5 - Cybersecurity Tools |
|
for best viewing this tab should be set at a size of 85% |
|
|
|
|
|
|
|
|
|
|
[return to main] |
|
Link
to Protocols |
|
Listings for 1620 Cyber Security Vendors ---------------> |
https://www.digitaldefense.com/wp-content/uploads/2018/09/Volume-3.1-TAG-Cyber-Security-Annual-Vendor-Listings.pdf |
|
|
|
Tool Classes |
|
|
|
|
|
|
|
|
|
SOFTWARE |
Search; Ingress/Egress/Remote
Access; Lateral Movement; Log Cleanup; Credential Harvesting; Internal
Reconnaissance; Penetration Testing; Monitoring & Control; Data
Analysis/Synthesis; Exploit Tools; General Purpose Tool |
|
|
|
|
|
|
|
|
HARDWARE incl COMM |
|
|
|
|
|
|
|
|
|
PROTOCOLS & Methodology:Cyber Intel |
|
|
|
|
|
|
|
|
|
DATA Checks |
|
|
|
|
|
|
|
|
SOFTWARE |
* indicates it's included in Kali ,Click here to go to Sorted by Category |
Category |
Cost |
Description |
URL |
|
|
|
|
1 |
Acunetix |
Pen Testing - Web |
$$ |
Web Application Vulnerability Testing |
https://www.acunetix.com/ |
|
|
|
|
2 |
Aircrack-ng * |
Pen Testing - Wireless |
Open Source |
Provides routines for accessing hashed router pw's |
in Kali |
in Kali |
|
|
|
3 |
Alientvault OSSIM |
SIEM |
Open Source |
Security Information & Event Management Software |
https://cybersecurity.att.com/products/ossim/download |
|
|
|
|
4 |
Analyst Notebook (i2) now part of IBM |
Collection/Data Analysis/Synthesis |
$$ |
Chronological Data & Relationship Record/Display |
https://www.ibm.com/us-en/marketplace/analysts-notebook |
|
|
|
|
5 |
ATT&CK |
Collection/Data Analysis/Synthesis |
Open Source |
Collection of APT, TTP & Malware descriptors |
https://attack.mitre.org |
|
|
|
|
6 |
Autopsy - The Sleuth Kit |
Forensics - Storage |
Open Source |
Hard Drive & Storage Analysis, Web Artifacts, Registry Analysis |
https://www.autopsy.com/ |
|
|
|
|
7 |
BCWipe |
Cyber Hygiene |
free, $ |
File and Drive Wiping |
https://www.jetico.com/data-wiping |
|
|
|
|
8 |
BeEF * |
Pen Testing - Web |
Open Source |
Browser Exploitation Framework |
https://github.com/beefproject/beef |
|
|
|
|
9 |
Belarc advisor |
Routine Security Defense |
free, $ |
Inventory of a Computing Machine: HW & Software |
https://www.belarc.com/en/products_belarc_advisor |
|
|
|
|
10 |
Bloodhound |
Pen Testing - Active Directory |
Open Source |
Attack Paths in Active Directory & other apps |
https://bloodhound.readthedocs.io/en/latest/index.html |
see video at
https://www.youtube.com/watch?v=dPsLVE0R1Tg
identify highly complex attack paths using graph analysis |
|
|
|
11 |
Brave |
Anonymous Browser |
Open Source |
Browser |
https://brave.com/ |
|
|
|
|
12 |
BRO (see Zeek) |
Collection/Data Analysis/Synthesis |
Open Source |
Network Security Monitor |
https://www.zeek.org/ |
|
|
|
|
13 |
Burp Suite * |
Pen Testing - Web |
Open Source |
Web Content Vulnerability Scanner |
https://www.portswigger.net/burp/ |
|
|
|
|
14 |
Cain & Abel |
Pen Testing - General |
Open Source |
General Purpose Exploit Tool |
http://cain-abel.en.softonic.com/download |
|
|
|
|
15 |
CALDERA |
Pen Testing - Malware Attacks |
Open Source |
Red Team Attack Tool |
https://github.com/mitre/caldera |
|
|
|
|
16 |
Canvas from Immunity |
Pen Testing - Malware Attacks |
$$$$ |
High End Exploit Tool |
https://www.immunityinc.com/products/canvas/ |
capa detects capabilities in
executable files. You run it against a PE file or shellcode and it tells you
what it thinks the program can do. |
|
|
|
17 |
CAPA Explorer |
Malware Function discovery |
Open Source |
FireEye plugin for IDA Pro |
https://github.com/fireeye/capa |
|
|
|
|
18 |
Censys & zMap |
Reconnaissance - OSI |
Research |
Scan of all internet, banners, hosts, certificates |
https://censys.io/data |
|
|
|
|
19 |
CFF Explorer |
Reverse Engineering |
Open Source |
Binary Analysis |
https://download.cnet.com/CFF-Explorer/3000-2383_4-10431156.html |
|
|
|
|
20 |
Cobalt Strike |
Threat Emulation |
$$$ |
Adversary simulation & Red Teaming |
https://www.cobaltstrike.com |
$3500/yr single license |
|
has capability for C2 called
Beacon |
|
21 |
Commando VM |
Pen Testing - General |
Open Source |
Windows based Kali-like Tool |
https://github.com/fireeye/commando-vm |
|
|
|
|
22 |
Covenant |
Pen Testing - Windows |
Open Source |
Windows .net attack surface tool |
https://github.com/cobbr/Covenant |
|
|
|
|
23 |
CrowdScrape |
Indicator Identification |
|
Browser Extension for IOA,IOB & IOC Indicators |
https://chrome.google.com/webstore/detail/crowdscrape/jjplaeklnlddpkbbdbnogmppffokemej |
|
|
|
|
24 |
CSET |
Risk Assessment |
Open Source |
Multiple RA Approaches |
https://www.us-cert.gov/ics/Downloading-and-Installing-CSET |
|
|
|
|
25 |
Cukoo |
Reverse Engineering |
Open Source |
Malware analysis |
https://cuckoosandbox.org/ |
|
|
|
|
26 |
CyberChef |
Data Analysis/Synthesis |
Open Source |
Generic Conversion Tool |
https://gchq.github.io/CyberChef/ |
|
|
|
|
27 |
Density Scout |
Forensics |
Open Source |
Examines exe, daemons for embedded malware |
https://github.com/foreni-packages/densityscout |
|
|
|
|
28 |
Device42 |
Forensics |
$ |
Application Mapping |
https://www.device42.com/pages/application-mapping-b/ |
|
|
|
|
29 |
DIG Domain Information Groper |
Pen Testing - DNS |
Open Source |
Test DNS Zone Transfer Vulnerability |
https://samsclass.info/40/proj/digwin.htm |
|
|
|
|
30 |
Diggity |
Search Tool for Cyber |
Open Source |
Multi Cyber Sites/Domains/Ranges tool |
https://resources.bishopfox.com/resources/tools/google-hacking-diggity/attack-tools/ |
See Exploit Database |
|
|
|
31 |
Dirsearch |
Search |
Open Source |
Search website directories for apps, code, wordlists |
https://github.com/maurosoria/dirsearch |
https://github.com/maurosoria/dirsearch |
|
|
|
32 |
ELK Elasticsearch Logstash Kibana |
Collection/Data Analysis/Synthesis |
Open Source |
Stack of Feeds, Analysis & Display |
https://www.elastic.co/elk-stack |
|
|
|
|
33 |
EternalBlue |
Pen Testing - OS |
Open Source |
Operating System Vulnerabilities |
https://github.com/ElevenPaths/Eternalblue-Doublepulsar-Metasploit |
|
|
|
|
34 |
Ettercap |
Pen Testing - General |
Open Source |
Pen Test Toolkit; Session Hijack |
http://ettercap.sourceforge.net/ |
|
|
|
|
35 |
Event Tracing for Windows (ETW) |
Logging |
Open Source |
Logs Kernal level events |
https://docs.microsoft.com/en-us/windows-hardware/drivers/devtest/event-tracing-for-windows--etw- |
|
|
|
|
36 |
Exploit Database |
Pen Testing - Malware Attacks |
Open Source |
40K+ exploits |
https://www.exploit-db.com/ |
|
|
|
|
37 |
Exploit Pak |
Pen Testing - Malware Attacks |
$ |
40K+ exploits |
https://exploitpack.com/ |
|
|
|
|
38 |
Falcon Sandbox |
Forensics |
$$ |
Sandbox tool for taking apart malware |
https://www.crowdstrike.com/endpoint-security-products/falcon-sandbox-malware-analysis/ |
|
|
|
|
39 |
Firepower / FireSight |
Monitoring & Control |
$$ |
IDS Package with CISCO devices / Networks |
https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623.pdf |
|
|
|
|
40 |
Flare VM |
Reverse Engineering |
Open Source |
Package with Disassemblers, Debuggers, Parsers, Decompilers, Monitoring Tools and Hex Editors |
https://github.com/fireeye/flare-vm |
|
|
|
|
41 |
FOCA Open Source Collection |
Reconnaissance - OSI |
Open Source |
Fingerprinting Organization w Collected Archives |
https://github.com/ElevenPaths/FOCA |
|
|
|
|
42 |
FTK - Forensics Tool Kit (Access Data) |
Forensics |
Conditional |
Detail Analysis of Media & Memory |
https://accessdata.com/product-download/ftk-download-page |
|
|
|
|
43 |
GHIDRA |
Reverse Engineering |
Open Source |
Windows, Linux & Mac |
https://github.com/NationalSecurityAgency/ghidra |
|
|
|
|
44 |
GoFetch |
Lateral Movement |
Open Source |
Automates attack graphs from Bloodhound |
https://github.com/GoFetchAD/GoFetch |
|
|
|
|
45 |
Google Hacks / Dorks |
Reconnaissance - OSI |
Open Source |
Using Google search engine to locate "hidden" info on web sites |
https://www.exploit-db.com/google-hacking-database |
|
|
|
|
46 |
Hashcat * |
Password Cracking |
Open Source |
Password Recovery |
https://github.com/hashcat/hashcat |
|
|
|
|
47 |
Hashdump |
Hashing |
Open Source |
extracts hashed passwords |
https://www.utc.edu/sites/default/files/2021-04/4660-lab6.pdf |
in Metasploit |
|
|
|
48 |
HashMyFiles |
Hashing |
Open Source |
computes hash from binary into MDA, SHA, etc |
https://nirsoft.net;
then submit to virustotal.com |
|
|
|
|
49 |
Helix |
Collection/Data Analysis/Synthesis |
$$ |
SIEM, Analytics, User/Entity Behavior, Auto Response |
https://www.fireeye.com/solutions/helix.html |
|
|
|
|
50 |
Hexedit |
General Purpose Tool |
Open Source |
hexidecimal editor |
https://sourceforge.net/projects/hexedit/ |
|
|
|
|
51 |
IBM SOAR |
Collection/Data Analysis/Synthesis |
$$$ |
Security Orchestration, Automaiton & Response |
https://www.ibm.com/products/soar-platform |
|
|
|
|
52 |
IDA Pro |
Reverse Engineering |
$$ |
Reverse Engr x32, x64, ARM & ARM 64 binary |
https://www.hex-rays.com/products/ida/ |
|
|
|
|
53 |
Inception |
Password - Bypass |
Open Source |
Password Bypass |
https://github.com/carmaa/inception |
|
|
|
|
54 |
Innuendo |
Pen Testing - C2 & Exfil |
$$$ |
C&C Server & Exfil Simulator |
https://www.immunityinc.com/services/adversary-simulation.html |
|
|
|
|
55 |
Intrigue.io |
Pen Testing - Attack
surface |
Open Source |
Fingerprinting, Spidering, DNS |
https://github.com/intrigueio |
|
|
|
Linux based VM |
|
56 |
Inveigh |
Pen Testing - SMB, http, SQL
servers |
Open Source |
Windows tool for Responder |
https://github.com/Kevin-Robertson/Inveigh |
|
|
|
|
57 |
IOC Finder |
Scanning |
Open Source |
Collecting host system data and reporting the presence of IOCs. IOCs are open-standard XML documents |
https://www.fireeye.com/services/freeware/ioc-finder.html |
|
|
|
|
58 |
IRMA OSS |
Malware Analysis |
Open & $$ |
Malicious File Analysis |
https://irma-oss.quarkslab.com/ |
|
|
|
|
59 |
John the Ripper * |
Password - Harvesting |
Open Source |
password hash cracker |
in Kali |
in Kali |
|
|
|
60 |
Kali Linux |
Pen Testing - General |
Open Source |
see below for tools in Kali |
https://www.kali.org/ |
|
|
|
|
61 |
Kismet * |
Pen Testing - Wireless |
Open Source |
Wireless Access Point Locator |
in Kali |
in Kali |
|
|
|
62 |
LaZagne |
Password - Extraction |
Open Source |
Password Extraction |
https://github.com/AlessandroZ/LaZagne |
|
|
|
|
63 |
LOIC |
Denial of Service |
Open Source |
low footprint for launching DOS |
https://sourceforge.net/projects/loic/ |
|
|
|
|
64 |
Malcolm |
Traffic Analysis |
Open Source |
Tool suite for PCAP & Zeek Logs |
https://github.com/cisagov/Malcolm |
|
|
|
|
65 |
Maltego * |
Collection/Data Analysis/Synthesis |
Open & $$ |
Conglomerating Cyber Intel Info |
https://www.maltego.com |
in Threat Pursuit VM |
|
|
|
66 |
Metasploit / Armitage (gui) * |
Pen Testing - General |
Conditional |
hundreds of exploits e.g. hashdump |
https://www.offensive-security.com/metasploit-unleashed/meterpreter-basics/ |
|
|
|
|
67 |
Microsoft Baseline Analyzer 2.1.1 |
Routine Security Defense |
Open Source |
Examine Microsoft OSs for vulnerabilities |
https://www.microsoft.com/en-us/download/details.aspx?id=19892 |
|
|
|
|
68 |
Microsoft Event Collector |
Monitoring - Windows |
Open Source |
Event Forwarding |
https://www.solarwinds.com/free-tools/event-log-forwarder-for-windows |
https://docs.microsoft.com/en-us/windows/desktop/WEC/windows-event-collector |
|
|
|
69 |
Microsoft Message Analyzer |
OS Message Tracing |
Open Source |
capture, display, and analyze protocol messaging traffic; and to trace and assess system events and other
messages from Windows components. |
https://www.microsoft.com/en-us/download/details.aspx?id=44226 |
|
|
|
|
70 |
Microsoft SysInternals |
Monitoring - Windows |
Open Source |
Packaged Microsoft Tools |
https://docs.microsoft.com/en-us/sysinternals/downloads/ |
|
|
|
|
71 |
Mimikatz |
Pen Testing - Authentication |
Open Source |
windows authentication exploitation |
https://github.com/gentilkiwi/mimikatz |
https://www.sans.org/reading-room/whitepapers/forensics/mimikatz-overview-defenses-detection-36780 |
|
|
|
72 |
MISP (Malware
Info Sharing Platfform) |
Information Sharing |
Open Source |
Conglomerating Cyber Intel Info |
https://github.com/MISP/MISP/tree/v2.4.107 |
https://www.misp-project.org/ |
|
|
https://github.com/MISP/MISP-maltego |
73 |
Moloch |
Full Packet Capture |
Open Source |
Large scale, open source, indexed packet capture and search. |
https://molo.ch/ |
|
|
|
|
74 |
Muraen / Necrobrowser |
Reverse Proxy Attack |
Open Source |
For automating phishing |
https://github.com/muraenateam/muraena |
|
|
|
|
75 |
Nagios |
Monitoring & Control |
Open Source |
IT infrastructure monitoring |
http://www.nagios.org/ |
https://www.sans.org/reading-room/whitepapers/forensics/uncovering-indicators-compromise-ioc-powershell-event-logs-traditional-monitoring-tool-36352 |
|
|
|
76 |
National Software Reference Library |
Hashes Data Base |
Open Source |
hash checking |
https://www.nist.gov/itl/ssd/software-quality-group/national-software-reference-library-nsrl |
|
|
|
|
77 |
National Vulnerability Database |
Vulnerability Assessment |
Open Source |
Contains up-to date vulnerabilites list |
https://nvd.nist.gov |
|
|
|
|
78 |
Nessus* |
Vulnerability Assessment |
Conditional |
Scanner |
http://www.tenable.com/products/nessus |
|
|
|
|
79 |
Netcat* or ncat |
Pen Testing - injection |
Open Source |
swiss army knife of network tools |
https://nmap.org/ncat/ |
in Kali |
|
|
|
80 |
Netflow |
Monitoring - Network |
Open Source |
Monitor Network Traffic |
https://www.solarwinds.com/free-tools/real-time-netflow-analyzer |
|
|
|
|
81 |
Netstumbler |
Pen Testing - Wireless |
Open Source |
Wireless Access Point Locator |
https://www.netstumbler.com/ |
|
|
|
|
82 |
Network Miner |
Monitoring - Network |
Open Source |
Sniffer, Packet Analyzer |
https://www.netresec.com/?page=networkminer |
|
|
|
|
83 |
Net Witness |
Collection/Data Analysis/Synthesis |
$$$ |
SIEM, Data Collection, Monitoring |
https://www.rsa.com/en-us/products/threat-detection-response |
|
|
|
|
84 |
Nikto2 * |
Pen Testing - Web |
Open Source |
Web Server Testing |
in Kali |
in Kali |
|
|
|
85 |
Nishang |
Pen Testing - Powershell |
Open Source |
Keylogger, DNS TXT Code Execution, HTTP Backdoor, Powerpreter |
in Kali |
in Kali |
|
|
|
86 |
nMap - Zenmap* |
General Purpose Tool |
Open Source |
Network Mapping |
https://nmap.org/ |
in Kali |
|
|
|
87 |
NSA Tool Set |
General Purpose Tool Set |
Open Source |
77 tools from parsing to wireless identification |
https://code.nsa.gov/ |
|
|
|
|
88 |
Open Cyber Threat Intelligence Platform |
Collection/Data Analysis/Synthesis |
Open Source |
Open Cyber Threat Intel Tools |
https://www.opencti.io/en/ |
in Threat Pursuit VM |
|
|
|
89 |
OpenIOC Editor |
IOC Collection |
Open Source |
From FireEye |
https://fireeye.market/apps/211404 |
|
|
|
|
90 |
OpenVAS |
Vulnerability Assessment |
Open Source |
open source Vulnerability Assessment System |
http://www.openvas.org/ |
|
|
|
|
91 |
ophcrack |
Password - Harvesting |
Open Source |
pw hash cracking |
in Kali |
|
|
|
|
92 |
Orbot |
Anonymous Browser |
Open Source |
Android based anonymizer |
https://play.google.com/store/apps/details?id=org.torproject.android |
|
|
|
|
93 |
P0f |
Pen Testing - OS |
Open Source |
OS Fingerprinting |
https://github.com/p0f/p0f |
|
|
|
|
94 |
Palantir |
Collection/Data Analysis/Synthesis |
$$$ |
Conglomerating Cyber Intel Info |
https://www.palantir.com/ |
|
|
|
|
95 |
Papertrail |
Log Analysis |
$ |
|
https://www.solarwinds.com/papertrail |
|
|
|
|
96 |
Password Checker |
Password Assurance |
Open Source |
Password Check against Captured PW databases |
https://haveibeenpwned.com |
|
|
|
|
97 |
PE Studio |
Malware Analysis |
Open Source |
Static Malware Analysis of Portable Executables (PE) |
https://www.techspot.com/downloads/6350-pestudio.html |
|
|
|
|
98 |
pfsense |
Firewall |
Open Source |
FreeBSD based |
https://www.pfsense.org/ |
|
|
|
|
99 |
Plaso |
Timeline Analysis |
Open Source |
collect & aggregate timestamped events for forensic analysis |
https://github.com/log2timeline/plaso |
|
|
|
|
100 |
PowerShell |
Script Programming |
MS Windows |
script creation |
included in Windows |
|
|
|
|
101 |
PowerSploit |
Script Programming |
Open source |
PS scripts used in pen testing |
https://powersploit.readthedocs.io/en/latest/ |
|
|
|
|
102 |
PowerStats |
Data Analysis/Synthesis |
Open source |
Display of captured |
https://nces.ed.gov/datalab/ |
* note also the name of malware
written in Powershell |
|
|
|
103 |
PRET Printer Exploitation Toolkit |
Pen Testing - Peripherals |
Open Source |
Printer Vulnerability Testing |
https://github.com/RUB-NDS/PRET |
|
|
|
|
104 |
Prowler |
Security Assessment - General |
Open Source |
AWS security assessment, auditing, hardening and incident response. |
https://github.com/prowler-cloud/prowler#description |
|
|
|
|
105 |
PSEXEC |
Script Programming |
Open Source |
program execution on remote systems |
in SysInternals |
Telnet alternative |
|
|
|
106 |
Python |
Script Programming |
Open Source |
program & script creation |
many versions |
|
|
|
|
107 |
R |
Data Analysis/Synthesis |
Open Source |
program & script creation |
many versions |
|
|
|
|
108 |
Raft - Response Testing |
Pen Testing - Web |
Open Source |
Web Application |
https://github.com/Averroes/raft |
|
|
|
|
109 |
Recon-ng |
Reconnaisance - OSI |
Open Source |
Linux based assembly tool |
in Kali |
in Kali |
|
|
|
110 |
Redline |
Collection/Data Analysis/Synthesis |
Open Source |
collect all running processes
and drivers from memory, file-system metadata, registry data, event logs,
network information, services, tasks and web history |
https://www.fireeye.com/services/freeware/redline.html |
|
|
|
|
111 |
Registry Viewer (Access Data) |
General Purpose Tool |
Open Source |
Improves Registry Access |
https://accessdata.com/product-download/registry-viewer-2-0-0 |
|
|
|
|
112 |
Responder |
Pen Testing - SMB, http, SQL
servers |
Open Source |
Grabs Hashes from SMB, http & SQL servers |
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/introducing-responder-10/ |
|
|
|
|
113 |
REST API |
Pen Testing - Web Pages |
Open Source |
Test Platform for GET PUT POST DELETE; REpresentational State Transfer |
https://github.com/octokit/rest.js/ |
|
|
|
|
114 |
Retina |
Vulnerability Assessment |
$$ |
Scanner |
http://go.beyondtrust.com/community |
|
|
|
|
115 |
Robtex |
Collection/Data Analysis/Synthesis |
|
IP numbers, domain names, host names, Autonomous systems,
routes |
https://www.robtex.com/ |
|
|
|
|
116 |
SamuraiWTF Web Test Framework |
Pen Testing - Web |
Open Source |
Package extension of Kali |
https://sourceforge.net/projects/samurai/ |
|
|
|
|
117 |
SCAPY |
Pen Testing - Packets |
Open Source |
interactive packet manipulation |
https://scapy.net |
extended into SCAPYtrain for
campaigns & WifiTap; send, sniff, dissect and forge network packets |
|
|
|
118 |
SEC Filings |
Vulnerability Assessment |
Open Source |
security filings |
https://www.sec.gov/edgar.shtml |
|
|
|
|
119 |
Security Onion |
Collection/Data Analysis/Synthesis |
Open Source |
Elasticsearch, Logstash, Kibana, Snort, Suricata, Zeek/Bro,
Wazuh, Sguil, Squert, CyberChef, NetworkMiner |
https://securityonion.net/ |
|
|
|
|
120 |
Sentry-MBA |
Pen Testing - Credential Stuffing |
Open Source |
considered malware; dark web tool; credential theft |
https://sentry[.]mba <- note: this
is a dark web link |
|
|
|
|
121 |
SET Social Engineering Toolkit |
Pen Testing - People |
Open Source |
For crafting phishing email, etc |
http://www.social-engineer.org/framework/ |
|
|
|
|
122 |
Shodan |
Reconnaissance - OSI |
Open, $ |
Links to vulnerable IP addresses |
https://shodanhq.io |
|
|
|
|
123 |
SIFT |
Forensics |
Open Source |
Forensic Tools |
https://digital-forensics.sans.org/community/downloads |
|
|
|
|
124 |
SILK |
Collection/Data Analysis/Synthesis |
Open Source |
The SiLK tool suite supports
the efficient collection, storage, and analysis of network flow data,
enabling network security analysts to rapidly query large historical traffic
data sets. A SiLK installation consists of two categories of applications:
the packing system and the analysis suite. The packing system collects IPFIX,
NetFlow v9, or NetFlow v5 and converts the data into a more space efficient
format, recording the packed records into service-specific binary flat files. |
https://tools.netsa.cert.org/silk/ |
|
|
|
|
125 |
Skipfish (in Kali) |
Pen Testing - Web |
Open Source |
Web Site Recon Tool |
|
in Kali |
|
|
|
126 |
Snort * |
Intrusion Detection |
Open Source |
Rule based Intrusion Detection Engine |
https://www.snort.org/ ; https://www.talosintelligence.com/snort |
|
|
|
|
127 |
SOC Multi-tool |
Collection/Data Analysis/Synthesis |
Open Source |
Combo of Lookup Site/Tools |
https://github.com/zdhenard42/SOC-Multitool |
https://github.com/zdhenard42/SOC-Multitool |
|
|
|
128 |
Solarwinds goto cell A414 for
all software |
Monitoring & Control |
$$ |
Network Activity Capture & Visualization |
https://www.solarwinds.com/ see list below of all tools |
|
|
|
|
129 |
Source Code Testing Tools OWASP |
Source Code Analysis |
Open Source, $ |
List of Testing Tools |
https://www.owasp.org/index.php/Source_Code_Analysis_Tools |
|
|
|
|
130 |
Spark (Apache) |
Data Analysis/Synthesis |
Open Source |
unified analytics engine |
https://spark.apache.org/ |
|
|
|
|
131 |
Spiderfoot |
Reconnaissance - OSI |
Open Source |
IP Address Identification |
https://github.com/smicallef/spiderfoot |
in Kali |
|
|
|
132 |
Splunk User Behavior Analytics |
Collection/Data Analysis/Synthesis |
$$ |
Machine learning for pattern recognition |
https://www.splunk.com/en_us/software/user-behavior-analytics.html
https://www.splunk.com/en_us/download/splunk-enterprise.html |
|
|
|
|
133 |
SQLMap |
Pen Testing - Database |
Open Source |
SQL DB detection & exploitation Testing |
https://www.sqlmap.org |
|
|
|
|
134 |
Squid |
Proxy for Access Control |
Open Source |
|
https://github.com/squid-cache/squid |
|
|
|
|
135 |
Stack Overflow |
Technical Q&A Site |
Open Source |
|
https://stackoverflow.com/ |
|
|
|
|
136 |
Sumo Logic |
Collection/Data Analysis/Synthesis |
$$ |
Cloud Focused |
https://www.sumologic.com/ |
|
|
|
|
137 |
Suricata |
Intrusion Detection |
Open Source |
Rule based Intrusion Detection Engine |
https://suricata.io/ |
|
|
|
|
138 |
SysInternals Suite |
Monitoring - Windows |
Open Source |
Windows OS Monitoring; also Linux |
https://docs.microsoft.com/en-us/sysinternals/ |
contains Process Explorere,
Process Monitor |
|
|
|
139 |
Sysmon |
Monitoring |
Open Source |
Windows OS Monitoring; also Linux |
in SysInternals |
monitor and log system activity |
|
|
|
140 |
THC-Hydra * |
Pen Testing - Password Crack |
Open Source |
Network Login Penetration |
in Kali |
in Kali |
|
|
|
141 |
ThreatPursuit VM |
Cyber Threat
Intelligence |
Open Source |
Development, Analytics and Machine Learning, Visualisation, Triage, Modelling & Hunting, Adversarial
Emulation, Information Gathering, Utilities and Links |
https://github.com/fireeye/ThreatPursuit-VM |
|
|
|
|
142 |
TinEye |
Reconnaissance - OSI |
Online/Opensource |
Locates Image Sources |
https://tineye.com/ |
|
|
|
|
143 |
TOR |
Anonymous Browser |
Open Source |
The Onion Router for Dark Web Access |
https://www.torproject.org/ |
|
|
|
|
144 |
TRAM (MITRE) |
Threat Extraction |
Open Source |
Uses NLP to create ATT&CK Maps from text |
https://github.com/mitre-attack/tram |
https://www.signalscorps.com/blog/2022/mitre-attack-105-tram/ |
|
|
|
145 |
TryHackMe |
Ethical Hacking |
Open Source |
Hands-On Hacking learning environment |
https://tryhackme.com/ |
|
|
|
|
146 |
URL Scan |
Pen Testing - Website |
Open Source |
Scans a Web Page to examine what user content is being collected and |
https://urlscan.io/ |
|
|
|
|
147 |
VBScripts |
jknh |
Open Source |
Older Windows Scripting Language but still in use |
https://www.microsoft.com/en-us/download/details.aspx?id=8247 |
|
|
|
|
148 |
Virtual box |
Virtual Machine Hypervisor |
Open Source |
Hypervisor |
https://www.virtualbox.org/wiki/Downloads |
|
|
|
|
149 |
VirusTotal |
Vulnerability Assessment |
Open Source |
Checks files & sites for malware |
https://www.virustotal.com/#/home/upload |
|
|
|
|
150 |
Volatility |
Monitoring - Memory |
Open Source |
Memory Analysis |
https://www.volatilityfoundation.org/ |
|
|
|
|
151 |
W3af |
Pen Testing - Web |
Open Source |
Web Application & Attack Framework |
https://w3af.org |
|
|
|
|
152 |
Wbstego |
Steganography |
Open Source |
Steganography encrypting & decryption |
http://www.bailer.at/wbstego/pr_4ix0.htm |
|
|
|
|
153 |
Webgoat |
Pen Testing - Web |
Open Source |
Web |
https://github.com/WebGoat/WebGoat |
|
|
|
|
154 |
WhoisXMLAPI |
Pen Testing |
Open Source |
Checks for open sub-domains in web access |
https://subdomains.whoisxmlapi.com/ |
|
|
|
|
155 |
WiFite |
Pen Testing - Wireless |
Open Source |
Wireless transmission identification |
https://code.google.com/archive/p/wifite/ |
|
|
|
|
156 |
Wireshark |
Packet Capture |
Open Source |
Packet Capture and Analysis |
https://wiki.wireshark.org/SampleCaptures |
|
|
|
|
157 |
Yara |
Collection/Data Analysis/Synthesis |
Open Source |
Malware Pattern Matching |
https://virustotal.github.io/yara/ |
"aimed at (but not limited
to) helping malware researchers to identify and classify malware
samples" |
|
|
|
158 |
Yet Another BacNet Explorer |
Packet Capture |
Open Source |
|
https://sourceforge.net/projects/yetanotherbacnetexplorer/ |
|
|
|
|
159 |
Yeti Platform |
Collection/Data Analysis/Synthesis |
Open Source |
organize observables, indicators of compromise, TTPs, and knowledge on threats |
https://yeti-platform.github.io/ |
|
|
|
|
160 |
ZED attack Prozy (ZAP) |
Pen Testing - Web |
Open Source |
web vulnerability scanner |
https://www.zaproxy.org/ |
|
|
|
|
161 |
Zeek |
Collection/Data Analysis/Synthesis |
Open Source |
Network Security Monitor |
https://www.zeek.org/ |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
HARDWARE |
|
Go to Home this page |
|
|
|
|
|
|
|
1 |
Shark Tap |
Ethernet Tap |
$180 |
Ethernet Tap |
https://www.amazon.com/midBit-Technologies-LLC-100-1000/dp/B0175EODCE |
|
|
|
|
2 |
HackRF One |
Multispectrum RF |
$300 |
Provides access to send/receive on multiple frequencies |
https://www.amazon.com/HackRF-One-Software-Defined-Platform/dp/B01COVX464/ |
|
|
|
|
3 |
Alpha |
Wireless Transceiver |
$32 |
Contains Monitor Mode Chipset |
https://www.amazon.com/Alfa-AWUSO36NH-Wireless-Long-Rang-Network/dp/B0035APGP6/ |
|
|
|
|
4 |
I/O Traffic capture |
SPI Interface |
$10-20 |
Serial Peripheral Interface - read i/o traffic |
https://learn.sparkfun.com/tutorials/serial-peripheral-interface-spi/all |
https://learn.sparkfun.com/tutorials/serial-peripheral-interface-spi/all |
|
|
|
5 |
SCM |
Smart Card Chip Reader |
$15 |
|
https://www.cdw.com/product/SCM-Smart-Card-Reader/3444664 |
|
|
|
|
6 |
Time Domain Reflectometer |
Discover line taps/faults |
- |
Home project build |
https://www.youtube.com/watch?v=I1gfUNh5PJQ |
https://www.allaboutcircuits.com/projects/build-your-own-time-domain-reflectometer/ |
|
|
|
7 |
Rigol Signal Generrator |
Signal Generator |
$299 |
|
https://hackaday.com/2015/07/27/hackers-measure-cable-lengths-with-time-domain-reflectometers/ |
|
|
|
|
8 |
Time Domain Reflectometer |
to discover line taps |
< $20 |
build it yourself |
https://hackaday.com/2016/04/15/poor-mans-time-domain-reflectometer/ |
|
|
|
|
9 |
RFID Readers - all types |
RFID Reader / Writer |
|
|
https://gaorfid.com/category/rfid-readers-2/ |
|
|
|
|
10 |
UART |
UART |
|
Universal Asynchronus Reciever Transmitter |
|
|
|
|
|
11 |
EZ Tap Pro |
Passive RS 232 422 Tap |
$320 |
|
https://www.stratusengineering.com/product/ez-tap-pro/ |
|
|
|
|
12 |
Multiple USB traffic capture/analysis |
USB Keylogger |
|
|
https://nerdtechy.com/reviews-best-usb-keyloggers |
|
|
|
|
13 |
Mag Card reader & stamp |
Mag Card Reader |
$352 |
Tracks 1&2 on card & embossing |
https://www.nuix.com/blog/howd-they-do-part-2-you-stole-my-credit-card-number |
|
|
|
|
14 |
Slotscreamer |
PCIe Attack Platform |
$100 |
Access memory and IO, cross-platform transparent to the OS |
https://www.slideshare.net/44Con/stupid-pc-ie-tricks-44-con |
|
|
|
|
15 |
Bus Pirate |
|
|
|
https://www.sparkfun.com/products/12942 |
|
|
|
|
16 |
Attify |
JTAG Analysis |
|
Learning kits and security assessment gear for practical and hands-on IoT Security research. |
https://www.attify-store.com/ |
|
|
|
|
17 |
Goodfet |
JTAG Analysis |
|
|
|
|
|
|
|
18 |
EMF Reader |
Signal Reader |
$309 |
Electromagnetic Field locator & strength measure |
https://www.alliedelec.com/product/flir-commercial-systems-inc-extech-division/emf450/71117984/ |
|
|
|
|
19 |
Raspberry Pi |
Inexpensive Linux Platform |
|
|
https://www.raspberrypi.org/ |
|
|
|
|
20 |
Orange Pi |
Inexpensive Linux Platform |
|
|
http://www.orangepi.org/ |
|
|
|
|
21 |
Arduino |
Inexpensive Linux Platform |
|
|
https://www.arduino.cc/ |
|
|
|
|
Frameworks, Methodologies, Metrics, Protocols & Formats for Cyber
Intelligence |
|
|
|
Home this page |
|
|
|
|
|
|
|
|
1 |
ATT&CK |
Methodology |
Open Source |
Adversary Tactics, and Techniques (same as IOCs) |
https://attack.mitre.org |
|
|
|
|
2 |
CAPEC |
Methodology |
Open Source |
Common Attack Pattern Enumeration and Classification |
https://capec.mitre.org/ |
|
|
|
|
3 |
CAR |
Methodology |
Open Source |
Cyber Analytics Repository |
https://car.mitre.org/ |
|
|
|
|
4 |
CIF |
Methodology / Tool |
Open Source |
Collective Intelligence Framework |
https://github.com/csirtgadgets/cif-v5 |
https://www.ericooi.com/threat-intelligence-cif/ |
|
|
https://csirtg.io/ |
|
5 |
CRITS |
Threat Feed |
Open Source |
Malware Repository |
https://crits.github.io/ |
|
|
|
|
|
6 |
CVE |
Metric |
Open Source |
Common Vulnerabilites and Exposures |
https://nvd.nist.gov/vuln/search |
https://cve.mitre.org/ |
|
|
|
7 |
Cybox |
Format / Tool |
Open Source |
language for info on cyber observables, dynamic events /
stateful measures |
https://cybox.mitre.org/about/ |
https://cyboxproject.github.io/ |
|
|
|
8 |
IDMEF |
Format |
Open Source |
Intrusion Detection Message Exchange Format |
|
|
|
|
|
9 |
IKEv2 |
|
Open Source |
|
|
|
|
|
|
10 |
IOCs [MITRE equivalent is Techniques] |
Methodology / Metrics |
Open Source |
Indicators of Compromise |
|
|
|
|
|
11 |
IODef |
Format |
Open Source |
Incident Object Description Exchange Format |
https://tools.ietf.org/html/rfc7970 |
XML |
|
|
|
12 |
IPSEC |
Protocol |
Open Source |
Internet Protocol Security RFC 4301 |
|
|
|
13 |
MAEC |
Format |
Open Source |
Malware Attribute Enumeration & Categorization |
http://maecproject.github.io/ |
|
|
14 |
MILE |
Protocol |
Open Source |
Managed Incident Lightweight Exchange |
https://datatracker.ietf.org/group/mile/documents/ |
|
|
15 |
MISP |
Format (and Tool - see Tools Tab) |
Open Source |
Sharing Protocol |
https://www.misp-project.org/datamodels/#misp-core-format |
|
|
16 |
OASIS |
Collective |
Open Source |
STIX & TAXII APIs |
https://wiki.oasis-open.org/cti/ |
|
|
17 |
Open DXL |
Format / Protocol |
Open Source |
Open Data Xchange Layer |
https://www.opendxl.com/ |
|
|
18 |
OpenIOC |
IOCs |
Open Source |
Open Indicators of Compromise |
http://www.openioc.org; |
https://fireeye.market/apps/211404 |
|
19 |
OTX |
Threat Feed |
Open Source |
Open Threat Exchange |
https://otx.alienvault.com |
|
|
20 |
RID |
Protocol |
Open Source |
Real-time Inter-Network Defense RFC 6545 |
https://tools.ietf.org/html/rfc6545 |
|
|
21 |
ROLIE (ietf) |
Format / Protocol |
Open Source |
Resource-Oriented Lightweight Information Exchange |
https://datatracker.ietf.org/doc/rfc8322/ |
|
|
22 |
SCAP |
Method & Tools |
Open Source |
Security Content Automation Protocol |
https://en.wikipedia.org/wiki/Security_Content_Automation_Protocol |
|
|
23 |
SDEE & CIDEE |
Protocol |
Open Source |
Security Device Event Exchange |
https://www.cisco.com/c/en/us/td/docs/security/ips/specs/CIDEE_Specification.html |
|
|
24 |
SSH - Secure Shell |
Protocol |
Open Source |
Multi Layer RFC4253 |
|
|
|
25 |
STIX |
Format |
Open Source |
Structured Threat Information Expression |
https://stixproject.github.io/getting-started/whitepaper/ |
|
|
26 |
TAXII |
Protocol |
Open Source |
Trusted Automated Exchange Indicator Information |
https://wiki.oasis-open.org/cti/ |
|
|
27 |
TLP |
Metric |
DHS |
Traffic Light Protocol |
|
|
|
28 |
TLS 1.3 |
Protocol |
Open Source |
Transport Layer Security RFC 8466 |
https://datatracker.ietf.org/doc/html/rfc8446 |
|
|
29 |
TTPs |
Methodology |
Open Source |
Tactics, Techniques & Procedures |
https://csrc.nist.gov/glossary/term/Tactics_Techniques_and_Procedures |
|
|
30 |
YARA |
Format & Tool
Specification |
Open Source |
Malware Identification Specification/Rules Standard & Tool |
https://yara.readthedocs.io/en/stable/ |
https://github.com/Yara-Rules/rules |
|
NOTE:
There are many Protocols upon which Security protocols "ride" such
as TCP & RDP. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
DATA
Checks |
Home this page |
|
|
|
|
|
1 |
National Vulnerability Database |
|
|
Vulnerabilities |
https://nvd.nist.gov/vuln/search |
|
2 |
National Software Reference Library |
|
|
Hashes |
https://www.nist.gov/software-quality-group/national-software-reference-library-nsrl |
|
3 |
Password Rainbow Tables |
|
|
One Way Password Hashes |
http://ophcrack.sourceforge.net/tables.php |
|
4 |
National Checklist Repository |
|
|
Checklists |
https://nvd.nist.gov/ncp/repository |
|
5 |
Malware Check |
Virus Total |
|
Has all known malware signatures |
https://www.virustotal.com/gui/home/upload |
|
6 |
Virus Bay |
|
|
|
https://beta.virusbay.io/ |
|
7 |
UNB Cyber Datasets |
|
|
Wide array of captured traffic: botnets, dark web, |
https://www.unb.ca/cic/datasets/index.html |
|
8 |
Los Alamos Cyber Data Set |
|
|
The data sources include
Windows-based authentication events from both individual computers and
centralized Active Directory domain controller servers; process start and
stop events from individual Windows computers; Domain Name Service (DNS)
lookups as collected on internal DNS servers; network flow data as collected
on at several key router locations; and a set of well-defined red teaming
events that present bad behavior within the 58 days. |
https://csr.lanl.gov/data/cyber1/ |
|
|
|
|
|
|
|
|
|
|
|
|
|
Kali Tools |
Home this page |
|
Threat
Pursuit Tools (Linux Base) |
Video at https://www.youtube.com/watch?v=GrVj8h7uin0 |
start at 3:00 |
|
|
Aircrack-ng is one of the best wireless
password hack tools for WEP/WAP/WPA2 cracking utilized worldwide! It works by taking packets of
the network, analyses it via passwords recovered. It also possesses a console
interface. In addition to this, Aircrack-ng also makes use of standard FMS
(Fluhrer, Mantin, and Shamir) attack along with a few optimizations such as
the KoreK attacks and PTW attack to quicken the attack which is faster than
the WEP. If you find Aircrack-ng hard to use, simply check for tutorials
available online. |
Shogun
Machine Learning |
MITRE Calderra |
|
|
BeEF, as the name implies, is a penetration tool
that focuses on browser vulnerabilities. With it you can asses the security strength of a
target environment using client-side attack vectors. |
Tensorflow |
Red Canary ATOMIC Red Team |
|
|
Burp Suite Scanner is a professional integrated
GUI platform for testing the security vulnerabilities of web applications. |
Pytorch |
Mordor Re-play Adversarial
Techniques |
|
|
Fern Wifi Cracker is a
Python-based GUI wireless security tool for auditing network vulnerabilities. With it, you
can crack and recover WEP/WPA/WPS keys as well as several network-based
attacks on Ethernet-based networks. |
Rstudio |
MITRE Caltack
(CALDERA Plugin) |
|
|
GNU MAC Changer is a network
utility that facilitates an easier and quicker manipulation of network interfaces’
MAC addresses. |
RTools |
APTSimulator |
|
|
Hashcat is known in the security experts’
community among the world’s fastest and most advanced password cracker and recovery utility
tool. It is open-source and features an in-kernel rule engine, 200+
Hash-types, a built-in benchmarking system, etc. |
Darwin |
FlightSim |
|
|
John the Ripper is another popular cracking
tool used in the penetration testing (and hacking) community. It was initially developed for Unix
systems but has grown to be available on over 10 OS distros. It features a
customizable cracker, automatic password hash detection, brute force attack,
and dictionary attack (among other cracking modes). |
Keras |
Maltego |
|
|
Kismet Wireless is a
intrusion detection system, network detector, and password sniffer. It works predominantly
with Wi-Fi (IEEE 802.11) networks and can have its functionality extended
using plugins. |
Apache Spark |
nmap |
|
|
Maltego is propriety
software but is widely used for open-source forensics and intelligence. It is a GUI link
analysis utility tool that provides real-time data mining along with
illustrated information sets using node-based graphs and multiple order
connections. |
Elasticsearch search &
analytics engine |
intelmq |
|
|
Metasploit Framework is an open source
framework with which security experts and teams verify vulnerabilities as well as run security
assessments in order to better security awareness. It features a plethora of
tools with which you can create security environments for vulnerability
testing and it works as a penetration testing system. |
Kibana |
dnsrecon |
|
|
Nessus is a remote scanning
tool that you can use to check computers for security vulnerabilities. It does not
actively block any vulnerabilities that your computers have but it will be
able to sniff them out by quickly running 1200+ vulnerability
checks and throwing alerts when any security patches need to be made. |
Apache Zeppelin |
orbit |
|
|
Netcat, usually abbreviated
to nc, is a network utility with which you can use TCP/IP protocols to read and write
data across network connections. You can use it to create any kind of
connection as well as to explore and debug networks using tunneling mode,
port-scanning, etc. |
Jupyter Notebook |
FOCA |
|
|
Nikto2 is a free and open-source web scanner
for performing quick comprehensive tests against items on the web. It does this by looking
out for over 6500 potentially dangerous files, outdated program versions,
vulnerable server configurations, and server-specific problems. |
MITRE Caret |
CyberChef |
|
|
nMap or Network Mapper is a
free and open-source
utility tool used by system administrators to discover networks and audit
their security. It is swift in operation, well documented, features a GUI,
supports data transfer, network inventory, etc. |
|
|
Python (x64) |
KeepPass |
|
|
Pixiewps is a C-based
brute-force offline utility tool for exploiting software implementations with little to no
entropy. |
Constellation |
FLOSS |
|
|
Snort is a free and open-source NIDS with which you can detect
security vulnerabilities
in your computer’. With it you can run traffic analysis, content
searching/matching, packet logging on IP networks, and detect a variety of
network attacks, among other features, all in real-time. |
Neo4J |
peview |
|
|
THC Hydra uses brute force
attack to crack virtually any remote authentication service. It supports rapid
dictionary attacks for 50+ protocols including ftp, https, telnet,
etc.You can use it to crack into web scanners, wireless networks, packet
crafters, gmail, etc. |
CMAP |
VLC |
|
|
Wifite2 is a free and
open-source Python-based wireless network auditing utility tool designed to work
perfectly with pen-testing distros. It does a good job at decloaking and
cracking hidden access points, cracking weak WEP passwords using a list of
cracking techniques, etc. |
MISP |
AutoIt3 |
|
|
WireShark is
an open-source packet analyzer that you can use free of charge. With it you can see the activities
on a network from a microscopic level coupled with pcap file access,
customizable reports, advanced triggers, alerts, etc. It is reportedly the
world’s most widely-used network protocol analyzer for Linux. |
OpenCTI |
Chrome |
|
|
Yersinia, named after the yersinia bacteria, is a
network utility too designed to exploit vulnerable network protocols by pretending to be a
secure network system analyzing and testing framework. It features attacks
for IEEE 802.1Q, Hot Standby Router Protocol (HSRP), Cisco
Discovery Protocol (CDP), etc. |
Maltego |
OpenVPN |
|
Kali
Tools |
Home this page |
|
Splunk |
Sublime |
|
|
|
Microsoft MSTIC Jupyter and
Python Security Tools |
Notepad++ |
|
Cyber
Threat Analyst Basic Skills Needed |
|
|
MITRE ATT&CK Navigator |
Docker Desktop |
|
|
ELK, IPS/IDS, Proxy,
DNS, Full Packet Capture technologies, Sandbox technologies, Memory analysis, Host based analysis, Red Team
techniques; |
Cortex Analyzer |
HxD |
|
|
Have experience with
scripting languages such as Python, PowerShell, and Shell scripting; |
Greynoise API and GNQL |
Sysinternals |
|
|
Have experience applying
JSON, XML, REST/RESTful APIs to interact with systems; |
threatcrowd API |
Putty |
|
|
|
|
|
threatcmd |
|
|
|
|
ViperMonkey |
|
|
|
|
Threat Hunters Playbook |
|
|
|
|
MITRE TRAM |
|
|
|
|
SIGMA |
|
|
|
|
YETI |
|
|
|
|
Azure Zentinel |
|
|
|
|
|
AMITT Framework |
|
|
SOFTWARE sorted
by category |
|
Category |
Cost |
Description |
URL |
|
|
|
|
|
|
|
1 |
Brave |
Anonymous Browser |
Open Source |
Browser |
https://brave.com/ |
|
|
|
|
2 |
Orbot |
Anonymous Browser |
Open Source |
Android based anonymizer |
https://play.google.com/store/apps/details?id=org.torproject.android |
|
|
|
|
3 |
TOR |
Anonymous Browser |
Open Source |
The Onion Router for Dark Web Access |
https://www.torproject.org/ |
|
|
|
|
4 |
Analyst Notebook (i2) now part of IBM |
Collection/Data Analysis/Synthesis |
$$ |
Chronological Data & Relationship Record/Display |
https://www.ibm.com/us-en/marketplace/analysts-notebook |
|
|
|
|
5 |
ATT&CK |
Collection/Data Analysis/Synthesis |
Open Source |
Collection of APT, TTP & Malware descriptors |
https://attack.mitre.org |
|
|
|
|
6 |
BRO (see Zeek) |
Collection/Data Analysis/Synthesis |
Open Source |
Network Security Monitor |
https://www.zeek.org/ |
|
|
|
|
7 |
ELK Elasticsearch Logstash Kibana |
Collection/Data Analysis/Synthesis |
Open Source |
Stack of Feeds, Analysis & Display |
https://www.elastic.co/elk-stack |
|
|
|
|
8 |
Helix |
Collection/Data Analysis/Synthesis |
$$ |
SIEM, Analytics, User/Entity Behavior, Auto Response |
https://www.fireeye.com/solutions/helix.html |
|
|
|
|
9 |
IBM SOAR |
Collection/Data Analysis/Synthesis |
$$$ |
Security Orchestration, Automaiton & Response |
https://www.ibm.com/products/soar-platform |
|
|
|
|
10 |
Maltego * |
Collection/Data Analysis/Synthesis |
Open & $$ |
Conglomerating Cyber Intel Info |
https://www.maltego.com |
in Threat Pursuit VM |
|
|
|
11 |
Net Witness |
Collection/Data Analysis/Synthesis |
$$$ |
SIEM, Data Collection, Monitoring |
https://www.rsa.com/en-us/products/threat-detection-response |
|
|
|
|
12 |
Open Cyber Threat Intelligence Platform |
Collection/Data Analysis/Synthesis |
Open Source |
Open Cyber Threat Intel Tools |
https://www.opencti.io/en/ |
in Threat Pursuit VM |
|
|
|
13 |
Palantir |
Collection/Data Analysis/Synthesis |
$$$ |
Conglomerating Cyber Intel Info |
https://www.palantir.com/ |
|
|
|
|
14 |
Redline |
Collection/Data Analysis/Synthesis |
Open Source |
collect all running processes
and drivers from memory, file-system metadata, registry data, event logs,
network information, services, tasks and web history |
https://www.fireeye.com/services/freeware/redline.html |
|
|
|
|
15 |
Robtex |
Collection/Data Analysis/Synthesis |
|
IP numbers, domain names, host names, Autonomous systems,
routes |
https://www.robtex.com/ |
|
|
|
|
16 |
Security Onion |
Collection/Data Analysis/Synthesis |
Open Source |
Elasticsearch, Logstash, Kibana, Snort, Suricata, Zeek/Bro,
Wazuh, Sguil, Squert, CyberChef, NetworkMiner |
https://securityonion.net/ |
|
|
|
|
17 |
SILK |
Collection/Data Analysis/Synthesis |
Open Source |
The SiLK tool suite supports
the efficient collection, storage, and analysis of network flow data,
enabling network security analysts to rapidly query large historical traffic
data sets. A SiLK installation consists of two categories of applications:
the packing system and the analysis suite. The packing system collects IPFIX,
NetFlow v9, or NetFlow v5 and converts the data into a more space efficient
format, recording the packed records into service-specific binary flat files. |
https://tools.netsa.cert.org/silk/ |
|
|
|
|
18 |
SOC Multi-tool |
Collection/Data Analysis/Synthesis |
Open Source |
Combo of Lookup Site/Tools |
https://github.com/zdhenard42/SOC-Multitool |
https://github.com/zdhenard42/SOC-Multitool |
|
|
|
19 |
Splunk User Behavior Analytics |
Collection/Data Analysis/Synthesis |
$$ |
Machine learning for pattern recognition |
https://www.splunk.com/en_us/software/user-behavior-analytics.html
https://www.splunk.com/en_us/download/splunk-enterprise.html |
|
|
|
|
20 |
Sumo Logic |
Collection/Data Analysis/Synthesis |
$$ |
Cloud Focused |
https://www.sumologic.com/ |
|
|
|
|
21 |
Yara |
Collection/Data Analysis/Synthesis |
Open Source |
Malware Pattern Matching |
https://virustotal.github.io/yara/ |
"aimed at (but not limited
to) helping malware researchers to identify and classify malware
samples" |
|
|
|
22 |
Yeti Platform |
Collection/Data Analysis/Synthesis |
Open Source |
organize observables, indicators of compromise, TTPs, and knowledge on threats |
https://yeti-platform.github.io/ |
|
|
|
|
23 |
Zeek |
Collection/Data Analysis/Synthesis |
Open Source |
Network Security Monitor |
https://www.zeek.org/ |
|
|
|
|
24 |
BCWipe |
Cyber Hygiene |
free, $ |
File and Drive Wiping |
https://www.jetico.com/data-wiping |
|
|
|
|
25 |
ThreatPursuit VM |
Cyber Threat
Intelligence |
Open Source |
Development, Analytics and Machine Learning, Visualisation, Triage, Modelling & Hunting, Adversarial
Emulation, Information Gathering, Utilities and Links |
https://github.com/fireeye/ThreatPursuit-VM |
|
|
|
|
26 |
CyberChef |
Data Analysis/Synthesis |
Open Source |
Generic Conversion Tool |
https://gchq.github.io/CyberChef/ |
|
|
|
|
27 |
PowerStats |
Data Analysis/Synthesis |
Open source |
Display of captured |
https://nces.ed.gov/datalab/ |
* note also the name of malware
written in Powershell |
|
|
|
28 |
R |
Data Analysis/Synthesis |
Open Source |
program & script creation |
many versions |
|
|
|
|
29 |
Spark (Apache) |
Data Analysis/Synthesis |
Open Source |
unified analytics engine |
https://spark.apache.org/ |
|
|
|
|
30 |
LOIC |
Denial of Service |
Open Source |
low footprint for launching DOS |
https://sourceforge.net/projects/loic/ |
|
|
|
|
31 |
pfsense |
Firewall |
Open Source |
FreeBSD based |
https://www.pfsense.org/ |
|
|
|
|
32 |
Density Scout |
Forensics |
Open Source |
Examines exe, daemons for embedded malware |
https://github.com/foreni-packages/densityscout |
|
|
|
|
33 |
Device42 |
Forensics |
$ |
Application Mapping |
https://www.device42.com/pages/application-mapping-b/ |
|
|
|
|
34 |
Falcon Sandbox |
Forensics |
$$ |
Sandbox tool for taking apart malware |
https://www.crowdstrike.com/endpoint-security-products/falcon-sandbox-malware-analysis/ |
|
|
|
|
35 |
FTK - Forensics Tool Kit (Access Data) |
Forensics |
Conditional |
Detail Analysis of Media & Memory |
https://accessdata.com/product-download/ftk-download-page |
|
|
|
|
36 |
SIFT |
Forensics |
Open Source |
Forensic Tools |
https://digital-forensics.sans.org/community/downloads |
|
|
|
|
37 |
Autopsy - The Sleuth Kit |
Forensics - Storage |
Open Source |
Hard Drive & Storage Analysis, Web Artifacts, Registry Analysis |
https://www.autopsy.com/ |
|
|
|
|
38 |
Moloch |
Full Packet Capture |
Open Source |
Large scale, open source, indexed packet capture and search. |
https://molo.ch/ |
|
|
|
|
39 |
Hexedit |
General Purpose Tool |
Open Source |
hexidecimal editor |
https://sourceforge.net/projects/hexedit/ |
|
|
|
|
40 |
nMap - Zenmap* |
General Purpose Tool |
Open Source |
Network Mapping |
https://nmap.org/ |
in Kali |
|
|
|
41 |
Registry Viewer (Access Data) |
General Purpose Tool |
Open Source |
Improves Registry Access |
https://accessdata.com/product-download/registry-viewer-2-0-0 |
|
|
|
|
42 |
NSA Tool Set |
General Purpose Tool Set |
Open Source |
77 tools from parsing to wireless identification |
https://code.nsa.gov/ |
|
|
|
|
43 |
National Software Reference Library |
Hashes Data Base |
Open Source |
hash checking |
https://www.nist.gov/itl/ssd/software-quality-group/national-software-reference-library-nsrl |
|
|
|
|
44 |
Hashdump |
Hashing |
Open Source |
extracts hashed passwords |
https://www.utc.edu/sites/default/files/2021-04/4660-lab6.pdf |
in Metasploit |
|
|
|
45 |
HashMyFiles |
Hashing |
Open Source |
computes hash from binary into MDA, SHA, etc |
https://nirsoft.net;
then submit to virustotal.com |
|
|
|
https://github.com/MISP/MISP-maltego |
46 |
CrowdScrape |
Indicator Identification |
|
Browser Extension for IOA,IOB & IOC Indicators |
https://chrome.google.com/webstore/detail/crowdscrape/jjplaeklnlddpkbbdbnogmppffokemej |
|
|
|
|
47 |
MISP (Malware
Info Sharing Platfform) |
Information Sharing |
Open Source |
Conglomerating Cyber Intel Info |
https://github.com/MISP/MISP/tree/v2.4.107 |
https://www.misp-project.org/ |
|
|
|
48 |
Snort * |
Intrusion Detection |
Open Source |
Rule based Intrusion Detection Engine |
https://www.snort.org/ ; https://www.talosintelligence.com/snort |
|
|
|
|
49 |
Suricata |
Intrusion Detection |
Open Source |
Rule based Intrusion Detection Engine |
https://suricata.io/ |
|
|
|
|
50 |
OpenIOC Editor |
IOC Collection |
Open Source |
From FireEye |
https://fireeye.market/apps/211404 |
|
|
|
|
51 |
VBScripts |
jknh |
Open Source |
Older Windows Scripting Language but still in use |
https://www.microsoft.com/en-us/download/details.aspx?id=8247 |
|
|
|
|
52 |
GoFetch |
Lateral Movement |
Open Source |
Automates attack graphs from Bloodhound |
https://github.com/GoFetchAD/GoFetch |
|
|
|
|
53 |
Papertrail |
Log Analysis |
$ |
|
https://www.solarwinds.com/papertrail |
|
|
|
|
54 |
Event Tracing for Windows (ETW) |
Logging |
Open Source |
Logs Kernal level events |
https://docs.microsoft.com/en-us/windows-hardware/drivers/devtest/event-tracing-for-windows--etw- |
|
|
|
|
55 |
IRMA OSS |
Malware Analysis |
Open & $$ |
Malicious File Analysis |
https://irma-oss.quarkslab.com/ |
|
|
|
|
56 |
PE Studio |
Malware Analysis |
Open Source |
Static Malware Analysis of Portable Executables (PE) |
https://www.techspot.com/downloads/6350-pestudio.html |
|
|
|
|
57 |
CAPA Explorer |
Malware Function discovery |
Open Source |
FireEye plugin for IDA Pro |
https://github.com/fireeye/capa |
|
|
|
|
58 |
Sysmon |
Monitoring |
Open Source |
Windows OS Monitoring; also Linux |
in SysInternals |
monitor and log system activity |
|
|
|
59 |
Volatility |
Monitoring - Memory |
Open Source |
Memory Analysis |
https://www.volatilityfoundation.org/ |
|
|
|
|
60 |
Netflow |
Monitoring - Network |
Open Source |
Monitor Network Traffic |
https://www.solarwinds.com/free-tools/real-time-netflow-analyzer |
|
|
|
|
61 |
Network Miner |
Monitoring - Network |
Open Source |
Sniffer, Packet Analyzer |
https://www.netresec.com/?page=networkminer |
|
|
|
|
62 |
Microsoft Event Collector |
Monitoring - Windows |
Open Source |
Event Forwarding |
https://www.solarwinds.com/free-tools/event-log-forwarder-for-windows |
https://docs.microsoft.com/en-us/windows/desktop/WEC/windows-event-collector |
|
|
|
63 |
Microsoft SysInternals |
Monitoring - Windows |
Open Source |
Packaged Microsoft Tools |
https://docs.microsoft.com/en-us/sysinternals/downloads/ |
|
|
|
|
64 |
SysInternals Suite |
Monitoring - Windows |
Open Source |
Windows OS Monitoring; also Linux |
https://docs.microsoft.com/en-us/sysinternals/ |
contains Process Explorere,
Process Monitor |
|
|
|
65 |
Firepower / FireSight |
Monitoring & Control |
$$ |
IDS Package with CISCO devices / Networks |
https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623.pdf |
|
|
|
|
66 |
Nagios |
Monitoring & Control |
Open Source |
IT infrastructure monitoring |
http://www.nagios.org/ |
https://www.sans.org/reading-room/whitepapers/forensics/uncovering-indicators-compromise-ioc-powershell-event-logs-traditional-monitoring-tool-36352 |
|
|
|
67 |
Solarwinds goto cell A414 for
all software |
Monitoring & Control |
$$ |
Network Activity Capture & Visualization |
https://www.solarwinds.com/ see list below of all tools |
|
|
|
|
68 |
Microsoft Message Analyzer |
OS Message Tracing |
Open Source |
capture, display, and analyze protocol messaging traffic; and to trace and assess system events and other
messages from Windows components. |
https://www.microsoft.com/en-us/download/details.aspx?id=44226 |
|
|
|
|
69 |
Wireshark |
Packet Capture |
Open Source |
Packet Capture and Analysis |
https://wiki.wireshark.org/SampleCaptures |
|
|
|
|
70 |
Yet Another BacNet Explorer |
Packet Capture |
Open Source |
|
https://sourceforge.net/projects/yetanotherbacnetexplorer/ |
|
|
|
|
71 |
Inception |
Password - Bypass |
Open Source |
Password Bypass |
https://github.com/carmaa/inception |
|
|
|
|
72 |
LaZagne |
Password - Extraction |
Open Source |
Password Extraction |
https://github.com/AlessandroZ/LaZagne |
|
|
|
|
73 |
John the Ripper * |
Password - Harvesting |
Open Source |
password hash cracker |
in Kali |
in Kali |
|
|
|
74 |
ophcrack |
Password - Harvesting |
Open Source |
pw hash cracking |
in Kali |
|
|
|
Linux based VM |
|
75 |
Password Checker |
Password Assurance |
Open Source |
Password Check against Captured PW databases |
https://haveibeenpwned.com |
|
|
|
|
76 |
Hashcat * |
Password Cracking |
Open Source |
Password Recovery |
https://github.com/hashcat/hashcat |
|
|
|
|
77 |
WhoisXMLAPI |
Pen Testing |
Open Source |
Checks for open sub-domains in web access |
https://subdomains.whoisxmlapi.com/ |
|
|
|
|
78 |
Intrigue.io |
Pen Testing - Attack
surface |
Open Source |
Fingerprinting, Spidering, DNS |
https://github.com/intrigueio |
|
|
|
|
79 |
Bloodhound |
Pen Testing - Active Directory |
Open Source |
Attack Paths in Active Directory & other apps |
https://bloodhound.readthedocs.io/en/latest/index.html |
see video at
https://www.youtube.com/watch?v=dPsLVE0R1Tg
identify highly complex attack paths using graph analysis |
|
|
|
80 |
Mimikatz |
Pen Testing - Authentication |
Open Source |
windows authentication exploitation |
https://github.com/gentilkiwi/mimikatz |
https://www.sans.org/reading-room/whitepapers/forensics/mimikatz-overview-defenses-detection-36780 |
|
|
|
81 |
Innuendo |
Pen Testing - C2 & Exfil |
$$$ |
C&C Server & Exfil Simulator |
https://www.immunityinc.com/services/adversary-simulation.html |
|
|
|
|
82 |
Sentry-MBA |
Pen Testing - Credential Stuffing |
Open Source |
considered malware; dark web tool; credential theft |
https://sentry[.]mba <- note: this
is a dark web link |
|
|
|
|
83 |
SQLMap |
Pen Testing - Database |
Open Source |
SQL DB detection & exploitation Testing |
https://www.sqlmap.org |
|
|
|
|
84 |
DIG Domain Information Groper |
Pen Testing - DNS |
Open Source |
Test DNS Zone Transfer Vulnerability |
https://samsclass.info/40/proj/digwin.htm |
|
|
|
|
85 |
Cain & Abel |
Pen Testing - General |
Open Source |
General Purpose Exploit Tool |
http://cain-abel.en.softonic.com/download |
|
|
|
|
86 |
Commando VM |
Pen Testing - General |
Open Source |
Windows based Kali-like Tool |
https://github.com/fireeye/commando-vm |
|
|
|
|
87 |
Ettercap |
Pen Testing - General |
Open Source |
Pen Test Toolkit; Session Hijack |
http://ettercap.sourceforge.net/ |
|
|
|
|
88 |
Kali Linux |
Pen Testing - General |
Open Source |
see below for tools in Kali |
https://www.kali.org/ |
|
|
|
|
89 |
Metasploit / Armitage (gui) * |
Pen Testing - General |
Conditional |
hundreds of exploits e.g. hashdump |
https://www.offensive-security.com/metasploit-unleashed/meterpreter-basics/ |
|
|
|
|
90 |
Netcat* or ncat |
Pen Testing - injection |
Open Source |
swiss army knife of network tools |
https://nmap.org/ncat/ |
in Kali |
|
|
|
91 |
CALDERA |
Pen Testing - Malware Attacks |
Open Source |
Red Team Attack Tool |
https://github.com/mitre/caldera |
|
|
|
|
92 |
Canvas from Immunity |
Pen Testing - Malware Attacks |
$$$$ |
High End Exploit Tool |
https://www.immunityinc.com/products/canvas/ |
capa detects capabilities in
executable files. You run it against a PE file or shellcode and it tells you
what it thinks the program can do. |
|
|
|
93 |
Exploit Database |
Pen Testing - Malware Attacks |
Open Source |
40K+ exploits |
https://www.exploit-db.com/ |
|
|
|
|
94 |
Exploit Pak |
Pen Testing - Malware Attacks |
$ |
40K+ exploits |
https://exploitpack.com/ |
|
|
|
|
95 |
EternalBlue |
Pen Testing - OS |
Open Source |
Operating System Vulnerabilities |
https://github.com/ElevenPaths/Eternalblue-Doublepulsar-Metasploit |
|
|
|
|
96 |
P0f |
Pen Testing - OS |
Open Source |
OS Fingerprinting |
https://github.com/p0f/p0f |
|
|
|
|
97 |
SCAPY |
Pen Testing - Packets |
Open Source |
interactive packet manipulation |
https://scapy.net |
extended into SCAPYtrain for
campaigns & WifiTap; send, sniff, dissect and forge network packets |
|
|
|
98 |
THC-Hydra * |
Pen Testing - Password Crack |
Open Source |
Network Login Penetration |
in Kali |
in Kali |
|
|
|
99 |
SET Social Engineering Toolkit |
Pen Testing - People |
Open Source |
For crafting phishing email, etc |
http://www.social-engineer.org/framework/ |
|
|
|
|
100 |
PRET Printer Exploitation Toolkit |
Pen Testing - Peripherals |
Open Source |
Printer Vulnerability Testing |
https://github.com/RUB-NDS/PRET |
|
|
|
|
101 |
Nishang |
Pen Testing - Powershell |
Open Source |
Keylogger, DNS TXT Code Execution, HTTP Backdoor, Powerpreter |
in Kali |
in Kali |
|
|
|
102 |
Inveigh |
Pen Testing - SMB, http, SQL
servers |
Open Source |
Windows tool for Responder |
https://github.com/Kevin-Robertson/Inveigh |
|
|
|
|
103 |
Responder |
Pen Testing - SMB, http, SQL
servers |
Open Source |
Grabs Hashes from SMB, http & SQL servers |
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/introducing-responder-10/ |
|
|
|
|
104 |
Acunetix |
Pen Testing - Web |
$$ |
Web Application Vulnerability Testing |
https://www.acunetix.com/ |
|
|
|
|
105 |
BeEF * |
Pen Testing - Web |
Open Source |
Browser Exploitation Framework |
https://github.com/beefproject/beef |
|
|
|
|
106 |
Burp Suite * |
Pen Testing - Web |
Open Source |
Web Content Vulnerability Scanner |
https://www.portswigger.net/burp/ |
|
|
|
|
107 |
Nikto2 * |
Pen Testing - Web |
Open Source |
Web Server Testing |
in Kali |
in Kali |
|
|
|
108 |
Raft - Response Testing |
Pen Testing - Web |
Open Source |
Web Application |
https://github.com/Averroes/raft |
|
|
|
|
109 |
SamuraiWTF Web Test Framework |
Pen Testing - Web |
Open Source |
Package extension of Kali |
https://sourceforge.net/projects/samurai/ |
|
|
|
|
110 |
Skipfish (in Kali) |
Pen Testing - Web |
Open Source |
Web Site Recon Tool |
|
in Kali |
|
|
|
111 |
W3af |
Pen Testing - Web |
Open Source |
Web Application & Attack Framework |
https://w3af.org |
|
|
|
|
112 |
Webgoat |
Pen Testing - Web |
Open Source |
Web |
https://github.com/WebGoat/WebGoat |
|
|
|
|
113 |
ZED attack Prozy (ZAP) |
Pen Testing - Web |
Open Source |
web vulnerability scanner |
https://www.zaproxy.org/ |
|
|
|
|
114 |
REST API |
Pen Testing - Web Pages |
Open Source |
Test Platform for GET PUT POST DELETE; REpresentational State Transfer |
https://github.com/octokit/rest.js/ |
|
|
|
|
115 |
URL Scan |
Pen Testing - Website |
|
Scans a Web Page to examine what user content is being collected and |
https://urlscan.io/ |
|
|
|
|
116 |
Covenant |
Pen Testing - Windows |
Open Source |
Windows .net attack surface tool |
https://github.com/cobbr/Covenant |
|
|
|
|
117 |
Aircrack-ng * |
Pen Testing - Wireless |
Open Source |
Provides routines for accessing hashed router pw's |
in Kali |
in Kali |
|
|
|
118 |
Kismet * |
Pen Testing - Wireless |
Open Source |
Wireless Access Point Locator |
in Kali |
in Kali |
|
|
|
119 |
Netstumbler |
Pen Testing - Wireless |
Open Source |
Wireless Access Point Locator |
https://www.netstumbler.com/ |
|
|
|
|
120 |
WiFite |
Pen Testing - Wireless |
Open Source |
Wireless transmission identification |
https://code.google.com/archive/p/wifite/ |
|
|
|
|
121 |
Squid |
Proxy for Access Control |
Open Source |
|
https://github.com/squid-cache/squid |
|
|
|
|
122 |
Recon-ng |
Reconnaisance - OSI |
Open Source |
Linux based assembly tool |
in Kali |
in Kali |
|
|
|
123 |
Censys & zMap |
Reconnaissance - OSI |
Research |
Scan of all internet, banners, hosts, certificates |
https://censys.io/data |
|
|
|
|
124 |
FOCA Open Source Collection |
Reconnaissance - OSI |
Open Source |
Fingerprinting Organization w Collected Archives |
https://github.com/ElevenPaths/FOCA |
|
|
|
|
125 |
Google Hacks / Dorks |
Reconnaissance - OSI |
Open Source |
Using Google search engine to locate "hidden" info on web sites |
https://www.exploit-db.com/google-hacking-database |
|
|
|
|
126 |
Shodan |
Reconnaissance - OSI |
Open, $ |
Links to vulnerable IP addresses |
https://shodanhq.io |
|
|
|
|
127 |
Spiderfoot |
Reconnaissance - OSI |
Open Source |
IP Address Identification |
in Kali |
in Kali |
|
|
|
128 |
TinEye |
Reconnaissance - OSI |
Online/Opensource |
Locates Image Sources |
https://tineye.com/ |
|
|
|
|
129 |
CFF Explorer |
Reverse Engineering |
Open Source |
Binary Analysis |
https://download.cnet.com/CFF-Explorer/3000-2383_4-10431156.html |
|
|
|
|
130 |
Cukoo |
Reverse Engineering |
Open Source |
Malware analysis |
https://cuckoosandbox.org/ |
|
|
|
|
131 |
Flare VM |
Reverse Engineering |
Open Source |
Package with Disassemblers, Debuggers, Parsers, Decompilers, Monitoring Tools and Hex Editors |
https://github.com/fireeye/flare-vm |
|
|
|
|
132 |
GHIDRA |
Reverse Engineering |
Open Source |
Windows, Linux & Mac |
https://github.com/NationalSecurityAgency/ghidra |
|
|
|
|
133 |
IDA Pro |
Reverse Engineering |
$$ |
Reverse Engr x32, x64, ARM & ARM 64 binary |
https://www.hex-rays.com/products/ida/ |
|
|
|
|
134 |
Muraen / Necrobrowser |
Reverse Proxy Attack |
Open Source |
For automating phishing |
https://github.com/muraenateam/muraena |
|
|
|
|
135 |
CSET |
Risk Assessment |
Open Source |
Multiple RA Approaches |
https://www.us-cert.gov/ics/Downloading-and-Installing-CSET |
|
|
|
|
136 |
Belarc advisor |
Routine Security Defense |
free, $ |
Inventory of a Computing Machine: HW & Software |
https://www.belarc.com/en/products_belarc_advisor |
|
|
|
|
137 |
Microsoft Baseline Analyzer 2.1.1 |
Routine Security Defense |
Open Source |
Examine Microsoft OSs for vulnerabilities |
https://www.microsoft.com/en-us/download/details.aspx?id=19892 |
|
|
|
|
138 |
IOC Finder |
Scanning |
Open Source |
Collecting host system data and reporting the presence of IOCs. IOCs are open-standard XML documents |
https://www.fireeye.com/services/freeware/ioc-finder.html |
|
|
|
|
139 |
PowerShell |
Script Programming |
MS Windows |
script creation |
included in Windows |
|
|
|
|
140 |
PowerSploit |
Script Programming |
Open source |
PS scripts used in pen testing |
https://powersploit.readthedocs.io/en/latest/ |
|
|
|
|
141 |
PSEXEC |
Script Programming |
Open Source |
program execution on remote systems |
in SysInternals |
Telnet alternative |
|
|
|
142 |
Python |
Script Programming |
Open Source |
program & script creation |
many versions |
|
|
|
|
143 |
Dirsearch |
Search |
Open Source |
Search website directories for apps, code, wordlists |
https://github.com/maurosoria/dirsearch |
https://github.com/maurosoria/dirsearch |
|
|
|
144 |
Diggity |
Search Tool for Cyber |
Open Source |
Multi Cyber Sites/Domains/Ranges tool |
https://resources.bishopfox.com/resources/tools/google-hacking-diggity/attack-tools/ |
See Exploit Database |
|
|
|
145 |
Prowler |
Security Assessment - General |
Open Source |
AWS security assessment, auditing, hardening and incident response. |
https://github.com/prowler-cloud/prowler#description |
|
|
has capability for C2 called
Beacon |
|
146 |
Alientvault OSSIM |
SIEM |
Open Source |
Security Information & Event Management Software |
https://cybersecurity.att.com/products/ossim/download |
|
|
|
|
147 |
Source Code Testing Tools OWASP |
Source Code Analysis |
Open Source, $ |
List of Testing Tools |
https://www.owasp.org/index.php/Source_Code_Analysis_Tools |
|
|
|
|
148 |
Wbstego |
Steganography |
Open Source |
Steganography encrypting & decryption |
http://www.bailer.at/wbstego/pr_4ix0.htm |
|
|
|
|
149 |
Stack Overflow |
Technical Q&A Site |
Open Source |
|
https://stackoverflow.com/ |
|
|
|
|
150 |
Cobalt Strike |
Threat Emulation |
$$$ |
Adversary simulation & Red Teaming |
https://www.cobaltstrike.com |
$3500/yr single license |
|
|
|
151 |
TRAM (MITRE) |
Threat Extraction |
Open Source |
Uses NLP to create ATT&CK Maps from text |
https://github.com/mitre-attack/tram |
https://www.signalscorps.com/blog/2022/mitre-attack-105-tram/ |
|
|
|
152 |
Plaso |
Timeline Analysis |
Open Source |
collect & aggregate timestamped events for forensic analysis |
https://github.com/log2timeline/plaso |
|
|
|
|
153 |
Malcolm |
Traffic Analysis |
Open Source |
Tool suite for PCAP & Zeek Logs |
https://github.com/cisagov/Malcolm |
|
|
|
|
154 |
Virtual box |
Virtual Machine Hypervisor |
Open Source |
Hypervisor |
https://www.virtualbox.org/wiki/Downloads |
|
|
|
|
155 |
National Vulnerability Database |
Vulnerability Assessment |
Open Source |
Contains up-to date vulnerabilites list |
https://nvd.nist.gov |
|
|
|
|
156 |
Nessus* |
Vulnerability Assessment |
Conditional |
Scanner |
http://www.tenable.com/products/nessus |
|
|
|
|
157 |
OpenVAS |
Vulnerability Assessment |
Open Source |
open source Vulnerability Assessment System |
http://www.openvas.org/ |
|
|
|
158 |
Retina |
Vulnerability Assessment |
$$ |
Scanner |
http://go.beyondtrust.com/community |
|
|
|
159 |
SEC Filings |
Vulnerability Assessment |
Open Source |
security filings |
https://www.sec.gov/edgar.shtml |
|
|
|
160 |
VirusTotal |
Vulnerability Assessment |
Open Source |
Checks files & sites for malware |
https://www.virustotal.com/#/home/upload |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Solarwinds
Downloads |
|
|
|
|
|
|
|
Tool |
Description |
Free Version |
30 day Trial Professional |
|
1 |
Access Rights Auditor |
Active Directory and File Server risk areas |
Download |
|
|
2 |
Access Rights Manager |
|
|
|
|
3 |
AppOptics |
Application Performance Monitoring |
|
|
|
4 |
Azure Cost Calculator |
|
Download |
|
|
5 |
Dameware Remote Support (RDP) |
|
|
|
|
6 |
Database Performance Analyzer |
|
Download |
|
|
7 |
Event Log Consolidator |
View, consolidate, and dismiss event
logs and correlate issues across multiple systems |
Download |
|
|
|
8 |
Event Log Forwarder |
|
Download |
|
|
9 |
Flow Tool Bundle |
Quickly distribute, test, and configure flow traffic |
Download |
|
|
10 |
Identity Manager |
|
|
|
|
11 |
ipMonitor |
|
Download |
https://www.solarwinds.com/ip-monitor $1,495&up |
|
12 |
Log Analyzer - Papertrail |
|
|
https://www.papertrail.com/solution/log-analyzer/ |
|
13 |
NAT Lookup |
Network Address Translation |
Download |
|
|
14 |
Network Bandwidth Analyzer |
|
|
|
|
15 |
Network Configuration Manager |
|
|
|
|
16 |
Network Performance Monitor |
|
|
|
|
17 |
Papertrail |
Cloud-hosted log management for faster
troubleshooting of infrastructure and application issues |
|
|
|
18 |
Performance Analyzer
For SQL |
|
|
|
|
19 |
Permissions Analyzer for Active Directory |
|
Download |
|
|
20 |
Pingdom |
|
|
|
|
21 |
Security Event Manager |
|
|
|
|
22 |
Server & Application Manager |
|
|
|
|
23 |
Service Desk |
|
|
|
|
24 |
Solar-PuTTY |
|
Download |
|
|
25 |
SQL Plan Warnings |
|
Download |
|
|
26 |
Storage Resource Manager |
|
|
|
|
27 |
Virtualization manager |
|
|
|
|
28 |
Web Help Desk |
|
Download |
|
|
29 |
Traceroute NG |
|
|
|
|
30 |
Port Scanner |
Lists of open, closed, and filtered ports for each scanned IP address |
Download |
|
|
31 |
Network Device Monitor |
|
|
|
|
32 |
Netflow Configurator |
|
|
|
|
33 |
GNS3 Network Emulator |
|
|
|
|
34 |
Real Time AppFlow Analyzer |
|
|
|
|
|
|
|
|
|
|
|
|
|
Software
Categories |
|
|
|
1 |
Anonymous Browser |
|
|
|
2 |
Collection/Data Analysis/Synthesis |
|
|
|
3 |
Cyber Hygiene |
|
|
|
4 |
Cyber Threat
Intelligence |
|
|
|
5 |
Data Analysis/Synthesis |
|
|
|
6 |
Denial of Service |
|
|
|
7 |
Firewall |
|
|
|
8 |
Forensics |
|
|
|
9 |
Forensics - Storage |
|
|
|
10 |
Full Packet Capture |
|
|
|
11 |
General Purpose Tool |
|
|
|
12 |
General Purpose Tool Set |
|
|
|
13 |
Hashes Data Base |
|
|
|
14 |
Hashing |
|
|
|
15 |
Indicator Identification |
|
|
|
16 |
Information Sharing |
|
|
|
17 |
Intrusion Detection |
|
|
|
18 |
IOC Collection |
|
|
|
19 |
Lateral Movement |
|
|
|
20 |
Log Analysis |
|
|
|
21 |
Logging |
|
|
|
22 |
Malware Analysis |
|
|
|
23 |
Malware Function discovery |
|
|
|
24 |
Monitoring |
|
|
|
25 |
Monitoring - Memory |
|
|
|
26 |
Monitoring - Network |
|
|
|
27 |
Monitoring - Windows |
|
|
|
28 |
OS Message Tracing |
|
|
|
29 |
Packet Capture |
|
|
|
30 |
Password - Bypass |
|
|
|
31 |
Password - Extraction |
|
|
|
32 |
Password - Harvesting |
|
|
|
33 |
Password Assurance |
|
|
|
34 |
Password Cracking |
|
|
|
35 |
Pen Testing - Attack
surface |
|
|
|
36 |
Pen Testing - Active Directory |
|
|
|
37 |
Pen Testing - Authentication |
|
|
|
38 |
Pen Testing - C2 & Exfiltration |
|
|
|
39 |
Pen Testing - Credential Stuffing |
|
|
|
40 |
Pen Testing - Database |
|
|
|
41 |
Pen Testing - DNS |
|
|
|
42 |
Pen Testing - General |
|
|
|
43 |
Pen Testing - injection |
|
|
|
44 |
Pen Testing - Malware Attacks |
|
|
|
45 |
Pen Testing - OS |
|
|
|
46 |
Pen Testing - Packets |
|
|
|
47 |
Pen Testing - Password Crack |
|
|
|
48 |
Pen Testing - People |
|
|
|
49 |
Pen Testing - Peripherals |
|
|
|
50 |
Pen Testing - PowerShell |
|
|
|
51 |
Pen Testing - SMB, http, SQL
servers |
|
|
|
52 |
Pen Testing - Web |
|
|
|
53 |
Pen Testing - Web Pages |
|
|
|
54 |
Pen Testing - Website |
|
|
|
55 |
Pen Testing - Windows |
|
|
|
56 |
Pen Testing - Wireless |
|
|
|
57 |
Proxy for Access Control |
|
|
|
58 |
Reconnaissance - OSI |
|
|
|
59 |
Reverse Engineering |
|
|
|
60 |
Reverse Proxy Attack |
|
|
|
61 |
Risk Assessment |
|
|
|
62 |
Routine Security Defense |
|
|
|
63 |
Scanning |
|
|
|
64 |
Script Programming |
|
|
|
65 |
Search Tool for Cyber |
|
|
|
66 |
Security Assessment - General |
|
|
|
67 |
Security Information &
Event Management |
|
|
|
68 |
Source Code Analysis |
|
|
|
69 |
Steganography |
|
|
|
70 |
Technical Q&A Site |
|
|
|
71 |
Threat Emulation |
|
|
|
72 |
Timeline Analysis |
|
|
|
73 |
Traffic Analysis |
|
|
|
74 |
Virtual Machine Hypervisor |
|
|
|
75 |
Vulnerability Assessment |
|
|
|
|
|
|
|
|
|
FireEye
Threat Pursuit VM |
|
|
|
|
Development, Analytics and Machine Learning |
|
|
|
Shogun |
|
|
|
|
Tensorflow |
|
|
|
|
Pytorch |
|
|
|
|
Rstudio |
|
|
|
|
RTools |
|
|
|
|
Darwin |
|
|
|
|
Keras |
|
|
|
|
Apache Spark |
|
|
|
|
Elasticsearch |
|
|
|
|
Kibana |
|
|
|
|
Apache Zeppelin |
|
|
|
|
Jupyter Notebook |
|
|
|
|
MITRE Caret |
|
|
|
|
Python (x64) |
|
|
|
|
Visualisation |
|
|
|
|
Constellation |
|
|
|
|
Neo4J |
|
|
|
|
CMAP |
|
|
|
|
Triage, Modelling & Hunting |
|
|
|
|
MISP |
|
|
|
|
OpenCTI |
|
|
|
|
Maltego |
|
|
|
|
Splunk |
|
|
|
|
Microsoft MSTIC Jupyter and
Python Security Tools |
|
|
|
|
MITRE ATT&CK Navigator |
|
|
|
|
Cortex Analyzer |
|
|
|
|
Greynoise API and GNQL |
|
|
|
|
threatcrowd API |
|
|
|
|
threatcmd |
|
|
|
|
ViperMonkey |
|
|
|
|
Threat Hunters Playbook |
|
MITRE Tools |
|
|
MITRE TRAM |
|
|
TRAM |
|
|
SIGMA |
|
|
Calderra |
|
|
YETI |
|
|
Caltack |
|
|
Azure Zentinel |
|
|
|
|
AMITT Framework |
|
|
|
|
Adversarial Emulation |
|
|
|
|
MITRE Calderra |
|
|
|
|
Red Canary ATOMIC Red Team |
|
|
|
|
Mordor Re-play
Adversarial Techniques |
|
|
|
MITRE Caltack Plugin |
|
|
|
|
APTSimulator |
|
|
|
|
FlightSim |
|
|
|
|
Information Gathering |
|
|
|
|
Maltego |
|
|
|
|
nmap |
|
|
|
|
intelmq |
|
|
|
|
dnsrecon |
|
|
|
|
orbit |
|
|
|
|
FOCA |
|
|
|
|
Utilities and Links |
|
|
|
|
CyberChef |
|
|
|
|
KeepPass |
|
|
|
|
FLOSS |
|
|
|
|
peview |
|
|
|
|
VLC |
|
|
|
|
AutoIt3 |
|
|
|
|
Chrome |
|
|
|
|
OpenVPN |
|
|
|
|
Sublime |
|
|
|
|
Notepad++ |
|
|
|
|
Docker Desktop |
|
|
|
|
HxD |
|
|
|
|
Sysinternals |
|
|
|
|
Putty |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|