REMnux: A Linux Distribution For Reverse-Engineering Malware

Use Netsparker


REMnux is a lightweight Linux distribution for assisting malware analysts in reverse-engineering malicious software. The distribution is based on Ubuntu and is maintained by Lenny Zeltser.

REMnux is designed for running services that are useful to emulate within an isolated laboratory environment when performing behavioral malware analysis. As part of this process, the analyst typically infects another laboratory system with the malware sample and directs potentially-malicious connections to the REMnux system that’s listening on the appropriate ports.

REMnux is also useful for analyzing web-based malware, such as malicious JavaScript, Java programs, and Flash files. It also has tools for analyzing malicious documents, such as Microsoft Office and Adobe PDF files, and utilities for reversing malware through memory forensics. In these cases, malware may be loaded onto REMnux and analyzed directly on the REMnux system without requiring other systems to be present in the lab.

You can learn about malware analysis techniques that make use of the tools installed and pre-configured on REMnux by taking the SANS Institute course on Reverse-Engineering Malware (REM).

What REMnux Is Not

REMnux does not aim to include all malware analysis tools in existence. Many of these tools are designed to work on Windows, and investigators prefer to use Windows systems for running such tools. If you are interested in running Windows analysis tools on a Linux platform, take a look at the Zero Wine project.


If you are looking for a more full-featured Linux distribution focused on forensic analysis, take a look at SANS Investigative Forensic Toolkit (SIFT) Workstation.

You can download REMnux here:

remnux-vm-public-1.0.zip

Or read more here.

Posted in: Forensics, Malware

, , ,


Latest Posts:


How To Recover When Your Website Got Hacked How To Recover When Your Website Got Hacked
The array of easily available Hacking Tools out there now is astounding, combined with self-propagating malware, people often come to me when their website got hacked and they don't know what to do, or even where to start.
HTTrack - Website Downloader Copier & Site Ripper Download HTTrack – Website Downloader Copier & Site Ripper Download
HTTrack is a free and easy-to-use offline browser utility which acts as a website downloader and a site ripper for copying websites and downloading them for offline viewing.
sshLooter - Script To Steal SSH Passwords sshLooter – Script To Steal SSH Passwords
sshLooter is a Python script using a PAM module to steal SSH passwords by logging the password and notifying the admin of the script via Telegram when a user logs in.
Intercepter-NG - Android App For Hacking Intercepter-NG – Android App For Hacking
Intercepter-NG is a multi functional network toolkit including an Android app for hacking, the main purpose is to recover interesting data from the network stream and perform different kinds of MiTM attacks.
dcipher - Online Hash Cracking Using Rainbow & Lookup Tables dcipher – Online Hash Cracking Using Rainbow & Lookup Tables
dcipher is a JavaScript-based online hash cracking tool to decipher hashes using online rainbow & lookup table attack services.
HTTP Security Considerations - An Introduction To HTTP Basics HTTP Security Considerations – An Introduction To HTTP Basics
HTTP is ubiquitous now with pretty much everything being powered by an API, a web application or some kind of cloud-based HTTP driven infrastructure. With that HTTP Security becomes paramount and to secure HTTP you have to understand it.


One Response to REMnux: A Linux Distribution For Reverse-Engineering Malware

  1. d3m4s1@d0v1v0 July 14, 2010 at 12:22 pm #

    Very interesting distro. It has been a while since I read about a new idea for a distro… Well I don’t know if it’s new, but I’ve never read about something like this.
    As always, thanks for sharing.