Cybersecurity Tools
Our suggestion for your Cybersecurity technical activities
| Name | Type | Category | Link | Openess | Further Information |
|---|---|---|---|---|---|
| Apktool | Reverse Engineering | Reversing | https://ibotpeaches.github.io/Apktool/ | Open-Source | A tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications. It also makes working with an app easier because of the project like file structure and automation of some repetitive tasks like building apk, etc. |
| Bandit | Static Code Analysis | Software Development | https://bandit.readthedocs.io/en/latest/ | Open-Source | Bandit is a static code analysis tool to find common security issues in Python code. |
| binwalk | Reversing | Reversing | https://github.com/ReFirmLabs/binwalk | Open-Source | Binwalk is a tool for analyzing, reverse engineering, and extracting firmware images. |
| BurpSuite | Web Application Security Testing | Web | https://portswigger.net/burp/communitydownload | Commercial and Open-Source Versions available | Burp Suite is the world's most widely used web application security testing software. |
| checkmk | Monitoring System | Network | https://checkmk.com/ | Open-Source | Monitoring system for applications, servers, networks, etc. |
| Chizpurfle | Fuzzer | Reversing | https://github.com/dessertlab/fantastic_beasts | Open-Source | Chizpurfle, a gray-box fuzzer designed to run on actual Android devices, with a focus on testing vendor-specific system services of Android OS. It was presented at the IEEE ISSRE 2017 conference, and received the best research paper award. |
| Cowrie | SSH/Telnet Honeypot | Network | https://cowrie.readthedocs.io/ | Open-Source | Medium to high interaction SSH and Telnet (proxy) honeypot to log attacks and the shell interaction performed with an emulates UNIX system. |
| CTFd | CTF Platform | CTF | https://ctfd.io/ | Open-Source | Platform software with plugins for a CTF |
| Cuckoo Sandbox | Dynamic Malware Analysis | Malware Analysis | https://cuckoosandbox.org/ | Open-Source | Run malware in virtual machine and monitor the changes |
| CyberChef | Encoder/Decoder | Crypto | https://gchq.github.io/CyberChef/ | Open-Source | Web application to decode and encode data |
| Dependency-Track | Software Bill-of-Materials Analysis | Risk Management | https://dependencytrack.org/ | Open-Source | "Dependency-Track is an intelligent Software Supply Chain Component Analysis platform that allows organizations to identify and reduce risk from the use of third-party and open source components." (Quote from homepage) |
| DIRB | Web Search Tool | Web | http://dirb.sourceforge.net/ | Open-Source | DIRB is a tool for automating the search of (normally hidden) web applications. |
| Elastic Stack | Realtime Data Analyzing Platform | Data Analysis | https://www.elastic.co/ | Commercial and Open-Source Versions available | Elastic Stack is a group of open source products from Elastic designed to help users take data from any type of source and in any format and search, analyze, and visualize that data in real time. The product group was formerly known as ELK Stack, in which the letters in the name stood for the products in the group: Elasticsearch, Logstash and Kibana. |
| Exiftool | Exif Tool | Generic | https://exiftool.org | Open-Source | See, delete, and change exif information, but also see history exif information. |
| Flowmon | Network Performance Monitoring & Diagnostics | Network | https://www.flowmon.com/en/overview | Commercial | Flowmon is a tool set composed of Probes (monitoring network traffic, export telemetry in form of NetFlow/IPFIX, capture full packet data, etc.) and Collectors to store, process, visualize, analyze, report and alert on network traffic. |
| Flowmon ADS | Network Detection & Response | Network | https://www.flowmon.com/en/products/software-modules/anomaly-detection-system | Commercial | Flowmon Anomaly Detection System is a software module running on top of Flowmon system to detect and report on indicators of compromise, attacks against network services, lateral movement, data exfiltration, etc. In combines various detection techniques (machine learning, adaptive base lining, heuristics, etc.) to report on security events out of the box. |
| Flowmon DDoS Defender | Detection & Mitigation of DDoS Attacks | Network | https://www.flowmon.com/en/products/software-modules/ddos-defender | Commercial | Flowmon DDoS Defender is a software module running on top of Flowmon system to detect and mitigate volumetric DDoS attacks. It provides the mitigation control using PBR, BGP and BGP Flowspec and integration with third party scrubbing devices and cloud scrubbing centers. |
| Frida | Dynamic Instrumentation Tool | Reversing | https://github.com/frida/frida | Open-Source | Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers. Frida is scriptable, portable, and free. |
| GnuPG | Public Key Cryptography tool for encrypting and signing data | Crypto | https://gnupg.org/ | Open-Source | OpenPGP implementation, Gpg4win is the Windows version |
| Gorille | Morphological analysis a breakthrough technology for binary code analysis | Data analysis | https://www.cyber-detect.com/index-en.html | Commercial | Better threat recognition, Bottleneck issues avoidance in incident response, Delay reduction in incident response time |
| hashcat | Password Recovery | Forensic | https://hashcat.net/hashcat/ | Open-Source | Recovery different passwords, from Veracrypt to Blockchain. |
| Hping3 | Network Packet Generator | Network | http://www.hping.org/ | Open-Source | hping is a command-line oriented TCP/IP packet assembler/analyzer |
| Hydra | Network Password and Logon Cracker | Network | https://tools.kali.org/password-attacks/hydra | Open-Source | Hydra is a parallelized login cracker which supports numerous protocols to attack. |
| kAFL | Fuzzer | Reversing | https://github.com/RUB-SysSec/kafl | Open-Source | Blazing fast x86-64 VM kernel fuzzing framework with performant VM reloads for Linux, MacOS and Windows. |
| Kali | OS | OS | https://kali.org | Open-Source | Linux with pentesting and forensic tools |
| Kypo | Cyber Range Platform | Risk management and training | https://crp.kypo.muni.cz/ | Open-Source | KYPO Cyber Range Platform is a flexible, scalable, and sophisticated virtual environment. It is based on modern approaches such as containers, infrastructure as code, microservices, and open-source software |
| MISP | Threat Intelligence Sharing | Threat Intelligence | https://www.misp-project.org/ | Open-Source | Threat intelligence sharing platform. Used to detect abnormal behaviors |
| Moon Cloud | Security Sssurance Evaluation Tool | Web | https://www.moon-cloud.eu/en | Commercial | Moon Cloud provides a cloud platform for continuous compliance assessment and assurance evaluation of cloud, IoT, and traditional IT applications/infrastructures. It enables infrastructure/application owners to have a complete verification of their services during operation. Though generic, it mainly targets security and performance assurance, and can support security certification of IT systems. |
| Nautilus | Fuzzer | Reversing | https://github.com/nautilus-fuzz/nautilus | Open-Source | Nautilus is a coverage guided, grammar based fuzzer |
| Nessus | Vulnerability Scanner | Network | https://de.tenable.com/products/nessus | Commercial and Open-Source Versions available | Nessus scans cover a wide range of technologies including operating systems, network devices, hypervisors, databases, web servers, and critical infrastructure. |
| Nmap | Network Mapper | Network | https://nmap.org/ | Open-Source | Utility for network discovery and security auditing. Vulnerability scanning and network discovery. Network administrators use Nmap to identify what devices are running on their systems, discovering hosts that are available and the services they offer, finding open ports and detecting security risks. |
| OSS-Fuzz | Fuzzer | Reversing | https://github.com/google/oss-fuzz | Open-Source | OSS-Fuzz is designed for testing open source software security and stability. It combines modern fuzzing techniques with scalable, distributed execution. |
| OSSEC | Open Source HIDS SECurity | Network | https://www.ossec.net/about/ | Open-Source | Host-based Intrusion Detection System (HIDS/IPS) |
| OWASP Zed Attack Proxy (ZAP) | Penetration Testing Tool | Web | https://www.zaproxy.org/ | Open-Source | web app scanner |
| plaso | Timeline Analysis | Forensic | https://github.com/log2timeline/plaso | Open-Source | Creates a timeline out of various sources for analyzing a forensic |
| Qemu | Emulator | Virtualisation | https://www.qemu.org/ | Open-Source | Emulation and Virtualization |
| radare2 | Reversing | Reversing | https://www.radare.org/n/ | Open-Source | A free toolchain for easing several low level tasks like forensics, software reverse engineering, exploiting, debugging. |
| rekall | RAM Forensics | Forensic | https://github.com/google/rekall | Open-Source | Parses a memory dump and extracts artifacts |
| Scapy | Packet Manipulating Tool | Network | https://scapy.net/ | Open-Source | Scapy is a Python program that enables the user to send, sniff and dissect and forge network packets. This capability allows construction of tools that can probe, scan or attack networks. |
| Shodan | Search Engine | Web | https://shodan.io | Commercial and Open-Source Versions available | Search engine for things in the internet |
| Sleuthkit | Hard disc Forensic | Forensic | https://www.sleuthkit.org/ | Open-Source | Analysing forensic images with different filesystems |
| Snort | Network Intrusion Detection & Preventing System | Network | https://www.snort.org/ | Open-Source | Intrusion Detection and Prevention System(NIDS/IPS) |
| SonarQube | Static Code Analysis | Software Development | https://www.sonarqube.org/ | Commercial and Open-Source Versions available | SonarQube provides static code analysis for multiple programming languages to support code reliability and application security as well as reduce technical debt. |
| T-Pot | All-in-One Honeypot Platform | Network | https://github.com/dtag-dev-sec/tpotce | Open-Source | T-Pot is based on the network installer Debian (Stable). The honeypot daemons as well as other support components being used have been containerized using docker. This allows us to run multiple honeypot daemons on the same network interface while maintaining a small footprint and constrain each honeypot within its own environment. |
| Tranalyzer | Packet Analyzer | Network | https://tranalyzer.com/about | Open-Source | Lightweight flow generator and packet analyzer with several plugins |
| VMRay | Malware Analysis Platform | Malware Analysis | https://www.vmray.com/ | Commercial | Automated malware analysis and detection tool, full customizable from workflow to images. |
| volatility | RAM Forensics | Forensic | https://www.volatilityfoundation.org/ | Open-Source | Parses a memory dump and extracts artifacts |
| Wireshark | Network analyzer | Network | https://www.wireshark.org/ | Open-Source | Network protocol analyzer |
| YourAdValue | Web Browsing Analyzer | Web | https://youradvalue.tid.es:2222/ | Open-Source | YourAdvalue browser extension tries to detect and report how much the users cost for the advertisers, based on the real-time bidding (RTB) ads the user receives at real time while browsing. |