Professional Documents
Culture Documents
Library Disass
Library diStorm3
scite
extract_swf.py
flare
rabcdasm, abcexport
swfdump, swfextract, swfstrings, etc.
xxxswf.py
cfr
jad
idx_parser.py
jd-gui
extractscripts.py
js-beautify
jsdetox
js -f /usr/share/remnux/objects.js -f malware.js
rhino-debugger
js, js-didier
d8
curl
firefox
mitmproxy, mitmdump
NetworkMiner
passive.py
pdnstool
tcpflow
tcpxtract
thug.py
tor start
wget
emldump.py
msgconvert
pdfresurrect
dism-this.py
sctest
shellcode2exe.py
unicode2hex-escaped
unicode2raw
autorule.py
IOCextractor.py
rule-editor
iocp
yaraGenerator.py
hash_id
nsrllookup
ssdeep
totalhash.py
virustotal-search.py
vt
clamscan
disitool.py
exiftool
trid, tridupdate
virustotal-submit.py
yara
aeskeyfind
findaes
rekall
rsakeyfind
vol.py
VolDiff.py
linux_mem_diff.py
bulk_extractor, then BBViewer
foremost
hachoir-subfile, hachoir-metadata, hachoir-urwid
pe-carv.py
scalpel
balbuzard.py
bbcrack.py
bbharvest.py
bbtrans.py
brxor.py
floss
ex_pe_xor.py
NoMoreXOR.py
unxor.py
xorBruteForcer.py
xorsearch
xorstrings
xortool
xortool-xor
pestr
unicode
base64dump.py
strdeobj.pl
edb
gdb
m2elf.pl
elfparser
sysdig
unhide
ltrace
strace
androlyze.py, androdiff.py, androrisk.py, apkviewer.py, etc.
cd /opt/remnux-androwarn && ./androwarn.py
from capstone import *
import cybox
yara /opt/remnux-rules/
irc
nc
pping
set-static-ip
stunnel
cd /opt/remnux-just-metadata && ./Just-Metadata.py
accept-all-ips
fakedns
fakemail
inetsim
ircd start
httpd start
sshd start
ngrep
tcpdump
tcpick
wireshark
See "man bashacks"
docker, docker-update-images
procdot
update-remnux
vtTool.py
pycdas, pycdc
maltrieve
mas
cd /opt/remnux-ragpicker && ./ragpicker.py
install-binnavi
udcli
vivbin, vdbbin
exescan.py
pedump
peframe
pescanner
pepack, pescan, pestr, pehash, readpe, etc.
signsrch
See /opt/remnux-ratdecoders
readpe.py
pyinstxtractor.py
bokken
pyew
radare2
bytehist
densityscout
packerid
upx
Description Package
Compare binary files vbindiff (APT)
Graphical hex editor wxhexeditor (APT)
PDF viewer xpdf (APT)
Image viewer feh (APT)
Image viewer imagemagick (APT)
Powerful text editor with an integrated developer geany (APT)
environment
Simple, yet powerful text editor scite (APT)
Extract Flash object from files remnux-scripts (APT)
Extract and decompile ActionScript from SWF files remnux-flare (APT)
Examine ActionScript from Flash files remnux-rabcdasm (APT)
A toolkit for examining, creating and modifying Flash files swftools (APT)
Extract Flash objects from other files remnux-scripts (APT)
Decompile Java class files remnux-cfr (APT)
Java Decompiler remnux-jad (APT)
Examine Java IDX files remnux-scripts (APT)
Examine network traffic and carve PCAP capture files remnux-captipper (apt)
Scan and carve PCAP files for contents that match your remnux-scripts (APT)
Yara signatures
Command-line tool for retrieving website contents curl (APT)
Web browser firefox (APT)
Intercept, modify, replay and save HTTP and HTTPS traffic mitmproxy (PIP)
Examine network traffic and carve PCAP capture files remnux-network-miner (APT)
Bruteforce all possible 1-byte XOR keys and show the remnux-scripts (APT)
resulting strings that include an English word.
Automatically extract obfuscated strings from malware flare-floss (APT)
Carve out single-byte XOR encoded executables from files remnux-scripts (APT)
Guess 256-byte XOR keys by using frequency analysis remnux-scripts (APT)
Guess a XOR key via known-plaintext attacks remnux-scripts (APT)
implements a XOR bruteforcing of a given file remnux-scripts (APT)
Locate and decode strings obfuscated using common remnux-didier (APT)
techniques
Locate and decode XOR-obfuscated strings remnux-didier (APT)
Locate and deobuscate contents encoded using a multi-byte xortool (PIP)
XOR cipher
Extract strings from a PE file remnux-pev (APT)
Display character properties for Unicode characters unicode (APT)
Extract base64 strings from file remnux-didier (APT)
Extract and decode strings defined as arrays remnux-scripts (APT)
Debug EFL binary files remnux-edb-debugger (APT)
http://www.scintilla.org/SciTE.html
https://gist.github.com/noonat/821548
http://www.nowrap.de/flare.html
https://github.com/CyberShadow/RABCDAsm
http://www.swftools.org/
https://bitbucket.org/Alexander_Hanel/xxxswf
http://www.benf.org/other/cfr/
http://varaneckas.com/jad
https://github.com/Rurik/Java_IDX_Parser/
http://jd.benow.ca/
http://blog.didierstevens.com/programs/extractscripts/
https://github.com/einars/js-beautify
http://www.relentless-coding.com/projects/jsdetox/
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Rhino/Debugger
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey
https://code.google.com/p/v8/
http://www.tekdefense.com/automater/
http://portswigger.net/burp/
https://github.com/omriher/CapTipper
https://github.com/kevthehermit/YaraPcap
http://curl.haxx.se/
http://www.mozilla.org/firefox
http://mitmproxy.org/
http://www.netresec.com/?page=NetworkMiner
https://github.com/REMnux/distro/blob/v6/passive.py
https://github.com/chrislee35/passivedns-client
https://github.com/simsong/tcpflow
http://tcpxtract.sourceforge.net/
https://github.com/buffer/thug
https://www.torproject.org/
https://www.gnu.org/software/wget/
https://isc.sans.edu/diary/Malicious+Word+Document+This+Time+The+Maldoc+Is+A+MIME+File/19673/
http://www.matijs.net/software/msgconv/
https://github.com/libyal/libolecf
https://github.com/unixfreak0037/officeparser
http://blog.didierstevens.com/programs/oledump-py/
http://www.decalage.info/python/oletools
https://github.com/Evilcry/PythonScripts/blob/master/pyOLEScanner.py
https://github.com/hiddenillusion/AnalyzePDF
https://code.google.com/p/origami-pdf/
https://github.com/9b/pdfxray_lite
http://blog.didierstevens.com/programs/pdf-tools/
http://www.aldeid.com/wiki/Pdfobjflow
http://blog.didierstevens.com/programs/pdf-tools/
http://www.pdflabs.com/tools/pdftk-the-pdf-toolkit/
http://eternal-todo.com/tools/peepdf-pdf-analysis-tool#releases
http://blog.9bplus.com/snatching-swf-from-pdfs-made-easier/
http://qpdf.sourceforge.net/
https://github.com/enferex/pdfresurrect
http://hooked-on-mnemonics.blogspot.com/2012/10/dism-thispy.html
http://libemu.carnivore.it/
https://github.com/MarioVilas/shellcode_tools/blob/master/shellcode2exe.py
http://joxeankoret.com/blog/2012/04/29/extracting-binary-patterns-in-malware-sets-and-generating-yara-rules/
https://github.com/stephenbrannon/IOCextractor
https://github.com/ifontarensky/RuleEditor
https://github.com/armbues/ioc_parser
https://github.com/Xen0ph0n/YaraGenerator
https://code.google.com/p/hash-identifier/
https://github.com/rjhansen/nsrllookup
http://ssdeep.sourceforge.net/
https://gist.github.com/malc0de/10270150
http://blog.didierstevens.com/programs/virustotal-tools/
https://github.com/doomedraven/VirusTotalApi
http://www.clamav.net/
http://blog.didierstevens.com/programs/disitool/
http://www.sno.phy.queensu.ca/~phil/exiftool/
http://mark0.net/soft-trid-e.html
http://blog.didierstevens.com/programs/virustotal-tools/
http://plusvic.github.io/yara/
http://jessekornblum.livejournal.com/269749.html
http://www.rekall-forensic.com/
https://github.com/volatilityfoundation/volatility
https://github.com/aim4r/VolDiff
https://github.com/monnappa22/linux_mem_diff_tool
https://github.com/simsong/bulk_extractor/
http://foremost.sourceforge.net/
https://bitbucket.org/haypo/hachoir
http://hooked-on-mnemonics.blogspot.com/2013/03/pe-carvpy-ascii-hex-and-overlays.html
http://www.forensicswiki.org/wiki/Scalpel
https://bitbucket.org/decalage/balbuzard/wiki/Home
https://github.com/REMnux/distro/blob/v6/brxor.py
https://github.com/fireeye/flare-floss
http://hooked-on-mnemonics.blogspot.com/2014/04/expexorpy.html
https://github.com/hiddenillusion/NoMoreXOR
https://github.com/tomchop/unxor/
http://eternal-todo.com/category/bruteforce
http://blog.didierstevens.com/programs/xorsearch/
http://blog.didierstevens.com/2013/04/15/new-tool-xorstrings/
https://github.com/hellman/xortool
http://pev.sourceforge.net/
https://github.com/garabik/unicode
http://blog.didierstevens.com/2015/07/05/base64dump-py-version-0-0-1/
http://totalhash.com/download/strdeob.pl.txt
http://codef00.com/projects#debugger
http://www.sourceware.org/gdb/
https://github.com/XlogicX/m2elf
http://elfparser.com/
http://www.sysdig.org/
http://www.unhide-forensics.info/
http://ltrace.org/
http://sourceforge.net/projects/strace/
https://github.com/androguard/androguard
https://github.com/maaaaz/androwarn
http://www.capstone-engine.org/
https://github.com/CybOXProject/python-cybox
https://bitbucket.org/cybertools/disass
https://code.google.com/p/distorm/
https://github.com/mandiant/ioc_writer
http://www.javassist.org
https://github.com/grierforensics/officedissector
http://www.decalage.info/olefile
https://code.google.com/p/pefile/
http://smarnach.github.io/pyexiftool/
https://github.com/buffer/pylibemu
https://code.google.com/p/pyssdeep/
https://code.google.com/p/pyv8/
https://github.com/hiddenillusion/yara-goodies/blob/master/xortools.py
http://plusvic.github.io/yara/
https://github.com/Yara-Rules/rules
http://www.epicsol.org/
http://netcat.sourceforge.net/
https://bitbucket.org/denilsonsa/small_scripts/src/3ec16014c839ea0852fae492813ad2293bd61155/prettyping.sh
https://www.stunnel.org/
https://github.com/ChrisTruncer/Just-Metadata
http://code.activestate.com/recipes/491264-mini-fake-dns-server/
http://sourceforge.net/projects/fakemail/
http://www.inetsim.org/
http://www.inspircd.org/
http://nginx.org/
http://www.openssh.com/
http://ngrep.sourceforge.net/
http://www.tcpdump.org/
http://tcpick.sourceforge.net/
http://www.wireshark.org/
https://github.com/merces/bashacks
http://www.docker.com/
http://www.procdot.com/
https://REMnux.org
https://code.google.com/p/malware-crawler/wiki/vtTool
https://github.com/zrax/pycdc
https://github.com/technoskald/maltrieve
https://git.korelogic.com/mastiff.git/
https://code.google.com/p/malware-crawler/
https://github.com/botherder/viper
https://github.com/TheDr1ver/WIPSTER
http://en.wikipedia.org/wiki/Objdump
https://github.com/google/binnavi
http://udis86.sourceforge.net/
http://visi.kenshoto.com/viki/Vivisect
http://securityxploded.com/exe-scan.php
http://pedump.me/
https://github.com/guelfoweb/peframe
https://code.google.com/p/malwarecookbook/source/browse/trunk/3/8/pescanner.py
http://pev.sourceforge.net/
http://aluigi.altervista.org/mytoolz.htm
https://github.com/kevthehermit/RATDecoders
https://github.com/Defense-Cyber-Crime-Center/DC3-MWCP
https://github.com/crackinglandia/pype32
https://sourceforge.net/projects/pyinstallerextractor/
https://inguma.eu/projects/bokken
https://code.google.com/p/pyew/
https://github.com/radare/radare2
https://www.cert.at/downloads/software/bytehist_en.html
http://www.cert.at/downloads/software/densityscout_en.html
https://github.com/sooshie/packerid
http://upx.sourceforge.net/