Tools

Here is the list of tools we have dockerized for the CinCan project so far.

All images can be found at:

hub.docker.com/r/cincan/

Gitlab.com/cincan

Linux tools

Stable

Tool name Description Input Platform
 7zip Command line port of 7-Zip which provides utilities to (un)pack compressed archives 7z, ZIP, GZIP, BZIP2, XZ, TAR, APM, ARJ, CAB, CHM, CPIO, CramFS, DEB, DMG, FAT, HFS, ISO, LZH, LZMA, LZMA2, MBR, MSI, MSLZ, NSIS, NTFS, RAR, RPM, SquashFS, UDF,VHD, WIM, XAR, Z Linux
 access-log-visualization Visualizing webserver's access log data to help detecting malicious activity access.log (Apache) Linux
 apktool A tool for reverse engineering 3rd party, closed, binary Android apps. .apk, .jar Linux
 binwalk Firmware Analysis Tool binary Linux
 box-ps box-ps - A Powershell sandboxing utility used to deobfuscate PowerShell scripts ps1, psm1 Linux
 cfr Class File Reader - another java decompiler .jar -file Linux
 clamav ClamAV virus scanner Any file or directory. Linux
 dex2jar Tool to decompile dex files to jar APK file Linux
 eml_parser Parse .eml email files eml Linux
 feature_extractor Feature_extractor list of possible IoCs Linux
 fernflower Analytical decompiler for Java .jar, .class, .zip Linux
 flawfinder Flawfinder - Finds possible security weaknesses in C/C++ source code C/C++ code Linux
 floss FireEye Labs Obfuscated String Solver Malware with (obfuscated) strings Linux
 ghidra-decompiler Ghidra Headless Analyzer Any software binary in native instructions. Linux
 ilspy ILSpy (console only) - version 7.1.0 .NET Assembly Linux
 ioc_strings Extracts urls, hashes, emails, ips, domains and base64 (other) from a file. File/Directory Linux
 iocextract Advanced Indicator of Compromise (IOC) extractor File, STDIN Linux
 jadx jadx - Dex to Java decompiler .apk, .dex, .jar, .class, .smali, .zip, .aar, .arsc Linux
 jd-cli Command line wrapper around JD Core Java Decompiler. Decompiles .dex and .jar -files to java. .jar -file Linux
 jsunpack-n Jsunpack-n - Emulates browser functionality, detect exploits etc. PDF, URL, PCAP, JavaScript, SWF Linux
 luadec luadec: Lua decompiler .luac .lua Linux
 manalyze Manalyze - a static analyzer for PE executables PE files Linux
 mvt MVT - Mobile Verification Toolkit by Amnesty Android backup, Android filesystem dump, Android device with adb iTunes/Finder backup, iOS filesystem dump Linux
 oledump A Program to analyse OLE files. .doc, .xls, .ppt Linux
 oletools Oletools - a set of tools to analyze Microsoft OLE2 files .doc, .dot, .docm, .dotm, .xml, .mht, .xls, .xlsm, .xlsb, .pptm, .ppsm, VBA/VBScript source Linux
 osslsigncode osslsigncode exe/sys/dll Linux
 output-standardizer Generate md report from Cincan's Concourse pipelines, or convert single tool output to JSON. cincan/binwalk, cincan/pdf2john, cincan/pdfxray_lite and cincan/strings outputs Linux
 pastelyzer pastelyzer - find security and privacy related artifacts from text documents text Linux
 pdf-parser PDF-parser - parse PDF to identify fundamental elements PDF Linux
 pdfid PDFID - scan PDFs for certain keywords, triage potentially malicious files PDF Linux
 pdfxray-lite PDF X-RAY Lite 1.0 to analyze PDF files for malicious objects. PDF Linux
 peepdf Powerful Python tool to analyze PDF documents. PDF Linux
 peframe PEframe - static analysis for PE executables and MS office documents PE Linux
 pyocr Optical character recognition (OCR) wrapper for Tesseract OCR engine PDF, png, jpg Linux
 pywhois Pywhois - retrieve information from IP addresses IP / list of IPs Linux
 radamsa Radamsa is a test case generator for robustness testing, a.k.a. a fuzzer. Any data Linux
 radare2 Radare2 is complete unix-like framework for reverse engineering and binary analysis ELF, Mach-O, Fatmach-O, PE, PE+, MZ, COFF, OMF, TE, XBE, BIOS/UEFI, Dyldcache, DEX, ART, CGC, Java class, Android boot image, Plan9 executable, ZIMG, MBN/SBL bootloader, ELF coredump, MDMP (Windows minidump), WASM (WebAssembly binary), Commodore VICE emulator, QNX, Game Boy (Advance), Nintendo DS ROMs and Nintendo 3DS FIRMs, various filesystems. Linux
 regripper Extract data from Windows registry Windows registry hive files Linux
 scrape-website Headless Chromium web browser url, json Linux
 sleuthkit A collection of command line tools that allows you to analyze disk images and recover files. raw, ewf, vmdk, vhd Linux
 snowman-decompile Snowman-decompile - a native code to C/C++ decompiler ELF Mach-O PE LE Linux
 ssdc Ssdeep based clustering tool * Linux
 ssdeep Ssdeep - For computing context triggered piecewise hashes (CTPH), also called fuzzy hashes. * Linux
 steghide A Steganography program - hide data (and extract) in various kinds of image- and audio-files. JPEG, BMP, WAV, AU Linux
 trufflehog TruffleHog Searches through git repositories for accidentally committed secrets git repository Linux
 tshark A Tool for parsing PCAP and capturing network traffic. PCAP, network traffic Linux
 vipermonkey A VBA parser and emulation engine to analyze malicious macros .doc, .dot, .docm, .dotm, .xml, .mht, .xls, .xlsm, .xlsb, .pptm, .ppsm, VBA/VBScript source Linux
 virustotal Official CLI for VirusTotal API. Analyze suspicious files and URLs to detect malware. Linux
 volatility Volatility - An advanced memory forensics framework - 2.6.1 a438e76 - Raw linear sample (dd) - Hibernation file (from Windows 7 and earlier) - Crash dump file - VirtualBox ELF64 core dump - VMware saved state and snapshot files - EWF format (E01) - LiME format - Mach-O file format - QEMU virtual machine dumps - Firewire - HPAK (FDPro) Linux
 xsv Fast CSV command line toolkit csv, tsv Linux
 yara Yara - The pattern matching swiss knife Any file as target Linux
 zsteg detect stegano-hidden data in PNG and BMP PNG, BMP Linux
### In Development
Tool name Description Input Platform
 headless-thunderbird Headless Thunderbird to screenshot email messages eml Linux
 ioc_parser A tool to extract indicators of compromise from security reports PDF, txt, xlsx, html Linux
 pdf2john John the Ripper for extracting hash from PDF files Encrypted PDF Linux
### Not maintained anymore

It is very possible that some of these are not working.

Tool name Description Input Platform
 add2git-lfs ADD2GIT-LFS Linux
 binary-analysis-tool-bat Binary Analysis Tool BAT with extra tools binary Linux
 c-ci Concourse CI Linux
 c-worker Concourse Worker Linux
 dns-tools Linux
 hyperscan High-performance regular expression matching library Linux
 identify-file Identify-file Linux
 keyfinder Keyfinder filesystem, APK Linux
 pdf-tools The DidierStevensSuite by Didier Stevens Linux
 pdfexaminer Upload a PDF to www.pdfexaminer.com/pdfapi.php and get results PDF files Linux
 pe-scanner Get information of a PE (portable executable) file PE/EXE/DLL Linux
 python-extract-code Extract code PE Linux
 r2-bin-carver R2 bin carver memory dumps Linux
 s3-resource-simple Simple S3 Resource for Concourse CI Linux
 shellcode2exe Convert shellcodes into executable files, for multiple platforms. shellcode Linux
 suricata Suricata Linux
 twiggy Twiggy analyzes a binary's call graph .wasm, partial ELF & Mach-O support Linux
 vba2graph Generate call graphs from VBA code office documents such as .doc, .xls, .bas Linux
 xmldump Parse XML files. XML Linux