irt/docker_file_analysis
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
1d2427415eac4f4681d32dc6397b7a145ac5a958
docker_file_analysis/data/remnux/tools-master.yaml
T
tobias f3ccc09c3d Add FOR610 tool/workflow knowledge base and data pipeline 
Build comprehensive malware analysis knowledge base from 3 sources:
- SANS FOR610 course: 120 tools, 47 labs, 15 workflows, 27 recipes
- REMnux salt-states: 340 packages parsed from GitHub
- REMnux docs: 280+ tools scraped from docs.remnux.org

Master inventory merges all sources into 447 tools with help tiers
(rich/standard/basic). Pipeline generates: tools.db (397 entries),
397 cheatsheets with multi-tool recipes, 15 workflow guides, 224
TLDR pages, and coverage reports.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-28 17:38:15 +01:00

11824 lines
303 KiB
YAML
Raw Blame History

metadata:
total_tools: 447
in_remnux_count: 397
help_tier_counts:
rich: 156
standard: 118
basic: 173
source_coverage:
for610_only: 58
remnux_docs_only: 51
salt_states_only: 173
all_three: 65
for610_and_docs: 92
for610_and_salt: 71
docs_and_salt: 132
no_coverage: 0
tools:
- id: 1768-py
name: 1768.py
aliases: []
description: Parse Cobalt Strike beacon configuration from shellcode or memory dumps
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Parse Cobalt Strike beacon configuration from shellcode or memory
dumps
category: yara-detection
labs:
- '3.4'
sections:
- 3
typical_usage:
- 1768.py shellcode.bin
tags:
- cobalt-strike
- beacon
- c2-config
- didier-stevens
author: Didier Stevens
salt_states:
covered: false
remnux_docs:
covered: true
category: Examine Static Properties > Deobfuscation
description: Analyze Cobalt Strike beacons.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
website: https://blog.didierstevens.com/2021/05/22/update-1768-py-version-0-0-6/
anchor: id-1768.py
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: false
help_tier: rich
- id: 7-zip
name: 7-Zip
aliases: []
description: Compress and decompress files using a variety of algorithms.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: Examine Static Properties > General
description: Compress and decompress files using a variety of algorithms.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
website: https://www.7-zip.org
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: 7zip
name: 7zip
aliases:
- remnux-packages-p7zip-full
- remnux-packages-7zz
- p7zip-full
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: remnux-packages-p7zip-full
salt_state_path: remnux/packages/7zip.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: aeskeyfind
name: aeskeyfind
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: aeskeyfind
salt_state_path: remnux/packages/aeskeyfind.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: aeskeyfinder
name: AESKeyFinder
aliases: []
description: Find 128-bit and 256-bit AES keys in a memory image.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: Perform Memory Forensics
description: Find 128-bit and 256-bit AES keys in a memory image.
docs_url: https://docs.remnux.org/discover-the-tools/perform+memory+forensics
website: https://citp.princeton.edu/our-work/memory/
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: amsiscriptcontentretrieval
name: AMSIScriptContentRetrieval
aliases: []
description: Extract monitored script content from AMSI Event Trace logs
in_remnux: false
platform: windows
sources:
for610:
covered: true
description: Extract monitored script content from AMSI Event Trace logs
category: powershell-analysis
labs:
- '3.6'
sections:
- 3
typical_usage:
- AMSIScriptContentRetrieval AMSITrace.etl > output.txt
tags:
- amsi
- script-extraction
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: androguard
name: androguard
aliases:
- remnux-python3-packages-androguard
description: Analyze Android APK files — extract permissions, activities, intents,
and decompile DEX code
in_remnux: true
platform: linux
sources:
for610:
covered: true
typical_usage:
- androguard analyze <app.apk>
- androguard decompile -o output/ <app.apk>
- androgui.py <app.apk>
tags:
- android
- apk
- permissions
- decompilation
description: Analyze Android APK files — extract permissions, activities, intents,
and decompile DEX code
salt_states:
covered: true
install_method: pip
package_name: remnux-python3-packages-androguard
salt_state_path: remnux/python3-packages/androguard.sls
remnux_docs:
covered: true
category: Statically Analyze Code > Android
description: Examine Android files.
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/android
website: https://github.com/androguard/androguard
anchor: androguard
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: android-project-creator
name: android-project-creator
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: unknown
package_name: android-project-creator
salt_state_path: remnux/config/android-project-creator.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: androidprojectcreator
name: AndroidProjectCreator
aliases: []
description: Convert an Android APK application file into an Android Studio project
for easier analysis.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: Statically Analyze Code > Android
description: Convert an Android APK application file into an Android Studio
project for easier analysis.
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/android
website: https://maxkersten.nl/projects/androidprojectcreator
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: anomy
name: anomy
aliases: []
description: A wrapper around wget, ssh, sftp, ftp, and telnet to route these connections
through Tor to anonymize your traffic.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: script
package_name: anomy
salt_state_path: remnux/scripts/anomy.sls
remnux_docs:
covered: true
category: Explore Network Interactions > Connecting
description: A wrapper around wget, ssh, sftp, ftp, and telnet to route these
connections through Tor to anonymize your traffic.
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/connecting
website: https://github.com/izm1chael/Anomy
anchor: anomy
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: any-run
name: Any.run
aliases: []
description: Interactive online malware analysis sandbox with real-time process
monitoring
in_remnux: false
platform: online
sources:
for610:
covered: true
description: Interactive online malware analysis sandbox with real-time process
monitoring
category: online-platforms
labs: []
sections:
- 1
typical_usage:
- https://any.run
tags:
- sandbox
- interactive
- real-time
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: api-monitor
name: API Monitor
aliases: []
description: Monitor and record API calls made by processes
in_remnux: false
platform: windows
sources:
for610:
covered: true
description: Monitor and record API calls made by processes
category: behavioral-analysis
labs: []
sections:
- 1
typical_usage:
- apimonitor-x64.exe
tags:
- api-calls
- monitoring
- dynamic-analysis
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: apkid
name: apkid
aliases:
- remnux-python3-packages-apkid
description: Identify compilers, packers, and obfuscators used to protect Android
APK and DEX files.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: pip
package_name: remnux-python3-packages-apkid
salt_state_path: remnux/python3-packages/apkid.sls
remnux_docs:
covered: true
category: Statically Analyze Code > Android
description: Identify compilers, packers, and obfuscators used to protect Android
APK and DEX files.
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/android
website: https://github.com/rednaga/APKiD
anchor: apkid
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: apktool
name: apktool
aliases: []
description: Decompile and recompile Android APK files — extract resources, smali
code, and manifest
in_remnux: true
platform: linux
sources:
for610:
covered: true
typical_usage:
- apktool d <app.apk> -o output/
- apktool b output/ -o rebuilt.apk
tags:
- android
- apk
- decompilation
- resources
description: Decompile and recompile Android APK files — extract resources,
smali code, and manifest
salt_states:
covered: true
install_method: manual
package_name: apktool
salt_state_path: remnux/tools/apktool.sls
remnux_docs:
covered: true
category: Statically Analyze Code > Android
description: Reverse-engineer Android APK files.
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/android
website: https://ibotpeaches.github.io/Apktool/
anchor: apktool
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: apt-utils
name: apt-utils
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: apt-utils
salt_state_path: remnux/packages/apt-utils.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: archive-zip
name: archive-zip
aliases:
- cpan
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: perl
package_name: cpan
salt_state_path: remnux/perl-packages/ole-storagelite.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: autoconf
name: autoconf
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: autoconf
salt_state_path: remnux/packages/autoconf.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: autoit-ripper
name: autoit-ripper
aliases:
- remnux-python3-packages-autoit-ripper-install
description: Extract AutoIt scripts embedded in PE binaries.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: pip
package_name: remnux-python3-packages-autoit-ripper-install
salt_state_path: remnux/python3-packages/autoit-ripper.sls
remnux_docs:
covered: true
category: Statically Analyze Code > Scripts
description: Extract AutoIt scripts embedded in PE binaries.
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/scripts
website: https://github.com/nazywam/AutoIt-Ripper
anchor: autoit-ripper
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: autologin
name: autologin
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: unknown
package_name: autologin
salt_state_path: remnux/theme/autologin.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: automake
name: automake
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: automake
salt_state_path: remnux/packages/automake.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: autoruns
name: Autoruns
aliases: []
description: View and manage all autostart locations — startup programs, services,
drivers, scheduled tasks
in_remnux: false
platform: windows
sources:
for610:
covered: true
description: View and manage all autostart locations — startup programs, services,
drivers, scheduled tasks
category: behavioral-analysis
labs: []
sections:
- 1
typical_usage:
- Autoruns.exe
tags:
- persistence
- autostart
- startup
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: baksmali
name: baksmali
aliases: []
description: Disassembler for the dex format used by Dalvik, Android&#x27;s Java
VM implementation.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: baksmali
salt_state_path: remnux/packages/baksmali.sls
remnux_docs:
covered: true
category: Statically Analyze Code > Android
description: Disassembler for the dex format used by Dalvik, Android&#x27;s
Java VM implementation.
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/android
website: https://bitbucket.org/JesusFreke/smali
anchor: baksmali
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: balbuzard
name: balbuzard
aliases:
- remnux-python3-packages-balbuzard-install
- balbuzard-3
- '{{'
description: Extract and deobfuscate patterns from suspicious files.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: pip
package_name: remnux-python3-packages-debloat
salt_state_path: remnux/python3-packages/debloat.sls
remnux_docs:
covered: true
category: Examine Static Properties > Deobfuscation
description: Extract and deobfuscate patterns from suspicious files.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
website: https://github.com/digitalsleuth/balbuzard
anchor: balbuzard
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: base64dump-py
name: base64dump.py
aliases:
- base64dump
description: Extract and decode Base64-encoded strings from files
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Extract and decode Base64-encoded strings from files
category: document-analysis
labs:
- '3.4'
- '4.5'
sections:
- 3
- 4
typical_usage:
- base64dump.py file.txt
- base64dump.py file.ps1 -n 10
- base64dump.py file.ps1 -s 2 -d
tags:
- base64
- decoding
- didier-stevens
author: Didier Stevens
salt_states:
covered: false
remnux_docs:
covered: true
category: Examine Static Properties > Deobfuscation
description: Locate and decode strings encoded in Base64 and other common encodings.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
website: https://blog.didierstevens.com/2020/07/03/update-base64dump-py-version-0-0-12/
anchor: base64dump.py
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: false
help_tier: rich
- id: bash-history
name: bash-history
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: unknown
package_name: bash-history
salt_state_path: remnux/config/bash-history.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: bash-rc
name: bash-rc
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: unknown
package_name: bash-rc
salt_state_path: remnux/config/bash-rc.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: bbcrack
name: bbcrack
aliases: []
description: Detect and decode strings obfuscated with XOR, ROL, and ADD algorithms
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Detect and decode strings obfuscated with XOR, ROL, and ADD algorithms
category: string-deobfuscation
labs:
- '5.2'
sections:
- 5
typical_usage:
- bbcrack -l 1 specimen.dll
tags:
- xor
- rol
- add
- deobfuscation
- balbuzard
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: bearparser
name: bearparser
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: bearparser
salt_state_path: remnux/packages/bearparser.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: binary-ninja
name: Binary Ninja
aliases: []
description: Commercial disassembler with strong automated analysis and scripting
in_remnux: false
platform: both
sources:
for610:
covered: true
description: Commercial disassembler with strong automated analysis and scripting
category: code-analysis
labs: []
sections:
- 2
typical_usage:
- binaryninja specimen.exe
tags:
- disassembly
- commercial
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: binee
name: binee
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: unknown
package_name: binee
salt_state_path: remnux/config/binee.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: binee-binary-emulation-environment
name: binee (Binary Emulation Environment)
aliases: []
description: Analyze I/O operations of a suspicious PE file by emulating its execution.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: Statically Analyze Code > PE Files
description: Analyze I/O operations of a suspicious PE file by emulating its
execution.
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/pe-files
website: https://github.com/carbonblack/binee
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: binutils
name: binutils
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: binutils
salt_state_path: remnux/packages/binutils.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: binwalk
name: binwalk
aliases: []
description: Analyze and extract embedded files and firmware images
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Analyze and extract embedded files and firmware images
category: utilities
labs: []
sections:
- 1
typical_usage:
- binwalk firmware.bin
- binwalk -e firmware.bin
tags:
- firmware
- extraction
- embedded-files
salt_states:
covered: true
install_method: apt
package_name: binwalk
salt_state_path: remnux/packages/binwalk.sls
remnux_docs:
covered: true
category: Examine Static Properties > General
description: Extract and analyze firmware images.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
website: https://github.com/ReFirmLabs/binwalk
anchor: binwalk
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: box-js
name: box-js
aliases: []
description: JavaScript sandbox for analyzing malicious scripts by emulating browser/WScript
APIs
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: JavaScript sandbox for analyzing malicious scripts by emulating
browser/WScript APIs
category: emulation
labs: []
sections:
- 3
typical_usage:
- box-js --output-dir=/tmp suspicious.js
tags:
- javascript
- sandbox
- emulation
salt_states:
covered: true
install_method: npm
package_name: box-js
salt_state_path: remnux/node-packages/box-js.sls
remnux_docs:
covered: true
category: Dynamically Reverse-Engineer Code > Scripts
description: Analyze suspicious JavaScript scripts.
docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/scripts
website: https://github.com/CapacitorSet/box-js
anchor: box-js
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: brxor-py
name: brxor.py
aliases: []
description: Brute-force XOR key detection for single-byte XOR-encoded strings
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Brute-force XOR key detection for single-byte XOR-encoded strings
category: string-deobfuscation
labs:
- '5.2'
sections:
- 5
typical_usage:
- brxor.py specimen.dll
tags:
- xor
- brute-force
- deobfuscation
salt_states:
covered: true
install_method: pip
package_name: brxor.py
salt_state_path: remnux/python3-packages/brxor.sls
remnux_docs:
covered: true
category: Examine Static Properties > Deobfuscation
description: Bruteforce XOR&#x27;ed strings to find those that are English words.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
website: https://github.com/REMnux/distro/blob/master/files/brxor.py
anchor: brxor.py
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: build-essential
name: build-essential
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: build-essential
salt_state_path: remnux/packages/build-essential.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: bulk-extractor
name: bulk-extractor
aliases: []
description: Extract interesting strings from binary files.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: bulk-extractor
salt_state_path: remnux/packages/bulk-extractor.sls
remnux_docs:
covered: true
category: Examine Static Properties > General
description: Extract interesting strings from binary files.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
website: https://github.com/simsong/bulk_extractor/
anchor: bulk_extractor
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: bundler
name: bundler
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: bundler
salt_state_path: remnux/packages/bundler.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: burp-suite
name: Burp Suite
aliases:
- Burp
description: Web application security proxy for intercepting and modifying HTTP/HTTPS
traffic
in_remnux: false
platform: both
sources:
for610:
covered: true
description: Web application security proxy for intercepting and modifying HTTP/HTTPS
traffic
category: network-analysis
labs: []
sections:
- 3
typical_usage:
- burpsuite
tags:
- http
- https
- proxy
- web-security
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: burp-suite-community-edition
name: Burp Suite Community Edition
aliases: []
description: Investigate website interactions using this web proxy.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: Explore Network Interactions > Monitoring
description: Investigate website interactions using this web proxy.
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring
website: https://portswigger.net
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: burpsuite-community
name: burpsuite-community
aliases:
- remnux-packages-burpsuite-community
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: remnux-packages-burpsuite-community
salt_state_path: remnux/packages/burpsuite-community.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: bytehist
name: Bytehist
aliases: []
description: Generate byte-usage histograms to visually identify packed or encrypted
sections in binaries
in_remnux: true
platform: both
sources:
for610:
covered: true
description: Generate byte-usage histograms to visually identify packed or encrypted
sections in binaries
category: static-analysis-pe
labs: []
sections:
- 1
- 4
typical_usage:
- bytehist specimen.exe
tags:
- pe
- entropy
- packing-detection
- histogram
salt_states:
covered: true
install_method: manual
package_name: bytehist
salt_state_path: remnux/tools/bytehist.sls
remnux_docs:
covered: true
category: Statically Analyze Code > Unpacking
description: Generate byte-usage-histograms for all types of files with a focus
on PE files.
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/unpacking
website: https://www.cert.at/downloads/software/bytehist_en.html
anchor: bytehist
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: cabextract
name: cabextract
aliases: []
description: Extract Microsoft cabinet (cab) files.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: cabextract
salt_state_path: remnux/packages/cabextract.sls
remnux_docs:
covered: true
category: General Utilities
description: Extract Microsoft cabinet (cab) files.
docs_url: https://docs.remnux.org/discover-the-tools/general+utilities
website: https://www.cabextract.org.uk
anchor: cabextract
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: capa
name: capa
aliases: []
description: Identify malware capabilities mapped to MITRE ATT&CK framework and
Malware Behavior Catalog
in_remnux: true
platform: both
sources:
for610:
covered: true
description: Identify malware capabilities mapped to MITRE ATT&CK framework
and Malware Behavior Catalog
category: yara-detection
labs:
- '1.4'
- '5.4'
sections:
- 1
- 5
typical_usage:
- capa specimen.exe
- capa -vv specimen.exe
- capa -vv specimen.exe | grep -A7 'Suspended Process'
tags:
- capabilities
- mitre-attack
- automated-analysis
salt_states:
covered: true
install_method: manual
package_name: capa
salt_state_path: remnux/tools/capa.sls
remnux_docs:
covered: true
category: Statically Analyze Code > PE Files
description: Detect suspicious capabilities in PE files.
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/pe-files
website: https://github.com/mandiant/capa
anchor: capa
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: cape-sandbox
name: CAPE Sandbox
aliases:
- CAPE
description: Automated malware analysis sandbox with payload extraction and config
dumping
in_remnux: false
platform: online
sources:
for610:
covered: true
description: Automated malware analysis sandbox with payload extraction and
config dumping
category: online-platforms
labs: []
sections:
- 1
typical_usage:
- https://capesandbox.com
tags:
- sandbox
- automated
- payload-extraction
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: cast
name: cast
aliases:
- remnux-packages-cast
description: Install and manage SaltStack-based Linux distributions.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: remnux-packages-cast
salt_state_path: remnux/packages/cast.sls
remnux_docs:
covered: true
category: General Utilities
description: Install and manage SaltStack-based Linux distributions.
docs_url: https://docs.remnux.org/discover-the-tools/general+utilities
website: https://github.com/ekristen/cast
anchor: cast
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: cff-explorer
name: CFF Explorer
aliases: []
description: View and edit PE file headers, sections, imports, and resources
in_remnux: false
platform: windows
sources:
for610:
covered: true
description: View and edit PE file headers, sections, imports, and resources
category: static-analysis-pe
labs: []
sections:
- 1
typical_usage:
- CFF Explorer specimen.exe
tags:
- pe
- header-editing
- resources
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: cffi
name: cffi
aliases:
- remnux-python3-packages-cffi
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: pip
package_name: remnux-python3-packages-cffi
salt_state_path: remnux/python3-packages/cffi.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: cfr
name: cfr
aliases: []
description: Modern Java decompiler — handles Java 8+ features including lambdas
and try-with-resources
in_remnux: true
platform: linux
sources:
for610:
covered: true
typical_usage:
- cfr <file.jar> --outputdir output/
- cfr <file.class>
tags:
- java
- decompilation
- jar
description: Modern Java decompiler — handles Java 8+ features including lambdas
and try-with-resources
salt_states:
covered: true
install_method: manual
package_name: cfr
salt_state_path: remnux/tools/cfr.sls
remnux_docs:
covered: true
category: Statically Analyze Code > Java
description: Java decompiler.
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/java
website: https://www.benf.org/other/cfr/
anchor: cfr
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: chepy
name: chepy
aliases:
- remnux-python3-packages-chepy
- remnux-python3-packages-chepy-extras
- chepy[extras]
description: Decode and otherwise analyze data using this command-line tool and
Python library.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: pip
package_name: remnux-python3-packages-chepy
salt_state_path: remnux/python3-packages/chepy.sls
remnux_docs:
covered: true
category: Examine Static Properties > Deobfuscation
description: Decode and otherwise analyze data using this command-line tool
and Python library.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
website: https://github.com/securisec/chepy
anchor: chepy
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: clamav
name: ClamAV
aliases: []
description: Open-source antivirus — scan files for known malware signatures
in_remnux: true
platform: linux
sources:
for610:
covered: true
typical_usage:
- clamscan <sample>
- clamscan -r <directory>/
- freshclam
tags:
- antivirus
- scanning
- signatures
description: Open-source antivirus — scan files for known malware signatures
salt_states:
covered: false
remnux_docs:
covered: true
category: Examine Static Properties > General
description: Scan files for malware signatures.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
website: https://www.clamav.net
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: false
help_tier: rich
- id: clamav-daemon
name: clamav-daemon
aliases:
- clamav-freshclam
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: clamav-daemon
salt_state_path: remnux/packages/clamav-daemon.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: cobalt-strike-configuration-extractor-csce-and-parser
name: Cobalt Strike Configuration Extractor (CSCE) and Parser
aliases: []
description: Analyze Cobalt Strike beacons.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: Examine Static Properties > Deobfuscation
description: Analyze Cobalt Strike beacons.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
website: https://github.com/strozfriedberg/cobaltstrike-config-extractor
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: compatibility
name: compatibility
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: unknown
package_name: compatibility
salt_state_path: remnux/theme/compatibility.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: cs-analyze-processdump-py
name: cs-analyze-processdump.py
aliases: []
description: Analyze Cobalt Strike beacon process dumps for sleep mask encoding
in_remnux: true
platform: linux
sources:
for610:
covered: true
typical_usage:
- cs-analyze-processdump.py <process_dump>
tags:
- cobalt-strike
- sleep-mask
- memory
description: Analyze Cobalt Strike beacon process dumps for sleep mask encoding
salt_states:
covered: false
remnux_docs:
covered: true
category: Examine Static Properties > Deobfuscation
description: Analyze Cobalt Strike beacon process dumps to detect sleep mask
encoding.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
website: https://blog.didierstevens.com/2021/11/25/new-tool-cs-analyze-processdump-py/
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: false
help_tier: rich
- id: cs-decrypt-metadata-py
name: cs-decrypt-metadata.py
aliases: []
description: Decrypt Cobalt Strike beacon metadata from network captures
in_remnux: true
platform: linux
sources:
for610:
covered: true
typical_usage:
- cs-decrypt-metadata.py <metadata_hex>
tags:
- cobalt-strike
- decryption
- metadata
description: Decrypt Cobalt Strike beacon metadata from network captures
salt_states:
covered: false
remnux_docs:
covered: true
category: Examine Static Properties > Deobfuscation
description: Decrypt Cobalt Strike metadata.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
website: https://blog.didierstevens.com/2021/11/12/update-cs-decrypt-metadata-py-version-0-0-2/
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: false
help_tier: rich
- id: cs-extract-key-py
name: cs-extract-key.py
aliases: []
description: Extract AES and HMAC encryption keys from Cobalt Strike beacon process
memory dumps
in_remnux: true
platform: linux
sources:
for610:
covered: true
typical_usage:
- cs-extract-key.py -f <process_dump>
tags:
- cobalt-strike
- encryption
- key-extraction
description: Extract AES and HMAC encryption keys from Cobalt Strike beacon
process memory dumps
salt_states:
covered: false
remnux_docs:
covered: true
category: Examine Static Properties > Deobfuscation
description: Extract AES and HMAC keys from Cobalt Strike beacon process memory.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
website: https://blog.didierstevens.com/2021/11/03/new-tool-cs-extract-key-py/
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: false
help_tier: rich
- id: cs-parse-traffic-py
name: cs-parse-traffic.py
aliases: []
description: Decrypt and parse Cobalt Strike beacon network traffic using extracted
keys
in_remnux: true
platform: linux
sources:
for610:
covered: true
typical_usage:
- cs-parse-traffic.py -f <capture.pcap> -k <keys_file>
tags:
- cobalt-strike
- traffic
- decryption
description: Decrypt and parse Cobalt Strike beacon network traffic using extracted
keys
salt_states:
covered: false
remnux_docs:
covered: true
category: Explore Network Interactions > Monitoring
description: Decrypt and parse Cobalt Strike beacon network traffic.
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring
website: https://blog.didierstevens.com/2021/11/29/new-tool-cs-parse-traffic-py/
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: false
help_tier: rich
- id: cscript
name: CScript
aliases:
- cscript.exe
description: Windows Script Host command-line — execute JScript/VBScript for AMSI
monitoring
in_remnux: false
platform: windows
sources:
for610:
covered: true
description: Windows Script Host command-line — execute JScript/VBScript for
AMSI monitoring
category: javascript-analysis
labs:
- '3.6'
sections:
- 3
typical_usage:
- cscript malicious.js
tags:
- javascript
- vbscript
- windows-script-host
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: curl
name: curl
aliases: []
description: Transfer data to/from servers using various protocols
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Transfer data to/from servers using various protocols
category: utilities
labs: []
sections:
- 1
typical_usage:
- curl -L http://example.com
- curl -o output.bin http://example.com/file
tags:
- download
- http
- transfer
salt_states:
covered: true
install_method: apt
package_name: remnux-packages-curl
salt_state_path: remnux/packages/curl.sls
remnux_docs:
covered: true
category: Explore Network Interactions > Connecting
description: Interact with servers via supported protocols, including HTTP,
HTTPS, FTP, IMAP, etc.
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/connecting
website: https://curl.se
anchor: curl
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: cut-bytes-py
name: cut-bytes.py
aliases: []
description: Cut out a part of a data stream.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: Examine Static Properties > Deobfuscation
description: Cut out a part of a data stream.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
website: https://blog.didierstevens.com/2015/10/14/cut-bytes-py/
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: cutter
name: Cutter
aliases: []
description: Open-source reverse engineering platform — Qt-based GUI for radare2
in_remnux: true
platform: both
sources:
for610:
covered: true
description: Open-source reverse engineering platform — Qt-based GUI for radare2
category: code-analysis
labs: []
sections:
- 2
typical_usage:
- cutter specimen.exe
tags:
- disassembly
- radare2
- open-source
salt_states:
covered: true
install_method: manual
package_name: cutter
salt_state_path: remnux/tools/cutter.sls
remnux_docs:
covered: true
category: Statically Analyze Code > General
description: Reverse engineering platform powered by Rizin.
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/general
website: https://cutter.re
anchor: cutter
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: cyberchef
name: CyberChef
aliases: []
description: Web-based data transformation tool — decode Base64, XOR, hex, decompress,
and chain operations
in_remnux: true
platform: both
sources:
for610:
covered: true
description: Web-based data transformation tool — decode Base64, XOR, hex, decompress,
and chain operations
category: string-deobfuscation
labs:
- '1.5'
- '3.8'
- '3.12'
sections:
- 1
- 3
typical_usage:
- cyberchef
tags:
- decoding
- encoding
- transformation
- web-based
salt_states:
covered: true
install_method: manual
package_name: cyberchef
salt_state_path: remnux/tools/cyberchef.sls
remnux_docs:
covered: true
category: Examine Static Properties > Deobfuscation
description: Decode and otherwise analyze data using this browser app.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
website: https://github.com/gchq/CyberChef/
anchor: cyberchef
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: dc3-mwcp
name: dc3-mwcp
aliases:
- remnux-python3-packages-dc3-mwcp
- mwcp
description: DC3 Malware Configuration Parser — extract C2 configs from known malware
families
in_remnux: true
platform: linux
sources:
for610:
covered: true
typical_usage:
- mwcp parse <sample>
- mwcp parse -p Emotet <sample>
tags:
- malware
- config-extraction
- c2
description: DC3 Malware Configuration Parser — extract C2 configs from known
malware families
salt_states:
covered: true
install_method: pip
package_name: remnux-python3-packages-dc3-mwcp
salt_state_path: remnux/python3-packages/dc3-mwcp.sls
remnux_docs:
covered: true
category: Examine Static Properties > Deobfuscation
description: Parsing configuration information from malware.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
website: https://github.com/Defense-Cyber-Crime-Center/DC3-mwcp
anchor: dc3-mwcp
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: de4dot
name: de4dot
aliases: []
description: .NET deobfuscator — remove obfuscation from .NET assemblies
in_remnux: true
platform: both
sources:
for610:
covered: true
description: .NET deobfuscator — remove obfuscation from .NET assemblies
category: dotnet-analysis
labs:
- '4.8'
sections:
- 4
typical_usage:
- de4dot obfuscated.exe
tags:
- dotnet
- deobfuscation
salt_states:
covered: false
remnux_docs:
covered: true
category: Statically Analyze Code > .NET
description: Deobfuscate and unpack.
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/.net
website: https://github.com/0xd4d/de4dot
anchor: de4dot
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: false
help_tier: rich
- id: decode-vbe-py
name: decode-vbe.py
aliases: []
description: Decode encoded VBS scripts (VBE).
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: Statically Analyze Code > Scripts
description: Decode encoded VBS scripts (VBE).
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/scripts
website: https://blog.didierstevens.com/2016/03/29/decoding-vbe/
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: decompyle
name: Decompyle++
aliases: []
description: Python bytecode disassembler and decompiler.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: Statically Analyze Code > Python
description: Python bytecode disassembler and decompiler.
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/python
website: https://github.com/zrax/pycdc
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: default-jdk
name: default-jdk
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: default-jdk
salt_state_path: remnux/packages/default-jdk.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: default-jre
name: default-jre
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: default-jre
salt_state_path: remnux/packages/default-jre.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: dex2jar
name: dex2jar
aliases: []
description: Examine Dalvik Executable (dex) files.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: dex2jar
salt_state_path: remnux/packages/dex2jar.sls
remnux_docs:
covered: true
category: Statically Analyze Code > Android
description: Examine Dalvik Executable (dex) files.
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/android
website: https://github.com/pxb1988/dex2jar
anchor: dex2jar
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: dexray
name: dexray
aliases: []
description: Extract and decode data from antivirus quarantine files.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: script
package_name: dexray
salt_state_path: remnux/scripts/dexray.sls
remnux_docs:
covered: true
category: Gather and Analyze Data
description: Extract and decode data from antivirus quarantine files.
docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data
website: https://www.hexacorn.com/blog/category/software-releases/dexray/
anchor: dexray
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: dialog
name: dialog
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: dialog
salt_state_path: remnux/packages/dialog.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: didier-stevens-suite
name: didier-stevens-scripts
aliases:
- '{{'
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: pip
package_name: remnux-python3-packages-dissect-fusepy-prereq
salt_state_path: remnux/python3-packages/dissect.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: diec
name: diec
aliases:
- Detect It Easy
- DIE
description: Detect packers, compilers, and tools used to create executables
in_remnux: true
platform: both
sources:
for610:
covered: true
description: Detect packers, compilers, and tools used to create executables
category: static-analysis-pe
labs:
- '4.1'
sections:
- 1
- 4
typical_usage:
- diec specimen.exe
tags:
- pe
- packer-detection
- compiler-detection
salt_states:
covered: true
install_method: manual
package_name: remnux-tools-detect-it-easy-install
salt_state_path: remnux/tools/detect-it-easy.sls
remnux_docs:
covered: true
category: Examine Static Properties > General
description: Determine types of files and examine file properties.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
website: https://github.com/horsicq/Detect-It-Easy
anchor: detect-it-easy
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: disitool
name: disitool
aliases: []
description: Manipulate embedded digital signatures.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: Examine Static Properties > General
description: Manipulate embedded digital signatures.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
website: https://blog.didierstevens.com/programs/disitool/
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: display
name: display
aliases:
- set-scaling
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: unknown
package_name: set-scaling
salt_state_path: remnux/config/display.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: dissect
name: dissect
aliases: []
description: Perform a variety of forensics and incident response tasks using this
DFIR framework and toolset.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: Gather and Analyze Data
description: Perform a variety of forensics and incident response tasks using
this DFIR framework and toolset.
docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data
website: https://github.com/fox-it/dissect
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: distro-info
name: distro-info
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: pip
package_name: distro-info
salt_state_path: remnux/python3-packages/distro-info.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: dllcharacteristics
name: dllcharacteristics
aliases:
- dllcharacteristics.py
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: script
package_name: dllcharacteristics.py
salt_state_path: remnux/scripts/dllcharacteristics.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: dnfile
name: dnfile
aliases:
- remnux-python3-packages-dnfile
description: Analyze static properties of.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: pip
package_name: remnux-python3-packages-dnfile
salt_state_path: remnux/python3-packages/dnfile.sls
remnux_docs:
covered: true
category: Examine Static Properties > .NET
description: Analyze static properties of.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/.net
website: https://github.com/malwarefrank/dnfile
anchor: dnfile
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: dnslib
name: dnslib
aliases:
- remnux-python3-packages-dnslib
description: Python library to encode/decode DNS wire-format packets.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: pip
package_name: remnux-python3-packages-dnslib
salt_state_path: remnux/python3-packages/dnslib.sls
remnux_docs:
covered: true
category: Gather and Analyze Data
description: Python library to encode/decode DNS wire-format packets.
docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data
website: https://github.com/paulc/dnslib
anchor: dnslib
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: dnspyex
name: dnSpyEx
aliases:
- dnSpy
description: .NET debugger and decompiler — debug obfuscated/packed .NET malware
with breakpoints
in_remnux: false
platform: windows
sources:
for610:
covered: true
description: .NET debugger and decompiler — debug obfuscated/packed .NET malware
with breakpoints
category: dotnet-analysis
labs:
- '4.8'
sections:
- 4
typical_usage:
- dnSpyEx.exe assembly.exe
tags:
- dotnet
- debugger
- decompiler
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: dnsresolver-py
name: dnsresolver.py
aliases: []
description: DNS resolver tool for dynamic analysis with wildcard and tracking support.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: Explore Network Interactions > Services
description: DNS resolver tool for dynamic analysis with wildcard and tracking
support.
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/services
website: https://blog.didierstevens.com/2021/07/15/new-tool-dnsresolver-py/
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: docker
name: docker
aliases:
- docker-docker-ce
- docker-engine
- docker-ce
description: Run and manage containers.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: manual
package_name: docker-compose
salt_state_path: remnux/tools/docker-compose.sls
remnux_docs:
covered: true
category: General Utilities
description: Run and manage containers.
docs_url: https://docs.remnux.org/discover-the-tools/general+utilities
website: https://www.docker.com
anchor: docker
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: dog
name: dog
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: unknown
package_name: dog
salt_state_path: remnux/theme/dog.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: dos2unix
name: dos2unix
aliases: []
description: Convert text files with Windows or macOS line breaks to Unix line breaks
and vice versa.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: dos2unix
salt_state_path: remnux/packages/dos2unix.sls
remnux_docs:
covered: true
category: View or Edit Files
description: Convert text files with Windows or macOS line breaks to Unix line
breaks and vice versa.
docs_url: https://docs.remnux.org/discover-the-tools/view+or+edit+files
website: https://waterlan.home.xs4all.nl/dos2unix.html
anchor: dos2unix
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: dot-cache
name: dot-cache
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: unknown
package_name: dot-cache
salt_state_path: remnux/config/dot-cache.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: dot-config
name: dot-config
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: unknown
package_name: dot-config
salt_state_path: remnux/config/dot-config.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: dot-cpan
name: dot-cpan
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: unknown
package_name: dot-cpan
salt_state_path: remnux/config/dot-cpan.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: dot-dbus
name: dot-dbus
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: unknown
package_name: dot-dbus
salt_state_path: remnux/config/dot-dbus.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: dot-local
name: dot-local
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: unknown
package_name: dot-local
salt_state_path: remnux/config/dot-local.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: dotdumper
name: DotDumper
aliases: []
description: Execution monitor and memory extractor for automatic .NET malware unpacking
in_remnux: false
platform: windows
sources:
for610:
covered: true
description: Execution monitor and memory extractor for automatic .NET malware
unpacking
category: dotnet-analysis
labs: []
sections:
- 4
typical_usage:
- DotDumper.exe -file chatroom.exe
tags:
- dotnet
- unpacking
- memory-extraction
- automated
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: dotnet-runtime-3-1
name: dotnet-runtime-3-1
aliases:
- dotnet3
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: dotnet3
salt_state_path: remnux/packages/dotnet-runtime-3-1.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: dotnetfile
name: dotnetfile
aliases:
- dotnetfile_dump.py
description: Analyze static properties of.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: pip
package_name: dotnetfile_dump.py
salt_state_path: remnux/python3-packages/dotnetfile.sls
remnux_docs:
covered: true
category: Examine Static Properties > .NET
description: Analyze static properties of.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/.net
website: https://github.com/pan-unit42/dotnetfile
anchor: dotnetfile
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: dotpeek
name: dotPeek
aliases: []
description: Free JetBrains .NET decompiler — alternative to ILSpy for viewing .NET
source
in_remnux: false
platform: windows
sources:
for610:
covered: true
description: Free JetBrains .NET decompiler — alternative to ILSpy for viewing
.NET source
category: dotnet-analysis
labs: []
sections:
- 4
typical_usage:
- dotPeek.exe assembly.exe
tags:
- dotnet
- decompiler
- jetbrains
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: droidlysis
name: droidlysis
aliases:
- remnux-python3-packages-droidlysis
description: Perform static analysis of Android applications.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: pip
package_name: remnux-python3-packages-droidlysis
salt_state_path: remnux/python3-packages/droidlysis.sls
remnux_docs:
covered: true
category: Examine Static Properties > General
description: Perform static analysis of Android applications.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
website: https://github.com/cryptax/droidlysis
anchor: droidlysis
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: edb-debugger
name: edb-debugger
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: edb-debugger
salt_state_path: remnux/packages/edb-debugger.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: emldump-py
name: emldump.py
aliases:
- emldump
description: Parse and analyze EML email message files
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Parse and analyze EML email message files
category: document-analysis
labs: []
sections:
- 3
typical_usage:
- emldump.py message.eml
tags:
- email
- eml
- didier-stevens
author: Didier Stevens
salt_states:
covered: false
remnux_docs:
covered: true
category: Analyze Documents > Email Messages
description: Parse and analyze EML files.
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/email+messages
website: https://blog.didierstevens.com/2020/11/29/update-emldump-py-version-0-0-11/
anchor: emldump.py
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: false
help_tier: rich
- id: enchant
name: enchant
aliases:
- remnux-packages-enchant
- enchant-2
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: remnux-packages-enchant
salt_state_path: remnux/packages/enchant.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: epic-irc-client
name: EPIC IRC Client
aliases: []
description: Examine IRC activities with this IRC client.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: Explore Network Interactions > Connecting
description: Examine IRC activities with this IRC client.
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/connecting
website: https://www.epicsol.org/
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: epic5
name: epic5
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: epic5
salt_state_path: remnux/packages/epic5.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: evilclippy
name: evilclippy
aliases: []
description: Remove VBA project password protection and manipulate Office macro
settings
in_remnux: true
platform: both
sources:
for610:
covered: true
description: Remove VBA project password protection and manipulate Office macro
settings
category: document-analysis
labs: []
sections:
- 3
typical_usage:
- evilclippy -uu document.docm
tags:
- office
- vba
- password-removal
salt_states:
covered: true
install_method: apt
package_name: remnux-packages-evilclippy
salt_state_path: remnux/packages/evilclippy.sls
remnux_docs:
covered: true
category: Analyze Documents > Microsoft Office
description: Modify aspects of Microsoft Office documents.
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office
website: https://github.com/outflanknl/EvilClippy
anchor: evilclippy
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: evince
name: evince
aliases: []
description: View documents in a variety of formats, including PDF.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: evince
salt_state_path: remnux/packages/evince.sls
remnux_docs:
covered: true
category: View or Edit Files
description: View documents in a variety of formats, including PDF.
docs_url: https://docs.remnux.org/discover-the-tools/view+or+edit+files
website: https://wiki.gnome.org/Apps/Evince
anchor: evince
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: ex-pe-xor
name: ex-pe-xor
aliases:
- ex-pe-xor.py
description: Search an XOR&#x27;ed file for indications of executable binaries.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: script
package_name: ex-pe-xor.py
salt_state_path: remnux/scripts/ex-pe-xor.sls
remnux_docs:
covered: true
category: Examine Static Properties > Deobfuscation
description: Search an XOR&#x27;ed file for indications of executable binaries.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
website: https://hooked-on-mnemonics.blogspot.com/2014/04/expexorpy.html
anchor: ex_pe_xor.py
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: exeinfo-pe
name: ExeInfo PE
aliases:
- ExeInfoPE
- ExeInfo
description: Identify tools and packers used to create PE executables
in_remnux: false
platform: windows
sources:
for610:
covered: true
description: Identify tools and packers used to create PE executables
category: static-analysis-pe
labs:
- '3.12'
sections:
- 1
- 3
typical_usage:
- ExeInfoPE.exe specimen.exe
tags:
- pe
- packer-detection
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: exfat-utils
name: exfat-utils
aliases:
- remnux-packages-exfat-utils
- exfatprogs
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: remnux-packages-exfat-utils
salt_state_path: remnux/packages/exfat-utils.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: exiftool
name: exiftool
aliases: []
description: Extract metadata from files (PDF, images, documents, executables)
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Extract metadata from files (PDF, images, documents, executables)
category: static-analysis-pe
labs: []
sections:
- 1
typical_usage:
- exiftool document.pdf
- exiftool specimen.exe
tags:
- metadata
- triage
salt_states:
covered: true
install_method: perl
package_name: perl
salt_state_path: remnux/perl-packages/exiftool.sls
remnux_docs:
covered: true
category: Examine Static Properties > General
description: Tool to read from, write to, and edit EXIF metadata of various
file types.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
website: https://exiftool.org/
anchor: exiftool
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: fakedns
name: fakedns
aliases: []
description: Fake DNS server that resolves all queries to a specified IP for traffic
interception
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Fake DNS server that resolves all queries to a specified IP for
traffic interception
category: network-analysis
labs:
- '1.3'
- '1.6'
- '1.7'
- '1.8'
sections:
- 1
typical_usage:
- fakedns
tags:
- dns
- spoofing
- interception
- lab-setup
salt_states:
covered: true
install_method: manual
package_name: fakedns.py
salt_state_path: remnux/tools/fakedns.sls
remnux_docs:
covered: true
category: Explore Network Interactions > Services
description: Respond to DNS queries with the specified IP address.
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/services
website: https://github.com/SocialExploits/fakedns/blob/main/fakedns.py
anchor: fakedns
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: fakemail
name: fakemail
aliases:
- remnux-python3-packages-fakemail
description: Intercept and examine SMTP email activity with this fake SMTP server.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: pip
package_name: remnux-python3-packages-fakemail
salt_state_path: remnux/python3-packages/fakemail.sls
remnux_docs:
covered: true
category: Explore Network Interactions > Services
description: Intercept and examine SMTP email activity with this fake SMTP server.
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/services
website: https://hg.sr.ht/~olly/fakemail
anchor: fakemail
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: fakenet-ng
name: fakenet-ng
aliases:
- remnux-python3-package-fakenet-ng
- git+https://github.com/mandiant/flare-fakenet-ng.git@{{
- '{{'
description: Emulate network services (HTTP, DNS, SMTP, FTP) to intercept and analyze
malware traffic dynamically
in_remnux: true
platform: linux
sources:
for610:
covered: true
typical_usage:
- fakenet
- fakenet -c custom_config.ini
tags:
- network
- emulation
- dynamic-analysis
- c2
description: Emulate network services (HTTP, DNS, SMTP, FTP) to intercept and
analyze malware traffic dynamically
salt_states:
covered: true
install_method: pip
package_name: remnux-python3-packages-xlmmacrodeobfuscator
salt_state_path: remnux/python3-packages/xlmmacrodeobfuscator.sls
remnux_docs:
covered: true
category: Explore Network Interactions > Services
description: Emulate common network services and interact with malware.
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/services
website: https://github.com/mandiant/flare-fakenet-ng
anchor: fakenet-ng
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: feh
name: feh
aliases: []
description: Lightweight image viewer for viewing extracted images from documents
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Lightweight image viewer for viewing extracted images from documents
category: utilities
labs:
- '3.1'
sections:
- 3
typical_usage:
- feh extracted_image.jpg
tags:
- image-viewer
salt_states:
covered: true
install_method: apt
package_name: feh
salt_state_path: remnux/packages/feh.sls
remnux_docs:
covered: true
category: View or Edit Files
description: View images.
docs_url: https://docs.remnux.org/discover-the-tools/view+or+edit+files
website: https://feh.finalrewind.org
anchor: feh
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: fiddler
name: Fiddler
aliases: []
description: HTTP/HTTPS debugging proxy for intercepting, inspecting, and modifying
web traffic
in_remnux: false
platform: windows
sources:
for610:
covered: true
description: HTTP/HTTPS debugging proxy for intercepting, inspecting, and modifying
web traffic
category: network-analysis
labs:
- '3.2'
- '3.8'
- '3.9'
- '3.10'
- '3.11'
- '3.12'
- '4.5'
sections:
- 3
- 4
typical_usage:
- Fiddler.exe
tags:
- http
- https
- proxy
- web-traffic
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: file
name: file
aliases: []
description: Determine file type and MIME type using magic bytes
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Determine file type and MIME type using magic bytes
category: static-analysis-pe
labs:
- '3.4'
- '3.5'
sections:
- 3
typical_usage:
- file specimen.exe
- file document.doc
tags:
- file-identification
- triage
salt_states:
covered: true
install_method: apt
package_name: file
salt_state_path: remnux/packages/file.sls
remnux_docs:
covered: true
category: Examine Static Properties > General
description: Identify file type using &quot;magic&quot; numbers.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
website: https://github.com/file/file
anchor: file
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: file-magic-py
name: file-magic.py
aliases: []
description: Identify file types using the Python magic module.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: Examine Static Properties > General
description: Identify file types using the Python magic module.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
website: https://blog.didierstevens.com/2018/07/11/new-tool-file-magic-py/
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: filescan-io
name: FileScan.IO
aliases: []
description: Online malware analysis sandbox with multi-format support
in_remnux: false
platform: online
sources:
for610:
covered: true
description: Online malware analysis sandbox with multi-format support
category: online-platforms
labs: []
sections:
- 1
typical_usage:
- https://filescan.io
tags:
- sandbox
- online
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: firefox
name: firefox
aliases: []
description: Web browser.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: firefox
salt_state_path: remnux/packages/firefox.sls
remnux_docs:
covered: true
category: General Utilities
description: Web browser.
docs_url: https://docs.remnux.org/discover-the-tools/general+utilities
website: https://www.mozilla.org/firefox/
anchor: firefox
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: flare-floss
name: flare-floss
aliases:
- remnux-packages-flare-floss
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: remnux-packages-flare-floss
salt_state_path: remnux/packages/flare-floss.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: flex
name: flex
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: flex
salt_state_path: remnux/packages/flex.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: floss
name: FLOSS
aliases:
- floss
description: Automatically extract obfuscated strings from malware using static
analysis, stack strings, and emulation
in_remnux: true
platform: both
sources:
for610:
covered: true
description: Automatically extract obfuscated strings from malware using static
analysis, stack strings, and emulation
category: string-deobfuscation
labs:
- '5.2'
- '5.3'
sections:
- 5
typical_usage:
- floss specimen.exe
- floss specimen.exe > strings-output.txt
- floss --no-static -- specimen.exe
tags:
- strings
- deobfuscation
- automated
salt_states:
covered: false
remnux_docs:
covered: true
category: Examine Static Properties > Deobfuscation
description: Extract and deobfuscate strings from PE executables.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
website: https://github.com/mandiant/flare-floss
anchor: floss
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: false
help_tier: rich
- id: format-bytes-py
name: format-bytes.py
aliases: []
description: Decompose structured binary data with format strings.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: Examine Static Properties > Deobfuscation
description: Decompose structured binary data with format strings.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
website: https://blog.didierstevens.com/2020/02/17/update-format-bytes-py-version-0-0-13/
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: frida
name: Frida
aliases: []
description: Dynamic instrumentation toolkit — hook and trace running processes,
intercept function calls in real time
in_remnux: true
platform: linux
sources:
for610:
covered: true
typical_usage:
- frida -l hook.js <process_name>
- frida-trace -i 'recv*' <process_name>
- frida-ps -U
tags:
- dynamic
- instrumentation
- hooking
- tracing
description: Dynamic instrumentation toolkit — hook and trace running processes,
intercept function calls in real time
salt_states:
covered: false
remnux_docs:
covered: true
category: Dynamically Reverse-Engineer Code > General
description: Trace the execution of a process to analyze its behavior.
docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/general
website: https://frida.re
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: false
help_tier: rich
- id: galculator
name: galculator
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: galculator
salt_state_path: remnux/packages/galculator.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: gdb
name: gdb
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: gdb
salt_state_path: remnux/packages/gdb.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: gdm3
name: gdm3
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: unknown
package_name: gdm3
salt_state_path: remnux/theme/core/gdm3.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: ghidra
name: Ghidra
aliases: []
description: Open-source disassembler and decompiler from NSA with scripting, function
graphs, and data type management
in_remnux: true
platform: both
sources:
for610:
covered: true
description: Open-source disassembler and decompiler from NSA with scripting,
function graphs, and data type management
category: code-analysis
labs:
- '2.1'
- '2.2'
- '2.3'
- '2.4'
- '2.5'
- '2.6'
- '2.7'
- '2.8'
- '4.9'
- '5.2'
- '5.4'
- '5.5'
- '5.6'
- '5.7'
- '5.9'
sections:
- 2
- 4
- 5
typical_usage:
- ghidra
tags:
- disassembly
- decompilation
- code-analysis
- function-graph
salt_states:
covered: true
install_method: manual
package_name: ghidrassist-mcp
salt_state_path: remnux/tools/ghidrassist-mcp.sls
remnux_docs:
covered: true
category: Statically Analyze Code > General
description: Software reverse engineering tool suite.
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/general
website: https://ghidra-sre.org
anchor: ghidra
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: ghidrassistmcp
name: GhidrAssistMCP
aliases: []
description: MCP server for AI-assisted reverse engineering in Ghidra.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: Use Artificial Intelligence
description: MCP server for AI-assisted reverse engineering in Ghidra.
docs_url: https://docs.remnux.org/discover-the-tools/use+artificial+intelligence
website: https://github.com/jtang613/GhidrAssistMCP
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: gift
name: gift
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: unknown
package_name: gift
salt_state_path: remnux/repos/gift.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: git
name: git
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: git
salt_state_path: remnux/packages/git.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: gnome-calculator
name: GNOME Calculator
aliases: []
description: Calculator.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: General Utilities
description: Calculator.
docs_url: https://docs.remnux.org/discover-the-tools/general+utilities
website: https://wiki.gnome.org/Apps/Calculator
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: gnome-session
name: gnome-session
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: unknown
package_name: gnome-session
salt_state_path: remnux/theme/core/gnome-session.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: gnome-shell-extensions
name: gnome-shell-extensions
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: unknown
package_name: gnome-shell-extensions
salt_state_path: remnux/theme/core/gnome-shell-extensions.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: gnome-terminal
name: gnome-terminal
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: unknown
package_name: gnome-terminal
salt_state_path: remnux/theme/core/gnome-terminal.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: gnome-tweaks
name: gnome-tweaks
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: unknown
package_name: gnome-tweaks
salt_state_path: remnux/theme/core/gnome-tweaks.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: gnu-wget
name: GNU Wget
aliases: []
description: Interact with servers via HTTP, HTTPS, FTP, and FTPS using this command-line
tool.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: Explore Network Interactions > Connecting
description: Interact with servers via HTTP, HTTPS, FTP, and FTPS using this
command-line tool.
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/connecting
website: https://www.gnu.org/software/wget/
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: gnutls-bin
name: gnutls-bin
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: gnutls-bin
salt_state_path: remnux/packages/gnutls-bin.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: goresym
name: goresym
aliases:
- GoReSym
description: Extract metadata and symbols from Go binaries, including stripped ones.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: manual
package_name: GoReSym
salt_state_path: remnux/tools/goresym.sls
remnux_docs:
covered: true
category: Examine Static Properties > Go
description: Extract metadata and symbols from Go binaries, including stripped
ones.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/go
website: https://github.com/mandiant/GoReSym
anchor: goresym
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: graphviz
name: graphviz
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: graphviz
salt_state_path: remnux/packages/graphviz.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: grub-kvm
name: grub-kvm
aliases:
- update-grub
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: unknown
package_name: update-grub
salt_state_path: remnux/config/grub-kvm.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: guest-tools
name: guest-tools
aliases:
- open-vm-tools-desktop
- qemu-guest-agent
- spice-vdagent
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: manual
package_name: open-vm-tools-desktop
salt_state_path: remnux/theme/core/guest-tools.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: gunzip
name: gunzip
aliases: []
description: Decompress gzip-compressed data (often used in multi-stage payload
extraction)
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Decompress gzip-compressed data (often used in multi-stage payload
extraction)
category: utilities
labs:
- '3.4'
sections:
- 3
typical_usage:
- gunzip -c compressed.gz > output.bin
tags:
- compression
- extraction
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: hachoir
name: Hachoir
aliases: []
description: View, edit, and carve contents of various binary file types.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: Examine Static Properties > General
description: View, edit, and carve contents of various binary file types.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
website: https://github.com/vstinner/hachoir
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: hash-id
name: Hash ID
aliases: []
description: Identify different types of hashes.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: Examine Static Properties > General
description: Identify different types of hashes.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
website: https://github.com/blackploit/hash-identifier
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: hex-to-bin-py
name: hex-to-bin.py
aliases: []
description: Convert hexadecimal text dumps to binary data.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: Examine Static Properties > Deobfuscation
description: Convert hexadecimal text dumps to binary data.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
website: https://blog.didierstevens.com/2020/04/19/update-hex-to-bin-py-version-0-0-5/
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: hexdump
name: hexdump
aliases: []
description: Display file content in hexadecimal format
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Display file content in hexadecimal format
category: utilities
labs: []
sections:
- 1
typical_usage:
- hexdump -C binary.dat
tags:
- hex
- binary-viewing
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: httpd
name: httpd
aliases:
- accept-all-ips
description: Simple HTTP server on REMnux for simulating C2 web servers
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Simple HTTP server on REMnux for simulating C2 web servers
category: network-analysis
labs:
- '1.3'
- '1.6'
- '1.8'
sections:
- 1
typical_usage:
- httpd
tags:
- http
- web-server
- c2-simulation
- lab-setup
salt_states:
covered: true
install_method: script
package_name: accept-all-ips
salt_state_path: remnux/scripts/accept-all-ips.sls
remnux_docs:
covered: true
category: Explore Network Interactions > Services
description: Accept connections to all IPv4 and IPv6 addresses and redirect
it to the corresponding local port.
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/services
website: https://github.com/REMnux/distro/blob/master/files/accept-all-ips
anchor: accept-all-ips
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: hybrid-analysis
name: Hybrid Analysis
aliases: []
description: CrowdStrike automated sandbox for malware detonation and behavioral
reporting
in_remnux: false
platform: online
sources:
for610:
covered: true
description: CrowdStrike automated sandbox for malware detonation and behavioral
reporting
category: online-platforms
labs: []
sections:
- 1
typical_usage:
- https://hybrid-analysis.com
tags:
- sandbox
- behavioral
- crowdstrike
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: i386-architecture
name: i386-architecture
aliases:
- libc6
- i386
- dpkg
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: libc6
salt_state_path: remnux/packages/i386-architecture.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: ibus
name: ibus
aliases: []
description: Adjust input methods for the GUI.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: ibus
salt_state_path: remnux/packages/ibus.sls
remnux_docs:
covered: true
category: General Utilities
description: Adjust input methods for the GUI.
docs_url: https://docs.remnux.org/discover-the-tools/general+utilities
website: https://github.com/ibus/ibus
anchor: ibus
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: ida
name: IDA
aliases:
- IDA Pro
- IDA Freeware
description: Commercial interactive disassembler and debugger from Hex-Rays
in_remnux: false
platform: both
sources:
for610:
covered: true
description: Commercial interactive disassembler and debugger from Hex-Rays
category: code-analysis
labs: []
sections:
- 2
typical_usage:
- ida64.exe specimen.exe
tags:
- disassembly
- decompilation
- commercial
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: ilspy
name: ILSpy
aliases: []
description: .NET assembly decompiler — view C#/VB.NET source from compiled .NET
binaries
in_remnux: true
platform: windows
sources:
for610:
covered: true
description: .NET assembly decompiler — view C#/VB.NET source from compiled
.NET binaries
category: dotnet-analysis
labs:
- '3.12'
- '4.8'
sections:
- 3
- 4
typical_usage:
- ILSpy.exe assembly.exe
tags:
- dotnet
- decompiler
- csharp
salt_states:
covered: true
install_method: apt
package_name: ilspycmd
salt_state_path: remnux/packages/ilspy.sls
remnux_docs:
covered: true
category: Statically Analyze Code > .NET
description: Examine and decompile.
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/.net
website: https://github.com/icsharpcode/ILSpy
anchor: ilspy
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: ilspycmd
name: ilspycmd
aliases: []
description: Command-line .NET decompiler (CLI version of ILSpy)
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Command-line .NET decompiler (CLI version of ILSpy)
category: dotnet-analysis
labs:
- '4.8'
sections:
- 4
typical_usage:
- ilspycmd assembly.exe > decompiled.cs
tags:
- dotnet
- decompiler
- cli
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: imagemagick
name: imagemagick
aliases: []
description: View and manipulate image and related files.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: imagemagick
salt_state_path: remnux/packages/imagemagick.sls
remnux_docs:
covered: true
category: View or Edit Files
description: View and manipulate image and related files.
docs_url: https://docs.remnux.org/discover-the-tools/view+or+edit+files
website: https://imagemagick.org/
anchor: imagemagick
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: inetsim
name: INetSim
aliases: []
description: Emulate internet services (HTTP, HTTPS, DNS, FTP, SMTP) for malware
analysis in isolated labs
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Emulate internet services (HTTP, HTTPS, DNS, FTP, SMTP) for malware
analysis in isolated labs
category: network-analysis
labs:
- '1.7'
sections:
- 1
typical_usage:
- inetsim
tags:
- service-emulation
- network-simulation
- lab-setup
salt_states:
covered: true
install_method: apt
package_name: remnux-packages-inetsim
salt_state_path: remnux/packages/inetsim.sls
remnux_docs:
covered: true
category: Explore Network Interactions > Services
description: Emulate common network services and interact with malware.
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/services
website: https://www.inetsim.org/
anchor: inetsim
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: inspircd
name: inspircd
aliases:
- remnux-packages-inspircd-install
description: Examine IRC activity with this IRC server.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: remnux-packages-inspircd-install
salt_state_path: remnux/packages/inspircd.sls
remnux_docs:
covered: true
category: Explore Network Interactions > Services
description: Examine IRC activity with this IRC server.
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/services
website: https://www.inspircd.org/
anchor: inspircd-3
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: intezer-analyze
name: Intezer Analyze
aliases: []
description: Automated code analysis platform for malware classification using code
reuse detection
in_remnux: false
platform: online
sources:
for610:
covered: true
description: Automated code analysis platform for malware classification using
code reuse detection
category: online-platforms
labs: []
sections:
- 1
typical_usage:
- https://analyze.intezer.com
tags:
- code-reuse
- classification
- automated
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: ioc-parser
name: ioc-parser
aliases:
- remnux-python3-packages-ioc-parser
- git+https://github.com/buffer/ioc_parser.git
- iocp
description: Extract indicators of compromise (IOCs) from PDF reports and text files
in_remnux: true
platform: linux
sources:
for610:
covered: true
typical_usage:
- ioc_parser <report.pdf>
tags:
- ioc
- extraction
- threat-intel
description: Extract indicators of compromise (IOCs) from PDF reports and text
files
salt_states:
covered: true
install_method: pip
package_name: remnux-python3-packages-ioc-parser
salt_state_path: remnux/python3-packages/ioc-parser.sls
remnux_docs:
covered: true
category: Gather and Analyze Data
description: Extract IOCs from security report PDFs.
docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data
website: https://github.com/buffer/ioc_parser
anchor: ioc_parser
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: iproute2
name: iproute2
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: iproute2
salt_state_path: remnux/packages/iproute2.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: iptables
name: iptables
aliases: []
description: Linux firewall and NAT tool for redirecting IP-based malware traffic
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Linux firewall and NAT tool for redirecting IP-based malware traffic
category: network-analysis
labs:
- '1.8'
sections:
- 1
typical_usage:
- iptables -t nat -A PREROUTING -i ens32 -j REDIRECT
tags:
- firewall
- nat
- traffic-redirection
salt_states:
covered: true
install_method: apt
package_name: iptables
salt_state_path: remnux/packages/iptables.sls
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: true
help_tier: rich
- id: iputils-ping
name: iputils-ping
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: iputils-ping
salt_state_path: remnux/packages/iputils-ping.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: ipwhois
name: ipwhois
aliases: []
description: Retrieve and parse whois data for IP addresses.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: Gather and Analyze Data
description: Retrieve and parse whois data for IP addresses.
docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data
website: https://github.com/secynic/ipwhois
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: ipython3
name: ipython3
aliases:
- remnux-packages-ipython3
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: remnux-packages-ipython3
salt_state_path: remnux/packages/ipython3.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: jadx
name: jadx
aliases:
- jadx-gui
description: Decompile Android DEX/APK to Java source code with a GUI or command
line
in_remnux: true
platform: linux
sources:
for610:
covered: true
typical_usage:
- jadx <app.apk> -d output/
- jadx-gui <app.apk>
tags:
- android
- dex
- java
- decompilation
description: Decompile Android DEX/APK to Java source code with a GUI or command
line
salt_states:
covered: true
install_method: manual
package_name: jadx
salt_state_path: remnux/tools/jadx.sls
remnux_docs:
covered: true
category: Statically Analyze Code > Android
description: Generate Java source code from Dalvik Executable (dex) and Android
APK files.
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/android
website: https://github.com/skylot/jadx
anchor: jadx
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: java-idx-parser
name: java-idx-parser
aliases:
- idx_parser.py
description: Analyze Java IDX files.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: script
package_name: idx_parser.py
salt_state_path: remnux/scripts/java-idx-parser.sls
remnux_docs:
covered: true
category: Statically Analyze Code > Java
description: Analyze Java IDX files.
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/java
website: https://github.com/digitalsleuth/Java_IDX_Parser
anchor: java-idx-parser
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: javassist
name: Javassist
aliases: []
description: Java bytecode engineering toolkit/library.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: Statically Analyze Code > Java
description: Java bytecode engineering toolkit/library.
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/java
website: https://www.javassist.org/
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: jd-gui
name: jd-gui
aliases: []
description: Visual Java decompiler with GUI — browse and search decompiled JAR/class
files
in_remnux: true
platform: linux
sources:
for610:
covered: true
typical_usage:
- jd-gui <file.jar>
tags:
- java
- decompilation
- gui
description: Visual Java decompiler with GUI — browse and search decompiled
JAR/class files
salt_states:
covered: true
install_method: manual
package_name: jd-gui
salt_state_path: remnux/tools/jd-gui.sls
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: true
help_tier: rich
- id: jd-gui-java-decompiler
name: JD-GUI Java Decompiler
aliases: []
description: Java decompiler with GUI.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: Statically Analyze Code > Java
description: Java decompiler with GUI.
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/java
website: https://java-decompiler.github.io/
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: jq
name: jq
aliases: []
description: Command-line JSON processor for extracting and transforming structured
data
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Command-line JSON processor for extracting and transforming structured
data
category: utilities
labs:
- '1.4'
sections:
- 1
typical_usage:
- cat report.json | jq '.apis'
- jq -r '.entry' report.json
tags:
- json
- data-processing
salt_states:
covered: true
install_method: apt
package_name: jq
salt_state_path: remnux/packages/jq.sls
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: true
help_tier: rich
- id: js-beautify
name: js-beautify
aliases: []
description: Format and beautify obfuscated JavaScript code for readability
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Format and beautify obfuscated JavaScript code for readability
category: javascript-analysis
labs:
- '3.6'
- '4.5'
sections:
- 3
typical_usage:
- js-beautify malicious.js > beautified.js
tags:
- javascript
- formatting
- readability
salt_states:
covered: true
install_method: pip
package_name: remnux-python3-packages-jsbeautifier
salt_state_path: remnux/python3-packages/jsbeautifier.sls
remnux_docs:
covered: true
category: Statically Analyze Code > Scripts
description: Reformat JavaScript scripts for easier analysis.
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/scripts
website: https://beautifier.io/
anchor: js-beautifier
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: jstillery
name: jstillery
aliases:
- remnux-node-packages-jstillery
- git+https://github.com/mindedsecurity/JStillery.git
description: Deobfuscate JavaScript scripts using AST and Partial Evaluation techniques.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: npm
package_name: remnux-node-packages-jstillery
salt_state_path: remnux/node-packages/jstillery.sls
remnux_docs:
covered: true
category: Dynamically Reverse-Engineer Code > Scripts
description: Deobfuscate JavaScript scripts using AST and Partial Evaluation
techniques.
docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/scripts
website: https://github.com/mindedsecurity/jstillery
anchor: jstillery
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: lame
name: lame
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: lame
salt_state_path: remnux/packages/lame.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: libboost-dev
name: libboost-dev
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: libboost-dev
salt_state_path: remnux/packages/libboost-dev.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: libboost-python-dev
name: libboost-python-dev
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: libboost-python-dev
salt_state_path: remnux/packages/libboost-python-dev.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: libboost-system-dev
name: libboost-system-dev
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: libboost-system-dev
salt_state_path: remnux/packages/libboost-system-dev.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: libdpkg-perl
name: libdpkg-perl
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: libdpkg-perl
salt_state_path: remnux/packages/libdpkg-perl.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: libemail-outlook-message-perl
name: libemail-outlook-message-perl
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: libemail-outlook-message-perl
salt_state_path: remnux/packages/libemail-outlook-message-perl.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: libemu
name: libemu
aliases:
- libemu-dev
- ldconfig
description: A library for x86 code emulation and shellcode detection.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: libemu
salt_state_path: remnux/packages/libemu.sls
remnux_docs:
covered: true
category: Dynamically Reverse-Engineer Code > Shellcode
description: A library for x86 code emulation and shellcode detection.
docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/shellcode
website: https://github.com/buffer/libemu
anchor: libemu
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: libffi-dev
name: libffi-dev
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: libffi-dev
salt_state_path: remnux/packages/libffi-dev.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: libfuse2
name: libfuse2
aliases:
- remnux-packages-libfuse2
- libfuse2t64
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: remnux-packages-libfuse2
salt_state_path: remnux/packages/libfuse2.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: libfuzzy-dev
name: libfuzzy-dev
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: libfuzzy-dev
salt_state_path: remnux/packages/libfuzzy-dev.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: libfuzzy2
name: libfuzzy2
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: libfuzzy2
salt_state_path: remnux/packages/libfuzzy2.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: libglib2
name: libglib2
aliases:
- remnux-packages-libglib2
- libglib2.0-0t64
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: remnux-packages-libglib2
salt_state_path: remnux/packages/libglib2.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: libglu1-mesa-dev
name: libglu1-mesa-dev
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: libglu1-mesa-dev
salt_state_path: remnux/packages/libglu1-mesa-dev.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: libgraphviz-dev
name: libgraphviz-dev
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: libgraphviz-dev
salt_state_path: remnux/packages/libgraphviz-dev.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: libgtk-3-0
name: libgtk-3-0
aliases:
- remnux-packages-libgtk-3-0
- libgtk-3-0t64
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: remnux-packages-libgtk-3-0
salt_state_path: remnux/packages/libgtk-3-0.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: libjavassist-java
name: libjavassist-java
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: libjavassist-java
salt_state_path: remnux/packages/libjavassist-java.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: libjpeg-dev
name: libjpeg-dev
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: libjpeg-dev
salt_state_path: remnux/packages/libjpeg-dev.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: libjpeg8-dev
name: libjpeg8-dev
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: libjpeg8-dev
salt_state_path: remnux/packages/libjpeg8-dev.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: liblzma-dev
name: liblzma-dev
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: liblzma-dev
salt_state_path: remnux/packages/liblzma-dev.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: liblzo2-dev
name: liblzo2-dev
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: liblzo2-dev
salt_state_path: remnux/packages/liblzo2-dev.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: libmagic-dev
name: libmagic-dev
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: libmagic-dev
salt_state_path: remnux/packages/libmagic-dev.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: libmysqlclient21
name: libmysqlclient21
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: libmysqlclient21
salt_state_path: remnux/packages/libmysqlclient21.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: libncurses
name: libncurses
aliases:
- libncurses-dev
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: libncurses
salt_state_path: remnux/packages/libncurses.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: libnetfilter-queue-dev
name: libnetfilter-queue-dev
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: libnetfilter-queue-dev
salt_state_path: remnux/packages/libnetfilter-queue-dev.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: libnfnetlink-dev
name: libnfnetlink-dev
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: libnfnetlink-dev
salt_state_path: remnux/packages/libnfnetlink-dev.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: libolecf
name: libolecf
aliases: []
description: Microsoft Office OLE2 compound documents.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: libolecf
salt_state_path: remnux/packages/libolecf.sls
remnux_docs:
covered: true
category: Analyze Documents > Microsoft Office
description: Microsoft Office OLE2 compound documents.
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office
website: https://github.com/libyal/libolecf
anchor: libolecf
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: libpq5
name: libpq5
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: libpq5
salt_state_path: remnux/packages/libpq5.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: libqt5scripttools5
name: libqt5scripttools5
aliases:
- remnux-package-libqt5scripttools5
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: remnux-package-libqt5scripttools5
salt_state_path: remnux/packages/libqt5scripttools5.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: libre2
name: libre2
aliases:
- remnux-packages-libre2
- libre2-10
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: remnux-packages-libre2
salt_state_path: remnux/packages/libre2.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: libsm6
name: libsm6
aliases:
- remnux-packages-libsm6
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: remnux-packages-libsm6
salt_state_path: remnux/packages/libsm6.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: libsqlite3-dev
name: libsqlite3-dev
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: libsqlite3-dev
salt_state_path: remnux/packages/libsqlite3-dev.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: libssl-dev
name: libssl-dev
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: libssl-dev
salt_state_path: remnux/packages/libssl-dev.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: libtool
name: libtool
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: libtool
salt_state_path: remnux/packages/libtool.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: libtre5
name: libtre5
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: libtre5
salt_state_path: remnux/packages/libtre5.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: libusb-1
name: libusb-1
aliases:
- libusb-1.0-0
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: libusb-1.0-0
salt_state_path: remnux/packages/libusb-1.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: libxml2-dev
name: libxml2-dev
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: libxml2-dev
salt_state_path: remnux/packages/libxml2-dev.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: libxslt1-dev
name: libxslt1-dev
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: libxslt1-dev
salt_state_path: remnux/packages/libxslt1-dev.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: lief
name: lief
aliases:
- remnux-python3-packages-lief
description: Parse and analyze PE, ELF, MachO, DEX, OAT, VDEX, ART, and DWARF executable
formats.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: pip
package_name: remnux-python3-packages-lief
salt_state_path: remnux/python3-packages/lief.sls
remnux_docs:
covered: true
category: Examine Static Properties > General
description: Parse and analyze PE, ELF, MachO, DEX, OAT, VDEX, ART, and DWARF
executable formats.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
website: https://lief.re
anchor: lief
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: linux-headers
name: linux-headers
aliases:
- linux-headers-generic
- remnux-packages-linux-headers
- linux-headers-{{
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: linux-headers-generic
salt_state_path: remnux/packages/linux-headers.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: logman
name: logman
aliases: []
description: Windows Event Trace session manager — enable AMSI script content logging
in_remnux: false
platform: windows
sources:
for610:
covered: true
description: Windows Event Trace session manager — enable AMSI script content
logging
category: powershell-analysis
labs:
- '3.6'
sections:
- 3
typical_usage:
- logman start AMSITrace -p Microsoft-Antimalware-Scan-Interface Event1 -o AMSITrace.etl
-ets
- logman stop AMSITrace -ets
tags:
- amsi
- event-tracing
- monitoring
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: ltrace
name: ltrace
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: ltrace
salt_state_path: remnux/packages/ltrace.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: magika
name: magika
aliases:
- remnux-python3-packages-magika-install
description: Identify file type using signatures.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: pip
package_name: remnux-python3-packages-magika-install
salt_state_path: remnux/python3-packages/magika.sls
remnux_docs:
covered: true
category: Examine Static Properties > General
description: Identify file type using signatures.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
website: https://google.github.io/magika
anchor: magika
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: mail-parser
name: mail-parser
aliases:
- remnux-python3-packages-mail-parser
description: Parse raw SMTP email messages and extract headers, body, and attachments
in_remnux: true
platform: linux
sources:
for610:
covered: true
typical_usage:
- python3 -c "import mailparser; mail = mailparser.parse_from_file('<email.eml>');
print(mail.subject)"
tags:
- email
- parsing
- attachments
description: Parse raw SMTP email messages and extract headers, body, and attachments
salt_states:
covered: true
install_method: pip
package_name: remnux-python3-packages-mail-parser
salt_state_path: remnux/python3-packages/mail-parser.sls
remnux_docs:
covered: true
category: Analyze Documents > Email Messages
description: Parse raw SMTP and.
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/email+messages
website: https://github.com/SpamScope/mail-parser
anchor: mail-parser
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: malcat
name: malcat
aliases:
- remnux-tools-malcat-pip-deps
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: manual
package_name: remnux-tools-malcat-pip-deps
salt_state_path: remnux/tools/malcat.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: malcat-lite
name: Malcat Lite
aliases: []
description: Analyze binary files using a hex editor, disassembler, and file dissector.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: Examine Static Properties > General
description: Analyze binary files using a hex editor, disassembler, and file
dissector.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
website: https://malcat.fr
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: malchive
name: Malchive
aliases: []
description: Multi-purpose malware analysis library — config extraction, deobfuscation,
and static analysis
in_remnux: true
platform: linux
sources:
for610:
covered: true
typical_usage:
- malchive <sample>
tags:
- malware
- config-extraction
- deobfuscation
description: Multi-purpose malware analysis library — config extraction, deobfuscation,
and static analysis
salt_states:
covered: false
remnux_docs:
covered: true
category: Examine Static Properties > Deobfuscation
description: Perform static analysis of various aspects of malicious code.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
website: https://github.com/MITRECND/malchive
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: false
help_tier: rich
- id: malwarebazaar
name: MalwareBazaar
aliases: []
description: Malware sample sharing platform by abuse.ch
in_remnux: false
platform: online
sources:
for610:
covered: true
description: Malware sample sharing platform by abuse.ch
category: online-platforms
labs: []
sections:
- 1
typical_usage:
- https://bazaar.abuse.ch
tags:
- sample-sharing
- repository
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: malwoverview
name: malwoverview
aliases:
- remnux-python3-packages-malwoverview-install
description: Query VirusTotal, Hybrid Analysis, and MalwareBazaar for malware intelligence
in_remnux: true
platform: linux
sources:
for610:
covered: true
typical_usage:
- malwoverview -v <hash>
- malwoverview -f <sample>
tags:
- threat-intel
- virustotal
- malware-bazaar
description: Query VirusTotal, Hybrid Analysis, and MalwareBazaar for malware
intelligence
salt_states:
covered: true
install_method: pip
package_name: remnux-python3-packages-malwoverview-install
salt_state_path: remnux/python3-packages/malwoverview.sls
remnux_docs:
covered: true
category: Gather and Analyze Data
description: Query public repositories of malware data (e.
docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data
website: https://github.com/alexandreborges/malwoverview
anchor: malwoverview
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: manalyze
name: manalyze
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: manalyze
salt_state_path: remnux/packages/manalyze.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: mbcscan
name: mbcscan
aliases: []
description: Scan a PE file to list the associated Malware Behavior Catalog (MBC)
details.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: Statically Analyze Code > PE Files
description: Scan a PE file to list the associated Malware Behavior Catalog
(MBC) details.
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/pe-files
website: https://github.com/accidentalrebel/mbcscan
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: mercurial
name: mercurial
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: mercurial
salt_state_path: remnux/packages/mercurial.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: microsoft
name: microsoft
aliases:
- deb
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: unknown
package_name: deb
salt_state_path: remnux/repos/winehq.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: microsoft-vscode
name: microsoft-vscode
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: unknown
package_name: microsoft-vscode
salt_state_path: remnux/repos/microsoft-vscode.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: mitmproxy
name: mitmproxy
aliases: []
description: Interactive HTTPS proxy for intercepting, inspecting, and modifying
encrypted web traffic
in_remnux: true
platform: linux
sources:
for610:
covered: true
typical_usage:
- mitmproxy
- mitmdump -w capture.flow
- mitmproxy --mode transparent
tags:
- network
- https
- proxy
- tls
- interception
description: Interactive HTTPS proxy for intercepting, inspecting, and modifying
encrypted web traffic
salt_states:
covered: false
remnux_docs:
covered: true
category: Explore Network Interactions > Monitoring
description: Investigate website interactions using this web proxy.
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring
website: https://mitmproxy.org
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: false
help_tier: rich
- id: mono
name: mono
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: unknown
package_name: mono
salt_state_path: remnux/repos/mono.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: mono-devel
name: mono-devel
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: mono-devel
salt_state_path: remnux/packages/mono-devel.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: mono-utils
name: mono-utils
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: mono-utils
salt_state_path: remnux/packages/mono-utils.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: monodis
name: monodis
aliases: []
description: Disassemble and extract resources from.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: Examine Static Properties > .NET
description: Disassemble and extract resources from.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/.net
website: https://www.mono-project.com/docs/tools+libraries/tools/monodis/
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: msg-extractor
name: msg-extractor
aliases:
- remnux-python3-packages-extract-msg
- extract_msg
description: Extract emails and attachments from Microsoft Outlook MSG files
in_remnux: true
platform: linux
sources:
for610:
covered: true
typical_usage:
- extract_msg <email.msg>
- extract_msg --out-dir output/ <email.msg>
tags:
- email
- msg
- outlook
- attachments
description: Extract emails and attachments from Microsoft Outlook MSG files
salt_states:
covered: true
install_method: pip
package_name: remnux-python3-packages-extract-msg
salt_state_path: remnux/python3-packages/msg-extractor.sls
remnux_docs:
covered: true
category: Analyze Documents > Email Messages
description: Extract emails and attachments from MSG files.
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/email+messages
website: https://github.com/TeamMsgExtractor/msg-extractor
anchor: msg-extractor
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: msgconvert
name: msgconvert
aliases: []
description: Convert MSG files to MBOX files.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: Analyze Documents > Email Messages
description: Convert MSG files to MBOX files.
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/email+messages
website: https://www.matijs.net/software/msgconv/
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: msitools
name: msitools
aliases: []
description: Create, inspect and extract Windows Installer (.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: msitools
salt_state_path: remnux/packages/msitools.sls
remnux_docs:
covered: true
category: Examine Static Properties > General
description: Create, inspect and extract Windows Installer (.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
website: https://wiki.gnome.org/msitools
anchor: msitools
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: msoffcrypto-crack-py
name: msoffcrypto-crack.py
aliases: []
description: Recover the password of an encrypted Microsoft Office document.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: Analyze Documents > Microsoft Office
description: Recover the password of an encrypted Microsoft Office document.
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office
website: https://blog.didierstevens.com/2018/12/31/new-tool-msoffcrypto-crack-py/
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: msoffcrypto-tool
name: msoffcrypto-tool
aliases:
- remnux-python3-packages-msoffcrypto-tool
description: Decrypt password-protected Microsoft Office documents (OLE and OOXML)
in_remnux: true
platform: linux
sources:
for610:
covered: true
typical_usage:
- msoffcrypto-tool -p infected <encrypted.docx> <decrypted.docx>
- msoffcrypto-tool -p password <encrypted.xlsx> <decrypted.xlsx>
tags:
- office
- decryption
- password
description: Decrypt password-protected Microsoft Office documents (OLE and
OOXML)
salt_states:
covered: true
install_method: pip
package_name: remnux-python3-packages-msoffcrypto-tool
salt_state_path: remnux/python3-packages/msoffcrypto-tool.sls
remnux_docs:
covered: true
category: Analyze Documents > Microsoft Office
description: Decrypt a Microsoft Office file with password, intermediate key,
or private key which generated its escrow key.
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office
website: https://github.com/nolze/msoffcrypto-tool
anchor: msoffcrypto-tool
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: msoffice-crypt
name: msoffice-crypt
aliases: []
description: Encrypt and decrypt OOXML Microsoft Office documents.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: msoffice-crypt
salt_state_path: remnux/packages/msoffice-crypt.sls
remnux_docs:
covered: true
category: Analyze Documents > Microsoft Office
description: Encrypt and decrypt OOXML Microsoft Office documents.
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office
website: https://github.com/herumi/msoffice
anchor: msoffice-crypt
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: myip
name: myip
aliases: []
description: Determine the IP address of the default network interface.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: script
package_name: myip
salt_state_path: remnux/scripts/myip.sls
remnux_docs:
covered: true
category: General Utilities
description: Determine the IP address of the default network interface.
docs_url: https://docs.remnux.org/discover-the-tools/general+utilities
website: https://github.com/REMnux/distro/blob/master/files/myip
anchor: myip
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: myjson-filter-py
name: myjson-filter.py
aliases: []
description: Filter data formatted using the JSON format used by Didier Stevens&#x27;
tools.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: General Utilities
description: Filter data formatted using the JSON format used by Didier Stevens&#x27;
tools.
docs_url: https://docs.remnux.org/discover-the-tools/general+utilities
website: https://blog.didierstevens.com/2022/04/09/new-tool-myjson-filter-py/
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: mynic
name: mynic
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: script
package_name: mynic
salt_state_path: remnux/scripts/mynic.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: name-that-hash
name: name-that-hash
aliases:
- remnux-python3-packages-name-that-hash-install
- nth
description: Identify dfferent types of hashes.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: pip
package_name: remnux-python3-packages-name-that-hash-install
salt_state_path: remnux/python3-packages/name-that-hash.sls
remnux_docs:
covered: true
category: Examine Static Properties > General
description: Identify dfferent types of hashes.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
website: https://github.com/HashPals/Name-That-Hash
anchor: name-that-hash
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: nano
name: nano
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: nano
salt_state_path: remnux/packages/nano.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: nasm
name: nasm
aliases: []
description: An x86-64 assembler.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: nasm
salt_state_path: remnux/packages/nasm.sls
remnux_docs:
covered: true
category: General Utilities
description: An x86-64 assembler.
docs_url: https://docs.remnux.org/discover-the-tools/general+utilities
website: https://www.nasm.us
anchor: nasm
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: nautilus
name: nautilus
aliases: []
description: Graphical file manager.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: nautilus
salt_state_path: remnux/packages/nautilus.sls
remnux_docs:
covered: true
category: General Utilities
description: Graphical file manager.
docs_url: https://docs.remnux.org/discover-the-tools/general+utilities
website: https://gitlab.gnome.org/GNOME/nautilus
anchor: nautilus
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: ndg-httpsclient
name: ndg-httpsclient
aliases:
- remnux-python3-packages-ndg-httpsclient
- ndg_httpclient
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: pip
package_name: remnux-python3-packages-ndg-httpsclient
salt_state_path: remnux/python3-packages/ndg-httpsclient.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: net-tools
name: net-tools
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: net-tools
salt_state_path: remnux/packages/net-tools.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: netcat
name: nc
aliases:
- netcat
description: Network utility for reading/writing data across TCP/UDP connections
in_remnux: true
platform: both
sources:
for610:
covered: true
description: Network utility for reading/writing data across TCP/UDP connections
category: network-analysis
labs: []
sections:
- 1
typical_usage:
- nc -l -p 3127
- nc target_ip 80
tags:
- network
- tcp
- listener
salt_states:
covered: true
install_method: apt
package_name: netcat-traditional
salt_state_path: remnux/packages/netcat.sls
remnux_docs:
covered: true
category: Explore Network Interactions > Connecting
description: Read and write data across network connections.
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/connecting
website: https://nc110.sourceforge.io/
anchor: netcat
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: network-miner-free-edition
name: Network Miner Free Edition
aliases: []
description: Examine network traffic and carve PCAP capture files.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: Explore Network Interactions > Monitoring
description: Examine network traffic and carve PCAP capture files.
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring
website: https://www.netresec.com
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: networkminer
name: networkminer
aliases: []
description: Passive network traffic analyzer — extracts files, images, credentials
from PCAP captures
in_remnux: true
platform: linux
sources:
for610:
covered: true
typical_usage:
- NetworkMiner --pcap <capture.pcap>
tags:
- network
- pcap
- file-carving
- passive
description: Passive network traffic analyzer — extracts files, images, credentials
from PCAP captures
salt_states:
covered: true
install_method: manual
package_name: networkminer
salt_state_path: remnux/tools/networkminer.sls
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: true
help_tier: rich
- id: nginx
name: nginx
aliases: []
description: Web server.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: unknown
package_name: nginx
salt_state_path: remnux/config/nginx.sls
remnux_docs:
covered: true
category: Explore Network Interactions > Services
description: Web server.
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/services
website: https://nginx.org
anchor: nginx
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: ngrep
name: ngrep
aliases: []
description: Search network traffic for patterns — like grep for packets
in_remnux: true
platform: linux
sources:
for610:
covered: true
typical_usage:
- ngrep -I <capture.pcap> 'password'
- ngrep -d eth0 'GET|POST' 'tcp port 80'
tags:
- network
- search
- pattern-matching
description: Search network traffic for patterns — like grep for packets
salt_states:
covered: true
install_method: apt
package_name: ngrep
salt_state_path: remnux/packages/ngrep.sls
remnux_docs:
covered: true
category: Explore Network Interactions > Monitoring
description: Look for patterns in network traffic.
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring
website: https://github.com/jpr5/ngrep/
anchor: ngrep
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: nodejs
name: nodejs
aliases:
- remnux-packages-nodejs
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: npm
package_name: remnux-packages-nodejs
salt_state_path: remnux/packages/nodejs.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: nomorexor
name: nomorexor
aliases:
- nomorexor.py
description: Help guess a file&#x27;s 256-byte XOR by using frequency analysis.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: script
package_name: nomorexor.py
salt_state_path: remnux/scripts/nomorexor.sls
remnux_docs:
covered: true
category: Examine Static Properties > Deobfuscation
description: Help guess a file&#x27;s 256-byte XOR by using frequency analysis.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
website: https://github.com/digitalsleuth/NoMoreXOR
anchor: nomorexor.py
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: notepadpp
name: Notepad++
aliases: []
description: Advanced Windows text editor with syntax highlighting for script analysis
in_remnux: false
platform: windows
sources:
for610:
covered: true
description: Advanced Windows text editor with syntax highlighting for script
analysis
category: utilities
labs:
- '3.6'
- '3.8'
- '3.9'
- '3.10'
- '3.11'
- '3.12'
- '4.5'
sections:
- 3
- 4
typical_usage:
- notepad++ script.ps1
tags:
- editor
- windows
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: nslookup
name: nslookup
aliases: []
description: DNS query tool for testing name resolution
in_remnux: true
platform: both
sources:
for610:
covered: true
description: DNS query tool for testing name resolution
category: network-analysis
labs:
- '1.3'
sections:
- 1
typical_usage:
- nslookup domain.com
tags:
- dns
- testing
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: nsrllookup
name: nsrllookup
aliases: []
description: Look up MD5 file hashes in the NIST National Software Reference Library
(NSRL).
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: Gather and Analyze Data
description: Look up MD5 file hashes in the NIST National Software Reference
Library (NSRL).
docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data
website: https://github.com/rjhansen/nsrllookup
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: numbers-to-string-py
name: numbers-to-string.py
aliases: []
description: Convert sequences of decimal numbers to readable characters
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Convert sequences of decimal numbers to readable characters
category: document-analysis
labs:
- '3.3'
sections:
- 3
typical_usage:
- oledump.py doc.docm -s A3 -v | numbers-to-string.py -j
tags:
- decoding
- deobfuscation
- didier-stevens
author: Didier Stevens
salt_states:
covered: false
remnux_docs:
covered: true
category: Examine Static Properties > General
description: Convert decimal numbers to strings.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
website: https://blog.didierstevens.com/2020/12/12/update-numbers-to-string-py-version-0-0-11/
anchor: numbers-to-string
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: false
help_tier: rich
- id: objdump
name: objdump
aliases: []
description: Disassemble binary files.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: Statically Analyze Code > General
description: Disassemble binary files.
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/general
website: https://en.wikipedia.org/wiki/Objdump
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: objects-js
name: objects.js
aliases: []
description: Emulate common browser and PDF viewer objects, methods, and properties
when deobfuscating JavaScript.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: Dynamically Reverse-Engineer Code > Scripts
description: Emulate common browser and PDF viewer objects, methods, and properties
when deobfuscating JavaScript.
docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/scripts
website: https://github.com/REMnux/salt-states/blob/master/remnux/config/objects/objects.js
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: oledump-py
name: oledump.py
aliases:
- oledump
description: Analyze OLE2 files (Office documents), extract streams and VBA macros
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Analyze OLE2 files (Office documents), extract streams and VBA
macros
category: document-analysis
labs:
- '3.3'
- '3.4'
- '4.5'
sections:
- 3
- 4
typical_usage:
- oledump.py document.docm
- oledump.py document.docm -s A3 -v
- oledump.py document.docm -i
tags:
- office
- vba
- macro
- ole
- didier-stevens
author: Didier Stevens
salt_states:
covered: false
remnux_docs:
covered: true
category: Analyze Documents > Microsoft Office
description: Analyze OLE2 Structured Storage files.
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office
website: https://blog.didierstevens.com/programs/oledump-py/
anchor: oledump.py
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: false
help_tier: rich
- id: olefile
name: olefile
aliases:
- remnux-python3-packages-olefile-package
- python3-olefile
description: Python package to parse, read and write MS OLE2 files.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: pip
package_name: remnux-python3-packages-olefile-package
salt_state_path: remnux/python3-packages/olefile.sls
remnux_docs:
covered: true
category: Analyze Documents > Microsoft Office
description: Python package to parse, read and write MS OLE2 files.
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office
website: https://github.com/decalage2/olefile
anchor: olefile
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: olevba
name: olevba
aliases: []
description: Extract and analyze VBA macros from Office documents with deobfuscation
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Extract and analyze VBA macros from Office documents with deobfuscation
category: document-analysis
labs: []
sections:
- 3
typical_usage:
- olevba document.docm
- olevba --deobf document.docm
tags:
- office
- vba
- macro
- deobfuscation
salt_states:
covered: true
install_method: pip
package_name: remnux-python3-packages-oletools
salt_state_path: remnux/python3-packages/oletools.sls
remnux_docs:
covered: true
category: Analyze Documents > Microsoft Office
description: Microsoft Office OLE2 compound documents.
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office
website: https://www.decalage.info/python/oletools
anchor: oletools
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: ollydbg
name: OllyDbg
aliases: []
description: Classic 32-bit debugger for Windows (legacy, predecessor to x32dbg)
in_remnux: false
platform: windows
sources:
for610:
covered: true
description: Classic 32-bit debugger for Windows (legacy, predecessor to x32dbg)
category: debugging
labs: []
sections:
- 4
- 5
typical_usage:
- ollydbg.exe specimen.exe
tags:
- debugger
- 32-bit
- legacy
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: ollydumpex
name: OllyDumpEx
aliases: []
description: x64dbg/x32dbg plugin for dumping unpacked process memory to disk
in_remnux: false
platform: windows
sources:
for610:
covered: true
description: x64dbg/x32dbg plugin for dumping unpacked process memory to disk
category: unpacking
labs:
- '4.3'
- '5.4'
- '5.8'
sections:
- 4
- 5
typical_usage:
- Plugins > OllyDumpEx > Dump process
tags:
- memory-dump
- x64dbg-plugin
- unpacking
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: onedump-py
name: onedump.py
aliases: []
description: Extract and analyze embedded files from OneNote documents.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: Analyze Documents > Microsoft Office
description: Extract and analyze embedded files from OneNote documents.
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office
website: https://blog.didierstevens.com/2023/01/22/new-tool-onedump-py/
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: opencode
name: opencode
aliases: []
description: Open-source AI coding agent for the terminal.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: unknown
package_name: opencode
salt_state_path: remnux/config/opencode.sls
remnux_docs:
covered: true
category: Use Artificial Intelligence
description: Open-source AI coding agent for the terminal.
docs_url: https://docs.remnux.org/discover-the-tools/use+artificial+intelligence
website: https://opencode.ai
anchor: opencode
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: openjdk
name: openjdk
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: unknown
package_name: openjdk
salt_state_path: remnux/repos/openjdk.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: openssh
name: openssh
aliases:
- openssh-client
- openssh-server
description: Initiate and receive SSH and SFTP connections.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: openssh-client
salt_state_path: remnux/packages/openssh.sls
remnux_docs:
covered: true
category: General Utilities
description: Initiate and receive SSH and SFTP connections.
docs_url: https://docs.remnux.org/discover-the-tools/general+utilities
website: https://www.openssh.com
anchor: openssh
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: openssl
name: openssl
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: openssl
salt_state_path: remnux/packages/openssl.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: origami
name: origamindee
aliases:
- origami
- therubyracer
description: Parse, modify, generate PDF files.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: gem
package_name: origamindee
salt_state_path: remnux/rubygems/origamindee.sls
remnux_docs:
covered: true
category: Analyze Documents > PDF
description: Parse, modify, generate PDF files.
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/pdf
website: https://github.com/mindee/origamindee
anchor: origamindee
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: osarch
name: osarch
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: unknown
package_name: osarch
salt_state_path: remnux/osarch.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: otx
name: Open Threat Exchange
aliases:
- OTX
- LevelBlue Labs
description: Threat intelligence sharing platform for indicators of compromise
in_remnux: false
platform: online
sources:
for610:
covered: true
description: Threat intelligence sharing platform for indicators of compromise
category: online-platforms
labs: []
sections:
- 1
typical_usage:
- https://otx.alienvault.com
tags:
- threat-intel
- ioc-sharing
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: pcode2code
name: pcode2code
aliases:
- remnux-python3-packages-pcode2code
description: Decompile VBA p-code from Office documents — works even when VBA source
is removed
in_remnux: true
platform: linux
sources:
for610:
covered: true
typical_usage:
- pcode2code <document.docm>
tags:
- office
- vba
- p-code
- decompilation
description: Decompile VBA p-code from Office documents — works even when VBA
source is removed
salt_states:
covered: true
install_method: pip
package_name: remnux-python3-packages-pcode2code
salt_state_path: remnux/python3-packages/pcode2code.sls
remnux_docs:
covered: true
category: Analyze Documents > Microsoft Office
description: Decompile VBA macro p-code from Microsoft Office documents.
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office
website: https://github.com/Big5-sec/pcode2code
anchor: pcode2code
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: pcodedmp
name: pcodedmp
aliases:
- remnux-python3-packages-pcodedmp
description: Disassemble VBA p-code.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: pip
package_name: remnux-python3-packages-pcodedmp
salt_state_path: remnux/python3-packages/pcodedmp.sls
remnux_docs:
covered: true
category: Analyze Documents > Microsoft Office
description: Disassemble VBA p-code.
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office
website: https://github.com/bontchev/pcodedmp
anchor: pcodedmp
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: pdf-parser-py
name: pdf-parser.py
aliases:
- pdf-parser
description: Parse PDF structure, locate objects, extract content, and search for
strings
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Parse PDF structure, locate objects, extract content, and search
for strings
category: pdf-analysis
labs:
- '3.1'
sections:
- 1
- 3
typical_usage:
- pdf-parser.py document.pdf -a
- pdf-parser.py document.pdf -s /URI
- pdf-parser.py document.pdf -k /URI
- pdf-parser.py document.pdf -o 6 -d object6.jpg
tags:
- pdf
- static-analysis
- object-extraction
- didier-stevens
author: Didier Stevens
salt_states:
covered: false
remnux_docs:
covered: true
category: Analyze Documents > PDF
description: Examine elements of the PDF file.
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/pdf
website: https://blog.didierstevens.com/programs/pdf-tools/
anchor: pdf-parser.py
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: false
help_tier: rich
- id: pdfid-py
name: pdfid.py
aliases:
- pdfid
description: Scan PDF files for suspicious keywords like /JavaScript, /OpenAction,
/Launch without parsing
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Scan PDF files for suspicious keywords like /JavaScript, /OpenAction,
/Launch without parsing
category: pdf-analysis
labs:
- '3.1'
sections:
- 1
- 3
typical_usage:
- pdfid.py document.pdf
- pdfid.py -n document.pdf
tags:
- pdf
- static-analysis
- triage
- didier-stevens
author: Didier Stevens
salt_states:
covered: false
remnux_docs:
covered: true
category: Analyze Documents > PDF
description: Identify suspicious elements of the PDF file.
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/pdf
website: https://blog.didierstevens.com/programs/pdf-tools/
anchor: pdfid.py
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: false
help_tier: rich
- id: pdfresurrect
name: pdfresurrect
aliases: []
description: Extract and analyze previous versions from PDF files
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Extract and analyze previous versions from PDF files
category: pdf-analysis
labs: []
sections:
- 1
typical_usage:
- pdfresurrect document.pdf
tags:
- pdf
- versioning
salt_states:
covered: true
install_method: apt
package_name: pdfresurrect
salt_state_path: remnux/packages/pdfresurrect.sls
remnux_docs:
covered: true
category: Analyze Documents > PDF
description: Extract previous versions of content from PDF files.
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/pdf
website: https://github.com/enferex/pdfresurrect
anchor: pdfresurrect
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: pdftk
name: pdftk
aliases: []
description: Manipulate PDF files — merge, split, flatten, encrypt, and extract
embedded content
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Manipulate PDF files — merge, split, flatten, encrypt, and extract
embedded content
category: pdf-analysis
labs: []
sections:
- 3
typical_usage:
- pdftk input.pdf cat output output.pdf flatten
- pdftk input.pdf unpack_files
tags:
- pdf
- manipulation
- extraction
salt_states:
covered: true
install_method: apt
package_name: pdftk-java
salt_state_path: remnux/packages/pdftk-java.sls
remnux_docs:
covered: true
category: Analyze Documents > PDF
description: Edit, create, and examine PDF files.
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/pdf
website: https://gitlab.com/pdftk-java/pdftk
anchor: pdftk-java
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: pdftool-py
name: pdftool.py
aliases: []
description: Analyze PDF incremental updates
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Analyze PDF incremental updates
category: pdf-analysis
labs: []
sections:
- 1
typical_usage:
- pdftool.py document.pdf
tags:
- pdf
- didier-stevens
author: Didier Stevens
salt_states:
covered: false
remnux_docs:
covered: true
category: Analyze Documents > PDF
description: Analyze PDF files to identify incremental updates to the document.
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/pdf
website: https://blog.didierstevens.com/2021/01/31/new-tool-pdftool-py/
anchor: pdftool.py
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: false
help_tier: rich
- id: pdnstool
name: pdnstool
aliases:
- sqlite3-gem
- passivedns-client
- sqlite3
description: Query passive DNS databases for DNS data.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: remnux-packages-sqlite
salt_state_path: remnux/packages/sqlite.sls
remnux_docs:
covered: true
category: Gather and Analyze Data
description: Query passive DNS databases for DNS data.
docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data
website: https://github.com/chrislee35/passivedns-client
anchor: pdnstool
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: pe-tree
name: pe-tree
aliases:
- remnux-python3-packages-pe-tree
- pe_tree
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: pip
package_name: remnux-python3-packages-pe-tree
salt_state_path: remnux/python3-packages/pe-tree.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: pe-unmapper
name: pe_unmapper
aliases: []
description: Convert dumped PE from virtual memory alignment to raw disk alignment
in_remnux: false
platform: windows
sources:
for610:
covered: true
description: Convert dumped PE from virtual memory alignment to raw disk alignment
category: unpacking
labs:
- '5.10'
sections:
- 5
typical_usage:
- pe_unmapper /in dumped.exe /base 400000 /out fixed.exe
tags:
- pe-fixup
- memory-dump
- alignment
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: pedump
name: pedump
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: gem
package_name: pedump
salt_state_path: remnux/rubygems/pedump.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: peepdf
name: peepdf
aliases: []
description: Interactive PDF analysis framework with JavaScript detection and exploitation
capabilities
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Interactive PDF analysis framework with JavaScript detection and
exploitation capabilities
category: pdf-analysis
labs: []
sections:
- 1
typical_usage:
- peepdf -i malicious.pdf
- peepdf -f -i malicious.pdf
tags:
- pdf
- interactive
- javascript-detection
salt_states:
covered: true
install_method: pip
package_name: remnux-python3-packages-peepdf-3
salt_state_path: remnux/python3-packages/peepdf-3.sls
remnux_docs:
covered: true
category: Analyze Documents > PDF
description: Examine elements of the PDF file.
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/pdf
website: https://github.com/digitalsleuth/peepdf-3
anchor: peepdf-3
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: peframe
name: peframe
aliases: []
description: Static analysis of PE files — extract properties, detect anomalies,
identify packers
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Static analysis of PE files — extract properties, detect anomalies,
identify packers
category: static-analysis-pe
labs:
- '1.1'
- '4.8'
sections:
- 1
- 4
typical_usage:
- peframe specimen.exe
tags:
- pe
- static-analysis
- triage
salt_states:
covered: true
install_method: pip
package_name: remnux-python3-packages-peframe
salt_state_path: remnux/python3-packages/peframe.sls
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: true
help_tier: rich
- id: perl
name: perl
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: perl
salt_state_path: remnux/packages/perl.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: pestr
name: pestr
aliases: []
description: Extract ASCII and Unicode strings from PE files
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Extract ASCII and Unicode strings from PE files
category: static-analysis-pe
labs:
- '1.1'
- '4.8'
sections:
- 1
- 4
typical_usage:
- pestr specimen.exe
tags:
- pe
- strings
- static-analysis
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: pestudio
name: PeStudio
aliases: []
description: GUI tool for examining static properties of PE files — imports, strings,
sections, entropy, indicators
in_remnux: false
platform: windows
sources:
for610:
covered: true
description: GUI tool for examining static properties of PE files — imports,
strings, sections, entropy, indicators
category: static-analysis-pe
labs:
- '1.1'
- '1.5'
- '2.7'
- '3.10'
- '3.12'
- '4.1'
- '4.2'
- '4.3'
- '4.7'
- '4.8'
- '5.3'
- '5.4'
- '5.8'
- '5.9'
- '5.10'
sections:
- 1
- 2
- 3
- 4
- 5
typical_usage:
- pestudio.exe specimen.exe
tags:
- pe
- static-analysis
- imports
- strings
- entropy
- triage
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: pgadmin
name: pgadmin
aliases:
- remnux-packages-pgadmin4
- pgadmin4-desktop
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: unknown
package_name: deb
salt_state_path: remnux/repos/pgadmin4.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: pip
name: pip
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: pip
package_name: pip
salt_state_path: remnux/python3-packages/pip.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: pkg-config
name: pkg-config
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: pkg-config
salt_state_path: remnux/packages/pkg-config.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: polarproxy
name: polarproxy
aliases: []
description: Transparent TLS proxy that decrypts traffic and saves it as PCAP for
analysis in Wireshark
in_remnux: true
platform: linux
sources:
for610:
covered: true
typical_usage:
- PolarProxy -p 443,80 -w captured.pcap
tags:
- network
- tls
- decryption
- pcap
description: Transparent TLS proxy that decrypts traffic and saves it as PCAP
for analysis in Wireshark
salt_states:
covered: true
install_method: manual
package_name: polarproxy
salt_state_path: remnux/tools/polarproxy.sls
remnux_docs:
covered: true
category: Explore Network Interactions > Monitoring
description: Intercept and decrypt TLS traffic.
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring
website: https://www.netresec.com
anchor: polarproxy
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: portex
name: portex
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: portex
salt_state_path: remnux/packages/portex.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: powershell
name: powershell
aliases: []
description: Run PowerShell scripts and commands.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: powershell
salt_state_path: remnux/packages/powershell.sls
remnux_docs:
covered: true
category: Dynamically Reverse-Engineer Code > Scripts
description: Run PowerShell scripts and commands.
docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/scripts
website: https://github.com/powershell/powershell
anchor: powershell-core
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: powershell-ise
name: PowerShell ISE
aliases:
- powershell_ise
description: PowerShell Integrated Scripting Environment — debug scripts with breakpoints
and variable inspection
in_remnux: false
platform: windows
sources:
for610:
covered: true
description: PowerShell Integrated Scripting Environment — debug scripts with
breakpoints and variable inspection
category: powershell-analysis
labs:
- '3.9'
- '3.11'
- '4.5'
sections:
- 3
- 4
typical_usage:
- powershell_ise script.ps1
tags:
- powershell
- debugger
- script-analysis
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: prefer-ipv4
name: prefer-ipv4
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: unknown
package_name: prefer-ipv4
salt_state_path: remnux/network/prefer-ipv4.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: procdot
name: ProcDOT
aliases: []
description: Visualize Process Monitor logs as interactive graphs for behavioral
analysis
in_remnux: true
platform: both
sources:
for610:
covered: true
description: Visualize Process Monitor logs as interactive graphs for behavioral
analysis
category: behavioral-analysis
labs:
- '1.2'
- '4.5'
sections:
- 1
- 4
typical_usage:
- procdot
tags:
- visualization
- process-monitor
- behavioral
salt_states:
covered: false
remnux_docs:
covered: true
category: Investigate System Interactions
description: Visualize and examine the output of Process Monitor.
docs_url: https://docs.remnux.org/discover-the-tools/investigate+system+interactions
website: https://www.procdot.com
anchor: procdot
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: false
help_tier: rich
- id: process-monitor
name: Process Monitor
aliases:
- ProcMon
- procmon
description: Record file system, registry, process, and thread activity in real
time
in_remnux: false
platform: windows
sources:
for610:
covered: true
description: Record file system, registry, process, and thread activity in real
time
category: behavioral-analysis
labs:
- '1.2'
- '4.5'
sections:
- 1
- 4
typical_usage:
- Procmon.exe
tags:
- filesystem
- registry
- process-monitoring
- real-time
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: procyon
name: Procyon
aliases: []
description: Java decompiler.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: Statically Analyze Code > Java
description: Java decompiler.
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/java
website: https://github.com/mstrobel/procyon
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: procyon-decompiler
name: procyon-decompiler
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: procyon-decompiler
salt_state_path: remnux/packages/procyon-decompiler.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: protobuf
name: protobuf
aliases:
- remnux-python3-packages-protobuf-install
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: pip
package_name: remnux-python3-packages-protobuf-install
salt_state_path: remnux/python3-packages/protobuf.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: pycdc
name: pycdc
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: pycdc
salt_state_path: remnux/packages/pycdc.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: pyelftools
name: pyelftools
aliases:
- remnux-python3-packages-pyelftools
- readelf.py
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: pip
package_name: remnux-python3-packages-pyelftools
salt_state_path: remnux/python3-packages/pyelftools.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: pyinstaller-extractor
name: pyinstaller-extractor
aliases:
- pyinstxtractor.py
description: Extract contents of a PyInstaller-generated PE files.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: script
package_name: pyinstxtractor.py
salt_state_path: remnux/scripts/pyinstaller-extractor.sls
remnux_docs:
covered: true
category: Statically Analyze Code > Python
description: Extract contents of a PyInstaller-generated PE files.
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/python
website: https://github.com/extremecoders-re/pyinstxtractor
anchor: pyinstaller-extractor
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: pyinstxtractor-ng
name: pyinstxtractor-ng
aliases:
- remnux-python3-packages-pyinstxtractor-ng
description: Extract contents of PyInstaller-generated executables without needing
matching Python version
in_remnux: true
platform: linux
sources:
for610:
covered: true
typical_usage:
- pyinstxtractor-ng <packed_exe>
tags:
- python
- pyinstaller
- extraction
description: Extract contents of PyInstaller-generated executables without needing
matching Python version
salt_states:
covered: true
install_method: pip
package_name: remnux-python3-packages-pyinstxtractor-ng
salt_state_path: remnux/python3-packages/pyinstxtractor-ng.sls
remnux_docs:
covered: true
category: Statically Analyze Code > Python
description: Extract contents of PyInstaller-generated executables without requiring
a matching Python version.
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/python
website: https://github.com/pyinstxtractor/pyinstxtractor-ng
anchor: pyinstxtractor-ng
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: python-debian
name: python-debian
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: pip
package_name: python-debian
salt_state_path: remnux/python3-packages/python-debian.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: python3
name: python3
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: python3
salt_state_path: remnux/packages/python3.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: python3-cryptography
name: python3-cryptography
aliases:
- remnux-packages-python3-cryptography
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: remnux-packages-python3-cryptography
salt_state_path: remnux/packages/python3-cryptography.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: python3-dev
name: python3-dev
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: python3-dev
salt_state_path: remnux/packages/python3-dev.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: python3-dnspython
name: python3-dnspython
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: python3-dnspython
salt_state_path: remnux/packages/python3-dnspython.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: python3-magic
name: python3-magic
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: python3-magic
salt_state_path: remnux/packages/python3-magic.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: python3-netifaces
name: python3-netifaces
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: python3-netifaces
salt_state_path: remnux/packages/python3-netifaces.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: python3-numpy
name: python3-numpy
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: python3-numpy
salt_state_path: remnux/packages/python3-numpy.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: python3-pil
name: python3-pil
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: python3-pil
salt_state_path: remnux/packages/python3-pil.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: python3-pip
name: python3-pip
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: pip
package_name: python3-pip
salt_state_path: remnux/packages/python3-pip.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: python3-pyasn1
name: python3-pyasn1
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: python3-pyasn1
salt_state_path: remnux/packages/python3-pyasn1.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: python3-pyqt5
name: python3-pyqt5
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: python3-pyqt5
salt_state_path: remnux/packages/python3-pyqt5.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: python3-requests
name: python3-requests
aliases:
- remnux-packages-python3-requests
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: remnux-packages-python3-requests
salt_state_path: remnux/packages/python3-requests.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: python3-setuptools
name: python3-setuptools
aliases:
- remnux-packages-python3-setuptools
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: remnux-packages-python3-setuptools
salt_state_path: remnux/packages/python3-setuptools.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: python3-ssdeep
name: python3-ssdeep
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: python3-ssdeep
salt_state_path: remnux/packages/python3-ssdeep.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: python3-tk
name: python3-tk
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: python3-tk
salt_state_path: remnux/packages/python3-tk.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: python3-venv
name: python3-venv
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: python3-venv
salt_state_path: remnux/packages/python3-venv.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: python3-virtualenv
name: python3-virtualenv
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: python3-virtualenv
salt_state_path: remnux/packages/python3-virtualenv.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: python3-wheel
name: python3-wheel
aliases:
- remnux-packages-python3-wheel
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: remnux-packages-python3-wheel
salt_state_path: remnux/packages/python3-wheel.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: qiling
name: qiling
aliases:
- remnux-python3-packages-qiling
- qltool
description: Multi-platform binary emulation framework — emulate PE, ELF, shellcode
across OS/arch combinations
in_remnux: true
platform: linux
sources:
for610:
covered: true
typical_usage:
- python3 -c "from qiling import Qiling; ql = Qiling(['<sample>'], '/path/to/rootfs')"
tags:
- emulation
- multi-platform
- binary-analysis
description: Multi-platform binary emulation framework — emulate PE, ELF, shellcode
across OS/arch combinations
salt_states:
covered: true
install_method: pip
package_name: remnux-python3-packages-qiling
salt_state_path: remnux/python3-packages/qiling.sls
remnux_docs:
covered: true
category: Statically Analyze Code > General
description: Emulate code execution of PE files, shellcode, etc.
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/general
website: https://www.qiling.io
anchor: qiling
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: qpdf
name: qpdf
aliases: []
description: Decrypt, linearize, and transform PDF files — useful for removing password
protection
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Decrypt, linearize, and transform PDF files — useful for removing
password protection
category: pdf-analysis
labs: []
sections:
- 3
typical_usage:
- qpdf --decrypt encrypted.pdf output.pdf
tags:
- pdf
- decryption
- transformation
salt_states:
covered: true
install_method: apt
package_name: qpdf
salt_state_path: remnux/packages/qpdf.sls
remnux_docs:
covered: true
category: Analyze Documents > PDF
description: Manipulate (merge, convert, transform) PDF files.
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/pdf
website: http://qpdf.sourceforge.net/
anchor: qpdf
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: qtbase5-dev
name: qtbase5-dev
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: qtbase5-dev
salt_state_path: remnux/packages/qtbase5-dev.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: radare2
name: radare2
aliases:
- r2
description: Open-source reverse engineering command-line framework
in_remnux: true
platform: both
sources:
for610:
covered: true
description: Open-source reverse engineering command-line framework
category: code-analysis
labs: []
sections:
- 2
typical_usage:
- r2 specimen.exe
tags:
- disassembly
- cli
- open-source
salt_states:
covered: true
install_method: apt
package_name: remnux-radare2
salt_state_path: remnux/packages/radare2.sls
remnux_docs:
covered: true
category: Dynamically Reverse-Engineer Code > General
description: Examine binary files, including disassembling and debugging.
docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/general
website: https://www.radare.org/n/radare2.html
anchor: radare2
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: rar
name: rar
aliases:
- unrar
description: Extract RAR archives (including self-extracting RAR payloads)
in_remnux: true
platform: both
sources:
for610:
covered: true
description: Extract RAR archives (including self-extracting RAR payloads)
category: utilities
labs:
- '3.5'
sections:
- 3
typical_usage:
- rar x archive.rar
tags:
- archive
- extraction
salt_states:
covered: true
install_method: apt
package_name: remnux-packages-unrar
salt_state_path: remnux/packages/unrar.sls
remnux_docs:
covered: true
category: General Utilities
description: Decompress files using a variety of algorithms.
docs_url: https://docs.remnux.org/discover-the-tools/general+utilities
website: https://www.rarlab.com
anchor: unrar-free
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: re-search-py
name: re-search.py
aliases: []
description: Search the file for built-in regular expressions of common suspicious
artifacts.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: Examine Static Properties > General
description: Search the file for built-in regular expressions of common suspicious
artifacts.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
website: https://blog.didierstevens.com/2021/05/23/update-re-search-py-version-0-0-17/
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: readpe
name: pev
aliases:
- remnux-packages-pev
- readpe
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: remnux-packages-pev
salt_state_path: remnux/packages/pev.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: redress
name: redress
aliases: []
description: Analyze stripped Go binaries to recover symbols, types, source structure,
and integrate with Radare2.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: manual
package_name: redress
salt_state_path: remnux/tools/redress.sls
remnux_docs:
covered: true
category: Examine Static Properties > Go
description: Analyze stripped Go binaries to recover symbols, types, source
structure, and integrate with Radare2.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/go
website: https://github.com/goretk/redress
anchor: redress
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: refresh
name: refresh
aliases:
- pkg.refresh_db
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: unknown
package_name: pkg.refresh_db
salt_state_path: remnux/repos/refresh.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: reg-export
name: reg_export
aliases: []
description: Extract registry key values to files — used to recover malware artifacts
stored in registry
in_remnux: false
platform: windows
sources:
for610:
covered: true
description: Extract registry key values to files — used to recover malware
artifacts stored in registry
category: utilities
labs:
- '4.5'
sections:
- 4
typical_usage:
- reg_export HKCU\software\keyname valuename output.js
tags:
- registry
- extraction
- windows
author: Adam Kramer
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: regedit
name: Regedit
aliases: []
description: Windows Registry Editor for browsing and modifying registry keys
in_remnux: false
platform: windows
sources:
for610:
covered: true
description: Windows Registry Editor for browsing and modifying registry keys
category: utilities
labs:
- '4.5'
sections:
- 4
typical_usage:
- regedit.exe
tags:
- registry
- windows
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: regshot
name: Regshot
aliases: []
description: Take and compare registry/filesystem snapshots before and after infection
in_remnux: false
platform: windows
sources:
for610:
covered: true
description: Take and compare registry/filesystem snapshots before and after
infection
category: behavioral-analysis
labs:
- '1.2'
sections:
- 1
typical_usage:
- Regshot-x64-Unicode.exe
tags:
- registry
- filesystem
- snapshot
- comparison
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: remnux
name: remnux
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: manual
package_name: remnux
salt_state_path: remnux/tools/remnux-installer.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: remnux-installer
name: REMnux Installer
aliases: []
description: Install and update the REMnux distro.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: General Utilities
description: Install and update the REMnux distro.
docs_url: https://docs.remnux.org/discover-the-tools/general+utilities
website: https://github.com/REMnux/distro/blob/master/files/remnux-installer.sh
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: remnux-mcp-server
name: remnux-mcp-server
aliases:
- remnux-node-packages-remnux-mcp-server
- '@remnux/mcp-server'
description: MCP server for using the REMnux malware analysis toolkit via AI assistants.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: npm
package_name: remnux-node-packages-remnux-mcp-server
salt_state_path: remnux/node-packages/remnux-mcp-server.sls
remnux_docs:
covered: true
category: Use Artificial Intelligence
description: MCP server for using the REMnux malware analysis toolkit via AI
assistants.
docs_url: https://docs.remnux.org/discover-the-tools/use+artificial+intelligence
website: https://github.com/REMnux/remnux-mcp-server
anchor: remnux-mcp-server
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: remove-app-icons
name: remove-app-icons
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: unknown
package_name: remove-app-icons
salt_state_path: remnux/theme/gnome-config/remove-app-icons.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: rhino
name: rhino
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: rhino
salt_state_path: remnux/packages/rhino.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: rsakeyfind
name: rsakeyfind
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: rsakeyfind
salt_state_path: remnux/packages/rsakeyfind.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: rsakeyfinder
name: RSAKeyFinder
aliases: []
description: Find BER-encoded RSA private keys in a memory image.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: Perform Memory Forensics
description: Find BER-encoded RSA private keys in a memory image.
docs_url: https://docs.remnux.org/discover-the-tools/perform+memory+forensics
website: https://citp.princeton.edu/our-work/memory/
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: rtfdump-py
name: rtfdump.py
aliases:
- rtfdump
description: Analyze RTF file structure, identify hex-encoded groups and embedded
objects
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Analyze RTF file structure, identify hex-encoded groups and embedded
objects
category: document-analysis
labs:
- '3.5'
sections:
- 3
typical_usage:
- rtfdump.py document.rtf
- rtfdump.py document.rtf -s 5 -H -d > extracted.bin
tags:
- rtf
- document
- didier-stevens
author: Didier Stevens
salt_states:
covered: false
remnux_docs:
covered: true
category: Analyze Documents > Microsoft Office
description: Analyze a suspicious RTF file.
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office
website: https://blog.didierstevens.com/2018/12/10/update-rtfdump-py-version-0-0-9/
anchor: rtfdump.py
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: false
help_tier: rich
- id: ruby
name: ruby
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: ruby
salt_state_path: remnux/packages/ruby.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: ruby-dev
name: ruby-dev
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: ruby-dev
salt_state_path: remnux/packages/ruby-dev.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: runsc32
name: runsc32
aliases:
- runsc
description: Execute extracted shellcode for dynamic analysis
in_remnux: true
platform: windows
sources:
for610:
covered: true
description: Execute extracted shellcode for dynamic analysis
category: emulation
labs:
- '3.5'
- '4.6'
sections:
- 3
- 4
typical_usage:
- runsc32 -f shellcode.bin -o 0x3B -d qa.doc
tags:
- shellcode
- execution
- dynamic-analysis
salt_states:
covered: true
install_method: apt
package_name: remnux-packages-runsc
salt_state_path: remnux/packages/runsc.sls
remnux_docs:
covered: true
category: Dynamically Reverse-Engineer Code > Shellcode
description: Run shellcode to trace and analyze its execution.
docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/shellcode
website: https://github.com/edygert/runsc
anchor: runsc
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: salt-minion
name: salt-minion
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: unknown
package_name: salt-minion
salt_state_path: remnux/config/salt-minion.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: sandfly-processdecloak
name: sandfly-processdecloak
aliases: []
description: Find hidden processes on the local Linux system.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: sandfly-processdecloak
salt_state_path: remnux/packages/sandfly-processdecloak.sls
remnux_docs:
covered: true
category: Investigate System Interactions
description: Find hidden processes on the local Linux system.
docs_url: https://docs.remnux.org/discover-the-tools/investigate+system+interactions
website: https://github.com/sandflysecurity/sandfly-processdecloak
anchor: sandfly-processdecloak
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: scalpel
name: scalpel
aliases: []
description: Carve contents out of binary files, such as partitions.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: scalpel
salt_state_path: remnux/packages/scalpel.sls
remnux_docs:
covered: true
category: Gather and Analyze Data
description: Carve contents out of binary files, such as partitions.
docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data
website: https://github.com/sleuthkit/scalpel
anchor: scalpel
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: scdbgc
name: scdbgc
aliases:
- scdbg
description: Shellcode emulator — analyze shellcode behavior through API-level emulation
in_remnux: true
platform: both
sources:
for610:
covered: true
description: Shellcode emulator — analyze shellcode behavior through API-level
emulation
category: emulation
labs:
- '3.4'
- '3.5'
- '4.6'
sections:
- 3
- 4
typical_usage:
- scdbgc /f shellcode.bin /s -1
- scdbgc /f shellcode.bin /foff 0x3B /fopen qa.doc
- scdbgc /f shellcode.bin /s -1 /norw
tags:
- shellcode
- emulation
- api-calls
salt_states:
covered: true
install_method: apt
package_name: remnux-packages-scdbg
salt_state_path: remnux/packages/scdbg.sls
remnux_docs:
covered: true
category: Dynamically Reverse-Engineer Code > Shellcode
description: Analyze shellcode by emulating its execution.
docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/shellcode
website: http://sandsprite.com/blogs/index.php?uid=7&amp;pid=152
anchor: scdbg
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: scite
name: scite
aliases: []
description: Edit text files.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: scite
salt_state_path: remnux/packages/scite.sls
remnux_docs:
covered: true
category: View or Edit Files
description: Edit text files.
docs_url: https://docs.remnux.org/discover-the-tools/view+or+edit+files
website: https://www.scintilla.org/SciTE.html
anchor: scite
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: scylla
name: Scylla
aliases: []
description: Dump processes from memory and reconstruct import address tables (IAT)
in_remnux: false
platform: windows
sources:
for610:
covered: true
description: Dump processes from memory and reconstruct import address tables
(IAT)
category: unpacking
labs:
- '4.2'
- '4.3'
- '5.4'
- '5.8'
- '5.10'
sections:
- 4
- 5
typical_usage:
- Scylla x64 > Attach to process > Dump > IAT Autosearch > Fix Dump
tags:
- memory-dump
- iat-reconstruction
- unpacking
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: scyllahide
name: ScyllaHide
aliases: []
description: x64dbg/x32dbg plugin to hide debugger presence from anti-debugging
checks
in_remnux: false
platform: windows
sources:
for610:
covered: true
description: x64dbg/x32dbg plugin to hide debugger presence from anti-debugging
checks
category: anti-analysis
labs:
- '5.3'
- '5.6'
sections:
- 5
typical_usage:
- Plugins > ScyllaHide > Options > Enable all
tags:
- anti-debugging
- debugger-hiding
- x64dbg-plugin
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: securitytrails
name: SecurityTrails
aliases: []
description: Historical DNS records and IP/domain intelligence
in_remnux: false
platform: online
sources:
for610:
covered: true
description: Historical DNS records and IP/domain intelligence
category: online-platforms
labs: []
sections:
- 1
typical_usage:
- https://securitytrails.com
tags:
- dns-history
- domain-intel
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: setdllcharacteristics
name: setdllcharacteristics
aliases: []
description: Modify PE header flags — commonly used to disable ASLR (DynamicBase)
in_remnux: false
platform: windows
sources:
for610:
covered: true
description: Modify PE header flags — commonly used to disable ASLR (DynamicBase)
category: unpacking
labs:
- '4.2'
sections:
- 4
typical_usage:
- setdllcharacteristics -d specimen.exe
tags:
- pe-header
- aslr
- didier-stevens
author: Didier Stevens
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: sets-py
name: sets.py
aliases: []
description: Perform set operations on lines or bytes in text files.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: Examine Static Properties > Deobfuscation
description: Perform set operations on lines or bytes in text files.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
website: https://blog.didierstevens.com/2017/03/05/new-tool-sets-py/
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: sharutils
name: sharutils
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: sharutils
salt_state_path: remnux/packages/sharutils.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: shcode2exe
name: shcode2exe
aliases:
- shcode2exe.py
description: Convert raw shellcode to a Windows PE executable for analysis in disassemblers
in_remnux: true
platform: linux
sources:
for610:
covered: true
typical_usage:
- shcode2exe <shellcode.bin> <output.exe>
tags:
- shellcode
- conversion
- pe
description: Convert raw shellcode to a Windows PE executable for analysis in
disassemblers
salt_states:
covered: true
install_method: script
package_name: shcode2exe.py
salt_state_path: remnux/scripts/shcode2exe.sls
remnux_docs:
covered: true
category: Dynamically Reverse-Engineer Code > Shellcode
description: Convert 32 and 64-bit shellcode to a Windows executable file.
docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/shellcode
website: https://github.com/accidentalrebel/shcode2exe
anchor: shcode2exe
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: shellcode2exe-bat
name: shellcode2exe-bat
aliases:
- https://github.com/repnz/shellcode2exe.git
- shellcode2exe.bat
description: Convert 32 and 64-bit shellcode to a Windows executable file.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: manual
package_name: https://github.com/repnz/shellcode2exe.git
salt_state_path: remnux/tools/shellcode2exe-bat.sls
remnux_docs:
covered: true
category: Dynamically Reverse-Engineer Code > Shellcode
description: Convert 32 and 64-bit shellcode to a Windows executable file.
docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/shellcode
website: https://github.com/repnz/shellcode2exe
anchor: shellcode2exe.bat
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: shodan
name: Shodan
aliases: []
description: Search engine for internet-connected devices and exposed services
in_remnux: false
platform: online
sources:
for610:
covered: true
description: Search engine for internet-connected devices and exposed services
category: online-platforms
labs: []
sections:
- 1
typical_usage:
- https://shodan.io
tags:
- infrastructure
- reconnaissance
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: sift
name: sift
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: unknown
package_name: sift
salt_state_path: remnux/repos/sift.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: signsrch
name: signsrch
aliases: []
description: Find patterns of common encryption, compression, or encoding algorithms.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: signsrch
salt_state_path: remnux/packages/signsrch.sls
remnux_docs:
covered: true
category: Examine Static Properties > General
description: Find patterns of common encryption, compression, or encoding algorithms.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
website: http://aluigi.altervista.org/mytoolz.htm
anchor: signsrch
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: sleuth-kit
name: Sleuth Kit
aliases: []
description: Analyze disk images and recover files from them.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: Examine Static Properties > General
description: Analyze disk images and recover files from them.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
website: https://www.sleuthkit.org/sleuthkit
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: sleuthkit
name: sleuthkit
aliases:
- remnux-packages-sleuthkit
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: remnux-packages-sleuthkit
salt_state_path: remnux/packages/sleuthkit.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: snap
name: snap
aliases:
- remnux-package-snap
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: remnux-package-snap
salt_state_path: remnux/packages/snap.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: snapd
name: snapd
aliases:
- remnux-package-snapd
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: remnux-package-snapd
salt_state_path: remnux/packages/snapd.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: software-properties-common
name: software-properties-common
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: software-properties-common
salt_state_path: remnux/packages/software-properties-common.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: sortcanon-py
name: sortcanon.py
aliases: []
description: Sort text files using canonicalization functions built into this tool.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: General Utilities
description: Sort text files using canonicalization functions built into this
tool.
docs_url: https://docs.remnux.org/discover-the-tools/general+utilities
website: https://blog.didierstevens.com/2022/06/18/new-tool-sortcanon-py/
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: speakeasy
name: speakeasy
aliases: []
description: Windows binary emulator — emulates API calls to analyze malware behavior
without native execution
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Windows binary emulator — emulates API calls to analyze malware
behavior without native execution
category: emulation
labs:
- '1.4'
sections:
- 1
typical_usage:
- speakeasy -t specimen.exe -o report.json 2> report.txt
- speakeasy -t shellcode.bin -r -a x86
tags:
- emulation
- api-calls
- behavioral-analysis
salt_states:
covered: true
install_method: pip
package_name: remnux-python3-packages-speakeasy
salt_state_path: remnux/python3-packages/speakeasy.sls
remnux_docs:
covered: true
category: Statically Analyze Code > PE Files
description: Emulate code execution, including shellcode, Windows drivers, and
Windows PE files.
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/pe-files
website: https://github.com/mandiant/speakeasy
anchor: speakeasy
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: spidermonkey
name: SpiderMonkey
aliases:
- js
description: Mozilla JavaScript engine — execute and deobfuscate malicious JavaScript
outside a browser
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Mozilla JavaScript engine — execute and deobfuscate malicious JavaScript
outside a browser
category: javascript-analysis
labs:
- '3.6'
- '3.7'
- '4.5'
sections:
- 3
- 4
typical_usage:
- js -f malicious.js
- js -f /usr/share/remnux/objects.js -f malicious.js > decoded.js
tags:
- javascript
- deobfuscation
- execution
salt_states:
covered: true
install_method: pip
package_name: stpyv8
salt_state_path: remnux/python3-packages/stpyv8.sls
remnux_docs:
covered: true
category: Dynamically Reverse-Engineer Code > Scripts
description: Python3 and JavaScript interop engine, fork of the original PyV8
project.
docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/scripts
website: https://github.com/cloudflare/stpyv8
anchor: stpyv8
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: sqlite
name: SQLite
aliases: []
description: Manage and interact with SQL database files.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: General Utilities
description: Manage and interact with SQL database files.
docs_url: https://docs.remnux.org/discover-the-tools/general+utilities
website: http://www.sqlite.org
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: ssdeep
name: ssdeep
aliases: []
description: Compute fuzzy hashes (CTPH) for finding similar files — useful for
malware variant clustering
in_remnux: true
platform: linux
sources:
for610:
covered: true
typical_usage:
- ssdeep <sample>
- ssdeep -m <known.ssdeep> <sample>
- ssdeep -d <sample1> <sample2>
tags:
- hashing
- fuzzy
- similarity
- clustering
description: Compute fuzzy hashes (CTPH) for finding similar files — useful
for malware variant clustering
salt_states:
covered: true
install_method: apt
package_name: ssdeep
salt_state_path: remnux/packages/ssdeep.sls
remnux_docs:
covered: true
category: Examine Static Properties > General
description: Compute Context Triggered Piecewise Hashes (CTPH), also known as
fuzzy hashes.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
website: https://ssdeep-project.github.io/ssdeep/index.html
anchor: ssdeep
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: ssh
name: ssh
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: unknown
package_name: ssh
salt_state_path: remnux/theme/ssh.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: ssview
name: ssview
aliases: []
description: Analyze OLE2 Structured Storage files.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: manual
package_name: ssview
salt_state_path: remnux/tools/ssview.sls
remnux_docs:
covered: true
category: Analyze Documents > Microsoft Office
description: Analyze OLE2 Structured Storage files.
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office
website: https://www.mitec.cz/ssv.html
anchor: ssview
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: strace
name: strace
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: strace
salt_state_path: remnux/packages/strace.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: strdeob-pl
name: strdeob.pl
aliases: []
description: Automatically decode stack-built strings from disassembled malware
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Automatically decode stack-built strings from disassembled malware
category: string-deobfuscation
labs:
- '5.2'
sections:
- 5
typical_usage:
- strdeob.pl specimen.exe
tags:
- stack-strings
- deobfuscation
salt_states:
covered: true
install_method: script
package_name: strdeob.pl
salt_state_path: remnux/scripts/strdeob.sls
remnux_docs:
covered: true
category: Examine Static Properties > Deobfuscation
description: Locate and decode stack strings in executable files.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
website: https://github.com/REMnux/distro/blob/master/files/strdeob.pl
anchor: strdeob.pl
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: strings
name: strings
aliases: []
description: Extract printable ASCII and Unicode strings from binary files
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Extract printable ASCII and Unicode strings from binary files
category: static-analysis-pe
labs:
- '3.4'
- '5.2'
sections:
- 1
- 3
typical_usage:
- strings binary.exe
- strings -n 10 binary.exe
- strings --encoding=l binary.exe
tags:
- strings
- static-analysis
- triage
salt_states:
covered: false
remnux_docs:
covered: true
category: Examine Static Properties > General
description: Extract ASCII and Unicode strings from binary files with length
sorting and filtering.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
website: https://blog.didierstevens.com/2020/12/19/update-strings-py-version-0-0-6/
anchor: strings.py
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: false
help_tier: rich
- id: subversion
name: subversion
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: subversion
salt_state_path: remnux/packages/subversion.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: sudo
name: sudo
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: sudo
salt_state_path: remnux/packages/sudo.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: sudoers
name: sudoers
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: unknown
package_name: sudoers
salt_state_path: remnux/theme/sudoers.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: system-informer
name: System Informer
aliases:
- Process Hacker
description: Monitor processes, network connections, handles, and system resources
in real time
in_remnux: false
platform: windows
sources:
for610:
covered: true
description: Monitor processes, network connections, handles, and system resources
in real time
category: behavioral-analysis
labs:
- '1.2'
- '1.3'
- '1.6'
- '1.7'
- '1.8'
- '4.2'
- '4.5'
- '5.1'
sections:
- 1
- 4
- 5
typical_usage:
- SystemInformer.exe
tags:
- process-monitoring
- handles
- network
- real-time
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: tcpdump
name: tcpdump
aliases: []
description: Command-line packet capture tool
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Command-line packet capture tool
category: network-analysis
labs: []
sections:
- 1
typical_usage:
- tcpdump -i eth0 -w capture.pcap
- tcpdump -r capture.pcap
tags:
- packet-capture
- cli
- network
salt_states:
covered: true
install_method: apt
package_name: tcpdump
salt_state_path: remnux/packages/tcpdump.sls
remnux_docs:
covered: true
category: Explore Network Interactions > Monitoring
description: Capture and analyze network traffic with this command-line sniffer.
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring
website: https://www.tcpdump.org
anchor: tcpdump
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: tcpflow
name: tcpflow
aliases: []
description: Extract and reassemble TCP streams from PCAP files into individual
files
in_remnux: true
platform: linux
sources:
for610:
covered: true
typical_usage:
- tcpflow -r <capture.pcap> -o output/
tags:
- network
- tcp
- stream-extraction
description: Extract and reassemble TCP streams from PCAP files into individual
files
salt_states:
covered: true
install_method: apt
package_name: tcpflow
salt_state_path: remnux/packages/tcpflow.sls
remnux_docs:
covered: true
category: Explore Network Interactions > Monitoring
description: Analyze the flow of network traffic.
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring
website: https://downloads.digitalcorpora.org/downloads/tcpflow/
anchor: tcpflow
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: tcpick
name: tcpick
aliases: []
description: Capture and analyze network traffic with this command-line sniffer.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: tcpick
salt_state_path: remnux/packages/tcpick.sls
remnux_docs:
covered: true
category: Explore Network Interactions > Monitoring
description: Capture and analyze network traffic with this command-line sniffer.
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring
website: http://tcpick.sourceforge.net
anchor: tcpick
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: tcplogview
name: TcpLogView
aliases: []
description: Log opened and closed TCP connections with process information
in_remnux: false
platform: windows
sources:
for610:
covered: true
description: Log opened and closed TCP connections with process information
category: behavioral-analysis
labs: []
sections:
- 1
typical_usage:
- TcpLogView.exe
tags:
- network
- tcp
- connection-logging
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: tcpxtract
name: tcpxtract
aliases: []
description: Carve files from network traffic using file signatures
in_remnux: true
platform: linux
sources:
for610:
covered: true
typical_usage:
- tcpxtract -f <capture.pcap> -o output/
tags:
- network
- file-carving
- pcap
description: Carve files from network traffic using file signatures
salt_states:
covered: true
install_method: apt
package_name: tcpxtract
salt_state_path: remnux/packages/tcpxtract.sls
remnux_docs:
covered: true
category: Explore Network Interactions > Monitoring
description: Extract files from network traffic.
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring
website: http://tcpxtract.sourceforge.net
anchor: tcpxtract
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: tesseract-ocr
name: tesseract-ocr
aliases: []
description: Examine images to identify and extract text using optical character
recognition (OCR).
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: tesseract-ocr
salt_state_path: remnux/packages/tesseract-ocr.sls
remnux_docs:
covered: true
category: Analyze Documents > General
description: Examine images to identify and extract text using optical character
recognition (OCR).
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/general
website: https://github.com/tesseract-ocr/tesseract
anchor: tesseract-ocr
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: texteditor-py
name: texteditor.py
aliases: []
description: Edit text files from the command line using search-and-replace commands.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: General Utilities
description: Edit text files from the command line using search-and-replace
commands.
docs_url: https://docs.remnux.org/discover-the-tools/general+utilities
website: https://blog.didierstevens.com/2021/07/05/new-tool-texteditor-py/
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: thefuzz
name: thefuzz
aliases:
- remnux-python3-packages-thefuzz
description: Fuzzy String Matching in Python.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: pip
package_name: remnux-python3-packages-thefuzz
salt_state_path: remnux/python3-packages/thefuzz.sls
remnux_docs:
covered: true
category: Examine Static Properties > General
description: Fuzzy String Matching in Python.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
website: https://github.com/seatgeek/thefuzz
anchor: thefuzz
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: threatfox
name: ThreatFox
aliases: []
description: Threat intelligence platform for sharing IOCs associated with malware
in_remnux: false
platform: online
sources:
for610:
covered: true
description: Threat intelligence platform for sharing IOCs associated with malware
category: online-platforms
labs: []
sections:
- 1
typical_usage:
- https://threatfox.abuse.ch
tags:
- threat-intel
- ioc-sharing
- abuse-ch
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: thug
name: Thug
aliases: []
description: Low-interaction honeyclient for analyzing malicious websites and drive-by
downloads
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Low-interaction honeyclient for analyzing malicious websites and
drive-by downloads
category: network-analysis
labs: []
sections:
- 3
typical_usage:
- thug -u win7chrome49 http://suspicious-site.com
tags:
- honeyclient
- web-analysis
- drive-by
salt_states:
covered: true
install_method: unknown
package_name: thug
salt_state_path: remnux/config/thug.sls
remnux_docs:
covered: true
category: Explore Network Interactions > Connecting
description: Examine suspicious website using this low-interaction honeyclient.
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/connecting
website: https://github.com/buffer/thug
anchor: thug
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: time-decode
name: time-decode
aliases:
- remnux-python3-packages-time-decode
description: Decode and encode date and timestamps.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: pip
package_name: remnux-python3-packages-time-decode
salt_state_path: remnux/python3-packages/time-decode.sls
remnux_docs:
covered: true
category: Gather and Analyze Data
description: Decode and encode date and timestamps.
docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data
website: https://github.com/digitalsleuth/time_decode
anchor: time-decode
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: tor
name: tor
aliases: []
description: Obfuscate your origins by routing traffic through a network of anonymizing
nodes.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: tor
salt_state_path: remnux/packages/tor.sls
remnux_docs:
covered: true
category: Explore Network Interactions > Connecting
description: Obfuscate your origins by routing traffic through a network of
anonymizing nodes.
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/connecting
website: https://www.torproject.org
anchor: tor
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: torsocks
name: torsocks
aliases: []
description: Route network traffic through the Tor anonymity network
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Route network traffic through the Tor anonymity network
category: network-analysis
labs: []
sections:
- 1
typical_usage:
- torsocks curl http://example.onion
tags:
- tor
- anonymity
- network-routing
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: translate-py
name: translate.py
aliases: []
description: Transform data using Python expressions (XOR, ADD, etc.)
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Transform data using Python expressions (XOR, ADD, etc.)
category: document-analysis
labs:
- '3.4'
sections:
- 3
typical_usage:
- translate.py "byte ^ 35" < input.bin > output.bin
tags:
- xor
- transformation
- decoding
- didier-stevens
author: Didier Stevens
salt_states:
covered: false
remnux_docs:
covered: true
category: Examine Static Properties > Deobfuscation
description: Translate bytes according to a Python expression.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
website: https://blog.didierstevens.com/programs/translate/
anchor: translate.py
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: false
help_tier: rich
- id: trid
name: trid
aliases: []
description: Identify file type by scanning binary signatures database
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Identify file type by scanning binary signatures database
category: static-analysis-pe
labs:
- '3.3'
- '3.4'
sections:
- 3
typical_usage:
- trid document.doc
tags:
- file-identification
- triage
salt_states:
covered: true
install_method: manual
package_name: trid
salt_state_path: remnux/tools/trid.sls
remnux_docs:
covered: true
category: Examine Static Properties > General
description: Identify file type using signatures.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
website: https://mark0.net/soft-trid-e.html
anchor: trid
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: tshark
name: tshark
aliases: []
description: Command-line interface to Wireshark for packet capture and analysis
in_remnux: true
platform: both
sources:
for610:
covered: true
description: Command-line interface to Wireshark for packet capture and analysis
category: network-analysis
labs: []
sections:
- 1
typical_usage:
- tshark -r capture.pcap
- tshark -i eth0 -w capture.pcap
tags:
- packet-capture
- cli
- network
salt_states:
covered: true
install_method: apt
package_name: tshark
salt_state_path: remnux/packages/tshark.sls
remnux_docs:
covered: true
category: Explore Network Interactions > Monitoring
description: Capture and analyze network traffic with this console-based sniffer.
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring
website: https://www.wireshark.org
anchor: tshark
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: tzdata
name: tzdata
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: tzdata
salt_state_path: remnux/packages/tzdata.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: ubuntu
name: ubuntu
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: unknown
package_name: ubuntu
salt_state_path: remnux/repos/ubuntu.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: ubuntu-universe
name: ubuntu-universe
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: unknown
package_name: ubuntu-universe
salt_state_path: remnux/repos/ubuntu-universe.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: uncompyle6
name: uncompyle6
aliases:
- remnux-python3-packages-uncompyle6
description: Decompile Python bytecode (.pyc) back to source — supports Python 1.0
through 3.8
in_remnux: true
platform: linux
sources:
for610:
covered: true
typical_usage:
- uncompyle6 <file.pyc>
- uncompyle6 -o output/ <file.pyc>
tags:
- python
- decompilation
- bytecode
description: Decompile Python bytecode (.pyc) back to source — supports Python
1.0 through 3.8
salt_states:
covered: true
install_method: pip
package_name: remnux-python3-packages-uncompyle6
salt_state_path: remnux/python3-packages/uncompyle6.sls
remnux_docs:
covered: true
category: Statically Analyze Code > Python
description: Python cross-version bytecode decompiler for Python 1.
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/python
website: https://github.com/rocky/python-uncompyle6
anchor: uncompyle6
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: unfurl
name: Unfurl
aliases: []
description: Deconstruct and decode URLs — reveal tracking parameters, encoded data,
and redirect chains
in_remnux: true
platform: linux
sources:
for610:
covered: true
typical_usage:
- unfurl parse <url>
tags:
- url
- decoding
- phishing
- tracking
description: Deconstruct and decode URLs — reveal tracking parameters, encoded
data, and redirect chains
salt_states:
covered: false
remnux_docs:
covered: true
category: Explore Network Interactions > Connecting
description: Deconstruct and decode data from a URL.
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/connecting
website: https://github.com/obsidianforensics/unfurl
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: false
help_tier: rich
- id: unhide
name: unhide
aliases: []
description: Find hidden processes or connections on the local Linux system.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: unhide
salt_state_path: remnux/packages/unhide.sls
remnux_docs:
covered: true
category: Investigate System Interactions
description: Find hidden processes or connections on the local Linux system.
docs_url: https://docs.remnux.org/discover-the-tools/investigate+system+interactions
website: http://www.unhide-forensics.info
anchor: unhide
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: unicode
name: unicode
aliases: []
description: Display Unicode character properties.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: Examine Static Properties > Deobfuscation
description: Display Unicode character properties.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
website: https://github.com/garabik/unicode
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: unpacme
name: UnpacMe
aliases: []
description: Automated online malware unpacking service
in_remnux: false
platform: online
sources:
for610:
covered: true
description: Automated online malware unpacking service
category: online-platforms
labs: []
sections:
- 4
typical_usage:
- https://www.unpac.me
tags:
- unpacking
- automated
- online
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: unxor
name: unxor
aliases:
- unxor.py
description: Deobfuscate XOR&#x27;ed files.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: script
package_name: unxor.py
salt_state_path: remnux/scripts/unxor.sls
remnux_docs:
covered: true
category: Examine Static Properties > Deobfuscation
description: Deobfuscate XOR&#x27;ed files.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
website: https://github.com/tomchop/unxor/
anchor: unxor
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: unzip
name: unzip
aliases: []
description: Extract ZIP archives containing malware samples
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Extract ZIP archives containing malware samples
category: utilities
labs:
- '1.1'
- '3.1'
- '3.3'
- '3.4'
- '3.5'
- '3.6'
- '3.7'
- '4.1'
- '4.8'
- '5.2'
- '5.3'
- '5.4'
sections:
- 1
- 3
- 4
- 5
typical_usage:
- unzip -P infected sample.zip
tags:
- archive
- extraction
salt_states:
covered: true
install_method: apt
package_name: unzip
salt_state_path: remnux/packages/unzip.sls
remnux_docs:
covered: true
category: General Utilities
description: Compress and decompress files using the zip algorithm.
docs_url: https://docs.remnux.org/discover-the-tools/general+utilities
website: http://infozip.sourceforge.net
anchor: info-zip
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: upx
name: UPX
aliases:
- upx
description: Universal Packer for eXecutables — compress and decompress PE files
in_remnux: true
platform: both
sources:
for610:
covered: true
description: Universal Packer for eXecutables — compress and decompress PE files
category: unpacking
labs:
- '4.2'
sections:
- 4
typical_usage:
- upx -d packed.exe
- upx -d packed.exe -o unpacked.exe
tags:
- packer
- unpacker
- compression
salt_states:
covered: true
install_method: apt
package_name: upx-ucl
salt_state_path: remnux/packages/upx-ucl.sls
remnux_docs:
covered: true
category: Statically Analyze Code > Unpacking
description: Pack and unpack PE files.
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/unpacking
website: https://upx.github.io
anchor: upx
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: urlscan-io
name: urlscan.io
aliases: []
description: Website and URL investigation service — screenshots, DOM analysis,
network requests
in_remnux: false
platform: online
sources:
for610:
covered: true
description: Website and URL investigation service — screenshots, DOM analysis,
network requests
category: online-platforms
labs: []
sections:
- 1
typical_usage:
- https://urlscan.io
tags:
- url-analysis
- website-investigation
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: user
name: user
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: unknown
package_name: user
salt_state_path: remnux/config/user.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: vbindiff
name: vbindiff
aliases: []
description: Compare binary files.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: vbindiff
salt_state_path: remnux/packages/vbindiff.sls
remnux_docs:
covered: true
category: View or Edit Files
description: Compare binary files.
docs_url: https://docs.remnux.org/discover-the-tools/view+or+edit+files
website: https://www.cjmweb.net/vbindiff/
anchor: vbindiff
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: vim
name: vim
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: vim
salt_state_path: remnux/packages/vim.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: virtualbox
name: VirtualBox
aliases: []
description: Open-source hypervisor for running analysis virtual machines
in_remnux: false
platform: both
sources:
for610:
covered: true
description: Open-source hypervisor for running analysis virtual machines
category: virtualization
labs: []
sections:
- 1
typical_usage:
- VirtualBox
tags:
- hypervisor
- open-source
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: virustotal
name: VirusTotal
aliases:
- VT
description: Multi-engine antivirus scanning, behavioral analysis, and threat intelligence
in_remnux: false
platform: online
sources:
for610:
covered: true
description: Multi-engine antivirus scanning, behavioral analysis, and threat
intelligence
category: online-platforms
labs: []
sections:
- 1
typical_usage:
- https://virustotal.com
tags:
- scanning
- multi-engine
- threat-intel
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: virustotal-search
name: virustotal-search
aliases: []
description: Search VirusTotal for file hashes.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: Gather and Analyze Data
description: Search VirusTotal for file hashes.
docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data
website: https://blog.didierstevens.com/programs/virustotal-tools/
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: virustotal-submit
name: virustotal-submit
aliases: []
description: Submit files to VirusTotal.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: Gather and Analyze Data
description: Submit files to VirusTotal.
docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data
website: https://blog.didierstevens.com/programs/virustotal-tools/
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: visual-studio-code
name: Visual Studio Code
aliases:
- code
- VS Code
description: Code editor used for viewing decompiled output, scripts, and analysis
results
in_remnux: true
platform: both
sources:
for610:
covered: true
description: Code editor used for viewing decompiled output, scripts, and analysis
results
category: utilities
labs:
- '1.3'
- '1.4'
- '1.5'
- '3.3'
- '3.6'
- '3.7'
- '4.5'
- '4.8'
- '5.2'
- '5.3'
sections:
- 1
- 3
- 4
- 5
typical_usage:
- code filename.js
tags:
- editor
- code-viewer
salt_states:
covered: false
remnux_docs:
covered: true
category: View or Edit Files
description: Powerful source code editor.
docs_url: https://docs.remnux.org/discover-the-tools/view+or+edit+files
website: https://code.visualstudio.com/
anchor: visual-studio-code
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: false
help_tier: rich
- id: vivisect
name: Vivisect
aliases: []
description: Binary analysis and emulation framework — static analysis with emulation
capabilities
in_remnux: true
platform: linux
sources:
for610:
covered: true
typical_usage:
- vivbin <sample>
- python3 -c "import vivisect; vw = vivisect.VivWorkspace(); vw.loadFromFile('<sample>')"
tags:
- emulation
- static-analysis
- binary-analysis
description: Binary analysis and emulation framework — static analysis with
emulation capabilities
salt_states:
covered: false
remnux_docs:
covered: true
category: Statically Analyze Code > General
description: Statically examine and emulate binary files.
docs_url: https://docs.remnux.org/discover-the-tools/statically+analyze+code/general
website: https://github.com/vivisect/vivisect
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: false
help_tier: rich
- id: vmware-fusion
name: VMware Fusion
aliases: []
description: macOS hypervisor for running analysis virtual machines
in_remnux: false
platform: both
sources:
for610:
covered: true
description: macOS hypervisor for running analysis virtual machines
category: virtualization
labs: []
sections:
- 1
typical_usage:
- VMware Fusion.app
tags:
- hypervisor
- macos
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: vmware-workstation
name: VMware Workstation Pro
aliases:
- VMware
description: Desktop hypervisor for running isolated analysis VMs with snapshots
and host-only networking
in_remnux: false
platform: both
sources:
for610:
covered: true
description: Desktop hypervisor for running isolated analysis VMs with snapshots
and host-only networking
category: virtualization
labs: []
sections:
- 1
typical_usage:
- vmware
tags:
- hypervisor
- vm
- isolation
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: volatility3
name: volatility3
aliases: []
description: Memory forensics framework — analyze RAM dumps to find malware, hidden
processes, network connections, and injected code
in_remnux: true
platform: linux
sources:
for610:
covered: true
typical_usage:
- vol3 -f <memory_dump> windows.info
- vol3 -f <memory_dump> windows.pslist
- vol3 -f <memory_dump> windows.pstree
- vol3 -f <memory_dump> windows.netscan
- vol3 -f <memory_dump> windows.malfind
- vol3 -f <memory_dump> windows.dlllist --pid <PID>
- vol3 -f <memory_dump> windows.dumpfiles --pid <PID>
tags:
- memory
- forensics
- volatility
- incident-response
description: Memory forensics framework — analyze RAM dumps to find malware,
hidden processes, network connections, and injected code
salt_states:
covered: true
install_method: unknown
package_name: volatility3
salt_state_path: remnux/config/volatility3.sls
remnux_docs:
covered: true
category: Perform Memory Forensics
description: Memory forensics tool and framework.
docs_url: https://docs.remnux.org/discover-the-tools/perform+memory+forensics
website: https://github.com/volatilityfoundation/volatility3
anchor: volatility-framework
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: vscode
name: vscode
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: unknown
package_name: vscode
salt_state_path: remnux/config/vscode.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: wget
name: wget
aliases: []
description: Download files from HTTP/HTTPS/FTP servers
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Download files from HTTP/HTTPS/FTP servers
category: utilities
labs: []
sections:
- 1
typical_usage:
- wget http://example.com/file.bin
tags:
- download
- http
salt_states:
covered: true
install_method: apt
package_name: remnux-packages-wget
salt_state_path: remnux/packages/wget.sls
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: true
help_tier: rich
- id: windbg
name: WinDbg
aliases: []
description: Microsoft Windows debugger for kernel and user-mode debugging
in_remnux: false
platform: windows
sources:
for610:
covered: true
description: Microsoft Windows debugger for kernel and user-mode debugging
category: debugging
labs: []
sections:
- 2
typical_usage:
- windbg.exe specimen.exe
tags:
- debugger
- kernel
- microsoft
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: wine
name: Wine
aliases: []
description: Windows compatibility layer — run Windows executables on Linux
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Windows compatibility layer — run Windows executables on Linux
category: utilities
labs:
- '3.5'
sections:
- 3
typical_usage:
- wine program.exe
tags:
- windows-compat
- execution
salt_states:
covered: true
install_method: apt
package_name: remnux-packages-wine
salt_state_path: remnux/packages/wine.sls
remnux_docs:
covered: true
category: Dynamically Reverse-Engineer Code > General
description: Run Windows applications.
docs_url: https://docs.remnux.org/discover-the-tools/dynamically+reverse-engineer+code/general
website: https://www.winehq.org
anchor: wine
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: winscp
name: WinSCP
aliases: []
description: Windows SCP/SFTP client for transferring files between Windows and
Linux VMs
in_remnux: false
platform: windows
sources:
for610:
covered: true
description: Windows SCP/SFTP client for transferring files between Windows
and Linux VMs
category: utilities
labs:
- '4.5'
sections:
- 4
typical_usage:
- WinSCP.exe
tags:
- file-transfer
- scp
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: wireshark
name: Wireshark
aliases: []
description: GUI network protocol analyzer for capturing and inspecting packet-level
traffic
in_remnux: true
platform: both
sources:
for610:
covered: true
description: GUI network protocol analyzer for capturing and inspecting packet-level
traffic
category: network-analysis
labs:
- '1.2'
- '1.3'
- '1.6'
- '1.7'
- '1.8'
- '5.1'
sections:
- 1
- 5
typical_usage:
- wireshark
- wireshark -r capture.pcap
tags:
- packet-capture
- protocol-analysis
- network
salt_states:
covered: true
install_method: apt
package_name: wireshark
salt_state_path: remnux/packages/wireshark.sls
remnux_docs:
covered: true
category: Explore Network Interactions > Monitoring
description: Capture and analyze network traffic with this sniffer.
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring
website: https://www.wireshark.org
anchor: wireshark
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: wireshark-dev
name: wireshark-dev
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: unknown
package_name: wireshark-dev
salt_state_path: remnux/repos/wireshark-dev.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: wxhexeditor
name: wxhexeditor
aliases: []
description: Hex editor.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: wxhexeditor
salt_state_path: remnux/packages/wxhexeditor.sls
remnux_docs:
covered: true
category: Examine Static Properties > General
description: Hex editor.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
website: https://sourceforge.net/projects/wxhexeditor/
anchor: wxhexeditor
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: x32dbg
name: x32dbg
aliases: []
description: Open-source 32-bit debugger for dynamic malware analysis — breakpoints,
memory inspection, patching
in_remnux: false
platform: windows
sources:
for610:
covered: true
description: Open-source 32-bit debugger for dynamic malware analysis — breakpoints,
memory inspection, patching
category: debugging
labs:
- '3.5'
- '3.10'
- '4.6'
- '4.7'
- '5.3'
- '5.4'
- '5.5'
- '5.6'
- '5.7'
- '5.8'
- '5.9'
- '5.10'
sections:
- 3
- 4
- 5
typical_usage:
- x32dbg.exe specimen.exe
tags:
- debugger
- 32-bit
- dynamic-analysis
- breakpoints
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: x64dbg
name: x64dbg
aliases: []
description: Open-source 64-bit debugger for dynamic malware analysis — breakpoints,
memory inspection, patching
in_remnux: false
platform: windows
sources:
for610:
covered: true
description: Open-source 64-bit debugger for dynamic malware analysis — breakpoints,
memory inspection, patching
category: debugging
labs:
- '1.5'
- '4.3'
- '4.4'
- '5.1'
sections:
- 1
- 4
- 5
typical_usage:
- x64dbg.exe specimen.exe
tags:
- debugger
- 64-bit
- dynamic-analysis
- breakpoints
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: xanalyzer
name: xAnalyzer
aliases: []
description: x32dbg plugin providing extended analysis — API parameter names and
types in disassembly
in_remnux: false
platform: windows
sources:
for610:
covered: true
description: x32dbg plugin providing extended analysis — API parameter names
and types in disassembly
category: anti-analysis
labs:
- '5.10'
sections:
- 5
typical_usage:
- Plugins > xAnalyzer
tags:
- x32dbg-plugin
- analysis-enhancement
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: xdg-utils
name: xdg-utils
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: xdg-utils
salt_state_path: remnux/packages/xdg-utils.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: xlmmacrodeobfuscator
name: XLMMacroDeobfuscator
aliases: []
description: Deobfuscate Excel 4.0 (XLM) macros — these hide in hidden sheets and
are hard to detect
in_remnux: true
platform: linux
sources:
for610:
covered: true
typical_usage:
- xlmdeobfuscator --file <spreadsheet.xlsm>
- xlmdeobfuscator --file <spreadsheet.xlsm> --no-indent
tags:
- office
- excel
- xlm
- macro
- deobfuscation
description: Deobfuscate Excel 4.0 (XLM) macros — these hide in hidden sheets
and are hard to detect
salt_states:
covered: false
remnux_docs:
covered: true
category: Analyze Documents > Microsoft Office
description: Deobfuscate XLM macros (also known as Excel 4.
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office
website: https://github.com/DissectMalware/XLMMacroDeobfuscator
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: false
help_tier: rich
- id: xmldump-py
name: xmldump.py
aliases: []
description: Extract contents of XML files, in particular OOXML-formatted Microsoft
Office documents.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: Analyze Documents > Microsoft Office
description: Extract contents of XML files, in particular OOXML-formatted Microsoft
Office documents.
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office
website: https://blog.didierstevens.com/2017/12/18/new-tool-xmldump-py/
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: xmlstarlet
name: xmlstarlet
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: xmlstarlet
salt_state_path: remnux/packages/xmlstarlet.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: xor-kpa-py
name: xor-kpa.py
aliases: []
description: Implement a XOR known plaintext attack.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: Examine Static Properties > Deobfuscation
description: Implement a XOR known plaintext attack.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
website: https://blog.didierstevens.com/2017/06/06/update-xor-kpa-py-version-0-0-5/
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: xorbruteforcer
name: xorbruteforcer
aliases:
- xorbruteforcer.py
description: Bruteforce an XOR-encoded file.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: script
package_name: xorbruteforcer.py
salt_state_path: remnux/scripts/xorbruteforcer.sls
remnux_docs:
covered: true
category: Examine Static Properties > Deobfuscation
description: Bruteforce an XOR-encoded file.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
website: https://eternal-todo.com/category/bruteforcer
anchor: xorbruteforcer.py
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: xorsearch
name: XORSearch
aliases: []
description: Search for XOR/ROL/ROT/SHIFT-encoded patterns including shellcode signatures
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Search for XOR/ROL/ROT/SHIFT-encoded patterns including shellcode
signatures
category: string-deobfuscation
labs:
- '3.5'
- '5.2'
sections:
- 3
- 5
typical_usage:
- XORSearch -W -d 3 file.bin
- 'XORSearch -i -s specimen.exe http:'
tags:
- xor
- shellcode-detection
- pattern-search
- didier-stevens
author: Didier Stevens
salt_states:
covered: true
install_method: apt
package_name: xorsearch
salt_state_path: remnux/packages/xorsearch.sls
remnux_docs:
covered: true
category: Examine Static Properties > Deobfuscation
description: Search for XOR, ROL, ROT, and SHIFT encoded strings with YARA and
regex support.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
website: https://blog.didierstevens.com/2020/08/23/new-tool-xorsearch-py/
anchor: xorsearch.py
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: xorstrings
name: xorstrings
aliases: []
description: Search for XOR encoded strings in a file.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: xorstrings
salt_state_path: remnux/packages/xorstrings.sls
remnux_docs:
covered: true
category: Examine Static Properties > Deobfuscation
description: Search for XOR encoded strings in a file.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
website: https://blog.didierstevens.com/2013/04/15/new-tool-xorstrings/
anchor: xorstrings
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: xortool
name: xortool
aliases:
- remnux-python3-packages-xortool
description: Analyze XOR-encoded data — guess key length and probable key bytes
in_remnux: true
platform: linux
sources:
for610:
covered: true
typical_usage:
- xortool <encoded_file>
- xortool-xor -s 'key' -i <input> -o <output>
tags:
- xor
- deobfuscation
- key-recovery
description: Analyze XOR-encoded data — guess key length and probable key bytes
salt_states:
covered: true
install_method: pip
package_name: remnux-python3-packages-xortool
salt_state_path: remnux/python3-packages/xortool.sls
remnux_docs:
covered: true
category: Examine Static Properties > Deobfuscation
description: Analyze XOR-encoded data.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
website: https://github.com/hellman/xortool
anchor: xortool
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: xterm
name: xterm
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: xterm
salt_state_path: remnux/packages/xterm.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: xxd
name: xxd
aliases: []
description: Create hex dump of a file or reverse a hex dump back to binary
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Create hex dump of a file or reverse a hex dump back to binary
category: utilities
labs: []
sections:
- 1
typical_usage:
- xxd binary.exe
- xxd -r hexdump.txt > binary.exe
tags:
- hex
- binary-conversion
salt_states:
covered: false
remnux_docs:
covered: false
has_for610_coverage: true
has_remnux_docs: false
has_salt_state: false
help_tier: rich
- id: yara
name: yara
aliases:
- yara-rules
description: Pattern matching tool for identifying and classifying malware using
custom rules
in_remnux: true
platform: both
sources:
for610:
covered: true
description: Pattern matching tool for identifying and classifying malware using
custom rules
category: yara-detection
labs:
- '3.4'
sections:
- 3
typical_usage:
- yara-rules specimen.bin
- yara rule.yar specimen.exe
tags:
- pattern-matching
- classification
- rules
salt_states:
covered: true
install_method: manual
package_name: https://github.com/Yara-Rules/rules.git
salt_state_path: remnux/tools/yara-rules.sls
remnux_docs:
covered: true
category: Examine Static Properties > General
description: Scan a file with YARA rules to identify capabilities and behaviors
(packer detection, anti-debug, networking).
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
website: https://github.com/Yara-Rules/rules
anchor: yara-rules
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: true
help_tier: rich
- id: yara-forge-rules
name: YARA-Forge Rules
aliases: []
description: Scan files with curated YARA rules from 45+ sources for malware family
identification.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: Examine Static Properties > General
description: Scan files with curated YARA rules from 45+ sources for malware
family identification.
docs_url: https://docs.remnux.org/discover-the-tools/examine+static+properties/general
website: https://yarahq.github.io/
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: yara-x
name: yara-x
aliases:
- remnux-python3-packages-yara-x
description: Scan files using YARA rules, the next generation of YARA written in
Rust.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: pip
package_name: remnux-python3-packages-yara-x
salt_state_path: remnux/python3-packages/yara-x.sls
remnux_docs:
covered: true
category: Gather and Analyze Data
description: Scan files using YARA rules, the next generation of YARA written
in Rust.
docs_url: https://docs.remnux.org/discover-the-tools/gather+and+analyze+data
website: https://github.com/VirusTotal/yara-x
anchor: yara-x
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: true
help_tier: standard
- id: zbar-tools
name: zbar-tools
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: zbar-tools
salt_state_path: remnux/packages/zbar-tools.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
- id: zbarimg
name: zbarimg
aliases: []
description: Decode QR codes and barcodes from image files.
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: false
remnux_docs:
covered: true
category: Explore Network Interactions > Connecting
description: Decode QR codes and barcodes from image files.
docs_url: https://docs.remnux.org/discover-the-tools/explore+network+interactions/connecting
website: https://github.com/mchehab/zbar
has_for610_coverage: false
has_remnux_docs: true
has_salt_state: false
help_tier: standard
- id: zipdump-py
name: zipdump.py
aliases:
- zipdump
description: Parse and analyze ZIP archive structure
in_remnux: true
platform: linux
sources:
for610:
covered: true
description: Parse and analyze ZIP archive structure
category: document-analysis
labs: []
sections:
- 3
typical_usage:
- zipdump.py archive.zip
tags:
- zip
- archive
- didier-stevens
author: Didier Stevens
salt_states:
covered: false
remnux_docs:
covered: true
category: Analyze Documents > Microsoft Office
description: Analyze zip-compressed files.
docs_url: https://docs.remnux.org/discover-the-tools/analyze+documents/microsoft+office
website: https://blog.didierstevens.com/2020/07/27/update-zipdump-py-version-0-0-20/
anchor: zipdump.py
has_for610_coverage: true
has_remnux_docs: true
has_salt_state: false
help_tier: rich
- id: zlib1g-dev
name: zlib1g-dev
aliases: []
description: ''
in_remnux: true
platform: linux
sources:
for610:
covered: false
salt_states:
covered: true
install_method: apt
package_name: zlib1g-dev
salt_state_path: remnux/packages/zlib1g-dev.sls
remnux_docs:
covered: false
has_for610_coverage: false
has_remnux_docs: false
has_salt_state: true
help_tier: basic
Reference in New Issue View Git Blame Copy Permalink