Skip to content
A list of information security related awesome lists and other resources.
Branch: master
Clone or download
Latest commit 5687bbc Mar 18, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
README.md

README.md

GoVanguard InfoSec Encyclopedia

This is an ongoing compilation of resources we have found helpful and tools we use.

  • Introduction
  • Table of Contents
  • Resources
  • Tools Used
  • Our Open Source Software

Table of Contents

Information Security Certifications

Books

  • Kali Linux Revealed (https://kali.training/downloads/Kali-Linux-Revealed-1st-edition.pdf)
  • CompTIA Security+ SY0-501 Certification Study Guide (https://certification.comptia.org/training/self-study/books/security-sy0-501-study-guide)
  • Advanced Penetration Testing: Hacking the World's Most Secure Networks
  • CEH Certified Ethical Hacker All-in-One Exam Guide
  • Penetration Testing: A Hands-On Introduction to Hacking
  • The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
  • Hacking: The Art of Exploitation
  • The Beginner's Guide to Information Security
  • Essentials of Cybersecurity
  • Essentials of Enterprise Network Security (https://res.cloudinary.com/peerlyst/image/upload/v1499385854/post-attachments/Essentials_of_Enterprise_Network_Security_wiqsvc.pdf)
  • CISSP: Certified Information Systems Security Professional Study Guide
  • CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide
  • CISSP All-in-One Exam Guide
  • The Shellcoder's Handbook: Discovering and Exploiting Security Holes
  • The Cyber Skill Gap
  • A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security
  • The Art of Deception: Controlling the Human Element of Security
  • Practical Malware Analysis: A Hands-On Guide to Dissecting Malicious Software
  • Windows Internals
  • The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler
  • Black Hat Python: Python Programming for Hackers and Pentesters
  • Understanding Cryptography: A Textbook for Students and Practitioners
  • Hacking Exposed 7
  • Blue Team Handbook: Incident Response Edition: A condensed field guide for the Cyber Security Incident Responder
  • Cybersecurity - Protecting Critical Infrastructures from Cyber Attack and Cyber Warfare
  • Cybersecurity and Cyberwar: What Everyone Needs to Know
  • TCP/IP Illustrated
  • Web Application Vulnerabilities: Detect, Exploit, Prevent
  • Thinking Security: Stopping Next Year's Hackers
  • Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon
  • Cyber War: The Next Threat to National Security and What to Do About It
  • Cyberspies: The Secret History of Surveillance, Hacking, and Digital Espionage
  • Cybersecurity and Human Rights in the Age of Cyberveillance
  • Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications
  • We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency
  • Ghost in the Wires: My Adventures as the World's Most Wanted Hacker
  • Future Crimes: Inside the Digital Underground and the Battle for Our Connected World
  • Worm: The First Digital World War
  • Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door
  • Reversing: Secrets of Reverse Engineering
  • Rtfm: Red Team Field Manual
  • Linux Shell Scripting Cookbook
  • A Short Course on Computer Viruses
  • Protection and Security on the Information Superhighway
  • AVIEN Malware Defense Guide for the Enterprise
  • The Ncsa Guide to PC and Lan Security
  • Applied Cryptography: Protocols, Algorithms and Source Code in C
  • Cryptography Engineering: Design Principles and Practical Applications
  • The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography
  • The Art of Computer Virus Research and Defense
  • Information Assurance Handbook: Effective Computer Security and Risk Management Strategies
  • The Hacker Playbook: Practical Guide To Penetration Testing
  • Applied Network Security Monitoring: Collection, Detection, and Analysis
  • Security Metrics, A Beginner's Guide
  • Network Security Through Data Analysis: Building Situational Awareness
  • Protecting Your Internet Identity: Are You Naked Online?
  • Hacked Again
  • The Computer Incident Response Planning Handbook: Executable Plans for Protecting Information at Risk
  • The Tao of Network Security Monitoring: Beyond Intrusion Detection
  • Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection
  • Secure Programming HOWTO (https://dwheeler.com/secure-programs/Secure-Programs-HOWTO/index.html)
  • Network Forensics: Tracking Hackers through Cyberspace
  • The Art of Memory Forensics
  • Practice of Network Security Monitoring

Conferences

  • SANS Annual Conference
  • Cyber Threat Intelligence Summit
  • SANS Pen Test Annual Conferences
  • SANS Security Annual Conferences
  • Security Operations Summit & Training
  • AppSecUSA
  • Infosecurity North America
  • Infosecurity Europe
  • AppSec United States (OWASP National Conference)
  • RSA Conference United States
  • IEEE Symposium on Security & Privacy
  • ISF Annual World Congress
  • ISACA Cyber Security Nexus
  • DerbyCon 8.0
  • CSO50 Conference
  • Infosecurity Europe
  • Securi-Tay
  • Nullcon Conference
  • CanSecWest
  • InfoSec World
  • IAPP Global Privacy Summit
  • ISSA International Conference
  • InfoSec Southwest
  • Infiltrate
  • Atlantic Security Conference (AtlSecCon)
  • SOURCE Annual Conferences
  • Secure360 Conference
  • AFCEA Defensive Cyber Operations Symposium
  • HACKMIAMI
  • Ignite
  • FIRST Conference
  • Black Hat United States
  • DEF CON
  • USENIX Security Symposium
  • 44CON London
  • Hacker Halted - Optionally includes certification-specific training
  • SecTor Canada
  • BruCON
  • DeepSec
  • (ISC)2 Secure Event Series
  • IANS Information Security Forums
  • ISSA CISO Executive Forum Series
  • secureCISO
  • BSides Event Series
  • CISO Executive Summit Series (Invite-only)
  • SecureWorld
  • HOPE
  • HITB
  • Black Hat
  • BSides
  • CCC
  • DerbyCon
  • PhreakNIC
  • ShmooCon
  • CarolinaCon
  • SummerCon
  • Hack.lu
  • Hack3rCon
  • ThotCon
  • LayerOne
  • SkyDogCon
  • SECUINSIDE
  • DefCamp
  • Nullcon
  • Swiss Cyber Storm
  • Virus Bulletin Conference
  • Ekoparty
  • 44Con
  • BalCCon
  • FSec

Online Videos

Illustrations and Presentations

Clearnet Exploit Databases

Awesome Master Lists

Tools

Penetration Testing OS Distributions

  • Parrot Security OS - Distribution similar to Kali using the same repositories, but with additional features such as Tor and I2P integration.
  • Kali - GNU/Linux distribution designed for digital forensics and penetration testing.
  • ArchStrike - Arch GNU/Linux repository for security professionals and enthusiasts.
  • BlackArch - Arch GNU/Linux-based distribution for penetration testers and security researchers.
  • Network Security Toolkit (NST) - Fedora-based bootable live operating system designed to provide easy access to best-of-breed open source network security applications.
  • BackBox - Ubuntu-based distribution for penetration tests and security assessments.
  • Buscador - GNU/Linux virtual machine that is pre-configured for online investigators.
  • Fedora Security Lab - Provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies.
  • The Pentesters Framework - Distro organized around the Penetration Testing Execution Standard (PTES), providing a curated collection of utilities that eliminates often unused toolchains.
  • AttifyOS - GNU/Linux distribution focused on tools useful during Internet of Things (IoT) security assessments.

Multi-paradigm Frameworks

  • Metasploit - Software for offensive security teams to help verify vulnerabilities and manage security assessments.
  • Mad-Metasploit - Additional scripts for Metasploit.
  • Armitage - Java-based GUI front-end for the Metasploit Framework.
  • Faraday - Multiuser integrated pentesting environment for red teams performing cooperative penetration tests, security audits, and risk assessments.
  • ExploitPack - Graphical tool for automating penetration tests that ships with many pre-packaged exploits.
  • Pupy - Cross-platform (Windows, Linux, macOS, Android) remote administration and post-exploitation tool.
  • AutoSploit - Automated mass exploiter, which collects target by employing the Shodan.io API and programmatically chooses Metasploit exploit modules based on the Shodan query.
  • Rupture - Multipurpose tool capable of man-in-the-middle attacks, BREACH attacks and other compression-based crypto attacks.
  • Mobile Security Framework (MobSF) - Automated mobile application pentesting framework capable of static analysis, dynamic analysis, malware analysis, and web API testing.

Training Utilities and Resources

Network Reconnaissance Tools

  • Shodan - Database containing information on all accessible domains on the internet obtained from passive scanning.
  • zmap - Open source network scanner that enables researchers to easily perform Internet-wide network studies.
  • nmap - Free security scanner for network exploration & security audits.
  • Netdiscover - Simple and quick network scanning tool.
  • xprobe2 - Open source operating system fingerprinting tool.
  • CloudFail - Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS.
  • Mass Scan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
  • smbmap - Handy SMB enumeration tool.
  • LdapMiner - Multiplatform LDAP enumeration utility.
  • ACLight - Script for advanced discovery of sensitive Privileged Accounts - includes Shadow Admins.
  • Pentest-Tools - Online suite of various different pentest related tools.
  • Ruler - Tool for remotely interacting with Exchange servers.

Network Vulnerability Scanners

  • OpenVAS - Open source implementation of the popular Nessus vulnerability assessment system.
  • Nessus - Commercial network vulnerability scanner.
  • Nexpose - Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7.
  • Vuls - Agentless Linux/FreeBSD vulnerability scanner written in Go.

Web Vulnerability Scanners

  • Netsparker Web Application Security Scanner - Commercial web application security scanner to automatically find many different types of security flaws.
  • OWASP Zed Attack Proxy (ZAP) - Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.
  • Burp Suite - Commercial web vulnerability scanner, with limited community edition.
  • Nikto - Noisy but fast black box web server and web application vulnerability scanner.
  • WPScan - Black box WordPress vulnerability scanner.
  • cms-explorer - Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running.
  • ACSTIS - Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.
  • SQLmate - A friend of sqlmap that identifies sqli vulnerabilities based on a given dork and website (optional).
  • ASafaWeb - Free online web vulnerability scanner.

Web Exploitation

  • Browser Exploitation Framework (BeEF) - Command and control server for delivering exploits to commandeered Web browsers.
  • Wordpress Exploit Framework - Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
  • WPSploit - Exploit WordPress-powered websites with Metasploit.
  • commix - Command Injection exploitation tool.
  • Drupwn - Drupal web application exploitation tool.
  • SQLmap - Automated SQL injection and database takeover tool.
  • sqlninja - Automated SQL injection and database takeover tool.
  • libformatstr - Python script designed to simplify format string exploits.
  • tplmap - Automatic server-side template injection and Web server takeover tool.
  • weevely3 - Weaponized web shell.
  • wafw00f - Identifies and fingerprints Web Application Firewall (WAF) products.
  • fimap - Find, prepare, audit, exploit and even Google automatically for LFI/RFI bugs.
  • Kadabra - Automatic LFI exploiter and scanner.
  • Kadimus - LFI scan and exploit tool.
  • liffy - LFI exploitation tool.
  • Commix - Automated all-in-one operating system command injection and exploitation tool.
  • sslstrip - Demonstration of the HTTPS stripping attacks.
  • sslstrip2 - SSLStrip version to defeat HSTS.
  • NoSQLmap - Automatic NoSQL injection and database takeover tool.
  • VHostScan - A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
  • FuzzDB - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
  • EyeWitness - Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible.
  • webscreenshot - A simple script to take screenshots from a list of websites.
  • IIS-Shortname-Scanner - Command line tool to exploit the Windows IIS tilde information disclosure vulnerability.
  • lyncsmash - a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations

Network Tools

  • Network-Tools.com - Website offering an interface to numerous basic network utilities like ping, traceroute, whois, and more.
  • Intercepter-NG - Multifunctional network toolkit.
  • SPARTA - Graphical interface offering scriptable, configurable access to existing network infrastructure scanning and enumeration tools.
  • dsniff - Collection of tools for network auditing and pentesting.
  • scapy - Python-based interactive packet manipulation program & library.
  • Printer Exploitation Toolkit (PRET) - Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features.
  • Praeda - Automated multi-function printer data harvester for gathering usable data during security assessments.
  • routersploit - Open source exploitation framework similar to Metasploit but dedicated to embedded devices.
  • impacket - Collection of Python classes for working with network protocols.
  • dnstwist - Domain name permutation engine for detecting typo squatting, phishing and corporate espionage.
  • THC Hydra - Online password cracking tool with built-in support for many network protocols, including HTTP, SMB, FTP, telnet, ICQ, MySQL, LDAP, IMAP, VNC, and more.
  • Ncat - TCP/IP command line utility supporting multiple protocols.
  • pig - GNU/Linux packet crafting tool.
  • Low Orbit Ion Cannon (LOIC) - Open source network stress testing tool.
  • Sockstress - TCP based DoS utility.
  • UFONet - Layer 7 DDoS/DoS tool.
  • Zarp - Multipurpose network attack tool, both wired and wireless.
  • FireAway - Firewall audit and security bypass tool.
  • enumdb - MySQL and MSSQL bruteforce utilityl

Protocol Analyzers and Sniffers

  • tcpdump/libpcap - Common packet analyzer that runs under the command line.
  • Wireshark - Widely-used graphical, cross-platform network protocol analyzer.
  • Yersinia - Packet and protocol analyzer with MITM capability.
  • Fiddler - Cross platform packet capturing tool for capturing HTTP/HTTPS traffic.
  • netsniff-ng - Swiss army knife for Linux network sniffing.
  • Dshell - Network forensic analysis framework.
  • Chaosreader - Universal TCP/UDP snarfing tool that dumps session data from various protocols.

Proxies and MITM Tools

  • Responder - Open source NBT-NS, LLMNR, and MDNS poisoner.
  • Responder-Windows - Windows version of the above NBT-NS/LLMNR/MDNS poisoner.
  • MITMf - Multipurpose man-in-the-middle framework.
    • e.g. mitmf --arp --spoof -i eth0 --gateway 192.168.1.1 --targets 192.168.1.20 --inject --js-url http://192.168.1.137:3000/hook.js
  • dnschef - Highly configurable DNS proxy for pentesters.
  • mitmproxy - Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
  • Morpheus - Automated ettercap TCP/IP Hijacking tool.
  • SSH MITM - Intercept SSH connections with a proxy; all plaintext passwords and sessions are logged to disk.
  • evilgrade - Modular framework to take advantage of poor upgrade implementations by injecting fake updates.
  • Ettercap - Comprehensive, mature suite for machine-in-the-middle attacks.
  • BetterCAP - Modular, portable and easily extensible MITM framework.

Wireless Network Tools

  • Aircrack-ng - Set of tools for auditing wireless networks.
  • WiFi Pumpkin - All in one Wi-Fi exploitation and spoofing utility.
  • MANA Toolkit - Rogue AP and man-in-the-middle utility.
  • Wifite - Automated wireless attack tool.
  • Fluxion - Suite of automated social engineering based WPA attacks.
  • NetStumbler - WLAN scanning tool.
  • Kismet - Wireless network discovery tool.

Transport Layer Security Tools

  • tlssled - Comprehensive TLS/SSL testing suite.
  • SSLscan - Quick command line SSL/TLS analyzer.
  • SSLyze - Fast and comprehensive TLS/SSL configuration analyzer to help identify security mis-configurations.
  • SSL Labs - Online TLS/SSL testing suite for revealing supported TLS/SSL versions and ciphers.
  • crackpkcs12 - Multithreaded program to crack PKCS#12 files (.p12 and .pfx extensions), such as TLS/SSL certificates.
  • spoodle - Mass subdomain + POODLE vulnerability scanner.

Cryptography

  • FeatherDuster - Analysis tool for discovering flaws in cryptography.
  • rsatool - Tool for calculating RSA and RSA-CRT parameters.
  • xortool - XOR cipher analysis tool.

Post-Exploitation

  • CrackMapExec - Multipurpose post-exploitation suite containing many plugins.
  • DBC2 - Multipurpose post-exploitation tool.
  • Empire - PowerShell based (Windows) and Python based (Linux/OS X) post-exploitation framework.
  • EvilOSX - macOS backdoor with docker support.
  • FruityC2 - Open source, agent-based post-exploitation framework with a web UI for management.
  • PowerOPS - PowerShell and .NET based runspace portable post-exploitation utility.
  • ProcessHider - Post-exploitation tool for hiding processes.
  • RemoteRecon - Post-exploitation utility making use of multiple agents to perform different tasks.
  • TheFatRat - Tool designed to generate remote access trojans (backdoors) with msfvenom.
  • Koadic - Windows post-exploitation rootkit, primarily utilizing Windows Script Host.
  • p0wnedShell - PowerShell based post-exploitation utility utilizing .NET.
  • poet - Simple but multipurpose post-exploitation tool.
  • Pupy - Open source cross-platform post-exploitation tool, mostly written in Python.
  • PlugBot - Can be installed onto an ARM device for Command & Control use and more.
  • Fathomless - A collection of post-exploitation tools for both Linux and Windows systems.
  • Portia - Automated post-exploitation tool for lateral movement and privilege escalation.

Exfiltration Tools

  • HTTPTunnel - Tunnel data over pure HTTP GET/POST requests.
  • Data Exfiltration Toolkit (DET) - Proof of concept to perform data exfiltration using either single or multiple channel(s) at the same time.
  • mimikatz - Credentials extraction tool for Windows operating system.
  • mimikittenz - Post-exploitation PowerShell tool for extracting data from process memory.
  • pwnat - Punches holes in firewalls and NATs.
  • dnsteal - Fake DNS server for stealthily extracting files.
  • tgcd - Simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls.
  • Iodine - Tunnel IPv4 data through a DNS server; useful for exfiltration from networks where Internet access is firewalled, but DNS queries are allowed.
  • PassHunt - Search file systems for passwords.
  • PANHunt - Search file systems for credit cards.
  • mallory - HTTP/HTTPS proxy over SSH.
  • spYDyishai - Local Google credentials exfiltration tool, written in Python.
  • MailSniper - Search through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.).

Static Analyzers

  • OWASP Dependency Check - Open source static analysis tool that enumerates dependencies used by Java and .NET software code (with experimental support for Python, Ruby, Node.js, C, and C++) and lists security vulnerabilities associated with the depedencies.
  • VisualCodeGrepper - Open source static code analysis tool with support for Java, C, C++, C#, PL/SQL, VB, and PHP. VisualCodeGrepper also conforms to OWASP best practices.
  • Veracode - Commercial cloud platform for static code analysis, dynamic code analysis, dependency/plugin analysis, and more.
  • Brakeman - Static analysis security vulnerability scanner for Ruby on Rails applications.
  • cppcheck - Extensible C/C++ static analyzer focused on finding bugs.
  • FindBugs - Free software static analyzer to look for bugs in Java code.
  • sobelow - Security-focused static analysis for the Phoenix Framework.
  • bandit - Security oriented static analyser for python code.
  • Progpilot - Static security analysis tool for PHP code.
  • ShellCheck - Static code analysis tool for shell script.
  • Codebeat (open source) - Open source implementation of commercial static code analysis tool with GitHub integration.
  • smalisca - Android static code analysis tool.
  • Androwarn - Android static code analysis tool.
  • APKinspector - Android APK analysis tool with GUI.
  • pefile - Static portable executable file inspector.
  • Androbugs-Framework - Android program vulnerability analysis tool.
  • Joint Advanced Defense Assessment for Android Applications (JAADAS) - Multipurpose Android static analysis tool.
  • Quick Android Review Kit (Qark) - Tool for finding security related Android application vulnerabilities.
  • truffleHog - Git repo scanner.
  • Yara - Static pattern analysis tool for malware researchers.

Dynamic Analyzers

  • Cheat Engine - Memory debugger and hex editor for running applications.
  • Cuckoo - Automated dynamic malware analysis tool.
  • ConDroid - Android dynamic application analysis tool.
  • drozer - Android platform dynamic vulnerability assessment tool.
  • DECAF - Dynamic code analysis tool.
  • droidbox - Dynamic malware analysis tool for Android, extension to DECAF.
  • AndroidHooker - Dynamic Android application analysis tool.
  • Inspeckage - Dynamic Android package analysis tool.
  • Androl4b - Android security virtual machine based on Ubuntu-MATE for reverse engineering and malware analysis.
  • idb - iOS app security analyzer.

Hex Editors

  • HexEdit.js - Browser-based hex editing.
  • Hexinator - World's finest (proprietary, commercial) Hex Editor.
  • Frhed - Binary file editor for Windows.

File Format Analysis Tools

  • Kaitai Struct - File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby.
  • Veles - Binary data visualization and analysis tool.
  • Hachoir - Python library to view and edit a binary stream as tree of fields and tools for metadata extraction.

Anti-Virus Evasion Tools

  • shellsploit - Generates custom shellcode, backdoors, injectors, optionally obfuscates every byte via encoders.
  • Hyperion - Runtime encryptor for 32-bit portable executables ("PE .exes").
  • AntiVirus Evasion Tool (AVET) - Post-process exploits containing executable files targeted for Windows machines to avoid being recognized by antivirus software.
  • peCloak.py - Automates the process of hiding a malicious Windows executable from antivirus (AV) detection.
  • peCloakCapstone - Multi-platform fork of the peCloak.py automated malware antivirus evasion tool.
  • UniByAv - Simple obfuscator that takes raw shellcode and generates Anti-Virus friendly executables by using a brute-forcable, 32-bit XOR key.
  • Shellter - Dynamic shellcode injection tool, and the first truly dynamic PE infector ever created.
  • Windows-SignedBinary - AV evasion tool for binary files.
  • SigThief - Stealing signatures to evade AV.

Hash Cracking Tools

  • Hashcat - Fast hash cracking utility with support for most known hashes as well as OpenCL and CUDA acceleration.
  • John the Ripper - Fast password cracker.
  • John the Ripper Jumbo edition - Community enhanced version of John the Ripper.
  • CeWL - Generates custom wordlists by spidering a target's website and collecting unique words.
  • CrackStation - Online password cracker.
  • JWT Cracker - Simple HS256 JWT token brute force cracker.
  • Rar Crack - RAR bruteforce cracker.

Windows Utilities

  • Sysinternals Suite - The Sysinternals Troubleshooting Utilities.
  • PowerSploit - PowerShell Post-Exploitation Framework.
  • Headstart - Lazy man's Windows privilege escalation tool utilizing PowerSploit.
  • Windows Exploit Suggester - Suggests Windows exploits based on patch levels.
  • Windows Credentials Editor - Inspect logon sessions and add, change, list, and delete associated credentials, including Kerberos tickets.
  • Bloodhound - Graphical Active Directory trust relationship explorer.
  • Empire - Pure PowerShell post-exploitation agent.
  • Fibratus - Tool for exploration and tracing of the Windows kernel.
  • redsnarf - Post-exploitation tool for retrieving password hashes and credentials from Windows workstations, servers, and domain controllers.
  • Magic Unicorn - Shellcode generator for numerous attack vectors, including Microsoft Office macros, PowerShell, HTML applications (HTA), or certutil (using fake certificates).
  • DeathStar - Python script that uses Empire's RESTful API to automate gaining Domain Admin rights in Active Directory environments.
  • PSKernel-Primitives - Exploiting primitives for PowerShell.
  • GetVulnerableGPO - PowerShell based utility for finding vulnerable GPOs.
  • Luckystrike - PowerShell based utility for the creation of malicious Office macro documents.
  • Commentator - PowerShell script for adding comments to MS Office documents, and these comments can contain code to be executed.
  • Hyena - NetBIOS exploitation.

GNU Linux Utilities

  • Linux Exploit Suggester - Heuristic reporting on potentially viable exploits for a given GNU/Linux system.
  • Linus - Security auditing tool for Linux and macOS.
  • vuls - Linux/FreeBSD agentless vulnerability scanner.
  • Mempodipper - Linux Kernel 2.6.39 < 3.2.2 local privilege escalation script.

macOS Utilities

  • Bella - Pure Python post-exploitation data mining and remote administration tool for macOS.
  • Linus - Security auditing tool for Linux and macOS.

Social Engineering Tools

OSINT Tools

  • Shodan - World's first search engine for Internet-connected devices.
  • Maltego - Proprietary software for open source intelligence and forensics, from Paterva.
  • Alienvault Open Threat Exchange (OTX) - Live threat feed.
  • Talos Intelligence - Live threat feed.
  • Cymon - Threat intelligence feed.
  • Combine - Open source threat intelligence feed gathering tool.
  • ThreatCrowd - Threat search engine.
  • AbuseIPDB - Search engine for blacklisted IPs or domains.
  • Apility - Search engine for blacklisted IPs or domains.
  • AutoShun - Public repository of malicious IPs and other resources.
  • Binary Defense IP Ban List - Public IP blacklist.
  • Blocklist Ipsets - Public IP blacklist.
  • ThreatTracker - Python based IOC tracker.
  • malc0de Database - Searchable incident database.
  • malc0de DNSSinkhole - List of domains that have been identified as distributing malware during the past 30 days.
  • Malware Domain List - Search and share malicious URLs.
  • Machinae - Multipurpose OSINT tool using threat intelligence feeds.
  • Mxtoolbox - Email domain and DNS lookup.
  • BadIPs - Online blacklist lookup.
  • Spamhaus - Online blacklist lookup.
  • Spamcop - IP based blacklist.
  • Robtex - Domain and IP address lookup.
  • theHarvester - E-mail, subdomain and people names harvester.
  • DNSDumpster - Online DNS recon and search service.
  • dnsenum - Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results.
  • dnsmap - Passive DNS network mapper.
  • dnsrecon - DNS enumeration script.
  • dnstracer - Determines where a given DNS server gets its information from, and follows the chain of DNS servers.
  • passivedns-client - Library and query tool for querying several passive DNS providers.
  • passivedns - Network sniffer that logs all DNS server replies for use in a passive DNS setup.
  • creepy - Geolocation OSINT tool.
  • Google Hacking Database - Database of Google dorks; can be used for recon.
  • GooDork - Command line Google dorking tool.
  • dork-cli - Command line Google dork tool.
  • Censys - Collects data on hosts and websites through daily ZMap and ZGrab scans.
  • recon-ng - Full-featured Web Reconnaissance framework written in Python.
  • github-dorks - CLI tool to scan github repos/organizations for potential sensitive information leak.
  • vcsmap - Plugin-based tool to scan public version control systems for sensitive information.
  • Spiderfoot - Open source OSINT automation tool with a Web UI and report visualizations
  • Threat Crowd - Search engine for threats.
  • PacketTotal - Simple, free, high-quality packet capture file analysis facilitating the quick detection of network-borne malware (using Bro and Suricata IDS signatures under the hood).
  • gOSINT - OSINT tool with multiple modules and a telegram scraper.
  • Amass - Subdomain enumeration via scraping, web archives, brute forcing, permutations, reverse DNS sweeping, TLS certificates, passive DNS data sources, etc.
  • XRay - XRay is a tool for recon, mapping and OSINT gathering from public networks.
  • Intel Techniques Online Tools - Use the links to the left to access all of the custom search tools.
  • FindFrontableDomains - Multithreaded tool for finding frontable domains.
  • CloudFrunt - Tool for identifying misconfigured CloudFront domains.
  • Linkedin2Username - Web scraper that uses valid LinkedIn credentials to put together a list of employees for a specified company.
  • Raven - LinkedIn information gathering tool.
  • InfoByIp - Domain and IP bulk lookup tool.

Anonymity Tools

  • Tor - Free software and onion routed overlay network that helps you defend against traffic analysis.
  • I2P - The Invisible Internet Project.
  • OnionScan - Tool for investigating the Dark Web by finding operational security issues introduced by Tor hidden service operators.
  • What Every Browser Knows About You - Comprehensive detection page to test your own Web browser's configuration for privacy and identity leaks.

Reverse Engineering Tools

  • VirusTotal - Online malware scanner.
  • PacketTotal - Online pcap file analyzer.
  • NetworkTotal - Online pcap file analyzer.
  • Hybrid Analysis - Online malware scanner.
  • Malaice.io - Open source malware analyzer.
  • Cuckoo Sandbox - Online malware scanner.
  • Cuckoo Modified - Fork of Cuckoo Sandbox with multiple improvements.
  • Cuckoo Modified API - Python API for Cuckoo Modified.
  • Cryptam - Online malicious document scanner.
  • Ragpicker - Malware analysis tool.
  • DRAKVUF - Virtualization based agentless black-box binary analysis system.
  • Sandboxed Execution Environment - Framework for building sandboxed malware execution environments.
  • Malheur - Automated sandbox analysis of malware behavior.
  • Metadefender - Online file and hash analyzer.
  • Interactive Disassembler (IDA Pro) - Proprietary multi-processor disassembler and debugger for Windows, GNU/Linux, or macOS; also has a free version, IDA Free.
  • WDK/WinDbg - Windows Driver Kit and WinDbg.
  • OllyDbg - x86 debugger for Windows binaries that emphasizes binary code analysis.
  • Radare2 - Open source, crossplatform reverse engineering framework.
  • x64dbg - Open source x64/x32 debugger for windows.
  • firmware.re - Firmware analyzier.
  • HaboMalHunter - Automated malware analysis tool for Linux ELF files.
  • Immunity Debugger - Powerful way to write exploits and analyze malware.
  • Evan's Debugger - OllyDbg-like debugger for GNU/Linux.
  • Medusa - Open source, cross-platform interactive disassembler.
  • plasma - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
  • peda - Python Exploit Development Assistance for GDB.
  • dnSpy - Tool to reverse engineer .NET assemblies.
  • binwalk - Fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.
  • PyREBox - Python scriptable Reverse Engineering sandbox by Cisco-Talos.
  • Voltron - Extensible debugger UI toolkit written in Python.
  • Capstone - Lightweight multi-platform, multi-architecture disassembly framework.
  • rVMI - Debugger on steroids; inspect userspace processes, kernel drivers, and preboot environments in a single tool.
  • PDF Examiner - Online PDF scanner.
  • Balbuzard - Malware analysis tool with reverse obfuscation.
  • de4dot - .NET deobfuscator and unpacker.
  • FireEye Labs Obfuscated String Solver (FLOSS) - Malware deobfuscator.
  • NoMoreXOR - Frequency analysis tool for trying to crack 256-bit XOR keys.
  • PackerAttacker - Generic hidden code extractor for Windows malware.
  • unXOR - Tool that guesses XOR keys using known plaintext attacks.
  • xortool - Tool for guessing XOR keys.
  • VirtualDeobfuscator - Reverse engineering tool for virtualization wrappers.

Side-channel Tools

  • ChipWhisperer - Complete open-source toolchain for side-channel power analysis and glitching attacks.

Forensic Tools

Memory Analysis

Incident Response

Honeypot Tools

Monitoring and IDS-IPS

  • Security Onion - Linux distro for monitoring.
  • Snort - Open source NIPS/NIDS.
  • OSSEC - Open source HIDS.
  • AIEngine - Very advanced NIDS.
  • Suricata - Open source NIPS/NIDS.
  • SSHWATCH - SSH IPS.
  • Elastic Stack - Also known as the ELK stack, the combination of Elasticsearch, Logstash, and Kibana, for monitoring and logging.

Other

Reports

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.