You are on page 1of 20

Category Tool Name

Edit and View Files: Binary VBinDiff


Edit and View Files: Binary wxHexEditor
Edit and View Files: Documents Xpdf
Edit and View FIles: Images feh
Edit and View Files: Images ImageMagick
Edit and View Files: Text Geany

Edit and View Files: Text SciTE


Examine Browser Malware: Flash extract_swf
Examine Browser Malware: Flash flare
Examine Browser Malware: Flash RABCDAsm
Examine Browser Malware: Flash SWF Tools
Examine Browser Malware: Flash xxxswf
Examine Browser Malware: Java CFR
Examine Browser Malware: Java Jad
Examine Browser Malware: Java Java Cache IDX
Parser
Examine Browser Malware: Java Java Decompiler
Examine Browser Malware: JavaScript ExtractScripts
Examine Browser Malware: JavaScript JS Beautifier
Examine Browser Malware: JavaScript JSDetox
Examine Browser Malware: JavaScript objects.js

Examine Browser Malware: JavaScript Rhino Debugger


Examine Browser Malware: JavaScript SpiderMonkey

Examine Browser Malware: JavaScript V8

Examine Browser Malware: Websites Automater


Examine Browser Malware: Websites Burp Proxy Free
Edition
Examine Browser Malware: Websites CapTipper
Examine Browser Malware: Websites YaraPcap

Examine Browser Malware: Websites curl


Examine Browser Malware: Websites Firefox
Examine Browser Malware: Websites mitmproxy
Examine Browser Malware: Websites Network Miner Free
Edition
Examine Browser Malware: Websites pdns
Examine Browser Malware: Websites pdnstool
Examine Browser Malware: Websites tcpflow
Examine Browser Malware: Websites tcpxtract
Examine Browser Malware: Websites Thug
Examine Browser Malware: Websites Tor

Examine Browser Malware: Websites Wget


Examine Document Files: Microsoft Office emldump
Examine Document Files: Microsoft Office MSGConvert

Examine Document Files: Microsoft Office libolecf


Examine Document Files: Microsoft Office officeparser
Examine Document Files: Microsoft Office oledump
Examine Document Files: Microsoft Office oletools
Examine Document Files: Microsoft Office pyOLEScanner.py
Examine Document Files: PDF AnalyzePDF
Examine Document Files: PDF Origami
Examine Document Files: PDF PDF X-RAY Lite
Examine Document Files: PDF pdfid
Examine Document Files: PDF Pdfobjflow
Examine Document Files: PDF pdf-parser
Examine Document Files: PDF PDFtk
Examine Document Files: PDF peepdf
Examine Document Files: PDF swf_mastah
Examine Document Files: PDF qpdf

Examine Document Files: PDF pdfresurrect

Examine Document Files: Shellcode dism-this


Examine Document Files: Shellcode sctest
Examine Document Files: Shellcode shellcode2exe.py
Examine Document Files: Shellcode unicode2hex-
escaped
Examine Document Files: Shellcode unicode2raw
Examine FIle Properties and Contents: Define Autorule
Examine FIle Properties and Contents: Define IOCextractor
Examine FIle Properties and Contents: Define Rule Editor
Examine FIle Properties and Contents: Define ioc-parser

Examine FIle Properties and Contents: Define YaraGenerator


Examine File Properties and Contents: Hashes Hash Identifier

Examine File Properties and Contents: Hashes nsrllookup


Examine File Properties and Contents: Hashes ssdeep
Examine File Properties and Contents: Hashes totalhash

Examine File Properties and Contents: Hashes virustotal-search

Examine File Properties and Contents: Hashes VirusTotalApi


Examine File Properties and Contents: Scan ClamAV
Examine file properties and contents: Scan Disitool
Examine File Properties and Contents: Scan ExifTool
Examine File Properties and Contents: Scan TrID
Examine File Properties and Contents: Scan virustotal-submit
Examine File Properties and Contents: Scan Yara
Examine Memory Snapshots AESKeyFinder
Examine Memory Snapshots findaes
Examine Memory Snapshots Rekall
Examine Memory Snapshots RSAKeyFinder
Examine Memory Snapshots Volatility Framework
Examine Memory Snapshots VolDiff
Examine Memory Snapshots linux_mem_diff_tool
Extract and Decode Artifacts: Carving bulk_extractor
Extract and Decode Artifacts: Carving Foremost
Extract and Decode Artifacts: Carving Hachoir
Extract and Decode Artifacts: Carving pe-carv.py
Extract and Decode Artifacts: Carving Scalpel
Extract and Decode Artifacts: Deobfuscate Balbuzard

Extract and Decode Artifacts: Deobfuscate brxor.py

Extract and Decode Artifacts: Deobfuscate FLOSS


Extract and Decode Artifacts: Deobfuscate ex_pe_xor
Extract and Decode Artifacts: Deobfuscate NoMoreXOR
Extract and Decode Artifacts: Deobfuscate unXOR
Extract and Decode Artifacts: Deobfuscate XORBruteForcer
Extract and Decode Artifacts: Deobfuscate XORSearch

Extract and Decode Artifacts: Deobfuscate XORStrings


Extract and Decode Artifacts: Deobfuscate xortool

Extract and Decode Artifacts: Extract Strings pestr


Extract and Decode Artifacts: Extract Strings unicode
Extract and Decode Artifacts: Extract Strings base64dump.py
Extract and Decode Artifacts: Extract Strings strdeobj
Investigate Linux Malware: Debug Evan's Debugger
(EDB)
Investigate Linux Malware: Debug GDB
Investigate Linux Malware: Investigate m2elf
Investigate Linux Malware: Investigate ELF Parser
Investigate Linux Malware: System Sysdig

Investigate Linux Malware: System Unhide

Investigate Linux Malware: Trace ltrace


Investigate Linux Malware: Trace strace
Investigate Mobile Malware AndroGuard
Investigate Mobile Malware Androwarn
Library Capstone
Library Cybox

Library Disass
Library diStorm3

Library IOC Writer


Library Javassist
Library OfficeDissector
Library olefile
Library pefile
Library pyexiftool
Library pylibemu
Library pyssdeep
Library PyV8
Library xortools
Library Yara Library

Library Yara Rules

Network: Misc. EPIC IRC Client


Network: Misc. Netcat
Network: Misc. prettyping.sh
Network: Misc. set-static-ip
Network: Misc. stunnel
Network: Misc. Just-Metadata
Network: Services accept-all-ips
Network: Services FakeDNS
Network: Services fakeMail

Network: Services INetSim


Network: Services Inspire IRCd
Network: Services Nginx
Network: Services OpenSSH
Network: Sniffing ngrep

Network: Sniffing TCPDump


Network: Sniffing tcpick
Network: Sniffing Wireshark
Other tasks bashacks
Other tasks Docker
Other tasks ProcDOT

Other tasks REMnux Updater


Other tasks vtTool
Other tasks Decompyle++
Process Multiple Samples Maltrieve
Process Multiple Samples MASTIFF
Process Multiple Samples Ragpicker

Process Multiple Samples Viper


Process Multiple Samples WIPSTER Installer
Statically Examine PE files: Disassemble objdump

Investigate Linux Malware: Disassemble


Statically Examine PE files: Disassemble BinNavi

Investigate Linux Malware: Disassemble


Statically Examine PE files: Disassemble Udis86

Investigate Linux Malware: Disassemble


Statically Examine PE files: Disassemble Vivisect

Investigate Linux Malware: Disassemble


Statically Examine PE files: Find Anomalies ExeScan

Statically Examine PE files: Find Anomalies pedump


Statically Examine PE files: Find Anomalies Peframe
Statically Examine PE files: Find Anomalies pescanner
Statically Examine PE files: Find Anomalies pev
Statically Examine PE files: Find Anomalies Signsrch
Statically Examine PE files: Investigate RATDecoders

Statically Examine PE files: Investigate DC3-MWCP


Library
Statically Examine PE files: Investigate readpe.py
Statically Examine PE files: Investigate PyInstaller Extractor

Statically Examine PE files: Investigate Bokken


Investigate Linux Malware: Investigate
Statically Examine PE files: Investigate Pyew
Investigate Linux Malware: Investigate
Statically Examine PE files: Investigate Radare 2
Investigate Linux Malware: Investigate
Edit and View Files: Binary
Statically Examine PE files: Unpacking Bytehist

Statically Examine PE files: Unpacking Density Scout

Statically Examine PE files: Unpacking PackerID


Statically Examine PE files: Unpacking UPX
How to Invoke (Basic Command)
vbindiff
wxHexEditor
xpdf
feh
display
geany

scite
extract_swf.py
flare
rabcdasm, abcexport
swfdump, swfextract, swfstrings, etc.
xxxswf.py
cfr
jad
idx_parser.py

jd-gui
extractscripts.py
js-beautify
jsdetox
js -f /usr/share/remnux/objects.js -f malware.js

rhino-debugger
js, js-didier

d8

cd /opt/remnux-automater && ./Automater.py


burpsuite

cd /opt/remnux-captipper && sudo ./CapTipper.py


yaraPcap.py

curl
firefox
mitmproxy, mitmdump
NetworkMiner

passive.py
pdnstool
tcpflow
tcpxtract
thug.py
tor start

wget
emldump.py
msgconvert

olecfexport, olecfinfo, olecfmount


officeparser.py
oledump.py
olevba, olebrowse, oletimes, rtfobj, pyxswf, etc.
pyOLEScanner.py
AnalyzePDF.py
pdfwalker, pdfextract, pdfcop, etc.
pdfxray_lite.py
pdfid
pdf-parser.py | pdfobjflow.py
pdf-parser.py
pdftk
peepdf
swf_mastah
qpdf

pdfresurrect

dism-this.py
sctest
shellcode2exe.py
unicode2hex-escaped

unicode2raw
autorule.py
IOCextractor.py
rule-editor
iocp

yaraGenerator.py
hash_id

nsrllookup
ssdeep
totalhash.py

virustotal-search.py

vt
clamscan
disitool.py
exiftool
trid, tridupdate
virustotal-submit.py
yara
aeskeyfind
findaes
rekall
rsakeyfind
vol.py
VolDiff.py
linux_mem_diff.py
bulk_extractor, then BBViewer
foremost
hachoir-subfile, hachoir-metadata, hachoir-urwid
pe-carv.py
scalpel
balbuzard.py
bbcrack.py
bbharvest.py
bbtrans.py
brxor.py

floss
ex_pe_xor.py
NoMoreXOR.py
unxor.py
xorBruteForcer.py
xorsearch

xorstrings
xortool
xortool-xor
pestr
unicode
base64dump.py
strdeobj.pl
edb

gdb
m2elf.pl
elfparser
sysdig

unhide

ltrace
strace
androlyze.py, androdiff.py, androrisk.py, apkviewer.py, etc.
cd /opt/remnux-androwarn && ./androwarn.py
from capstone import *
import cybox

from disass.Disass32 import Disass32


import distorm3

from ioc_writer import


Import /usr/share/java/javassist.jar
import officedissector
import olefile
import pefile
import exiftool
import pylibemu
from ssdeep import ssdeep
import PyV8
from xortools import rolling_xor
import yara

yara /opt/remnux-rules/

irc
nc
pping
set-static-ip
stunnel
cd /opt/remnux-just-metadata && ./Just-Metadata.py
accept-all-ips
fakedns
fakemail

inetsim
ircd start
httpd start
sshd start
ngrep

tcpdump
tcpick
wireshark
See "man bashacks"
docker, docker-update-images
procdot

update-remnux
vtTool.py
pycdas, pycdc
maltrieve
mas
cd /opt/remnux-ragpicker && ./ragpicker.py

cd /opt/remnux-viper && ./viper.py


install-wipster
objdump

install-binnavi

udcli

vivbin, vdbbin

exescan.py

pedump
peframe
pescanner
pepack, pescan, pestr, pehash, readpe, etc.
signsrch
See /opt/remnux-ratdecoders

mwcp-tool.py and "import malwareconfigreporter"

readpe.py
pyinstxtractor.py

bokken

pyew

radare2

bytehist

densityscout

packerid
upx
Description Package
Compare binary files vbindiff (APT)
Graphical hex editor wxhexeditor (APT)
PDF viewer xpdf (APT)
Image viewer feh (APT)
Image viewer imagemagick (APT)
Powerful text editor with an integrated developer geany (APT)
environment
Simple, yet powerful text editor scite (APT)
Extract Flash object from files remnux-scripts (APT)
Extract and decompile ActionScript from SWF files remnux-flare (APT)
Examine ActionScript from Flash files remnux-rabcdasm (APT)
A toolkit for examining, creating and modifying Flash files swftools (APT)
Extract Flash objects from other files remnux-scripts (APT)
Decompile Java class files remnux-cfr (APT)
Java Decompiler remnux-jad (APT)
Examine Java IDX files remnux-scripts (APT)

Decompile Java class files remnux-jd-gui (APT)


Extract JavaScript scripts from an HTML file remnux-didier (APT)
Reformat JavaScript scripts to improve their readability jsbeautifier (PIP)
Decode obfuscated JavaScript remnux/jsdetox (Docker)
Library of JavaScript objects commonly defined by a remnux-config (APT)
browser or a PDF reader
Standalone JavaScript debugger rhino (APT)
JavaScript engine from Mozilla libmozjs-24-bin (APT),
remnux-js-didier (APT)
Command-line shell (d8) for the JavaScript engine from remnux-v8 (APT)
Google (V8)
Look up URL/Domain, IP and MD5 hash details remnux-automater (APT)
Analyze and interact with websites in a controlled manner remnux-burpsuite-free (APT)

Examine network traffic and carve PCAP capture files remnux-captipper (apt)
Scan and carve PCAP files for contents that match your remnux-scripts (APT)
Yara signatures
Command-line tool for retrieving website contents curl (APT)
Web browser firefox (APT)
Intercept, modify, replay and save HTTP and HTTPS traffic mitmproxy (PIP)
Examine network traffic and carve PCAP capture files remnux-network-miner (APT)

Perform passive DNS lookups remnux-python-pdns (APT)


Perform passive DNS lookups passivedns-client (Gem)
Examine network traffic and carve PCAP capture files tcpflow (APT)
Extract files from network traffic tcpxtract (APT)
Honeyclient for investigating suspicios websites remnux/thug (Docker)
Tools for directing network traffic through anonymizing tor (APT)
proxies torsocks (APT)
Command-line tool for retrieving website contents wget (APT)
Examine suspicious MIME files remnux-didier (APT)
Convert Microsoft email clients' .MSG files to mime/mbox package libemail-outlook-
(RFC822) .EML file format message-perl (APT)
Analyze OLE2 files libolecf-tools (APT)
Extract embedded files and macros from office documents remnux-scripts (APT)
Examine suspicious Microsoft Office files remnux-didier (APT)
Analyze OLE2 files remnux-oletools (APT)
Examine suspicious Microsoft Office files remnux-scripts (APT)
Examine a malicious PDF file remnux-scripts (APT)
Framework for examining, creating and modifying PDF files origami (Gem)
Examine the PDF document structure and contents remnux-pdfxray-lite (APT)
Locate common suspicious artifacts in a PDF file remnux-didier (APT)
Visualizes the output from pdf-parser remnux-scripts (APT)
Examine a suspicious PDF file remnux-didier (APT)
Edit PDF files pdftk (APT)
Analyze suspicious PDF files remnux-peepdf (APT)
Extract Flash SWF objects from PDF files remnux-pdfxray-lite (APT)
Perform structural, content-preserving transformations on qpdf (APT)
PDF files.
Analyze and help extract older "hidden" versions of the PDF pdfresurrect (APT)
file's contents from the PDF file.
Analyze disassembled data within file objects remnux-scripts (APT)
Emulate shellcode execution libemu2 (APT)
Create a Windows executable file out of shellcode remnux-scripts (APT)
Clean up and convert Unicode to hex remnux-config (APT)

Clean up and convert Unicode to raw remnux-config (APT)


Automatically define Yara signatures for a set of files remnux-scripts (APT)
Extract IOCs from a text report file remnux-scripts (APT)
Edit IOC Yara, Snort and OpenIOC rules remnux-rule-editor (APT)
Extract indicators of compromise from security reports in remnux-ioc-parser (APT)
PDF format
Generate Yara rules for designated files remnux-scripts (APT)
Identify the different types of hashes used to encrypt data remnux-scripts (APT)
and especially passwords
Look up file hashes on an NSRL database server remnux-nsrllookup (APT)
Define and scan for a "fuzzy" signature of a file ssdeep (APT)
Look up a suspicious file hash in the totalhash.com remnux-scripts (APT)
database
Look up a suspicious file hash in the virustotal.com remnux-didier (APT)
database
Interact with VirusTotal from the command-line remnux-virustotalapi (APT)
Clam antivirus engine clamav-daemon (APT)
Manipulate digital signatures of Windows executables remnux-didier (APT)
Extract file properties libimage-exiftool-perl (APT)
Identify file types remnux-trid (APT)
Submit samples to VirusTotal remnux-didier (APT)
Identify and classify malware samples yara (APT)
Locate embedded AES keys aeskeyfind (APT)
Locate embedded AES keys remnux-findaes (APT)
Memory forensics tool and framework rekall (PIP)
Locate embedded RSA keys rsakeyfind (APT)
Memory forensics tool and framework python-volatility (APT)
Spot changes in memory images using Volatility remnux-scripts (APT)
Spot changes in memory images using Volatility remnux-scripts (APT)
Scan a disk image, a file, or a directory of files and extracts bulk-extractor (APT)
useful information
Carve contents of files foremost (APT)
View, edit and carve contents of various binary file types python-hachoir-* (APT)
Carve out PE files remnux-scripts (APT)
Carve contents of files scalpel (APT)
Extract and decode suspicious patterns from malicious files remnux-balbuzard (APT)

Bruteforce all possible 1-byte XOR keys and show the remnux-scripts (APT)
resulting strings that include an English word.
Automatically extract obfuscated strings from malware flare-floss (APT)
Carve out single-byte XOR encoded executables from files remnux-scripts (APT)
Guess 256-byte XOR keys by using frequency analysis remnux-scripts (APT)
Guess a XOR key via known-plaintext attacks remnux-scripts (APT)
implements a XOR bruteforcing of a given file remnux-scripts (APT)
Locate and decode strings obfuscated using common remnux-didier (APT)
techniques
Locate and decode XOR-obfuscated strings remnux-didier (APT)
Locate and deobuscate contents encoded using a multi-byte xortool (PIP)
XOR cipher
Extract strings from a PE file remnux-pev (APT)
Display character properties for Unicode characters unicode (APT)
Extract base64 strings from file remnux-didier (APT)
Extract and decode strings defined as arrays remnux-scripts (APT)
Debug EFL binary files remnux-edb-debugger (APT)

A powerful debugger gdb-minimal (APT)


Create an ELF binary file out of shellcode remnux-scripts (APT)
Statically analyze suspicious ELF binaries remnux-scripts (APT)
Track and examine local system activities on a Linux system sysdig (APT)

Find local hidden processes or connections on a Linux unhide (APT)


system
Trace library calls ltrace (APT)
Trace system calls and signals strace (APT)
Analyze Android applications remnux-androguard (APT)
Android static code analyzer remnux-androwarn (APT)
Multi-architecture disassembly framework python-capstone (APT)
Python library for parsing, manipulating, and generating cybox (PIP)
CybOX content
Binary analysis library for Python
Library for disassembling binary files distorm3 (PIP),
libdistorm64-1 (APT)
Python library for creating and editing OpenIOC objects remnux-ioc-writer
Analyze Java bytecode libjavassist-java (APT)
Examine suspicious Microsoft Office XML-based files remnux-officedissector (APT)
Python library to read/write MS OLE2 files olefile (PIP)
A library for examining PE file contents remnux-pefile (APT)
Python wrapper library for the ExifTool remnux-pyexiftool (APT)
Library for accessing Libemu functionality remnux-pylibemu (APT)
Python wrapper library for the ssdeep tool remnux-python-ssdeep (APT)
Python wrapper library for the Google V8 engine remnux-pyv8 (APT)
Library for decoding XOR-obfuscated contents remnux-scripts (APT)
Python library to identify and classify malware samples libyara3, python-yara, libyara-
dev (APT)
Rules/signatures for spotting malicious characteristics in remnux-rules (APT)
files
IRC client epic5 (APT)
Flexible network client and server netcat (APT)
Ping a host while looking pretty remnux-scripts (APT)
Temporarily assign a static IP remnux-config (APT)
SSL encryption wrapper stunnel (APT)
Gather OSINT about IP addresses remnux-just-metadata (APT)
Accept and redirect network traffic to all IPs remnux-scripts (APT)
Respond to DNS queries with a specified IP address remnux-scripts (APT)
Fake mail server that captures emails messages sent remnux-scripts (APT)
through it without retransmitting them
Emulate common network services inetsim (APT)
IRC server inspircd (APT)
A web server nginx (APT)
SSH server openssh-server (APT)
Sniff the network while looking for patterns that match the ngrep (APT)
specified regular expressions
Command-line network sniffer tcpdump (APT)
Sniffer that reassembles TCP streams tcpick (APT)
Network sniffer wireshark (APT)
Useful Bash shell functions remnux-bashacks (APT)
Run applications as isolated containers on the local host docker-engine (APT)
Visualize and examine the output of Process Monitor and remnux-procdot (APT)
network sniffer logs
Update or upgrade the REMnux distro on the local host remnux-scripts (APT)
Determine malware name by querying VirusTotal remnux-vttool (APT)
Python bytecode disassembler and decompiler remnux-pycdc (APT)
Retrieve malware from malicious sites remnux/maltrieve (Docker)
Perform static analysis of suspicious files remnux-mastiff (APT)
Plugin based malware crawler and downloader with pre- remnux-ragpicker (APT)
analysis and reporting functionalities
Store, classify and investigate suspicious binary files remnux-viper (APT)
Install web interface for MASTIFF and other tools remnux-scripts (APT)
Disassemble binary files binutils (APT)

Install BinNavi, a tool for statically examining disassembled remnux-scripts (APT)


code

Disassemble binary files remnux-udis86 (APT)

Statically examine and emulate binary files remnux-vivisect (APT)

Statically examine a PE file and detect suspicious remnux-scripts (APT)


characteristics
Statically examine a PE file pedump (Gem)
Statically Examine PE files remnux-peframe (APT)
Statically examine a PE file remnux-scripts (APT)
PE file analysis toolkit remnux-pev (APT)
Locate common code patterns remnux-signsrch (APT)
Extract and decode configuration details from common RAT remnux-ratdecoders (APT)
samples
A framework for parsing configuration information from remnux-dc3-mwcp (APT)
malware.
Extract contents of PE file headers remnux-pype32 (APT)
Extract contents of a Windows executable file generated remnux-scripts (APT)
using PyInstaller
Interactive static malware analysis tool remnux-bokken (APT)

Statically examine suspicious files pyew (APT)

Framework for examining binary files radare2 (APT)

Generate byte-usage-histograms for all types of files with a remnux-bytehist (APT)


focus PE files
Calculates density (like entropy) of files in the specified remnux-densityscout (APT)
location, useful for finding packed programs
Help determine which packer was used to protect a PE file remnux-scripts (APT)
A popular tool for packing and unpacking executable files upx-ucl (APT)
Tool Source/Info
http://www.cjmweb.net/vbindiff/
http://sourceforge.net/projects/wxhexeditor/
http://www.foolabs.com/xpdf/
http://feh.finalrewind.org/
http://www.imagemagick.org/
http://www.geany.org/

http://www.scintilla.org/SciTE.html
https://gist.github.com/noonat/821548
http://www.nowrap.de/flare.html
https://github.com/CyberShadow/RABCDAsm
http://www.swftools.org/
https://bitbucket.org/Alexander_Hanel/xxxswf
http://www.benf.org/other/cfr/
http://varaneckas.com/jad
https://github.com/Rurik/Java_IDX_Parser/

http://jd.benow.ca/
http://blog.didierstevens.com/programs/extractscripts/
https://github.com/einars/js-beautify
http://www.relentless-coding.com/projects/jsdetox/

https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Rhino/Debugger
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey

https://code.google.com/p/v8/

http://www.tekdefense.com/automater/
http://portswigger.net/burp/

https://github.com/omriher/CapTipper
https://github.com/kevthehermit/YaraPcap

http://curl.haxx.se/
http://www.mozilla.org/firefox
http://mitmproxy.org/
http://www.netresec.com/?page=NetworkMiner

https://github.com/REMnux/distro/blob/v6/passive.py
https://github.com/chrislee35/passivedns-client
https://github.com/simsong/tcpflow
http://tcpxtract.sourceforge.net/
https://github.com/buffer/thug
https://www.torproject.org/

https://www.gnu.org/software/wget/
https://isc.sans.edu/diary/Malicious+Word+Document+This+Time+The+Maldoc+Is+A+MIME+File/19673/
http://www.matijs.net/software/msgconv/

https://github.com/libyal/libolecf
https://github.com/unixfreak0037/officeparser
http://blog.didierstevens.com/programs/oledump-py/
http://www.decalage.info/python/oletools
https://github.com/Evilcry/PythonScripts/blob/master/pyOLEScanner.py
https://github.com/hiddenillusion/AnalyzePDF
https://code.google.com/p/origami-pdf/
https://github.com/9b/pdfxray_lite
http://blog.didierstevens.com/programs/pdf-tools/
http://www.aldeid.com/wiki/Pdfobjflow
http://blog.didierstevens.com/programs/pdf-tools/
http://www.pdflabs.com/tools/pdftk-the-pdf-toolkit/
http://eternal-todo.com/tools/peepdf-pdf-analysis-tool#releases
http://blog.9bplus.com/snatching-swf-from-pdfs-made-easier/
http://qpdf.sourceforge.net/

https://github.com/enferex/pdfresurrect

http://hooked-on-mnemonics.blogspot.com/2012/10/dism-thispy.html
http://libemu.carnivore.it/
https://github.com/MarioVilas/shellcode_tools/blob/master/shellcode2exe.py

http://joxeankoret.com/blog/2012/04/29/extracting-binary-patterns-in-malware-sets-and-generating-yara-rules/
https://github.com/stephenbrannon/IOCextractor
https://github.com/ifontarensky/RuleEditor
https://github.com/armbues/ioc_parser

https://github.com/Xen0ph0n/YaraGenerator
https://code.google.com/p/hash-identifier/

https://github.com/rjhansen/nsrllookup
http://ssdeep.sourceforge.net/
https://gist.github.com/malc0de/10270150

http://blog.didierstevens.com/programs/virustotal-tools/

https://github.com/doomedraven/VirusTotalApi
http://www.clamav.net/
http://blog.didierstevens.com/programs/disitool/
http://www.sno.phy.queensu.ca/~phil/exiftool/
http://mark0.net/soft-trid-e.html
http://blog.didierstevens.com/programs/virustotal-tools/
http://plusvic.github.io/yara/

http://jessekornblum.livejournal.com/269749.html
http://www.rekall-forensic.com/

https://github.com/volatilityfoundation/volatility
https://github.com/aim4r/VolDiff
https://github.com/monnappa22/linux_mem_diff_tool
https://github.com/simsong/bulk_extractor/
http://foremost.sourceforge.net/
https://bitbucket.org/haypo/hachoir
http://hooked-on-mnemonics.blogspot.com/2013/03/pe-carvpy-ascii-hex-and-overlays.html
http://www.forensicswiki.org/wiki/Scalpel
https://bitbucket.org/decalage/balbuzard/wiki/Home

https://github.com/REMnux/distro/blob/v6/brxor.py

https://github.com/fireeye/flare-floss
http://hooked-on-mnemonics.blogspot.com/2014/04/expexorpy.html
https://github.com/hiddenillusion/NoMoreXOR
https://github.com/tomchop/unxor/
http://eternal-todo.com/category/bruteforce
http://blog.didierstevens.com/programs/xorsearch/

http://blog.didierstevens.com/2013/04/15/new-tool-xorstrings/
https://github.com/hellman/xortool

http://pev.sourceforge.net/
https://github.com/garabik/unicode
http://blog.didierstevens.com/2015/07/05/base64dump-py-version-0-0-1/
http://totalhash.com/download/strdeob.pl.txt
http://codef00.com/projects#debugger

http://www.sourceware.org/gdb/
https://github.com/XlogicX/m2elf
http://elfparser.com/
http://www.sysdig.org/

http://www.unhide-forensics.info/

http://ltrace.org/
http://sourceforge.net/projects/strace/
https://github.com/androguard/androguard
https://github.com/maaaaz/androwarn
http://www.capstone-engine.org/
https://github.com/CybOXProject/python-cybox

https://bitbucket.org/cybertools/disass
https://code.google.com/p/distorm/

https://github.com/mandiant/ioc_writer
http://www.javassist.org
https://github.com/grierforensics/officedissector
http://www.decalage.info/olefile
https://code.google.com/p/pefile/
http://smarnach.github.io/pyexiftool/
https://github.com/buffer/pylibemu
https://code.google.com/p/pyssdeep/
https://code.google.com/p/pyv8/
https://github.com/hiddenillusion/yara-goodies/blob/master/xortools.py
http://plusvic.github.io/yara/

https://github.com/Yara-Rules/rules

http://www.epicsol.org/
http://netcat.sourceforge.net/
https://bitbucket.org/denilsonsa/small_scripts/src/3ec16014c839ea0852fae492813ad2293bd61155/prettyping.sh

https://www.stunnel.org/
https://github.com/ChrisTruncer/Just-Metadata

http://code.activestate.com/recipes/491264-mini-fake-dns-server/
http://sourceforge.net/projects/fakemail/

http://www.inetsim.org/
http://www.inspircd.org/
http://nginx.org/
http://www.openssh.com/
http://ngrep.sourceforge.net/

http://www.tcpdump.org/
http://tcpick.sourceforge.net/
http://www.wireshark.org/
https://github.com/merces/bashacks
http://www.docker.com/
http://www.procdot.com/

https://REMnux.org
https://code.google.com/p/malware-crawler/wiki/vtTool
https://github.com/zrax/pycdc
https://github.com/technoskald/maltrieve
https://git.korelogic.com/mastiff.git/
https://code.google.com/p/malware-crawler/

https://github.com/botherder/viper
https://github.com/TheDr1ver/WIPSTER
http://en.wikipedia.org/wiki/Objdump

https://github.com/google/binnavi

http://udis86.sourceforge.net/

http://visi.kenshoto.com/viki/Vivisect

http://securityxploded.com/exe-scan.php

http://pedump.me/
https://github.com/guelfoweb/peframe
https://code.google.com/p/malwarecookbook/source/browse/trunk/3/8/pescanner.py
http://pev.sourceforge.net/
http://aluigi.altervista.org/mytoolz.htm
https://github.com/kevthehermit/RATDecoders

https://github.com/Defense-Cyber-Crime-Center/DC3-MWCP

https://github.com/crackinglandia/pype32
https://sourceforge.net/projects/pyinstallerextractor/

https://inguma.eu/projects/bokken

https://code.google.com/p/pyew/

https://github.com/radare/radare2

https://www.cert.at/downloads/software/bytehist_en.html

http://www.cert.at/downloads/software/densityscout_en.html

https://github.com/sooshie/packerid
http://upx.sourceforge.net/

You might also like