| binwalk |
linux |
commandline |
|
inspect binary files |
|
| osslsigncode |
|
|
|
|
|
| strings |
|
|
|
|
|
| gunzip |
|
|
|
|
|
| unzip |
|
|
|
|
|
| file |
|
|
|
view info about file |
|
| exif |
|
|
|
view image exif metadata |
|
| tar |
|
|
|
flags -xvf |
|
| morsecode.world |
any |
web site |
morsecode.world |
translate morse code |
|
| cyber chef |
|
|
https://gchq.github.io/CyberChef/ |
decrypting tools |
|
| rockyou word list |
any |
text file |
for use in password brute force checking |
git@github.com:dw0rsec/rockyou.txt.git |
|
| hashes.com |
any |
web site |
hashes.com |
hash decryption tool |
|
| hashcat |
linux, macOS |
cmd |
https://hashcat.net/hashcat/ |
password cracker |
|
| Maxmind |
any |
website |
https://www.maxmind.com/en/geoip-demo |
Geo Ip database |
|
| Archive.org |
any |
website |
https://archive.org |
check the wayback machine |
|
| OSINT |
any |
website |
https://osintframework.com/ |
Open Source Intelligence resource |
|
| Rumpkin |
any |
website |
https://rumkin.com/tools/ |
collection of web-based tools |
|
| Quip quip |
any |
website |
https://quipqiup.com/ |
fast automated cryptogram solver with ads |
|
| John the Ripper |
linux, macOS |
commandline |
https://www.openwall.com/john/ |
Open Source password security auditing and password recovery tool |
|
| Ophcrack |
windows |
GUI |
https://ophcrack.sourceforge.io/ |
based on rainbow tables |
|
| Hash Identifier |
python (pip) |
cmd (commandline) |
https://psypanda.github.io/hashID/ |
identify type of input hash |
|
| pdf2john |
linux, osx, python (pip) |
cmd |
https://pypi.org/project/pdf2john/ |
access encrypted pdf files |
|
| uncompyle |
linux, any, pip |
cmd |
https://pypi.org/project/uncompyle6/ |
turn compiled code eg: file.pyc back to readable code eg file.py |
|
| nmap |
linux, any, |
cmd |
https://nmap.org/ |
security/port scanner |
|
| dirbuster |
cross-platform |
cmd/gui |
https://www.kali.org/tools/dirbuster/ |
scan web server for accessible files/directories |
|
| burp suite |
cross-platform |
gui |
https://portswigger.net/burp |
web security testing framework |
|
| metasploit |
linux, macOS |
cmd |
https://github.com/rapid7/metasploit-framework, https://docs.metasploit.com |
scan a server for exploit vulnerabilities |
|
| aircrack-ng |
linux, macOS |
? |
https://www.aircrack-ng.org/ |
suite of tools to assess WiFi network security |
|
| SQL Lite viewer |
any |
website |
https://inloop.github.io/sqlite-viewer/ |
inspect sql lite database files |
|
| cut |
linux, macOS |
cmd |
https://man7.org/linux/man-pages/man1/cut.1.html |
log analysis can utilize this tool which cuts out selected portions of each line (as specified by list) from each file and writes them to the standard output |
|
| sort |
linux, macOS |
cmd |
https://man7.org/linux/man-pages/man1/sort.1.html |
sort lines of input |
|
| uniq |
linux, macOS |
cmd |
https://man7.org/linux/man-pages/man1/uniq.1.html |
filter input to unique lines |
|
| grep |
cross-platform |
cmd |
https://man7.org/linux/man-pages/man1/grep.1.html |
search file system or file for strings or regular expression matches |
|
| wc |
linux, macOS |
cmd |
https://man7.org/linux/man-pages/man1/wc.1.html |
count of bytes, words, characters, lines per input file |
|
| OverTheWire |
any |
website |
https://overthewire.org/wargames/bandit/ |
practice “war games” in the ssh shell ssh bandit0@bandit.labs.overthewire.org -p 2220 password bandit0 |
|
| du |
cross-platform |
cmd |
https://man7.org/linux/man-pages/man1/du.1.html |
get information about disc usage |
|
| df |
linux, macOS |
cmd |
https://man7.org/linux/man-pages/man1/df.1.html |
info about free and available disc space |
|
| aws checkip |
any |
website |
https://checkip.amazonaws.com/ |
quick easy web url to get ip address with cmd: curl https://checkip.amazonaws.com |
|
| ifconfig (or ipconfig in windows) |
all |
cmd |
|
get info about current host IP config |
|
| nslookup |
cross-platform |
cmd |
|
get IP info for a domain name |
|
| xgd-open |
linux |
cmd |
https://linux.die.net/man/1/xdg-open |
opens a file or URL in the user’s preferred application |
|
| ghex |
linux |
cmd / gui |
https://github.com/GNOME/ghex/blob/master/HACKING |
view and edit binary files in hex representation |
|
| hexedit |
linux |
cmd |
https://linux.die.net/man/1/hexedit |
view and edit binary files in hex representation |
|
| zfs |
linux |
cmd |
https://linux.die.net/man/8/zfs |
configure zfs file system. Zettabyte File System, is an advanced file system that combines volume management and file system capabilities, designed to ensure data integrity and simplify storage management. It features pooled storage, snapshots, and self-healing capabilities, making it robust and scalable for various storage needs. |
|
| zdb |
linux |
cmd |
https://manpages.org/zdb/8 |
The zdb utility displays information about a ZFS pool useful for debugging and performs some amount of consistency checking. |
|
| fsck |
linux |
cmd |
https://manpages.org/zpofsclol/8 |
fsck is used to check and optionally repair one or more Linux filesystems. |
|
| zpool |
linux |
cmd |
https://manpages.org/zpool/8 |
configures ZFS storage pools ZFS storage pools are a way to manage and organize storage devices, allowing you to combine multiple drives into a single logical unit for data storage. This setup provides features like data integrity, redundancy, and efficient data management through various configurations such as mirroring or RAID-Z |
|
| shasum |
linux |
cmd |
https://manpages.org/checksum/8 |
check or print checksum of a file shasum -a 256 somefile |
|
| Known vulnerabilities catalog |
any |
website |
https://www.cisa.gov/known-exploited-vulnerabilities-catalog |
Maintained by Cybersecurity and Infrastructure Agency |
|
| aircrack-ng |
linux |
cmd |
https://www.aircrack-ng.org/ |
Crack WEP wireless encryption |
|
| passlib |
any |
python package |
https://passlib.readthedocs.io/en/stable/ |
Passlib is a password hashing library for Python 2 & 3, which provides cross-platform implementations of over 30 password hashing algorithms, as well as a framework for managing existing password hashes. |
|
| hashid |
python |
cmd |
https://pypi.org/project/hashID/ |
identify hashes |
|
| Kali Tool List |
any |
website |
https://www.kali.org/tools |
Extensive list of binaries and other hacking and cracking tools |
|
| cryptography |
any |
python package |
https://cryptography.io/en/latest |
cryptography includes both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, message digests, and key derivation functions. |
|
| Crypto101 Book |
any |
pdf |
https://www.crypto101.io/ |
introduction to cryptographic concepts |
|
| Google Images |
any |
website |
images.google.com |
search based on image upload |
|
| Hack Tricks |
any |
web book |
https://hacktricks.wiki/en/index.html |
security resources |
|
| Hack Tricks resources |
any |
git repo |
https://github.com/HackTricks-wiki |
as named |
|
| List of File Signatures |
any |
web entry |
https://en.wikipedia.org/wiki/List_of_file_signatures |
to match against hex |
|
| Ida |
cross-platform |
GUI |
https://my.hex-rays.com/login |
reverse engineering tool |
|
| Wordlist Forger |
any |
python tool |
https://github.com/Den-Sec/Wordlist-Forger |
create tailored wordlists for use in password cracking techniques such as dictionary attacks, as well as for advanced scenarios requiring custom patterns |
|
| psudohash |
any |
python/pip |
https://github.com/t3l3machus/psudohash |
Psudohash is a password list generator for orchestrating brute force attacks and cracking hashes. It imitates certain password creation patterns commonly used by humans |
|
| VulnHub |
any |
website |
https://www.vulnhub.com |
vernarable scenarios for practicing against |
|
| Orange Cyberdefense Github |
any |
git archive |
https://github.com/Orange-Cyberdefense |
Set of tools for cyber security, for example active directory mindmaps |
|
| OWASP |
any |
organization |
https://owasp.org |
The Open Worldwide Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. |
|
| Collin Dewey NCL Tools List |
any |
web archive |
https://collindewey.net/articles/ncl-tool-list/ |
Super dope resource list |
|
| Wikidata |
any |
web |
https://www.wikidata.org |
Wikidata acts as central storage for the structured data of its Wikimedia sister projects including Wikipedia, Wikivoyage, Wiktionary, Wikisource, and others. |
|
| Wikidata Query Service |
any |
web |
https://query.wikidata.org |
Search through Wikidata using Sparql queries |
|
| tr |
linux |
apt pkg |
https://www.man7.org/linux/man-pages/man1/tr.1.html |
I used this to make an entire file uppercase: tr '[:lower:]' '[:upper:]' < inputfile > outputfile |
|
| watch |
linux |
apt cmd |
https://www.man7.org/linux/man-pages/man1/tr.1.html |
watch - execute a program periodically, showing output fullscreen (try it with ls -l or tree while downloading files) |
|
| tree |
linux |
cmd |
https://www.man7.org/linux/man-pages/man1/tree.1.html |
tree - list contents of directories in a tree-like format. |
|
| Python cryptography |
any |
package (pip) |
https://github.com/pyca/cryptography |
cryptographic recipes and primitives for Python |
|
| Black Hills InfoSec Hashcat cheatsheet |
any |
website |
https://www.blackhillsinfosec.com/hashcat-cheatsheet |
They also have some cool ebooks and training available |
|