A compilation of tools for the security-minded professional. It’s also a convenient way to page-out (a little memory joke there – sorry) the names of infrequently used tools in a way that can be easily paged back in later when needed.
Reverse Engineering
Decompilers
Java
- Jad
- http://www.javadecompilers.com/jad
- Dead, but still useful.
Android
.NET
- JetBrains dotPeek
JavaScript
- JavaScript Beautifier
- http://jsbeautifier.org
- Very usefull when analysing JavaScript used in many modern webapps.
Debuggers
- OllyDebug
- IDAPro (Commercial)
- IDAPro (Freeware)
Penetration Testing
Interception Proxies
- ZAP
- Burp
Browsers
- Firefox
- https://ftp.mozilla.org/pub/firefox/releases/3.6.25/
- Use v3.6.25 or older to avoid HSTS checks.
- May cause compatibility problems with some Javascript-heavy web application frameworks.
- Be sure to import the interception proxy’s CA certificate into the trusted CA store!
Packet Smithing
Password Guessing / Cracking / Wordlists
- John
- A great tool for password guessing a variety of different password types.
- Not particularly fast.
- http://www.openwall.com/john/
- Hashcat
- Touted as the world’s fastest password cracker.
- GPU enabled.
- https://hashcat.net/hashcat/
- Skull Security Wordlists
Vulnerability Scanners
- Rapid7 Nexpose
- https://www.rapid7.com/products/nexpose/
- Community edition is free (as beer)
- Integration with Metasploit
- Enterprise edition appears to be leaning towards SaaS
- Tenable Networks Nessus