Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/eugenekolo/sec-tools
A set of security related tools
https://github.com/eugenekolo/sec-tools
Last synced: 3 months ago
JSON representation
A set of security related tools
- Host: GitHub
- URL: https://github.com/eugenekolo/sec-tools
- Owner: eugenekolo
- Created: 2016-01-21T06:02:24.000Z (over 8 years ago)
- Default Branch: master
- Last Pushed: 2021-03-08T06:51:12.000Z (over 3 years ago)
- Last Synced: 2024-01-22T03:16:21.899Z (5 months ago)
- Language: HTML
- Homepage:
- Size: 5.15 MB
- Stars: 622
- Watchers: 24
- Forks: 145
- Open Issues: 8
-
Metadata Files:
- Readme: README.md
Lists
- awesome-security-collection - **321**星
- awesome-csirt - sec-tools
- awesome-stars - sec-tools
- awesome-csirt - sec-tools
- awesome-stars - sec-tools
- awesome-stars - sec-tools
- awesome-cyber-security - **321**星
- awesome-cyber-security - **299**星
README
# sec-tools [](https://travis-ci.org/eugenekolo/sec-tools) 
**NO LONGER MAINTAINED**
Curated collection of tools for security research, CTFs, and fun, that I enjoy. Similar to zardus's ctf-tools, but with a more general focus on security.
Installers for the following tools are included:
| Category | Tool | Description |
|----------|------|-------------|
| binary | [apktool](https://ibotpeaches.github.io/Apktool/) | Disassemble, examine, and re-pack Android APKs |
| binary | [binwalk](https://github.com/devttys0/binwalk.git) | Firmware (and arbitrary file) analysis tool. |
| binary | [checksec](https://github.com/slimm609/checksec.sh) | Check binary hardening settings. |
| binary | [dex2jar](https://github.com/pxb1988/dex2jar) | Tools to work with android .dex files |
| binary | [hxd](https://mh-nexus.de/en/hxd/) | A simple hex editor. Ran through `wine`. (Uses wine.) |
| binary | [idafree](https://www.hex-rays.com/products/ida/support/download_freeware.shtml) | The most popular interactive disassembler, free edition. (Uses wine.) |
| binary | [jdgui](http://jd.benow.ca/) | A graphical Java Decompiler. (Uses wine.) |
| binary | [peda](https://github.com/longld/peda) | Enhanced environment for gdb. |
| binary | [preeny](https://github.com/zardus/preeny) | A collection of helpful preloads (compiled for many architectures!). |
| binary | [qemu](http://qemu.org) | Latest version of qemu! |
| binary | [qira](http://qira.me) | Parallel, timeless debugger. Go back and forth in time. |
| binary | [radare2](http://www.radare.org/) | Some crazy thing crowell likes. |
| binary | [ropgadget](https://github.com/JonathanSalwan/ROPgadget) | Search ROP gadgets, autocreate a ropchain, and fetch gadgets from a bin. |
| binary | [upx](http://upx.sourceforge.net/) | A free and popular packer/unpacker. |
| crypto | [aeskeyfind](https://citp.princeton.edu/research/memory/code/) | Find AES keys in a memory dump. |
| crypto | [cribdrag](https://github.com/SpiderLabs/cribdrag) | Interactive crib dragging tool (for crypto). |
| crypto | [evilize](http://www.mathstat.dal.ca/~selinger/md5collision/) | Tool to create MD5 colliding binaries |
| crypto | [foresight](https://github.com/ALSchwalm/foresight) | A tool for predicting the output of random number generators. To run, launch "foresee". |
| crypto | [hashid](https://code.google.com/p/hash-identifier/source/checkout) | Simple hash algorithm identifier. |
| crypto | [msieve](https://sourceforge.net/projects/msieve/) | Factor primes, such as for RSA. |
| crypto | [padbuster](https://github.com/GDSSecurity/PadBuster) | Automated script for performing Padding Oracle attacks |
| crypto | [pkcrack](https://www.unix-ag.uni-kl.de/~conrad/krypto/pkcrack.html) | PkZip encryption cracker. |
| crypto | [python-paddingoracle](https://github.com/mwielgoszewski/python-paddingoracle) | Padding oracle attack automation. |
| crypto | [ssh_decoder](https://github.com/jjyg/ssh_decoder) | A tool for decoding ssh traffic. |
| crypto | [yafu](https://sourceforge.net/projects/yafu/) | Fast prime factorization. |
| crypto | [xortool](https://github.com/hellman/xortool) | XOR analysis tool. |
| fuzzers | [afl](http://lcamtuf.coredump.cx/afl/) | State-of-the-art fuzzer. |
| fuzzers | [pathgrind](https://github.com/codelion/pathgrind) | Path based fuzzer. |
| stego | [ElectronicColoringBook](https://doegox.github.io/ElectronicColoringBook/) | Colorize data file according to repetitive chunks. |
| stego | [exiftool](http://www.sno.phy.queensu.ca/~phil/exiftool/) | Examine EXIF/meta data of files. |
| stego | [lsbsteg](https://github.com/RobinDavid/LSB-Steganography) | stego files into images using the Least Significant Bit. |
| stego | [poppler](http://poppler.freedesktop.org/) | A suite of tools to help take apart and work with PDF files |
| stego | [steganabara](http://www.caesum.com/handbook/stego.htm) | Another image steganography solver. |
| stego | [stegdetect](http://www.outguess.org/) | Steganography detection/breaking tool. |
| stego | [stegsolve](http://www.caesum.com/handbook/stego.htm) | Image steganography solver. |
| tools | [brakeman](http://brakemanscanner.org/) | Ruby-on-rails static-analysis security scanner. |
| tools | [bruteforce](http://github.com/eugenekolo/sec-tools) | A simple starter script for bruteforcing |
| tools | [entropy](http://github.com/eugenekolo/sec-tools) | A simple tool to test entropy of a file |
| tools | [extundelete](http://extundelete.sourceforge.net/) | Recover deleted files from an ext3 or ext4 partition. |
| tools | [pngtools](http://www.stillhq.com/pngtools/) | Dump info on a PNG file. |
| tools | [pyunpack](https://github.com/kholia/exetractor-clone) | Unpacker for packed Python executables |
| tools | [shoe](http://github.com/eugenekolo/sec-tools) | A simple tool to assist with TCP remote communication |
| tools | [swftools](http://www.swftools.org/) | Tools for reading, creating, and working with swf files. |
| tools | [wordlist](https://github.com/eugenekolo/win-sec-tools/releases/download/v1.0/wordlist.txt.gz) | A huge wordlist to use for cracking or whatever. |
| web | [burpsuite](http://portswigger.net/burp) | Web proxy to do naughty web stuff. |
| web | [dirsearch](https://github.com/maurosoria/dirs3arch) | Web path scanner. |
| web | [hashpump](https://github.com/bwall/HashPump) | A tool for exploiting hash extension vulnerabilities. |
| web | [mitmproxy](http://mitmproxy.org/) | A programmable and interactive HTTP proxy useful |
| web | [net-creds](https://github.com/DanMcInerney/net-creds) | Sniffs sensitive data from interface or pcap |
| web | [sqlmap](http://sqlmap.org/) | SQL injection automation engine. |
## Usage ❤️❤️
To use, do:
```bash
# download and set up
git clone https://github.com/eugenekolo/sec-tools.git
./sec-tools/sec-tools setup && source ~/.bashrc
# list the available category/tools
sec-tools list
# install whatever
sec-tools install binary/apktool
# use the tool - your path is automatically configured
apktool --version
```
## Virtualization and Containers
Ready to launch, will install every tool for you. Grab a :coffee: while making these.
### Docker 
```
git clone https://github.com/eugenekolo/sec-tools.git
docker build -t sec-tools .
docker run -it sec-tools
```
### Vagrant 
```
wget https://raw.githubusercontent.com/eugenekolo/sec-tools/master/Vagrantfile
vagrant up
vagrant ssh
```
## Adding Tools
To add a tool (say, named *toolname*), do the following:
1. Decide what category it falls under. You probably shouldn't create a new one.
2. Create a `category\toolname` directory.
3. Create an `install-ctf.sh` script. It's a simple bash script, look at already made ones for example.
## License :star2::star2:
The individual tools are all licensed under their own licenses.
As for sec-tools itself, it is "starware".
If you find it useful, star it on github (https://github.com/eugenekolo/sec-tools).
## Acknowledgements
Built upon [ctf-tools](https://github.com/zardus/ctf-tools). Be sure to check them out.