Jump to content

REMnux: A Linux Toolkit for RE and Analyzing Malware

  • Please log in to reply
No replies to this topic

#1 666regab


    Advanced Member

  • Members
  • PipPipPip
  • 40 posts

Posted 01 June 2016 - 07:08 AM

REMnux® is a free Linux toolkit for assisting malware analysts with reverse-engineering malicious software. It strives to make it easier for forensic investigators and incident responders to start using the variety of freely-available tools that can examine malware, yet might be difficult to locate or set up.

The heart of the project is the REMnux Linux distribution based on Ubuntu. This lightweight distro incorporates many tools for analyzing Windows and Linux malware, examining browser-based threats such as obfuscated JavaScript, exploring suspicious document files and taking apart other malicious artifacts. Investigators can also use the distro to intercept suspicious network traffic in an isolated lab when performing behavioral malware analysis


tools on the remux:



Examine Browser Malware

    Website analysis: Thug, mitmproxy, Network Miner Free Edition, curl, Wget, Burp Proxy Free Edition, Automater, pdnstool, Tor, tcpextract, tcpflow, passive.py, CapTipper, yaraPcap.py
    Flash: xxxswf, SWF Tools, RABCDAsm, extract_swf, Flare
    Java: Java Cache IDX Parser, JD-GUI Java Decompiler, JAD Java Decompiler, Javassist, CFR
    JavaScript: Rhino Debugger, ExtractScripts, SpiderMonkey, V8, JS Beautifier

Examine Document Files

    PDF: AnalyzePDF, Pdfobjflow, pdfid, pdf-parser, peepdf, Origami, PDF X-RAY Lite, PDFtk, swf_mastah, qpdf, pdfresurrect
    Microsoft Office: officeparser, pyOLEScanner.py, oletools, libolecf, oledump, emldump, MSGConvert, base64dump.py, unicode
    Shellcode: sctest, unicode2hex-escaped, unicode2raw, dism-this, shellcode2exe

Extract and Decode Artifacts

    Deobfuscate: unXOR, XORStrings, ex_pe_xor, XORSearch, brxor.py, xortool, NoMoreXOR, XORBruteForcer, Balbuzard
    Extract strings: strdeobj, pestr, strings
    Carving: Foremost, Scalpel, bulk_extractor, Hachoir

Handle Network Interactions

    Sniffing: Wireshark, ngrep, TCPDump, tcpick
    Services: FakeDNS, Nginx, fakeMail, Honeyd, INetSim, Inspire IRCd, OpenSSH, accept-all-ips
    Miscellaneous network: prettyping.sh, set-static-ip, renew-dhcp, Netcat, EPIC IRC Client, stunnel, Just-Metadata

Process Multiple Samples

    Maltrieve, Ragpicker, Viper, MASTIFF, Density Scout

Examine File Properties and Contents

    Define signatures: YaraGenerator, IOCextractor, Autorule, Rule Editor, ioc-parser
    Scan: Yara, ClamAV, TrID, ExifTool, virustotal-submit, Disitool
    Hashes: nsrllookup, Automater, Hash Identifier, totalhash, ssdeep, virustotal-search, VirusTotalApi

Investigate Linux Malware

    System: Sysdig, Unhide
    Disassemble: Vivisect, Udis86, objdump
    Debug: Evan’s Debugger (EDB), GNU Project Debugger (GDB)
    Trace: strace, ltrace
    Investigate: Radare 2, Pyew, Bokken, m2elf, ELF Parser

Edit and View Files

    Text: SciTE, Geany, Vim
    Images: feh, ImageMagick
    Binary: wxHexEditor, VBinDiff
    Documents: Xpdf

Examine Memory Snapshots

    Volatility Framework, findaes, AESKeyFinder, RSAKeyFinder, VolDiff, Rekall, linux_mem_diff_tool

Statically Examine PE Files

    Unpacking: UPX, Bytehist, Density Scout, PackerID
    Disassemble: objdump, Udis86, Vivisect
    Find anomalies: Signsrch, pescanner, ExeScan, pev, Peframe, pedump
    Investigate: Bokken, RATDecoders, Pyew, readpe.py, PyInstaller Extractor, DC3-MWCP

Investigate Mobile Malware

    Androwarn, AndroGuard

Perform Other Tasks

    ProcDOT, bashhacks, Docker, vtTool, REMnux Updater, Decompyle++

Install Additional Tools

    Metasploit Framework is not installed on REMnux; however, you can run it as a Docker container if the need arises.

    WIPSTER offers a web-based interface to several REMnux tools. You can easily install WIPSTER on REMnux by running the command install-wipster.

    BinNavi is a tool for statically examining disassembled code. You can install it on REMnux by running the command install-binnavi.




download (2gig)

website remux

  • 0


a noob ...

.ONhex - Mirage

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users