This repository will automatically build and publish Docker images into Docker Hub, GitHub Container Registry and Quay.io using GitLab CI.
The pipeline will try to build a new image for each directory that has changes since the latest passed commit, once provided tests have been passed. The most of the tools are tested with real samples to see that they work as excepted.
README description of each tool is synchronized into Docker Hub as well.
Actual images can be found from:
For adding a new tool or upgrading the version of existing one, see CONTRIBUTING.md
For running these tools, take an additional look for cincan-command.
| Tool name | Description | Input | Platform |
|---|---|---|---|
| 7zip | Command line port of 7-Zip which provides utilities to (un)pack compressed archives | 7z, ZIP, GZIP, BZIP2, XZ, TAR, APM, ARJ, CAB, CHM, CPIO, CramFS, DEB, DMG, FAT, HFS, ISO, LZH, LZMA, LZMA2, MBR, MSI, MSLZ, NSIS, NTFS, RAR, RPM, SquashFS, UDF,VHD, WIM, XAR, Z | Linux |
| access-log-visualization | Visualizing webserver's access log data to help detecting malicious activity | access.log (Apache) | Linux |
| apktool | A tool for reverse engineering 3rd party, closed, binary Android apps. | .apk, .jar | Linux |
| binwalk | Firmware Analysis Tool | binary | Linux |
| box-ps | box-ps - A Powershell sandboxing utility used to deobfuscate PowerShell scripts | ps1, psm1 | Linux |
| cfr | Class File Reader - another java decompiler | .jar -file | Linux |
| clamav | ClamAV virus scanner | Any file or directory. | Linux |
| dex2jar | Tool to decompile dex files to jar | APK file | Linux |
| eml_parser | Parse .eml email files | eml | Linux |
| feature_extractor | Feature_extractor | list of possible IoCs | Linux |
| fernflower | Analytical decompiler for Java | .jar, .class, .zip | Linux |
| flawfinder | Flawfinder - Finds possible security weaknesses in C/C++ source code | C/C++ code | Linux |
| floss | FireEye Labs Obfuscated String Solver | Malware with (obfuscated) strings | Linux |
| ghidra-decompiler | Ghidra Headless Analyzer | Any software binary in native instructions. | Linux |
| ilspy | ILSpy (console only) - version 7.1.0 | .NET Assembly | Linux |
| ioc_strings | Extracts urls, hashes, emails, ips, domains and base64 (other) from a file. | File/Directory | Linux |
| iocextract | Advanced Indicator of Compromise (IOC) extractor | File, STDIN | Linux |
| jadx | jadx - Dex to Java decompiler | .apk, .dex, .jar, .class, .smali, .zip, .aar, .arsc | Linux |
| jd-cli | Command line wrapper around JD Core Java Decompiler. Decompiles .dex and .jar -files to java. | .jar -file | Linux |
| jsunpack-n | Jsunpack-n - Emulates browser functionality, detect exploits etc. | PDF, URL, PCAP, JavaScript, SWF | Linux |
| luadec | luadec: Lua decompiler | .luac .lua | Linux |
| manalyze | Manalyze - a static analyzer for PE executables | PE files | Linux |
| mvt | MVT - Mobile Verification Toolkit by Amnesty | Android backup, Android filesystem dump, Android device with adb iTunes/Finder backup, iOS filesystem dump | Linux |
| oledump | A Program to analyse OLE files. | .doc, .xls, .ppt | Linux |
| oletools | Oletools - a set of tools to analyze Microsoft OLE2 files | .doc, .dot, .docm, .dotm, .xml, .mht, .xls, .xlsm, .xlsb, .pptm, .ppsm, VBA/VBScript source | Linux |
| osslsigncode | osslsigncode | exe/sys/dll | Linux |
| output-standardizer | Generate md report from Cincan's Concourse pipelines, or convert single tool output to JSON. | cincan/binwalk, cincan/pdf2john, cincan/pdfxray_lite and cincan/strings outputs | Linux |
| pastelyzer | pastelyzer - find security and privacy related artifacts from text documents | text | Linux |
| pdf-parser | PDF-parser - parse PDF to identify fundamental elements | Linux | |
| pdfid | PDFID - scan PDFs for certain keywords, triage potentially malicious files | Linux | |
| pdfxray-lite | PDF X-RAY Lite 1.0 to analyze PDF files for malicious objects. | Linux | |
| peepdf | Powerful Python tool to analyze PDF documents. | Linux | |
| peframe | PEframe - static analysis for PE executables and MS office documents | PE | Linux |
| pyocr | Optical character recognition (OCR) wrapper for Tesseract OCR engine | PDF, png, jpg | Linux |
| pywhois | Pywhois - retrieve information from IP addresses | IP / list of IPs | Linux |
| radamsa | Radamsa is a test case generator for robustness testing, a.k.a. a fuzzer. | Any data | Linux |
| radare2 | Radare2 is complete unix-like framework for reverse engineering and binary analysis | ELF, Mach-O, Fatmach-O, PE, PE+, MZ, COFF, OMF, TE, XBE, BIOS/UEFI, Dyldcache, DEX, ART, CGC, Java class, Android boot image, Plan9 executable, ZIMG, MBN/SBL bootloader, ELF coredump, MDMP (Windows minidump), WASM (WebAssembly binary), Commodore VICE emulator, QNX, Game Boy (Advance), Nintendo DS ROMs and Nintendo 3DS FIRMs, various filesystems. | Linux |
| regripper | Extract data from Windows registry | Windows registry hive files | Linux |
| scrape-website | Headless Chromium web browser | url, json | Linux |
| sleuthkit | A collection of command line tools that allows you to analyze disk images and recover files. | raw, ewf, vmdk, vhd | Linux |
| snowman-decompile | Snowman-decompile - a native code to C/C++ decompiler | ELF Mach-O PE LE | Linux |
| ssdc | Ssdeep based clustering tool | * | Linux |
| ssdeep | Ssdeep - For computing context triggered piecewise hashes (CTPH), also called fuzzy hashes. | * | Linux |
| steghide | A Steganography program - hide data (and extract) in various kinds of image- and audio-files. | JPEG, BMP, WAV, AU | Linux |
| trufflehog | TruffleHog Searches through git repositories for accidentally committed secrets | git repository | Linux |
| tshark | A Tool for parsing PCAP and capturing network traffic. | PCAP, network traffic | Linux |
| vipermonkey | A VBA parser and emulation engine to analyze malicious macros | .doc, .dot, .docm, .dotm, .xml, .mht, .xls, .xlsm, .xlsb, .pptm, .ppsm, VBA/VBScript source | Linux |
| virustotal | Official CLI for VirusTotal API. Analyze suspicious files and URLs to detect malware. | Linux | |
| volatility | Volatility - An advanced memory forensics framework - 2.6.1 a438e76 | - Raw linear sample (dd) - Hibernation file (from Windows 7 and earlier) - Crash dump file - VirtualBox ELF64 core dump - VMware saved state and snapshot files - EWF format (E01) - LiME format - Mach-O file format - QEMU virtual machine dumps - Firewire - HPAK (FDPro) | Linux |
| xsv | Fast CSV command line toolkit | csv, tsv | Linux |
| yara | Yara - The pattern matching swiss knife | Any file as target | Linux |
| zsteg | detect stegano-hidden data in PNG and BMP | PNG, BMP | Linux |
| Tool name | Description | Input | Platform |
|---|---|---|---|
| headless-thunderbird | Headless Thunderbird to screenshot email messages | eml | Linux |
| ioc_parser | A tool to extract indicators of compromise from security reports | PDF, txt, xlsx, html | Linux |
| pdf2john | John the Ripper for extracting hash from PDF files | Encrypted PDF | Linux |
It is very possible that some of these are not working.
| Tool name | Description | Input | Platform |
|---|---|---|---|
| add2git-lfs | ADD2GIT-LFS | Linux | |
| binary-analysis-tool-bat | Binary Analysis Tool BAT with extra tools | binary | Linux |
| c-ci | Concourse CI | Linux | |
| c-worker | Concourse Worker | Linux | |
| dns-tools | Linux | ||
| hyperscan | High-performance regular expression matching library | Linux | |
| identify-file | Identify-file | Linux | |
| keyfinder | Keyfinder | filesystem, APK | Linux |
| pdf-tools | The DidierStevensSuite by Didier Stevens | Linux | |
| pdfexaminer | Upload a PDF to www.pdfexaminer.com/pdfapi.php and get results | PDF files | Linux |
| pe-scanner | Get information of a PE (portable executable) file | PE/EXE/DLL | Linux |
| python-extract-code | Extract code | PE | Linux |
| r2-bin-carver | R2 bin carver | memory dumps | Linux |
| s3-resource-simple | Simple S3 Resource for Concourse CI | Linux | |
| shellcode2exe | Convert shellcodes into executable files, for multiple platforms. | shellcode | Linux |
| suricata | Suricata | Linux | |
| twiggy | Twiggy analyzes a binary's call graph | .wasm, partial ELF & Mach-O support | Linux |
| vba2graph | Generate call graphs from VBA code | office documents such as .doc, .xls, .bas | Linux |
| xmldump | Parse XML files. | XML | Linux |