irt/docker_file_analysis
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
e62a14dafcfc5b5d8fea1babc97fea756f17f76e
docker_file_analysis/data/generated/coverage-report.md
T
tobias f3ccc09c3d Add FOR610 tool/workflow knowledge base and data pipeline 
Build comprehensive malware analysis knowledge base from 3 sources:
- SANS FOR610 course: 120 tools, 47 labs, 15 workflows, 27 recipes
- REMnux salt-states: 340 packages parsed from GitHub
- REMnux docs: 280+ tools scraped from docs.remnux.org

Master inventory merges all sources into 447 tools with help tiers
(rich/standard/basic). Pipeline generates: tools.db (397 entries),
397 cheatsheets with multi-tool recipes, 15 workflow guides, 224
TLDR pages, and coverage reports.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-28 17:38:15 +01:00

13 KiB
Raw Blame History

Tool Coverage Report

Summary

Metric Count
Total tools in master inventory 447
Tools in REMnux container 397
Rich help (FOR610 coverage) 156
Standard help (REMnux docs) 118
Basic help (salt-states only) 173
Stub (no documentation) 0

Source Overlap

Combination Count
for610 only 58
remnux docs only 51
salt states only 173
all three 65
for610 and docs 92
for610 and salt 71
docs and salt 132
no coverage 0

Priority: REMnux Tools Needing Help

These 173 tools are installed in the container but have minimal or no documentation:

  • 7zip [basic]
  • aeskeyfind [basic]
  • android-project-creator [basic]
  • apt-utils [basic]
  • archive-zip [basic]
  • autoconf [basic]
  • autologin [basic]
  • automake [basic]
  • bash-history [basic]
  • bash-rc [basic]
  • bearparser [basic]
  • binee [basic]
  • binutils [basic]
  • build-essential [basic]
  • bundler [basic]
  • burpsuite-community [basic]
  • cffi [basic]
  • clamav-daemon [basic]
  • compatibility [basic]
  • default-jdk [basic]
  • default-jre [basic]
  • dialog [basic]
  • didier-stevens-scripts [basic]
  • display [basic]
  • distro-info [basic]
  • dllcharacteristics [basic]
  • dog [basic]
  • dot-cache [basic]
  • dot-config [basic]
  • dot-cpan [basic]
  • dot-dbus [basic]
  • dot-local [basic]
  • dotnet-runtime-3-1 [basic]
  • edb-debugger [basic]
  • enchant [basic]
  • epic5 [basic]
  • exfat-utils [basic]
  • flare-floss [basic]
  • flex [basic]
  • galculator [basic]
  • gdb [basic]
  • gdm3 [basic]
  • gift [basic]
  • git [basic]
  • gnome-session [basic]
  • gnome-shell-extensions [basic]
  • gnome-terminal [basic]
  • gnome-tweaks [basic]
  • gnutls-bin [basic]
  • graphviz [basic]
  • grub-kvm [basic]
  • guest-tools [basic]
  • i386-architecture [basic]
  • iproute2 [basic]
  • iputils-ping [basic]
  • ipython3 [basic]
  • lame [basic]
  • libboost-dev [basic]
  • libboost-python-dev [basic]
  • libboost-system-dev [basic]
  • libdpkg-perl [basic]
  • libemail-outlook-message-perl [basic]
  • libffi-dev [basic]
  • libfuse2 [basic]
  • libfuzzy-dev [basic]
  • libfuzzy2 [basic]
  • libglib2 [basic]
  • libglu1-mesa-dev [basic]
  • libgraphviz-dev [basic]
  • libgtk-3-0 [basic]
  • libjavassist-java [basic]
  • libjpeg-dev [basic]
  • libjpeg8-dev [basic]
  • liblzma-dev [basic]
  • liblzo2-dev [basic]
  • libmagic-dev [basic]
  • libmysqlclient21 [basic]
  • libncurses [basic]
  • libnetfilter-queue-dev [basic]
  • libnfnetlink-dev [basic]
  • libpq5 [basic]
  • libqt5scripttools5 [basic]
  • libre2 [basic]
  • libsm6 [basic]
  • libsqlite3-dev [basic]
  • libssl-dev [basic]
  • libtool [basic]
  • libtre5 [basic]
  • libusb-1 [basic]
  • libxml2-dev [basic]
  • libxslt1-dev [basic]
  • linux-headers [basic]
  • ltrace [basic]
  • malcat [basic]
  • manalyze [basic]
  • mercurial [basic]
  • microsoft [basic]
  • microsoft-vscode [basic]
  • mono [basic]
  • mono-devel [basic]
  • mono-utils [basic]
  • mynic [basic]
  • nano [basic]
  • ndg-httpsclient [basic]
  • net-tools [basic]
  • nodejs [basic]
  • openjdk [basic]
  • openssl [basic]
  • osarch [basic]
  • pe-tree [basic]
  • pedump [basic]
  • perl [basic]
  • pev [basic]
  • pgadmin [basic]
  • pip [basic]
  • pkg-config [basic]
  • portex [basic]
  • prefer-ipv4 [basic]
  • procyon-decompiler [basic]
  • protobuf [basic]
  • pycdc [basic]
  • pyelftools [basic]
  • python-debian [basic]
  • python3 [basic]
  • python3-cryptography [basic]
  • python3-dev [basic]
  • python3-dnspython [basic]
  • python3-magic [basic]
  • python3-netifaces [basic]
  • python3-numpy [basic]
  • python3-pil [basic]
  • python3-pip [basic]
  • python3-pyasn1 [basic]
  • python3-pyqt5 [basic]
  • python3-requests [basic]
  • python3-setuptools [basic]
  • python3-ssdeep [basic]
  • python3-tk [basic]
  • python3-venv [basic]
  • python3-virtualenv [basic]
  • python3-wheel [basic]
  • qtbase5-dev [basic]
  • refresh [basic]
  • remnux [basic]
  • remove-app-icons [basic]
  • rhino [basic]
  • rsakeyfind [basic]
  • ruby [basic]
  • ruby-dev [basic]
  • salt-minion [basic]
  • sharutils [basic]
  • sift [basic]
  • sleuthkit [basic]
  • snap [basic]
  • snapd [basic]
  • software-properties-common [basic]
  • ssh [basic]
  • strace [basic]
  • subversion [basic]
  • sudo [basic]
  • sudoers [basic]
  • tzdata [basic]
  • ubuntu [basic]
  • ubuntu-universe [basic]
  • user [basic]
  • vim [basic]
  • vscode [basic]
  • wireshark-dev [basic]
  • xdg-utils [basic]
  • xmlstarlet [basic]
  • xterm [basic]
  • zbar-tools [basic]
  • zlib1g-dev [basic]

Rich Help Tools (106 tools with FOR610 coverage)

  • 1768.py (Labs: 3.4)
  • Bytehist
  • ClamAV
  • Cutter
  • CyberChef (Labs: 1.5, 3.8, 3.12)
  • FLOSS (Labs: 5.2, 5.3)
  • Frida
  • Ghidra (Labs: 2.1, 2.2, 2.3, 2.4, 2.5, 2.6, 2.7, 2.8, 4.9, 5.2, 5.4, 5.5, 5.6, 5.7, 5.9)
  • ILSpy (Labs: 3.12, 4.8)
  • INetSim (Labs: 1.7)
  • Malchive
  • ProcDOT (Labs: 1.2, 4.5)
  • SpiderMonkey (Labs: 3.6, 3.7, 4.5)
  • Thug
  • UPX (Labs: 4.2)
  • Unfurl
  • Visual Studio Code (Labs: 1.3, 1.4, 1.5, 3.3, 3.6, 3.7, 4.5, 4.8, 5.2, 5.3)
  • Vivisect
  • Wine (Labs: 3.5)
  • Wireshark (Labs: 1.2, 1.3, 1.6, 1.7, 1.8, 5.1)
  • XLMMacroDeobfuscator
  • XORSearch (Labs: 3.5, 5.2)
  • androguard
  • apktool
  • base64dump.py (Labs: 3.4, 4.5)
  • bbcrack (Labs: 5.2)
  • binwalk
  • box-js
  • brxor.py (Labs: 5.2)
  • capa (Labs: 1.4, 5.4)
  • cfr
  • cs-analyze-processdump.py
  • cs-decrypt-metadata.py
  • cs-extract-key.py
  • cs-parse-traffic.py
  • curl
  • dc3-mwcp
  • de4dot (Labs: 4.8)
  • diec (Labs: 4.1)
  • emldump.py
  • evilclippy
  • exiftool
  • fakedns (Labs: 1.3, 1.6, 1.7, 1.8)
  • fakenet-ng
  • feh (Labs: 3.1)
  • file (Labs: 3.4, 3.5)
  • gunzip (Labs: 3.4)
  • hexdump
  • httpd (Labs: 1.3, 1.6, 1.8)
  • ilspycmd (Labs: 4.8)
  • ioc-parser
  • iptables (Labs: 1.8)
  • jadx
  • jd-gui
  • jq (Labs: 1.4)
  • js-beautify (Labs: 3.6, 4.5)
  • mail-parser
  • malwoverview
  • mitmproxy
  • msg-extractor
  • msoffcrypto-tool
  • nc
  • networkminer
  • ngrep
  • nslookup (Labs: 1.3)
  • numbers-to-string.py (Labs: 3.3)
  • oledump.py (Labs: 3.3, 3.4, 4.5)
  • olevba
  • pcode2code
  • pdf-parser.py (Labs: 3.1)
  • pdfid.py (Labs: 3.1)
  • pdfresurrect
  • pdftk
  • pdftool.py
  • peepdf
  • peframe (Labs: 1.1, 4.8)
  • pestr (Labs: 1.1, 4.8)
  • polarproxy
  • pyinstxtractor-ng
  • qiling
  • qpdf
  • radare2
  • rar (Labs: 3.5)
  • rtfdump.py (Labs: 3.5)
  • runsc32 (Labs: 3.5, 4.6)
  • scdbgc (Labs: 3.4, 3.5, 4.6)
  • shcode2exe
  • speakeasy (Labs: 1.4)
  • ssdeep
  • strdeob.pl (Labs: 5.2)
  • strings (Labs: 3.4, 5.2)
  • tcpdump
  • tcpflow
  • tcpxtract
  • torsocks
  • translate.py (Labs: 3.4)
  • trid (Labs: 3.3, 3.4)
  • tshark
  • uncompyle6
  • unzip (Labs: 1.1, 3.1, 3.3, 3.4, 3.5, 3.6, 3.7, 4.1, 4.8, 5.2, 5.3, 5.4)
  • volatility3
  • wget
  • xortool
  • xxd
  • yara (Labs: 3.4)
  • zipdump.py

Standard Help Tools (118 tools with REMnux docs only)

  • 7-Zip — Examine Static Properties > General
  • AESKeyFinder — Perform Memory Forensics
  • AndroidProjectCreator — Statically Analyze Code > Android
  • Burp Suite Community Edition — Explore Network Interactions > Monitoring
  • Cobalt Strike Configuration Extractor (CSCE) and Parser — Examine Static Properties > Deobfuscation
  • Decompyle++ — Statically Analyze Code > Python
  • EPIC IRC Client — Explore Network Interactions > Connecting
  • GNOME Calculator — General Utilities
  • GNU Wget — Explore Network Interactions > Connecting
  • GhidrAssistMCP — Use Artificial Intelligence
  • Hachoir — Examine Static Properties > General
  • Hash ID — Examine Static Properties > General
  • JD-GUI Java Decompiler — Statically Analyze Code > Java
  • Javassist — Statically Analyze Code > Java
  • Malcat Lite — Examine Static Properties > General
  • Network Miner Free Edition — Explore Network Interactions > Monitoring
  • Procyon — Statically Analyze Code > Java
  • REMnux Installer — General Utilities
  • RSAKeyFinder — Perform Memory Forensics
  • SQLite — General Utilities
  • Sleuth Kit — Examine Static Properties > General
  • YARA-Forge Rules — Examine Static Properties > General
  • anomy — Explore Network Interactions > Connecting
  • apkid — Statically Analyze Code > Android
  • autoit-ripper — Statically Analyze Code > Scripts
  • baksmali — Statically Analyze Code > Android
  • balbuzard — Examine Static Properties > Deobfuscation
  • binee (Binary Emulation Environment) — Statically Analyze Code > PE Files
  • bulk-extractor — Examine Static Properties > General
  • cabextract — General Utilities
  • cast — General Utilities
  • chepy — Examine Static Properties > Deobfuscation
  • cut-bytes.py — Examine Static Properties > Deobfuscation
  • decode-vbe.py — Statically Analyze Code > Scripts
  • dex2jar — Statically Analyze Code > Android
  • dexray — Gather and Analyze Data
  • disitool — Examine Static Properties > General
  • dissect — Gather and Analyze Data
  • dnfile — Examine Static Properties > .NET
  • dnslib — Gather and Analyze Data
  • dnsresolver.py — Explore Network Interactions > Services
  • docker — General Utilities
  • dos2unix — View or Edit Files
  • dotnetfile — Examine Static Properties > .NET
  • droidlysis — Examine Static Properties > General
  • evince — View or Edit Files
  • ex-pe-xor — Examine Static Properties > Deobfuscation
  • fakemail — Explore Network Interactions > Services
  • file-magic.py — Examine Static Properties > General
  • firefox — General Utilities
  • format-bytes.py — Examine Static Properties > Deobfuscation
  • goresym — Examine Static Properties > Go
  • hex-to-bin.py — Examine Static Properties > Deobfuscation
  • ibus — General Utilities
  • imagemagick — View or Edit Files
  • inspircd — Explore Network Interactions > Services
  • ipwhois — Gather and Analyze Data
  • java-idx-parser — Statically Analyze Code > Java
  • jstillery — Dynamically Reverse-Engineer Code > Scripts
  • libemu — Dynamically Reverse-Engineer Code > Shellcode
  • libolecf — Analyze Documents > Microsoft Office
  • lief — Examine Static Properties > General
  • magika — Examine Static Properties > General
  • mbcscan — Statically Analyze Code > PE Files
  • monodis — Examine Static Properties > .NET
  • msgconvert — Analyze Documents > Email Messages
  • msitools — Examine Static Properties > General
  • msoffcrypto-crack.py — Analyze Documents > Microsoft Office
  • msoffice-crypt — Analyze Documents > Microsoft Office
  • myip — General Utilities
  • myjson-filter.py — General Utilities
  • name-that-hash — Examine Static Properties > General
  • nasm — General Utilities
  • nautilus — General Utilities
  • nginx — Explore Network Interactions > Services
  • nomorexor — Examine Static Properties > Deobfuscation
  • nsrllookup — Gather and Analyze Data
  • objdump — Statically Analyze Code > General
  • objects.js — Dynamically Reverse-Engineer Code > Scripts
  • olefile — Analyze Documents > Microsoft Office
  • onedump.py — Analyze Documents > Microsoft Office
  • opencode — Use Artificial Intelligence
  • openssh — General Utilities
  • origamindee — Analyze Documents > PDF
  • pcodedmp — Analyze Documents > Microsoft Office
  • pdnstool — Gather and Analyze Data
  • powershell — Dynamically Reverse-Engineer Code > Scripts
  • pyinstaller-extractor — Statically Analyze Code > Python
  • re-search.py — Examine Static Properties > General
  • redress — Examine Static Properties > Go
  • remnux-mcp-server — Use Artificial Intelligence
  • sandfly-processdecloak — Investigate System Interactions
  • scalpel — Gather and Analyze Data
  • scite — View or Edit Files
  • sets.py — Examine Static Properties > Deobfuscation
  • shellcode2exe-bat — Dynamically Reverse-Engineer Code > Shellcode
  • signsrch — Examine Static Properties > General
  • sortcanon.py — General Utilities
  • ssview — Analyze Documents > Microsoft Office
  • tcpick — Explore Network Interactions > Monitoring
  • tesseract-ocr — Analyze Documents > General
  • texteditor.py — General Utilities
  • thefuzz — Examine Static Properties > General
  • time-decode — Gather and Analyze Data
  • tor — Explore Network Interactions > Connecting
  • unhide — Investigate System Interactions
  • unicode — Examine Static Properties > Deobfuscation
  • unxor — Examine Static Properties > Deobfuscation
  • vbindiff — View or Edit Files
  • virustotal-search — Gather and Analyze Data
  • virustotal-submit — Gather and Analyze Data
  • wxhexeditor — Examine Static Properties > General
  • xmldump.py — Analyze Documents > Microsoft Office
  • xor-kpa.py — Examine Static Properties > Deobfuscation
  • xorbruteforcer — Examine Static Properties > Deobfuscation
  • xorstrings — Examine Static Properties > Deobfuscation
  • yara-x — Gather and Analyze Data
  • zbarimg — Explore Network Interactions > Connecting
Reference in New Issue View Git Blame Copy Permalink