Skip to main content
  1. All Posts/

sec-tools

Tools HTML

sec-tools

NO LONGER MAINTAINED
Curated collection of tools for security research, CTFs, and fun, that I enjoy. Similar to zardus’s ctf-tools, but with a more general focus on security.
Installers for the following tools are included:

Category
Tool
Description

binary
apktool
Disassemble, examine, and re-pack Android APKs

binary
binwalk
Firmware (and arbitrary file) analysis tool.

binary
checksec
Check binary hardening settings.

binary
dex2jar
Tools to work with android .dex files

binary
hxd
A simple hex editor. Ran through wine. (Uses wine.)

binary
idafree
The most popular interactive disassembler, free edition. (Uses wine.)

binary
jdgui
A graphical Java Decompiler. (Uses wine.)

binary
peda
Enhanced environment for gdb.

binary
preeny
A collection of helpful preloads (compiled for many architectures!).

binary
qemu
Latest version of qemu!

binary
qira
Parallel, timeless debugger. Go back and forth in time.

binary
radare2
Some crazy thing crowell likes.

binary
ropgadget
Search ROP gadgets, autocreate a ropchain, and fetch gadgets from a bin.

binary
upx
A free and popular packer/unpacker.

crypto
aeskeyfind
Find AES keys in a memory dump.

crypto
cribdrag
Interactive crib dragging tool (for crypto).

crypto
evilize
Tool to create MD5 colliding binaries

crypto
foresight
A tool for predicting the output of random number generators. To run, launch “foresee”.

crypto
hashid
Simple hash algorithm identifier.

crypto
msieve
Factor primes, such as for RSA.

crypto
padbuster
Automated script for performing Padding Oracle attacks

crypto
pkcrack
PkZip encryption cracker.

crypto
python-paddingoracle
Padding oracle attack automation.

crypto
ssh_decoder
A tool for decoding ssh traffic.

crypto
yafu
Fast prime factorization.

crypto
xortool
XOR analysis tool.

fuzzers
afl
State-of-the-art fuzzer.

fuzzers
pathgrind
Path based fuzzer.

stego
ElectronicColoringBook
Colorize data file according to repetitive chunks.

stego
exiftool
Examine EXIF/meta data of files.

stego
lsbsteg
stego files into images using the Least Significant Bit.

stego
poppler
A suite of tools to help take apart and work with PDF files

stego
steganabara
Another image steganography solver.

stego
stegdetect
Steganography detection/breaking tool.

stego
stegsolve
Image steganography solver.

tools
brakeman
Ruby-on-rails static-analysis security scanner.

tools
bruteforce
A simple starter script for bruteforcing

tools
entropy
A simple tool to test entropy of a file

tools
extundelete
Recover deleted files from an ext3 or ext4 partition.

tools
pngtools
Dump info on a PNG file.

tools
pyunpack
Unpacker for packed Python executables

tools
shoe
A simple tool to assist with TCP remote communication

tools
swftools
Tools for reading, creating, and working with swf files.

tools
wordlist
A huge wordlist to use for cracking or whatever.

web
burpsuite
Web proxy to do naughty web stuff.

web
dirsearch
Web path scanner.

web
hashpump
A tool for exploiting hash extension vulnerabilities.

web
mitmproxy
A programmable and interactive HTTP proxy useful

web
net-creds
Sniffs sensitive data from interface or pcap

web
sqlmap
SQL injection automation engine.

Usage ❤️‍❤️‍

To use, do:

# download and set up
git clone https://github.com/eugenekolo/sec-tools.git
./sec-tools/sec-tools setup && source ~/.bashrc

# list the available category/tools
sec-tools list

# install whatever <category/tool-name>
sec-tools install binary/apktool

# use the tool - your path is automatically configured
apktool --version

Virtualization and Containers

Ready to launch, will install every tool for you. Grab a ☕ while making these.

Docker

git clone https://github.com/eugenekolo/sec-tools.git
docker build -t sec-tools .
docker run -it sec-tools

Vagrant

wget https://raw.githubusercontent.com/eugenekolo/sec-tools/master/Vagrantfile
vagrant up
vagrant ssh

Adding Tools

To add a tool (say, named toolname), do the following:

  1. Decide what category it falls under. You probably shouldn’t create a new one.
  2. Create a categorytoolname directory.
  3. Create an install-ctf.sh script. It’s a simple bash script, look at already made ones for example.

License 🌟🌟

The individual tools are all licensed under their own licenses.
As for sec-tools itself, it is “starware”.
If you find it useful, star it on github ( https://github.com/eugenekolo/sec-tools).

Acknowledgements

Built upon ctf-tools. Be sure to check them out.