Here’s a collection of tools that I’ve collected over the years. This page is a work in progress.
- IP Subnet calc - the Perl script is also downloadable…I use it a fair amount.
- Windows Linux Subsystem - Because bash!
- Grammarly - Love the Chrome/Mozilla plugins
- Todoist - great task mgmt app for iPhone/Win10/Mac/Web
- Duo - I use this for two factor auth both for push and to replace Google Authenticator code generation.
- This is one I need to watch now that Cisco has announced it will acquire it. Usually doesn’t end well for ‘free’ resources
- ioc-parser - excellent for stripping out IOC’s from various feeds.
- Attack Maps
Firewall Egress Testing
- VirusTotal - Great for checking to see if others have already seen a file hash
- I should write up my process for generating file hashes from email attachments
- Offers both Basic (Free) and Pro tier. Provides some comprehensive analysis and IoC’s.
- urlscan.io - “A sandbox for the web.” You give it a URL, it gives youa break down.
- URLVoid - Scan a website with multiple website reputation engines and domain blacklisting services.
Malicous Document Analysis
- Analyzing Malicious Documents Cheat Sheet - Lenny Zeltser’s blog post on the tools he uses to analyze maldocs.
- Analyzing PDF and Office Documents Delivered Via Malspam - SecurityIntelligence post on maldoc analysis tips
- Url Expansion
- Search Example: net:”18.104.22.168/26”) see https://danielmiessler.com/study/shodan/
- DNS Tool - DNS Audit Report
- ThreatMiner - “Designed to be the analyst’s first portal to visit when doing threat research.”
- I need to investigate this one more but looks powerful.
- Recon-ng Framework - Recon-ng contains plugins to pull a great deal of OSINT on a target
- Reconnaissance with Recon-Ng, Part 1 (Getting Started) - great stepping off resource
- Google Dorking
- NMAP tips for avoiding firewalls 10/01/2018
- https://www.sslchecker.com/ - validate SSL
- https://www.ssllabs.com/ssltest - a more in-depth test of SSL settings (TLS,etc.)
- So you wanna OSINT? Resources and Reading for those interested in OSINT
- Alienvault OTX
- Virusshare.com (have to login to search)
- Search for hash on
- Search hash on google
- Threat Miner
- coming soon
Threat Intel Reporting
- Defang all the things - How to use python to ‘defang’ threat IOC’s
- Templates (coming soon)
As the list grows, I will start sorting it out better.