Curated collection of tools for security research, CTFs, and fun, that I enjoy. Similar to zardus's ctf-tools, but with a more general focus on security.
Installers for the following tools are included:
Category | Tool | Description |
---|---|---|
binary | apktool | Disassemble, examine, and re-pack Android APKs |
binary | binwalk | Firmware (and arbitrary file) analysis tool. |
binary | checksec | Check binary hardening settings. |
binary | dex2jar | Tools to work with android .dex files |
binary | hxd | A simple hex editor. Ran through wine . (Uses wine.) |
binary | idafree | The most popular interactive disassembler, free edition. (Uses wine.) |
binary | jdgui | A graphical Java Decompiler. (Uses wine.) |
binary | peda | Enhanced environment for gdb. |
binary | preeny | A collection of helpful preloads (compiled for many architectures!). |
binary | qemu | Latest version of qemu! |
binary | qira | Parallel, timeless debugger. Go back and forth in time. |
binary | radare2 | Some crazy thing crowell likes. |
binary | ropgadget | Search ROP gadgets, autocreate a ropchain, and fetch gadgets from a bin. |
binary | upx | A free and popular packer/unpacker. |
crypto | aeskeyfind | Find AES keys in a memory dump. |
crypto | cribdrag | Interactive crib dragging tool (for crypto). |
crypto | evilize | Tool to create MD5 colliding binaries |
crypto | foresight | A tool for predicting the output of random number generators. To run, launch "foresee". |
crypto | hashid | Simple hash algorithm identifier. |
crypto | msieve | Factor primes, such as for RSA. |
crypto | padbuster | Automated script for performing Padding Oracle attacks |
crypto | pkcrack | PkZip encryption cracker. |
crypto | python-paddingoracle | Padding oracle attack automation. |
crypto | ssh_decoder | A tool for decoding ssh traffic. |
crypto | yafu | Fast prime factorization. |
crypto | xortool | XOR analysis tool. |
fuzzers | afl | State-of-the-art fuzzer. |
fuzzers | pathgrind | Path based fuzzer. |
stego | ElectronicColoringBook | Colorize data file according to repetitive chunks. |
stego | exiftool | Examine EXIF/meta data of files. |
stego | lsbsteg | stego files into images using the Least Significant Bit. |
stego | poppler | A suite of tools to help take apart and work with PDF files |
stego | steganabara | Another image steganography solver. |
stego | stegdetect | Steganography detection/breaking tool. |
stego | stegsolve | Image steganography solver. |
tools | brakeman | Ruby-on-rails static-analysis security scanner. |
tools | bruteforce | A simple starter script for bruteforcing |
tools | entropy | A simple tool to test entropy of a file |
tools | extundelete | Recover deleted files from an ext3 or ext4 partition. |
tools | pngtools | Dump info on a PNG file. |
tools | pyunpack | Unpacker for packed Python executables |
tools | shoe | A simple tool to assist with TCP remote communication |
tools | swftools | Tools for reading, creating, and working with swf files. |
tools | wordlist | A huge wordlist to use for cracking or whatever. |
web | burpsuite | Web proxy to do naughty web stuff. |
web | dirsearch | Web path scanner. |
web | hashpump | A tool for exploiting hash extension vulnerabilities. |
web | mitmproxy | A programmable and interactive HTTP proxy useful |
web | net-creds | Sniffs sensitive data from interface or pcap |
web | sqlmap | SQL injection automation engine. |
To use, do:
# download and set up
git clone https://github.com/eugenekolo/sec-tools.git
./sec-tools/sec-tools setup && source ~/.bashrc
# list the available category/tools
sec-tools list
# install whatever <category/tool-name>
sec-tools install binary/apktool
# use the tool - your path is automatically configured
apktool --version
Ready to launch, will install every tool for you. Grab a ☕ while making these.
git clone https://github.com/eugenekolo/sec-tools.git
docker build -t sec-tools .
docker run -it sec-tools
wget https://raw.githubusercontent.com/eugenekolo/sec-tools/master/Vagrantfile
vagrant up
vagrant ssh
To add a tool (say, named toolname), do the following:
- Decide what category it falls under. You probably shouldn't create a new one.
- Create a
category\toolname
directory. - Create an
install-ctf.sh
script. It's a simple bash script, look at already made ones for example.
The individual tools are all licensed under their own licenses. As for sec-tools itself, it is "starware". If you find it useful, star it on github (https://github.com/eugenekolo/sec-tools).
Built upon ctf-tools. Be sure to check them out.