This section will highlight tools I think are interesting and useful. This is mostly a personal list of tools that I think are interesting. I don’t plan to list what I think are de facto standards (e.g. wireshark, Nikto, nmap, Metasploit, anything in Backtrack etc.).

I’d love to hear about other tools you have in your arsenal, so that I can add them to mine.

[tabs slidertype=”top tabs”] [tabcontainer] [tabtext]InvestigationIncident Response[/tabtext] [tabtext] ResearchAttack [/tabtext] [tabtext] Misc [/tabtext] [/tabcontainer]
[tabcontent] [tab]Cuckoo Sandbox – Powered by Rapid7, a malware analysis system

IEHistoryView – From NirSoft, a handy tool to view IE history

MozillaHistoryView – From NirSfot, view Mozilla History

ChromeHistoryView– You see a theme here?

WinPrefetchViewView – From NirSfot, view the windows Prefetch to see recent executable activity. For more info on prefetch see this link

DNSDataView– From NirSfot, quick gui to run some DNS checkswhois lookups

sandboxie– From Sanboxie, run a browser in a sanbox, to checkout possible malicious links without scripts (etc.) running on your computer

Remote Process Explorer– From Lizard systems, showscontrols processesthreads on remote machine

Process Hacker– Sourceforge project, combines process explorer and tcpview functionality all in one

ofview– From NirSfot, simliar to Linux lsof command, shows opened files on windows

fport– From McAfee, fport reports all open TCP/IP and UDP ports and maps them to the owning application. This is the same information you would see using the ‘netstat -an’ command, but it also maps those ports to running processes with the PID, process name and path.

PsLoglist– From Sysinternals, dump localremote event logs

Dbgview– From Sysinternal, lets you monitor debug output on localremote system to catch the debug output

Strings– From Sysinternals, find unicode or ascii strings in object files or executables

Mandiant Free Tools– From Mandiant, A bunch of tools for incident response, memory inspection acquisition, compromise or infection detection and whatnot

[/tab] [tab] xssf– From a Google code project, cross site scripting framework to help identify and weaponize XSS attacks

ProVM Auditor– From Proso, a vulnerability scan output aggregator

kippo– From a Google code project, SSH honeypot (loads of fun!)

yersinia– From yersinia.net, a network protocol security testing tool (mainly layer 2 attacks like VLAN hopping)

Immunity Debugger– From Immunity, a debugger… that is all

Active Python– From Active State, a python distro that runs on Windows, *nix and Mac that I like to use for synthetic transactions (and to wield the power of python!)

MagicTree– From Gremwall, quote “MagicTree is a penetration tester productivity tool. It is designed to allow easy and straightforward data consolidation, querying, external command execution and (yeah!) report generation.”

Gray Wolf & Gray Dragon– From digitalbodyguard.com, a set of tools for researching and exploitingattacking .NET applications

Google Diggity– From Stach & Liu, tools for using Internet search engines and social media for OSINT and vulnerability detection (think NextGen Google Hacking)

AutoIT – From AutoIT, quote “AutoIt v3 is a freeware BASIC-like scripting language designed for automating the Windows GUI and general scripting.”

SoapUI – From Smeart Bear, An open source tool for testing and interrogating SOAP services.[/tab]
[tab]Expresso– From Ultrapico, a great regular expression creationanalysistesting tool

Large Text File Viewer– From Swiftgear, a viewer for very large files that can crash some text editors or viewers

lessmsi– A Google code project to extractinspect msi files

Baretail– From Baremetalsoft, a real time log viewer with GUI, functions similar to *nix tail command

PDF Split and Merge– From PDFsam, a PDF manipulation utility

PureText– From stevemiller.net, a utility that allows you to paste text without formatting, aka raw text

Zip2Secure– From Chilkatsoft, create self extracting exe’s from zip files

Freeproxy– From Handcrafted Software, a quick and easy proxy server that creates HTTPSOCKS proxies on Windows machines

FreeSSHd– From freesshd.com, A lightweight SSH server for Windows

GetDataBack – From Runtime Software, a data recovery tool to recover deletedcorrupted files from NTFSFAT file systems [/tab] [/tabcontent] [/tabs]