All about Tools

angr

CTF | Python | Reverse Engineering

angr is a python framework for analyzing binaries. It combines both static and dynamic symbolic ("concolic") analysis, making it applicable to a variety of tasks.


arXiv LaTeX Cleaner

TeX

This tool allows you to easily clean the LaTeX code of your paper to submit to arXiv. For example, it removes comments and optimizes images.


Arxiv Vanity

Paper

Watch Arxiv-papers on as a website.


badssl

Certificates

Test the quality of a client's SSL/TLS stack. The website shows sites which should fail or pass. Sites which fail but do not on the browser viewing are a risiko.


BGPlay

BGP | Datasets | Networks

BGPlay shows a graph of the observed BGP routes. It allows to replay historical BGP announcements and displays route changes.

Documentation
Github


BGPStream (CAIDA)

BGP | Datasets | Networks

An open-source software framework for live and historical BGP data analysis, supporting scientific research, operational monitoring, and post-event analysis.

BGP streams are freely accesible and provided by Route View, RIPE, and BGPmon.


BinDiff (zynamics)

Reverse Engineering

IDA plugin for comparing binaries. Allows to label unkown binaries with annotations from a different IDA database.


binwalk

CTF

Binwalk is a binary file analysis tool. It works by traversing a file and looking for potentially embedded files. These embedded files can also be extraced.


cdecl: C gibberish ↔ English

Convert the gibberish of C declarations into English and back. The website uses the Clockwise/Spiral Rule to convert between them.


colorbrewer

The websites helps in selecting a colorscheme for a map. It provides different presets and shows live how they would look on different maps.


CyberChef

CTF

The CyberChef is a website which provides many recipes and makes it easy to combine them. The recipes are small input/output steps, similar to UNIX tools, and cover a large area of topics, like data formats, encoding, encryption, networking, hashing, compression, etc. The main use case is making it easier in CTFs to chain simple operations together like processing encoded text.


Debin: Predicting Debug Information in Stripped Binaries

CTF | Reverse Engineering

Debin is a tool to predict the debug information of stripped binaries. It only works relyable with C programs, as this is the only dataset it was trained on. It might be useful to use the website for jeopardy CTFs.


Detexify

TeX

Detexify helps in writing complex LaTeX symbols, similar to Shapecatcher for Unicode. It searches for the correct LaTeX macros based on a drawing of the shape the users wants. It is a better way to search for symbols instead of going through the symbols-a4.pdf manually.


DMAP Domain Mapper by SIDN Labs

Datasets | DNS | Networks

DMAP is a scalable web scanning suit which supports DNS, HTTPS, TLS, and SMTP. It works based on domain names and crawls the domain for all supported protocols. The advantage over other tools is the unified SQL data model with 166 features and the easy scalability over many crawling machines.


DNS Quality/Overview Tools

Datasets | DNS | DNSSEC | Networks

Check My DNS

Browser-based DNS resolver quality measurement tool. Uses the browser to generate many resolver queries and tests for features they should have, such as EDNS support, IPv6, QNAME Minimisation, etc.

This test is also available as a CLI tool: https://github.com/DNS-OARC/cmdns-cli

DNSSEC Debugger

Analyze DNSSEC deployment for a zone and show errors in the configuration.

DNSViz

Gives an overview over DNSSEC delegations, response sizes, and name servers.

Github: https://github.com/dnsviz/dnsviz

DNS X-Ray

The website has an online test, which performs DNS lookups. These DNS lookups test if certain resource records are overwritten in the cache. The tool can then determine what DNS software is used, where the server is located, how many caches there are, etc.

EDNS Compliance Tester

Test name server of zones for correct EDNS support.

The Transitive Trust and DNS Dependency Graph Portal

Shows the trust dependencies in DNS. Given a domain name it can show how zones delegate to each other and why. The delegation is done between IP addresses and zones.

Root Canary Project

The project monitors the KSK rollover.

It provides statistics about support for DNSSEC algorithms. It has a web based test to test your own resolver and provides a live monitoring using the RIPA Atlas.


DNS Replay Tool (drool)

DNS | IP | Networks | PCAPs

Tool to replay DNS queries captured in a pcap file with accurate timing between queries. Allows modifying the replay like changing IP addresses, speed up or slow down the queries.


DNSCAP

DNS | IP | Networks | PCAPs

DNS network capture utility. Similar in concept to tcpdump, but with specialized options for DNS.


dnsperf and resperf

DNS | IP | Networks | PCAPs

DNS performance measurement tools.


DNSTOP

DNS | Networks

Top-like utility showing information about captured DNS requests. It shows information about the domains queries, the types, and responses.


Driftnet

CTF | Networks

Driftnet watches network traffic, and picks out and displays JPEG and GIF images for display.


Easy File Sharing without Accounts

  • https://send.firefox.com provides temporary file shares of up to 24 hours. It supports files of up to 1 GB. It allows limiting the number of downloads and setting a password.
  • https://transfer.sh/ allows uploading from the command line and the browser. Files can be up to 10 GB and be stored up to 14 days. It allows limiting the number of downloads.

    ```sh

    Upload using cURL

    $ curl --upload-file ./hello.txt https://transfer.sh/hello.txt https://transfer.sh/66nb8/hello.txt

    $ curl -H "Max-Downloads: 1" -H "Max-Days: 5" --upload-file ./hello.txt https://transfer.sh/hello.txt https://transfer.sh/66nb8/hello.txt ```


explainshell

Cheatsheet

explainshell does what the name suggest: it explains shell commands. It allows to write a shell command and it expains what the program is doing, the meaning of the command line flags, and how the pipeing between different programs works.


Ghidra

CTF | Reverse Engineering

Ghidra software reverse engineering (SRE) framework and IDA Pro alternative.


Godbolt Compiler Explorer

x86 | CTF

The Godbolt compiler explorer allows the user to compile a function and see the corresponding assembly code. It can highlight matching parts in the language and assembly, making it easy to understand how individual expressions are compiled. It supports common languages like C, C++, Go, Rust. It can also work with assembler and LLVM IR.

Another nice feature is, that it can show statistics about assembler code, like needed cycles, instructions, and which resources the instructions need. This uses the LLVM Machine Code Analyzer.


IDA - Interative Disassembler

Reverse Engineering

THE reverse engineering tool.


IPv6 Security/Network Tools


John the Ripper

CTF | Hashes | Passwords

John the Ripper the THE tool to brute force passwords and password hashes. It is very fast in calculating hashes with support of GPU acceleration and supports a wide range of different hash formats.


List of Malware Analysis Websites

These websites provide different features to analyse binaries and especially malware. They provide searching by file hashes or by uploading the binary.

Some of the services provide more detailed analyses, such as as which files were access or snapshots of any windows opened.


Lists of DNS Blacklists

Datasets | DNS | IP | Networks | Spam

These projects either operate DNS based Real-time Blackhole Lists (RBL) or allow checking if an IP is contained. The Multi-RBL websites are helpful in finding a large quantaty of RBLs.


mitmproxy - an interactive HTTPS proxy

Proxys

Proxy framework for performing MitM attacks/transformations. Provides a Python APi for scriptability


Mozilla Observatory

Certificates

Website quality measurement tool. The website measures the quality of HTTP headers which improve security. Additionally, it provides inspections for the TLS certificate and SSH servers. It also includes many third party tools.


Multilevel MDA-Lite Paris **Traceroute**

IP | Networks

Multi-level MDA-Lite Paris Traceroute is a traceroute tool, which understands and learns more complex network topologies. Often times the network is not just a line, but multiple paths are possible and chosen at random.

A good description of the tool can be found in the RIPE Labs post or in the IMC 2018 paper.


NAT64 Testers

DNS | Networks

These websites measure support for NAT64 in other websites.


Netlab 360 OpenData Project

Amplification | Datasets | Networks

The Netlab of 360.com provides some open data streams.

One dataset concerns the number of abused reflectors per protocol.


NetworkScan Mon

Amplification | Datasets | Networks

Overview over IP addresses scanning the internet and which ports are scanned.


One Gadget

Reverse Engineering

A tool to find the one gadget in libc. It list all gadgets leading to execve('/bin/sh', NULL, NULL) including their preconditions.


OpenIPmap RIPE

BGP | Datasets | Networks

IP geolocation services feeding itself from geolocation databases, user provided locations, and most importantly active RTT measurements based on the RIPE Atlas system. It also provides a nice API to query the location. It provides a breakdown on where the results stem from and how much they contribute to the overall result.


osquery

osquery exposes an operating system as a high-performance relational database. This allows you to write SQL-based queries to explore operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes.


Over The Wire: Wargames

CTF | Datasets

Over The Wire provides with the wargames many different challenges, to learn exploitations of different things. There are different wargames based on skill and required tooling. In each level the user has to retrieve a flag to procede to the next level.


OWASP Amass

CTF | DNS

The OWASP Amass tool suite obtains subdomain names by scraping data sources, recursive brute forcing, crawling web archives, permuting/altering names and reverse DNS sweeping. Additionally, Amass uses the IP addresses obtained during resolution to discover associated netblocks and ASNs. All the information is then used to build maps of the target networks.


Paris Traceroute

IP | Networks

This is an improvement on the traditional traceroute program. It is able to detect multiple distinct routes and display them accordingly. The classical traceroute would produce weird results on changing network routes.


pdfpc: PDF Presenter Console

pdfpc is a tool enabling a presenter mode for presenting PDF files. The presenter mode contains the usual features known from Powerpoint/Libreoffice:

  • Slide previews
  • Notes
  • Timer

pdfpc is especially adapted to present LaTeX presentations, which otherwise do not have a presenter mode.


PEERING: The BGP Testbed

BGP | Networks

PEERING is an environment where researchers and educators can play with BGP announcements in a real but sandboxed environment.

Description from the website:

The long-term goal of the PEERING system is to enable on-demand, safe, and controlled access to the Internet routing ecosystem for researchers and educators:

  • PEERING for researchers. Today, it is hard for researchers to conduct Internet routing experiments. To perform a routing experiment, a research institution has to obtain Internet resources (IP addresses and ASNs) and establish relations with upstream networks. PEERING eliminates these obstacles and provides researchers controlled on-demand access to the routing ecosystem.
  • PEERING for educators. Educators can use the PEERING infrastructure in teaching students the Internet routing architecture. The students access to live BGP sessions to multiple ISPs.

preeny

CTF

preeny helps pwning binaries by disabling many annoying functions such as random or alarm. It does so by providing different LDPRELOAD-able libraries for those library functions.


pwntools

CTF

pwntools is one of THE Python tools needed during a CTF. It is useful for both jeopardy and attack-defense CTFs. It provides common abstractions, like connecting to a local or remote program and simplifying I/O. Addtionally, it provides helpers for many exploitation techniques, such as ROP, shellcode, and leaking memory.


Qualys SSL Labs

Certificates

Test the quality of a server's or a client's SSL/TLS stack. Very useful to test a server. Provides a A-F rating scheme and shows vulnerabilities and weak protocols/cipher suites.


regexr

Cheatsheet

regexr helps in understanding and writing regular expressions (RegEx). It takes a RegEx and explains the different parts of it. It also shows how the RegEx applies to a sample text.

Additionally, it contains a RegEx reference as well as a user supplied library of different RegExs.


respdiff

DNS | Networks

DNS responses gathering and differences analysis toolchain.


RetDec - Retargetable Decompiler

Reverse Engineering

A standalone decompiler build and managed by Avast. Works as a standalone program, has a trial version on the website, and there is an IDA Plugin.

Supported file formats: ELF, PE, Mach-O, COFF, AR (archive), Intel HEX, and raw machine code. Supported architectures (32b only): Intel x86, ARM, MIPS, PIC32, and PowerPC.


Root Servers

Datasets | DNS

Overview page for the DNS root servers. It contains links to general news and all the supporting organizations.

The website features a map with all geographic locations. It contains information about locations, IPv4/IPv6 reachability and IP addresses.

Each root server has its own subdomain in the form of http://a.root-servers.org. It contains access to historical performance data like:

  • Size and time of zone updates
  • RCODE volume
  • query and response sizes for UDP and TCP
  • traffic volume (packets per time)
  • Unique sources

Routing Information Service (RIS)

BGP | Datasets | DNS | Networks

Different information regarding reachability and connectiveness of ASs.


RPKI Browsers

Datasets | Networks | RPKI

These websites allow you to browser the valid RPKI announcements. They show which address ranges are covered by RPKI and who the issuing authority is.


RPKI Tester

Networks | RPKI

Website which tests, if your provider filters invalid annoucements using RPKI.


RsaCtfTool

CTF

The RsaCtfTool is a tool supporting working with RSA keys. The main focus lies in a wide range of known attacks which are implemented and easy to use with it. This makes it suitable for CTFs, especially Jeopardies.


Run Foreign-Achitecture Docker Containers

CTF | Docker

Sometimes it is necessary to run Docker containers for a different CPU architecture. This Docker containers makes it possible to run other Docker containers with a different architecture. It works by using binfmt_misc, a Linux kernel feature to run files with interpreters, and installs qemu binaries for different architectures.


Rust Macro Railroad

Cheatsheet | Rust

Helps in understanding macro_rules macros by automatically generating syntax diagrams for them.


Rustexp

Rust

Rust regulat expression editor and tester.


Shapecatcher

Unicode

Shapecatcher looks up Unicode symbols based on a drawing of the symbol. It is conceptually similar to Detexify, but returns Unicode symbols instead of macros.


Sherlock: Find usernames across social networks

This tool searches through many services if they have a user with a given username. This can either be used to find usernames, which are still available on the important websites or to check for conflicting accounts.


snidump

CTF | Networks

This is a tcpdump-like program for printing TLS SNI and HTTP/1.1 Host fields in live or captured traffic.


Snowman Decompiler

Reverse Engineering

A standalone C decompiler. Also has an IDA plugin.

Supports ARM, x86, and x86-64 architectures. Reads ELF, Mach-O, and PE file formats.


Solve Crypto with Force!

CTF

The website offers a large variety of crypto implementations which can be tested. It is helpful to solve unknown crypto challenges during CTFs. It is similar in concept to the CyberChef, but only for crypto.


SSLsplit - transparent SSL/TLS interception

Proxys

Simple TLS proxy.


Tcpdump advanced filters

Cheatsheet | Networks | Tutorials

The website contains different tcpdump filters. It starts with basic filters and then builds up ever more complex ones. This is a good source for looking up complicated filters, if one does not want to write them themself.


traIXroute

IP | Networks

A traceroute like tool, that detects where a path crosses an IXP.


Unicode Text Converter

Unicode

The tool converts an input string into different and sometimes obscure Unicode characters. It is usefull to generate funny looking text or to generate a new username, if the desired on is taken.

For example, the tool supports ⓒⓘⓡⓒⓛⓔⓓ, 𝖋𝖗𝖆𝖐𝖙𝖚𝖗, 🆂🆀🆄🅰🆁🅴🅳, ꜱᴍᴀʟʟ ᴄᴀᴩꜱ, ɐup 𝕠𝕥𝕙𝕖𝕣 wɘiᴙb options.


vizAS

BGP | Networks | Datasets

vizAS by APNIC shows the connectiveness between different ASs split by countries. It is usefull to find the ASs which are most central in the graph.


Wildcard DNS for IP Addresses

DNS | IP | Networks

These services allow you to create a domain name for any IP address. The IP address is encoded into the domain name. An overview over different services can be found here.

Online Services

  • http://xip.io/ provides IPv4 only

    • 10.0.0.1.xip.io resolves to 10.0.0.1
    • www.10.0.0.1.xip.io resolves to 10.0.0.1
    • foo.bar.10.0.0.1.xip.io resolves to 10.0.0.1
  • https://nip.io/ provides IPv4 only

    • Supports both . and - separators.
    • 10.0.0.1.nip.io resolves to 10.0.0.1
    • 192-168-1-250.nip.io resolves to 192.168.1.250
    • customer1.app.10.0.0.1.nip.io resolves to 10.0.0.1
    • magic-127-0-0-1.nip.io resolves to 127.0.0.1
  • https://sslip.io/ provides IPv4 and IPv6

    • Supports both . and - separators.
    • Provides the ability to use the service with a your own branding.
    • 192.168.0.1.sslip.io resolves to 192.168.0.1
    • 192-168-1-250.sslip.io resolves to 192.168.1.250
    • www.192-168-0-1.sslip.io resolves to 192.168.0.1
    • –1.sslip.io resolves to ::1
    • 2a01-4f8-c17-b8f--2.sslip.io resolves to 2a01:4f8:c17:b8f::2
  • https://ip6.name/ provides IPv6 only

    • A x replaces the :: in the IPv6 address.
    • 2001.db8.8000.0.0.0.0.1.ip6.name resolves to 2001:db8:8000::1
    • 2001.db8.8000.x.1.ip6.name resolves to 2001:db8:8000::1
    • x.1.ip6.name resolves to ::1

Self-hosted Options

  • hipio is a Haskell service for IPv4.

Ziggy: the RPKI Wayback Machine

Networks | RPKI

Ziggy is a tool to inspect the RPKI ecosystem at arbitrary points in the past. It is developed by NlNetLabs. More details abouut the ziggy tool can be found in the announcement blogpost.


ZMap Project

DNS | IP | Networks

Different utilities for network scanning. Most imporantly the zmap component, which is a packet scanner for different protocols. It also contains other tools like ways to iterate over the IPv4 address space and blacklist/whitelist management.