tobias
f3ccc09c3d
Build comprehensive malware analysis knowledge base from 3 sources: - SANS FOR610 course: 120 tools, 47 labs, 15 workflows, 27 recipes - REMnux salt-states: 340 packages parsed from GitHub - REMnux docs: 280+ tools scraped from docs.remnux.org Master inventory merges all sources into 447 tools with help tiers (rich/standard/basic). Pipeline generates: tools.db (397 entries), 397 cheatsheets with multi-tool recipes, 15 workflow guides, 224 TLDR pages, and coverage reports. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
27 lines
685 B
Plaintext
27 lines
685 B
Plaintext
# xortool
|
|
# Analyze XOR-encoded data — guess key length and probable key bytes
|
|
# Docs: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
|
|
|
|
% xor, deobfuscation, key-recovery
|
|
|
|
# Basic usage
|
|
xortool <encoded_file>
|
|
|
|
# Select specific item
|
|
xortool-xor -s 'key' -i <input> -o <output>
|
|
|
|
|
|
# --- Recipes (multi-tool chains) ---
|
|
|
|
# >> Brute-Force XOR Key
|
|
# Quick check for XOR-encoded URLs/PE headers
|
|
XORSearch <file> http:
|
|
# Brute-force single-byte XOR keys
|
|
brxor.py <file>
|
|
# Try XOR, ROL, ADD combinations
|
|
bbcrack -l 1 <file>
|
|
# Guess multi-byte XOR key length and value
|
|
xortool <file>
|
|
# Decode with known key
|
|
xortool-xor -s '<key>' -i <encoded> -o <decoded>
|