tobias
f3ccc09c3d
Build comprehensive malware analysis knowledge base from 3 sources: - SANS FOR610 course: 120 tools, 47 labs, 15 workflows, 27 recipes - REMnux salt-states: 340 packages parsed from GitHub - REMnux docs: 280+ tools scraped from docs.remnux.org Master inventory merges all sources into 447 tools with help tiers (rich/standard/basic). Pipeline generates: tools.db (397 entries), 397 cheatsheets with multi-tool recipes, 15 workflow guides, 224 TLDR pages, and coverage reports. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1847 lines
79 KiB
YAML
1847 lines
79 KiB
YAML
metadata:
|
|
source: https://docs.remnux.org/discover-the-tools
|
|
categories_scraped: 31
|
|
total_tools_extracted: 217
|
|
category_counts:
|
|
Examine Static Properties > General: 28
|
|
Examine Static Properties > .NET: 3
|
|
Examine Static Properties > Go: 2
|
|
Examine Static Properties > Deobfuscation: 31
|
|
Statically Analyze Code > General: 6
|
|
Statically Analyze Code > Unpacking: 5
|
|
Statically Analyze Code > PE Files: 5
|
|
Statically Analyze Code > Python: 4
|
|
Statically Analyze Code > Scripts: 3
|
|
Statically Analyze Code > Java: 5
|
|
Statically Analyze Code > .NET: 2
|
|
Statically Analyze Code > Android: 8
|
|
Dynamically Reverse-Engineer Code > General: 4
|
|
Dynamically Reverse-Engineer Code > Shellcode: 8
|
|
Dynamically Reverse-Engineer Code > Scripts: 8
|
|
Perform Memory Forensics: 4
|
|
Explore Network Interactions > Monitoring: 12
|
|
Explore Network Interactions > Connecting: 9
|
|
Explore Network Interactions > Services: 9
|
|
Investigate System Interactions: 3
|
|
Analyze Documents > General: 2
|
|
Analyze Documents > PDF: 8
|
|
Analyze Documents > Microsoft Office: 17
|
|
Analyze Documents > Email Messages: 4
|
|
Use Artificial Intelligence: 4
|
|
Gather and Analyze Data: 14
|
|
View or Edit Files: 8
|
|
General Utilities: 22
|
|
tools:
|
|
- name: 1768.py
|
|
id: 1768-py
|
|
category: Examine Static Properties > Deobfuscation
|
|
category_path: examine+static+properties/deobfuscation
|
|
description: Analyze Cobalt Strike beacons.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
|
|
anchor: id-1768.py
|
|
website: https://blog.didierstevens.com/2021/05/22/update-1768-py-version-0-0-6/
|
|
- name: 7-Zip
|
|
id: 7-zip
|
|
category: Examine Static Properties > General
|
|
category_path: examine+static+properties/general
|
|
description: Compress and decompress files using a variety of algorithms.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
|
|
anchor: id-7-zip
|
|
website: https://www.7-zip.org
|
|
additional_categories:
|
|
- General Utilities
|
|
- name: accept-all-ips
|
|
id: accept-all-ips
|
|
category: Explore Network Interactions > Services
|
|
category_path: explore+network+interactions/services
|
|
description: Accept connections to all IPv4 and IPv6 addresses and redirect it to
|
|
the corresponding local port.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/services
|
|
anchor: accept-all-ips
|
|
website: https://github.com/REMnux/distro/blob/master/files/accept-all-ips
|
|
- name: AESKeyFinder
|
|
id: aeskeyfinder
|
|
category: Perform Memory Forensics
|
|
category_path: perform+memory+forensics
|
|
description: Find 128-bit and 256-bit AES keys in a memory image.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/perform+memory+forensics
|
|
anchor: aeskeyfinder
|
|
website: https://citp.princeton.edu/our-work/memory/
|
|
- name: androguard
|
|
id: androguard
|
|
category: Statically Analyze Code > Android
|
|
category_path: statically+analyze+code/android
|
|
description: Examine Android files.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/android
|
|
anchor: androguard
|
|
website: https://github.com/androguard/androguard
|
|
- name: AndroidProjectCreator
|
|
id: androidprojectcreator
|
|
category: Statically Analyze Code > Android
|
|
category_path: statically+analyze+code/android
|
|
description: Convert an Android APK application file into an Android Studio project
|
|
for easier analysis.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/android
|
|
anchor: androidprojectcreator
|
|
website: https://maxkersten.nl/projects/androidprojectcreator
|
|
- name: Anomy
|
|
id: anomy
|
|
category: Explore Network Interactions > Connecting
|
|
category_path: explore+network+interactions/connecting
|
|
description: A wrapper around wget, ssh, sftp, ftp, and telnet to route these connections
|
|
through Tor to anonymize your traffic.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/connecting
|
|
anchor: anomy
|
|
website: https://github.com/izm1chael/Anomy
|
|
- name: APKiD
|
|
id: apkid
|
|
category: Statically Analyze Code > Android
|
|
category_path: statically+analyze+code/android
|
|
description: Identify compilers, packers, and obfuscators used to protect Android
|
|
APK and DEX files.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/android
|
|
anchor: apkid
|
|
website: https://github.com/rednaga/APKiD
|
|
- name: apktool
|
|
id: apktool
|
|
category: Statically Analyze Code > Android
|
|
category_path: statically+analyze+code/android
|
|
description: Reverse-engineer Android APK files.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/android
|
|
anchor: apktool
|
|
website: https://ibotpeaches.github.io/Apktool/
|
|
- name: AutoIt-Ripper
|
|
id: autoit-ripper
|
|
category: Statically Analyze Code > Scripts
|
|
category_path: statically+analyze+code/scripts
|
|
description: Extract AutoIt scripts embedded in PE binaries.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/scripts
|
|
anchor: autoit-ripper
|
|
website: https://github.com/nazywam/AutoIt-Ripper
|
|
- name: baksmali
|
|
id: baksmali
|
|
category: Statically Analyze Code > Android
|
|
category_path: statically+analyze+code/android
|
|
description: Disassembler for the dex format used by Dalvik, Android's Java
|
|
VM implementation.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/android
|
|
anchor: baksmali
|
|
website: https://bitbucket.org/JesusFreke/smali
|
|
- name: Balbuzard
|
|
id: balbuzard
|
|
category: Examine Static Properties > Deobfuscation
|
|
category_path: examine+static+properties/deobfuscation
|
|
description: Extract and deobfuscate patterns from suspicious files.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
|
|
anchor: balbuzard
|
|
website: https://github.com/digitalsleuth/balbuzard
|
|
- name: base64dump.py
|
|
id: base64dump-py
|
|
category: Examine Static Properties > Deobfuscation
|
|
category_path: examine+static+properties/deobfuscation
|
|
description: Locate and decode strings encoded in Base64 and other common encodings.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
|
|
anchor: base64dump.py
|
|
website: https://blog.didierstevens.com/2020/07/03/update-base64dump-py-version-0-0-12/
|
|
additional_categories:
|
|
- Analyze Documents > General
|
|
- name: binee (Binary Emulation Environment)
|
|
id: binee-binary-emulation-environment
|
|
category: Statically Analyze Code > PE Files
|
|
category_path: statically+analyze+code/pe-files
|
|
description: Analyze I/O operations of a suspicious PE file by emulating its execution.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/pe-files
|
|
anchor: binee-binary-emulation-environment
|
|
website: https://github.com/carbonblack/binee
|
|
- name: binwalk
|
|
id: binwalk
|
|
category: Examine Static Properties > General
|
|
category_path: examine+static+properties/general
|
|
description: Extract and analyze firmware images.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
|
|
anchor: binwalk
|
|
website: https://github.com/ReFirmLabs/binwalk
|
|
additional_categories:
|
|
- Statically Analyze Code > Unpacking
|
|
- name: box-js
|
|
id: box-js
|
|
category: Dynamically Reverse-Engineer Code > Scripts
|
|
category_path: dynamically+reverse-engineer+code/scripts
|
|
description: Analyze suspicious JavaScript scripts.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/scripts
|
|
anchor: box-js
|
|
website: https://github.com/CapacitorSet/box-js
|
|
- name: brxor.py
|
|
id: brxor-py
|
|
category: Examine Static Properties > Deobfuscation
|
|
category_path: examine+static+properties/deobfuscation
|
|
description: Bruteforce XOR'ed strings to find those that are English words.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
|
|
anchor: brxor.py
|
|
website: https://github.com/REMnux/distro/blob/master/files/brxor.py
|
|
- name: bulk_extractor
|
|
id: bulk-extractor
|
|
category: Examine Static Properties > General
|
|
category_path: examine+static+properties/general
|
|
description: Extract interesting strings from binary files.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
|
|
anchor: bulk_extractor
|
|
website: https://github.com/simsong/bulk_extractor/
|
|
additional_categories:
|
|
- Perform Memory Forensics
|
|
- name: Burp Suite Community Edition
|
|
id: burp-suite-community-edition
|
|
category: Explore Network Interactions > Monitoring
|
|
category_path: explore+network+interactions/monitoring
|
|
description: Investigate website interactions using this web proxy.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring
|
|
anchor: burp-suite-community-edition
|
|
website: https://portswigger.net
|
|
- name: Bytehist
|
|
id: bytehist
|
|
category: Statically Analyze Code > Unpacking
|
|
category_path: statically+analyze+code/unpacking
|
|
description: Generate byte-usage-histograms for all types of files with a focus
|
|
on PE files.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/unpacking
|
|
anchor: bytehist
|
|
website: https://www.cert.at/downloads/software/bytehist_en.html
|
|
- name: cabextract
|
|
id: cabextract
|
|
category: General Utilities
|
|
category_path: general+utilities
|
|
description: Extract Microsoft cabinet (cab) files.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/general+utilities
|
|
anchor: cabextract
|
|
website: https://www.cabextract.org.uk
|
|
- name: capa
|
|
id: capa
|
|
category: Statically Analyze Code > PE Files
|
|
category_path: statically+analyze+code/pe-files
|
|
description: Detect suspicious capabilities in PE files.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/pe-files
|
|
anchor: capa
|
|
website: https://github.com/mandiant/capa
|
|
- name: Cast
|
|
id: cast
|
|
category: General Utilities
|
|
category_path: general+utilities
|
|
description: Install and manage SaltStack-based Linux distributions.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/general+utilities
|
|
anchor: cast
|
|
website: https://github.com/ekristen/cast
|
|
- name: cfr
|
|
id: cfr
|
|
category: Statically Analyze Code > Java
|
|
category_path: statically+analyze+code/java
|
|
description: Java decompiler.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/java
|
|
anchor: cfr
|
|
website: https://www.benf.org/other/cfr/
|
|
- name: Chepy
|
|
id: chepy
|
|
category: Examine Static Properties > Deobfuscation
|
|
category_path: examine+static+properties/deobfuscation
|
|
description: Decode and otherwise analyze data using this command-line tool and
|
|
Python library.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
|
|
anchor: chepy
|
|
website: https://github.com/securisec/chepy
|
|
- name: ClamAV
|
|
id: clamav
|
|
category: Examine Static Properties > General
|
|
category_path: examine+static+properties/general
|
|
description: Scan files for malware signatures.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
|
|
anchor: clamav
|
|
website: https://www.clamav.net
|
|
additional_categories:
|
|
- Statically Analyze Code > Unpacking
|
|
- name: Cobalt Strike Configuration Extractor (CSCE) and Parser
|
|
id: cobalt-strike-configuration-extractor-csce-and-parser
|
|
category: Examine Static Properties > Deobfuscation
|
|
category_path: examine+static+properties/deobfuscation
|
|
description: Analyze Cobalt Strike beacons.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
|
|
anchor: csce
|
|
website: https://github.com/strozfriedberg/cobaltstrike-config-extractor
|
|
- name: cs-analyze-processdump.py
|
|
id: cs-analyze-processdump-py
|
|
category: Examine Static Properties > Deobfuscation
|
|
category_path: examine+static+properties/deobfuscation
|
|
description: Analyze Cobalt Strike beacon process dumps to detect sleep mask encoding.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
|
|
anchor: cs-analyze-processdump.py
|
|
website: https://blog.didierstevens.com/2021/11/25/new-tool-cs-analyze-processdump-py/
|
|
- name: cs-decrypt-metadata.py
|
|
id: cs-decrypt-metadata-py
|
|
category: Examine Static Properties > Deobfuscation
|
|
category_path: examine+static+properties/deobfuscation
|
|
description: Decrypt Cobalt Strike metadata.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
|
|
anchor: cs-decrypt-metadata.py
|
|
website: https://blog.didierstevens.com/2021/11/12/update-cs-decrypt-metadata-py-version-0-0-2/
|
|
- name: cs-extract-key.py
|
|
id: cs-extract-key-py
|
|
category: Examine Static Properties > Deobfuscation
|
|
category_path: examine+static+properties/deobfuscation
|
|
description: Extract AES and HMAC keys from Cobalt Strike beacon process memory.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
|
|
anchor: cs-extract-key.py
|
|
website: https://blog.didierstevens.com/2021/11/03/new-tool-cs-extract-key-py/
|
|
- name: cs-parse-traffic.py
|
|
id: cs-parse-traffic-py
|
|
category: Explore Network Interactions > Monitoring
|
|
category_path: explore+network+interactions/monitoring
|
|
description: Decrypt and parse Cobalt Strike beacon network traffic.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring
|
|
anchor: cs-parse-traffic.py
|
|
website: https://blog.didierstevens.com/2021/11/29/new-tool-cs-parse-traffic-py/
|
|
- name: cURL
|
|
id: curl
|
|
category: Explore Network Interactions > Connecting
|
|
category_path: explore+network+interactions/connecting
|
|
description: Interact with servers via supported protocols, including HTTP, HTTPS,
|
|
FTP, IMAP, etc.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/connecting
|
|
anchor: curl
|
|
website: https://curl.se
|
|
additional_categories:
|
|
- General Utilities
|
|
- name: cut-bytes.py
|
|
id: cut-bytes-py
|
|
category: Examine Static Properties > Deobfuscation
|
|
category_path: examine+static+properties/deobfuscation
|
|
description: Cut out a part of a data stream.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
|
|
anchor: cut-bytes.py
|
|
website: https://blog.didierstevens.com/2015/10/14/cut-bytes-py/
|
|
- name: Cutter
|
|
id: cutter
|
|
category: Statically Analyze Code > General
|
|
category_path: statically+analyze+code/general
|
|
description: Reverse engineering platform powered by Rizin.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/general
|
|
anchor: cutter
|
|
website: https://cutter.re
|
|
- name: CyberChef
|
|
id: cyberchef
|
|
category: Examine Static Properties > Deobfuscation
|
|
category_path: examine+static+properties/deobfuscation
|
|
description: Decode and otherwise analyze data using this browser app.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
|
|
anchor: cyberchef
|
|
website: https://github.com/gchq/CyberChef/
|
|
- name: DC3-MWCP
|
|
id: dc3-mwcp
|
|
category: Examine Static Properties > Deobfuscation
|
|
category_path: examine+static+properties/deobfuscation
|
|
description: Parsing configuration information from malware.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
|
|
anchor: dc3-mwcp
|
|
website: https://github.com/Defense-Cyber-Crime-Center/DC3-mwcp
|
|
- name: de4dot
|
|
id: de4dot
|
|
category: Statically Analyze Code > .NET
|
|
category_path: statically+analyze+code/.net
|
|
description: Deobfuscate and unpack.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/.net
|
|
anchor: de4dot
|
|
website: https://github.com/0xd4d/de4dot
|
|
- name: decode-vbe.py
|
|
id: decode-vbe-py
|
|
category: Statically Analyze Code > Scripts
|
|
category_path: statically+analyze+code/scripts
|
|
description: Decode encoded VBS scripts (VBE).
|
|
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/scripts
|
|
anchor: decode-vbe.py
|
|
website: https://blog.didierstevens.com/2016/03/29/decoding-vbe/
|
|
- name: Decompyle++
|
|
id: decompyle
|
|
category: Statically Analyze Code > Python
|
|
category_path: statically+analyze+code/python
|
|
description: Python bytecode disassembler and decompiler.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/python
|
|
anchor: decompyle
|
|
website: https://github.com/zrax/pycdc
|
|
- name: Detect-It-Easy
|
|
id: detect-it-easy
|
|
category: Examine Static Properties > General
|
|
category_path: examine+static+properties/general
|
|
description: Determine types of files and examine file properties.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
|
|
anchor: detect-it-easy
|
|
website: https://github.com/horsicq/Detect-It-Easy
|
|
additional_categories:
|
|
- Statically Analyze Code > General
|
|
- name: dex2jar
|
|
id: dex2jar
|
|
category: Statically Analyze Code > Android
|
|
category_path: statically+analyze+code/android
|
|
description: Examine Dalvik Executable (dex) files.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/android
|
|
anchor: dex2jar
|
|
website: https://github.com/pxb1988/dex2jar
|
|
- name: DeXRAY
|
|
id: dexray
|
|
category: Gather and Analyze Data
|
|
category_path: gather+and+analyze+data
|
|
description: Extract and decode data from antivirus quarantine files.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data
|
|
anchor: dexray
|
|
website: https://www.hexacorn.com/blog/category/software-releases/dexray/
|
|
- name: disitool
|
|
id: disitool
|
|
category: Examine Static Properties > General
|
|
category_path: examine+static+properties/general
|
|
description: Manipulate embedded digital signatures.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
|
|
anchor: disitool
|
|
website: https://blog.didierstevens.com/programs/disitool/
|
|
- name: dissect
|
|
id: dissect
|
|
category: Gather and Analyze Data
|
|
category_path: gather+and+analyze+data
|
|
description: Perform a variety of forensics and incident response tasks using this
|
|
DFIR framework and toolset.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data
|
|
anchor: dissect
|
|
website: https://github.com/fox-it/dissect
|
|
- name: dnfile
|
|
id: dnfile
|
|
category: Examine Static Properties > .NET
|
|
category_path: examine+static+properties/.net
|
|
description: Analyze static properties of.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/.net
|
|
anchor: dnfile
|
|
website: https://github.com/malwarefrank/dnfile
|
|
- name: dnslib
|
|
id: dnslib
|
|
category: Gather and Analyze Data
|
|
category_path: gather+and+analyze+data
|
|
description: Python library to encode/decode DNS wire-format packets.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data
|
|
anchor: dnslib
|
|
website: https://github.com/paulc/dnslib
|
|
- name: dnsresolver.py
|
|
id: dnsresolver-py
|
|
category: Explore Network Interactions > Services
|
|
category_path: explore+network+interactions/services
|
|
description: DNS resolver tool for dynamic analysis with wildcard and tracking support.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/services
|
|
anchor: dnsresolver.py
|
|
website: https://blog.didierstevens.com/2021/07/15/new-tool-dnsresolver-py/
|
|
- name: Docker
|
|
id: docker
|
|
category: General Utilities
|
|
category_path: general+utilities
|
|
description: Run and manage containers.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/general+utilities
|
|
anchor: docker
|
|
website: https://www.docker.com
|
|
- name: dos2unix
|
|
id: dos2unix
|
|
category: View or Edit Files
|
|
category_path: view+or+edit+files
|
|
description: Convert text files with Windows or macOS line breaks to Unix line breaks
|
|
and vice versa.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/view+or+edit+files
|
|
anchor: dos2unix
|
|
website: https://waterlan.home.xs4all.nl/dos2unix.html
|
|
- name: dotnetfile
|
|
id: dotnetfile
|
|
category: Examine Static Properties > .NET
|
|
category_path: examine+static+properties/.net
|
|
description: Analyze static properties of.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/.net
|
|
anchor: dotnetfile
|
|
website: https://github.com/pan-unit42/dotnetfile
|
|
- name: DroidLysis
|
|
id: droidlysis
|
|
category: Examine Static Properties > General
|
|
category_path: examine+static+properties/general
|
|
description: Perform static analysis of Android applications.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
|
|
anchor: droidlysis
|
|
website: https://github.com/cryptax/droidlysis
|
|
additional_categories:
|
|
- Statically Analyze Code > Android
|
|
- name: emldump.py
|
|
id: emldump-py
|
|
category: Analyze Documents > Email Messages
|
|
category_path: analyze+documents/email+messages
|
|
description: Parse and analyze EML files.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/email+messages
|
|
anchor: emldump.py
|
|
website: https://blog.didierstevens.com/2020/11/29/update-emldump-py-version-0-0-11/
|
|
- name: EPIC IRC Client
|
|
id: epic-irc-client
|
|
category: Explore Network Interactions > Connecting
|
|
category_path: explore+network+interactions/connecting
|
|
description: Examine IRC activities with this IRC client.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/connecting
|
|
anchor: epic-irc-client
|
|
website: https://www.epicsol.org/
|
|
- name: EvilClippy
|
|
id: evilclippy
|
|
category: Analyze Documents > Microsoft Office
|
|
category_path: analyze+documents/microsoft+office
|
|
description: Modify aspects of Microsoft Office documents.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office
|
|
anchor: evilclippy
|
|
website: https://github.com/outflanknl/EvilClippy
|
|
- name: Evince
|
|
id: evince
|
|
category: View or Edit Files
|
|
category_path: view+or+edit+files
|
|
description: View documents in a variety of formats, including PDF.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/view+or+edit+files
|
|
anchor: evince
|
|
website: https://wiki.gnome.org/Apps/Evince
|
|
- name: ex_pe_xor.py
|
|
id: ex-pe-xor-py
|
|
category: Examine Static Properties > Deobfuscation
|
|
category_path: examine+static+properties/deobfuscation
|
|
description: Search an XOR'ed file for indications of executable binaries.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
|
|
anchor: ex_pe_xor.py
|
|
website: https://hooked-on-mnemonics.blogspot.com/2014/04/expexorpy.html
|
|
- name: ExifTool
|
|
id: exiftool
|
|
category: Examine Static Properties > General
|
|
category_path: examine+static+properties/general
|
|
description: Tool to read from, write to, and edit EXIF metadata of various file
|
|
types.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
|
|
anchor: exiftool
|
|
website: https://exiftool.org/
|
|
- name: fakedns
|
|
id: fakedns
|
|
category: Explore Network Interactions > Services
|
|
category_path: explore+network+interactions/services
|
|
description: Respond to DNS queries with the specified IP address.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/services
|
|
anchor: fakedns
|
|
website: https://github.com/SocialExploits/fakedns/blob/main/fakedns.py
|
|
- name: fakemail
|
|
id: fakemail
|
|
category: Explore Network Interactions > Services
|
|
category_path: explore+network+interactions/services
|
|
description: Intercept and examine SMTP email activity with this fake SMTP server.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/services
|
|
anchor: fakemail
|
|
website: https://hg.sr.ht/~olly/fakemail
|
|
- name: FakeNet-NG
|
|
id: fakenet-ng
|
|
category: Explore Network Interactions > Services
|
|
category_path: explore+network+interactions/services
|
|
description: Emulate common network services and interact with malware.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/services
|
|
anchor: fakenet-ng
|
|
website: https://github.com/mandiant/flare-fakenet-ng
|
|
- name: feh
|
|
id: feh
|
|
category: View or Edit Files
|
|
category_path: view+or+edit+files
|
|
description: View images.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/view+or+edit+files
|
|
anchor: feh
|
|
website: https://feh.finalrewind.org
|
|
- name: file
|
|
id: file
|
|
category: Examine Static Properties > General
|
|
category_path: examine+static+properties/general
|
|
description: Identify file type using "magic" numbers.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
|
|
anchor: file
|
|
website: https://github.com/file/file
|
|
- name: file-magic.py
|
|
id: file-magic-py
|
|
category: Examine Static Properties > General
|
|
category_path: examine+static+properties/general
|
|
description: Identify file types using the Python magic module.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
|
|
anchor: file-magic.py
|
|
website: https://blog.didierstevens.com/2018/07/11/new-tool-file-magic-py/
|
|
- name: Firefox
|
|
id: firefox
|
|
category: General Utilities
|
|
category_path: general+utilities
|
|
description: Web browser.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/general+utilities
|
|
anchor: firefox
|
|
website: https://www.mozilla.org/firefox/
|
|
- name: FLOSS
|
|
id: floss
|
|
category: Examine Static Properties > Deobfuscation
|
|
category_path: examine+static+properties/deobfuscation
|
|
description: Extract and deobfuscate strings from PE executables.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
|
|
anchor: floss
|
|
website: https://github.com/mandiant/flare-floss
|
|
- name: format-bytes.py
|
|
id: format-bytes-py
|
|
category: Examine Static Properties > Deobfuscation
|
|
category_path: examine+static+properties/deobfuscation
|
|
description: Decompose structured binary data with format strings.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
|
|
anchor: format-bytes.py
|
|
website: https://blog.didierstevens.com/2020/02/17/update-format-bytes-py-version-0-0-13/
|
|
- name: Frida
|
|
id: frida
|
|
category: Dynamically Reverse-Engineer Code > General
|
|
category_path: dynamically+reverse-engineer+code/general
|
|
description: Trace the execution of a process to analyze its behavior.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/general
|
|
anchor: frida
|
|
website: https://frida.re
|
|
- name: Ghidra
|
|
id: ghidra
|
|
category: Statically Analyze Code > General
|
|
category_path: statically+analyze+code/general
|
|
description: Software reverse engineering tool suite.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/general
|
|
anchor: ghidra
|
|
website: https://ghidra-sre.org
|
|
- name: GhidrAssistMCP
|
|
id: ghidrassistmcp
|
|
category: Use Artificial Intelligence
|
|
category_path: use+artificial+intelligence
|
|
description: MCP server for AI-assisted reverse engineering in Ghidra.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/use+artificial+intelligence
|
|
anchor: ghidrassistmcp
|
|
website: https://github.com/jtang613/GhidrAssistMCP
|
|
- name: GNOME Calculator
|
|
id: gnome-calculator
|
|
category: General Utilities
|
|
category_path: general+utilities
|
|
description: Calculator.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/general+utilities
|
|
anchor: gnome-calculator
|
|
website: https://wiki.gnome.org/Apps/Calculator
|
|
- name: GNU Wget
|
|
id: gnu-wget
|
|
category: Explore Network Interactions > Connecting
|
|
category_path: explore+network+interactions/connecting
|
|
description: Interact with servers via HTTP, HTTPS, FTP, and FTPS using this command-line
|
|
tool.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/connecting
|
|
anchor: gnu-wget
|
|
website: https://www.gnu.org/software/wget/
|
|
- name: GoReSym
|
|
id: goresym
|
|
category: Examine Static Properties > Go
|
|
category_path: examine+static+properties/go
|
|
description: Extract metadata and symbols from Go binaries, including stripped ones.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/go
|
|
anchor: goresym
|
|
website: https://github.com/mandiant/GoReSym
|
|
- name: Hachoir
|
|
id: hachoir
|
|
category: Examine Static Properties > General
|
|
category_path: examine+static+properties/general
|
|
description: View, edit, and carve contents of various binary file types.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
|
|
anchor: hachoir
|
|
website: https://github.com/vstinner/hachoir
|
|
additional_categories:
|
|
- Analyze Documents > Microsoft Office
|
|
- name: Hash ID
|
|
id: hash-id
|
|
category: Examine Static Properties > General
|
|
category_path: examine+static+properties/general
|
|
description: Identify different types of hashes.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
|
|
anchor: hash-id
|
|
website: https://github.com/blackploit/hash-identifier
|
|
- name: hex-to-bin.py
|
|
id: hex-to-bin-py
|
|
category: Examine Static Properties > Deobfuscation
|
|
category_path: examine+static+properties/deobfuscation
|
|
description: Convert hexadecimal text dumps to binary data.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
|
|
anchor: hex-to-bin.py
|
|
website: https://blog.didierstevens.com/2020/04/19/update-hex-to-bin-py-version-0-0-5/
|
|
- name: IBus
|
|
id: ibus
|
|
category: General Utilities
|
|
category_path: general+utilities
|
|
description: Adjust input methods for the GUI.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/general+utilities
|
|
anchor: ibus
|
|
website: https://github.com/ibus/ibus
|
|
- name: ILSpy
|
|
id: ilspy
|
|
category: Statically Analyze Code > .NET
|
|
category_path: statically+analyze+code/.net
|
|
description: Examine and decompile.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/.net
|
|
anchor: ilspy
|
|
website: https://github.com/icsharpcode/ILSpy
|
|
- name: ImageMagick
|
|
id: imagemagick
|
|
category: View or Edit Files
|
|
category_path: view+or+edit+files
|
|
description: View and manipulate image and related files.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/view+or+edit+files
|
|
anchor: imagemagick
|
|
website: https://imagemagick.org/
|
|
- name: INetSim
|
|
id: inetsim
|
|
category: Explore Network Interactions > Services
|
|
category_path: explore+network+interactions/services
|
|
description: Emulate common network services and interact with malware.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/services
|
|
anchor: inetsim
|
|
website: https://www.inetsim.org/
|
|
- name: Info-ZIP
|
|
id: info-zip
|
|
category: General Utilities
|
|
category_path: general+utilities
|
|
description: Compress and decompress files using the zip algorithm.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/general+utilities
|
|
anchor: info-zip
|
|
website: http://infozip.sourceforge.net
|
|
- name: inspircd 3
|
|
id: inspircd-3
|
|
category: Explore Network Interactions > Services
|
|
category_path: explore+network+interactions/services
|
|
description: Examine IRC activity with this IRC server.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/services
|
|
anchor: inspircd-3
|
|
website: https://www.inspircd.org/
|
|
- name: ioc_parser
|
|
id: ioc-parser
|
|
category: Gather and Analyze Data
|
|
category_path: gather+and+analyze+data
|
|
description: Extract IOCs from security report PDFs.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data
|
|
anchor: ioc_parser
|
|
website: https://github.com/buffer/ioc_parser
|
|
- name: ipwhois
|
|
id: ipwhois
|
|
category: Gather and Analyze Data
|
|
category_path: gather+and+analyze+data
|
|
description: Retrieve and parse whois data for IP addresses.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data
|
|
anchor: ipwhois
|
|
website: https://github.com/secynic/ipwhois
|
|
- name: JADX
|
|
id: jadx
|
|
category: Statically Analyze Code > Android
|
|
category_path: statically+analyze+code/android
|
|
description: Generate Java source code from Dalvik Executable (dex) and Android
|
|
APK files.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/android
|
|
anchor: jadx
|
|
website: https://github.com/skylot/jadx
|
|
- name: Java IDX Parser
|
|
id: java-idx-parser
|
|
category: Statically Analyze Code > Java
|
|
category_path: statically+analyze+code/java
|
|
description: Analyze Java IDX files.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/java
|
|
anchor: java-idx-parser
|
|
website: https://github.com/digitalsleuth/Java_IDX_Parser
|
|
- name: Javassist
|
|
id: javassist
|
|
category: Statically Analyze Code > Java
|
|
category_path: statically+analyze+code/java
|
|
description: Java bytecode engineering toolkit/library.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/java
|
|
anchor: javassist
|
|
website: https://www.javassist.org/
|
|
- name: JD-GUI Java Decompiler
|
|
id: jd-gui-java-decompiler
|
|
category: Statically Analyze Code > Java
|
|
category_path: statically+analyze+code/java
|
|
description: Java decompiler with GUI.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/java
|
|
anchor: jd-gui-java-decompiler
|
|
website: https://java-decompiler.github.io/
|
|
- name: JS Beautifier
|
|
id: js-beautifier
|
|
category: Statically Analyze Code > Scripts
|
|
category_path: statically+analyze+code/scripts
|
|
description: Reformat JavaScript scripts for easier analysis.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/scripts
|
|
anchor: js-beautifier
|
|
website: https://beautifier.io/
|
|
- name: JStillery
|
|
id: jstillery
|
|
category: Dynamically Reverse-Engineer Code > Scripts
|
|
category_path: dynamically+reverse-engineer+code/scripts
|
|
description: Deobfuscate JavaScript scripts using AST and Partial Evaluation techniques.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/scripts
|
|
anchor: jstillery
|
|
website: https://github.com/mindedsecurity/jstillery
|
|
- name: libemu
|
|
id: libemu
|
|
category: Dynamically Reverse-Engineer Code > Shellcode
|
|
category_path: dynamically+reverse-engineer+code/shellcode
|
|
description: A library for x86 code emulation and shellcode detection.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/shellcode
|
|
anchor: libemu
|
|
website: https://github.com/buffer/libemu
|
|
- name: libolecf
|
|
id: libolecf
|
|
category: Analyze Documents > Microsoft Office
|
|
category_path: analyze+documents/microsoft+office
|
|
description: Microsoft Office OLE2 compound documents.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office
|
|
anchor: libolecf
|
|
website: https://github.com/libyal/libolecf
|
|
- name: LIEF
|
|
id: lief
|
|
category: Examine Static Properties > General
|
|
category_path: examine+static+properties/general
|
|
description: Parse and analyze PE, ELF, MachO, DEX, OAT, VDEX, ART, and DWARF executable
|
|
formats.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
|
|
anchor: lief
|
|
website: https://lief.re
|
|
- name: Magika
|
|
id: magika
|
|
category: Examine Static Properties > General
|
|
category_path: examine+static+properties/general
|
|
description: Identify file type using signatures.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
|
|
anchor: magika
|
|
website: https://google.github.io/magika
|
|
- name: mail-parser
|
|
id: mail-parser
|
|
category: Analyze Documents > Email Messages
|
|
category_path: analyze+documents/email+messages
|
|
description: Parse raw SMTP and.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/email+messages
|
|
anchor: mail-parser
|
|
website: https://github.com/SpamScope/mail-parser
|
|
- name: Malcat Lite
|
|
id: malcat-lite
|
|
category: Examine Static Properties > General
|
|
category_path: examine+static+properties/general
|
|
description: Analyze binary files using a hex editor, disassembler, and file dissector.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
|
|
anchor: malcat-lite
|
|
website: https://malcat.fr
|
|
- name: Malchive
|
|
id: malchive
|
|
category: Examine Static Properties > Deobfuscation
|
|
category_path: examine+static+properties/deobfuscation
|
|
description: Perform static analysis of various aspects of malicious code.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
|
|
anchor: malchive
|
|
website: https://github.com/MITRECND/malchive
|
|
additional_categories:
|
|
- Statically Analyze Code > PE Files
|
|
- name: malwoverview
|
|
id: malwoverview
|
|
category: Gather and Analyze Data
|
|
category_path: gather+and+analyze+data
|
|
description: Query public repositories of malware data (e.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data
|
|
anchor: malwoverview
|
|
website: https://github.com/alexandreborges/malwoverview
|
|
- name: mbcscan
|
|
id: mbcscan
|
|
category: Statically Analyze Code > PE Files
|
|
category_path: statically+analyze+code/pe-files
|
|
description: Scan a PE file to list the associated Malware Behavior Catalog (MBC)
|
|
details.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/pe-files
|
|
anchor: mbcscan
|
|
website: https://github.com/accidentalrebel/mbcscan
|
|
- name: mitmproxy
|
|
id: mitmproxy
|
|
category: Explore Network Interactions > Monitoring
|
|
category_path: explore+network+interactions/monitoring
|
|
description: Investigate website interactions using this web proxy.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring
|
|
anchor: mitmproxy
|
|
website: https://mitmproxy.org
|
|
- name: monodis
|
|
id: monodis
|
|
category: Examine Static Properties > .NET
|
|
category_path: examine+static+properties/.net
|
|
description: Disassemble and extract resources from.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/.net
|
|
anchor: monodis
|
|
website: https://www.mono-project.com/docs/tools+libraries/tools/monodis/
|
|
- name: msg-extractor
|
|
id: msg-extractor
|
|
category: Analyze Documents > Email Messages
|
|
category_path: analyze+documents/email+messages
|
|
description: Extract emails and attachments from MSG files.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/email+messages
|
|
anchor: msg-extractor
|
|
website: https://github.com/TeamMsgExtractor/msg-extractor
|
|
- name: msgconvert
|
|
id: msgconvert
|
|
category: Analyze Documents > Email Messages
|
|
category_path: analyze+documents/email+messages
|
|
description: Convert MSG files to MBOX files.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/email+messages
|
|
anchor: msgconvert
|
|
website: https://www.matijs.net/software/msgconv/
|
|
- name: msitools
|
|
id: msitools
|
|
category: Examine Static Properties > General
|
|
category_path: examine+static+properties/general
|
|
description: Create, inspect and extract Windows Installer (.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
|
|
anchor: msitools
|
|
website: https://wiki.gnome.org/msitools
|
|
- name: msoffcrypto-crack.py
|
|
id: msoffcrypto-crack-py
|
|
category: Analyze Documents > Microsoft Office
|
|
category_path: analyze+documents/microsoft+office
|
|
description: Recover the password of an encrypted Microsoft Office document.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office
|
|
anchor: msoffcrypto-crack.py
|
|
website: https://blog.didierstevens.com/2018/12/31/new-tool-msoffcrypto-crack-py/
|
|
- name: msoffcrypto-tool
|
|
id: msoffcrypto-tool
|
|
category: Analyze Documents > Microsoft Office
|
|
category_path: analyze+documents/microsoft+office
|
|
description: Decrypt a Microsoft Office file with password, intermediate key, or
|
|
private key which generated its escrow key.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office
|
|
anchor: msoffcrypto-tool
|
|
website: https://github.com/nolze/msoffcrypto-tool
|
|
- name: msoffice-crypt
|
|
id: msoffice-crypt
|
|
category: Analyze Documents > Microsoft Office
|
|
category_path: analyze+documents/microsoft+office
|
|
description: Encrypt and decrypt OOXML Microsoft Office documents.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office
|
|
anchor: msoffice-crypt
|
|
website: https://github.com/herumi/msoffice
|
|
- name: myip
|
|
id: myip
|
|
category: General Utilities
|
|
category_path: general+utilities
|
|
description: Determine the IP address of the default network interface.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/general+utilities
|
|
anchor: myip
|
|
website: https://github.com/REMnux/distro/blob/master/files/myip
|
|
- name: myjson-filter.py
|
|
id: myjson-filter-py
|
|
category: General Utilities
|
|
category_path: general+utilities
|
|
description: Filter data formatted using the JSON format used by Didier Stevens'
|
|
tools.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/general+utilities
|
|
anchor: myjson-filter.py
|
|
website: https://blog.didierstevens.com/2022/04/09/new-tool-myjson-filter-py/
|
|
- name: Name-That-Hash
|
|
id: name-that-hash
|
|
category: Examine Static Properties > General
|
|
category_path: examine+static+properties/general
|
|
description: Identify dfferent types of hashes.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
|
|
anchor: name-that-hash
|
|
website: https://github.com/HashPals/Name-That-Hash
|
|
- name: nasm
|
|
id: nasm
|
|
category: General Utilities
|
|
category_path: general+utilities
|
|
description: An x86-64 assembler.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/general+utilities
|
|
anchor: nasm
|
|
website: https://www.nasm.us
|
|
- name: Nautilus
|
|
id: nautilus
|
|
category: General Utilities
|
|
category_path: general+utilities
|
|
description: Graphical file manager.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/general+utilities
|
|
anchor: nautilus
|
|
website: https://gitlab.gnome.org/GNOME/nautilus
|
|
- name: netcat
|
|
id: netcat
|
|
category: Explore Network Interactions > Connecting
|
|
category_path: explore+network+interactions/connecting
|
|
description: Read and write data across network connections.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/connecting
|
|
anchor: netcat
|
|
website: https://nc110.sourceforge.io/
|
|
additional_categories:
|
|
- Explore Network Interactions > Services
|
|
- name: Network Miner Free Edition
|
|
id: network-miner-free-edition
|
|
category: Explore Network Interactions > Monitoring
|
|
category_path: explore+network+interactions/monitoring
|
|
description: Examine network traffic and carve PCAP capture files.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring
|
|
anchor: network-miner-free-edition
|
|
website: https://www.netresec.com
|
|
- name: Nginx
|
|
id: nginx
|
|
category: Explore Network Interactions > Services
|
|
category_path: explore+network+interactions/services
|
|
description: Web server.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/services
|
|
anchor: nginx
|
|
website: https://nginx.org
|
|
- name: ngrep
|
|
id: ngrep
|
|
category: Explore Network Interactions > Monitoring
|
|
category_path: explore+network+interactions/monitoring
|
|
description: Look for patterns in network traffic.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring
|
|
anchor: ngrep
|
|
website: https://github.com/jpr5/ngrep/
|
|
- name: NoMoreXOR.py
|
|
id: nomorexor-py
|
|
category: Examine Static Properties > Deobfuscation
|
|
category_path: examine+static+properties/deobfuscation
|
|
description: Help guess a file's 256-byte XOR by using frequency analysis.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
|
|
anchor: nomorexor.py
|
|
website: https://github.com/digitalsleuth/NoMoreXOR
|
|
- name: nsrllookup
|
|
id: nsrllookup
|
|
category: Gather and Analyze Data
|
|
category_path: gather+and+analyze+data
|
|
description: Look up MD5 file hashes in the NIST National Software Reference Library
|
|
(NSRL).
|
|
docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data
|
|
anchor: nsrllookup
|
|
website: https://github.com/rjhansen/nsrllookup
|
|
- name: numbers-to-string.py
|
|
id: numbers-to-string-py
|
|
category: Examine Static Properties > General
|
|
category_path: examine+static+properties/general
|
|
description: Convert decimal numbers to strings.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
|
|
anchor: numbers-to-string
|
|
website: https://blog.didierstevens.com/2020/12/12/update-numbers-to-string-py-version-0-0-11/
|
|
additional_categories:
|
|
- Examine Static Properties > Deobfuscation
|
|
- name: objdump
|
|
id: objdump
|
|
category: Statically Analyze Code > General
|
|
category_path: statically+analyze+code/general
|
|
description: Disassemble binary files.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/general
|
|
anchor: objdump
|
|
website: https://en.wikipedia.org/wiki/Objdump
|
|
- name: objects.js
|
|
id: objects-js
|
|
category: Dynamically Reverse-Engineer Code > Scripts
|
|
category_path: dynamically+reverse-engineer+code/scripts
|
|
description: Emulate common browser and PDF viewer objects, methods, and properties
|
|
when deobfuscating JavaScript.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/scripts
|
|
anchor: objects.js
|
|
website: https://github.com/REMnux/salt-states/blob/master/remnux/config/objects/objects.js
|
|
- name: oledump.py
|
|
id: oledump-py
|
|
category: Analyze Documents > Microsoft Office
|
|
category_path: analyze+documents/microsoft+office
|
|
description: Analyze OLE2 Structured Storage files.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office
|
|
anchor: oledump.py
|
|
website: https://blog.didierstevens.com/programs/oledump-py/
|
|
- name: olefile
|
|
id: olefile
|
|
category: Analyze Documents > Microsoft Office
|
|
category_path: analyze+documents/microsoft+office
|
|
description: Python package to parse, read and write MS OLE2 files.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office
|
|
anchor: olefile
|
|
website: https://github.com/decalage2/olefile
|
|
- name: oletools
|
|
id: oletools
|
|
category: Analyze Documents > Microsoft Office
|
|
category_path: analyze+documents/microsoft+office
|
|
description: Microsoft Office OLE2 compound documents.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office
|
|
anchor: oletools
|
|
website: https://www.decalage.info/python/oletools
|
|
- name: onedump.py
|
|
id: onedump-py
|
|
category: Analyze Documents > Microsoft Office
|
|
category_path: analyze+documents/microsoft+office
|
|
description: Extract and analyze embedded files from OneNote documents.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office
|
|
anchor: onedump.py
|
|
website: https://blog.didierstevens.com/2023/01/22/new-tool-onedump-py/
|
|
- name: OpenCode
|
|
id: opencode
|
|
category: Use Artificial Intelligence
|
|
category_path: use+artificial+intelligence
|
|
description: Open-source AI coding agent for the terminal.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/use+artificial+intelligence
|
|
anchor: opencode
|
|
website: https://opencode.ai
|
|
- name: OpenSSH
|
|
id: openssh
|
|
category: General Utilities
|
|
category_path: general+utilities
|
|
description: Initiate and receive SSH and SFTP connections.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/general+utilities
|
|
anchor: openssh
|
|
website: https://www.openssh.com
|
|
- name: Origamindee
|
|
id: origamindee
|
|
category: Analyze Documents > PDF
|
|
category_path: analyze+documents/pdf
|
|
description: Parse, modify, generate PDF files.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/pdf
|
|
anchor: origamindee
|
|
website: https://github.com/mindee/origamindee
|
|
- name: pcode2code
|
|
id: pcode2code
|
|
category: Analyze Documents > Microsoft Office
|
|
category_path: analyze+documents/microsoft+office
|
|
description: Decompile VBA macro p-code from Microsoft Office documents.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office
|
|
anchor: pcode2code
|
|
website: https://github.com/Big5-sec/pcode2code
|
|
- name: pcodedmp
|
|
id: pcodedmp
|
|
category: Analyze Documents > Microsoft Office
|
|
category_path: analyze+documents/microsoft+office
|
|
description: Disassemble VBA p-code.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office
|
|
anchor: pcodedmp
|
|
website: https://github.com/bontchev/pcodedmp
|
|
- name: pdf-parser.py
|
|
id: pdf-parser-py
|
|
category: Analyze Documents > PDF
|
|
category_path: analyze+documents/pdf
|
|
description: Examine elements of the PDF file.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/pdf
|
|
anchor: pdf-parser.py
|
|
website: https://blog.didierstevens.com/programs/pdf-tools/
|
|
- name: pdfid.py
|
|
id: pdfid-py
|
|
category: Analyze Documents > PDF
|
|
category_path: analyze+documents/pdf
|
|
description: Identify suspicious elements of the PDF file.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/pdf
|
|
anchor: pdfid.py
|
|
website: https://blog.didierstevens.com/programs/pdf-tools/
|
|
- name: pdfresurrect
|
|
id: pdfresurrect
|
|
category: Analyze Documents > PDF
|
|
category_path: analyze+documents/pdf
|
|
description: Extract previous versions of content from PDF files.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/pdf
|
|
anchor: pdfresurrect
|
|
website: https://github.com/enferex/pdfresurrect
|
|
- name: pdftk-java
|
|
id: pdftk-java
|
|
category: Analyze Documents > PDF
|
|
category_path: analyze+documents/pdf
|
|
description: Edit, create, and examine PDF files.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/pdf
|
|
anchor: pdftk-java
|
|
website: https://gitlab.com/pdftk-java/pdftk
|
|
- name: pdftool.py
|
|
id: pdftool-py
|
|
category: Analyze Documents > PDF
|
|
category_path: analyze+documents/pdf
|
|
description: Analyze PDF files to identify incremental updates to the document.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/pdf
|
|
anchor: pdftool.py
|
|
website: https://blog.didierstevens.com/2021/01/31/new-tool-pdftool-py/
|
|
- name: pdnstool
|
|
id: pdnstool
|
|
category: Gather and Analyze Data
|
|
category_path: gather+and+analyze+data
|
|
description: Query passive DNS databases for DNS data.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data
|
|
anchor: pdnstool
|
|
website: https://github.com/chrislee35/passivedns-client
|
|
- name: peepdf-3
|
|
id: peepdf-3
|
|
category: Analyze Documents > PDF
|
|
category_path: analyze+documents/pdf
|
|
description: Examine elements of the PDF file.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/pdf
|
|
anchor: peepdf-3
|
|
website: https://github.com/digitalsleuth/peepdf-3
|
|
- name: PolarProxy
|
|
id: polarproxy
|
|
category: Explore Network Interactions > Monitoring
|
|
category_path: explore+network+interactions/monitoring
|
|
description: Intercept and decrypt TLS traffic.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring
|
|
anchor: polarproxy
|
|
website: https://www.netresec.com
|
|
- name: PowerShell Core
|
|
id: powershell-core
|
|
category: Dynamically Reverse-Engineer Code > Scripts
|
|
category_path: dynamically+reverse-engineer+code/scripts
|
|
description: Run PowerShell scripts and commands.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/scripts
|
|
anchor: powershell-core
|
|
website: https://github.com/powershell/powershell
|
|
additional_categories:
|
|
- General Utilities
|
|
- name: ProcDOT
|
|
id: procdot
|
|
category: Investigate System Interactions
|
|
category_path: investigate+system+interactions
|
|
description: Visualize and examine the output of Process Monitor.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/investigate+system+interactions
|
|
anchor: procdot
|
|
website: https://www.procdot.com
|
|
- name: Procyon
|
|
id: procyon
|
|
category: Statically Analyze Code > Java
|
|
category_path: statically+analyze+code/java
|
|
description: Java decompiler.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/java
|
|
anchor: procyon
|
|
website: https://github.com/mstrobel/procyon
|
|
- name: PyInstaller Extractor
|
|
id: pyinstaller-extractor
|
|
category: Statically Analyze Code > Python
|
|
category_path: statically+analyze+code/python
|
|
description: Extract contents of a PyInstaller-generated PE files.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/python
|
|
anchor: pyinstaller-extractor
|
|
website: https://github.com/extremecoders-re/pyinstxtractor
|
|
- name: pyinstxtractor-ng
|
|
id: pyinstxtractor-ng
|
|
category: Statically Analyze Code > Python
|
|
category_path: statically+analyze+code/python
|
|
description: Extract contents of PyInstaller-generated executables without requiring
|
|
a matching Python version.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/python
|
|
anchor: pyinstxtractor-ng
|
|
website: https://github.com/pyinstxtractor/pyinstxtractor-ng
|
|
- name: Qiling
|
|
id: qiling
|
|
category: Statically Analyze Code > General
|
|
category_path: statically+analyze+code/general
|
|
description: Emulate code execution of PE files, shellcode, etc.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/general
|
|
anchor: qiling
|
|
website: https://www.qiling.io
|
|
additional_categories:
|
|
- Dynamically Reverse-Engineer Code > Shellcode
|
|
- name: qpdf
|
|
id: qpdf
|
|
category: Analyze Documents > PDF
|
|
category_path: analyze+documents/pdf
|
|
description: Manipulate (merge, convert, transform) PDF files.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/pdf
|
|
anchor: qpdf
|
|
website: http://qpdf.sourceforge.net/
|
|
- name: r2pipe
|
|
id: r2pipe
|
|
category: Dynamically Reverse-Engineer Code > General
|
|
category_path: dynamically+reverse-engineer+code/general
|
|
description: Examine binary files, including disassembling and debugging.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/general
|
|
anchor: r2pipe
|
|
website: https://rada.re/n/r2pipe.html
|
|
- name: radare2
|
|
id: radare2
|
|
category: Dynamically Reverse-Engineer Code > General
|
|
category_path: dynamically+reverse-engineer+code/general
|
|
description: Examine binary files, including disassembling and debugging.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/general
|
|
anchor: radare2
|
|
website: https://www.radare.org/n/radare2.html
|
|
additional_categories:
|
|
- Use Artificial Intelligence
|
|
- name: RAR
|
|
id: rar
|
|
category: General Utilities
|
|
category_path: general+utilities
|
|
description: Compress and decompress files using a variety of algorithms.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/general+utilities
|
|
anchor: rar
|
|
website: https://www.rarlab.com
|
|
- name: re-search.py
|
|
id: re-search-py
|
|
category: Examine Static Properties > General
|
|
category_path: examine+static+properties/general
|
|
description: Search the file for built-in regular expressions of common suspicious
|
|
artifacts.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
|
|
anchor: re-search.py
|
|
website: https://blog.didierstevens.com/2021/05/23/update-re-search-py-version-0-0-17/
|
|
additional_categories:
|
|
- Examine Static Properties > Deobfuscation
|
|
- name: Redress
|
|
id: redress
|
|
category: Examine Static Properties > Go
|
|
category_path: examine+static+properties/go
|
|
description: Analyze stripped Go binaries to recover symbols, types, source structure,
|
|
and integrate with Radare2.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/go
|
|
anchor: redress
|
|
website: https://github.com/goretk/redress
|
|
- name: REMnux Installer
|
|
id: remnux-installer
|
|
category: General Utilities
|
|
category_path: general+utilities
|
|
description: Install and update the REMnux distro.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/general+utilities
|
|
anchor: remnux-installer
|
|
website: https://github.com/REMnux/distro/blob/master/files/remnux-installer.sh
|
|
- name: REMnux MCP Server
|
|
id: remnux-mcp-server
|
|
category: Use Artificial Intelligence
|
|
category_path: use+artificial+intelligence
|
|
description: MCP server for using the REMnux malware analysis toolkit via AI assistants.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/use+artificial+intelligence
|
|
anchor: remnux-mcp-server
|
|
website: https://github.com/REMnux/remnux-mcp-server
|
|
- name: Rhino Debugger
|
|
id: rhino-debugger
|
|
category: Dynamically Reverse-Engineer Code > Scripts
|
|
category_path: dynamically+reverse-engineer+code/scripts
|
|
description: GUI JavaScript debugger.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/scripts
|
|
anchor: rhino-debugger
|
|
website: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Rhino/Debugger
|
|
- name: RSAKeyFinder
|
|
id: rsakeyfinder
|
|
category: Perform Memory Forensics
|
|
category_path: perform+memory+forensics
|
|
description: Find BER-encoded RSA private keys in a memory image.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/perform+memory+forensics
|
|
anchor: rsakeyfinder
|
|
website: https://citp.princeton.edu/our-work/memory/
|
|
- name: rtfdump.py
|
|
id: rtfdump-py
|
|
category: Analyze Documents > Microsoft Office
|
|
category_path: analyze+documents/microsoft+office
|
|
description: Analyze a suspicious RTF file.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office
|
|
anchor: rtfdump.py
|
|
website: https://blog.didierstevens.com/2018/12/10/update-rtfdump-py-version-0-0-9/
|
|
- name: runsc
|
|
id: runsc
|
|
category: Dynamically Reverse-Engineer Code > Shellcode
|
|
category_path: dynamically+reverse-engineer+code/shellcode
|
|
description: Run shellcode to trace and analyze its execution.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/shellcode
|
|
anchor: runsc
|
|
website: https://github.com/edygert/runsc
|
|
- name: sandfly-processdecloak
|
|
id: sandfly-processdecloak
|
|
category: Investigate System Interactions
|
|
category_path: investigate+system+interactions
|
|
description: Find hidden processes on the local Linux system.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/investigate+system+interactions
|
|
anchor: sandfly-processdecloak
|
|
website: https://github.com/sandflysecurity/sandfly-processdecloak
|
|
- name: Scalpel
|
|
id: scalpel
|
|
category: Gather and Analyze Data
|
|
category_path: gather+and+analyze+data
|
|
description: Carve contents out of binary files, such as partitions.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data
|
|
anchor: scalpel
|
|
website: https://github.com/sleuthkit/scalpel
|
|
- name: scdbg
|
|
id: scdbg
|
|
category: Dynamically Reverse-Engineer Code > Shellcode
|
|
category_path: dynamically+reverse-engineer+code/shellcode
|
|
description: Analyze shellcode by emulating its execution.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/shellcode
|
|
anchor: scdbg
|
|
website: http://sandsprite.com/blogs/index.php?uid=7&pid=152
|
|
- name: SciTE
|
|
id: scite
|
|
category: View or Edit Files
|
|
category_path: view+or+edit+files
|
|
description: Edit text files.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/view+or+edit+files
|
|
anchor: scite
|
|
website: https://www.scintilla.org/SciTE.html
|
|
- name: sets.py
|
|
id: sets-py
|
|
category: Examine Static Properties > Deobfuscation
|
|
category_path: examine+static+properties/deobfuscation
|
|
description: Perform set operations on lines or bytes in text files.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
|
|
anchor: sets.py
|
|
website: https://blog.didierstevens.com/2017/03/05/new-tool-sets-py/
|
|
- name: shcode2exe
|
|
id: shcode2exe
|
|
category: Dynamically Reverse-Engineer Code > Shellcode
|
|
category_path: dynamically+reverse-engineer+code/shellcode
|
|
description: Convert 32 and 64-bit shellcode to a Windows executable file.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/shellcode
|
|
anchor: shcode2exe
|
|
website: https://github.com/accidentalrebel/shcode2exe
|
|
- name: shellcode2exe.bat
|
|
id: shellcode2exe-bat
|
|
category: Dynamically Reverse-Engineer Code > Shellcode
|
|
category_path: dynamically+reverse-engineer+code/shellcode
|
|
description: Convert 32 and 64-bit shellcode to a Windows executable file.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/shellcode
|
|
anchor: shellcode2exe.bat
|
|
website: https://github.com/repnz/shellcode2exe
|
|
- name: signsrch
|
|
id: signsrch
|
|
category: Examine Static Properties > General
|
|
category_path: examine+static+properties/general
|
|
description: Find patterns of common encryption, compression, or encoding algorithms.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
|
|
anchor: signsrch
|
|
website: http://aluigi.altervista.org/mytoolz.htm
|
|
- name: Sleuth Kit
|
|
id: sleuth-kit
|
|
category: Examine Static Properties > General
|
|
category_path: examine+static+properties/general
|
|
description: Analyze disk images and recover files from them.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
|
|
anchor: sleuth-kit
|
|
website: https://www.sleuthkit.org/sleuthkit
|
|
- name: sortcanon.py
|
|
id: sortcanon-py
|
|
category: General Utilities
|
|
category_path: general+utilities
|
|
description: Sort text files using canonicalization functions built into this tool.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/general+utilities
|
|
anchor: sortcanon.py
|
|
website: https://blog.didierstevens.com/2022/06/18/new-tool-sortcanon-py/
|
|
- name: Speakeasy
|
|
id: speakeasy
|
|
category: Statically Analyze Code > PE Files
|
|
category_path: statically+analyze+code/pe-files
|
|
description: Emulate code execution, including shellcode, Windows drivers, and Windows
|
|
PE files.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/pe-files
|
|
anchor: speakeasy
|
|
website: https://github.com/mandiant/speakeasy
|
|
additional_categories:
|
|
- Dynamically Reverse-Engineer Code > Shellcode
|
|
- name: SpiderMonkey
|
|
id: spidermonkey
|
|
category: Dynamically Reverse-Engineer Code > Scripts
|
|
category_path: dynamically+reverse-engineer+code/scripts
|
|
description: Execute and deobfuscate JavaScript using Mozilla's standalone
|
|
JavaScript engine.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/scripts
|
|
anchor: spidermonkey
|
|
website: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey
|
|
- name: SpiderMonkey (Patched)
|
|
id: spidermonkey-patched
|
|
category: Dynamically Reverse-Engineer Code > Scripts
|
|
category_path: dynamically+reverse-engineer+code/scripts
|
|
description: Execute and deobfuscate JavaScript using a patched version of Mozilla's
|
|
standalone JavaScript engine.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/scripts
|
|
anchor: spidermonkey-patched
|
|
website: https://blog.didierstevens.com/2018/04/19/update-patched-spidermonkey/
|
|
- name: SQLite
|
|
id: sqlite
|
|
category: General Utilities
|
|
category_path: general+utilities
|
|
description: Manage and interact with SQL database files.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/general+utilities
|
|
anchor: sqlite
|
|
website: http://www.sqlite.org
|
|
- name: ssdeep
|
|
id: ssdeep
|
|
category: Examine Static Properties > General
|
|
category_path: examine+static+properties/general
|
|
description: Compute Context Triggered Piecewise Hashes (CTPH), also known as fuzzy
|
|
hashes.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
|
|
anchor: ssdeep
|
|
website: https://ssdeep-project.github.io/ssdeep/index.html
|
|
- name: SSView
|
|
id: ssview
|
|
category: Analyze Documents > Microsoft Office
|
|
category_path: analyze+documents/microsoft+office
|
|
description: Analyze OLE2 Structured Storage files.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office
|
|
anchor: ssview
|
|
website: https://www.mitec.cz/ssv.html
|
|
- name: STPyV8
|
|
id: stpyv8
|
|
category: Dynamically Reverse-Engineer Code > Scripts
|
|
category_path: dynamically+reverse-engineer+code/scripts
|
|
description: Python3 and JavaScript interop engine, fork of the original PyV8 project.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/scripts
|
|
anchor: stpyv8
|
|
website: https://github.com/cloudflare/stpyv8
|
|
- name: strdeob.pl
|
|
id: strdeob-pl
|
|
category: Examine Static Properties > Deobfuscation
|
|
category_path: examine+static+properties/deobfuscation
|
|
description: Locate and decode stack strings in executable files.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
|
|
anchor: strdeob.pl
|
|
website: https://github.com/REMnux/distro/blob/master/files/strdeob.pl
|
|
- name: strings.py
|
|
id: strings-py
|
|
category: Examine Static Properties > General
|
|
category_path: examine+static+properties/general
|
|
description: Extract ASCII and Unicode strings from binary files with length sorting
|
|
and filtering.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
|
|
anchor: strings.py
|
|
website: https://blog.didierstevens.com/2020/12/19/update-strings-py-version-0-0-6/
|
|
- name: tcpdump
|
|
id: tcpdump
|
|
category: Explore Network Interactions > Monitoring
|
|
category_path: explore+network+interactions/monitoring
|
|
description: Capture and analyze network traffic with this command-line sniffer.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring
|
|
anchor: tcpdump
|
|
website: https://www.tcpdump.org
|
|
- name: tcpflow
|
|
id: tcpflow
|
|
category: Explore Network Interactions > Monitoring
|
|
category_path: explore+network+interactions/monitoring
|
|
description: Analyze the flow of network traffic.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring
|
|
anchor: tcpflow
|
|
website: https://downloads.digitalcorpora.org/downloads/tcpflow/
|
|
- name: tcpick
|
|
id: tcpick
|
|
category: Explore Network Interactions > Monitoring
|
|
category_path: explore+network+interactions/monitoring
|
|
description: Capture and analyze network traffic with this command-line sniffer.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring
|
|
anchor: tcpick
|
|
website: http://tcpick.sourceforge.net
|
|
- name: tcpxtract
|
|
id: tcpxtract
|
|
category: Explore Network Interactions > Monitoring
|
|
category_path: explore+network+interactions/monitoring
|
|
description: Extract files from network traffic.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring
|
|
anchor: tcpxtract
|
|
website: http://tcpxtract.sourceforge.net
|
|
- name: Tesseract OCR
|
|
id: tesseract-ocr
|
|
category: Analyze Documents > General
|
|
category_path: analyze+documents/general
|
|
description: Examine images to identify and extract text using optical character
|
|
recognition (OCR).
|
|
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/general
|
|
anchor: tesseract-ocr
|
|
website: https://github.com/tesseract-ocr/tesseract
|
|
- name: texteditor.py
|
|
id: texteditor-py
|
|
category: General Utilities
|
|
category_path: general+utilities
|
|
description: Edit text files from the command line using search-and-replace commands.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/general+utilities
|
|
anchor: texteditor.py
|
|
website: https://blog.didierstevens.com/2021/07/05/new-tool-texteditor-py/
|
|
- name: thefuzz
|
|
id: thefuzz
|
|
category: Examine Static Properties > General
|
|
category_path: examine+static+properties/general
|
|
description: Fuzzy String Matching in Python.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
|
|
anchor: thefuzz
|
|
website: https://github.com/seatgeek/thefuzz
|
|
- name: thug
|
|
id: thug
|
|
category: Explore Network Interactions > Connecting
|
|
category_path: explore+network+interactions/connecting
|
|
description: Examine suspicious website using this low-interaction honeyclient.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/connecting
|
|
anchor: thug
|
|
website: https://github.com/buffer/thug
|
|
- name: time-decode
|
|
id: time-decode
|
|
category: Gather and Analyze Data
|
|
category_path: gather+and+analyze+data
|
|
description: Decode and encode date and timestamps.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data
|
|
anchor: time-decode
|
|
website: https://github.com/digitalsleuth/time_decode
|
|
- name: tor
|
|
id: tor
|
|
category: Explore Network Interactions > Connecting
|
|
category_path: explore+network+interactions/connecting
|
|
description: Obfuscate your origins by routing traffic through a network of anonymizing
|
|
nodes.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/connecting
|
|
anchor: tor
|
|
website: https://www.torproject.org
|
|
- name: translate.py
|
|
id: translate-py
|
|
category: Examine Static Properties > Deobfuscation
|
|
category_path: examine+static+properties/deobfuscation
|
|
description: Translate bytes according to a Python expression.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
|
|
anchor: translate.py
|
|
website: https://blog.didierstevens.com/programs/translate/
|
|
- name: TrID
|
|
id: trid
|
|
category: Examine Static Properties > General
|
|
category_path: examine+static+properties/general
|
|
description: Identify file type using signatures.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
|
|
anchor: trid
|
|
website: https://mark0.net/soft-trid-e.html
|
|
additional_categories:
|
|
- Statically Analyze Code > Unpacking
|
|
- name: tshark
|
|
id: tshark
|
|
category: Explore Network Interactions > Monitoring
|
|
category_path: explore+network+interactions/monitoring
|
|
description: Capture and analyze network traffic with this console-based sniffer.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring
|
|
anchor: tshark
|
|
website: https://www.wireshark.org
|
|
- name: uncompyle6
|
|
id: uncompyle6
|
|
category: Statically Analyze Code > Python
|
|
category_path: statically+analyze+code/python
|
|
description: Python cross-version bytecode decompiler for Python 1.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/python
|
|
anchor: uncompyle6
|
|
website: https://github.com/rocky/python-uncompyle6
|
|
- name: Unfurl
|
|
id: unfurl
|
|
category: Explore Network Interactions > Connecting
|
|
category_path: explore+network+interactions/connecting
|
|
description: Deconstruct and decode data from a URL.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/connecting
|
|
anchor: unfurl
|
|
website: https://github.com/obsidianforensics/unfurl
|
|
- name: Unhide
|
|
id: unhide
|
|
category: Investigate System Interactions
|
|
category_path: investigate+system+interactions
|
|
description: Find hidden processes or connections on the local Linux system.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/investigate+system+interactions
|
|
anchor: unhide
|
|
website: http://www.unhide-forensics.info
|
|
- name: unicode
|
|
id: unicode
|
|
category: Examine Static Properties > Deobfuscation
|
|
category_path: examine+static+properties/deobfuscation
|
|
description: Display Unicode character properties.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
|
|
anchor: unicode
|
|
website: https://github.com/garabik/unicode
|
|
- name: unrar-free
|
|
id: unrar-free
|
|
category: General Utilities
|
|
category_path: general+utilities
|
|
description: Decompress files using a variety of algorithms.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/general+utilities
|
|
anchor: unrar-free
|
|
website: https://www.rarlab.com
|
|
- name: unXOR
|
|
id: unxor
|
|
category: Examine Static Properties > Deobfuscation
|
|
category_path: examine+static+properties/deobfuscation
|
|
description: Deobfuscate XOR'ed files.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
|
|
anchor: unxor
|
|
website: https://github.com/tomchop/unxor/
|
|
- name: UPX
|
|
id: upx
|
|
category: Statically Analyze Code > Unpacking
|
|
category_path: statically+analyze+code/unpacking
|
|
description: Pack and unpack PE files.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/unpacking
|
|
anchor: upx
|
|
website: https://upx.github.io
|
|
- name: VBinDiff
|
|
id: vbindiff
|
|
category: View or Edit Files
|
|
category_path: view+or+edit+files
|
|
description: Compare binary files.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/view+or+edit+files
|
|
anchor: vbindiff
|
|
website: https://www.cjmweb.net/vbindiff/
|
|
- name: virustotal-search
|
|
id: virustotal-search
|
|
category: Gather and Analyze Data
|
|
category_path: gather+and+analyze+data
|
|
description: Search VirusTotal for file hashes.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data
|
|
anchor: virustotal-search
|
|
website: https://blog.didierstevens.com/programs/virustotal-tools/
|
|
- name: virustotal-submit
|
|
id: virustotal-submit
|
|
category: Gather and Analyze Data
|
|
category_path: gather+and+analyze+data
|
|
description: Submit files to VirusTotal.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data
|
|
anchor: virustotal-submit
|
|
website: https://blog.didierstevens.com/programs/virustotal-tools/
|
|
- name: Visual Studio Code
|
|
id: visual-studio-code
|
|
category: View or Edit Files
|
|
category_path: view+or+edit+files
|
|
description: Powerful source code editor.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/view+or+edit+files
|
|
anchor: visual-studio-code
|
|
website: https://code.visualstudio.com/
|
|
- name: Vivisect
|
|
id: vivisect
|
|
category: Statically Analyze Code > General
|
|
category_path: statically+analyze+code/general
|
|
description: Statically examine and emulate binary files.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/general
|
|
anchor: vivisect
|
|
website: https://github.com/vivisect/vivisect
|
|
- name: Volatility Framework
|
|
id: volatility-framework
|
|
category: Perform Memory Forensics
|
|
category_path: perform+memory+forensics
|
|
description: Memory forensics tool and framework.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/perform+memory+forensics
|
|
anchor: volatility-framework
|
|
website: https://github.com/volatilityfoundation/volatility3
|
|
- name: Wine
|
|
id: wine
|
|
category: Dynamically Reverse-Engineer Code > General
|
|
category_path: dynamically+reverse-engineer+code/general
|
|
description: Run Windows applications.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/general
|
|
anchor: wine
|
|
website: https://www.winehq.org
|
|
additional_categories:
|
|
- General Utilities
|
|
- name: wireshark
|
|
id: wireshark
|
|
category: Explore Network Interactions > Monitoring
|
|
category_path: explore+network+interactions/monitoring
|
|
description: Capture and analyze network traffic with this sniffer.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring
|
|
anchor: wireshark
|
|
website: https://www.wireshark.org
|
|
- name: wxHexEditor
|
|
id: wxhexeditor
|
|
category: Examine Static Properties > General
|
|
category_path: examine+static+properties/general
|
|
description: Hex editor.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
|
|
anchor: wxhexeditor
|
|
website: https://sourceforge.net/projects/wxhexeditor/
|
|
additional_categories:
|
|
- View or Edit Files
|
|
- name: XLMMacroDeobfuscator
|
|
id: xlmmacrodeobfuscator
|
|
category: Analyze Documents > Microsoft Office
|
|
category_path: analyze+documents/microsoft+office
|
|
description: Deobfuscate XLM macros (also known as Excel 4.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office
|
|
anchor: xlmmacrodeobfuscator
|
|
website: https://github.com/DissectMalware/XLMMacroDeobfuscator
|
|
- name: xmldump.py
|
|
id: xmldump-py
|
|
category: Analyze Documents > Microsoft Office
|
|
category_path: analyze+documents/microsoft+office
|
|
description: Extract contents of XML files, in particular OOXML-formatted Microsoft
|
|
Office documents.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office
|
|
anchor: xmldump.py
|
|
website: https://blog.didierstevens.com/2017/12/18/new-tool-xmldump-py/
|
|
- name: xor-kpa.py
|
|
id: xor-kpa-py
|
|
category: Examine Static Properties > Deobfuscation
|
|
category_path: examine+static+properties/deobfuscation
|
|
description: Implement a XOR known plaintext attack.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
|
|
anchor: xor-kpa.py
|
|
website: https://blog.didierstevens.com/2017/06/06/update-xor-kpa-py-version-0-0-5/
|
|
- name: xorBruteForcer.py
|
|
id: xorbruteforcer-py
|
|
category: Examine Static Properties > Deobfuscation
|
|
category_path: examine+static+properties/deobfuscation
|
|
description: Bruteforce an XOR-encoded file.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
|
|
anchor: xorbruteforcer.py
|
|
website: https://eternal-todo.com/category/bruteforcer
|
|
- name: XORSearch
|
|
id: xorsearch
|
|
category: Examine Static Properties > Deobfuscation
|
|
category_path: examine+static+properties/deobfuscation
|
|
description: Locate and decode strings obfuscated using common techniques.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
|
|
anchor: xorsearch
|
|
website: https://blog.didierstevens.com/programs/xorsearch/
|
|
additional_categories:
|
|
- Dynamically Reverse-Engineer Code > Shellcode
|
|
- name: xorsearch.py
|
|
id: xorsearch-py
|
|
category: Examine Static Properties > Deobfuscation
|
|
category_path: examine+static+properties/deobfuscation
|
|
description: Search for XOR, ROL, ROT, and SHIFT encoded strings with YARA and regex
|
|
support.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
|
|
anchor: xorsearch.py
|
|
website: https://blog.didierstevens.com/2020/08/23/new-tool-xorsearch-py/
|
|
- name: XORStrings
|
|
id: xorstrings
|
|
category: Examine Static Properties > Deobfuscation
|
|
category_path: examine+static+properties/deobfuscation
|
|
description: Search for XOR encoded strings in a file.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
|
|
anchor: xorstrings
|
|
website: https://blog.didierstevens.com/2013/04/15/new-tool-xorstrings/
|
|
- name: xortool
|
|
id: xortool
|
|
category: Examine Static Properties > Deobfuscation
|
|
category_path: examine+static+properties/deobfuscation
|
|
description: Analyze XOR-encoded data.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
|
|
anchor: xortool
|
|
website: https://github.com/hellman/xortool
|
|
- name: Yara
|
|
id: yara
|
|
category: Gather and Analyze Data
|
|
category_path: gather+and+analyze+data
|
|
description: Identify and classify malware samples using Yara rules.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data
|
|
anchor: yara
|
|
website: https://virustotal.github.io/yara/
|
|
- name: YARA-Forge Rules
|
|
id: yara-forge-rules
|
|
category: Examine Static Properties > General
|
|
category_path: examine+static+properties/general
|
|
description: Scan files with curated YARA rules from 45+ sources for malware family
|
|
identification.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
|
|
anchor: yara-forge-rules
|
|
website: https://yarahq.github.io/
|
|
- name: Yara Rules
|
|
id: yara-rules
|
|
category: Examine Static Properties > General
|
|
category_path: examine+static+properties/general
|
|
description: Scan a file with YARA rules to identify capabilities and behaviors
|
|
(packer detection, anti-debug, networking).
|
|
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
|
|
anchor: yara-rules
|
|
website: https://github.com/Yara-Rules/rules
|
|
- name: YARA-X
|
|
id: yara-x
|
|
category: Gather and Analyze Data
|
|
category_path: gather+and+analyze+data
|
|
description: Scan files using YARA rules, the next generation of YARA written in
|
|
Rust.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data
|
|
anchor: yara-x
|
|
website: https://github.com/VirusTotal/yara-x
|
|
- name: zbarimg
|
|
id: zbarimg
|
|
category: Explore Network Interactions > Connecting
|
|
category_path: explore+network+interactions/connecting
|
|
description: Decode QR codes and barcodes from image files.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/connecting
|
|
anchor: zbarimg
|
|
website: https://github.com/mchehab/zbar
|
|
- name: zipdump.py
|
|
id: zipdump-py
|
|
category: Analyze Documents > Microsoft Office
|
|
category_path: analyze+documents/microsoft+office
|
|
description: Analyze zip-compressed files.
|
|
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office
|
|
anchor: zipdump.py
|
|
website: https://blog.didierstevens.com/2020/07/27/update-zipdump-py-version-0-0-20/
|