Linux Malware Analysis Tools
Static Analysis
file – Displays the type of a file (Mach-O, FAT, other types).
strings – Extracts strings from a file.
diff – Differentiate between files
nm – Extracts symbol table (function imports, exports).
curl – Download and send files via HTTP protocol.
strace – trace system calls and signals
wget – Downloads files from HTTP and FTP protocols.
DiE (Detect it Easy) – Packer identifier (recommended).
Malwoverview.py – Incident response tool to perform an initial and quick triage in a directory containing malware samples and more.
Dynamic Analysis
Wireshark – Network analysis tool.
tcpdump – Network analysis tool.
MiTMProxy – An interactive SSL/TLS-capable intercepting HTTP proxy (great for HTTPS inspection).
NetworkMiner – Sniffer and PCAP parser.
Burp Suite – The free web proxy for any browser, system or platform.
INetSim – Internet Services Simulation Suite.
Reverse Engineering
GDB – GNU Debugger.
IDA Free/Pro – Disassembler and debugger.
Hopper (Demo/Pro) – Disassembler and debugger.
radare2 – Free and open source disassembler and debugger.
Cutter – GUI for radare2.
Binary Ninja – A New Type of Reversing Platform.
angr – Platform-agnostic binary analysis framework.
Unpacking & Deobfuscation
FLOSS – Automatically extract obfuscated strings from malware.
NoMoreXor – Tool to help guess files 256 byte XOR key by using frequency analysis.
XorSearch -XORSearch is a program to search for a given string in an XOR, ROL, ROT or SHIFT encoded binary file.
Forensics
dd – Hard drive forensics acquisition tool.
Autopsy – Hard drive forensics analysis tool.
LiME – Memory acquisition tool.
dwarfdump – Linux profile creation for Volatility.
Volatility – Memory forensics analysis framework.
FOG Project – A free open-source network computer cloning and management solution.
Other
Limon Sandbox – Free and open-source automated Linux malware analysis sandbox.
Cuckoo Sandbox – Free and open-source automated malware analysis sandbox.