tobias
f3ccc09c3d
Build comprehensive malware analysis knowledge base from 3 sources: - SANS FOR610 course: 120 tools, 47 labs, 15 workflows, 27 recipes - REMnux salt-states: 340 packages parsed from GitHub - REMnux docs: 280+ tools scraped from docs.remnux.org Master inventory merges all sources into 447 tools with help tiers (rich/standard/basic). Pipeline generates: tools.db (397 entries), 397 cheatsheets with multi-tool recipes, 15 workflow guides, 224 TLDR pages, and coverage reports. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
434 lines
13 KiB
Markdown
434 lines
13 KiB
Markdown
# Tool Coverage Report
|
|
|
|
## Summary
|
|
|
|
| Metric | Count |
|
|
|--------|-------|
|
|
| Total tools in master inventory | 447 |
|
|
| Tools in REMnux container | 397 |
|
|
| Rich help (FOR610 coverage) | 156 |
|
|
| Standard help (REMnux docs) | 118 |
|
|
| Basic help (salt-states only) | 173 |
|
|
| Stub (no documentation) | 0 |
|
|
|
|
## Source Overlap
|
|
|
|
| Combination | Count |
|
|
|-------------|-------|
|
|
| for610 only | 58 |
|
|
| remnux docs only | 51 |
|
|
| salt states only | 173 |
|
|
| all three | 65 |
|
|
| for610 and docs | 92 |
|
|
| for610 and salt | 71 |
|
|
| docs and salt | 132 |
|
|
| no coverage | 0 |
|
|
|
|
## Priority: REMnux Tools Needing Help
|
|
|
|
These 173 tools are installed in the container but have minimal or no documentation:
|
|
|
|
- `7zip` [basic]
|
|
- `aeskeyfind` [basic]
|
|
- `android-project-creator` [basic]
|
|
- `apt-utils` [basic]
|
|
- `archive-zip` [basic]
|
|
- `autoconf` [basic]
|
|
- `autologin` [basic]
|
|
- `automake` [basic]
|
|
- `bash-history` [basic]
|
|
- `bash-rc` [basic]
|
|
- `bearparser` [basic]
|
|
- `binee` [basic]
|
|
- `binutils` [basic]
|
|
- `build-essential` [basic]
|
|
- `bundler` [basic]
|
|
- `burpsuite-community` [basic]
|
|
- `cffi` [basic]
|
|
- `clamav-daemon` [basic]
|
|
- `compatibility` [basic]
|
|
- `default-jdk` [basic]
|
|
- `default-jre` [basic]
|
|
- `dialog` [basic]
|
|
- `didier-stevens-scripts` [basic]
|
|
- `display` [basic]
|
|
- `distro-info` [basic]
|
|
- `dllcharacteristics` [basic]
|
|
- `dog` [basic]
|
|
- `dot-cache` [basic]
|
|
- `dot-config` [basic]
|
|
- `dot-cpan` [basic]
|
|
- `dot-dbus` [basic]
|
|
- `dot-local` [basic]
|
|
- `dotnet-runtime-3-1` [basic]
|
|
- `edb-debugger` [basic]
|
|
- `enchant` [basic]
|
|
- `epic5` [basic]
|
|
- `exfat-utils` [basic]
|
|
- `flare-floss` [basic]
|
|
- `flex` [basic]
|
|
- `galculator` [basic]
|
|
- `gdb` [basic]
|
|
- `gdm3` [basic]
|
|
- `gift` [basic]
|
|
- `git` [basic]
|
|
- `gnome-session` [basic]
|
|
- `gnome-shell-extensions` [basic]
|
|
- `gnome-terminal` [basic]
|
|
- `gnome-tweaks` [basic]
|
|
- `gnutls-bin` [basic]
|
|
- `graphviz` [basic]
|
|
- `grub-kvm` [basic]
|
|
- `guest-tools` [basic]
|
|
- `i386-architecture` [basic]
|
|
- `iproute2` [basic]
|
|
- `iputils-ping` [basic]
|
|
- `ipython3` [basic]
|
|
- `lame` [basic]
|
|
- `libboost-dev` [basic]
|
|
- `libboost-python-dev` [basic]
|
|
- `libboost-system-dev` [basic]
|
|
- `libdpkg-perl` [basic]
|
|
- `libemail-outlook-message-perl` [basic]
|
|
- `libffi-dev` [basic]
|
|
- `libfuse2` [basic]
|
|
- `libfuzzy-dev` [basic]
|
|
- `libfuzzy2` [basic]
|
|
- `libglib2` [basic]
|
|
- `libglu1-mesa-dev` [basic]
|
|
- `libgraphviz-dev` [basic]
|
|
- `libgtk-3-0` [basic]
|
|
- `libjavassist-java` [basic]
|
|
- `libjpeg-dev` [basic]
|
|
- `libjpeg8-dev` [basic]
|
|
- `liblzma-dev` [basic]
|
|
- `liblzo2-dev` [basic]
|
|
- `libmagic-dev` [basic]
|
|
- `libmysqlclient21` [basic]
|
|
- `libncurses` [basic]
|
|
- `libnetfilter-queue-dev` [basic]
|
|
- `libnfnetlink-dev` [basic]
|
|
- `libpq5` [basic]
|
|
- `libqt5scripttools5` [basic]
|
|
- `libre2` [basic]
|
|
- `libsm6` [basic]
|
|
- `libsqlite3-dev` [basic]
|
|
- `libssl-dev` [basic]
|
|
- `libtool` [basic]
|
|
- `libtre5` [basic]
|
|
- `libusb-1` [basic]
|
|
- `libxml2-dev` [basic]
|
|
- `libxslt1-dev` [basic]
|
|
- `linux-headers` [basic]
|
|
- `ltrace` [basic]
|
|
- `malcat` [basic]
|
|
- `manalyze` [basic]
|
|
- `mercurial` [basic]
|
|
- `microsoft` [basic]
|
|
- `microsoft-vscode` [basic]
|
|
- `mono` [basic]
|
|
- `mono-devel` [basic]
|
|
- `mono-utils` [basic]
|
|
- `mynic` [basic]
|
|
- `nano` [basic]
|
|
- `ndg-httpsclient` [basic]
|
|
- `net-tools` [basic]
|
|
- `nodejs` [basic]
|
|
- `openjdk` [basic]
|
|
- `openssl` [basic]
|
|
- `osarch` [basic]
|
|
- `pe-tree` [basic]
|
|
- `pedump` [basic]
|
|
- `perl` [basic]
|
|
- `pev` [basic]
|
|
- `pgadmin` [basic]
|
|
- `pip` [basic]
|
|
- `pkg-config` [basic]
|
|
- `portex` [basic]
|
|
- `prefer-ipv4` [basic]
|
|
- `procyon-decompiler` [basic]
|
|
- `protobuf` [basic]
|
|
- `pycdc` [basic]
|
|
- `pyelftools` [basic]
|
|
- `python-debian` [basic]
|
|
- `python3` [basic]
|
|
- `python3-cryptography` [basic]
|
|
- `python3-dev` [basic]
|
|
- `python3-dnspython` [basic]
|
|
- `python3-magic` [basic]
|
|
- `python3-netifaces` [basic]
|
|
- `python3-numpy` [basic]
|
|
- `python3-pil` [basic]
|
|
- `python3-pip` [basic]
|
|
- `python3-pyasn1` [basic]
|
|
- `python3-pyqt5` [basic]
|
|
- `python3-requests` [basic]
|
|
- `python3-setuptools` [basic]
|
|
- `python3-ssdeep` [basic]
|
|
- `python3-tk` [basic]
|
|
- `python3-venv` [basic]
|
|
- `python3-virtualenv` [basic]
|
|
- `python3-wheel` [basic]
|
|
- `qtbase5-dev` [basic]
|
|
- `refresh` [basic]
|
|
- `remnux` [basic]
|
|
- `remove-app-icons` [basic]
|
|
- `rhino` [basic]
|
|
- `rsakeyfind` [basic]
|
|
- `ruby` [basic]
|
|
- `ruby-dev` [basic]
|
|
- `salt-minion` [basic]
|
|
- `sharutils` [basic]
|
|
- `sift` [basic]
|
|
- `sleuthkit` [basic]
|
|
- `snap` [basic]
|
|
- `snapd` [basic]
|
|
- `software-properties-common` [basic]
|
|
- `ssh` [basic]
|
|
- `strace` [basic]
|
|
- `subversion` [basic]
|
|
- `sudo` [basic]
|
|
- `sudoers` [basic]
|
|
- `tzdata` [basic]
|
|
- `ubuntu` [basic]
|
|
- `ubuntu-universe` [basic]
|
|
- `user` [basic]
|
|
- `vim` [basic]
|
|
- `vscode` [basic]
|
|
- `wireshark-dev` [basic]
|
|
- `xdg-utils` [basic]
|
|
- `xmlstarlet` [basic]
|
|
- `xterm` [basic]
|
|
- `zbar-tools` [basic]
|
|
- `zlib1g-dev` [basic]
|
|
|
|
## Rich Help Tools (106 tools with FOR610 coverage)
|
|
|
|
- `1768.py` (Labs: 3.4)
|
|
- `Bytehist`
|
|
- `ClamAV`
|
|
- `Cutter`
|
|
- `CyberChef` (Labs: 1.5, 3.8, 3.12)
|
|
- `FLOSS` (Labs: 5.2, 5.3)
|
|
- `Frida`
|
|
- `Ghidra` (Labs: 2.1, 2.2, 2.3, 2.4, 2.5, 2.6, 2.7, 2.8, 4.9, 5.2, 5.4, 5.5, 5.6, 5.7, 5.9)
|
|
- `ILSpy` (Labs: 3.12, 4.8)
|
|
- `INetSim` (Labs: 1.7)
|
|
- `Malchive`
|
|
- `ProcDOT` (Labs: 1.2, 4.5)
|
|
- `SpiderMonkey` (Labs: 3.6, 3.7, 4.5)
|
|
- `Thug`
|
|
- `UPX` (Labs: 4.2)
|
|
- `Unfurl`
|
|
- `Visual Studio Code` (Labs: 1.3, 1.4, 1.5, 3.3, 3.6, 3.7, 4.5, 4.8, 5.2, 5.3)
|
|
- `Vivisect`
|
|
- `Wine` (Labs: 3.5)
|
|
- `Wireshark` (Labs: 1.2, 1.3, 1.6, 1.7, 1.8, 5.1)
|
|
- `XLMMacroDeobfuscator`
|
|
- `XORSearch` (Labs: 3.5, 5.2)
|
|
- `androguard`
|
|
- `apktool`
|
|
- `base64dump.py` (Labs: 3.4, 4.5)
|
|
- `bbcrack` (Labs: 5.2)
|
|
- `binwalk`
|
|
- `box-js`
|
|
- `brxor.py` (Labs: 5.2)
|
|
- `capa` (Labs: 1.4, 5.4)
|
|
- `cfr`
|
|
- `cs-analyze-processdump.py`
|
|
- `cs-decrypt-metadata.py`
|
|
- `cs-extract-key.py`
|
|
- `cs-parse-traffic.py`
|
|
- `curl`
|
|
- `dc3-mwcp`
|
|
- `de4dot` (Labs: 4.8)
|
|
- `diec` (Labs: 4.1)
|
|
- `emldump.py`
|
|
- `evilclippy`
|
|
- `exiftool`
|
|
- `fakedns` (Labs: 1.3, 1.6, 1.7, 1.8)
|
|
- `fakenet-ng`
|
|
- `feh` (Labs: 3.1)
|
|
- `file` (Labs: 3.4, 3.5)
|
|
- `gunzip` (Labs: 3.4)
|
|
- `hexdump`
|
|
- `httpd` (Labs: 1.3, 1.6, 1.8)
|
|
- `ilspycmd` (Labs: 4.8)
|
|
- `ioc-parser`
|
|
- `iptables` (Labs: 1.8)
|
|
- `jadx`
|
|
- `jd-gui`
|
|
- `jq` (Labs: 1.4)
|
|
- `js-beautify` (Labs: 3.6, 4.5)
|
|
- `mail-parser`
|
|
- `malwoverview`
|
|
- `mitmproxy`
|
|
- `msg-extractor`
|
|
- `msoffcrypto-tool`
|
|
- `nc`
|
|
- `networkminer`
|
|
- `ngrep`
|
|
- `nslookup` (Labs: 1.3)
|
|
- `numbers-to-string.py` (Labs: 3.3)
|
|
- `oledump.py` (Labs: 3.3, 3.4, 4.5)
|
|
- `olevba`
|
|
- `pcode2code`
|
|
- `pdf-parser.py` (Labs: 3.1)
|
|
- `pdfid.py` (Labs: 3.1)
|
|
- `pdfresurrect`
|
|
- `pdftk`
|
|
- `pdftool.py`
|
|
- `peepdf`
|
|
- `peframe` (Labs: 1.1, 4.8)
|
|
- `pestr` (Labs: 1.1, 4.8)
|
|
- `polarproxy`
|
|
- `pyinstxtractor-ng`
|
|
- `qiling`
|
|
- `qpdf`
|
|
- `radare2`
|
|
- `rar` (Labs: 3.5)
|
|
- `rtfdump.py` (Labs: 3.5)
|
|
- `runsc32` (Labs: 3.5, 4.6)
|
|
- `scdbgc` (Labs: 3.4, 3.5, 4.6)
|
|
- `shcode2exe`
|
|
- `speakeasy` (Labs: 1.4)
|
|
- `ssdeep`
|
|
- `strdeob.pl` (Labs: 5.2)
|
|
- `strings` (Labs: 3.4, 5.2)
|
|
- `tcpdump`
|
|
- `tcpflow`
|
|
- `tcpxtract`
|
|
- `torsocks`
|
|
- `translate.py` (Labs: 3.4)
|
|
- `trid` (Labs: 3.3, 3.4)
|
|
- `tshark`
|
|
- `uncompyle6`
|
|
- `unzip` (Labs: 1.1, 3.1, 3.3, 3.4, 3.5, 3.6, 3.7, 4.1, 4.8, 5.2, 5.3, 5.4)
|
|
- `volatility3`
|
|
- `wget`
|
|
- `xortool`
|
|
- `xxd`
|
|
- `yara` (Labs: 3.4)
|
|
- `zipdump.py`
|
|
|
|
## Standard Help Tools (118 tools with REMnux docs only)
|
|
|
|
- `7-Zip` — Examine Static Properties > General
|
|
- `AESKeyFinder` — Perform Memory Forensics
|
|
- `AndroidProjectCreator` — Statically Analyze Code > Android
|
|
- `Burp Suite Community Edition` — Explore Network Interactions > Monitoring
|
|
- `Cobalt Strike Configuration Extractor (CSCE) and Parser` — Examine Static Properties > Deobfuscation
|
|
- `Decompyle++` — Statically Analyze Code > Python
|
|
- `EPIC IRC Client` — Explore Network Interactions > Connecting
|
|
- `GNOME Calculator` — General Utilities
|
|
- `GNU Wget` — Explore Network Interactions > Connecting
|
|
- `GhidrAssistMCP` — Use Artificial Intelligence
|
|
- `Hachoir` — Examine Static Properties > General
|
|
- `Hash ID` — Examine Static Properties > General
|
|
- `JD-GUI Java Decompiler` — Statically Analyze Code > Java
|
|
- `Javassist` — Statically Analyze Code > Java
|
|
- `Malcat Lite` — Examine Static Properties > General
|
|
- `Network Miner Free Edition` — Explore Network Interactions > Monitoring
|
|
- `Procyon` — Statically Analyze Code > Java
|
|
- `REMnux Installer` — General Utilities
|
|
- `RSAKeyFinder` — Perform Memory Forensics
|
|
- `SQLite` — General Utilities
|
|
- `Sleuth Kit` — Examine Static Properties > General
|
|
- `YARA-Forge Rules` — Examine Static Properties > General
|
|
- `anomy` — Explore Network Interactions > Connecting
|
|
- `apkid` — Statically Analyze Code > Android
|
|
- `autoit-ripper` — Statically Analyze Code > Scripts
|
|
- `baksmali` — Statically Analyze Code > Android
|
|
- `balbuzard` — Examine Static Properties > Deobfuscation
|
|
- `binee (Binary Emulation Environment)` — Statically Analyze Code > PE Files
|
|
- `bulk-extractor` — Examine Static Properties > General
|
|
- `cabextract` — General Utilities
|
|
- `cast` — General Utilities
|
|
- `chepy` — Examine Static Properties > Deobfuscation
|
|
- `cut-bytes.py` — Examine Static Properties > Deobfuscation
|
|
- `decode-vbe.py` — Statically Analyze Code > Scripts
|
|
- `dex2jar` — Statically Analyze Code > Android
|
|
- `dexray` — Gather and Analyze Data
|
|
- `disitool` — Examine Static Properties > General
|
|
- `dissect` — Gather and Analyze Data
|
|
- `dnfile` — Examine Static Properties > .NET
|
|
- `dnslib` — Gather and Analyze Data
|
|
- `dnsresolver.py` — Explore Network Interactions > Services
|
|
- `docker` — General Utilities
|
|
- `dos2unix` — View or Edit Files
|
|
- `dotnetfile` — Examine Static Properties > .NET
|
|
- `droidlysis` — Examine Static Properties > General
|
|
- `evince` — View or Edit Files
|
|
- `ex-pe-xor` — Examine Static Properties > Deobfuscation
|
|
- `fakemail` — Explore Network Interactions > Services
|
|
- `file-magic.py` — Examine Static Properties > General
|
|
- `firefox` — General Utilities
|
|
- `format-bytes.py` — Examine Static Properties > Deobfuscation
|
|
- `goresym` — Examine Static Properties > Go
|
|
- `hex-to-bin.py` — Examine Static Properties > Deobfuscation
|
|
- `ibus` — General Utilities
|
|
- `imagemagick` — View or Edit Files
|
|
- `inspircd` — Explore Network Interactions > Services
|
|
- `ipwhois` — Gather and Analyze Data
|
|
- `java-idx-parser` — Statically Analyze Code > Java
|
|
- `jstillery` — Dynamically Reverse-Engineer Code > Scripts
|
|
- `libemu` — Dynamically Reverse-Engineer Code > Shellcode
|
|
- `libolecf` — Analyze Documents > Microsoft Office
|
|
- `lief` — Examine Static Properties > General
|
|
- `magika` — Examine Static Properties > General
|
|
- `mbcscan` — Statically Analyze Code > PE Files
|
|
- `monodis` — Examine Static Properties > .NET
|
|
- `msgconvert` — Analyze Documents > Email Messages
|
|
- `msitools` — Examine Static Properties > General
|
|
- `msoffcrypto-crack.py` — Analyze Documents > Microsoft Office
|
|
- `msoffice-crypt` — Analyze Documents > Microsoft Office
|
|
- `myip` — General Utilities
|
|
- `myjson-filter.py` — General Utilities
|
|
- `name-that-hash` — Examine Static Properties > General
|
|
- `nasm` — General Utilities
|
|
- `nautilus` — General Utilities
|
|
- `nginx` — Explore Network Interactions > Services
|
|
- `nomorexor` — Examine Static Properties > Deobfuscation
|
|
- `nsrllookup` — Gather and Analyze Data
|
|
- `objdump` — Statically Analyze Code > General
|
|
- `objects.js` — Dynamically Reverse-Engineer Code > Scripts
|
|
- `olefile` — Analyze Documents > Microsoft Office
|
|
- `onedump.py` — Analyze Documents > Microsoft Office
|
|
- `opencode` — Use Artificial Intelligence
|
|
- `openssh` — General Utilities
|
|
- `origamindee` — Analyze Documents > PDF
|
|
- `pcodedmp` — Analyze Documents > Microsoft Office
|
|
- `pdnstool` — Gather and Analyze Data
|
|
- `powershell` — Dynamically Reverse-Engineer Code > Scripts
|
|
- `pyinstaller-extractor` — Statically Analyze Code > Python
|
|
- `re-search.py` — Examine Static Properties > General
|
|
- `redress` — Examine Static Properties > Go
|
|
- `remnux-mcp-server` — Use Artificial Intelligence
|
|
- `sandfly-processdecloak` — Investigate System Interactions
|
|
- `scalpel` — Gather and Analyze Data
|
|
- `scite` — View or Edit Files
|
|
- `sets.py` — Examine Static Properties > Deobfuscation
|
|
- `shellcode2exe-bat` — Dynamically Reverse-Engineer Code > Shellcode
|
|
- `signsrch` — Examine Static Properties > General
|
|
- `sortcanon.py` — General Utilities
|
|
- `ssview` — Analyze Documents > Microsoft Office
|
|
- `tcpick` — Explore Network Interactions > Monitoring
|
|
- `tesseract-ocr` — Analyze Documents > General
|
|
- `texteditor.py` — General Utilities
|
|
- `thefuzz` — Examine Static Properties > General
|
|
- `time-decode` — Gather and Analyze Data
|
|
- `tor` — Explore Network Interactions > Connecting
|
|
- `unhide` — Investigate System Interactions
|
|
- `unicode` — Examine Static Properties > Deobfuscation
|
|
- `unxor` — Examine Static Properties > Deobfuscation
|
|
- `vbindiff` — View or Edit Files
|
|
- `virustotal-search` — Gather and Analyze Data
|
|
- `virustotal-submit` — Gather and Analyze Data
|
|
- `wxhexeditor` — Examine Static Properties > General
|
|
- `xmldump.py` — Analyze Documents > Microsoft Office
|
|
- `xor-kpa.py` — Examine Static Properties > Deobfuscation
|
|
- `xorbruteforcer` — Examine Static Properties > Deobfuscation
|
|
- `xorstrings` — Examine Static Properties > Deobfuscation
|
|
- `yara-x` — Gather and Analyze Data
|
|
- `zbarimg` — Explore Network Interactions > Connecting
|