docker_file_analysis

REMnux-Based File Analysis Container

This container is now based on the REMnux malware analysis toolkit, providing a comprehensive set of tools for file analysis, especially PDFs and malware samples.

Usage

# REMnux-based version
docker build -f Dockerfile.remnux -t tabledevil/file-analysis:remnux .
docker run -it --rm -v "$(pwd):/data" tabledevil/file-analysis:remnux

# Original Kali-based version (legacy)
docker run -it --rm -v "$(pwd):/data" tabledevil/file-analysis

Included Tools (REMnux Base + Additional)

PDF Analysis Suite (from REMnux)

• peepdf - PDF analysis framework with JavaScript detection
• pdf-parser.py - Extract and analyze PDF elements (Didier Stevens)
• pdfid.py - Quick PDF structure overview (Didier Stevens)
• origami - Ruby gem suite (pdfcop, pdfextract, pdfmetadata)
• pdftk-java - PDF manipulation and flattening
• qpdf - PDF manipulation (merge, convert, transform)
• pdfresurrect - Extract previous versions from PDFs
• pdftool - Analyze PDF incremental updates

Malware Analysis (Additional)

• capa - Malware capability detection (Mandiant)
• box-js - JavaScript sandbox analysis
• oletools - Office document analysis suite
  • oledump.py
  • rtfdump.py
  • emldump.py
  • and more

Data Analysis & Utilities (Additional)

• visidata - Data exploration and analysis
• unfurl - URL and data analysis (DFIR)
• base64dump - Base64 decoder (Didier Stevens)
• tesseract - OCR text extraction
• exiftool - Metadata extraction

System Tools

• mc - Midnight Commander file manager
• p7zip-full - Archive utilities
• All standard REMnux tools and utilities