Tools
Here is the list of tools we have dockerized for the CinCan project so far.
All images can be found at:
Linux tools
Stable
| Tool name | Description | Input | Platform |
|---|---|---|---|
| 7zip | Command line port of 7-Zip which provides utilities to (un)pack compressed archives | 7z, ZIP, GZIP, BZIP2, XZ, TAR, APM, ARJ, CAB, CHM, CPIO, CramFS, DEB, DMG, FAT, HFS, ISO, LZH, LZMA, LZMA2, MBR, MSI, MSLZ, NSIS, NTFS, RAR, RPM, SquashFS, UDF,VHD, WIM, XAR, Z | Linux |
| access-log-visualization | Visualizing webserver's access log data to help detecting malicious activity | access.log (Apache) | Linux |
| apktool | A tool for reverse engineering 3rd party, closed, binary Android apps. | .apk, .jar | Linux |
| binwalk | Firmware Analysis Tool | binary | Linux |
| box-ps | box-ps - A Powershell sandboxing utility used to deobfuscate PowerShell scripts | ps1, psm1 | Linux |
| cfr | Class File Reader - another java decompiler | .jar -file | Linux |
| clamav | ClamAV virus scanner | Any file or directory. | Linux |
| dex2jar | Tool to decompile dex files to jar | APK file | Linux |
| eml_parser | Parse .eml email files | eml | Linux |
| feature_extractor | Feature_extractor | list of possible IoCs | Linux |
| fernflower | Analytical decompiler for Java | .jar, .class, .zip | Linux |
| flawfinder | Flawfinder - Finds possible security weaknesses in C/C++ source code | C/C++ code | Linux |
| floss | FireEye Labs Obfuscated String Solver | Malware with (obfuscated) strings | Linux |
| ghidra-decompiler | Ghidra Headless Analyzer | Any software binary in native instructions. | Linux |
| ilspy | ILSpy (console only) - version 7.1.0 | .NET Assembly | Linux |
| ioc_strings | Extracts urls, hashes, emails, ips, domains and base64 (other) from a file. | File/Directory | Linux |
| iocextract | Advanced Indicator of Compromise (IOC) extractor | File, STDIN | Linux |
| jadx | jadx - Dex to Java decompiler | .apk, .dex, .jar, .class, .smali, .zip, .aar, .arsc | Linux |
| jd-cli | Command line wrapper around JD Core Java Decompiler. Decompiles .dex and .jar -files to java. | .jar -file | Linux |
| jsunpack-n | Jsunpack-n - Emulates browser functionality, detect exploits etc. | PDF, URL, PCAP, JavaScript, SWF | Linux |
| luadec | luadec: Lua decompiler | .luac .lua | Linux |
| manalyze | Manalyze - a static analyzer for PE executables | PE files | Linux |
| mvt | MVT - Mobile Verification Toolkit by Amnesty | Android backup, Android filesystem dump, Android device with adb iTunes/Finder backup, iOS filesystem dump | Linux |
| oledump | A Program to analyse OLE files. | .doc, .xls, .ppt | Linux |
| oletools | Oletools - a set of tools to analyze Microsoft OLE2 files | .doc, .dot, .docm, .dotm, .xml, .mht, .xls, .xlsm, .xlsb, .pptm, .ppsm, VBA/VBScript source | Linux |
| osslsigncode | osslsigncode | exe/sys/dll | Linux |
| output-standardizer | Generate md report from Cincan's Concourse pipelines, or convert single tool output to JSON. | cincan/binwalk, cincan/pdf2john, cincan/pdfxray_lite and cincan/strings outputs | Linux |
| pastelyzer | pastelyzer - find security and privacy related artifacts from text documents | text | Linux |
| pdf-parser | PDF-parser - parse PDF to identify fundamental elements | Linux | |
| pdfid | PDFID - scan PDFs for certain keywords, triage potentially malicious files | Linux | |
| pdfxray-lite | PDF X-RAY Lite 1.0 to analyze PDF files for malicious objects. | Linux | |
| peepdf | Powerful Python tool to analyze PDF documents. | Linux | |
| peframe | PEframe - static analysis for PE executables and MS office documents | PE | Linux |
| pyocr | Optical character recognition (OCR) wrapper for Tesseract OCR engine | PDF, png, jpg | Linux |
| pywhois | Pywhois - retrieve information from IP addresses | IP / list of IPs | Linux |
| radamsa | Radamsa is a test case generator for robustness testing, a.k.a. a fuzzer. | Any data | Linux |
| radare2 | Radare2 is complete unix-like framework for reverse engineering and binary analysis | ELF, Mach-O, Fatmach-O, PE, PE+, MZ, COFF, OMF, TE, XBE, BIOS/UEFI, Dyldcache, DEX, ART, CGC, Java class, Android boot image, Plan9 executable, ZIMG, MBN/SBL bootloader, ELF coredump, MDMP (Windows minidump), WASM (WebAssembly binary), Commodore VICE emulator, QNX, Game Boy (Advance), Nintendo DS ROMs and Nintendo 3DS FIRMs, various filesystems. | Linux |
| regripper | Extract data from Windows registry | Windows registry hive files | Linux |
| scrape-website | Headless Chromium web browser | url, json | Linux |
| sleuthkit | A collection of command line tools that allows you to analyze disk images and recover files. | raw, ewf, vmdk, vhd | Linux |
| snowman-decompile | Snowman-decompile - a native code to C/C++ decompiler | ELF Mach-O PE LE | Linux |
| ssdc | Ssdeep based clustering tool | * | Linux |
| ssdeep | Ssdeep - For computing context triggered piecewise hashes (CTPH), also called fuzzy hashes. | * | Linux |
| steghide | A Steganography program - hide data (and extract) in various kinds of image- and audio-files. | JPEG, BMP, WAV, AU | Linux |
| trufflehog | TruffleHog Searches through git repositories for accidentally committed secrets | git repository | Linux |
| tshark | A Tool for parsing PCAP and capturing network traffic. | PCAP, network traffic | Linux |
| vipermonkey | A VBA parser and emulation engine to analyze malicious macros | .doc, .dot, .docm, .dotm, .xml, .mht, .xls, .xlsm, .xlsb, .pptm, .ppsm, VBA/VBScript source | Linux |
| virustotal | Official CLI for VirusTotal API. Analyze suspicious files and URLs to detect malware. | Linux | |
| volatility | Volatility - An advanced memory forensics framework - 2.6.1 a438e76 | - Raw linear sample (dd) - Hibernation file (from Windows 7 and earlier) - Crash dump file - VirtualBox ELF64 core dump - VMware saved state and snapshot files - EWF format (E01) - LiME format - Mach-O file format - QEMU virtual machine dumps - Firewire - HPAK (FDPro) | Linux |
| xsv | Fast CSV command line toolkit | csv, tsv | Linux |
| yara | Yara - The pattern matching swiss knife | Any file as target | Linux |
| zsteg | detect stegano-hidden data in PNG and BMP | PNG, BMP | Linux |
| ### In Development |
| Tool name | Description | Input | Platform |
|---|---|---|---|
| headless-thunderbird | Headless Thunderbird to screenshot email messages | eml | Linux |
| ioc_parser | A tool to extract indicators of compromise from security reports | PDF, txt, xlsx, html | Linux |
| pdf2john | John the Ripper for extracting hash from PDF files | Encrypted PDF | Linux |
| ### Not maintained anymore |
It is very possible that some of these are not working.
| Tool name | Description | Input | Platform |
|---|---|---|---|
| add2git-lfs | ADD2GIT-LFS | Linux | |
| binary-analysis-tool-bat | Binary Analysis Tool BAT with extra tools | binary | Linux |
| c-ci | Concourse CI | Linux | |
| c-worker | Concourse Worker | Linux | |
| dns-tools | Linux | ||
| hyperscan | High-performance regular expression matching library | Linux | |
| identify-file | Identify-file | Linux | |
| keyfinder | Keyfinder | filesystem, APK | Linux |
| pdf-tools | The DidierStevensSuite by Didier Stevens | Linux | |
| pdfexaminer | Upload a PDF to www.pdfexaminer.com/pdfapi.php and get results | PDF files | Linux |
| pe-scanner | Get information of a PE (portable executable) file | PE/EXE/DLL | Linux |
| python-extract-code | Extract code | PE | Linux |
| r2-bin-carver | R2 bin carver | memory dumps | Linux |
| s3-resource-simple | Simple S3 Resource for Concourse CI | Linux | |
| shellcode2exe | Convert shellcodes into executable files, for multiple platforms. | shellcode | Linux |
| suricata | Suricata | Linux | |
| twiggy | Twiggy analyzes a binary's call graph | .wasm, partial ELF & Mach-O support | Linux |
| vba2graph | Generate call graphs from VBA code | office documents such as .doc, .xls, .bas | Linux |
| xmldump | Parse XML files. | XML | Linux |