Security Tools

A compilation of tools for the security-minded professional. It’s also a convenient way to page-out (a little memory joke there – sorry) the names of infrequently used tools in a way that can be easily paged back in later when needed.

Reverse Engineering

Decompilers

Java

Jad
- http://www.javadecompilers.com/jad
- Dead, but still useful.

Android

APKTool
- https://ibotpeaches.github.io/Apktool/

.NET

JetBrains dotPeek
- https://www.jetbrains.com/decompiler/

JavaScript

JavaScript Beautifier
- http://jsbeautifier.org
- Very usefull when analysing JavaScript used in many modern webapps.

Debuggers

OllyDebug
- http://www.ollydbg.de/
IDAPro (Commercial)
- https://www.hex-rays.com/products/decompiler/index.shtml
IDAPro (Freeware)
- https://www.hex-rays.com/products/ida/support/download_freeware.shtml

Penetration Testing

Interception Proxies

ZAP
- https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
Burp
- https://portswigger.net/burp/

Browsers

Firefox
- https://ftp.mozilla.org/pub/firefox/releases/3.6.25/
- Use v3.6.25 or older to avoid HSTS checks.
- May cause compatibility problems with some Javascript-heavy web application frameworks.
- Be sure to import the interception proxy’s CA certificate into the trusted CA store!

Packet Smithing

Scapy
- http://www.secdev.org/projects/scapy/

Password Guessing / Cracking / Wordlists

John
- A great tool for password guessing a variety of different password types.
- Not particularly fast.
- http://www.openwall.com/john/
Hashcat
- Touted as the world’s fastest password cracker.
- GPU enabled.
- https://hashcat.net/hashcat/
Skull Security Wordlists
- https://wiki.skullsecurity.org/index.php?title=Passwords

Vulnerability Scanners

Rapid7 Nexpose
- https://www.rapid7.com/products/nexpose/
- Community edition is free (as beer)
- Integration with Metasploit
- Enterprise edition appears to be leaning towards SaaS
Tenable Networks Nessus
- https://www.tenable.com/products/nessus-vulnerability-scanner

Leave a comment Cancel reply