Ghostboard pixel

Reverse Engineering Linux Distro REMnux Marks 15 Years With Major v8 Release Featuring AI Agent Support

Malware analysis Linux distro gets Ubuntu 24.04 base, a new installer, and many new tools.
Warp Terminal

Linux has become a lucrative target for bad actors, making specialized security tools more essential than ever. REMnux is a Linux distribution built specifically for such scenarios, helping researchers understand malware.

While Kali Linux is the go-to for penetration testing, REMnux specializes in reverse-engineering and analyzing malware. Both are essential security tools, but they serve different purposes.

The new v8 release brings many improvements, with some agentic AI support sprinkled in.

REMnux v8: What's New?

Featuring an Ubuntu 24.04 LTS base, REMnux v8 comes with a new Cast-based installer that is said to be more reliable and better for handling upgrades.

Several new tools also make it into this release, with additions like YARA-X, which is a Rust rewrite of the popular YARA pattern matching tool. GoReSym and Redress are here for Go binary analysis, while Manalyze and LIEF handle PE, ELF, and MachO file parsing.

For Android analysis, there's APKiD. PDF files get origamindee, and QR codes get ZBar for decoding. Python malware analysis gains pyinstxtractor-ng for unpacking PyInstaller executables and uncompyle6 for decompiling bytecode. AutoIt-Ripper handles AutoIt scripts.

The AI Buff

REMnux v8 adds a new MCP server that connects AI assistants like Claude or ChatGPT to the distro's analysis tools. The MCP server knows which tools work for different file types and how to interpret their output.

The AI can automatically run multiple tools in sequence. At standard depth, analyzing a Windows executable triggers about 16 different tools in one go. It plans how to analyze, selects the relevant tools, understands the output, and correlates the results.

When standard tools don't work, the AI can write custom Python scripts for things like reconstructing PE files or decoding obfuscated data.

Lenny Zeltser, the creator of REMNux, demonstrated this with real malware samples on his blog. In addition, REMnux v8 also ships with OpenCode, a terminal AI coding assistant that works with the MCP server. There are also AI plugins for tools like Ghidra and Radare2.

Install REMnux v8

The developers provide quite a few ways to get this release of REMnux. The most straightforward way is to import the virtual appliance into the hypervisor of your choice.

If that doesn't work for you, you can install REMnux from scratch on a dedicated system or run it as a Docker container. The source code for REMnux can be found on GitHub.

About the author
Sourav Rudra

Sourav Rudra

A nerd with a passion for open source software, custom PC builds, motorsports, and exploring the endless possibilities of this world.

Become a Better Linux User

With the FOSS Weekly Newsletter, you learn useful Linux tips, discover applications, explore new distros and stay updated with the latest from Linux world

itsfoss happy penguin

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to It's FOSS.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.