SMTP and. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/email+messages website: https://github.com/SpamScope/mail-parser anchor: mail-parser has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: malcat name: malcat aliases: - remnux-tools-malcat-pip-deps description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: manual package_name: remnux-tools-malcat-pip-deps salt_state_path: remnux/tools/malcat.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: malcat-lite name: Malcat Lite aliases: [] description: Analyze binary files using a hex editor, disassembler, and file dissector. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: Examine Static Properties > General description: Analyze binary files using a hex editor, disassembler, and file dissector. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general website: https://malcat.fr has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: malchive name: Malchive aliases: [] description: Multi-purpose malware analysis library — config extraction, deobfuscation, and static analysis in_remnux: true platform: linux sources: for610: covered: true typical_usage: - malchive tags: - malware - config-extraction - deobfuscation description: Multi-purpose malware analysis library — config extraction, deobfuscation, and static analysis salt_states: covered: false remnux_docs: covered: true category: Examine Static Properties > Deobfuscation description: Perform static analysis of various aspects of malicious code. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation website: https://github.com/MITRECND/malchive has_for610_coverage: true has_remnux_docs: true has_salt_state: false help_tier: rich - id: malwarebazaar name: MalwareBazaar aliases: [] description: Malware sample sharing platform by abuse.ch in_remnux: false platform: online sources: for610: covered: true description: Malware sample sharing platform by abuse.ch category: online-platforms labs: [] sections: - 1 typical_usage: - https://bazaar.abuse.ch tags: - sample-sharing - repository salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: malwoverview name: malwoverview aliases: - remnux-python3-packages-malwoverview-install description: Query VirusTotal, Hybrid Analysis, and MalwareBazaar for malware intelligence in_remnux: true platform: linux sources: for610: covered: true typical_usage: - malwoverview -v - malwoverview -f tags: - threat-intel - virustotal - malware-bazaar description: Query VirusTotal, Hybrid Analysis, and MalwareBazaar for malware intelligence salt_states: covered: true install_method: pip package_name: remnux-python3-packages-malwoverview-install salt_state_path: remnux/python3-packages/malwoverview.sls remnux_docs: covered: true category: Gather and Analyze Data description: Query public repositories of malware data (e. docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data website: https://github.com/alexandreborges/malwoverview anchor: malwoverview has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: manalyze name: manalyze aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: manalyze salt_state_path: remnux/packages/manalyze.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: mbcscan name: mbcscan aliases: [] description: Scan a PE file to list the associated Malware Behavior Catalog (MBC) details. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: Statically Analyze Code > PE Files description: Scan a PE file to list the associated Malware Behavior Catalog (MBC) details. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/pe-files website: https://github.com/accidentalrebel/mbcscan has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: mercurial name: mercurial aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: mercurial salt_state_path: remnux/packages/mercurial.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: microsoft name: microsoft aliases: - deb description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: unknown package_name: deb salt_state_path: remnux/repos/winehq.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: microsoft-vscode name: microsoft-vscode aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: unknown package_name: microsoft-vscode salt_state_path: remnux/repos/microsoft-vscode.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: mitmproxy name: mitmproxy aliases: [] description: Interactive HTTPS proxy for intercepting, inspecting, and modifying encrypted web traffic in_remnux: true platform: linux sources: for610: covered: true typical_usage: - mitmproxy - mitmdump -w capture.flow - mitmproxy --mode transparent tags: - network - https - proxy - tls - interception description: Interactive HTTPS proxy for intercepting, inspecting, and modifying encrypted web traffic salt_states: covered: false remnux_docs: covered: true category: Explore Network Interactions > Monitoring description: Investigate website interactions using this web proxy. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring website: https://mitmproxy.org has_for610_coverage: true has_remnux_docs: true has_salt_state: false help_tier: rich - id: mono name: mono aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: unknown package_name: mono salt_state_path: remnux/repos/mono.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: mono-devel name: mono-devel aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: mono-devel salt_state_path: remnux/packages/mono-devel.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: mono-utils name: mono-utils aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: mono-utils salt_state_path: remnux/packages/mono-utils.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: monodis name: monodis aliases: [] description: Disassemble and extract resources from. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: Examine Static Properties > .NET description: Disassemble and extract resources from. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/.net website: https://www.mono-project.com/docs/tools+libraries/tools/monodis/ has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: msg-extractor name: msg-extractor aliases: - remnux-python3-packages-extract-msg - extract_msg description: Extract emails and attachments from Microsoft Outlook MSG files in_remnux: true platform: linux sources: for610: covered: true typical_usage: - extract_msg - extract_msg --out-dir output/ tags: - email - msg - outlook - attachments description: Extract emails and attachments from Microsoft Outlook MSG files salt_states: covered: true install_method: pip package_name: remnux-python3-packages-extract-msg salt_state_path: remnux/python3-packages/msg-extractor.sls remnux_docs: covered: true category: Analyze Documents > Email Messages description: Extract emails and attachments from MSG files. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/email+messages website: https://github.com/TeamMsgExtractor/msg-extractor anchor: msg-extractor has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: msgconvert name: msgconvert aliases: [] description: Convert MSG files to MBOX files. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: Analyze Documents > Email Messages description: Convert MSG files to MBOX files. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/email+messages website: https://www.matijs.net/software/msgconv/ has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: msitools name: msitools aliases: [] description: Create, inspect and extract Windows Installer (. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: msitools salt_state_path: remnux/packages/msitools.sls remnux_docs: covered: true category: Examine Static Properties > General description: Create, inspect and extract Windows Installer (. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general website: https://wiki.gnome.org/msitools anchor: msitools has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: msoffcrypto-crack-py name: msoffcrypto-crack.py aliases: [] description: Recover the password of an encrypted Microsoft Office document. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: Analyze Documents > Microsoft Office description: Recover the password of an encrypted Microsoft Office document. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office website: https://blog.didierstevens.com/2018/12/31/new-tool-msoffcrypto-crack-py/ has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: msoffcrypto-tool name: msoffcrypto-tool aliases: - remnux-python3-packages-msoffcrypto-tool description: Decrypt password-protected Microsoft Office documents (OLE and OOXML) in_remnux: true platform: linux sources: for610: covered: true typical_usage: - msoffcrypto-tool -p infected - msoffcrypto-tool -p password tags: - office - decryption - password description: Decrypt password-protected Microsoft Office documents (OLE and OOXML) salt_states: covered: true install_method: pip package_name: remnux-python3-packages-msoffcrypto-tool salt_state_path: remnux/python3-packages/msoffcrypto-tool.sls remnux_docs: covered: true category: Analyze Documents > Microsoft Office description: Decrypt a Microsoft Office file with password, intermediate key, or private key which generated its escrow key. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office website: https://github.com/nolze/msoffcrypto-tool anchor: msoffcrypto-tool has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: msoffice-crypt name: msoffice-crypt aliases: [] description: Encrypt and decrypt OOXML Microsoft Office documents. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: msoffice-crypt salt_state_path: remnux/packages/msoffice-crypt.sls remnux_docs: covered: true category: Analyze Documents > Microsoft Office description: Encrypt and decrypt OOXML Microsoft Office documents. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office website: https://github.com/herumi/msoffice anchor: msoffice-crypt has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: myip name: myip aliases: [] description: Determine the IP address of the default network interface. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: script package_name: myip salt_state_path: remnux/scripts/myip.sls remnux_docs: covered: true category: General Utilities description: Determine the IP address of the default network interface. docs_url: https://docs.remnux.org/discover-the-tools/general+utilities website: https://github.com/REMnux/distro/blob/master/files/myip anchor: myip has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: myjson-filter-py name: myjson-filter.py aliases: [] description: Filter data formatted using the JSON format used by Didier Stevens' tools. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: General Utilities description: Filter data formatted using the JSON format used by Didier Stevens' tools. docs_url: https://docs.remnux.org/discover-the-tools/general+utilities website: https://blog.didierstevens.com/2022/04/09/new-tool-myjson-filter-py/ has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: mynic name: mynic aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: script package_name: mynic salt_state_path: remnux/scripts/mynic.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: name-that-hash name: name-that-hash aliases: - remnux-python3-packages-name-that-hash-install - nth description: Identify dfferent types of hashes. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: pip package_name: remnux-python3-packages-name-that-hash-install salt_state_path: remnux/python3-packages/name-that-hash.sls remnux_docs: covered: true category: Examine Static Properties > General description: Identify dfferent types of hashes. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general website: https://github.com/HashPals/Name-That-Hash anchor: name-that-hash has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: nano name: nano aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: nano salt_state_path: remnux/packages/nano.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: nasm name: nasm aliases: [] description: An x86-64 assembler. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: nasm salt_state_path: remnux/packages/nasm.sls remnux_docs: covered: true category: General Utilities description: An x86-64 assembler. docs_url: https://docs.remnux.org/discover-the-tools/general+utilities website: https://www.nasm.us anchor: nasm has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: nautilus name: nautilus aliases: [] description: Graphical file manager. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: nautilus salt_state_path: remnux/packages/nautilus.sls remnux_docs: covered: true category: General Utilities description: Graphical file manager. docs_url: https://docs.remnux.org/discover-the-tools/general+utilities website: https://gitlab.gnome.org/GNOME/nautilus anchor: nautilus has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: ndg-httpsclient name: ndg-httpsclient aliases: - remnux-python3-packages-ndg-httpsclient - ndg_httpclient description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: pip package_name: remnux-python3-packages-ndg-httpsclient salt_state_path: remnux/python3-packages/ndg-httpsclient.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: net-tools name: net-tools aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: net-tools salt_state_path: remnux/packages/net-tools.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: netcat name: nc aliases: - netcat description: Network utility for reading/writing data across TCP/UDP connections in_remnux: true platform: both sources: for610: covered: true description: Network utility for reading/writing data across TCP/UDP connections category: network-analysis labs: [] sections: - 1 typical_usage: - nc -l -p 3127 - nc target_ip 80 tags: - network - tcp - listener salt_states: covered: true install_method: apt package_name: netcat-traditional salt_state_path: remnux/packages/netcat.sls remnux_docs: covered: true category: Explore Network Interactions > Connecting description: Read and write data across network connections. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/connecting website: https://nc110.sourceforge.io/ anchor: netcat has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: network-miner-free-edition name: Network Miner Free Edition aliases: [] description: Examine network traffic and carve PCAP capture files. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: Explore Network Interactions > Monitoring description: Examine network traffic and carve PCAP capture files. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring website: https://www.netresec.com has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: networkminer name: networkminer aliases: [] description: Passive network traffic analyzer — extracts files, images, credentials from PCAP captures in_remnux: true platform: linux sources: for610: covered: true typical_usage: - NetworkMiner --pcap tags: - network - pcap - file-carving - passive description: Passive network traffic analyzer — extracts files, images, credentials from PCAP captures salt_states: covered: true install_method: manual package_name: networkminer salt_state_path: remnux/tools/networkminer.sls remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: true help_tier: rich - id: nginx name: nginx aliases: [] description: Web server. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: unknown package_name: nginx salt_state_path: remnux/config/nginx.sls remnux_docs: covered: true category: Explore Network Interactions > Services description: Web server. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/services website: https://nginx.org anchor: nginx has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: ngrep name: ngrep aliases: [] description: Search network traffic for patterns — like grep for packets in_remnux: true platform: linux sources: for610: covered: true typical_usage: - ngrep -I 'password' - ngrep -d eth0 'GET|POST' 'tcp port 80' tags: - network - search - pattern-matching description: Search network traffic for patterns — like grep for packets salt_states: covered: true install_method: apt package_name: ngrep salt_state_path: remnux/packages/ngrep.sls remnux_docs: covered: true category: Explore Network Interactions > Monitoring description: Look for patterns in network traffic. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring website: https://github.com/jpr5/ngrep/ anchor: ngrep has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: nodejs name: nodejs aliases: - remnux-packages-nodejs description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: npm package_name: remnux-packages-nodejs salt_state_path: remnux/packages/nodejs.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: nomorexor name: nomorexor aliases: - nomorexor.py description: Help guess a file's 256-byte XOR by using frequency analysis. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: script package_name: nomorexor.py salt_state_path: remnux/scripts/nomorexor.sls remnux_docs: covered: true category: Examine Static Properties > Deobfuscation description: Help guess a file's 256-byte XOR by using frequency analysis. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation website: https://github.com/digitalsleuth/NoMoreXOR anchor: nomorexor.py has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: notepadpp name: Notepad++ aliases: [] description: Advanced Windows text editor with syntax highlighting for script analysis in_remnux: false platform: windows sources: for610: covered: true description: Advanced Windows text editor with syntax highlighting for script analysis category: utilities labs: - '3.6' - '3.8' - '3.9' - '3.10' - '3.11' - '3.12' - '4.5' sections: - 3 - 4 typical_usage: - notepad++ script.ps1 tags: - editor - windows salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: nslookup name: nslookup aliases: [] description: DNS query tool for testing name resolution in_remnux: true platform: both sources: for610: covered: true description: DNS query tool for testing name resolution category: network-analysis labs: - '1.3' sections: - 1 typical_usage: - nslookup domain.com tags: - dns - testing salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: nsrllookup name: nsrllookup aliases: [] description: Look up MD5 file hashes in the NIST National Software Reference Library (NSRL). in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: Gather and Analyze Data description: Look up MD5 file hashes in the NIST National Software Reference Library (NSRL). docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data website: https://github.com/rjhansen/nsrllookup has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: numbers-to-string-py name: numbers-to-string.py aliases: [] description: Convert sequences of decimal numbers to readable characters in_remnux: true platform: linux sources: for610: covered: true description: Convert sequences of decimal numbers to readable characters category: document-analysis labs: - '3.3' sections: - 3 typical_usage: - oledump.py doc.docm -s A3 -v | numbers-to-string.py -j tags: - decoding - deobfuscation - didier-stevens author: Didier Stevens salt_states: covered: false remnux_docs: covered: true category: Examine Static Properties > General description: Convert decimal numbers to strings. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general website: https://blog.didierstevens.com/2020/12/12/update-numbers-to-string-py-version-0-0-11/ anchor: numbers-to-string has_for610_coverage: true has_remnux_docs: true has_salt_state: false help_tier: rich - id: objdump name: objdump aliases: [] description: Disassemble binary files. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: Statically Analyze Code > General description: Disassemble binary files. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/general website: https://en.wikipedia.org/wiki/Objdump has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: objects-js name: objects.js aliases: [] description: Emulate common browser and PDF viewer objects, methods, and properties when deobfuscating JavaScript. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: Dynamically Reverse-Engineer Code > Scripts description: Emulate common browser and PDF viewer objects, methods, and properties when deobfuscating JavaScript. docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/scripts website: https://github.com/REMnux/salt-states/blob/master/remnux/config/objects/objects.js has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: oledump-py name: oledump.py aliases: - oledump description: Analyze OLE2 files (Office documents), extract streams and VBA macros in_remnux: true platform: linux sources: for610: covered: true description: Analyze OLE2 files (Office documents), extract streams and VBA macros category: document-analysis labs: - '3.3' - '3.4' - '4.5' sections: - 3 - 4 typical_usage: - oledump.py document.docm - oledump.py document.docm -s A3 -v - oledump.py document.docm -i tags: - office - vba - macro - ole - didier-stevens author: Didier Stevens salt_states: covered: false remnux_docs: covered: true category: Analyze Documents > Microsoft Office description: Analyze OLE2 Structured Storage files. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office website: https://blog.didierstevens.com/programs/oledump-py/ anchor: oledump.py has_for610_coverage: true has_remnux_docs: true has_salt_state: false help_tier: rich - id: olefile name: olefile aliases: - remnux-python3-packages-olefile-package - python3-olefile description: Python package to parse, read and write MS OLE2 files. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: pip package_name: remnux-python3-packages-olefile-package salt_state_path: remnux/python3-packages/olefile.sls remnux_docs: covered: true category: Analyze Documents > Microsoft Office description: Python package to parse, read and write MS OLE2 files. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office website: https://github.com/decalage2/olefile anchor: olefile has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: olevba name: olevba aliases: [] description: Extract and analyze VBA macros from Office documents with deobfuscation in_remnux: true platform: linux sources: for610: covered: true description: Extract and analyze VBA macros from Office documents with deobfuscation category: document-analysis labs: [] sections: - 3 typical_usage: - olevba document.docm - olevba --deobf document.docm tags: - office - vba - macro - deobfuscation salt_states: covered: true install_method: pip package_name: remnux-python3-packages-oletools salt_state_path: remnux/python3-packages/oletools.sls remnux_docs: covered: true category: Analyze Documents > Microsoft Office description: Microsoft Office OLE2 compound documents. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office website: https://www.decalage.info/python/oletools anchor: oletools has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: ollydbg name: OllyDbg aliases: [] description: Classic 32-bit debugger for Windows (legacy, predecessor to x32dbg) in_remnux: false platform: windows sources: for610: covered: true description: Classic 32-bit debugger for Windows (legacy, predecessor to x32dbg) category: debugging labs: [] sections: - 4 - 5 typical_usage: - ollydbg.exe specimen.exe tags: - debugger - 32-bit - legacy salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: ollydumpex name: OllyDumpEx aliases: [] description: x64dbg/x32dbg plugin for dumping unpacked process memory to disk in_remnux: false platform: windows sources: for610: covered: true description: x64dbg/x32dbg plugin for dumping unpacked process memory to disk category: unpacking labs: - '4.3' - '5.4' - '5.8' sections: - 4 - 5 typical_usage: - Plugins > OllyDumpEx > Dump process tags: - memory-dump - x64dbg-plugin - unpacking salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: onedump-py name: onedump.py aliases: [] description: Extract and analyze embedded files from OneNote documents. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: Analyze Documents > Microsoft Office description: Extract and analyze embedded files from OneNote documents. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office website: https://blog.didierstevens.com/2023/01/22/new-tool-onedump-py/ has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: opencode name: opencode aliases: [] description: Open-source AI coding agent for the terminal. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: unknown package_name: opencode salt_state_path: remnux/config/opencode.sls remnux_docs: covered: true category: Use Artificial Intelligence description: Open-source AI coding agent for the terminal. docs_url: https://docs.remnux.org/discover-the-tools/use+artificial+intelligence website: https://opencode.ai anchor: opencode has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: openjdk name: openjdk aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: unknown package_name: openjdk salt_state_path: remnux/repos/openjdk.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: openssh name: openssh aliases: - openssh-client - openssh-server description: Initiate and receive SSH and SFTP connections. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: openssh-client salt_state_path: remnux/packages/openssh.sls remnux_docs: covered: true category: General Utilities description: Initiate and receive SSH and SFTP connections. docs_url: https://docs.remnux.org/discover-the-tools/general+utilities website: https://www.openssh.com anchor: openssh has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: openssl name: openssl aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: openssl salt_state_path: remnux/packages/openssl.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: origami name: origamindee aliases: - origami - therubyracer description: Parse, modify, generate PDF files. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: gem package_name: origamindee salt_state_path: remnux/rubygems/origamindee.sls remnux_docs: covered: true category: Analyze Documents > PDF description: Parse, modify, generate PDF files. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/pdf website: https://github.com/mindee/origamindee anchor: origamindee has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: osarch name: osarch aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: unknown package_name: osarch salt_state_path: remnux/osarch.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: otx name: Open Threat Exchange aliases: - OTX - LevelBlue Labs description: Threat intelligence sharing platform for indicators of compromise in_remnux: false platform: online sources: for610: covered: true description: Threat intelligence sharing platform for indicators of compromise category: online-platforms labs: [] sections: - 1 typical_usage: - https://otx.alienvault.com tags: - threat-intel - ioc-sharing salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: pcode2code name: pcode2code aliases: - remnux-python3-packages-pcode2code description: Decompile VBA p-code from Office documents — works even when VBA source is removed in_remnux: true platform: linux sources: for610: covered: true typical_usage: - pcode2code tags: - office - vba - p-code - decompilation description: Decompile VBA p-code from Office documents — works even when VBA source is removed salt_states: covered: true install_method: pip package_name: remnux-python3-packages-pcode2code salt_state_path: remnux/python3-packages/pcode2code.sls remnux_docs: covered: true category: Analyze Documents > Microsoft Office description: Decompile VBA macro p-code from Microsoft Office documents. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office website: https://github.com/Big5-sec/pcode2code anchor: pcode2code has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: pcodedmp name: pcodedmp aliases: - remnux-python3-packages-pcodedmp description: Disassemble VBA p-code. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: pip package_name: remnux-python3-packages-pcodedmp salt_state_path: remnux/python3-packages/pcodedmp.sls remnux_docs: covered: true category: Analyze Documents > Microsoft Office description: Disassemble VBA p-code. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office website: https://github.com/bontchev/pcodedmp anchor: pcodedmp has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: pdf-parser-py name: pdf-parser.py aliases: - pdf-parser description: Parse PDF structure, locate objects, extract content, and search for strings in_remnux: true platform: linux sources: for610: covered: true description: Parse PDF structure, locate objects, extract content, and search for strings category: pdf-analysis labs: - '3.1' sections: - 1 - 3 typical_usage: - pdf-parser.py document.pdf -a - pdf-parser.py document.pdf -s /URI - pdf-parser.py document.pdf -k /URI - pdf-parser.py document.pdf -o 6 -d object6.jpg tags: - pdf - static-analysis - object-extraction - didier-stevens author: Didier Stevens salt_states: covered: false remnux_docs: covered: true category: Analyze Documents > PDF description: Examine elements of the PDF file. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/pdf website: https://blog.didierstevens.com/programs/pdf-tools/ anchor: pdf-parser.py has_for610_coverage: true has_remnux_docs: true has_salt_state: false help_tier: rich - id: pdfid-py name: pdfid.py aliases: - pdfid description: Scan PDF files for suspicious keywords like /JavaScript, /OpenAction, /Launch without parsing in_remnux: true platform: linux sources: for610: covered: true description: Scan PDF files for suspicious keywords like /JavaScript, /OpenAction, /Launch without parsing category: pdf-analysis labs: - '3.1' sections: - 1 - 3 typical_usage: - pdfid.py document.pdf - pdfid.py -n document.pdf tags: - pdf - static-analysis - triage - didier-stevens author: Didier Stevens salt_states: covered: false remnux_docs: covered: true category: Analyze Documents > PDF description: Identify suspicious elements of the PDF file. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/pdf website: https://blog.didierstevens.com/programs/pdf-tools/ anchor: pdfid.py has_for610_coverage: true has_remnux_docs: true has_salt_state: false help_tier: rich - id: pdfresurrect name: pdfresurrect aliases: [] description: Extract and analyze previous versions from PDF files in_remnux: true platform: linux sources: for610: covered: true description: Extract and analyze previous versions from PDF files category: pdf-analysis labs: [] sections: - 1 typical_usage: - pdfresurrect document.pdf tags: - pdf - versioning salt_states: covered: true install_method: apt package_name: pdfresurrect salt_state_path: remnux/packages/pdfresurrect.sls remnux_docs: covered: true category: Analyze Documents > PDF description: Extract previous versions of content from PDF files. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/pdf website: https://github.com/enferex/pdfresurrect anchor: pdfresurrect has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: pdftk name: pdftk aliases: [] description: Manipulate PDF files — merge, split, flatten, encrypt, and extract embedded content in_remnux: true platform: linux sources: for610: covered: true description: Manipulate PDF files — merge, split, flatten, encrypt, and extract embedded content category: pdf-analysis labs: [] sections: - 3 typical_usage: - pdftk input.pdf cat output output.pdf flatten - pdftk input.pdf unpack_files tags: - pdf - manipulation - extraction salt_states: covered: true install_method: apt package_name: pdftk-java salt_state_path: remnux/packages/pdftk-java.sls remnux_docs: covered: true category: Analyze Documents > PDF description: Edit, create, and examine PDF files. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/pdf website: https://gitlab.com/pdftk-java/pdftk anchor: pdftk-java has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: pdftool-py name: pdftool.py aliases: [] description: Analyze PDF incremental updates in_remnux: true platform: linux sources: for610: covered: true description: Analyze PDF incremental updates category: pdf-analysis labs: [] sections: - 1 typical_usage: - pdftool.py document.pdf tags: - pdf - didier-stevens author: Didier Stevens salt_states: covered: false remnux_docs: covered: true category: Analyze Documents > PDF description: Analyze PDF files to identify incremental updates to the document. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/pdf website: https://blog.didierstevens.com/2021/01/31/new-tool-pdftool-py/ anchor: pdftool.py has_for610_coverage: true has_remnux_docs: true has_salt_state: false help_tier: rich - id: pdnstool name: pdnstool aliases: - sqlite3-gem - passivedns-client - sqlite3 description: Query passive DNS databases for DNS data. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: remnux-packages-sqlite salt_state_path: remnux/packages/sqlite.sls remnux_docs: covered: true category: Gather and Analyze Data description: Query passive DNS databases for DNS data. docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data website: https://github.com/chrislee35/passivedns-client anchor: pdnstool has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: pe-tree name: pe-tree aliases: - remnux-python3-packages-pe-tree - pe_tree description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: pip package_name: remnux-python3-packages-pe-tree salt_state_path: remnux/python3-packages/pe-tree.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: pe-unmapper name: pe_unmapper aliases: [] description: Convert dumped PE from virtual memory alignment to raw disk alignment in_remnux: false platform: windows sources: for610: covered: true description: Convert dumped PE from virtual memory alignment to raw disk alignment category: unpacking labs: - '5.10' sections: - 5 typical_usage: - pe_unmapper /in dumped.exe /base 400000 /out fixed.exe tags: - pe-fixup - memory-dump - alignment salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: pedump name: pedump aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: gem package_name: pedump salt_state_path: remnux/rubygems/pedump.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: peepdf name: peepdf aliases: [] description: Interactive PDF analysis framework with JavaScript detection and exploitation capabilities in_remnux: true platform: linux sources: for610: covered: true description: Interactive PDF analysis framework with JavaScript detection and exploitation capabilities category: pdf-analysis labs: [] sections: - 1 typical_usage: - peepdf -i malicious.pdf - peepdf -f -i malicious.pdf tags: - pdf - interactive - javascript-detection salt_states: covered: true install_method: pip package_name: remnux-python3-packages-peepdf-3 salt_state_path: remnux/python3-packages/peepdf-3.sls remnux_docs: covered: true category: Analyze Documents > PDF description: Examine elements of the PDF file. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/pdf website: https://github.com/digitalsleuth/peepdf-3 anchor: peepdf-3 has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: peframe name: peframe aliases: [] description: Static analysis of PE files — extract properties, detect anomalies, identify packers in_remnux: true platform: linux sources: for610: covered: true description: Static analysis of PE files — extract properties, detect anomalies, identify packers category: static-analysis-pe labs: - '1.1' - '4.8' sections: - 1 - 4 typical_usage: - peframe specimen.exe tags: - pe - static-analysis - triage salt_states: covered: true install_method: pip package_name: remnux-python3-packages-peframe salt_state_path: remnux/python3-packages/peframe.sls remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: true help_tier: rich - id: perl name: perl aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: perl salt_state_path: remnux/packages/perl.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: pestr name: pestr aliases: [] description: Extract ASCII and Unicode strings from PE files in_remnux: true platform: linux sources: for610: covered: true description: Extract ASCII and Unicode strings from PE files category: static-analysis-pe labs: - '1.1' - '4.8' sections: - 1 - 4 typical_usage: - pestr specimen.exe tags: - pe - strings - static-analysis salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: pestudio name: PeStudio aliases: [] description: GUI tool for examining static properties of PE files — imports, strings, sections, entropy, indicators in_remnux: false platform: windows sources: for610: covered: true description: GUI tool for examining static properties of PE files — imports, strings, sections, entropy, indicators category: static-analysis-pe labs: - '1.1' - '1.5' - '2.7' - '3.10' - '3.12' - '4.1' - '4.2' - '4.3' - '4.7' - '4.8' - '5.3' - '5.4' - '5.8' - '5.9' - '5.10' sections: - 1 - 2 - 3 - 4 - 5 typical_usage: - pestudio.exe specimen.exe tags: - pe - static-analysis - imports - strings - entropy - triage salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: pgadmin name: pgadmin aliases: - remnux-packages-pgadmin4 - pgadmin4-desktop description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: unknown package_name: deb salt_state_path: remnux/repos/pgadmin4.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: pip name: pip aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: pip package_name: pip salt_state_path: remnux/python3-packages/pip.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: pkg-config name: pkg-config aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: pkg-config salt_state_path: remnux/packages/pkg-config.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: polarproxy name: polarproxy aliases: [] description: Transparent TLS proxy that decrypts traffic and saves it as PCAP for analysis in Wireshark in_remnux: true platform: linux sources: for610: covered: true typical_usage: - PolarProxy -p 443,80 -w captured.pcap tags: - network - tls - decryption - pcap description: Transparent TLS proxy that decrypts traffic and saves it as PCAP for analysis in Wireshark salt_states: covered: true install_method: manual package_name: polarproxy salt_state_path: remnux/tools/polarproxy.sls remnux_docs: covered: true category: Explore Network Interactions > Monitoring description: Intercept and decrypt TLS traffic. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring website: https://www.netresec.com anchor: polarproxy has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: portex name: portex aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: portex salt_state_path: remnux/packages/portex.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: powershell name: powershell aliases: [] description: Run PowerShell scripts and commands. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: powershell salt_state_path: remnux/packages/powershell.sls remnux_docs: covered: true category: Dynamically Reverse-Engineer Code > Scripts description: Run PowerShell scripts and commands. docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/scripts website: https://github.com/powershell/powershell anchor: powershell-core has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: powershell-ise name: PowerShell ISE aliases: - powershell_ise description: PowerShell Integrated Scripting Environment — debug scripts with breakpoints and variable inspection in_remnux: false platform: windows sources: for610: covered: true description: PowerShell Integrated Scripting Environment — debug scripts with breakpoints and variable inspection category: powershell-analysis labs: - '3.9' - '3.11' - '4.5' sections: - 3 - 4 typical_usage: - powershell_ise script.ps1 tags: - powershell - debugger - script-analysis salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: prefer-ipv4 name: prefer-ipv4 aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: unknown package_name: prefer-ipv4 salt_state_path: remnux/network/prefer-ipv4.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: procdot name: ProcDOT aliases: [] description: Visualize Process Monitor logs as interactive graphs for behavioral analysis in_remnux: true platform: both sources: for610: covered: true description: Visualize Process Monitor logs as interactive graphs for behavioral analysis category: behavioral-analysis labs: - '1.2' - '4.5' sections: - 1 - 4 typical_usage: - procdot tags: - visualization - process-monitor - behavioral salt_states: covered: false remnux_docs: covered: true category: Investigate System Interactions description: Visualize and examine the output of Process Monitor. docs_url: https://docs.remnux.org/discover-the-tools/investigate+system+interactions website: https://www.procdot.com anchor: procdot has_for610_coverage: true has_remnux_docs: true has_salt_state: false help_tier: rich - id: process-monitor name: Process Monitor aliases: - ProcMon - procmon description: Record file system, registry, process, and thread activity in real time in_remnux: false platform: windows sources: for610: covered: true description: Record file system, registry, process, and thread activity in real time category: behavioral-analysis labs: - '1.2' - '4.5' sections: - 1 - 4 typical_usage: - Procmon.exe tags: - filesystem - registry - process-monitoring - real-time salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: procyon name: Procyon aliases: [] description: Java decompiler. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: Statically Analyze Code > Java description: Java decompiler. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/java website: https://github.com/mstrobel/procyon has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: procyon-decompiler name: procyon-decompiler aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: procyon-decompiler salt_state_path: remnux/packages/procyon-decompiler.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: protobuf name: protobuf aliases: - remnux-python3-packages-protobuf-install description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: pip package_name: remnux-python3-packages-protobuf-install salt_state_path: remnux/python3-packages/protobuf.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: pycdc name: pycdc aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: pycdc salt_state_path: remnux/packages/pycdc.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: pyelftools name: pyelftools aliases: - remnux-python3-packages-pyelftools - readelf.py description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: pip package_name: remnux-python3-packages-pyelftools salt_state_path: remnux/python3-packages/pyelftools.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: pyinstaller-extractor name: pyinstaller-extractor aliases: - pyinstxtractor.py description: Extract contents of a PyInstaller-generated PE files. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: script package_name: pyinstxtractor.py salt_state_path: remnux/scripts/pyinstaller-extractor.sls remnux_docs: covered: true category: Statically Analyze Code > Python description: Extract contents of a PyInstaller-generated PE files. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/python website: https://github.com/extremecoders-re/pyinstxtractor anchor: pyinstaller-extractor has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: pyinstxtractor-ng name: pyinstxtractor-ng aliases: - remnux-python3-packages-pyinstxtractor-ng description: Extract contents of PyInstaller-generated executables without needing matching Python version in_remnux: true platform: linux sources: for610: covered: true typical_usage: - pyinstxtractor-ng tags: - python - pyinstaller - extraction description: Extract contents of PyInstaller-generated executables without needing matching Python version salt_states: covered: true install_method: pip package_name: remnux-python3-packages-pyinstxtractor-ng salt_state_path: remnux/python3-packages/pyinstxtractor-ng.sls remnux_docs: covered: true category: Statically Analyze Code > Python description: Extract contents of PyInstaller-generated executables without requiring a matching Python version. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/python website: https://github.com/pyinstxtractor/pyinstxtractor-ng anchor: pyinstxtractor-ng has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: python-debian name: python-debian aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: pip package_name: python-debian salt_state_path: remnux/python3-packages/python-debian.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: python3 name: python3 aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: python3 salt_state_path: remnux/packages/python3.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: python3-cryptography name: python3-cryptography aliases: - remnux-packages-python3-cryptography description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: remnux-packages-python3-cryptography salt_state_path: remnux/packages/python3-cryptography.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: python3-dev name: python3-dev aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: python3-dev salt_state_path: remnux/packages/python3-dev.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: python3-dnspython name: python3-dnspython aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: python3-dnspython salt_state_path: remnux/packages/python3-dnspython.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: python3-magic name: python3-magic aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: python3-magic salt_state_path: remnux/packages/python3-magic.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: python3-netifaces name: python3-netifaces aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: python3-netifaces salt_state_path: remnux/packages/python3-netifaces.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: python3-numpy name: python3-numpy aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: python3-numpy salt_state_path: remnux/packages/python3-numpy.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: python3-pil name: python3-pil aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: python3-pil salt_state_path: remnux/packages/python3-pil.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: python3-pip name: python3-pip aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: pip package_name: python3-pip salt_state_path: remnux/packages/python3-pip.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: python3-pyasn1 name: python3-pyasn1 aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: python3-pyasn1 salt_state_path: remnux/packages/python3-pyasn1.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: python3-pyqt5 name: python3-pyqt5 aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: python3-pyqt5 salt_state_path: remnux/packages/python3-pyqt5.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: python3-requests name: python3-requests aliases: - remnux-packages-python3-requests description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: remnux-packages-python3-requests salt_state_path: remnux/packages/python3-requests.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: python3-setuptools name: python3-setuptools aliases: - remnux-packages-python3-setuptools description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: remnux-packages-python3-setuptools salt_state_path: remnux/packages/python3-setuptools.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: python3-ssdeep name: python3-ssdeep aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: python3-ssdeep salt_state_path: remnux/packages/python3-ssdeep.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: python3-tk name: python3-tk aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: python3-tk salt_state_path: remnux/packages/python3-tk.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: python3-venv name: python3-venv aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: python3-venv salt_state_path: remnux/packages/python3-venv.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: python3-virtualenv name: python3-virtualenv aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: python3-virtualenv salt_state_path: remnux/packages/python3-virtualenv.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: python3-wheel name: python3-wheel aliases: - remnux-packages-python3-wheel description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: remnux-packages-python3-wheel salt_state_path: remnux/packages/python3-wheel.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: qiling name: qiling aliases: - remnux-python3-packages-qiling - qltool description: Multi-platform binary emulation framework — emulate PE, ELF, shellcode across OS/arch combinations in_remnux: true platform: linux sources: for610: covered: true typical_usage: - python3 -c "from qiling import Qiling; ql = Qiling([''], '/path/to/rootfs')" tags: - emulation - multi-platform - binary-analysis description: Multi-platform binary emulation framework — emulate PE, ELF, shellcode across OS/arch combinations salt_states: covered: true install_method: pip package_name: remnux-python3-packages-qiling salt_state_path: remnux/python3-packages/qiling.sls remnux_docs: covered: true category: Statically Analyze Code > General description: Emulate code execution of PE files, shellcode, etc. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/general website: https://www.qiling.io anchor: qiling has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: qpdf name: qpdf aliases: [] description: Decrypt, linearize, and transform PDF files — useful for removing password protection in_remnux: true platform: linux sources: for610: covered: true description: Decrypt, linearize, and transform PDF files — useful for removing password protection category: pdf-analysis labs: [] sections: - 3 typical_usage: - qpdf --decrypt encrypted.pdf output.pdf tags: - pdf - decryption - transformation salt_states: covered: true install_method: apt package_name: qpdf salt_state_path: remnux/packages/qpdf.sls remnux_docs: covered: true category: Analyze Documents > PDF description: Manipulate (merge, convert, transform) PDF files. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/pdf website: http://qpdf.sourceforge.net/ anchor: qpdf has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: qtbase5-dev name: qtbase5-dev aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: qtbase5-dev salt_state_path: remnux/packages/qtbase5-dev.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: radare2 name: radare2 aliases: - r2 description: Open-source reverse engineering command-line framework in_remnux: true platform: both sources: for610: covered: true description: Open-source reverse engineering command-line framework category: code-analysis labs: [] sections: - 2 typical_usage: - r2 specimen.exe tags: - disassembly - cli - open-source salt_states: covered: true install_method: apt package_name: remnux-radare2 salt_state_path: remnux/packages/radare2.sls remnux_docs: covered: true category: Dynamically Reverse-Engineer Code > General description: Examine binary files, including disassembling and debugging. docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/general website: https://www.radare.org/n/radare2.html anchor: radare2 has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: rar name: rar aliases: - unrar description: Extract RAR archives (including self-extracting RAR payloads) in_remnux: true platform: both sources: for610: covered: true description: Extract RAR archives (including self-extracting RAR payloads) category: utilities labs: - '3.5' sections: - 3 typical_usage: - rar x archive.rar tags: - archive - extraction salt_states: covered: true install_method: apt package_name: remnux-packages-unrar salt_state_path: remnux/packages/unrar.sls remnux_docs: covered: true category: General Utilities description: Decompress files using a variety of algorithms. docs_url: https://docs.remnux.org/discover-the-tools/general+utilities website: https://www.rarlab.com anchor: unrar-free has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: re-search-py name: re-search.py aliases: [] description: Search the file for built-in regular expressions of common suspicious artifacts. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: Examine Static Properties > General description: Search the file for built-in regular expressions of common suspicious artifacts. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general website: https://blog.didierstevens.com/2021/05/23/update-re-search-py-version-0-0-17/ has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: readpe name: pev aliases: - remnux-packages-pev - readpe description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: remnux-packages-pev salt_state_path: remnux/packages/pev.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: redress name: redress aliases: [] description: Analyze stripped Go binaries to recover symbols, types, source structure, and integrate with Radare2. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: manual package_name: redress salt_state_path: remnux/tools/redress.sls remnux_docs: covered: true category: Examine Static Properties > Go description: Analyze stripped Go binaries to recover symbols, types, source structure, and integrate with Radare2. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/go website: https://github.com/goretk/redress anchor: redress has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: refresh name: refresh aliases: - pkg.refresh_db description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: unknown package_name: pkg.refresh_db salt_state_path: remnux/repos/refresh.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: reg-export name: reg_export aliases: [] description: Extract registry key values to files — used to recover malware artifacts stored in registry in_remnux: false platform: windows sources: for610: covered: true description: Extract registry key values to files — used to recover malware artifacts stored in registry category: utilities labs: - '4.5' sections: - 4 typical_usage: - reg_export HKCU\software\keyname valuename output.js tags: - registry - extraction - windows author: Adam Kramer salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: regedit name: Regedit aliases: [] description: Windows Registry Editor for browsing and modifying registry keys in_remnux: false platform: windows sources: for610: covered: true description: Windows Registry Editor for browsing and modifying registry keys category: utilities labs: - '4.5' sections: - 4 typical_usage: - regedit.exe tags: - registry - windows salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: regshot name: Regshot aliases: [] description: Take and compare registry/filesystem snapshots before and after infection in_remnux: false platform: windows sources: for610: covered: true description: Take and compare registry/filesystem snapshots before and after infection category: behavioral-analysis labs: - '1.2' sections: - 1 typical_usage: - Regshot-x64-Unicode.exe tags: - registry - filesystem - snapshot - comparison salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: remnux name: remnux aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: manual package_name: remnux salt_state_path: remnux/tools/remnux-installer.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: remnux-installer name: REMnux Installer aliases: [] description: Install and update the REMnux distro. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: General Utilities description: Install and update the REMnux distro. docs_url: https://docs.remnux.org/discover-the-tools/general+utilities website: https://github.com/REMnux/distro/blob/master/files/remnux-installer.sh has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: remnux-mcp-server name: remnux-mcp-server aliases: - remnux-node-packages-remnux-mcp-server - '@remnux/mcp-server' description: MCP server for using the REMnux malware analysis toolkit via AI assistants. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: npm package_name: remnux-node-packages-remnux-mcp-server salt_state_path: remnux/node-packages/remnux-mcp-server.sls remnux_docs: covered: true category: Use Artificial Intelligence description: MCP server for using the REMnux malware analysis toolkit via AI assistants. docs_url: https://docs.remnux.org/discover-the-tools/use+artificial+intelligence website: https://github.com/REMnux/remnux-mcp-server anchor: remnux-mcp-server has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: remove-app-icons name: remove-app-icons aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: unknown package_name: remove-app-icons salt_state_path: remnux/theme/gnome-config/remove-app-icons.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: rhino name: rhino aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: rhino salt_state_path: remnux/packages/rhino.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: rsakeyfind name: rsakeyfind aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: rsakeyfind salt_state_path: remnux/packages/rsakeyfind.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: rsakeyfinder name: RSAKeyFinder aliases: [] description: Find BER-encoded RSA private keys in a memory image. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: Perform Memory Forensics description: Find BER-encoded RSA private keys in a memory image. docs_url: https://docs.remnux.org/discover-the-tools/perform+memory+forensics website: https://citp.princeton.edu/our-work/memory/ has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: rtfdump-py name: rtfdump.py aliases: - rtfdump description: Analyze RTF file structure, identify hex-encoded groups and embedded objects in_remnux: true platform: linux sources: for610: covered: true description: Analyze RTF file structure, identify hex-encoded groups and embedded objects category: document-analysis labs: - '3.5' sections: - 3 typical_usage: - rtfdump.py document.rtf - rtfdump.py document.rtf -s 5 -H -d > extracted.bin tags: - rtf - document - didier-stevens author: Didier Stevens salt_states: covered: false remnux_docs: covered: true category: Analyze Documents > Microsoft Office description: Analyze a suspicious RTF file. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office website: https://blog.didierstevens.com/2018/12/10/update-rtfdump-py-version-0-0-9/ anchor: rtfdump.py has_for610_coverage: true has_remnux_docs: true has_salt_state: false help_tier: rich - id: ruby name: ruby aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: ruby salt_state_path: remnux/packages/ruby.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: ruby-dev name: ruby-dev aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: ruby-dev salt_state_path: remnux/packages/ruby-dev.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: runsc32 name: runsc32 aliases: - runsc description: Execute extracted shellcode for dynamic analysis in_remnux: true platform: windows sources: for610: covered: true description: Execute extracted shellcode for dynamic analysis category: emulation labs: - '3.5' - '4.6' sections: - 3 - 4 typical_usage: - runsc32 -f shellcode.bin -o 0x3B -d qa.doc tags: - shellcode - execution - dynamic-analysis salt_states: covered: true install_method: apt package_name: remnux-packages-runsc salt_state_path: remnux/packages/runsc.sls remnux_docs: covered: true category: Dynamically Reverse-Engineer Code > Shellcode description: Run shellcode to trace and analyze its execution. docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/shellcode website: https://github.com/edygert/runsc anchor: runsc has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: salt-minion name: salt-minion aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: unknown package_name: salt-minion salt_state_path: remnux/config/salt-minion.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: sandfly-processdecloak name: sandfly-processdecloak aliases: [] description: Find hidden processes on the local Linux system. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: sandfly-processdecloak salt_state_path: remnux/packages/sandfly-processdecloak.sls remnux_docs: covered: true category: Investigate System Interactions description: Find hidden processes on the local Linux system. docs_url: https://docs.remnux.org/discover-the-tools/investigate+system+interactions website: https://github.com/sandflysecurity/sandfly-processdecloak anchor: sandfly-processdecloak has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: scalpel name: scalpel aliases: [] description: Carve contents out of binary files, such as partitions. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: scalpel salt_state_path: remnux/packages/scalpel.sls remnux_docs: covered: true category: Gather and Analyze Data description: Carve contents out of binary files, such as partitions. docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data website: https://github.com/sleuthkit/scalpel anchor: scalpel has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: scdbgc name: scdbgc aliases: - scdbg description: Shellcode emulator — analyze shellcode behavior through API-level emulation in_remnux: true platform: both sources: for610: covered: true description: Shellcode emulator — analyze shellcode behavior through API-level emulation category: emulation labs: - '3.4' - '3.5' - '4.6' sections: - 3 - 4 typical_usage: - scdbgc /f shellcode.bin /s -1 - scdbgc /f shellcode.bin /foff 0x3B /fopen qa.doc - scdbgc /f shellcode.bin /s -1 /norw tags: - shellcode - emulation - api-calls salt_states: covered: true install_method: apt package_name: remnux-packages-scdbg salt_state_path: remnux/packages/scdbg.sls remnux_docs: covered: true category: Dynamically Reverse-Engineer Code > Shellcode description: Analyze shellcode by emulating its execution. docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/shellcode website: http://sandsprite.com/blogs/index.php?uid=7&pid=152 anchor: scdbg has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: scite name: scite aliases: [] description: Edit text files. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: scite salt_state_path: remnux/packages/scite.sls remnux_docs: covered: true category: View or Edit Files description: Edit text files. docs_url: https://docs.remnux.org/discover-the-tools/view+or+edit+files website: https://www.scintilla.org/SciTE.html anchor: scite has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: scylla name: Scylla aliases: [] description: Dump processes from memory and reconstruct import address tables (IAT) in_remnux: false platform: windows sources: for610: covered: true description: Dump processes from memory and reconstruct import address tables (IAT) category: unpacking labs: - '4.2' - '4.3' - '5.4' - '5.8' - '5.10' sections: - 4 - 5 typical_usage: - Scylla x64 > Attach to process > Dump > IAT Autosearch > Fix Dump tags: - memory-dump - iat-reconstruction - unpacking salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: scyllahide name: ScyllaHide aliases: [] description: x64dbg/x32dbg plugin to hide debugger presence from anti-debugging checks in_remnux: false platform: windows sources: for610: covered: true description: x64dbg/x32dbg plugin to hide debugger presence from anti-debugging checks category: anti-analysis labs: - '5.3' - '5.6' sections: - 5 typical_usage: - Plugins > ScyllaHide > Options > Enable all tags: - anti-debugging - debugger-hiding - x64dbg-plugin salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: securitytrails name: SecurityTrails aliases: [] description: Historical DNS records and IP/domain intelligence in_remnux: false platform: online sources: for610: covered: true description: Historical DNS records and IP/domain intelligence category: online-platforms labs: [] sections: - 1 typical_usage: - https://securitytrails.com tags: - dns-history - domain-intel salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: setdllcharacteristics name: setdllcharacteristics aliases: [] description: Modify PE header flags — commonly used to disable ASLR (DynamicBase) in_remnux: false platform: windows sources: for610: covered: true description: Modify PE header flags — commonly used to disable ASLR (DynamicBase) category: unpacking labs: - '4.2' sections: - 4 typical_usage: - setdllcharacteristics -d specimen.exe tags: - pe-header - aslr - didier-stevens author: Didier Stevens salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: sets-py name: sets.py aliases: [] description: Perform set operations on lines or bytes in text files. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: Examine Static Properties > Deobfuscation description: Perform set operations on lines or bytes in text files. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation website: https://blog.didierstevens.com/2017/03/05/new-tool-sets-py/ has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: sharutils name: sharutils aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: sharutils salt_state_path: remnux/packages/sharutils.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: shcode2exe name: shcode2exe aliases: - shcode2exe.py description: Convert raw shellcode to a Windows PE executable for analysis in disassemblers in_remnux: true platform: linux sources: for610: covered: true typical_usage: - shcode2exe tags: - shellcode - conversion - pe description: Convert raw shellcode to a Windows PE executable for analysis in disassemblers salt_states: covered: true install_method: script package_name: shcode2exe.py salt_state_path: remnux/scripts/shcode2exe.sls remnux_docs: covered: true category: Dynamically Reverse-Engineer Code > Shellcode description: Convert 32 and 64-bit shellcode to a Windows executable file. docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/shellcode website: https://github.com/accidentalrebel/shcode2exe anchor: shcode2exe has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: shellcode2exe-bat name: shellcode2exe-bat aliases: - https://github.com/repnz/shellcode2exe.git - shellcode2exe.bat description: Convert 32 and 64-bit shellcode to a Windows executable file. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: manual package_name: https://github.com/repnz/shellcode2exe.git salt_state_path: remnux/tools/shellcode2exe-bat.sls remnux_docs: covered: true category: Dynamically Reverse-Engineer Code > Shellcode description: Convert 32 and 64-bit shellcode to a Windows executable file. docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/shellcode website: https://github.com/repnz/shellcode2exe anchor: shellcode2exe.bat has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: shodan name: Shodan aliases: [] description: Search engine for internet-connected devices and exposed services in_remnux: false platform: online sources: for610: covered: true description: Search engine for internet-connected devices and exposed services category: online-platforms labs: [] sections: - 1 typical_usage: - https://shodan.io tags: - infrastructure - reconnaissance salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: sift name: sift aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: unknown package_name: sift salt_state_path: remnux/repos/sift.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: signsrch name: signsrch aliases: [] description: Find patterns of common encryption, compression, or encoding algorithms. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: signsrch salt_state_path: remnux/packages/signsrch.sls remnux_docs: covered: true category: Examine Static Properties > General description: Find patterns of common encryption, compression, or encoding algorithms. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general website: http://aluigi.altervista.org/mytoolz.htm anchor: signsrch has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: sleuth-kit name: Sleuth Kit aliases: [] description: Analyze disk images and recover files from them. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: Examine Static Properties > General description: Analyze disk images and recover files from them. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general website: https://www.sleuthkit.org/sleuthkit has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: sleuthkit name: sleuthkit aliases: - remnux-packages-sleuthkit description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: remnux-packages-sleuthkit salt_state_path: remnux/packages/sleuthkit.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: snap name: snap aliases: - remnux-package-snap description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: remnux-package-snap salt_state_path: remnux/packages/snap.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: snapd name: snapd aliases: - remnux-package-snapd description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: remnux-package-snapd salt_state_path: remnux/packages/snapd.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: software-properties-common name: software-properties-common aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: software-properties-common salt_state_path: remnux/packages/software-properties-common.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: sortcanon-py name: sortcanon.py aliases: [] description: Sort text files using canonicalization functions built into this tool. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: General Utilities description: Sort text files using canonicalization functions built into this tool. docs_url: https://docs.remnux.org/discover-the-tools/general+utilities website: https://blog.didierstevens.com/2022/06/18/new-tool-sortcanon-py/ has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: speakeasy name: speakeasy aliases: [] description: Windows binary emulator — emulates API calls to analyze malware behavior without native execution in_remnux: true platform: linux sources: for610: covered: true description: Windows binary emulator — emulates API calls to analyze malware behavior without native execution category: emulation labs: - '1.4' sections: - 1 typical_usage: - speakeasy -t specimen.exe -o report.json 2> report.txt - speakeasy -t shellcode.bin -r -a x86 tags: - emulation - api-calls - behavioral-analysis salt_states: covered: true install_method: pip package_name: remnux-python3-packages-speakeasy salt_state_path: remnux/python3-packages/speakeasy.sls remnux_docs: covered: true category: Statically Analyze Code > PE Files description: Emulate code execution, including shellcode, Windows drivers, and Windows PE files. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/pe-files website: https://github.com/mandiant/speakeasy anchor: speakeasy has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: spidermonkey name: SpiderMonkey aliases: - js description: Mozilla JavaScript engine — execute and deobfuscate malicious JavaScript outside a browser in_remnux: true platform: linux sources: for610: covered: true description: Mozilla JavaScript engine — execute and deobfuscate malicious JavaScript outside a browser category: javascript-analysis labs: - '3.6' - '3.7' - '4.5' sections: - 3 - 4 typical_usage: - js -f malicious.js - js -f /usr/share/remnux/objects.js -f malicious.js > decoded.js tags: - javascript - deobfuscation - execution salt_states: covered: true install_method: pip package_name: stpyv8 salt_state_path: remnux/python3-packages/stpyv8.sls remnux_docs: covered: true category: Dynamically Reverse-Engineer Code > Scripts description: Python3 and JavaScript interop engine, fork of the original PyV8 project. docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/scripts website: https://github.com/cloudflare/stpyv8 anchor: stpyv8 has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: sqlite name: SQLite aliases: [] description: Manage and interact with SQL database files. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: General Utilities description: Manage and interact with SQL database files. docs_url: https://docs.remnux.org/discover-the-tools/general+utilities website: http://www.sqlite.org has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: ssdeep name: ssdeep aliases: [] description: Compute fuzzy hashes (CTPH) for finding similar files — useful for malware variant clustering in_remnux: true platform: linux sources: for610: covered: true typical_usage: - ssdeep - ssdeep -m - ssdeep -d tags: - hashing - fuzzy - similarity - clustering description: Compute fuzzy hashes (CTPH) for finding similar files — useful for malware variant clustering salt_states: covered: true install_method: apt package_name: ssdeep salt_state_path: remnux/packages/ssdeep.sls remnux_docs: covered: true category: Examine Static Properties > General description: Compute Context Triggered Piecewise Hashes (CTPH), also known as fuzzy hashes. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general website: https://ssdeep-project.github.io/ssdeep/index.html anchor: ssdeep has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: ssh name: ssh aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: unknown package_name: ssh salt_state_path: remnux/theme/ssh.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: ssview name: ssview aliases: [] description: Analyze OLE2 Structured Storage files. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: manual package_name: ssview salt_state_path: remnux/tools/ssview.sls remnux_docs: covered: true category: Analyze Documents > Microsoft Office description: Analyze OLE2 Structured Storage files. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office website: https://www.mitec.cz/ssv.html anchor: ssview has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: strace name: strace aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: strace salt_state_path: remnux/packages/strace.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: strdeob-pl name: strdeob.pl aliases: [] description: Automatically decode stack-built strings from disassembled malware in_remnux: true platform: linux sources: for610: covered: true description: Automatically decode stack-built strings from disassembled malware category: string-deobfuscation labs: - '5.2' sections: - 5 typical_usage: - strdeob.pl specimen.exe tags: - stack-strings - deobfuscation salt_states: covered: true install_method: script package_name: strdeob.pl salt_state_path: remnux/scripts/strdeob.sls remnux_docs: covered: true category: Examine Static Properties > Deobfuscation description: Locate and decode stack strings in executable files. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation website: https://github.com/REMnux/distro/blob/master/files/strdeob.pl anchor: strdeob.pl has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: strings name: strings aliases: [] description: Extract printable ASCII and Unicode strings from binary files in_remnux: true platform: linux sources: for610: covered: true description: Extract printable ASCII and Unicode strings from binary files category: static-analysis-pe labs: - '3.4' - '5.2' sections: - 1 - 3 typical_usage: - strings binary.exe - strings -n 10 binary.exe - strings --encoding=l binary.exe tags: - strings - static-analysis - triage salt_states: covered: false remnux_docs: covered: true category: Examine Static Properties > General description: Extract ASCII and Unicode strings from binary files with length sorting and filtering. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general website: https://blog.didierstevens.com/2020/12/19/update-strings-py-version-0-0-6/ anchor: strings.py has_for610_coverage: true has_remnux_docs: true has_salt_state: false help_tier: rich - id: subversion name: subversion aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: subversion salt_state_path: remnux/packages/subversion.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: sudo name: sudo aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: sudo salt_state_path: remnux/packages/sudo.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: sudoers name: sudoers aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: unknown package_name: sudoers salt_state_path: remnux/theme/sudoers.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: system-informer name: System Informer aliases: - Process Hacker description: Monitor processes, network connections, handles, and system resources in real time in_remnux: false platform: windows sources: for610: covered: true description: Monitor processes, network connections, handles, and system resources in real time category: behavioral-analysis labs: - '1.2' - '1.3' - '1.6' - '1.7' - '1.8' - '4.2' - '4.5' - '5.1' sections: - 1 - 4 - 5 typical_usage: - SystemInformer.exe tags: - process-monitoring - handles - network - real-time salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: tcpdump name: tcpdump aliases: [] description: Command-line packet capture tool in_remnux: true platform: linux sources: for610: covered: true description: Command-line packet capture tool category: network-analysis labs: [] sections: - 1 typical_usage: - tcpdump -i eth0 -w capture.pcap - tcpdump -r capture.pcap tags: - packet-capture - cli - network salt_states: covered: true install_method: apt package_name: tcpdump salt_state_path: remnux/packages/tcpdump.sls remnux_docs: covered: true category: Explore Network Interactions > Monitoring description: Capture and analyze network traffic with this command-line sniffer. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring website: https://www.tcpdump.org anchor: tcpdump has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: tcpflow name: tcpflow aliases: [] description: Extract and reassemble TCP streams from PCAP files into individual files in_remnux: true platform: linux sources: for610: covered: true typical_usage: - tcpflow -r -o output/ tags: - network - tcp - stream-extraction description: Extract and reassemble TCP streams from PCAP files into individual files salt_states: covered: true install_method: apt package_name: tcpflow salt_state_path: remnux/packages/tcpflow.sls remnux_docs: covered: true category: Explore Network Interactions > Monitoring description: Analyze the flow of network traffic. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring website: https://downloads.digitalcorpora.org/downloads/tcpflow/ anchor: tcpflow has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: tcpick name: tcpick aliases: [] description: Capture and analyze network traffic with this command-line sniffer. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: tcpick salt_state_path: remnux/packages/tcpick.sls remnux_docs: covered: true category: Explore Network Interactions > Monitoring description: Capture and analyze network traffic with this command-line sniffer. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring website: http://tcpick.sourceforge.net anchor: tcpick has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: tcplogview name: TcpLogView aliases: [] description: Log opened and closed TCP connections with process information in_remnux: false platform: windows sources: for610: covered: true description: Log opened and closed TCP connections with process information category: behavioral-analysis labs: [] sections: - 1 typical_usage: - TcpLogView.exe tags: - network - tcp - connection-logging salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: tcpxtract name: tcpxtract aliases: [] description: Carve files from network traffic using file signatures in_remnux: true platform: linux sources: for610: covered: true typical_usage: - tcpxtract -f -o output/ tags: - network - file-carving - pcap description: Carve files from network traffic using file signatures salt_states: covered: true install_method: apt package_name: tcpxtract salt_state_path: remnux/packages/tcpxtract.sls remnux_docs: covered: true category: Explore Network Interactions > Monitoring description: Extract files from network traffic. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring website: http://tcpxtract.sourceforge.net anchor: tcpxtract has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: tesseract-ocr name: tesseract-ocr aliases: [] description: Examine images to identify and extract text using optical character recognition (OCR). in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: tesseract-ocr salt_state_path: remnux/packages/tesseract-ocr.sls remnux_docs: covered: true category: Analyze Documents > General description: Examine images to identify and extract text using optical character recognition (OCR). docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/general website: https://github.com/tesseract-ocr/tesseract anchor: tesseract-ocr has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: texteditor-py name: texteditor.py aliases: [] description: Edit text files from the command line using search-and-replace commands. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: General Utilities description: Edit text files from the command line using search-and-replace commands. docs_url: https://docs.remnux.org/discover-the-tools/general+utilities website: https://blog.didierstevens.com/2021/07/05/new-tool-texteditor-py/ has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: thefuzz name: thefuzz aliases: - remnux-python3-packages-thefuzz description: Fuzzy String Matching in Python. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: pip package_name: remnux-python3-packages-thefuzz salt_state_path: remnux/python3-packages/thefuzz.sls remnux_docs: covered: true category: Examine Static Properties > General description: Fuzzy String Matching in Python. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general website: https://github.com/seatgeek/thefuzz anchor: thefuzz has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: threatfox name: ThreatFox aliases: [] description: Threat intelligence platform for sharing IOCs associated with malware in_remnux: false platform: online sources: for610: covered: true description: Threat intelligence platform for sharing IOCs associated with malware category: online-platforms labs: [] sections: - 1 typical_usage: - https://threatfox.abuse.ch tags: - threat-intel - ioc-sharing - abuse-ch salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: thug name: Thug aliases: [] description: Low-interaction honeyclient for analyzing malicious websites and drive-by downloads in_remnux: true platform: linux sources: for610: covered: true description: Low-interaction honeyclient for analyzing malicious websites and drive-by downloads category: network-analysis labs: [] sections: - 3 typical_usage: - thug -u win7chrome49 http://suspicious-site.com tags: - honeyclient - web-analysis - drive-by salt_states: covered: true install_method: unknown package_name: thug salt_state_path: remnux/config/thug.sls remnux_docs: covered: true category: Explore Network Interactions > Connecting description: Examine suspicious website using this low-interaction honeyclient. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/connecting website: https://github.com/buffer/thug anchor: thug has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: time-decode name: time-decode aliases: - remnux-python3-packages-time-decode description: Decode and encode date and timestamps. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: pip package_name: remnux-python3-packages-time-decode salt_state_path: remnux/python3-packages/time-decode.sls remnux_docs: covered: true category: Gather and Analyze Data description: Decode and encode date and timestamps. docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data website: https://github.com/digitalsleuth/time_decode anchor: time-decode has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: tor name: tor aliases: [] description: Obfuscate your origins by routing traffic through a network of anonymizing nodes. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: tor salt_state_path: remnux/packages/tor.sls remnux_docs: covered: true category: Explore Network Interactions > Connecting description: Obfuscate your origins by routing traffic through a network of anonymizing nodes. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/connecting website: https://www.torproject.org anchor: tor has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: torsocks name: torsocks aliases: [] description: Route network traffic through the Tor anonymity network in_remnux: true platform: linux sources: for610: covered: true description: Route network traffic through the Tor anonymity network category: network-analysis labs: [] sections: - 1 typical_usage: - torsocks curl http://example.onion tags: - tor - anonymity - network-routing salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: translate-py name: translate.py aliases: [] description: Transform data using Python expressions (XOR, ADD, etc.) in_remnux: true platform: linux sources: for610: covered: true description: Transform data using Python expressions (XOR, ADD, etc.) category: document-analysis labs: - '3.4' sections: - 3 typical_usage: - translate.py "byte ^ 35" < input.bin > output.bin tags: - xor - transformation - decoding - didier-stevens author: Didier Stevens salt_states: covered: false remnux_docs: covered: true category: Examine Static Properties > Deobfuscation description: Translate bytes according to a Python expression. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation website: https://blog.didierstevens.com/programs/translate/ anchor: translate.py has_for610_coverage: true has_remnux_docs: true has_salt_state: false help_tier: rich - id: trid name: trid aliases: [] description: Identify file type by scanning binary signatures database in_remnux: true platform: linux sources: for610: covered: true description: Identify file type by scanning binary signatures database category: static-analysis-pe labs: - '3.3' - '3.4' sections: - 3 typical_usage: - trid document.doc tags: - file-identification - triage salt_states: covered: true install_method: manual package_name: trid salt_state_path: remnux/tools/trid.sls remnux_docs: covered: true category: Examine Static Properties > General description: Identify file type using signatures. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general website: https://mark0.net/soft-trid-e.html anchor: trid has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: tshark name: tshark aliases: [] description: Command-line interface to Wireshark for packet capture and analysis in_remnux: true platform: both sources: for610: covered: true description: Command-line interface to Wireshark for packet capture and analysis category: network-analysis labs: [] sections: - 1 typical_usage: - tshark -r capture.pcap - tshark -i eth0 -w capture.pcap tags: - packet-capture - cli - network salt_states: covered: true install_method: apt package_name: tshark salt_state_path: remnux/packages/tshark.sls remnux_docs: covered: true category: Explore Network Interactions > Monitoring description: Capture and analyze network traffic with this console-based sniffer. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring website: https://www.wireshark.org anchor: tshark has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: tzdata name: tzdata aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: tzdata salt_state_path: remnux/packages/tzdata.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: ubuntu name: ubuntu aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: unknown package_name: ubuntu salt_state_path: remnux/repos/ubuntu.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: ubuntu-universe name: ubuntu-universe aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: unknown package_name: ubuntu-universe salt_state_path: remnux/repos/ubuntu-universe.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: uncompyle6 name: uncompyle6 aliases: - remnux-python3-packages-uncompyle6 description: Decompile Python bytecode (.pyc) back to source — supports Python 1.0 through 3.8 in_remnux: true platform: linux sources: for610: covered: true typical_usage: - uncompyle6 - uncompyle6 -o output/ tags: - python - decompilation - bytecode description: Decompile Python bytecode (.pyc) back to source — supports Python 1.0 through 3.8 salt_states: covered: true install_method: pip package_name: remnux-python3-packages-uncompyle6 salt_state_path: remnux/python3-packages/uncompyle6.sls remnux_docs: covered: true category: Statically Analyze Code > Python description: Python cross-version bytecode decompiler for Python 1. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/python website: https://github.com/rocky/python-uncompyle6 anchor: uncompyle6 has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: unfurl name: Unfurl aliases: [] description: Deconstruct and decode URLs — reveal tracking parameters, encoded data, and redirect chains in_remnux: true platform: linux sources: for610: covered: true typical_usage: - unfurl parse tags: - url - decoding - phishing - tracking description: Deconstruct and decode URLs — reveal tracking parameters, encoded data, and redirect chains salt_states: covered: false remnux_docs: covered: true category: Explore Network Interactions > Connecting description: Deconstruct and decode data from a URL. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/connecting website: https://github.com/obsidianforensics/unfurl has_for610_coverage: true has_remnux_docs: true has_salt_state: false help_tier: rich - id: unhide name: unhide aliases: [] description: Find hidden processes or connections on the local Linux system. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: unhide salt_state_path: remnux/packages/unhide.sls remnux_docs: covered: true category: Investigate System Interactions description: Find hidden processes or connections on the local Linux system. docs_url: https://docs.remnux.org/discover-the-tools/investigate+system+interactions website: http://www.unhide-forensics.info anchor: unhide has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: unicode name: unicode aliases: [] description: Display Unicode character properties. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: Examine Static Properties > Deobfuscation description: Display Unicode character properties. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation website: https://github.com/garabik/unicode has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: unpacme name: UnpacMe aliases: [] description: Automated online malware unpacking service in_remnux: false platform: online sources: for610: covered: true description: Automated online malware unpacking service category: online-platforms labs: [] sections: - 4 typical_usage: - https://www.unpac.me tags: - unpacking - automated - online salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: unxor name: unxor aliases: - unxor.py description: Deobfuscate XOR'ed files. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: script package_name: unxor.py salt_state_path: remnux/scripts/unxor.sls remnux_docs: covered: true category: Examine Static Properties > Deobfuscation description: Deobfuscate XOR'ed files. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation website: https://github.com/tomchop/unxor/ anchor: unxor has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: unzip name: unzip aliases: [] description: Extract ZIP archives containing malware samples in_remnux: true platform: linux sources: for610: covered: true description: Extract ZIP archives containing malware samples category: utilities labs: - '1.1' - '3.1' - '3.3' - '3.4' - '3.5' - '3.6' - '3.7' - '4.1' - '4.8' - '5.2' - '5.3' - '5.4' sections: - 1 - 3 - 4 - 5 typical_usage: - unzip -P infected sample.zip tags: - archive - extraction salt_states: covered: true install_method: apt package_name: unzip salt_state_path: remnux/packages/unzip.sls remnux_docs: covered: true category: General Utilities description: Compress and decompress files using the zip algorithm. docs_url: https://docs.remnux.org/discover-the-tools/general+utilities website: http://infozip.sourceforge.net anchor: info-zip has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: upx name: UPX aliases: - upx description: Universal Packer for eXecutables — compress and decompress PE files in_remnux: true platform: both sources: for610: covered: true description: Universal Packer for eXecutables — compress and decompress PE files category: unpacking labs: - '4.2' sections: - 4 typical_usage: - upx -d packed.exe - upx -d packed.exe -o unpacked.exe tags: - packer - unpacker - compression salt_states: covered: true install_method: apt package_name: upx-ucl salt_state_path: remnux/packages/upx-ucl.sls remnux_docs: covered: true category: Statically Analyze Code > Unpacking description: Pack and unpack PE files. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/unpacking website: https://upx.github.io anchor: upx has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: urlscan-io name: urlscan.io aliases: [] description: Website and URL investigation service — screenshots, DOM analysis, network requests in_remnux: false platform: online sources: for610: covered: true description: Website and URL investigation service — screenshots, DOM analysis, network requests category: online-platforms labs: [] sections: - 1 typical_usage: - https://urlscan.io tags: - url-analysis - website-investigation salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: user name: user aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: unknown package_name: user salt_state_path: remnux/config/user.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: vbindiff name: vbindiff aliases: [] description: Compare binary files. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: vbindiff salt_state_path: remnux/packages/vbindiff.sls remnux_docs: covered: true category: View or Edit Files description: Compare binary files. docs_url: https://docs.remnux.org/discover-the-tools/view+or+edit+files website: https://www.cjmweb.net/vbindiff/ anchor: vbindiff has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: vim name: vim aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: vim salt_state_path: remnux/packages/vim.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: virtualbox name: VirtualBox aliases: [] description: Open-source hypervisor for running analysis virtual machines in_remnux: false platform: both sources: for610: covered: true description: Open-source hypervisor for running analysis virtual machines category: virtualization labs: [] sections: - 1 typical_usage: - VirtualBox tags: - hypervisor - open-source salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: virustotal name: VirusTotal aliases: - VT description: Multi-engine antivirus scanning, behavioral analysis, and threat intelligence in_remnux: false platform: online sources: for610: covered: true description: Multi-engine antivirus scanning, behavioral analysis, and threat intelligence category: online-platforms labs: [] sections: - 1 typical_usage: - https://virustotal.com tags: - scanning - multi-engine - threat-intel salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: virustotal-search name: virustotal-search aliases: [] description: Search VirusTotal for file hashes. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: Gather and Analyze Data description: Search VirusTotal for file hashes. docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data website: https://blog.didierstevens.com/programs/virustotal-tools/ has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: virustotal-submit name: virustotal-submit aliases: [] description: Submit files to VirusTotal. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: Gather and Analyze Data description: Submit files to VirusTotal. docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data website: https://blog.didierstevens.com/programs/virustotal-tools/ has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: visual-studio-code name: Visual Studio Code aliases: - code - VS Code description: Code editor used for viewing decompiled output, scripts, and analysis results in_remnux: true platform: both sources: for610: covered: true description: Code editor used for viewing decompiled output, scripts, and analysis results category: utilities labs: - '1.3' - '1.4' - '1.5' - '3.3' - '3.6' - '3.7' - '4.5' - '4.8' - '5.2' - '5.3' sections: - 1 - 3 - 4 - 5 typical_usage: - code filename.js tags: - editor - code-viewer salt_states: covered: false remnux_docs: covered: true category: View or Edit Files description: Powerful source code editor. docs_url: https://docs.remnux.org/discover-the-tools/view+or+edit+files website: https://code.visualstudio.com/ anchor: visual-studio-code has_for610_coverage: true has_remnux_docs: true has_salt_state: false help_tier: rich - id: vivisect name: Vivisect aliases: [] description: Binary analysis and emulation framework — static analysis with emulation capabilities in_remnux: true platform: linux sources: for610: covered: true typical_usage: - vivbin - python3 -c "import vivisect; vw = vivisect.VivWorkspace(); vw.loadFromFile('')" tags: - emulation - static-analysis - binary-analysis description: Binary analysis and emulation framework — static analysis with emulation capabilities salt_states: covered: false remnux_docs: covered: true category: Statically Analyze Code > General description: Statically examine and emulate binary files. docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/general website: https://github.com/vivisect/vivisect has_for610_coverage: true has_remnux_docs: true has_salt_state: false help_tier: rich - id: vmware-fusion name: VMware Fusion aliases: [] description: macOS hypervisor for running analysis virtual machines in_remnux: false platform: both sources: for610: covered: true description: macOS hypervisor for running analysis virtual machines category: virtualization labs: [] sections: - 1 typical_usage: - VMware Fusion.app tags: - hypervisor - macos salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: vmware-workstation name: VMware Workstation Pro aliases: - VMware description: Desktop hypervisor for running isolated analysis VMs with snapshots and host-only networking in_remnux: false platform: both sources: for610: covered: true description: Desktop hypervisor for running isolated analysis VMs with snapshots and host-only networking category: virtualization labs: [] sections: - 1 typical_usage: - vmware tags: - hypervisor - vm - isolation salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: volatility3 name: volatility3 aliases: [] description: Memory forensics framework — analyze RAM dumps to find malware, hidden processes, network connections, and injected code in_remnux: true platform: linux sources: for610: covered: true typical_usage: - vol3 -f windows.info - vol3 -f windows.pslist - vol3 -f windows.pstree - vol3 -f windows.netscan - vol3 -f windows.malfind - vol3 -f windows.dlllist --pid - vol3 -f windows.dumpfiles --pid tags: - memory - forensics - volatility - incident-response description: Memory forensics framework — analyze RAM dumps to find malware, hidden processes, network connections, and injected code salt_states: covered: true install_method: unknown package_name: volatility3 salt_state_path: remnux/config/volatility3.sls remnux_docs: covered: true category: Perform Memory Forensics description: Memory forensics tool and framework. docs_url: https://docs.remnux.org/discover-the-tools/perform+memory+forensics website: https://github.com/volatilityfoundation/volatility3 anchor: volatility-framework has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: vscode name: vscode aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: unknown package_name: vscode salt_state_path: remnux/config/vscode.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: wget name: wget aliases: [] description: Download files from HTTP/HTTPS/FTP servers in_remnux: true platform: linux sources: for610: covered: true description: Download files from HTTP/HTTPS/FTP servers category: utilities labs: [] sections: - 1 typical_usage: - wget http://example.com/file.bin tags: - download - http salt_states: covered: true install_method: apt package_name: remnux-packages-wget salt_state_path: remnux/packages/wget.sls remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: true help_tier: rich - id: windbg name: WinDbg aliases: [] description: Microsoft Windows debugger for kernel and user-mode debugging in_remnux: false platform: windows sources: for610: covered: true description: Microsoft Windows debugger for kernel and user-mode debugging category: debugging labs: [] sections: - 2 typical_usage: - windbg.exe specimen.exe tags: - debugger - kernel - microsoft salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: wine name: Wine aliases: [] description: Windows compatibility layer — run Windows executables on Linux in_remnux: true platform: linux sources: for610: covered: true description: Windows compatibility layer — run Windows executables on Linux category: utilities labs: - '3.5' sections: - 3 typical_usage: - wine program.exe tags: - windows-compat - execution salt_states: covered: true install_method: apt package_name: remnux-packages-wine salt_state_path: remnux/packages/wine.sls remnux_docs: covered: true category: Dynamically Reverse-Engineer Code > General description: Run Windows applications. docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/general website: https://www.winehq.org anchor: wine has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: winscp name: WinSCP aliases: [] description: Windows SCP/SFTP client for transferring files between Windows and Linux VMs in_remnux: false platform: windows sources: for610: covered: true description: Windows SCP/SFTP client for transferring files between Windows and Linux VMs category: utilities labs: - '4.5' sections: - 4 typical_usage: - WinSCP.exe tags: - file-transfer - scp salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: wireshark name: Wireshark aliases: [] description: GUI network protocol analyzer for capturing and inspecting packet-level traffic in_remnux: true platform: both sources: for610: covered: true description: GUI network protocol analyzer for capturing and inspecting packet-level traffic category: network-analysis labs: - '1.2' - '1.3' - '1.6' - '1.7' - '1.8' - '5.1' sections: - 1 - 5 typical_usage: - wireshark - wireshark -r capture.pcap tags: - packet-capture - protocol-analysis - network salt_states: covered: true install_method: apt package_name: wireshark salt_state_path: remnux/packages/wireshark.sls remnux_docs: covered: true category: Explore Network Interactions > Monitoring description: Capture and analyze network traffic with this sniffer. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring website: https://www.wireshark.org anchor: wireshark has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: wireshark-dev name: wireshark-dev aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: unknown package_name: wireshark-dev salt_state_path: remnux/repos/wireshark-dev.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: wxhexeditor name: wxhexeditor aliases: [] description: Hex editor. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: wxhexeditor salt_state_path: remnux/packages/wxhexeditor.sls remnux_docs: covered: true category: Examine Static Properties > General description: Hex editor. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general website: https://sourceforge.net/projects/wxhexeditor/ anchor: wxhexeditor has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: x32dbg name: x32dbg aliases: [] description: Open-source 32-bit debugger for dynamic malware analysis — breakpoints, memory inspection, patching in_remnux: false platform: windows sources: for610: covered: true description: Open-source 32-bit debugger for dynamic malware analysis — breakpoints, memory inspection, patching category: debugging labs: - '3.5' - '3.10' - '4.6' - '4.7' - '5.3' - '5.4' - '5.5' - '5.6' - '5.7' - '5.8' - '5.9' - '5.10' sections: - 3 - 4 - 5 typical_usage: - x32dbg.exe specimen.exe tags: - debugger - 32-bit - dynamic-analysis - breakpoints salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: x64dbg name: x64dbg aliases: [] description: Open-source 64-bit debugger for dynamic malware analysis — breakpoints, memory inspection, patching in_remnux: false platform: windows sources: for610: covered: true description: Open-source 64-bit debugger for dynamic malware analysis — breakpoints, memory inspection, patching category: debugging labs: - '1.5' - '4.3' - '4.4' - '5.1' sections: - 1 - 4 - 5 typical_usage: - x64dbg.exe specimen.exe tags: - debugger - 64-bit - dynamic-analysis - breakpoints salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: xanalyzer name: xAnalyzer aliases: [] description: x32dbg plugin providing extended analysis — API parameter names and types in disassembly in_remnux: false platform: windows sources: for610: covered: true description: x32dbg plugin providing extended analysis — API parameter names and types in disassembly category: anti-analysis labs: - '5.10' sections: - 5 typical_usage: - Plugins > xAnalyzer tags: - x32dbg-plugin - analysis-enhancement salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: xdg-utils name: xdg-utils aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: xdg-utils salt_state_path: remnux/packages/xdg-utils.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: xlmmacrodeobfuscator name: XLMMacroDeobfuscator aliases: [] description: Deobfuscate Excel 4.0 (XLM) macros — these hide in hidden sheets and are hard to detect in_remnux: true platform: linux sources: for610: covered: true typical_usage: - xlmdeobfuscator --file - xlmdeobfuscator --file --no-indent tags: - office - excel - xlm - macro - deobfuscation description: Deobfuscate Excel 4.0 (XLM) macros — these hide in hidden sheets and are hard to detect salt_states: covered: false remnux_docs: covered: true category: Analyze Documents > Microsoft Office description: Deobfuscate XLM macros (also known as Excel 4. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office website: https://github.com/DissectMalware/XLMMacroDeobfuscator has_for610_coverage: true has_remnux_docs: true has_salt_state: false help_tier: rich - id: xmldump-py name: xmldump.py aliases: [] description: Extract contents of XML files, in particular OOXML-formatted Microsoft Office documents. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: Analyze Documents > Microsoft Office description: Extract contents of XML files, in particular OOXML-formatted Microsoft Office documents. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office website: https://blog.didierstevens.com/2017/12/18/new-tool-xmldump-py/ has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: xmlstarlet name: xmlstarlet aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: xmlstarlet salt_state_path: remnux/packages/xmlstarlet.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: xor-kpa-py name: xor-kpa.py aliases: [] description: Implement a XOR known plaintext attack. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: Examine Static Properties > Deobfuscation description: Implement a XOR known plaintext attack. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation website: https://blog.didierstevens.com/2017/06/06/update-xor-kpa-py-version-0-0-5/ has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: xorbruteforcer name: xorbruteforcer aliases: - xorbruteforcer.py description: Bruteforce an XOR-encoded file. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: script package_name: xorbruteforcer.py salt_state_path: remnux/scripts/xorbruteforcer.sls remnux_docs: covered: true category: Examine Static Properties > Deobfuscation description: Bruteforce an XOR-encoded file. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation website: https://eternal-todo.com/category/bruteforcer anchor: xorbruteforcer.py has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: xorsearch name: XORSearch aliases: [] description: Search for XOR/ROL/ROT/SHIFT-encoded patterns including shellcode signatures in_remnux: true platform: linux sources: for610: covered: true description: Search for XOR/ROL/ROT/SHIFT-encoded patterns including shellcode signatures category: string-deobfuscation labs: - '3.5' - '5.2' sections: - 3 - 5 typical_usage: - XORSearch -W -d 3 file.bin - 'XORSearch -i -s specimen.exe http:' tags: - xor - shellcode-detection - pattern-search - didier-stevens author: Didier Stevens salt_states: covered: true install_method: apt package_name: xorsearch salt_state_path: remnux/packages/xorsearch.sls remnux_docs: covered: true category: Examine Static Properties > Deobfuscation description: Search for XOR, ROL, ROT, and SHIFT encoded strings with YARA and regex support. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation website: https://blog.didierstevens.com/2020/08/23/new-tool-xorsearch-py/ anchor: xorsearch.py has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: xorstrings name: xorstrings aliases: [] description: Search for XOR encoded strings in a file. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: xorstrings salt_state_path: remnux/packages/xorstrings.sls remnux_docs: covered: true category: Examine Static Properties > Deobfuscation description: Search for XOR encoded strings in a file. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation website: https://blog.didierstevens.com/2013/04/15/new-tool-xorstrings/ anchor: xorstrings has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: xortool name: xortool aliases: - remnux-python3-packages-xortool description: Analyze XOR-encoded data — guess key length and probable key bytes in_remnux: true platform: linux sources: for610: covered: true typical_usage: - xortool - xortool-xor -s 'key' -i -o tags: - xor - deobfuscation - key-recovery description: Analyze XOR-encoded data — guess key length and probable key bytes salt_states: covered: true install_method: pip package_name: remnux-python3-packages-xortool salt_state_path: remnux/python3-packages/xortool.sls remnux_docs: covered: true category: Examine Static Properties > Deobfuscation description: Analyze XOR-encoded data. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation website: https://github.com/hellman/xortool anchor: xortool has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: xterm name: xterm aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: xterm salt_state_path: remnux/packages/xterm.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: xxd name: xxd aliases: [] description: Create hex dump of a file or reverse a hex dump back to binary in_remnux: true platform: linux sources: for610: covered: true description: Create hex dump of a file or reverse a hex dump back to binary category: utilities labs: [] sections: - 1 typical_usage: - xxd binary.exe - xxd -r hexdump.txt > binary.exe tags: - hex - binary-conversion salt_states: covered: false remnux_docs: covered: false has_for610_coverage: true has_remnux_docs: false has_salt_state: false help_tier: rich - id: yara name: yara aliases: - yara-rules description: Pattern matching tool for identifying and classifying malware using custom rules in_remnux: true platform: both sources: for610: covered: true description: Pattern matching tool for identifying and classifying malware using custom rules category: yara-detection labs: - '3.4' sections: - 3 typical_usage: - yara-rules specimen.bin - yara rule.yar specimen.exe tags: - pattern-matching - classification - rules salt_states: covered: true install_method: manual package_name: https://github.com/Yara-Rules/rules.git salt_state_path: remnux/tools/yara-rules.sls remnux_docs: covered: true category: Examine Static Properties > General description: Scan a file with YARA rules to identify capabilities and behaviors (packer detection, anti-debug, networking). docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general website: https://github.com/Yara-Rules/rules anchor: yara-rules has_for610_coverage: true has_remnux_docs: true has_salt_state: true help_tier: rich - id: yara-forge-rules name: YARA-Forge Rules aliases: [] description: Scan files with curated YARA rules from 45+ sources for malware family identification. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: Examine Static Properties > General description: Scan files with curated YARA rules from 45+ sources for malware family identification. docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general website: https://yarahq.github.io/ has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: yara-x name: yara-x aliases: - remnux-python3-packages-yara-x description: Scan files using YARA rules, the next generation of YARA written in Rust. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: pip package_name: remnux-python3-packages-yara-x salt_state_path: remnux/python3-packages/yara-x.sls remnux_docs: covered: true category: Gather and Analyze Data description: Scan files using YARA rules, the next generation of YARA written in Rust. docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data website: https://github.com/VirusTotal/yara-x anchor: yara-x has_for610_coverage: false has_remnux_docs: true has_salt_state: true help_tier: standard - id: zbar-tools name: zbar-tools aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: zbar-tools salt_state_path: remnux/packages/zbar-tools.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic - id: zbarimg name: zbarimg aliases: [] description: Decode QR codes and barcodes from image files. in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: false remnux_docs: covered: true category: Explore Network Interactions > Connecting description: Decode QR codes and barcodes from image files. docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/connecting website: https://github.com/mchehab/zbar has_for610_coverage: false has_remnux_docs: true has_salt_state: false help_tier: standard - id: zipdump-py name: zipdump.py aliases: - zipdump description: Parse and analyze ZIP archive structure in_remnux: true platform: linux sources: for610: covered: true description: Parse and analyze ZIP archive structure category: document-analysis labs: [] sections: - 3 typical_usage: - zipdump.py archive.zip tags: - zip - archive - didier-stevens author: Didier Stevens salt_states: covered: false remnux_docs: covered: true category: Analyze Documents > Microsoft Office description: Analyze zip-compressed files. docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office website: https://blog.didierstevens.com/2020/07/27/update-zipdump-py-version-0-0-20/ anchor: zipdump.py has_for610_coverage: true has_remnux_docs: true has_salt_state: false help_tier: rich - id: zlib1g-dev name: zlib1g-dev aliases: [] description: '' in_remnux: true platform: linux sources: for610: covered: false salt_states: covered: true install_method: apt package_name: zlib1g-dev salt_state_path: remnux/packages/zlib1g-dev.sls remnux_docs: covered: false has_for610_coverage: false has_remnux_docs: false has_salt_state: true help_tier: basic