├── saltstack-tester ├── README.md ├── Dockerfile.focal3001 ├── Dockerfile.bionic3001 ├── Dockerfile.bionic3004 ├── Dockerfile.focal3003 ├── Dockerfile.focal3004 ├── Dockerfile.bionic3003 ├── Dockerfile.focal3005 ├── Dockerfile.focal3006 └── Dockerfile.noble3006 ├── rekall ├── README.md └── Dockerfile ├── remnux-distro ├── docker-compose.yaml └── Dockerfile.focal ├── jsdetox ├── README.md └── Dockerfile ├── radare2 ├── README.md └── Dockerfile ├── rizin ├── README.md └── Dockerfile ├── de4js ├── README.md └── Dockerfile ├── viper ├── README.md └── Dockerfile ├── binary-refinery ├── README.md └── Dockerfile ├── README.md ├── ciphey ├── README.md └── Dockerfile ├── retdec ├── README.md └── Dockerfile └── thug ├── README.md ├── distributed ├── README.md └── Dockerfile └── Dockerfile /saltstack-tester/README.md: -------------------------------------------------------------------------------- 1 | These Dockerfile files are used to build containers for testing Salt State files for the REMnux distro. 2 | 3 | They are available from [Docker Hub](https://hub.docker.com/repository/docker/remnux/saltstack-tester) using a command such as: 4 | 5 | For Ubuntu 20.04: 6 | 7 | ``` 8 | docker pull remnux/saltstack-tester:focal 9 | ``` 10 | -------------------------------------------------------------------------------- /rekall/README.md: -------------------------------------------------------------------------------- 1 | # Rekall Memory Forensic Framework 2 | 3 | This Dockerfile represents a Docker image that encapsulates the [Rekall Memory Forensic Framework][1]. To run this image after installing Docker, use a command like this: 4 | 5 | sudo docker run --rm -it -v :/home/nonroot/files remnux/rekall 6 | 7 | then run `rekall` in the container with the desired parameters. 8 | 9 | Before running the command above, you can create the desired on your host. 10 | 11 | [1]: http://www.rekall-forensic.com 12 | -------------------------------------------------------------------------------- /saltstack-tester/Dockerfile.focal3001: -------------------------------------------------------------------------------- 1 | FROM ubuntu:20.04 2 | 3 | RUN \ 4 | export "LANG=en_US.UTF-8" && \ 5 | apt-get update && \ 6 | apt-get install -y wget gnupg && \ 7 | wget -O - http://repo.saltstack.com/py3/ubuntu/20.04/amd64/latest/SALTSTACK-GPG-KEY.pub | apt-key add - && \ 8 | echo "deb [arch=amd64] http://repo.saltstack.com/py3/ubuntu/20.04/amd64/latest focal main" | tee /etc/apt/sources.list.d/saltstack.list && \ 9 | apt-get update && \ 10 | apt-get install -y salt-minion && \ 11 | echo "file_client: local" > /etc/salt/minion -------------------------------------------------------------------------------- /saltstack-tester/Dockerfile.bionic3001: -------------------------------------------------------------------------------- 1 | FROM ubuntu:18.04 2 | 3 | RUN \ 4 | export DEBIAN_FRONTEND=noninteractive && \ 5 | export "LANG=en_US.UTF-8" && \ 6 | apt-get update && \ 7 | apt-get install -y wget gnupg && \ 8 | wget -O - https://repo.saltproject.io/py3/ubuntu/18.04/amd64/3001/salt-archive-keyring.gpg | apt-key add - && \ 9 | echo "deb [arch=amd64] https://repo.saltproject.io/py3/ubuntu/18.04/amd64/3001" | tee /etc/apt/sources.list.d/saltstack.list && \ 10 | apt-get update && \ 11 | apt-get install -y salt-minion && \ 12 | echo "file_client: local" > /etc/salt/minion && \ 13 | unset DEBIAN_FRONTEND 14 | -------------------------------------------------------------------------------- /remnux-distro/docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | services: 3 | container: 4 | image: remnux/remnux-distro:focal 5 | hostname: remnux 6 | container_name: remnux 7 | networks: 8 | net: 9 | ipv4_address: 172.22.0.3 10 | volumes: 11 | - ./files:/home/remnux/files/:ro 12 | ports: 13 | - "33:22" 14 | cap_add: 15 | - SYS_ADMIN 16 | - MKNOD 17 | privileged: true 18 | devices: 19 | - "/dev/fuse:/dev/fuse" 20 | 21 | networks: 22 | net: 23 | ipam: 24 | driver: default 25 | config: 26 | - subnet: 172.22.0.0/16 27 | gateway: 172.22.0.1 28 | 29 | -------------------------------------------------------------------------------- /saltstack-tester/Dockerfile.bionic3004: -------------------------------------------------------------------------------- 1 | FROM ubuntu:18.04 2 | 3 | RUN \ 4 | export DEBIAN_FRONTEND=noninteractive && \ 5 | export "LANG=en_US.UTF-8" && \ 6 | apt-get update && \ 7 | apt-get install -y wget gnupg && \ 8 | wget -O - https://repo.saltproject.io/py3/ubuntu/18.04/amd64/latest/salt-archive-keyring.gpg | apt-key add - && \ 9 | echo "deb [arch=amd64] https://repo.saltproject.io/py3/ubuntu/18.04/amd64/3004 bionic main" | tee /etc/apt/sources.list.d/saltstack.list && \ 10 | apt-get update && \ 11 | apt-get install -y salt-common && \ 12 | mkdir -p /etc/salt && \ 13 | echo "file_client: local" > /etc/salt/minion && \ 14 | unset DEBIAN_FRONTEND 15 | -------------------------------------------------------------------------------- /saltstack-tester/Dockerfile.focal3003: -------------------------------------------------------------------------------- 1 | FROM ubuntu:20.04 2 | 3 | RUN \ 4 | export DEBIAN_FRONTEND=noninteractive && \ 5 | export "LANG=en_US.UTF-8" && \ 6 | apt-get update && \ 7 | apt-get install -y wget gnupg && \ 8 | wget -O - https://repo.saltproject.io/py3/ubuntu/20.04/amd64/latest/salt-archive-keyring.gpg | apt-key add - && \ 9 | echo "deb [arch=amd64] https://repo.saltproject.io/py3/ubuntu/20.04/amd64/latest focal main" | tee /etc/apt/sources.list.d/saltstack.list && \ 10 | apt-get update && \ 11 | apt-get install -y salt-common && \ 12 | mkdir -p /etc/salt && \ 13 | echo "file_client: local" > /etc/salt/minion && \ 14 | unset DEBIAN_FRONTEND 15 | -------------------------------------------------------------------------------- /saltstack-tester/Dockerfile.focal3004: -------------------------------------------------------------------------------- 1 | FROM ubuntu:20.04 2 | 3 | RUN \ 4 | export DEBIAN_FRONTEND=noninteractive && \ 5 | export "LANG=en_US.UTF-8" && \ 6 | apt-get update && \ 7 | apt-get install -y wget gnupg && \ 8 | wget -O - https://repo.saltproject.io/py3/ubuntu/20.04/amd64/latest/salt-archive-keyring.gpg | apt-key add - && \ 9 | echo "deb [arch=amd64] https://repo.saltproject.io/py3/ubuntu/20.04/amd64/3004 focal main" | tee /etc/apt/sources.list.d/saltstack.list && \ 10 | apt-get update && \ 11 | apt-get install -y salt-common && \ 12 | mkdir -p /etc/salt && \ 13 | echo "file_client: local" > /etc/salt/minion && \ 14 | unset DEBIAN_FRONTEND 15 | -------------------------------------------------------------------------------- /jsdetox/README.md: -------------------------------------------------------------------------------- 1 | # JSDetox Malware Analysis Tool for JavaScript Deobfuscation 2 | 3 | This Dockerfile represents a Docker image that encapsulates the [JSDetox][1] malware analysis tool for JavaScript deobfuscation by [@sven_t][2]. To run JSDetox after installing Docker, use the following command: 4 | 5 | sudo docker run -d --rm --name jsdetox -p 3000:3000 remnux/jsdetox 6 | 7 | Then, connect to http://localhost:3000 using your web browser. The startup process will take between 30 seconds to a minute. 8 | 9 | To stop JSDetox, use "`sudo docker stop jsdetox`". 10 | 11 | [1]: http://www.relentless-coding.com/projects/jsdetox 12 | [2]: https://twitter.com/sven_t 13 | -------------------------------------------------------------------------------- /saltstack-tester/Dockerfile.bionic3003: -------------------------------------------------------------------------------- 1 | FROM ubuntu:18.04 2 | 3 | RUN \ 4 | export DEBIAN_FRONTEND=noninteractive && \ 5 | export "LANG=en_US.UTF-8" && \ 6 | apt-get update && \ 7 | apt-get install -y wget gnupg && \ 8 | wget -O - https://repo.saltproject.io/py3/ubuntu/18.04/amd64/latest/salt-archive-keyring.gpg | apt-key add - && \ 9 | echo "deb [arch=amd64] https://repo.saltproject.io/py3/ubuntu/18.04/amd64/latest bionic main" | tee /etc/apt/sources.list.d/saltstack.list && \ 10 | apt-get update && \ 11 | apt-get install -y salt-common && \ 12 | mkdir -p /etc/salt && \ 13 | echo "file_client: local" > /etc/salt/minion && \ 14 | unset DEBIAN_FRONTEND 15 | -------------------------------------------------------------------------------- /radare2/README.md: -------------------------------------------------------------------------------- 1 | This Docker image encapsulates the [Radare2][1] reverse-engineering framework. 2 | 3 | To run this image after installing Docker, use a command like this, replacing "~/workdir" with the path to your working directory on the underlying host: 4 | 5 | docker run --rm -it --cap-drop=ALL --cap-add=SYS_PTRACE -v ~/workdir:/home/nonroot/workdir remnux/radare2 6 | 7 | Then run `r2` or other Radare2 commands inside the container. Before running the application, create ~/workdir on your host. 8 | 9 | This Dockerfile is based on the instructions documented in the official [Radare2 Dockerfile][2] file. 10 | 11 | 12 | [1]: http://radare.org/ 13 | [2]: https://github.com/radareorg/radare2/blob/master/Dockerfile 14 | -------------------------------------------------------------------------------- /rizin/README.md: -------------------------------------------------------------------------------- 1 | This Docker image encapsulates the [Rizin][1] reverse-engineering framework. 2 | 3 | To run this image after installing Docker, use a command like this, replacing "~/workdir" with the path to your working directory on the underlying host: 4 | 5 | docker run --rm -it --cap-drop=ALL --cap-add=SYS_PTRACE -v ~/workdir:/home/nonroot/workdir remnux/rizin 6 | 7 | Then run `rizin` or other Rizin commands (starting with `rz-`) inside the container. Before running the application, create ~/workdir on your host. 8 | 9 | This Dockerfile is based on the instructions documented in the official [Rizin Dockerfile][2] file. 10 | 11 | 12 | [1]: https://rizin.re 13 | [2]: https://github.com/rizinorg/rizin/blob/dev/Dockerfile 14 | -------------------------------------------------------------------------------- /de4js/README.md: -------------------------------------------------------------------------------- 1 | # de4js JavaScript Deobfuscator and Unpacker 2 | 3 | This Dockerfile represents a Docker image that encapsulates the [de4js][1] Javascript deobfuscation tool. 4 | It's based on the original instructions documented in the official [GitHub][2] repository. 5 | 6 | To run this image after installing Docker, you can use the following command: 7 | 8 | sudo docker run -d --rm -p 4000:4000 -p 35729:35729 --name de4js remnux/de4js 9 | 10 | Then browse to `http://localhost:4000/de4js/` 11 | 12 | It's important to remember the trailing slash after the above URL 13 | 14 | To stop de4js, use `sudo docker stop de4js`. 15 | 16 | [1]: https://github.com/lelinhtinh/de4js 17 | [2]: https://github.com/lelinhtinh/de4js/blob/master/Dockerfile 18 | -------------------------------------------------------------------------------- /saltstack-tester/Dockerfile.focal3005: -------------------------------------------------------------------------------- 1 | FROM ubuntu:20.04 2 | 3 | RUN \ 4 | export DEBIAN_FRONTEND=noninteractive && \ 5 | export "LANG=en_US.UTF-8" && \ 6 | apt-get update && \ 7 | apt-get install -y curl gnupg && \ 8 | curl -fsSL -o /usr/share/keyrings/salt-archive-keyring-3005.gpg https://repo.saltproject.io/salt/py3/ubuntu/20.04/amd64/3005/salt-archive-keyring.gpg && \ 9 | echo "deb [signed-by=/usr/share/keyrings/salt-archive-keyring-3005.gpg arch=amd64] https://repo.saltproject.io/salt/py3/ubuntu/20.04/amd64/3005 focal main" | tee /etc/apt/sources.list.d/saltstack.list && \ 10 | apt-get update && \ 11 | apt-get install -y salt-common && \ 12 | mkdir -p /etc/salt && \ 13 | echo "file_client: local" > /etc/salt/minion && \ 14 | unset DEBIAN_FRONTEND 15 | -------------------------------------------------------------------------------- /saltstack-tester/Dockerfile.focal3006: -------------------------------------------------------------------------------- 1 | FROM ubuntu:20.04 2 | 3 | RUN \ 4 | export DEBIAN_FRONTEND=noninteractive && \ 5 | export "LANG=en_US.UTF-8" && \ 6 | apt-get update && \ 7 | apt-get install -y curl gnupg && \ 8 | curl -fsSL -o /usr/share/keyrings/salt-archive-keyring-2023.gpg https://repo.saltproject.io/salt/py3/ubuntu/20.04/amd64/SALT-PROJECT-GPG-PUBKEY-2023.gpg && \ 9 | echo "deb [signed-by=/usr/share/keyrings/salt-archive-keyring-2023.gpg arch=amd64] https://repo.saltproject.io/salt/py3/ubuntu/20.04/amd64/3006 focal main" | tee /etc/apt/sources.list.d/saltstack.list && \ 10 | apt-get update && \ 11 | apt-get install -y salt-common && \ 12 | mkdir -p /etc/salt && \ 13 | echo "file_client: local" > /etc/salt/minion && \ 14 | unset DEBIAN_FRONTEND 15 | -------------------------------------------------------------------------------- /saltstack-tester/Dockerfile.noble3006: -------------------------------------------------------------------------------- 1 | ARG OSVERSION=24.04 2 | ARG SALTVERSION=3006 3 | ARG OSCODE=noble 4 | 5 | FROM ubuntu:$OSVERSION 6 | 7 | RUN \ 8 | export DEBIAN_FRONTEND=noninteractive && \ 9 | export "LANG=en_US.UTF-8" && \ 10 | apt-get update && \ 11 | apt-get install -y wget gnupg git && \ 12 | wget -O - "https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public" | tee /etc/apt/keyrings/salt-archive-keyring.pgp && \ 13 | wget -O - "https://github.com/saltstack/salt-install-guide/releases/latest/download/salt.sources" | tee /etc/apt/sources.list.d/salt.sources && \ 14 | apt-get update && \ 15 | apt-get install -y salt-common && \ 16 | mkdir -p /etc/salt && \ 17 | echo "file_client: local" > /etc/salt/minion && \ 18 | unset DEBIAN_FRONTEND -------------------------------------------------------------------------------- /viper/README.md: -------------------------------------------------------------------------------- 1 | # Viper Binary Analysis and Management Framework 2 | 3 | This Dockerfile represents a Docker image that encapsulates the [Viper][1] binary analysis and management framework by Claudio Guarnieri ([@botherder][2] - [homepage][3]). 4 | 5 | To run this image after installing Docker, use a command like this to launch the container, replacing "~/workdir" with the path to the location of the data to analyse: 6 | 7 | sudo docker run -it --rm -v ~/workdir:/home/nonroot/workdir remnux/viper 8 | 9 | To run the "clamav" Viper plugin, the clamav-daemon must be running in the container. You can enable this by running: 10 | 11 | sudo service clamav-daemon start 12 | 13 | [1]: https://github.com/viper-framework/viper 14 | [2]: https://twitter.com/botherder 15 | [3]: https://nex.sx/ 16 | -------------------------------------------------------------------------------- /binary-refinery/README.md: -------------------------------------------------------------------------------- 1 | Transform binary data through a collection of standalone command-line tools that comprise [the Binary Refinery™ toolkit](https://github.com/binref/refinery), chaining the individual tools as necessary. 2 | 3 | To run Binary Refinery™ tools within this Docker container, create a directory where you'll store your input files, e.g. ~/workdir. Then, use a command like this to launch the container and have your directory mapped as /home/nonroot/workdir inside the container: 4 | 5 | ``` 6 | docker run -it --rm -v ~/workdir:/home/nonroot/workdir remnux/binary-refinery 7 | ``` 8 | 9 | The binary-refinery Docker image is hosted in the REMnux Docker Hub repository. 10 | 11 | For documentation on Binary Refinery, including the listing of its tools, see: https://binref.github.io and https://github.com/binref/refinery 12 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | One aspect of the REMnux project involves providing [Docker images of popular malware analysis tools](https://docs.remnux.org/#run-in-containers), with the goal of allowing investigators to conveniently utilize difficult-to-install applications without having to install the REMnux distro. You can [download and run existing images](https://docs.remnux.org/run-tools-in-containers/remnux-containers) and [contribute your own](https://docs.remnux.org/get-involved/add-or-update-tools/contribute-dockerfile) to the REMnux collection. You can also [run the REMnux distro as a Docker container](https://docs.remnux.org/install-distro/remnux-as-a-container) by using the prebuilt Docker image hosted in the REMNux repository on Docker Hub. 2 | 3 | This Github repository hosts the Dockerfiles themselves. The resulting images are built and hosted at [Docker Hub](https://hub.docker.com/u/remnux/). 4 | -------------------------------------------------------------------------------- /ciphey/README.md: -------------------------------------------------------------------------------- 1 | Automatically recognize and decode/decrypt common encoding and encryption techniques. 2 | 3 | [Ciphey](https://github.com/Ciphey/Ciphey) is designed to automatically recognize and decode/decrypt common encoding and encryption techniques. It was created by Brandon Skerritt and is licensed under MIT License. According the author, the tool uses "natural language processing & artifical intelligence, along with some common sense." 4 | 5 | To run Ciphey using this Docker container, create a directory where you'll store your input files, e.g. ~/workdir/input.txt. Then, use a command like this to run "ciphey" and have your directory mapped as /home/nonroot/workdir inside the container: 6 | 7 | ``` 8 | docker run -it --rm -v ~/workdir:/home/nonroot/workdir remnux/ciphey -f input.txt 9 | ``` 10 | 11 | Or for a text input: 12 | 13 | ``` 14 | docker run -it --rm remnux/ciphey "=MXazlHbh5WQgUmchdHbh1EIy9mZgQXarx2bvRFI4VnbpxEIBBiO4VnbNVkU" 15 | ``` 16 | 17 | The remnux/ciphey image is hosted on its [Docker Hub page](https://hub.docker.com/repository/docker/remnux/ciphey). 18 | -------------------------------------------------------------------------------- /retdec/README.md: -------------------------------------------------------------------------------- 1 | # RetDec Retargetable machine-code decompiler 2 | 3 | This is a RetDec docker built on Ubuntu 20.04 LTS that encapsulates [RetDec][1], a Retargetable Decompiler, created by Avast. 4 | 5 | The original source for the software can be 6 | 7 | To use this docker, issue the following command: 8 | 9 | `sudo docker run -it --rm -v :/tmp/files remnux/retdec /bin/bash` 10 | 11 | Where is the local path where your binary files of interest are located 12 | 13 | Commands available with RetDec include: 14 | 15 | `retdec-ar-extractor retdec-config retdec-fileinfo.py` 16 | `retdec-macho-extractor retdec-unpacker retdec-archive-decompiler.py` 17 | `retdec-config.py retdec-getsig retdec-pat2yara` 18 | `retdec-unpacker.py retdec-bin2llvmir retdec-decompiler.py` 19 | `retdec-idb2pat retdec-signature-from-library-creator.py` 20 | `retdec-utils.py retdec-bin2pat retdec-fileinfo` 21 | `retdec-llvmir2hll retdec-stacofin retdec-yarac` 22 | 23 | Username and Password for the Docker are: retdec/retdec 24 | 25 | [1]: https://github.com/avast/retdec 26 | -------------------------------------------------------------------------------- /de4js/Dockerfile: -------------------------------------------------------------------------------- 1 | # Name: de4js 2 | # Website: https://lelinhtinh.github.io/de4js/ 3 | # Description: Web-based javascript deobfuscator and unpacker 4 | # Category: Dynamically Reverse-Engineer Code: Scripts 5 | # Author: Thanh Than Thien (lelinhtinh) 6 | # License: MIT License (https://github.com/lelinhtinh/de4js/blob/master/LICENSE) 7 | # Notes: 8 | # 9 | # This Dockerfile is built for use with ruby installed in Alpine Linux 2.7 10 | # base on the original instructions documented in the official Dockerfile found here: 11 | # https://github.com/lelinhtinh/de4js/blob/master/Dockerfile 12 | # 13 | # To run this image after installing Docker, you can use the following command: 14 | # sudo docker run -d --rm -p 4000:4000 -p 35729:35729 --name de4js remnux/de4js 15 | # Then browse to http://localhost:4000/de4js/ 16 | 17 | FROM ruby:2.7-alpine 18 | LABEL maintainer="Lenny Zeltser (@lennyzeltser, www.zeltser.com)" 19 | LABEL updated="5 Oct 2020" 20 | 21 | RUN apk add --no-cache build-base gcc bash cmake git 22 | WORKDIR /srv/jekyll 23 | RUN git clone https://github.com/lelinhtinh/de4js 24 | 25 | WORKDIR /srv/jekyll/de4js 26 | RUN gem install bundler 27 | RUN bundle install --gemfile /srv/jekyll/de4js/Gemfile 28 | CMD ["bundle","exec","jekyll","serve","--force_polling","--host","0.0.0.0","--port","4000","--config","_config.yml,_config_development.yml","--livereload"] 29 | -------------------------------------------------------------------------------- /jsdetox/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # This Docker image encapsulates the JSDetox malware analysis tool by @sven_t 3 | # from http://www.relentless-coding.com/projects/jsdetox 4 | # 5 | # To run this image after installing Docker, use the following command: 6 | # sudo docker run -d --rm --name jsdetox -p 3000:3000 remnux/jsdetox 7 | # Then, connect to http://localhost:3000 using your web browser. 8 | # To stop jsdetox, use: 9 | # sudo docker stop jsdetox 10 | # 11 | # Updated for Ubuntu 20.04 12 | # Changes: Update version of therubyracer from 0.9.8 to 0.12.3 13 | # Update docker to 20.04 14 | # Install and specify bundler version 1.17.3 for focal 15 | 16 | FROM ubuntu:20.04 17 | LABEL maintainer="Lenny Zeltser (@lennyzeltser, www.zeltser.com)" 18 | LABEL updated="22 May 2021" 19 | 20 | USER root 21 | RUN apt-get update && apt-get install -y \ 22 | git \ 23 | ruby \ 24 | ruby-dev \ 25 | bundler \ 26 | zlib1g-dev \ 27 | build-essential && \ 28 | rm -rf /var/lib/apt/lists/* 29 | 30 | RUN groupadd -r nonroot && \ 31 | useradd -r -g nonroot -d /home/nonroot -s /usr/sbin/nologin -c "Nonroot User" nonroot && \ 32 | mkdir /home/nonroot && \ 33 | chown -R nonroot:nonroot /home/nonroot 34 | 35 | USER nonroot 36 | WORKDIR /home/nonroot 37 | RUN git clone https://github.com/svent/jsdetox.git 38 | 39 | USER root 40 | RUN gem install bundler -v "1.17.3" 41 | WORKDIR /home/nonroot/jsdetox 42 | RUN sed "s/, '0.9.8'/, '0.12.3'/g" -i Gemfile 43 | RUN bundle _1.17.3_ install 44 | 45 | USER nonroot 46 | EXPOSE 3000 47 | WORKDIR /home/nonroot/jsdetox 48 | CMD ./jsdetox -l $HOSTNAME 2>/dev/null 49 | -------------------------------------------------------------------------------- /ciphey/Dockerfile: -------------------------------------------------------------------------------- 1 | # Name: Ciphey 2 | # Website: https://github.com/Ciphey/Ciphey 3 | # Description: Automatically recognize and decode/decrypt common encoding and encryption techniques. 4 | # Author: Brandon Skerritt: https://twitter.com/brandon_skerrit 5 | # License: MIT License: https://github.com/Ciphey/Ciphey/blob/master/license 6 | # Notes: ciphey 7 | # 8 | # To run Ciphey using this Docker container, create a directory where you'll store 9 | # your input files, e.g. ~/workdir/input.txt. Then, use a command like this to run "ciphey" 10 | # and have your directory mapped as /home/nonroot/workdir inside the container: 11 | # 12 | # docker run -it --rm -v ~/workdir:/home/nonroot/workdir remnux/ciphey -f input.txt 13 | # 14 | # Or for a text input: 15 | # 16 | # docker run -it --rm remnux/ciphey "=MXazlHbh5WQgUmchdHbh1EIy9mZgQXarx2bvRFI4VnbpxEIBBiO4VnbNVkU" 17 | # 18 | # The remnux/ciphey image is hosted on its Docker Hub page. 19 | 20 | FROM python:3.8.12-slim-buster 21 | LABEL version="1.1" 22 | LABEL description="Ciphey - An Automated Decoding and Decryption Tool" 23 | LABEL maintainer="Lenny Zeltser" 24 | ENV LANG C.UTF-8 25 | ENV LANGUAGE C.UTF-8 26 | ENV LC_ALL C.UTF-8 27 | 28 | USER root 29 | 30 | RUN pip3 install --upgrade pip && \ 31 | pip3 install --upgrade ciphey && \ 32 | groupadd -r nonroot && \ 33 | useradd -m -r -g nonroot -d /home/nonroot -s /usr/sbin/nologin -c "Nonroot User" nonroot && \ 34 | mkdir -p /home/nonroot/workdir && \ 35 | chown -R nonroot:nonroot /home/nonroot 36 | 37 | USER nonroot 38 | ENV HOME /home/nonroot 39 | WORKDIR /home/nonroot/workdir 40 | VOLUME ["/home/nonroot/workdir"] 41 | ENV USER nonroot 42 | ENTRYPOINT ["/usr/local/bin/ciphey"] 43 | CMD ["--help"] 44 | -------------------------------------------------------------------------------- /thug/README.md: -------------------------------------------------------------------------------- 1 | # Thug Low-Interaction Honeyclient 2 | 3 | This Dockerfile represents a Docker image that encapsulates [Thug][1], a low-interaction honeyclient, which was created by Angelo Dell'Aera (angelodellaera). 4 | 5 | The file below is based on ideas from [Spenser Reinhardt's Dockerfile][2], on instructions outlined by [M. Fields][3] and on the installation script created by [Payload Security][4]. 6 | 7 | To run this image after installing Docker, you have a number of options: 8 | 9 | `sudo docker run --rm -v :/tmp/thug/logs remnux/thug ` 10 | 11 | This will allow you to run thug as a 'headless' application without having to enter the docker. Variables can be passed on the command-line (such as -F to enable file logging). Logs are stored in /tmp/thug/logs by default. Your should be made world-accessible to ensure no permissions issues: e.g. "chmod a+xwr ~/logs" 12 | 13 | `sudo docker run --rm -it --entrypoint "/bin/bash" remnux/thug` 14 | 15 | This will enter you into the docker where you can run "thug" with the desired parameters (such as -F to enable file logging). 16 | 17 | `sudo docker run --rm -it -v :/tmp/thug/logs --entrypoint "/bin/bash" remnux/thug` 18 | 19 | This is essentially a combination of both of the above, allowing you entry into the docker, and storage of log files in your host environment. 20 | 21 | To support distributed operations and MongoDB output, install the following packages into the image using "apt-get mongodb mongodb-dev python-pymongo rabbitmq-server python-pika" 22 | 23 | [1]: https://github.com/buffer/thug 24 | [2]: https://registry.hub.docker.com/u/sreinhardt/honeynet/dockerfile 25 | [3]: https://twitter.com/shakey_1 26 | [4]: https://github.com/PayloadSecurity/VxCommunity/blob/master/bash/thuginstallation.sh 27 | -------------------------------------------------------------------------------- /thug/distributed/README.md: -------------------------------------------------------------------------------- 1 | # Thug Low-Interaction Honeyclient 2 | 3 | This Dockerfile represents a Docker image that encapsulates [Thug][1], a low-interaction honeyclient, which was created by Angelo Dell'Aera (angelodellaera). 4 | 5 | The file below is based on ideas from [Spenser Reinhardt's Dockerfile][2], on instructions outlined by [M. Fields][3] and on the installation script created by [Payload Security][4]. 6 | 7 | To run this image after installing Docker, you have a number of options: 8 | 9 | `sudo docker run --rm -v :/tmp/thug/logs remnux/thug ` 10 | 11 | - This will allow you to run thug as a 'headless' application without having to enter the docker. Variables can be passed on the command-line (such as -F to enable file logging). Logs are stored in /tmp/thug/logs by default. Your should be made world-accessible to ensure no permissions issues: e.g. "chmod a+xwr ~/logs" 12 | 13 | `sudo docker run --rm -it --entrypoint "/bin/bash" remnux/thug` 14 | 15 | - This will enter you into the docker where you can run "thug" with the desired parameters (such as -F to enable file logging). 16 | 17 | `sudo docker run --rm -it -v :/tmp/thug/logs --entrypoint "/bin/bash" remnux/thug` 18 | 19 | - This is essentially a combination of both of the above, allowing you entry into the docker, and storage of log files in your host environment. 20 | 21 | This docker provides the capability for distributed operations and MongoDB output, containing the following packages: mongodb, mongodb-dev, python-pymongo, rabbitmq-server, python-pika. 22 | 23 | [1]: https://github.com/buffer/thug 24 | [2]: https://registry.hub.docker.com/u/sreinhardt/honeynet/dockerfile 25 | [3]: https://twitter.com/shakey_1 26 | [4]: https://github.com/PayloadSecurity/VxCommunity/blob/master/bash/thuginstallation.sh 27 | -------------------------------------------------------------------------------- /binary-refinery/Dockerfile: -------------------------------------------------------------------------------- 1 | # Name: Binary Refinery 2 | # Website: https://github.com/binref/refinery 3 | # Description: Transform binary data through a collection of standalone command-line tools that comprise the Binary Refinery™ toolkit, chaining the individual tools as necessary. 4 | # Author: Jesko Hüttenhain 5 | # License: 3-Clause BSD License: https://github.com/binref/refinery/blob/master/LICENSE 6 | # Notes: 7 | # 8 | # To run Binary Refinery™ tools within this Docker container, create a directory where you'll store 9 | # your input files, e.g. ~/workdir. Then, use a command like this to launch the container 10 | # and have your directory mapped as /home/nonroot/workdir inside the container: 11 | # 12 | # docker run -it --rm -v ~/workdir:/home/nonroot/workdir remnux/binary-refinery 13 | # 14 | # The binary-refinery Docker image is hosted in the REMnux Docker Hub repository. 15 | # 16 | # For documentation on Binary Refinery, including the listing of its tools, see: 17 | # https://binref.github.io and https://github.com/binref/refinery 18 | 19 | FROM python:3.8.12-slim-buster 20 | LABEL version="1.0" 21 | LABEL description="The Binary Refinery™ is a collection of Python scripts that implement transformations of binary data such as compression and encryption. " 22 | LABEL maintainer="Lenny Zeltser" 23 | ENV LANG C.UTF-8 24 | ENV LANGUAGE C.UTF-8 25 | ENV LC_ALL C.UTF-8 26 | 27 | USER root 28 | 29 | RUN pip3 install --upgrade pip && \ 30 | pip3 install --upgrade binary-refinery[all] && \ 31 | groupadd -r nonroot && \ 32 | useradd -m -r -g nonroot -d /home/nonroot -s /usr/sbin/nologin -c "Nonroot User" nonroot && \ 33 | mkdir -p /home/nonroot/workdir && \ 34 | chown -R nonroot:nonroot /home/nonroot 35 | 36 | USER nonroot 37 | ENV HOME /home/nonroot 38 | WORKDIR /home/nonroot/workdir 39 | VOLUME ["/home/nonroot/workdir"] 40 | ENV USER nonroot 41 | CMD "/bin/bash" -------------------------------------------------------------------------------- /remnux-distro/Dockerfile.focal: -------------------------------------------------------------------------------- 1 | # This Docker image encapsulates the REMnux v7 distro on Ubuntu 20.04 (focal). 2 | # For details about REMnux, including how you can run it on a physical system 3 | # or as a virtual machine, see https://REMnux.org. 4 | # 5 | # You can run this image as a container using a command such as: 6 | # 7 | # docker run --rm -it remnux/remnux-distro /bin/bash 8 | # 9 | # To map a local directory into the container's /home/remnux/files directory, 10 | # you could use a command lile this by supplying the appropriate directory name: 11 | # 12 | # docker run --rm -it -v :/home/remnux/files remnux/remnux-distro /bin/bash 13 | # 14 | # If you'd like to access the container using SSH, you can invoke it like this by 15 | # mapping your local TCP port 22 to the container's internal TCP port 22. In this example, 16 | # the container will remain active in the background: 17 | # 18 | # docker run -d -p 22:22 remnux/remnux-distro 19 | # 20 | # If you're going to run this container in a remote cloud, be sure to change the default 21 | # password and otherwise harden the system according to your requirements. 22 | # 23 | # If you're planning to use Cutter inside the container, you'll need to include the 24 | # --privileged parameter when invoking Docker. 25 | # 26 | 27 | FROM ubuntu:20.04 28 | 29 | LABEL description="REMnux® is a Linux toolkit for reverse-engineering and analyzing malicious software." 30 | LABEL maintainer="Lenny Zeltser (@lennyzeltser, zeltser.com)" 31 | LABEL version="v2025.30.1" 32 | ARG CAST_VER=0.16.22 33 | 34 | USER root 35 | 36 | WORKDIR /tmp 37 | RUN export DEBIAN_FRONTEND=noninteractive && \ 38 | apt-get update && \ 39 | apt-get install -y wget gnupg git && \ 40 | wget https://github.com/ekristen/cast/releases/download/v${CAST_VER}/cast-v${CAST_VER}-linux-amd64.deb && \ 41 | dpkg -i /tmp/cast-v${CAST_VER}-linux-amd64.deb && \ 42 | cast install --mode cloud --user remnux remnux && \ 43 | rm -rf /root/.cache/* && \ 44 | unset DEBIAN_FRONTEND 45 | 46 | RUN rm /tmp/cast-v${CAST_VER}-linux-amd64.deb 47 | 48 | ENV TERM=linux 49 | WORKDIR /home/remnux 50 | 51 | RUN mkdir /var/run/sshd 52 | EXPOSE 22 53 | CMD ["/usr/sbin/sshd", "-D"] 54 | -------------------------------------------------------------------------------- /retdec/Dockerfile: -------------------------------------------------------------------------------- 1 | # This is a RetDec docker built on Ubuntu 20.04 LTS 2 | # The RetDec source sofware can be found at: 3 | # https://github.com/avast/retdec 4 | # 5 | # RetDec is a retargetable machine-code compiler 6 | # based on LLVM. 7 | # 8 | # To use this docker, issue the following command: 9 | # sudo docker run -it --rm -v :/tmp/files remnux/retdec /bin/bash 10 | # 11 | # Where is the local path where your binary files 12 | # of interest are located 13 | # 14 | # Commands available with RetDec include: 15 | # 16 | # retdec-ar-extractor retdec-config retdec-fileinfo.py 17 | # retdec-macho-extractor retdec-unpacker retdec-archive-decompiler.py 18 | # retdec-config.py retdec-getsig retdec-pat2yara 19 | # retdec-unpacker.py retdec-bin2llvmir retdec-decompiler.py 20 | # retdec-idb2pat retdec-signature-from-library-creator.py 21 | # retdec-utils.py retdec-bin2pat retdec-fileinfo 22 | # retdec-llvmir2hll retdec-stacofin retdec-yarac 23 | # 24 | # User/Pass: retdec/retdec 25 | # 26 | 27 | FROM ubuntu:20.04 28 | LABEL maintainer="Lenny Zeltser (@lennyzeltser, www.zeltser.com)" 29 | LABEL updated="24 May 2021" 30 | LABEL updated_by="digitalsleuth" 31 | 32 | USER root 33 | RUN apt-get update && apt-get upgrade -y && apt-get install wget curl sudo xz-utils python3 rsync graphviz -y && \ 34 | rm -rf /var/lib/apt/lists/* 35 | 36 | WORKDIR /usr/local/src 37 | 38 | RUN wget https://github.com/avast/retdec/releases/download/v4.0/retdec-v4.0-ubuntu-64b.tar.xz && \ 39 | tar -xvf retdec-v4.0-ubuntu-64b.tar.xz && \ 40 | rsync -a retdec/ /usr/local/ && \ 41 | rm -rf retdec* 42 | 43 | RUN wget https://github.com/upx/upx/releases/download/v3.96/upx-3.96-amd64_linux.tar.xz && \ 44 | tar -xvf upx-3.96-amd64_linux.tar.xz && \ 45 | mv upx-3.96-amd64_linux/upx /usr/local/bin && \ 46 | rm -rf upx-3.96-amd64_linux* 47 | 48 | RUN groupadd -r retdec && \ 49 | useradd -m -d /home/retdec -g retdec -s /usr/sbin/nologin -c "RETDEC User" retdec && \ 50 | mkdir -p /tmp/files && \ 51 | chown -R retdec:retdec /home/retdec /tmp/files && \ 52 | usermod -a -G sudo retdec && echo 'retdec:retdec' | chpasswd 53 | 54 | USER retdec 55 | ENV HOME /home/retdec 56 | ENV USER retdec 57 | WORKDIR /home/retdec 58 | VOLUME ["/tmp/files"] 59 | -------------------------------------------------------------------------------- /radare2/Dockerfile: -------------------------------------------------------------------------------- 1 | # Name: radare2 2 | # Website: https://www.radare.org/n/radare2.html 3 | # Description: Examine binary files, including disassembling and debugging. 4 | # Category: Dynamically Reverse-Engineer Code: General 5 | # Author: https://github.com/radareorg/radare2/blob/master/AUTHORS.md 6 | # License: GNU Lesser General Public License (LGPL) v3: https://github.com/radareorg/radare2/blob/master/COPYING 7 | # Notes: r2, rasm2, rabin2, rahash2, rafind2, r2agent 8 | # 9 | # To run this image after installing Docker, use the command below, replacing 10 | # "~/workdir" with the path to your working directory on the underlying host. 11 | # Before running the docker, create ~/workdir on your host. 12 | # 13 | # docker run --rm -it --cap-drop=ALL --cap-add=SYS_PTRACE -v ~/workdir:/home/nonroot/workdir remnux/radare2 14 | # 15 | # Then run "r2" or other Radare2 commands inside the container. 16 | # 17 | # Running 'r2agent -a' will enable the web-based interface on port 8080 by default. 18 | # To access this, add '-p 8080:8080' to the above docker command (before 'remnux/radare2') 19 | # Then browse to your http://YOUR_IP:8080. 20 | 21 | FROM ubuntu:20.04 22 | LABEL maintainer="Lenny Zeltser (@lennyzeltser, www.zeltser.com)" 23 | LABEL updated="13 Apr 2022" 24 | LABEL updated_by="Corey Forman" 25 | ENV LANG C.UTF-8 26 | ENV LANGUAGE C.UTF-8 27 | ENV LC_ALL C.UTF-8 28 | ARG R2VER=5.6.6 29 | 30 | USER root 31 | RUN apt-get update && apt-get install -y \ 32 | sudo \ 33 | wget \ 34 | git && \ 35 | rm -rf /var/lib/apt/lists/* 36 | 37 | RUN groupadd -r nonroot && \ 38 | useradd -m -d /home/nonroot -g nonroot -s /usr/sbin/nologin -c "Nonroot User" nonroot && \ 39 | mkdir -p /home/nonroot/workdir && \ 40 | chown -R nonroot:nonroot /home/nonroot && \ 41 | usermod -a -G sudo nonroot && echo 'nonroot:nonroot' | chpasswd && \ 42 | echo "nonroot ALL=(ALL) NOPASSWD: ALL" >/etc/sudoers.d/nonroot && \ 43 | mkdir /usr/local/radare2 && \ 44 | chown nonroot:nonroot /usr/local/radare2 45 | 46 | RUN wget -O /tmp/radare2_${R2VER}_amd64.deb https://github.com/radareorg/radare2/releases/download/${R2VER}/radare2_${R2VER}_amd64.deb && \ 47 | dpkg -i /tmp/radare2_${R2VER}_amd64.deb && \ 48 | r2pm init && \ 49 | r2pm update && \ 50 | rm /tmp/radare2_${R2VER}_amd64.deb 51 | 52 | USER root 53 | RUN chown -R root:root /usr/local/radare2 54 | 55 | USER nonroot 56 | ENV HOME /home/nonroot 57 | WORKDIR /home/nonroot/workdir 58 | VOLUME ["/home/nonroot/workdir"] 59 | EXPOSE 8080 60 | CMD ["/bin/bash"] 61 | -------------------------------------------------------------------------------- /rekall/Dockerfile: -------------------------------------------------------------------------------- 1 | # Name: rekall 2 | # Website: https://github.com/google/rekall 3 | # Description: Memory analysis framework Category: Examine memory snapshots 4 | # Author: https://github.com/google/rekall/blob/master/AUTHORS.md 5 | # License: https://github.com/google/rekall/blob/master/LICENSE.txt 6 | # Notes: rekall, rekal 7 | # 8 | # This is a rekall docker built on Ubuntu 20.04 LTS 9 | # The rekall software/source can be found either at 10 | # http://www.rekall-forensic.com or 11 | # https://github.com/google/rekall 12 | # 13 | # To use the docker, it is recommended to use the following command 14 | # sudo docker run --rm -it -v :/home/nonroot/files remnux/rekall 15 | # 16 | # This will load you into the docker as the 'nonroot' user, 17 | # and allow you use run the command 'rekall' with any parameters required. 18 | 19 | FROM ubuntu:20.04 20 | LABEL version="3.0" 21 | LABEL description="Rekall docker based on Ubuntu 20.04 LTS" 22 | LABEL maintainer="https://github.com/digitalsleuth" 23 | ENV LANG C.UTF-8 24 | ENV LANGUAGE C.UTF-8 25 | ENV LC_ALL C.UTF-8 26 | 27 | USER root 28 | RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \ 29 | sudo \ 30 | python3 \ 31 | python3-pip \ 32 | python3-dev \ 33 | libssl-dev \ 34 | software-properties-common \ 35 | git \ 36 | nano \ 37 | libncurses5-dev && \ 38 | add-apt-repository ppa:remnux/stable -y && apt-get update && apt-get install yara -y && \ 39 | rm -rf /var/lib/apt/lists/* 40 | 41 | RUN python3 -m pip install --upgrade setuptools pip readline future==0.16.0 pybindgen pyaff4==0.26.post6 capstone pyopenssl pypykatz && \ 42 | python3 -m pip install fastchunking && \ 43 | python3 -m pip install -q distorm3 && \ 44 | git clone https://github.com/digitalsleuth/rekall.git && cd rekall && \ 45 | sed "s/'pypykatz>=0.3.5;python_version>=\"3.5\"',//g" -i rekall-core/setup.py && \ 46 | python3 -m pip install rekall-core/ rekall-agent/ && \ 47 | python3 -m pip install . rekall-lib==1.7.2rc1 && \ 48 | apt-get autoremove -y --purge && \ 49 | apt-get clean -y 50 | 51 | RUN groupadd -r nonroot && \ 52 | useradd -m -r -g nonroot -d /home/nonroot -s /usr/sbin/nologin -c "Nonroot User" nonroot && \ 53 | mkdir -p /home/nonroot/files && \ 54 | chown -R nonroot:nonroot /home/nonroot && \ 55 | usermod -a -G sudo nonroot && echo 'nonroot:nonroot' | chpasswd 56 | 57 | USER nonroot 58 | ENV HOME /home/nonroot 59 | WORKDIR /home/nonroot/files 60 | VOLUME ["/home/nonroot/files"] 61 | ENV USER nonroot 62 | CMD ["/bin/bash"] 63 | -------------------------------------------------------------------------------- /viper/Dockerfile: -------------------------------------------------------------------------------- 1 | # Name: Viper 2 | # Website: https://github.com/viper-framework/viper 3 | # Description: Organize and query a collection of malware samples. 4 | # Category: Gather and Analyze Data 5 | # Author: Claudio Guarnieri: https://nex.sx 6 | # License: BSD 3-Clause License: https://github.com/viper-framework/viper/blob/master/LICENSE 7 | # Notes: viper 8 | # 9 | # This Docker image encapsulates the Viper binary analysis and management 10 | # framework by Claudio Guarnieri. 11 | # 12 | # To run this image after installing Docker, use a command like this to launch the 13 | # docker, replacing "~/workdir" with the path to the location of the data to analyse: 14 | # 15 | # sudo docker run -it --rm -v ~/workdir:/home/nonroot/workdir remnux/viper 16 | # To run the 'clamav' plugin, the clamav-daemon must be running. You can enable this by 17 | # running: sudo service clamav-daemon start 18 | # Before running Viper, create the ~/workdir and make it world-accessible ("chmod a+xwr"). 19 | 20 | FROM ubuntu:20.04 21 | LABEL version="3.0" 22 | LABEL description="Viper Framework Docker" 23 | LABEL maintainer="https://github.com/digitalsleuth" 24 | ENV LANG C.UTF-8 25 | ENV LANGUAGE C.UTF-8 26 | ENV LC_ALL C.UTF-8 27 | 28 | USER root 29 | RUN apt-get update -y && DEBIAN_FRONTEND=noninteractive apt-get install -y \ 30 | git \ 31 | sudo \ 32 | gcc \ 33 | python3-dev \ 34 | python3-pip \ 35 | libssl-dev \ 36 | libffi-dev \ 37 | unrar-free \ 38 | p7zip-full \ 39 | tor \ 40 | libdpkg-perl \ 41 | libusb-1.0-0 \ 42 | libimage-exiftool-perl \ 43 | swig \ 44 | ssdeep \ 45 | clamav-daemon \ 46 | libfuzzy-dev && \ 47 | rm -rf /var/lib/apt/lists/* 48 | 49 | RUN python3 -m pip install setuptools wheel --upgrade && \ 50 | python3 -m pip install viper-framework && \ 51 | freshclam 52 | 53 | RUN groupadd -r nonroot && \ 54 | useradd -m -r -g nonroot -d /home/nonroot -s /usr/sbin/nologin -c "Nonroot User" nonroot && \ 55 | mkdir -p /home/nonroot/workdir && mkdir /home/nonroot/.viper && \ 56 | chown -R nonroot:nonroot /home/nonroot && \ 57 | usermod -a -G sudo nonroot && echo 'nonroot:nonroot' | chpasswd 58 | 59 | USER nonroot 60 | WORKDIR /home/nonroot/.viper 61 | RUN git clone https://github.com/viper-framework/viper-modules.git modules 62 | WORKDIR /home/nonroot/.viper/modules 63 | RUN git submodule init && git submodule update && \ 64 | sed -i 's/verify-sigs @ //g' requirements.txt && \ 65 | sed -i 's/PyMISPGalaxies @ //g' requirements.txt 66 | 67 | USER root 68 | WORKDIR /home/nonroot/.viper/modules 69 | RUN python3 -m pip install -U -r requirements.txt && python3 -m pip install 'lief>=0.11.0' 70 | 71 | USER nonroot 72 | ENV HOME /home/nonroot 73 | WORKDIR /home/nonroot/workdir 74 | VOLUME ["/home/nonroot/workdir"] 75 | ENV USER nonroot 76 | CMD ["/bin/bash"] 77 | -------------------------------------------------------------------------------- /rizin/Dockerfile: -------------------------------------------------------------------------------- 1 | # Name: Rizin 2 | # Website: https://rizin.re 3 | # Description: Examine binary files, including disassembling and debugging. 4 | # Category: Dynamically Reverse-Engineer Code: General 5 | # Author: https://github.com/rizinorg/rizin/blob/master/AUTHORS.md 6 | # License: GNU Lesser General Public License (LGPL) v3: https://github.com/rizinorg/rizin/blob/master/COPYING 7 | # Notes: rizin, rz-asm, rz-bin, rz-hash, rz-find, rz-agent, etc. 8 | # 9 | # This Dockerfile is based on the official Rizin Dockerfile file from 10 | # the following URL, adjusted to use Ubuntu instead of Debian: 11 | # https://github.com/rizinorg/rizin/blob/dev/Dockerfile 12 | # 13 | # To run this image after installing Docker, use the command below, replacing 14 | # "~/workdir" with the path to your working directory on the underlying host. 15 | # Before running the docker, create ~/workdir on your host. 16 | # 17 | # docker run --rm -it --cap-drop=ALL --cap-add=SYS_PTRACE -v ~/workdir:/home/rizin/workdir remnux/rizin 18 | # 19 | # Then run "rizin" or other Rizin commands (starting with "rz-") inside the container. 20 | # 21 | # Running 'rz-agent -a' will enable the web-based interface on port 8080 by default. 22 | # To access this, add '-p 8080:8080' to the above docker command (before 'remnux/rizin') 23 | # Then browse to your http://YOUR_IP:8080. 24 | 25 | FROM ubuntu:20.04 26 | LABEL maintainer="Lenny Zeltser (@lennyzeltser, www.zeltser.com)" 27 | LABEL updated="8 Dec 2020" 28 | LABEL updated_by="Lenny Zeltser" 29 | ENV LANG C.UTF-8 30 | ENV LANGUAGE C.UTF-8 31 | ENV LC_ALL C.UTF-8 32 | 33 | # Rizin branch version 34 | ARG RZ_VERSION=dev 35 | 36 | # rz-pipe python version 37 | ARG RZ_PIPE_PY_VERSION=master 38 | 39 | ARG with_arm32_as 40 | ARG with_arm64_as 41 | ARG with_ppc_as 42 | 43 | ENV RZ_PIPE_PY_VERSION ${RZ_PIPE_PY_VERSION} 44 | 45 | RUN echo -e "Building versions:\n\ 46 | RZ_PIPE_PY_VERSION=${RZ_PIPE_PY_VERSION}" 47 | 48 | USER root 49 | 50 | RUN DEBIAN_FRONTEND=noninteractive apt-get update && \ 51 | DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ 52 | curl \ 53 | cmake \ 54 | gcc \ 55 | cpp \ 56 | g++ \ 57 | git \ 58 | make \ 59 | libc-dev-bin libc6-dev linux-libc-dev \ 60 | python3-pip \ 61 | python3-setuptools \ 62 | python3-wheel \ 63 | ${with_arm64_as:+binutils-aarch64-linux-gnu} \ 64 | ${with_arm32_as:+binutils-arm-linux-gnueabi} \ 65 | ${with_ppc_as:+binutils-powerpc64le-linux-gnu} && \ 66 | pip3 install meson ninja && \ 67 | cd /tmp && \ 68 | git clone -b "$RZ_PIPE_PY_VERSION" https://github.com/rizinorg/rz-pipe && \ 69 | pip3 install ./rz-pipe/python && \ 70 | git clone -b "$RZ_VERSION" -q --depth 1 --recurse-submodules https://github.com/rizinorg/rizin.git && \ 71 | cd rizin && \ 72 | meson --prefix=/usr /tmp/build && \ 73 | meson compile -C /tmp/build && \ 74 | meson install -C /tmp/build && \ 75 | rm -rf /tmp/build && \ 76 | pip3 uninstall -y meson ninja && \ 77 | apt-get remove --purge -y \ 78 | cmake \ 79 | cpp \ 80 | g++ \ 81 | python3-pip \ 82 | python3-setuptools \ 83 | python3-wheel && \ 84 | apt-get autoremove --purge -y && \ 85 | apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* 86 | 87 | ENV RZ_ARM64_AS=${with_arm64_as:+aarch64-linux-gnu-as} 88 | ENV RZ_ARM32_AS=${with_arm32_as:+arm-linux-gnueabi-as} 89 | ENV RZ_PPC_AS=${with_ppc_as:+powerpc64le-linux-gnu-as} 90 | 91 | # Create non-root user 92 | RUN groupadd -r nonroot && \ 93 | useradd -m -d /home/nonroot -g nonroot -s /usr/sbin/nologin -c "Nonroot User" nonroot && \ 94 | mkdir -p /home/nonroot/workdir && \ 95 | chown -R nonroot:nonroot /home/nonroot && \ 96 | usermod -a -G sudo nonroot && echo 'nonroot:nonroot' | chpasswd 97 | 98 | # Initilise base user 99 | #USER nonroot 100 | WORKDIR /home/nonroot/workdir 101 | VOLUME ["/home/nonroot/workdir"] 102 | ENV HOME /home/nonroot 103 | ENV LD_LIBRARY_PATH=/usr/lib64 104 | 105 | # Setup rz-pm 106 | RUN rz-pm init && \ 107 | rz-pm update && \ 108 | chown -R nonroot:nonroot /home/nonroot/.config 109 | 110 | EXPOSE 8080 111 | CMD ["/bin/bash"] -------------------------------------------------------------------------------- /thug/Dockerfile: -------------------------------------------------------------------------------- 1 | # This Docker image encapsulates Thug, a low-interaction honeyclient, 2 | # which was created by Angelo Dell'Aera and is available at 3 | # https://github.com/buffer/thug 4 | # 5 | # To run this image after installing Docker, you have a number of options: 6 | # 7 | # sudo docker run --rm -v :/tmp/thug/logs remnux/thug 8 | # 9 | # This will allow you to run thug as a 'headless' application without 10 | # having to enter the docker. Variables can be passed on the command-line 11 | # (such as -F to enable file logging). Logs are stored in /tmp/thug/logs 12 | # by default. Your should be made world-accessible to ensure 13 | # no permissions issues: e.g. "chmod a+xwr ~/logs" 14 | # 15 | # sudo docker run --rm -it --entrypoint "/bin/bash" remnux/thug 16 | # 17 | # This will enter you into the docker where you can run "thug" with 18 | # the desired parameters (such as -F to enable file logging). 19 | # 20 | # sudo docker run --rm -it -v :/tmp/thug/logs --entrypoint "/bin/bash" remnux/thug 21 | # 22 | # This is essentially a combination of both of the above, allowing you entry into 23 | # the docker, and storage of log files in your host environment. 24 | # 25 | # To support distributed operations and MongoDB output, install the following 26 | # packages into the image using "apt-get mongodb mongodb-dev python-pymongo 27 | # rabbitmq-server python-pika" 28 | # 29 | # This file was originally based on ideas from Spenser Reinhardt's Dockerfile 30 | # (https://registry.hub.docker.com/u/sreinhardt/honeynet/dockerfile), 31 | # on instructions outlined by M. Fields (@shakey_1), 32 | # on the installation script created by Payload Security 33 | # (https://github.com/PayloadSecurity/VxCommunity/blob/master/bash/thuginstallation.sh), 34 | # and the official Dockerfile by Angelo Dell'Aera at https://github.com/buffer/thug/blob/master/docker/Dockerfile 35 | 36 | FROM ubuntu:22.10 37 | LABEL maintainer="Lenny Zeltser (@lennyzeltser, www.zeltser.com)" 38 | LABEL updated="17 Dec 2022" 39 | LABEL updated_by="lennyzeltser" 40 | 41 | USER root 42 | RUN apt-get update && \ 43 | DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ 44 | build-essential \ 45 | sudo \ 46 | python3 \ 47 | python3-dev \ 48 | python3-setuptools \ 49 | python3-wheel \ 50 | python-is-python3 \ 51 | libboost-dev \ 52 | libboost-iostreams-dev \ 53 | libboost-python-dev \ 54 | libboost-system-dev \ 55 | python3-pip \ 56 | libxml2-dev \ 57 | libxslt-dev \ 58 | tesseract-ocr \ 59 | git \ 60 | wget \ 61 | unzip \ 62 | libtool \ 63 | graphviz-dev \ 64 | automake \ 65 | libffi-dev \ 66 | graphviz \ 67 | libfuzzy-dev \ 68 | libfuzzy2 \ 69 | libjpeg-dev \ 70 | libffi-dev \ 71 | pkg-config \ 72 | clang \ 73 | autoconf && \ 74 | rm -rf /var/lib/apt/lists/* 75 | 76 | RUN python3 -m pip install --upgrade pip setuptools pytesseract pygraphviz 77 | WORKDIR /tmp 78 | RUN wget https://github.com/cloudflare/stpyv8/releases/download/v10.8.168.22/stpyv8-ubuntu-22.04-python-3.10.zip && \ 79 | unzip stpyv8-ubuntu-22.04-python-3.10.zip && \ 80 | pip3 install stpyv8-ubuntu-22.04-3.10/stpyv8-10.8.168.22-cp310-cp310-linux_x86_64.whl && \ 81 | mkdir -p /usr/share/stpyv8 && \ 82 | mv stpyv8-ubuntu-22.04-3.10/icudtl.dat /usr/share/stpyv8 && \ 83 | rm -rf stpyv8-ubuntu-22.04* 84 | 85 | WORKDIR /usr/local/src 86 | RUN git clone --depth 1 https://github.com/buffer/libemu.git && \ 87 | cd libemu && \ 88 | autoreconf -v -i && \ 89 | ./configure && \ 90 | make install && \ 91 | cd .. && \ 92 | rm -rf libemu && \ 93 | ldconfig 94 | 95 | RUN python3 -m pip install thug && \ 96 | git clone --depth 1 https://github.com/buffer/thug.git && \ 97 | mkdir /etc/thug && \ 98 | cp -R thug/conf/* /etc/thug && \ 99 | rm -rf thug 100 | 101 | RUN groupadd -r thug && \ 102 | useradd -m -d /home/thug -g thug -s /usr/sbin/nologin -c "Thug User" thug && \ 103 | mkdir -p /tmp/thug/logs && \ 104 | chown -R thug:thug /home/thug /tmp/thug/logs && \ 105 | usermod -a -G sudo thug && echo 'thug:thug' | chpasswd 106 | 107 | USER thug 108 | ENV HOME /home/thug 109 | ENV USER thug 110 | WORKDIR /home/thug 111 | VOLUME ["/tmp/thug/logs"] 112 | ENTRYPOINT ["thug"] 113 | -------------------------------------------------------------------------------- /thug/distributed/Dockerfile: -------------------------------------------------------------------------------- 1 | # This Docker image encapsulates Thug, a low-interaction honeyclient, 2 | # which was created by Angelo Dell'Aera and is available at 3 | # https://github.com/buffer/thug 4 | # 5 | # To run this image after installing Docker, you have a number of options: 6 | # 7 | # sudo docker run --rm -v :/tmp/thug/logs remnux/thug 8 | # 9 | # This will allow you to run thug as a 'headless' application without 10 | # having to enter the docker. Variables can be passed on the command-line 11 | # (such as -F to enable file logging). Logs are stored in /tmp/thug/logs 12 | # by default. Your should be made world-accessible to ensure 13 | # no permissions issues: e.g. "chmod a+xwr ~/logs" 14 | # 15 | # sudo docker run --rm -it --entrypoint "/bin/bash" remnux/thug 16 | # 17 | # This will enter you into the docker where you can run "thug" with 18 | # the desired parameters (such as -F to enable file logging). 19 | # 20 | # sudo docker run --rm -it -v :/tmp/thug/logs --entrypoint "/bin/bash" remnux/thug 21 | # 22 | # This is essentially a combination of both of the above, allowing you entry into 23 | # the docker, and storage of log files in your host environment. 24 | # 25 | # This docker provides the capability for distributed operations and MongoDB output, 26 | # containing the following packages: mongodb, mongodb-dev, python-pymongo, 27 | # rabbitmq-server, python-pika. 28 | # 29 | # This file was originally based on ideas from Spenser Reinhardt's Dockerfile 30 | # (https://registry.hub.docker.com/u/sreinhardt/honeynet/dockerfile), 31 | # on instructions outlined by M. Fields (@shakey_1) and 32 | # on the installation script created by Payload Security 33 | # (https://github.com/PayloadSecurity/VxCommunity/blob/master/bash/thuginstallation.sh) 34 | 35 | FROM ubuntu:20.04 36 | LABEL maintainer="Lenny Zeltser (@lennyzeltser, www.zeltser.com)" 37 | LABEL updated="22 May 2021" 38 | LABEL updated_by="digitalsleuth" 39 | 40 | USER root 41 | RUN apt-get update && \ 42 | DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ 43 | wget \ 44 | unzip \ 45 | build-essential \ 46 | sudo \ 47 | python \ 48 | python3 \ 49 | python3-dev \ 50 | python3-setuptools \ 51 | python3-wheel \ 52 | libboost-dev \ 53 | libboost-python-dev \ 54 | libboost-system-dev \ 55 | python3-pip \ 56 | libxml2-dev \ 57 | libxslt1-dev \ 58 | tesseract-ocr \ 59 | git \ 60 | libtool \ 61 | libgraphviz-dev \ 62 | automake \ 63 | graphviz \ 64 | libfuzzy-dev \ 65 | libfuzzy2 \ 66 | libjpeg-dev \ 67 | libffi-dev \ 68 | pkg-config \ 69 | autoconf \ 70 | mongodb \ 71 | mongodb-dev \ 72 | python3-pymongo \ 73 | rabbitmq-server \ 74 | python3-pika && \ 75 | rm -rf /var/lib/apt/lists/* 76 | 77 | RUN python3 -m pip install --upgrade pip setuptools pytesseract 78 | WORKDIR /tmp 79 | RUN wget https://github.com/area1/stpyv8/releases/download/v9.1.269.28/stpyv8-ubuntu-20.04-python-3.8.zip && \ 80 | unzip stpyv8-ubuntu-20.04-python-3.8.zip && \ 81 | python3 -m pip install stpyv8-ubuntu-20.04-3.8/stpyv8-9.1.269.28-cp38-cp38-linux_x86_64.whl && \ 82 | rm -rf stpyv8-ubuntu-20.04* 83 | 84 | WORKDIR /usr/local/src 85 | RUN git clone --depth 1 https://github.com/buffer/libemu.git && \ 86 | cd libemu && \ 87 | autoreconf -v -i && \ 88 | ./configure && \ 89 | make install && \ 90 | cd .. && \ 91 | ldconfig 92 | 93 | RUN python3 -m pip install thug && \ 94 | git clone --depth 1 https://github.com/buffer/thug.git && \ 95 | mkdir /etc/thug && \ 96 | cd /etc/thug && \ 97 | mkdir rules personalities scripts plugins hooks && \ 98 | cd /usr/local/src/thug && \ 99 | cp -R thug/Classifier/rules/* /etc/thug/rules/ && \ 100 | cp -R thug/DOM/personalities/* /etc/thug/personalities && \ 101 | cp thug/DOM/thug.js /etc/thug/scripts && \ 102 | cp thug/DOM/storage.js /etc/thug/scripts && \ 103 | cp thug/DOM/date.js /etc/thug/scripts && \ 104 | cp thug/DOM/eval.js /etc/thug/scripts && \ 105 | cp thug/DOM/write.js /etc/thug/scripts && \ 106 | cp conf/thug.conf /etc/thug 107 | 108 | RUN groupadd -r thug && \ 109 | useradd -m -d /home/thug -g thug -s /usr/sbin/nologin -c "Thug User" thug && \ 110 | mkdir -p /tmp/thug/logs && \ 111 | chown -R thug:thug /home/thug /tmp/thug/logs && \ 112 | usermod -a -G sudo thug && echo 'thug:thug' | chpasswd 113 | 114 | USER thug 115 | ENV HOME /home/thug 116 | ENV USER thug 117 | WORKDIR /home/thug 118 | VOLUME ["/tmp/thug/logs"] 119 | ENTRYPOINT ["thug"] 120 | --------------------------------------------------------------------------------