Curated collection of tools for security research, CTFs, and fun, that I enjoy. Similar to zardus's ctf-tools, but with a more general focus on security.
Installers for the following tools are included:
| Category | Tool | Description |
|---|---|---|
| binary | apktool | Disassemble, examine, and re-pack Android APKs |
| binary | binwalk | Firmware (and arbitrary file) analysis tool. |
| binary | checksec | Check binary hardening settings. |
| binary | dex2jar | Tools to work with android .dex files |
| binary | hxd | A simple hex editor. Ran through wine. (Uses wine.) |
| binary | idafree | The most popular interactive disassembler, free edition. (Uses wine.) |
| binary | jdgui | A graphical Java Decompiler. (Uses wine.) |
| binary | peda | Enhanced environment for gdb. |
| binary | preeny | A collection of helpful preloads (compiled for many architectures!). |
| binary | qemu | Latest version of qemu! |
| binary | qira | Parallel, timeless debugger. Go back and forth in time. |
| binary | radare2 | Some crazy thing crowell likes. |
| binary | ropgadget | Search ROP gadgets, autocreate a ropchain, and fetch gadgets from a bin. |
| binary | upx | A free and popular packer/unpacker. |
| crypto | aeskeyfind | Find AES keys in a memory dump. |
| crypto | cribdrag | Interactive crib dragging tool (for crypto). |
| crypto | evilize | Tool to create MD5 colliding binaries |
| crypto | foresight | A tool for predicting the output of random number generators. To run, launch "foresee". |
| crypto | hashid | Simple hash algorithm identifier. |
| crypto | msieve | Factor primes, such as for RSA. |
| crypto | padbuster | Automated script for performing Padding Oracle attacks |
| crypto | pkcrack | PkZip encryption cracker. |
| crypto | python-paddingoracle | Padding oracle attack automation. |
| crypto | ssh_decoder | A tool for decoding ssh traffic. |
| crypto | yafu | Fast prime factorization. |
| crypto | xortool | XOR analysis tool. |
| fuzzers | afl | State-of-the-art fuzzer. |
| fuzzers | pathgrind | Path based fuzzer. |
| stego | ElectronicColoringBook | Colorize data file according to repetitive chunks. |
| stego | exiftool | Examine EXIF/meta data of files. |
| stego | lsbsteg | stego files into images using the Least Significant Bit. |
| stego | poppler | A suite of tools to help take apart and work with PDF files |
| stego | steganabara | Another image steganography solver. |
| stego | stegdetect | Steganography detection/breaking tool. |
| stego | stegsolve | Image steganography solver. |
| tools | brakeman | Ruby-on-rails static-analysis security scanner. |
| tools | bruteforce | A simple starter script for bruteforcing |
| tools | entropy | A simple tool to test entropy of a file |
| tools | extundelete | Recover deleted files from an ext3 or ext4 partition. |
| tools | pngtools | Dump info on a PNG file. |
| tools | pyunpack | Unpacker for packed Python executables |
| tools | shoe | A simple tool to assist with TCP remote communication |
| tools | swftools | Tools for reading, creating, and working with swf files. |
| tools | wordlist | A huge wordlist to use for cracking or whatever. |
| web | burpsuite | Web proxy to do naughty web stuff. |
| web | dirsearch | Web path scanner. |
| web | hashpump | A tool for exploiting hash extension vulnerabilities. |
| web | mitmproxy | A programmable and interactive HTTP proxy useful |
| web | net-creds | Sniffs sensitive data from interface or pcap |
| web | sqlmap | SQL injection automation engine. |
To use, do:
# download and set up
git clone https://github.com/eugenekolo/sec-tools.git
./sec-tools/sec-tools setup && source ~/.bashrc
# list the available category/tools
sec-tools list
# install whatever <category/tool-name>
sec-tools install binary/apktool
# use the tool - your path is automatically configured
apktool --versionReady to launch, will install every tool for you. Grab a ☕ while making these.
git clone https://github.com/eugenekolo/sec-tools.git
docker build -t sec-tools .
docker run -it sec-tools
wget https://raw.githubusercontent.com/eugenekolo/sec-tools/master/Vagrantfile
vagrant up
vagrant ssh
To add a tool (say, named toolname), do the following:
- Decide what category it falls under. You probably shouldn't create a new one.
- Create a
category\toolnamedirectory. - Create an
install-ctf.shscript. It's a simple bash script, look at already made ones for example.
The individual tools are all licensed under their own licenses. As for sec-tools itself, it is "starware". If you find it useful, star it on github (https://github.com/eugenekolo/sec-tools).
Built upon ctf-tools. Be sure to check them out.