/sec-tools

A set of security related tools

Primary LanguageHTML

sec-tools Build Status Amazing

Curated collection of tools for security research, CTFs, and fun, that I enjoy. Similar to zardus's ctf-tools, but with a more general focus on security.

Installers for the following tools are included:

Category Tool Description
binary apktool Disassemble, examine, and re-pack Android APKs
binary binwalk Firmware (and arbitrary file) analysis tool.
binary checksec Check binary hardening settings.
binary dex2jar Tools to work with android .dex files
binary hxd A simple hex editor. Ran through wine. (Uses wine.)
binary idafree The most popular interactive disassembler, free edition. (Uses wine.)
binary jdgui A graphical Java Decompiler. (Uses wine.)
binary peda Enhanced environment for gdb.
binary preeny A collection of helpful preloads (compiled for many architectures!).
binary qemu Latest version of qemu!
binary qira Parallel, timeless debugger. Go back and forth in time.
binary radare2 Some crazy thing crowell likes.
binary ropgadget Search ROP gadgets, autocreate a ropchain, and fetch gadgets from a bin.
binary upx A free and popular packer/unpacker.
crypto aeskeyfind Find AES keys in a memory dump.
crypto cribdrag Interactive crib dragging tool (for crypto).
crypto evilize Tool to create MD5 colliding binaries
crypto foresight A tool for predicting the output of random number generators. To run, launch "foresee".
crypto hashid Simple hash algorithm identifier.
crypto msieve Factor primes, such as for RSA.
crypto padbuster Automated script for performing Padding Oracle attacks
crypto pkcrack PkZip encryption cracker.
crypto python-paddingoracle Padding oracle attack automation.
crypto ssh_decoder A tool for decoding ssh traffic.
crypto yafu Fast prime factorization.
crypto xortool XOR analysis tool.
fuzzers afl State-of-the-art fuzzer.
fuzzers pathgrind Path based fuzzer.
stego ElectronicColoringBook Colorize data file according to repetitive chunks.
stego exiftool Examine EXIF/meta data of files.
stego lsbsteg stego files into images using the Least Significant Bit.
stego poppler A suite of tools to help take apart and work with PDF files
stego steganabara Another image steganography solver.
stego stegdetect Steganography detection/breaking tool.
stego stegsolve Image steganography solver.
tools brakeman Ruby-on-rails static-analysis security scanner.
tools bruteforce A simple starter script for bruteforcing
tools entropy A simple tool to test entropy of a file
tools extundelete Recover deleted files from an ext3 or ext4 partition.
tools pngtools Dump info on a PNG file.
tools pyunpack Unpacker for packed Python executables
tools shoe A simple tool to assist with TCP remote communication
tools swftools Tools for reading, creating, and working with swf files.
tools wordlist A huge wordlist to use for cracking or whatever.
web burpsuite Web proxy to do naughty web stuff.
web dirsearch Web path scanner.
web hashpump A tool for exploiting hash extension vulnerabilities.
web mitmproxy A programmable and interactive HTTP proxy useful
web net-creds Sniffs sensitive data from interface or pcap
web sqlmap SQL injection automation engine.

Usage ❤️‍❤️‍

To use, do:

# download and set up
git clone https://github.com/eugenekolo/sec-tools.git
./sec-tools/sec-tools setup && source ~/.bashrc

# list the available category/tools
sec-tools list

# install whatever <category/tool-name>
sec-tools install binary/apktool

# use the tool - your path is automatically configured
apktool --version

Virtualization and Containers

Ready to launch, will install every tool for you. Grab a ☕ while making these.

Docker Docker Badge

git clone https://github.com/eugenekolo/sec-tools.git
docker build -t sec-tools .
docker run -it sec-tools

Vagrant Vagrant Badge

wget https://raw.githubusercontent.com/eugenekolo/sec-tools/master/Vagrantfile
vagrant up
vagrant ssh

Adding Tools

To add a tool (say, named toolname), do the following:

  1. Decide what category it falls under. You probably shouldn't create a new one.
  2. Create a category\toolname directory.
  3. Create an install-ctf.sh script. It's a simple bash script, look at already made ones for example.

License 🌟🌟

The individual tools are all licensed under their own licenses. As for sec-tools itself, it is "starware". If you find it useful, star it on github (https://github.com/eugenekolo/sec-tools).

Acknowledgements

Built upon ctf-tools. Be sure to check them out.