A curated list of commonly used tools across the cybersecurity landscape โ including red team, blue team, malware analysis, reverse engineering, OSINT, and cloud security.
- Malware Analysis
- Reverse Engineering
- Penetration Testing
- Digital Forensics
- Linux Distributions
- Contribute
- License
- file - Determine file type.
- Exeinfo PE - Analyze Windows PE header information, packer detection, and gives hints on how to unpack.
- TrID - Use pattern database to determine file types, gives a likelihood of detected type.
- PEiD - Detects common packers, cryptors, and compilers for PE files.
- Detect-It-Easy - Determines types of files for Windows, Linux, and MacOS.
- KapeFiles - A tool for acquiring and processing forensic artifacts.
- md5sum - Compute and check MD5 message digest.
- sha256sum - Compute and check SHA256 message digest.
- sha512sum - Compute and check SHA512 message digest.
- HashMyFiles - Calculates MD5 and SHA1 hashes of one or more files.
- IgorWare Hasher - Free SHA-1, MD5, and CRC32 hash generator for Windows.
- ComputeHash - Calculates MD5, SHA1, SHA256, SHA384, and SHA512 hashes.
- GET-FileHash - Computes hash value for a file using a specified hash algorithm (Microsoft PowerShell module).
- ssdeep - Computes Context Triggered Piecewise Hashes (CTPH) for fuzzy matching.
- impfuzzy - Calculates Fuzzy Hash from import API of PE files.
- pehash - Compilation of peHash implementations.
- strings - Print sequences of printable characters in files.
- BinText - Extracts ASCII, Unicode, and Resource strings from files.
- XORSearch - Searches for strings in XOR, ROL, ROT, or SHIFT encoded binary files.
- flare-floss - Automatically extracts obfuscated strings from malware.
- StringsDump - Extracts and identifies text from binary files.
- PeStudio - Examines executable files in depth.
- CFF Explorer - Inspect and analyze Portable Executable (PE) files.
- PE Explorer - Inspects Windows applications and libraries.
- pe-bear - Multiplatform reversing tool for PE files.
- PEView - Lightweight utility for inspecting PE files.
- Dependency Walker - Builds hierarchical tree diagram of dependent modules.
- DLL Export Viewer - Displays exported functions and their addresses for DLL files.
- PEPack - Python library for inspecting and manipulating PE files.
- yara - Tool for identifying and classifying malware samples.
- Loki - IOC and YARA Scanner.
- zipdump - Analyzes zip files and runs YARA rules.
- ExifTool - Reads, writes, and edits meta information in files.
- pdf-parser - Parses PDF documents to identify fundamental elements.
- pdfid - Scans for PDF keywords indicating JavaScript or actions.
- pee-pdf - Analyzes PDF documents.
- SpiderMonkey - Modified Mozilla JavaScript implementation for malware analysis.
- PDF-XChange - In-depth analysis and editing of PDF documents.
- pdfunite - Merges multiple PDF files into a single file.
- OfficeMalScanner - Scans MS Office documents for malicious traces.
- ole-tools - Analyzes MS OLE2 files and Office documents.
- ViperMonkey - VBA parser and emulation engine.
- Lazy Office Analyzer - Extracts URLs, VB-script, and JavaScript from Office documents.
- OfficeScan - Analyzes Microsoft Office documents for malware and other threats.
- oletools - Extracts VBA macros from Office files and detects obfuscation techniques.
- Pafish - Detects virtual machines and malware analysis environments.
- VMProtect - Anti-debugging and anti-VM software protection.
- 010 Editor - Powerful hex and text editor.
- HxD - Fast hex editor with raw disk editing capabilities.
- Hex Workshop - Visualizes data through graphical representations and charts.
- Bless - High-performance, full-featured hex editor.
- hexitor - terminal hex editor.
- Resource Hacker - Resource editor for Windows applications.
- Resource Tuner - Allows you to edit resources within executables and DLLs.
- API Monitor - Monitors and controls API calls.
- WinAPIOverride - Monitors, intercepts, and logs API calls.
- ListDLLs - Lists all the DLLs loaded into processes (SysInternals).
- Handle - Lists open handles for system processes.
- Cuckoo Sandbox - Automated malware analysis system.
- Sandboxie - Isolates applications in a virtual sandbox.
- Fakenet-NG - Fake network environment for malware analysis.
- Volatility - Advanced memory forensics framework.
- Procmon - Monitors and logs real-time file system, Registry, and process/thread activity (SysInternals).
- Regshot - Takes snapshots of the Registry and compares them.
- APISpy - Captures and analyzes API calls made by applications.
- ProcDot - Visualizes process and thread behavior.
- VirusTotal โ Free service for scanning files and URLs to detect malware and gather threat intelligence.
- MISP โ Open-source threat intelligence platform for sharing, storing, and correlating indicators of compromise (IOCs).
- OpenCTI โ Open-source platform for managing cyber threat intelligence knowledge and observables.
- AlienVault OTX โ Open Threat Exchange platform for community-driven threat intelligence and IOCs.
- Recorded Future โ Commercial threat intelligence platform providing real-time threat analysis and risk scoring.
- ThreatConnect โ Threat intelligence platform combining data aggregation, analytics, and response workflows.
- CIRCL โ Computer Incident Response Center Luxembourg; provides threat intelligence feeds and malware analysis.
- Hybrid Analysis โ Malware analysis service with detailed threat intelligence reports.
- Abuse.ch โ Provides threat feeds such as ransomware and malware campaign trackers.
- autosecure - Threat-feed IP block automation for Linux and macOS firewalls.
- Ghidra - Software reverse engineering framework.
- Radare2 - Open-source reverse engineering framework.
- IDA Pro - Interactive disassembler and debugger.
- Binary Ninja - Reverse engineering platform.
- x64dbg - Open-source debugger for Windows.
- Hopper - Reverse engineering tool for macOS and Linux.
- OllyDbg - 32-bit assembler level debugger for Windows.
- Cutter - Qt and C++ GUI powered by Radare2.
- JADX - Dex to Java decompiler.
- JD-GUI - Decompiler for Java bytecode.
- CFR - Another Java decompiler.
- Procyon - Java decompiler for modern Java features.
- FernFlower - IntelliJ's Java decompiler.
- Krakatau - Java decompiler, assembler, and disassembler.
- dnSpy - .NET debugger and assembly editor.
- dotPeek - .NET decompiler from JetBrains.
- ILSpy - Open-source .NET assembly browser and decompiler.
- JustDecompile - Free .NET decompiler from Telerik.
- Metasploit - Penetration testing framework.
- Aircrack-ng - Suite of tools for wireless network security.
- Nessus - Vulnerability scanner.
- Wireshark - Network protocol analyzer.
- Sqlmap - Automated SQL injection and database takeover tool.
- Dradis - Open-source collaboration and reporting tool for information security teams.
- Sublist3r - Fast subdomain enumeration tool.
- Recon-ng - Full-featured Web Reconnaissance Framework.
- Empire - PowerShell and Python post-exploitation agent.
- BuiltWith โ Identify technologies, frameworks, and services used by websites.
- Wappalyzer โ Detect web technologies including CMS, frameworks, analytics, and servers.
- WhatWeb โ Website fingerprinting tool to identify web technologies.
- HTTrack โ Website mirroring tool for offline analysis.
- WHOIS โ Query domain registration and ownership information.
- Netcraft โ Checking the technology and infrastructure of any site.
- Sublist3r โ Fast subdomains enumeration tool for penetration testers.
- Google Dorking โ Advanced search techniques to discover exposed information.
- theHarvester โ Gather emails, subdomains, hosts, and employee names from public sources.
- Nmap โ Network scanning and discovery tool for hosts, services, and ports.
- dnsrecon โ Perform DNS enumeration using direct queries and brute forcing.
- dnsenum โ DNS enumeration tool supporting zone transfers and brute-force attacks.
- Netdiscover โ Active and passive ARP reconnaissance tool.
- wafw00f โ Identify and fingerprint web application firewalls (WAFs).
- Burp Suite - Integrated platform for web application security testing.
- OWASP ZAP - Open-source web application security scanner.
- MobSF - Mobile Security Framework for static and dynamic analysis.
- Drozer - Android security assessment framework.
- Frida - Dynamic instrumentation toolkit for developers, reverse engineers, and security researchers.
- AppMon - Monitor and analyze mobile apps on Android and iOS.
- APKTool - Decompiles and rebuilds APK files.
- AndroGuard - Android reverse engineering tool.
- Burp Suite Mobile Assistant - Integrated mobile assistant for Burp Suite.
- Magisk - Rooting solution with systemless root for Android.
- AppUse - Open-source Android security testing platform.
- The Sleuth Kit (TSK) - A library and collection of command-line tools for digital forensics.
- Autopsy - Digital forensics platform and graphical interface.
- FTK Imager - Forensic imaging tool.
- X1 Search - Forensic search and data extraction tool.
- Bulk Extractor - Extracts useful information from disk images.
- Kali Linux - Comprehensive penetration testing distribution with numerous security tools.
- Parrot Security OS - Security-oriented Linux distribution designed for security experts and developers.
- BackBox - Ubuntu-based Linux distribution for security and analysis.
- BlackArch - Arch Linux-based distribution for penetration testers and security researchers.
- Tails - Live operating system that you can start on almost any computer from a USB stick or a DVD.
- Qubes OS - Privacy-focused Linux distribution that uses virtualization to isolate security-sensitive tasks.
- REMnux - Linux toolkit for reverse engineering and analyzing malware.
- Caine - Live CD Linux distribution for digital forensics.
- Whonix - Privacy-focused Linux distribution that leverages Tor for anonymous communication.
- Pentoo - Live CD and installable Linux distribution based on Gentoo optimized for penetration testing.
Contributions are always welcome ๐ค
Feel free to contribute by submitting a pull request or opening an issue to suggest improvements or additional tools. Please review the Contribution Guidelines.