REMnux 是一个基于Linux的用于逆向工程、分析恶意代码的系统。
REMnux上面安装的软件有:
Analyze Flash malware: SWFTtools, flasm, flare, RABCDAsmand xxxswf.py
Interacting with IRC bots: IRC server (Inspire IRCd) and client (epic5)
Observe and interact with network activities: Wireshark,Honeyd, INetSim, fakedns, fakesmtp , NetCat,NetworkMiner, ngrep, pdnstool and tcpdump
Decode JavaScript: Firefox Firebug, QuickJava and JavaScript Deobfuscator extensions, Rhino debugger, JS-Beautify,SpiderMonkey, V8, Windows Script Decoder and Jsunpackn
Explore and interact with web malware: Firefox Tamper Data and User Agent Switcher extensions, TinyHTTPd, Burp Suite Free Edition, Stunnel, Tor , Jsunpackn and torsocks.
Analyze shellcode: gdb, objdump, Radare, shellcode2exe,libemu's sctest
Examine suspicious executables: upx, packerid, bytehist, DensityScout, xorsearch, xortool, TRiD, xortools.py,ClamAV, ssdeep, md5deep, pescanner and Pyew
Analyze malicious documents: Didier Steven's PDF tools, Origami framework, PDF X-RAY Lite, Peepdf, Jsunpackn, pdftk,pyOLEScanner.py and Hachoir
Decompile Java programs: Jad, JD-gui
Perform memory forensics: Volatility Framework with malware,timeliner and other modules, AESKeyFinder and RSAKeyFinder.
Handle miscellaneous tasks: unzip, unrar, strings, feh image viewer, SciTE text editor, OpenSSH server, findaes, Xpdf PDF viewer, VBinDiff file comparison/viewer, FreeMind.
参见:REMnux: A Linux Distribution for Reverse-Engineering Malware
