REMnux is a free Linux toolkit for assisting malware analysts with reverse-engineering malicious software. It strives to make it easier for forensic investigators and incident responders to start using the variety of freely-available tools that can examine malware, yet might be difficult to locate or set up.
The heart of the project is the REMnux Linux distribution based on Ubuntu. This lightweight distro incorporates many tools for analyzing Windows and Linux malware, examining browser-based threats such as obfuscated JavaScript, exploring suspicious document files and taking apart other malicious artifacts. Investigators can also use the distro to intercept suspicious network traffic in an isolated lab when performing behavioral malware analysis.
Malware Analyis Tools Installed on REMnux
The REMnux distribution includes many free tools useful for examining malicious software. These utilities are set up and tested to make it easier for you to perform malware analysis tasks without needing to figure out how to install them. The majority of these tools are listed below.
** Examine Browser Malware**
** Examine Document Files**
** Extract and Decode Artifacts**
** Handle Network Interactions**
** Process Multiple Samples**
** Examine File Properties and Contents**
** Investigate Linux Malware**
** Edit and View Files**
** Examine Memory Snapshots**
** Statically Examine PE Files**
** Investigate Mobile Malware**
** Perform Other Tasks**
REMnux Documentation
REMnux documentation is a relatively recent effort, which can provide additional details regarding the toolkit. The document set in need of improvement and expansion.
The one-page REMnux cheat sheet highlights some of the most useful tools and commands available as part of the REMnux distro. Itβs an especially nice starting point for people who are new to the distribution.
plusvic.github.io/yara/
bitbucket.org/decalage/balbuzard/wiki/Home
bitbucket.org/denilsonsa/small_scripts/src/3ec16014c839ea0852fae492813ad2293bd61155/prettyping.sh
bitbucket.org/haypo/hachoir
gist.github.com/malc0de/10270150
gist.github.com/noonat/821548
github.com/9b/pdfxray_lite
github.com/aim4r/VolDiff
github.com/androguard/androguard
github.com/botherder/viper
github.com/buffer/thug
github.com/chrislee35/passivedns-client
github.com/crackinglandia/pype32
github.com/CyberShadow/RABCDAsm
github.com/doomedraven/VirusTotalApi
github.com/einars/js-beautify
github.com/Evilcry/PythonScripts/raw/master/
github.com/guelfoweb/peframe
github.com/hellman/xortool
github.com/hiddenillusion/AnalyzePDF
github.com/hiddenillusion/NoMoreXOR
github.com/ifontarensky/RuleEditor
github.com/kevthehermit/RATDecoders
github.com/libyal/libolecf
github.com/maaaaz/androwarn
github.com/MarioVilas/shellcode_tools/blob/master/shellcode2exe.py
github.com/merces/bashacks
github.com/omriher/CapTipper
github.com/radare/radare2
github.com/rjhansen/nsrllookup
github.com/Rurik/Java_IDX_Parser/
github.com/simsong/tcpflow
github.com/stephenbrannon/IOCextractor
github.com/technoskald/maltrieve
github.com/tomchop/unxor/
github.com/unixfreak0037/officeparser
github.com/volatilityfoundation/volatility
github.com/Xen0ph0n/YaraGenerator
github.com/XlogicX/m2elf
github.com/zrax/pycdc