sec-tools
NO LONGER MAINTAINED
Curated collection of tools for security research, CTFs, and fun, that I enjoy. Similar to zardus’s ctf-tools, but with a more general focus on security.
Installers for the following tools are included:
Category
Tool
Description
binary
apktool
Disassemble, examine, and re-pack Android APKs
binary
binwalk
Firmware (and arbitrary file) analysis tool.
binary
checksec
Check binary hardening settings.
binary
dex2jar
Tools to work with android .dex files
binary
hxd
A simple hex editor. Ran through wine
. (Uses wine.)
binary
idafree
The most popular interactive disassembler, free edition. (Uses wine.)
binary
jdgui
A graphical Java Decompiler. (Uses wine.)
binary
peda
Enhanced environment for gdb.
binary
preeny
A collection of helpful preloads (compiled for many architectures!).
binary
qemu
Latest version of qemu!
binary
qira
Parallel, timeless debugger. Go back and forth in time.
binary
radare2
Some crazy thing crowell likes.
binary
ropgadget
Search ROP gadgets, autocreate a ropchain, and fetch gadgets from a bin.
binary
upx
A free and popular packer/unpacker.
crypto
aeskeyfind
Find AES keys in a memory dump.
crypto
cribdrag
Interactive crib dragging tool (for crypto).
crypto
evilize
Tool to create MD5 colliding binaries
crypto
foresight
A tool for predicting the output of random number generators. To run, launch “foresee”.
crypto
hashid
Simple hash algorithm identifier.
crypto
msieve
Factor primes, such as for RSA.
crypto
padbuster
Automated script for performing Padding Oracle attacks
crypto
pkcrack
PkZip encryption cracker.
crypto
python-paddingoracle
Padding oracle attack automation.
crypto
ssh_decoder
A tool for decoding ssh traffic.
crypto
yafu
Fast prime factorization.
crypto
xortool
XOR analysis tool.
fuzzers
afl
State-of-the-art fuzzer.
fuzzers
pathgrind
Path based fuzzer.
stego
ElectronicColoringBook
Colorize data file according to repetitive chunks.
stego
exiftool
Examine EXIF/meta data of files.
stego
lsbsteg
stego files into images using the Least Significant Bit.
stego
poppler
A suite of tools to help take apart and work with PDF files
stego
steganabara
Another image steganography solver.
stego
stegdetect
Steganography detection/breaking tool.
stego
stegsolve
Image steganography solver.
tools
brakeman
Ruby-on-rails static-analysis security scanner.
tools
bruteforce
A simple starter script for bruteforcing
tools
entropy
A simple tool to test entropy of a file
tools
extundelete
Recover deleted files from an ext3 or ext4 partition.
tools
pngtools
Dump info on a PNG file.
tools
pyunpack
Unpacker for packed Python executables
tools
shoe
A simple tool to assist with TCP remote communication
tools
swftools
Tools for reading, creating, and working with swf files.
tools
wordlist
A huge wordlist to use for cracking or whatever.
web
burpsuite
Web proxy to do naughty web stuff.
web
dirsearch
Web path scanner.
web
hashpump
A tool for exploiting hash extension vulnerabilities.
web
mitmproxy
A programmable and interactive HTTP proxy useful
web
net-creds
Sniffs sensitive data from interface or pcap
web
sqlmap
SQL injection automation engine.
Usage ❤️❤️
To use, do:
# download and set up git clone https://github.com/eugenekolo/sec-tools.git ./sec-tools/sec-tools setup && source ~/.bashrc # list the available category/tools sec-tools list # install whatever <category/tool-name> sec-tools install binary/apktool # use the tool - your path is automatically configured apktool --version
Virtualization and Containers
Ready to launch, will install every tool for you. Grab a ☕ while making these.
git clone https://github.com/eugenekolo/sec-tools.git
docker build -t sec-tools .
docker run -it sec-tools
wget https://raw.githubusercontent.com/eugenekolo/sec-tools/master/Vagrantfile
vagrant up
vagrant ssh
Adding Tools
To add a tool (say, named toolname), do the following:
- Decide what category it falls under. You probably shouldn’t create a new one.
-
Create a
categorytoolname
directory. -
Create an
install-ctf.sh
script. It’s a simple bash script, look at already made ones for example.
The individual tools are all licensed under their own licenses.
As for sec-tools itself, it is “starware”.
If you find it useful, star it on github (
https://github.com/eugenekolo/sec-tools).
Acknowledgements
Built upon ctf-tools. Be sure to check them out.