This list has moved to:
https://github.com/neu5ron/tminfosec
https://github.com/neu5ron/tminfosec
Decoder/Packer/Unpacker:
- Hash/Encode/Decode https://virustracker.net/tools#decoder
- Dencoder http://meyerweb.com/eric/tools/dencoder/
- HEXdecoder http://ddecode.com/hexdecoder/
- JavaScript Compressor http://dean.edwards.name/packer/
- Java Decompiler http://www.javadecompilers.com/
- Jjencode http://utf-8.jp/public/jjencode.html
- JSFuck http://www.jsfuck.com/
- Jsobfuscate http://www.jsobfuscate.com/
- Jsunpack http://jsunpack.jeek.org/dec/go
- Malzilla http://malzilla.sourceforge.net/ (Software)
- Netteleuthe http://www.netteleuthe.de/gc/
- Ottodestruct http://ottodestruct.com/
- PHPdecoder http://ddecode.com/phpdecoder/
- Wepawet http://wepawet.iseclab.org/
- Xlate http://home.paulschou.net/tools/xlate/
- YGN encoding http://yehg.net/encoding/
- PHP http://ddecode.com/phpdecoder/
- Javascript https://hiddencodes.wordpress.com/2015/06/18/deobfuscate-javascript-using-phantomjs-headless-browser/
- Translate Encoding, Base64, XOR, ASCII etc..
- decode URL Encode; url encoder; url decoder; (does not require javascript)
- url expander; url unshortner; url link; (does not require javascript)
- http://onlinedisassembler.com/odaweb/
- online dissaembler; reverse engineer; exe
- online javascript deboufscation with identification
- https://www.javascriptanalysis.net/honeybadger/default/submit
ETC:
- hide cuckoo sandbox; anti vm detection; anti sandbox detection
- portable executable analysis:
- proxy for dlls; dll proxy
- http://aluigi.altervista.org/mytoolz/proxocket.zip
- dns proxy; spoof dns; nxdomain
- https://thesprawl.org/projects/dnschef/
- https://www.mandiant.com/assets/ApateDNS.zip
- http://www.nirsoft.net/utils/dns_query_sniffer.html
- hook analyser
- snort plugin for wireshark
- decrypt antivirus quarantine files
- searches javascript html coding
- DDOS; DOS; check to see if a website is up or down; is site up; is site down
- carve pcaps
- smtp diagnostics; smtp check; mx records
- spreadsheet of exploit kits; list of exploit kits and the CVEs and Exploits they use; exploit kits CVEs; EK CVEs;
- spreadsheet of APT groups
- https://docs.google.com/spreadsheets/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/
- Malcom - Malware Communication Analyzer
- online port scanner; hide ip for scanning open ports; check open ports; tcp/udp
- online udp scanner
- correlate and visualize procmon and pcap
- malware removal
- hexeditor tool:
- convert fiddler to pcap
- conversion tool; converter tool; text; hex; ascii; urlencode; xor;
- http://www.kahusecurity.com/tools/Converter
- mac/osx forensics
- windows gui alternative for wget/curl;
- HTTPie is a command line HTTP client. Its goal is to make CLI interaction with web services as human-friendly as possible. It provides a simple http command that allows for sending arbitrary HTTP requests using a simple and natural syntax, and displays colorized responses. HTTPie can be used for testing, debugging, and generally interacting with HTTP servers.
- Malware crawler
- Cookie Editor for Google Chrome
- https://chrome.google.com/webstore/detail/edit-this-cookie/fngmhnnpilhplaeedifhccceomclgfbg?hl=en-US
- construct custom HTTP requests, save them permanently, take advantage of variables and contexts.
- microsoft office analysis; reverse engineer microsoft office; excel; word; powerpoint
- https://github.com/phishme/malware_analysis/blob/master/scripts/psparser.py
- another OLE grabber
- http://blog.avira.com/malicious-office-macros-dead/
- http://www.decalage.info/python/olevba olevba
- http://blog.didierstevens.com/programs/oledump-py/ oledump
- https://github.com/GNOME/libgsf/tree/master/tools gsf-vba-dump
- https://github.com/vrtadmin/clamav-devel/tree/master/sigtool sigtool
- decompile .dll files
- https://www.jetbrains.com/decompiler/
- http://www.red-gate.com/products/dotnet-development/reflector/
- windows registry viewer; windows reigstry parser
- dotnet;.net
- dotnet decompiler
- Decompile Android:
- list of tools useful for RE and CTF
- List of exploit kits and the cve's they have implemented
- analyze pdfs; reverse engineer pdfs; decompile pdfs;adobe reader;adobe acrobat
- https://code.google.com/p/peepdf/
- http://eternal-todo.com/tools/peepdf-pdf-analysis-tool
- https://github.com/patrickdw123/ParanoiDF/archive/master.zip
- https://github.com/botherder/viper/blob/master/modules/pdf.py
- https://www.pnfsoftware.com/jeb2/downloads
- http://blog.didierstevens.com/programs/pdf-tools/
- https://github.com/jsvine/pdfplumber/blob/master/README.md
- decompile python2exe;py2exe; unpack py2exe
- https://raw.githubusercontent.com/pyinstaller/pyinstaller/67610f2ddadf378c90bf3c8872f3b38baefcb215/utils/archive_viewer.py
- http://sourceforge.net/projects/pyinstallerextractor/
- decompile java; java decompiler; java reverse engineering
- http://www.sureshotsoftware.com/jcavaj/index.html
- http://rejava.sourceforge.net/index.html
- http://jd.benow.ca/
- https://bitbucket.org/mstrobel/procyon/wiki/Java%20Decompiler useful if jd-gui doesnt work on some of the code
- https://github.com/cernekee/jarsurgeon
- https://github.com/Konloch/bytecode-viewer
- online http://www.javadecompilers.com/
- decompile flash; adobe flash; flash analysis; flash parser:
- https://www.free-decompiler.com/flash/download/ ffdec
- https://github.com/facundobatista/yaswfp
- https://github.com/cure53/Flashbang
- https://github.com/sporst/SWFREtools
- http://nowrap.de/flare.html
- http://www.nowrap.de/flasm.html
- http://codepad.org/hosku69i/raw.py
- http://labs.adobe.com/downloads/swfinvestigator.html
- cure53.de/flashbang
- https://github.com/F-Secure/Sulo
- http://jpauclair.net/mm-cfg-secrets/
- http://www.sociodox.com/theminer/
- http://www.free-decompiler.com/flash/
- https://github.com/botherder/viper/blob/master/modules/swf.py
- https://github.com/CyberShadow/RABCDAsm
- https://github.com/tillmannw/swffile
- decompile .net
- http://ilspy.net/
- hash identifier
- HTTP Headers for Website and Web Application Security
- javascript malware analysis tool; deobfuscate javascript
- http://blog.relentless-coding.org/2014/01/jsdetox-02-released.html
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Rhino/Download_Rhino
- Rhino is an open-source implementation of JavaScript written entirely in Java. It is typically embedded into Java applications to provide scripting to end users. It is embedded in J2SE 6 as the default Java scripting engine. Rhino-debugger is a Graphical User Interface (GUI) that enables to debug JavaScript. It is convenient to malware analysts to deobfuscate JavaScript.
- http://www.kahusecurity.com/2011/javascript-deobfucation-tools-part-2/
- https://github.com/mozilla/scanjs
- https://hiddencodes.wordpress.com/2015/06/18/deobfuscate-javascript-using-phantomjs-headless-browser/
- http://www.kahusecurity.com/tools/ (Javascript Deobfuscator)
- python script to automate ip, hash, or url lookups on virustotal, robtex, alienvault, ipvoid, threatexpert and others
- python script for VirusTotal file submission/lookup/download
- https://github.com/Xen0ph0n/VirusTotal_API_Tool/
- https://github.com/doomedraven/VirusTotalApi
- https://github.com/Erethon/vta.py
- xor; dexor; deobfuscate;obfuscation; xoring exes;exe's;
- http://blog.didierstevens.com/2014/03/20/xorsearch-finding-embedded-executables/
- deobfuscate single byte xor; python script
- https://blog.mrg-effitas.com/publishing-of-mrg-effitas-automatic-xor-decryptor-tool/
- http://blog.malwarebytes.org/intelligence/2013/05/nowhere-to-hide-three-methods-of-xor-obfuscation
- https://github.com/hellman/xortool
- how to use sysinternals
- https://www.youtube.com/watch?v=Wuy_Pm3KaV8&feature=youtu.be
- http://www.itninja.com/blog/view/malware-hunting-with-sysinternals-tools
- executable analysis
- xor encryption; deobfuscation /
- find aes keys in memory; encryption
- Malware Traffic Patterns; URIs; POSTs; Gets; etc.. used by malware;fingerprint malware
- https://docs.google.com/a/nathanguagenti.com/spreadsheet/ccc?key=0AjvsQV3iSLa1dDFfWHduQlA5THBRd081eFhsZThwUlE#gid=1
- to submit to the spreadsheet use:
- Binary Strings
- IDS/IPS Test; PII exfil test
- history of webpage:
- simulate malicious server; pcap analysis;
- List of malware analysis tools
- NSM Training;Security Training
- OpenNSM Training
- visualize malware
- ShellCode
- http://www.haka-security.org/blog/2015/06/23/instruction-disassembly.html
- Disassembling network traffic into asm instructions;shellcode
- https://github.com/hasherezade/shellconv
- windows api monitoring
- yara rules; decode malware; etc..
- RAT decoders
- decode neutrino exploit kit
- https://gist.github.com/penpyt/6061544
- emulate internet; spoof internet; fake internet; make malware think you network connection
- forensics
- view accessed folders; recent folders accessed; recent views
- access bitlocker from linux; encryption; fde; full disk encryption
- tutorials; free classes;
- packed executables; packers;
- https://tuts4you.com/download.php?view.398
- unpack UPX
- upx.sourceforge.net
- upx -d PackedExecutable.exe
- Java library to analyse Portable Executable files
- view loaded libraries of an exe; library dependencies; dynamic libraries
- incident response; forensics
- redline (https://dl.mandiant.com/EE/library/Redline1.12_UserGuide.pdf)
- https://github.com/google/grr/blob/master/README.md
- Dis-assembler; Reverse Engineering; Assembly
- ida tools
- An open-source x64/x32 debugger for windows
- reverse engineering tool for OS X and Linux, that lets you disassemble, decompile and debug your 32/64bits Intel Mac, Linux, Windows and iOS executables
- darknet/black-market;tor;i2p
- Bro
- https://n0where.net/software-defined-security-haka/
- Specify text-based and binary-based network protocols
- Describe protocol state machine
- Define event-based security rules to filter, alter, drop or inject packets
- Filter packet interactively
- Log and alert suspicious network activities
- Match malicious pattern across multiple packets
- Apply Haka security policies on live traffic
- Replay Haka security policies on traffic traces (pcap capture)
- Debug Haka security policies
FireFox Security Add-Ons:
- NoScript
- enable/disable JavaScript (remembers approvals/denials) on a per site basis or temporarily allow/disallow globally
- QuickJava
- enable/disable Java, Flash, JavaScript, SilverLight, CSS, Animated Images, Proxy, Images, Cookies globally (meaning 1 for all, does not do site-by-site basis, either on or off for every site)
- Ghostery
- Ad-Blocker
- Flashblock
- enable/disablle Flash (also allows click to play) on a per site basis or temporarily allow/disallow globally
- VTZilla
- right click on any link and scan the target with VirusTotal.
- Cookie Monster
- enable/disable cookies on a per site basis or temporarily allow/disallow globally
- HTTPS-Everywhere
- auto HTTPS connection of websites this will automatically redirect to the secure version of the website you request (if the website supports HTTPS) inside your browser.
For example instead of going to google.com and then Google redirecting you to https://encrypted.google.com/ once you try to hit google.com this Add-On will auto redirect you to https://encrypted.google.com before you ever make a connection to the internet. - Defaced websites archives:
- Attrition http://attrition.org/mirror/
- Hack-DB http://www.hack-db.com/
- Zone-H http://www.zone-h.org/
#Chrome Security Extensions:
- HTTP Switchboard
- enable/disable JavaScript, cookies, images, etc (remembers approvals/denials) on a per site basis
- Ad-Blockers
- Ghostery
- Ad Block Plus
- Disconnect
- HTTPS-Everywhere
- auto HTTPS connection of websites this will automatically redirect to the secure version of the website you request (if the website supports HTTPS) inside your browser.
For example instead of going to google.com and then Google redirecting you to https://encrypted.google.com/ once you try to hit google.com this Add-On will auto redirect you to https://encrypted.google.com before you ever make a connection to the internet. - Mailvelope
- Secure email with OpenPGP encryption for Webmail (supports Gmail)
NotScriptsScriptSafe- enable/disable JavaScript (remembers approvals/denials) on a per site basis or temporarily allow/disallow globally
- Vanilla Cookie Manager
- Auto clear cookies, enable/disable auto clear of cookies on a per site basis.