angr is a python framework for analyzing binaries. It combines both static and dynamic symbolic ("concolic") analysis, making it applicable to a variety of tasks.
This tool allows you to easily clean the LaTeX code of your paper to submit to arXiv. For example, it removes comments and optimizes images.
Watch Arxiv-papers on as a website.
Test the quality of a client's SSL/TLS stack. The website shows sites which should fail or pass. Sites which fail but do not on the browser viewing are a risiko.
BGPlay shows a graph of the observed BGP routes. It allows to replay historical BGP announcements and displays route changes.
An open-source software framework for live and historical BGP data analysis, supporting scientific research, operational monitoring, and post-event analysis.
BGP streams are freely accesible and provided by Route View, RIPE, and BGPmon.
IDA plugin for comparing binaries. Allows to label unkown binaries with annotations from a different IDA database.
Binwalk is a binary file analysis tool. It works by traversing a file and looking for potentially embedded files. These embedded files can also be extraced.
Convert the gibberish of C declarations into English and back. The website uses the Clockwise/Spiral Rule to convert between them.
The websites helps in selecting a colorscheme for a map. It provides different presets and shows live how they would look on different maps.
Desugar C++ code and show how modern C++ features are implemented. This helps in understanding the details of C++ and how modern compilers implement the language standard.
The CyberChef is a website which provides many recipes and makes it easy to combine them. The recipes are small input/output steps, similar to UNIX tools, and cover a large area of topics, like data formats, encoding, encryption, networking, hashing, compression, etc. The main use case is making it easier in CTFs to chain simple operations together like processing encoded text.
Debin is a tool to predict the debug information of stripped binaries. It only works relyable with C programs, as this is the only dataset it was trained on. It might be useful to use the website for jeopardy CTFs.
Detexify helps in writing complex LaTeX symbols, similar to Shapecatcher for Unicode. It searches for the correct LaTeX macros based on a drawing of the shape the users wants. It is a better way to search for symbols instead of going through the symbols-a4.pdf manually.
DMAP is a scalable web scanning suit which supports DNS, HTTPS, TLS, and SMTP. It works based on domain names and crawls the domain for all supported protocols. The advantage over other tools is the unified SQL data model with 166 features and the easy scalability over many crawling machines.
Browser-based DNS resolver quality measurement tool. Uses the browser to generate many resolver queries and tests for features they should have, such as EDNS support, IPv6, QNAME Minimisation, etc.
This test is also available as a CLI tool: https://github.com/DNS-OARC/cmdns-cli
Analyze DNSSEC deployment for a zone and show errors in the configuration.
Gives an overview over DNSSEC delegations, response sizes, and name servers.
The website has an online test, which performs DNS lookups. These DNS lookups test if certain resource records are overwritten in the cache. The tool can then determine what DNS software is used, where the server is located, how many caches there are, etc.
Test name server of zones for correct EDNS support.
Shows the trust dependencies in DNS. Given a domain name it can show how zones delegate to each other and why. The delegation is done between IP addresses and zones.
The project monitors the KSK rollover.
It provides statistics about support for DNSSEC algorithms. It has a web based test to test your own resolver and provides a live monitoring using the RIPA Atlas.
Tool to replay DNS queries captured in a pcap file with accurate timing between queries. Allows modifying the replay like changing IP addresses, speed up or slow down the queries.
DNS network capture utility. Similar in concept to tcpdump, but with specialized options for DNS.
DNS performance measurement tools.
Top-like utility showing information about captured DNS requests. It shows information about the domains queries, the types, and responses.
Driftnet watches network traffic, and picks out and displays JPEG and GIF images for display.
This is an improvement on Paris traceroute and the classical traceroute. It can detect changing routes and detect NATs along the path.
https://transfer.sh/ allows uploading from the command line and the browser. Files can be up to 10 GB and be stored up to 14 days. It allows limiting the number of downloads.
$ curl --upload-file ./hello.txt https://transfer.sh/hello.txt https://transfer.sh/66nb8/hello.txt
$ curl -H "Max-Downloads: 1" -H "Max-Days: 5" --upload-file ./hello.txt https://transfer.sh/hello.txt https://transfer.sh/66nb8/hello.txt ```
Evcxr is a Rust interpreter and also provides a Jupyter kernel. This is a helpfull addition to the online playground as it allows installing and using any crate.
explainshell does what the name suggest: it explains shell commands. It allows to write a shell command and it expains what the program is doing, the meaning of the command line flags, and how the pipeing between different programs works.
Ghidra software reverse engineering (SRE) framework and IDA Pro alternative.
The Godbolt compiler explorer allows the user to compile a function and see the corresponding assembly code. It can highlight matching parts in the language and assembly, making it easy to understand how individual expressions are compiled. It supports common languages like C, C++, Go, Rust. It can also work with assembler and LLVM IR.
Another nice feature is, that it can show statistics about assembler code, like needed cycles, instructions, and which resources the instructions need. This uses the LLVM Machine Code Analyzer.
THE reverse engineering tool.
John the Ripper the THE tool to brute force passwords and password hashes. It is very fast in calculating hashes with support of GPU acceleration and supports a wide range of different hash formats.
These websites provide tools which convert JSON data to structs in different programming languages.
These websites provide different features to analyse binaries and especially malware. They provide searching by file hashes or by uploading the binary.
Some of the services provide more detailed analyses, such as as which files were access or snapshots of any windows opened.
These projects either operate DNS based Real-time Blackhole Lists (RBL) or allow checking if an IP is contained. The Multi-RBL websites are helpful in finding a large quantaty of RBLs.
Proxy framework for performing MitM attacks/transformations. Provides a Python APi for scriptability
Website quality measurement tool. The website measures the quality of HTTP headers which improve security. Additionally, it provides inspections for the TLS certificate and SSH servers. It also includes many third party tools.
Multi-level MDA-Lite Paris Traceroute is a traceroute tool, which understands and learns more complex network topologies. Often times the network is not just a line, but multiple paths are possible and chosen at random.
These websites measure support for NAT64 in other websites.
The Netlab of 360.com provides some open data streams.
One dataset concerns the number of abused reflectors per protocol.
Overview over IP addresses scanning the internet and which ports are scanned.
A tool to find the one gadget in libc.
It list all gadgets leading to
execve('/bin/sh', NULL, NULL) including their preconditions.
Website allowing assembly and disassembly of x86 and x64 code.
IP geolocation services feeding itself from geolocation databases, user provided locations, and most importantly active RTT measurements based on the RIPE Atlas system. It also provides a nice API to query the location. It provides a breakdown on where the results stem from and how much they contribute to the overall result.
osquery exposes an operating system as a high-performance relational database. This allows you to write SQL-based queries to explore operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes.
Over The Wire provides with the wargames many different challenges, to learn exploitations of different things. There are different wargames based on skill and required tooling. In each level the user has to retrieve a flag to procede to the next level.
The OWASP Amass tool suite obtains subdomain names by scraping data sources, recursive brute forcing, crawling web archives, permuting/altering names and reverse DNS sweeping. Additionally, Amass uses the IP addresses obtained during resolution to discover associated netblocks and ASNs. All the information is then used to build maps of the target networks.
This is an improvement on the traditional traceroute program. It is able to detect multiple distinct routes and display them accordingly. The classical traceroute would produce weird results on changing network routes.
Another similar program is Dublin traceroute.
pdfpc is a tool enabling a presenter mode for presenting PDF files. The presenter mode contains the usual features known from Powerpoint/Libreoffice:
pdfpc is especially adapted to present LaTeX presentations, which otherwise do not have a presenter mode.
PEERING is an environment where researchers and educators can play with BGP announcements in a real but sandboxed environment.
Description from the website:
The long-term goal of the PEERING system is to enable on-demand, safe, and controlled access to the Internet routing ecosystem for researchers and educators:
Play with Docker is a Docker playground which allows users to run Docker commands in a matter of seconds. It gives the experience of having a free Alpine Linux Virtual Machine in browser, where you can build and run Docker containers and even create clusters in Docker Swarm Mode. Under the hood Docker-in-Docker (DinD) is used to give the effect of multiple VMs/PCs. In addition to the playground, PWD also includes a training site composed of a large set of Docker labs and quizzes from beginner to advanced level available at training.play-with-docker.com.
preeny helps pwning binaries by disabling many annoying functions such as
It does so by providing different
LDPRELOAD-able libraries for those library functions.
pwntools is one of THE Python tools needed during a CTF. It is useful for both jeopardy and attack-defense CTFs. It provides common abstractions, like connecting to a local or remote program and simplifying I/O. Addtionally, it provides helpers for many exploitation techniques, such as ROP, shellcode, and leaking memory.
Test the quality of a server's or a client's SSL/TLS stack.
Very useful to test a server.
A-F rating scheme and shows vulnerabilities and weak protocols/cipher suites.
regexr helps in understanding and writing regular expressions (RegEx). It takes a RegEx and explains the different parts of it. It also shows how the RegEx applies to a sample text.
Additionally, it contains a RegEx reference as well as a user supplied library of different RegExs.
DNS responses gathering and differences analysis toolchain.
A standalone decompiler build and managed by Avast. Works as a standalone program, has a trial version on the website, and there is an IDA Plugin.
Supported file formats: ELF, PE, Mach-O, COFF, AR (archive), Intel HEX, and raw machine code. Supported architectures (32b only): Intel x86, ARM, MIPS, PIC32, and PowerPC.
Overview page for the DNS root servers. It contains links to general news and all the supporting organizations.
The website features a map with all geographic locations. It contains information about locations, IPv4/IPv6 reachability and IP addresses.
Each root server has its own subdomain in the form of http://a.root-servers.org. It contains access to historical performance data like:
Different information regarding reachability and connectiveness of ASs.
These websites allow you to browser the valid RPKI announcements. They show which address ranges are covered by RPKI and who the issuing authority is.
Website which tests, if your provider filters invalid annoucements using RPKI.
The RsaCtfTool is a tool supporting working with RSA keys. The main focus lies in a wide range of known attacks which are implemented and easy to use with it. This makes it suitable for CTFs, especially Jeopardies.
Sometimes it is necessary to run Docker containers for a different CPU architecture.
This Docker containers makes it possible to run other Docker containers with a different architecture.
It works by using
binfmt_misc, a Linux kernel feature to run files with interpreters, and installs qemu binaries for different architectures.
Helps in understanding macro_rules macros by automatically generating syntax diagrams for them.
Rust regulat expression editor and tester.
Shapecatcher looks up Unicode symbols based on a drawing of the symbol. It is conceptually similar to Detexify, but returns Unicode symbols instead of macros.
This tool searches through many services if they have a user with a given username. This can either be used to find usernames, which are still available on the important websites or to check for conflicting accounts.
This is a tcpdump-like program for printing TLS SNI and HTTP/1.1 Host fields in live or captured traffic.
A standalone C decompiler. Also has an IDA plugin.
Supports ARM, x86, and x86-64 architectures. Reads ELF, Mach-O, and PE file formats.
The website offers a large variety of crypto implementations which can be tested. It is helpful to solve unknown crypto challenges during CTFs. It is similar in concept to the CyberChef, but only for crypto.
Simple TLS proxy.
The website contains different
It starts with basic filters and then builds up ever more complex ones.
This is a good source for looking up complicated filters, if one does not want to write them themself.
A traceroute like tool, that detects where a path crosses an IXP.
The tool converts an input string into different and sometimes obscure Unicode characters. It is usefull to generate funny looking text or to generate a new username, if the desired on is taken.
For example, the tool supports ⓒⓘⓡⓒⓛⓔⓓ, 𝖋𝖗𝖆𝖐𝖙𝖚𝖗, 🆂🆀🆄🅰🆁🅴🅳, ꜱᴍᴀʟʟ ᴄᴀᴩꜱ, ɐup 𝕠𝕥𝕙𝕖𝕣 wɘiᴙb options.
vizAS by APNIC shows the connectiveness between different ASs split by countries. It is usefull to find the ASs which are most central in the graph.
These services allow you to create a domain name for any IP address. The IP address is encoded into the domain name. An overview over different services can be found here.
http://xip.io/ provides IPv4 only
https://nip.io/ provides IPv4 only
https://sslip.io/ provides IPv4 and IPv6
https://ip6.name/ provides IPv6 only
::in the IPv6 address.
Ziggy is a tool to inspect the RPKI ecosystem at arbitrary points in the past. It is developed by NlNetLabs. More details abouut the ziggy tool can be found in the announcement blogpost.
Different utilities for network scanning. Most imporantly the zmap component, which is a packet scanner for different protocols. It also contains other tools like ways to iterate over the IPv4 address space and blacklist/whitelist management.