Remnux is a lightweight Ubuntu based Linux distribution, which is specifically developed to help reverse engineer and analyze malware. It contains a wide range of apps and features which are mandatory for successful analysis of malware. Forensic investigators and incident reporters can use this tool kit to analyzing Windows and Linux malware, browser-based threats, and explore suspicious files. New release of this tiny distro is out now, we will be reviewing the primary features and installation process of REMnux 6 in this article.
Here are some of the noteworthy features of this Remnux 6.
- It offers wide range of tools for static file analsis, few of them are pescanner, pestr, pyew, and readpe
- It offers few tools for Binary files analysis as well, including but not limited to radare2, yara, vivbin, and wxHexEditor
- Analysis toolkit includes two useful tools Rekall and Volatility for memory snapshots
- Includes tcpdump, ngrep and wireshark for Network analysis
- Includes NetworkMiner, CapTipper and burpsuite tools for web traffic analysis
- Uses js-beautify for Java Script cleanup
- Uses wget and Curl to retrieve remote web pages content
- Includes support for oletools and libolecf for Microsoft Office and Open Office documents
- Uses Androwarn, AndroGuard for android malware decoding
Installing REMnux 6
The installation process for this distro is bit different, you don’t need to download ISO, Burn it and start the installation wizard. Instead REMnux provides a ova file to download. We need to import this file using any virtualization tool and then use the operating system to carry out analysis tasks. We will show the installation process of this operating system using Oracle Virtual Box virtualization tool.
Tip: If oracle Virtual Box is not installed on your end, you can install it by following method:
Ubuntu users should run following command on terminal.apt-get install virtualbox
Windows users should download its executable file and run installer.
Download virtual Box for Windows
In order to install REMnux, First of all download its ova file from following location.
Once the download process is complete, launch Oracle Virtual Box and click on File >> Import Appliance.
Tip: Kindly note that all good virtualization tools offers you this feature to import and export appliances, if you are using some other tool, you should be able to locate and use the similar option.
Alright, now browse and provide the physical path to your downloaded REMnux ova file on this step.
Once done click “Next” to proceed to the third step, It will list you a summary of the import option, you can change resources like CPU, Memory etc from here, otherwise keep default option and hit “Import” , The import process of ova to a new VM will be started immediately.
It will keep showing your progress of the import process, be patient
As soon as the import process completes, you should be able to see it in Virtual Machines lists in Powered off mode. Simply right click it and choose “Start”.
It will boot your REMnux 6 operating system, Login with username “remnux” and default password “malware”.
That’s all , Enjoy using REMnux
This little distro is blessing, think of setting up a Linux box with all these security related apps will take long amount of time. You can get all required apps on one place in this small distro, its lightweight in true sense and resource consumption by this distro is very low. Hope you find this article useful, do let us know in comments please