Awesome Cyber Security Tools

A curated list of common tools used in security across different specialties.

Table of Contents

• Malware Reversing
  • Static Analysis
  • Dynamic Analysis
• Reverse Engineering
  • Java Decompilers
  • .NET Decompilers
• Penetration Testing
  • Mobile Penetration Testing
• Forensics
• Linux Distributions
• Contribute
• License

Malware Reversing

Static Analysis

File Identification

• file - Determine file type.
• exeinfo PE - Analyze Windows PE header information, packer detection, and gives hints on how to unpack.
• trID - Use pattern database to determine file types, gives a likelihood of detected type.
• PeiD - Detects common packers, cryptors, and compilers for PE files.
• Detect-It-Easy - Determines types of files for Windows, Linux, and MacOS.
• KAPE - A tool for acquiring and processing forensic artifacts.

File Signature

• md5sum - Compute and check MD5 message digest.
• HashMyFile - Calculates MD5 and SHA1 hashes of one or more files.
• Hasher - Free SHA-1, MD5, and CRC32 hash generator for Windows.
• ComputeHash - Calculates MD5, SHA1, SHA256, SHA384, and SHA512 hashes.
• GET-FileHash - Computes hash value for a file using a specified hash algorithm.
• ssdeep - Computes context triggered piecewise hashes (CTPH) for fuzzy matching.
• impfuzzy - Calculates Fuzzy Hash from import API of PE files.
• pehash - Compilation of peHash implementations.
• VHash - Computes hashes for files with support for various hashing algorithms.

Strings

• strings - Print sequences of printable characters in files.
• binText - Extracts ASCII, Unicode, and Resource strings from files.
• xorsearch - Searches for strings in XOR, ROL, ROT, or SHIFT encoded binary files.
• floss64 - Automatically extracts obfuscated strings from malware.
• StringsDump - Extracts and identifies text from binary files.
• YARA - Tool for identifying and classifying malware samples by patterns.

PE Inspector

• PeStudio - Examines executable files in depth.
• CFF Explorer - Inspect and analyze Portable Executable (PE) files.
• PE Explorer - Inspects Windows applications and libraries.
• PE Bear - Multiplatform reversing tool for PE files.
• Peview - Lightweight utility for inspecting PE files.
• Dependency Walker - Builds hierarchical tree diagram of dependent modules.
• DLL Export Viewer - Displays exported functions and their addresses for DLL files.
• PEPack - Python library for inspecting and manipulating PE files.

IOC and Pattern Identification

• yara - Tool for identifying and classifying malware samples.
• Loki - IOC and YARA Scanner.
• zipdump - Analyzes zip files and runs YARA rules.
• exiftool - Reads, writes, and edits meta information in files.
• OISF Suricata - High-performance Network IDS, IPS, and Network Security Monitoring (NSM) engine.

PDF

• pdf-parser - Parses PDF documents to identify fundamental elements.
• pdfid - Scans for PDF keywords indicating JavaScript or actions.
• pee-pdf - Analyzes PDF documents.
• spidermonkey - Modified Mozilla JavaScript implementation for malware analysis.
• PDF-XChange Editor - In-depth analysis and editing of PDF documents.
• pdfunite - Merges multiple PDF files into a single file.

Office

• officeMalScanner - Scans MS Office documents for malicious traces.
• ole-tools - Analyzes MS OLE2 files and Office documents.
• vipermonkey - VBA parser and emulation engine.
• lazy office analyzer - Extracts URLs, VB-script, and JavaScript from Office documents.
• OfficeScan - Analyzes Microsoft Office documents for malware and other threats.
• OLEVBA - Extracts VBA macros from Office files and detects obfuscation techniques.

Anti-Analysis Detector

• Pefish - Detects virtual machines and malware analysis environments.
• VMProtect - Anti-debugging and anti-VM software protection.

Hex Editor

• 010 Editor - Powerful hex and text editor.
• HxD - Fast hex editor with raw disk editing capabilities.
• Hex Workshop - Visualizes data through graphical representations and charts.
• Bless - High-performance, full-featured hex editor.

Resource Editor

• Resource Hacker - Resource editor for Windows applications.
• Resource Tuner - Allows you to edit resources within executables and DLLs.

APIs / DLLs

• API Monitor - Monitors and controls API calls.
• WinAPIOverride - Monitors, intercepts, and logs API calls.
• ListDLLs - Lists all the DLLs loaded into processes.
• Handle - Lists open handles for system processes.

Dynamic Analysis Tools

• Cuckoo Sandbox - Automated malware analysis system.
• Fakenet-NG - Fake network environment for malware analysis.
• Remnux - Linux toolkit for reverse engineering and analyzing malware.
• Fakenet - Network simulation tool.
• Volatility - Advanced memory forensics framework.
• Procmon - Monitors and logs real-time file system, Registry, and process/thread activity.
• Regshot - Takes snapshots of the Registry and compares them.
• APISpy - Captures and analyzes API calls made by applications.
• Sandboxie - Isolates applications in a virtual sandbox.
• x64dbg - Open-source debugger for Windows, useful for dynamic analysis of executables.
• ProcDot - Visualizes process and thread behavior.
• MISP - Open-source threat intelligence platform for sharing, storing, and correlating indicators of compromise (IOCs).

Reverse Engineering

• Ghidra - Software reverse engineering framework.
• Radare2 - Open-source reverse engineering framework.
• IDA Pro - Interactive disassembler and debugger.
• Binary Ninja - Reverse engineering platform.
• x64dbg - Open-source debugger for Windows.
• Hopper - Reverse engineering tool for macOS and Linux.
• OllyDbg - 32-bit assembler level debugger for Windows.
• Cutter - Qt and C++ GUI powered by Radare2.
• Snowman - Decompiler for binary executables.
• Zynamics BinNavi - Reverse engineering tool for binaries.
• JEB Decompiler - Interactive disassembler and decompiler for Android and other platforms.

Java Decompilers

• JD-GUI - Decompiler for Java bytecode.
• CFR - Another Java decompiler.
• Procyon - Java decompiler for modern Java features.
• JADX - Dex to Java decompiler.
• FernFlower - IntelliJ's Java decompiler.
• Krakatau - Python-based Java decompiler.
• JBE - Java Bytecode Editor and Decompiler.
• JClassLib - Java Class File Viewer and Editor.

.NET Decompilers

• dnSpy - .NET debugger and assembly editor.
• dotPeek - .NET decompiler from JetBrains.
• ILSpy - Open-source .NET assembly browser and decompiler.
• Reflector - Commercial .NET decompiler.
• JustDecompile - Free .NET decompiler from Telerik.
• Decompiler - A .NET decompiler and assembly browser.

Penetration Testing

• Metasploit - Penetration testing framework.
• Burp Suite - Integrated platform for web application security testing.
• Nmap - Network scanning and discovery tool.
• OWASP ZAP - Open-source web application security scanner.
• Aircrack-ng - Suite of tools for wireless network security.
• Nessus - Vulnerability scanner.
• Wireshark - Network protocol analyzer.
• Sqlmap - Automated SQL injection and database takeover tool.
• Kali Linux - Penetration testing distribution with numerous tools.
• Dradis - Open-source collaboration and reporting tool for information security teams.
• Sublist3r - Fast subdomain enumeration tool.
• Recon-ng - Full-featured Web Reconnaissance Framework.
• Malleable C2 - Framework for crafting custom C2 profiles for command and control.

Mobile Penetration Testing

• MobSF - Mobile Security Framework for static and dynamic analysis.
• Drozer - Android security assessment framework.
• Frida - Dynamic instrumentation toolkit for developers, reverse engineers, and security researchers.
• AppMon - Monitor and analyze mobile apps on Android and iOS.
• APKTool - Decompiles and rebuilds APK files.
• Xposed Framework - Framework for modules that can change the behavior of the APK.
• AndroGuard - Android reverse engineering tool.
• Jadx - Dex to Java decompiler for Android.
• Burp Suite Mobile Assistant - Integrated mobile assistant for Burp Suite.
• Magisk - Rooting solution with systemless root for Android.
• AppUse - Open-source Android security testing platform.

Forensics

• Autopsy - Digital forensics platform and graphical interface.
• Sleuth Kit - Collection of command-line tools for forensic analysis.
• FTK Imager - Forensic imaging tool.
• X1 Search - Forensic search and data extraction tool.
• Bulk Extractor - Extracts useful information from disk images.
• EnCase - Digital forensic investigation software.
• Plaso - Log2Timeline framework for digital forensics.
• The Sleuth Kit (TSK) - A library and collection of command-line tools for digital forensics.
• CAINE - Live Linux distribution for digital forensics.

Linux Distributions

• Kali Linux - Comprehensive penetration testing distribution with numerous security tools.
• Parrot Security OS - Security-oriented Linux distribution designed for security experts and developers.
• BackBox - Ubuntu-based Linux distribution for security and analysis.
• BlackArch - Arch Linux-based distribution for penetration testers and security researchers.
• Tails - Live operating system that you can start on almost any computer from a USB stick or a DVD.
• Qubes OS - Privacy-focused Linux distribution that uses virtualization to isolate security-sensitive tasks.
• REMnux - Linux toolkit for reverse engineering and analyzing malware.
• DEFT Linux - Linux distribution specifically designed for digital forensics and penetration testing.
• Caine - Live CD Linux distribution for digital forensics.
• Whonix - Privacy-focused Linux distribution that leverages Tor for anonymous communication.
• Pentoo - Live CD and installable Linux distribution based on Gentoo optimized for penetration testing.

Contribute

Feel free to contribute by submitting a pull request or opening an issue to suggest improvements or additional tools.

License

This list is licensed under the MIT License.