flare-vm v4.0 releases: Windows-based security distribution for malware analysis, incident response, penetration testing
FLARE VM – a fully customizable, Windows-based security distribution for malware analysis, incident response, penetration testing, etc..
Installed Tools
Android
- dex2jar
- apktool
Debuggers
- flare-qdb
- scdbg
- OllyDbg + OllyDump + OllyDumpEx
- OllyDbg2 + OllyDumpEx
- x64dbg
- WinDbg + OllyDumpex + pykd
Decompilers
- RetDec
Delphi
- Interactive Delphi Reconstructor (IDR)
Developer Tools
- VC Build Tools
- NASM
Disassemblers
- Ghidra
- IDA Free (5.0 & 7.0)
- Binary Ninja Demo
- radare2
- Cutter
.NET
- de4dot
- Dot Net String Decoder (DNSD)
- dnSpy
- DotPeek
- ILSpy
- RunDotNetDll
Flash
- FFDec
Forensic
- Volatility
- Autopsy
Hex Editors
- FileInsight
- HxD
- 010 Editor
Java
- JD-GUI
- Bytecode-Viewer
- Java-Deobfuscator
JavaScript
- malware-jail
Networking
- FakeNet-NG
- ncat
- nmap
- Wireshark
Office
- Offvis
- OfficeMalScanner
- oledump.py
- rtfdump.py
- msoffcrypto-crack.py
- PDFiD
- PDFParser
- PDFStreamDumper
PE
- PEiD
- ExplorerSuite (CFF Explorer)
- PEview
- DIE
- PeStudio
- PEBear
- ResourceHacker
- LordPE
- PPEE(puppy)
Pentest
- Windows binaries from Kali Linux
Powershell
- PSDecode
Text Editors
- SublimeText3
- Notepad++
- Vim
Visual Basic
- VBDecompiler
Web Application
- BurpSuite Free Edition
- HTTrack
Utilities
- FLOSS
- HashCalc
- HashMyFiles
- Checksum
- 7-Zip
- Far Manager
- Putty
- Wget
- RawCap
- UPX
- RegShot
- Process Hacker
- Sysinternals Suite
- API Monitor
- SpyStudio
- Shellcode Launcher
- Cygwin
- Unxutils
- Malcode Analyst Pack (MAP)
- XORSearch
- XORStrings
- Yara
- CyberChef
- KernelModeDriverLoader
- Process Dump
- Exe2Aut
- Innounp
- InnoExtract
- UniExtract2
- Hollows-Hunter
- PE-sieve
- ImpRec
- ProcDot
Python, Modules, Tools
- Py2ExeDecompiler
- pyinstxtractor
- Python 2.7
- hexdump
- pefile
- winappdbg
- pycryptodome
- vivisect
- binwalk
- capstone-windows
- unicorn
- oletools
- olefile
- unpy2exe
- uncompyle6
- pycrypto
- pyftpdlib
- pyasn1
- pyOpenSSL
- ldapdomaindump
- pyreadline
- flask
- networkx
- requests
- msoffcrypto-tool
- yara-python
- mkyara
- Python 3.7
- binwalk
- unpy2exe
- uncompyle6
- StringSifter
- hexdump
- pycryptodome
- oletools
- olefile
- msoffcrypto-tool
- pyftpdlib
- pyasn1
- pyOpenSSL
- acefile
- requests
- yara-python
- mkyara
Other
- VC Redistributable Modules (2005, 2008, 2010, 2012, 2013, 2015, 2017)
- .NET Framework versions 4.8
- Practical Malware Analysis Labs
- Google Chrome
- Cmder
Installation
Clone the repo
git clone https://github.com/fireeye/flare-vm.git
Create and configure a new Windows 7 or newer Virtual Machine. To install FLARE VM on an existing Windows VM, download and copy install.ps1 on your analysis machine. On the analysis machine open PowerShell as an Administrator and enable script execution by running the following command:
Set-ExecutionPolicy Unrestricted
Finally, execute the installer script as follows:
.\install.ps1
The script will set up the Boxstarter environment and proceed to download and install the FLARE VM environment. You will be prompted for the Administrator password in order to automate host restarts during installation.
Installing a new package
FLARE VM uses the chocolatey public and custom FLARE package repositories. It is easy to install a new package. For example, enter the following command as Administrator to deploy x64dbg on your system:
cinst x64dbg
Staying up to date
Type the following command to update all of the packages to the most recent version:
cup all
Source: https://github.com/fireeye/
