Links to useful free security related tools.
Tools that don’t fit elsewhere.
- GCHQ CyberChef – The Cyber Swiss Army Knife.
- hash-id – hash-id is a command line program for identifying hash types based on Zion3R’s implementation.
Tools for looking up file hashes.
- CIRCL Hash Lookup – Lookup hash against databases of known files. API available.
Malware sandboxes, virus scanners and more.
- Virus Total – Upload a file or submit a URL for checking against multiple AV products.
- Hybrid Analysis – Malware sandbox.
- ANY.RUN – Malware sandbox. Free lookups subject to limitations.
- CAPE Sandbox – Malware sandbox.
- Dragonfly – Automated malware sandbox. Dragonfly is unique in that it is built over different emulation engines and allows customization of entire operating systems and the rules used to hunt malware.
Post Exploitation Tools
- LaZagne (Windows) – Dump various passwords such as from web browsers, email clients and more.
- Chainsaw (Windows) – Quickly identify threats using event logs with Sigma detection rules.
- The Logfile Navigator (lnav) – The Log File Navigator, lnav for short, is an advanced log file viewer for the small-scale. It is a terminal application that can understand your log files and make it easy for you to find problems with little to no setup.
- Angle Grinder – Angle-grinder allows you to parse, aggregate, sum, average, min/max, percentile, and sort your data. You can see it, live-updating, in your terminal. Angle grinder is designed for when, for whatever reason, you don’t have your data in graphite/honeycomb/kibana/sumologic/splunk/etc. but still want to be able to do sophisticated analytics.
- Sysmon for Linux – Linux version of sysmon tool by Microsoft to aid in discovering compromised systems. Released very recently.
- OWASP Amass Project – The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.
- Smithproxy – Smithproxy is highly configurable, fast and transparent TCP/UDP/TLS (SSL) proxy written in C++17.
- Linux Cat Scale – Linux CatScale is a bash script that uses live of the land tools to collect extensive data from Linux based hosts. The data aims to help DFIR professionals triage and scope incidents. An Elk Stack instance also is configured to consume the output and assist the analysis process.
- dnstwister – Search for typo squatting, potential phishing domains and potential IP violations of your domains.
- dnstwist – Similar to the above dnstwister web based tool.
- Cert Eagle – Monitor certificate transparency logs for domains/subdomains and receive alerts.
- Certstream – Monitor certificates being issued from certificate transparency logs in real time