Samer Aoudi
Cybersecurity Tools Arsenal

As you embark on your Cybersecurity career, you will eventually come to realize that you will need to be competent in a lot of tools (and that is an understatement!). There are hundreds of security tools out there that allow security professionals to perform a variety of tasks such as Penetration Testing, Digital Forensics, Reverse Engineering, Vulnerability Assessment, and even Security Research.

With experience, you will probably develop your own list. Until then, I compiled a list of tools to help get you started.

Only open-source and free tools are listed.

Some tools are web-based and available online (i.e., you don't need to download and install); while others are installable. I grouped the tools into four categories:

  • Tiger Boxes: A Tiger Box is an Operating System (OS) distributions that comes bundled with tens of cybersecurity tools. A Tiger Box like Kali Linux for instance, has over 600 security tools.
  • Stand-Alone Applications: Individual programs that can be installed on your physical and/or virtual machines.
  • Web-Based Tools: Some tools are available online via dedicated websites.
  • Practice Resources: From practice target machines to CTF challenges, you will find plenty of hands-on learning opportunities.

Cybersecurity Tools
Tiger Boxes

A Tiger Box is an Operating System (OS) distributions that comes bundled with tens of cybersecurity tools. There are quite few security-oriented OS distributions out there, and unless you know exactly what you want, I suggest starting with only one (e.g., Kali Linux). Below, I provide details for two boxes, but here are some worthy mentions: Backbox; BlackArch.

Kali Linux Kali
  • Overview: Kali Linux (formerly known as BackTrack Linux) is an open-source, Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali features Mmore than 600 penetration testing tools. It is free, open-source, and has a excellent documentation.
  • Download: Get the latest version from the source here »
  • Install: The Kali Linux download page offers different image types (Installer, NetInstaller and Live) for download, each available for both 32-bit and 64-bit architectures. Additionally, there is an Everything flavor of the Installer and Live images, for 64-bit architectures only.
  • Learn: There are tons of resources for Kali Linux and its tools:

Parrot Security Kali
  • Overview: Parrot Security (Parrot OS, Parrot) is a Free and Open source GNU/Linux distribution based on Debian Stable designed for security experts, developers and privacy aware people. It includes a full portable arsenal for IT security and digital forensics operations. It also includes everything you need to develop your own programs or protect your privacy while surfing the net.
  • Download: Parrot is available in three main editions, Security, Home and Architect Edition, even as Virtual Machine (Virtual Box, Parallels and VMware), on Raspberry Pi and also on Docker. From version 5.0 LTS, support for ARM platforms (arm64 and armhf) is back, and some images are also available for boards like Raspberry Pi. You can choose your Parrot version here »

    Parrot Security Edition is our version of interest; it is a special-purpose operating system designed for Penetration Testing (pen-testing) and Red Team operations.

  • Install: This guide will help you install Parrot OS (latest version) on your computer step-by-step through the default official installer. The guide applies to both the Security and Home Edition.
  • Learn: There are plenty of resources for Parrot Security and its tools:
Stand-Alone Applications

An application is a program we install on a computer to carry out a specific task. Need I say there are thousands of security applications?! I compiled a handy list for your convenience, organized by the main cybersecurity task of the application:

Web Security Applications
Zed Attack Proxy (ZAP) Kali
  • Overview: Zed Attack Proxy (ZAP) is a free, open-source penetration testing tool being maintained under the umbrella of the Open Web Application Security Project (OWASP). ZAP is designed specifically for testing web applications and is both flexible and extensible. At its core, ZAP is what is known as a “man-in-the-middle proxy.” It stands between the tester’s browser and the web application so that it can intercept and inspect messages sent between browser and web application, modify the contents if needed, and then forward those packets on to the destination. It can be used as a stand-alone application, and as a daemon process.
  • Download: Get the latest version from the source here »
  • Install: ZAP is available for multiple platforms including Windows (64 and 32), Linux, MacOS, Cross-Platform, and Docker.
  • Learn: There are tons of resources for Kali Linux and its tools:

Digital Forensics Applications
Sleuth Kit (+Autopsy)
  • Overview: The Sleuth Kit® (TSK) is a library and collection of command line tools that allow you to investigate disk images. The core functionality of TSK allows you to analyze volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence. Autopsy® is a digital forensics platform and graphical interface to TSK and other digital forensics tools. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card.
  • Download: Autopsy is available for WIndows, Linux and OS X. You can download it here »
  • Install: There are two ways to deploy Autopsy: Single-User and Multi-User. The installation process is straightforward and the steps are available here »
  • Learn: A community developed Autopsy User Documentation »

FTK Imager
  • Overview: FTK® Imager is a data preview and imaging tool that lets you quickly assess electronic evidence to determine if further analysis with a forensic tool such as AccessData® Forensic Toolkit® (FTK) is warranted. FTK Imager can also create perfect copies (forensic images) of computer data without making changes to the original evidence.
  • Download: The AccessData download page » has the latest FTK Imager version and other forensic tools (most are not free).
  • Install: FTK Imager can be installed to the computer where it will be used, or it can be run from a portable device such as a USB thumb drive connected to a machine in the field, so there is no need to install it on a suspect’s computer in order to capture its image.
  • Learn: The FTK Imager User Guide in PDF format.

Registry Viewer
  • Overview: AccessData® Registry Viewer™ lets you view the contents of Windows operating system registries. Unlike the Windows Registry Editor, which can only display the current computer’s registry, Registry Viewer lets you view registry files from any computer. Registry Viewer gives you access to a registry’s protected storage. The protected storage can contain passwords, usernames, and other information that is not accessible in Windows Registry Editor.
  • Download: The AccessData download page » has the latest Registry Viewer version and other forensic tools (most are not free).
  • Install: Simple installation from an executable (.exe) file.
  • Learn: The Registry Viewer User Guide in PDF format.

Web-Based Applications

Many applications are available online and accessible via a web browser. Web-based tools provide convenience in the form of easy access (from anywhere), and ease-of-use in user-friendly graphical web interface. The following is a list of online tools organized by the main cybersecurity task of the application:

Cryptography Tools
CrypTool-Online
  • Overview: CrypTool-Online (CTO for short) is a platform with various applications (called plugins) for testing, learning and discovering old and modern cryptography. A variety of ciphers, coding methods, and analysis tools are introduced together with illustrated examples. Ciphers include Caesar, Hill, Rail Fence, RSA, and many more.
  • Website: CrypTool-Online »
  • Note: For students and developers, CTO provide the source code of all their applications with instructions on how to develop your own applications.

CryptoPrograms
  • Overview: CryptoPrograms is a site to create and solve classical ciphers online. It can create 61 different classical cipher types and solve 45 cipher types including some used during World Wars 1 and 2.
  • Website: CryptoPrograms »

Online Cryptography Tools
  • Overview: The name is self-explanatory: Cryptography Tools Online! The website includes very useful conversion tools (e.g., numeric system conversions, and string conversions), encoders/decoders, public ciphers (Asymmetric), digital signature generators, digital signature verification, and more.
  • Website: Online Cryptography Tools »

OSINT Tools

Open Source Intelligence (OSINT) is a very powerful and widely used technique for gathering and analyzing information using publicly available data. In Cybersecurity, Information Gathering is a very important phase in Penetration Testing; it let us leverage information to better understand the threat landscape.

Social Media Intelligence

Image Analysis
  • Google Images: Google Images allows users to search the Web for images. You upload an image to discover matches and similar images.
  • Bing Images: Bing Images, in my opinion, are better than Google Images. The search features include "Looks Like", "Pages With", and "Related Content." I also found that the auuracy of Bing image search is better than that of Google's.
  • Steganographic Decoder: lets you decode the payload that was hidden in a JPEG image or a WAV or AU audio file.
  • StegOnline: lets you embed files/text inside of your image, extract data hidden inside of the image, view image strings, and bit planes.
  • Scenario: During an investigation you found a photo that you suspect to have hidden secret (i.e., use of steganography -the practice of concealing a message within an object like an image). You can perform the following:
    1. Search for similar images to compare sizes and potentially find the original
    2. Examine the image metadata (including EXIF)
    3. Retrieve and analyze all strings in the file (they may contain clues hidden messages or flags in a CTF)
    4. Examine the image for hidden information or files (steganography)

Internet Archives
  • Wayback Machine : The WayBack Machine, or Internet Archive, is a non-profit of service that allows you to explore more than 738 billion web pages saved over time.
  • Scenario: You are investigating someone who had posted something on a website but then deleted it. The Wayback Machine allows you to see an archived version before it was deleted.

Practice Resources

Practice Makes Perfect! A list of resources to practice your cybersecurity skills:

Target Practice
  • VulnHub: provides a directory of 'stuff' that is legally 'breakable, hackable & exploitable' - allowing you to learn and practise in a safe environment. What does that mean? You can use their website to download practice targets.
  • OWASP Juice Shop: The application contains a vast number of hacking challenges of varying difficulty where the user is supposed to exploit the underlying vulnerabilities. The hacking progress is tracked on a score board. Finding this score board is actually one of the (easy) challenges!
  • Intentionally Vulnerable Websites: There are many websites left intentionally vulnerable for web security testing. Here are few worthy mentions:

CTF Challenges

CTF stands for Capture The Flag, a style of hacking event where you have one goal: hack in and find the flag.

  • Cyber Talents CTF: Practice public challenges and participate in CTF competitions to be ranked on the top of the world. Free registration and upon login, you will see a practice link with public challenges based on hands-on practical scenarios in several categories (e.g., Web Security; Malware Reverse Engineering; Network Security, etc.)
  • Hacker101 CTF: The Hacker101 CTF is a game designed to let you learn to hack in a safe, rewarding environment. Hacker101 is a free educational site for hackers, run by HackerOne. This CTF is another integral component in our plans to make the world a better place, one bug at a time.
  • Hack The Box (HTB): Hack The Box is a massive hacking playground, and infosec community of over 1.1m platform members who learn, hack, play, exchange ideas and methodologies. Other than CTFs, HTB features hacking labs and an academy. They have a Free account with access to 20 active machines and 80+ active challenges.

Other Challenges
  • The Codebreakers: Codebreakers is a cryptology-themed game for everyone. The participants of the game play in teams. To be able to take part in the game the players are required to register a team consisting of three members. Will you be the next codebreaker?

#cybersecurity #tools #kalilinux #securitytools
Ads by Google
               
© Samer Aoudi 2005-2024