Need help with Awesome-Security-Tool-List?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

tina1998612
230 Stars 19 Forks 50 Commits 1 Opened issues

Description

This is a list of security tools that I have used or recommend. Welcome any contributions!

Services available

!
?

Need anything else?

Contributors list

:sunwithface: Awesome Security Tool List :fourleafclover:

This is a list of security tools & commands that I have used or recommend. I'm using Kali Linux VM with a Windows host computer. Welcome any contributions! :muscle:

& Wish you all good luck on your way of finding the hidden treasures. :wink:

Author: Lee Ting Ting

Table of Contents

:gem: Software Tools

:gem: Common Commands & CLI

:gem: Web Scripts

:gem: Useful Python Libraries & Scripts

:gem: Online Tools

:gem: Learning / Practicing Websites

:gem: Curated GitHub Repos / Toolkits

:gem: Common Security Acronyms

:gem: Special Thanks

:sunwithface: Software Tools

  1. Ghidra: Decompile binary files.
    • Satisfy the minimum requirements (Java 11 JDK) and download Ghidra from the above website.
    • After extracting the downloaded Ghidra package, open
      ghidraRun.bat
      to start.
    • Select New project > Import Files, then select your binary file to analyze.
    • In the
      Symbol Tree
      tab on the left, find and select
      main
      under
      Functions
      .
    • Then, select
      Windows
      >
      Decompile:main
      from the top menu to see readable code.
  2. StegSolve: A java app that solves steganography by apply various filters.
    • Steganography is to conceal a message, image, or file within another message, image, or file.
    • Installation instruction is in the above link.
    • Reference: Wiki
  3. Burp Suite Professional: A software that uses proxy (usually localhost:8080) to intercept HTTP requests.
    • You can edit and resend the intercepted HTTP requests.
    • The Community version is very slow.. don't use it. You should be able to find free professional licenses online:)
  4. IDA Pro 32/64 bit: A software that generates assembly code from binary files.
    • Download IDA Pro 64-bit from the above link, and download IDA Pro 32-bit with pseudocode decompiler here.
    • Hotkeys:
      • F5
        : view pseudocode
      • tab
        : toggle between the disassembly code view and pseudocode view.
      • Shift+F12
        : view all strings in the program.
    • Note that 32-bit programs need to be opened with IDA Pro 32-bit, and vice versa.
    • Reference: IDA Pro Hotkey Cheatsheet
  5. GIMP: The GNU Image Manipulation Platform
    • Install version 2.10.4 on Windows here (there is a known bug in the latest version by the time of writing)
    • GNU: A Unix-like operating system and a collection of free softwares. GNU means "GNU's Not Unix!" (wiki)
    • Can apply various filters to images for solving steganography problems

:sunwithface: Common Commands & CLI

  1. lsof -i -P -n | grep LISTEN
    : Show listening ports.
    • lsof: list open files and processes that opened them.
    • -i
      : list all network connections.
    • -P
      : list port number instead of port name.
    • -n
      : don't convert network number to hostname, this can make lsof run faster.
    • reference: manual
  2. xdg-open .
    : Open current folder in GUI explorer.
    • This is useful for dragging and dropping files from Linux VM to host computer.
    • reference: StackExchange
  3. kill $(lsof -t -i:8080)
    : Kill any process listening on port 8080.
  4. display 
    : Display image from terminal.
  5. nc -l -p 9000
    : Listen on port 9000
    • use
      nc  9000
      to communicate with the host.
  6. grep -rnw '/path/to/somewhere/' -e 'pattern'
    : Find all files containing the pattern under the specified path.
    • -r
      : recursively search
    • -n
      : display the line number containing the pattern in the file.
    • -w
      : match the entire word of the pattern.
    • Reference: StackOverflow
  7. strings 
    : Print all strings in the file.
    • use
      strings  | grep -E 
      to find the strings that match the regular expression,
      FLAG{[[email protected]]+}
      , for example.
    • Test regular expressions online at https://regexr.com/.
  8. strace 
    : Print out system call details.
    • If not installed, run
      sudo apt-get install strace
      .
    • Use
      strace -s 50 
      to print out the strings with max length 50.
    • Reference: manual
  9. objdump -M intel -d  | less
    : Show the disassembled file.
    • -M intel
      : display the assembly in Intel syntax (see the differences between the default AT&T syntax and the Intel syntax in wiki).
    • -d
      : disassemble
    • -C
      : decode (demangle) low-level symbol names into readable names
    • The
      less
      command is for viewing the contents of the file, allow both forward and backward navigation. (The
      more
      command only allow forward navigation.)
    • Can also use
      grep
      to get specific data.
    • When using
      less
      to view the file, you can use
      /
      to search for specific strings. For example, use
      /main
      to locate the main function.
    • Reference: manual
  10. binwalk -Mre 
    : Firmware analysis & reverse engineering.
- Follow the installation instructions [here](https://github.com/ReFirmLabs/binwalk/blob/master/INSTALL.md).

  • -M: recursively scan extracted files.
  • -r: delete carved file after extraction. (what is file carving?)
  • -e: extract known file types.
  • Reference: GitHub
  1. qemu-mipsel 
    : Execute MIPS programs on non-MIPS OS.
- [Installation instructions](https://zoomadmin.com/HowToInstall/UbuntuPackage/qemu-system-mips)
  • If you run into "No such file or directory", run export QEMU_LD_PREFIX=<folder_location_of_the_missing_file> and retry the above command to help the program find your file.
  • QEMU: Quick EMUlator
  • mipsel: little-endian MIPS / mips: big-endian MIPS (little vs big endian?)
  • Reference: Official Website
    1. gdb ./
      : The GNU Project Debugger.
      • Install:
        sudo apt-get update
        then
        sudo apt-get install gdb
        .
      • Common commands in the gdb console:
        • r
          : run the program until next breakpoint or error
        • c
          : continue running the program
        • f
          : run the program until current function is finished
        • s
          : step to the next line of the program
          n
          : step to the next line of the program, but does not step into functions
        • b main
          : set breakpoint at the main function
        • d
          : delete all breakpoints
        • jump *main+135
          : jump to the address of the main function address with offset 135
        • p/x $rax
          : print the rax register in hex
        • p/d 
          : print the variable as signed integer
        • x/wx $esp
          : print the memory address of the register esp in hex format
        • set $esi = 0x1
          : set value of the register
        • vmmap
          : print out the memory address mapping to libraries and also the rwx (read, write, execute) permissions.
        • q
          : quit gdb
      • Tips: Keep an eye on the
        cmp
        (compare) statement when looking at the assembly code because usually if you can pass the compare statement, you can guess the correct input of the program.
        • To bypass
          cmp
          statements, you can either modify the register value to the desired one or jump to the next memory address right after the
          cmp
          statement.
      • Reference: Official Website
    2. nc  
      : Connect to remote server
      • nc stands for Netcat
      • Use
        ncat -vc $binary -kl $ip $port
        to host the binary file on a remote server.
    3. checksec ./
      : Check the security properties of a program
    - Properties checked:
      - **`Arch`: The architecture of the program.**
        - For example, `amd64-64-little` means AMD64 architecture that uses little endian.
      - **`RELRO`: Is partial or full binary sections read-only?**
        - RELRO: [Relocation Read-Only](https://ctf101.org/binary-exploitation/relocation-read-only/)
        - If full, "GOT([Global Offset Table](https://en.wikipedia.org/wiki/Global_Offset_Table)) overwrite" attack is not possible.
      - **`STACK`: Does stack canary exist?**
        - It is a technique to detect stack overflow by placing a number (named canary) before the stack return pointer, and check if the value has been changed.
        - Reference: [CTF Wiki](https://ctf-wiki.github.io/ctf-wiki/pwn/linux/mitigation/canary/)
      - **`NX`: Is NX protection enabled?**
        - NX: [No eXecute](https://ctf101.org/binary-exploitation/no-execute/)
        - If yes, we cannot use stack overflow to execute our customized shellcodes.
      - **`PIE`: Prevents attackers by randomizing the memory address of the executable.**
        - PIE: [Position Independent Executable](https://en.wikipedia.org/wiki/Position-independent_code#Position-independent_executables)
        - If enabled, we won't know the memory address until we run the program. Solution: Disable ASLR ([Address Space Layout Randomization](https://en.wikipedia.org/wiki/Address_space_layout_randomization)) on our OS to let the addresses remain the same.
        - How to disable ASLR on Linux: [StackOverflow](https://askubuntu.com/questions/318315/how-can-i-temporarily-disable-aslr-address-space-layout-randomization)
    - Reference: [GitHub](https://github.com/slimm609/checksec.sh)
    
    1. r2 ./
      : For reverse engineering and binary analysis.
      • r2 is short for Radare2
      • Install & usage tutorial: frozenkp's Blog
      • Common commands in the r2 console:
        • aa
          : analyze all, usually we type this every time at start
        • afl
          : list all functions (analyze function list)
        • s main
          : move to main function
        • s 
          : move to memory address
        • V
          : switch from console to hex view
        • VV
          : switch from console to visual mode (assembly code & graph)
        • : some_command
          : enter commands in visual mode
        • q
          : return to the previous mode / quit
    2. gcc test.c -fno-stack-protector -o test
      : Compile C code to executable with disabled canary protection
      • By disabling canary protection, the program is subjected to BOF (Buffer Overflow) attack.
      • Usually, if you see
        Segmentation fault
        after a very long input, it has BOF vulnerability.
    3. file 
      : Prints out the type of the file.
      • Useful when you are not sure about the file type. For instance, an image file without a .jpg.
    4. openssl rsa -pubin -in  -text -noout
      : Find modulus from a RSA public key
      • -pubin
        : read the public key instead of private key (private key is read by default if not specified)
      • -in
        : specify the input file
      • -text
        : print the public / private key in plaintext
      • -noout
        : prevent printing the encoded version of the key
      • Reference: OpenSSL GitHub, OpenSSL RSA doc
    5. nmap 
      : Scan ports of an IP address
      • You can see the protocol used of each port, whether the port is open or close, and the service of each port.
      • nmap -sU  -p68
        : UDP scan for port 68
      • Reference: official website, nmap options doc
    6. theHarvester -d ntu.edu.tw -l 50 -b google
      : Use open source intelligence (OSINT) to collect information of a specific domain
      • -d
        : domain to search
      • -l
        : limit the search result to this number
      • -b
        : data source (google, bing, linkedin, twitter, yahoo, etc)
      • GitHub
      • Already installed in Kali Linux
    7. wget -O 'name_of_file' 
      : Download files with customized names
      • wget -r 
        : Download the entire source code of the website
    8. unzip -P  
      : Unzip zip files with password
    9. arp -a
      : Show all IP addresses connected to the same network
    10. net user /domain
      : Show all usernames in the current domain
      • net groups /domain
        : show all groups under current domain
      • net groups "" /domain
        : search for specific group name, for example:
        net groups "Domain Admins" /domain
    11. nslookup 
      : See IP address of the domain
    12. whoami
      : Find out which user you are currently logged in
      • whoami /priv
        : see all privileges information and whether each of them is enabled or not
    13. echo `nproc`
      : See the number of CPU cores
    14. python GitHack.py http://your_url.git/
      • git clone https://github.com/lijiejie/GitHack.git
        to download the script
      • cd GitHack/

    :sunwithface: Web Scripts

    1. view-source:
      : View source code of a website
    2. ">
      : [XSS] Popup Alert Basic
    3. ">: [XSS] Popup Alert Advanced
      • srcdoc
        specifies the HTML content in iframe
      • insert
         but found that 
        o
        will be replaced
      • change
        o
        to
        o
        with the
        hex(ord('o'))
        Python command
      • url encode
         at URLEncoder
        
    4. click
      : [XSS] When the
      name
      variable is in the html content
      • the value of the target attribute will be stored at
        window.name
        or the
        name
        variable.

    :sunwithface: Useful Python Libraries & Scripts

    1. dirsearch: A CLI to brute force directories and files in websites.
    git clone https://github.com/maurosoria/dirsearch.git
    cd dirsearch
    python3 dirsearch.py -u  -e 
    
    1. Pwn: Compromise a program by gaining ownership of it.
    • Follow installation steps on Pwntools GitHub
    • In most cases, the flag can be found in the interactive console by
      ls
      and then
      cat flag.txt
      .
    • Example:
    from pwn import *
    
    

    remember to change the values here

    HOST = "<ip.address>" PORT =

    connect to the remote server and define our value to send

    r = remote(HOST, PORT)

    For reading local binaries:

    r = process('./')

    something_to_send = 0xfaceb00c

    Usually there is a newline before the user input, so receive until '\n'

    r.recvuntil('\n')

    stop and listen to user input in the console, press enter to continue

    raw_input()

    r.sendline(p32(something_to_send))

    use r.send() to send without a new line

    use p32 to encode the hex value as 32-bit char and p64 for 64-bit char

    enter the interactive console

    r.interactive() </ip.address>

    1. Angr: A collection of binary analysis tools
    • Install doc
    • Symbolic Execution example:
      • Symbolic execution can be used to find the input that can reach our desired program state (wiki).
    import angr
    import claripy # Angr's constraint solver engine
    
    

    replace this with the binary you want to analyze

    disable auto_load_libs to improve performance

    project = angr.Project("./", auto_load_libs=False)

    create a symbolic object with 25 bytes

    BV stands for BitVector (bit array)

    argv1 = claripy.BVS("argv1", 25*8)

    specify the entry point of the program and our input parameter

    initial_state = project.factory.entry_state(args=["./", argv1])

    generate a simulation manager object for solving our parameter later

    sm = project.factory.simulation_manager(initial_state)

    symbolically execute until we find a state with address = find_addr

    find_addr = 0x400602 sm.explore(find=find_addr)

    find the state that meets the above condition

    found = sm.found[0]

    return the input value to get to this state and cast it to bytes

    solution = found.solver.eval(argv1, cast_to=bytes)

    repr: returns a printable representation of the input object

    print(repr(solution))

    1. Z3-solver: An efficient SMT solver
    • Install via pip install
    • SMT: satisfiability modulo theories (wiki)
    • Documentation
    • Example:
      • Steps
      • define the variables
      • add constraints
      • solve the equations
    from z3 import *
    
    

    x = Int('x') y = Int('y')

    solve(x > 2, y < 10, x + 2*y == 7)

    output: [y = 0, x = 7]

    from z3 import *

    p = Bool('p') q = Bool('q') r = Bool('r')

    solve(Implies(p, q), r == Not(q), Or(Not(p), r))

    output: [q = False, p = False, r = True]

    Implies: Logical Implication

    from z3 import *

    x, y, z = Reals('x y z') # real numbers

    add constraints

    s = Solver() s.add(x > 1, y > 1, x + y > 3, z - x < 10)

    check if the constraints can be satisfied (output: sat / unsat)

    print(s.check())

    use model to specify multiple constraints and make each of them true

    m = s.model()

    print the value of x

    print("x = %s" % m[x])

    output: x = 3/2

    1. SymPy: For symbolic mathematics
    import sympy
    
    

    inverse function

    def inv(x, m): return sympy.invert(x, m)

    print(inv(11, 26))

    output: 19

    1. Crypto.Util.number: Contains lots of utilities for numbers
    • Example for solving RSA:
    from Crypto.Util.number import inverse
    
    

    p = q = e = c = n = p*q

    phi = (p-1) * (q-1) d = inverse(e, phi)

    c^d % n (c to the power of d, modulus n)

    m = pow(c, d, n)

    print(m)

    1. Install all modules
    • requirements.txt:
      pip3 install -r requirements.txt
      (or pip install)
    • setup.py:
      python3 setup.py install

    :sunwithface: Online Tools

    1. HexDecode: Convert hex to text
    2. URLDecoder: URL decode and encode
    3. FactorDB: Factorize any number
    4. XSS Cheat Sheet: Copy-and-paste cross-site scripting cheat sheet
    5. CMD5: Hash to plaintext using a large dictionary

    :sunwithface: Learning / Practicing Websites

    1. PortSwigger: Its web security lab covers topics across SQL injection, Cross-site scripting, Cross-site request forgery (CSRF), Cross-origin resource sharing (CORS), Server-side request forgery (SSRF), etc.
    2. OWASP Juice Shop: An insecure web application for you to attack! (reference solutions)
    3. MITRE ATT&CK Matrix: A list of attack techniques based on real world observations.
    4. Prompt.ml: A XSS practicing website. Solutions are available here.

    :sunwithface: Curated GitHub Repos / Toolkits

    1. XS-Leaks: XS-leak example code, past exploits explanation, link to xs-leak wiki and related materials.
    2. Gophish: Phishing toolkit to launch and tracking phishing campaigns (official website).

    :sunwithface: Common Security Acronyms

    1. RDP: Remote Desktop Protocol
    2. IIS: Internet Information Services
    3. WAF: Web Application Firewall
    4. OT: Operation Technology
    5. AD: Active Directory
    6. LPE: Local Privilege Escalation
    7. RCE: Remote Code Execution
    8. SMB: Server Message Block
    9. LFI: Local File Inclusion
    10. SAM: Security Account Manager
    11. VNC: Virtual Network Computing
    12. OSINT: Open-source Intelligence
    13. ASHX: ASP.NET Web Handler File, file extension of an ASP.NET web app
    14. NTLM: New Technology LAN Manager, used by Windows to hash passwords (wiki)
    15. EDR: Endpoint Detection and Response
    16. IDS: Intrusion Detection System
    17. DC: Domain Controller (AD vs DC: AD is a type of domain, DC is an important server on that domain)
    18. APT: Advanced Persistent Threat, hackers gain unauthorized access to a computer network and remains undetected for an extended period (wiki).
    19. CVE: Common Vulnerabilities and Exposures
    20. PPA: Personal Package Archive

    :sunwithface: Special Thanks

    We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.