Home

Awesome

sec-tools Build Status Amazing

NO LONGER MAINTAINED

Curated collection of tools for security research, CTFs, and fun, that I enjoy. Similar to zardus's ctf-tools, but with a more general focus on security.

Installers for the following tools are included:

CategoryToolDescription
binaryapktoolDisassemble, examine, and re-pack Android APKs
binarybinwalkFirmware (and arbitrary file) analysis tool.
binarychecksecCheck binary hardening settings.
binarydex2jarTools to work with android .dex files
binaryhxdA simple hex editor. Ran through wine. (Uses wine.)
binaryidafreeThe most popular interactive disassembler, free edition. (Uses wine.)
binaryjdguiA graphical Java Decompiler. (Uses wine.)
binarypedaEnhanced environment for gdb.
binarypreenyA collection of helpful preloads (compiled for many architectures!).
binaryqemuLatest version of qemu!
binaryqiraParallel, timeless debugger. Go back and forth in time.
binaryradare2Some crazy thing crowell likes.
binaryropgadgetSearch ROP gadgets, autocreate a ropchain, and fetch gadgets from a bin.
binaryupxA free and popular packer/unpacker.
cryptoaeskeyfindFind AES keys in a memory dump.
cryptocribdragInteractive crib dragging tool (for crypto).
cryptoevilizeTool to create MD5 colliding binaries
cryptoforesightA tool for predicting the output of random number generators. To run, launch "foresee".
cryptohashidSimple hash algorithm identifier.
cryptomsieveFactor primes, such as for RSA.
cryptopadbusterAutomated script for performing Padding Oracle attacks
cryptopkcrackPkZip encryption cracker.
cryptopython-paddingoraclePadding oracle attack automation.
cryptossh_decoderA tool for decoding ssh traffic.
cryptoyafuFast prime factorization.
cryptoxortoolXOR analysis tool.
fuzzersaflState-of-the-art fuzzer.
fuzzerspathgrindPath based fuzzer.
stegoElectronicColoringBookColorize data file according to repetitive chunks.
stegoexiftoolExamine EXIF/meta data of files.
stegolsbstegstego files into images using the Least Significant Bit.
stegopopplerA suite of tools to help take apart and work with PDF files
stegosteganabaraAnother image steganography solver.
stegostegdetectSteganography detection/breaking tool.
stegostegsolveImage steganography solver.
toolsbrakemanRuby-on-rails static-analysis security scanner.
toolsbruteforceA simple starter script for bruteforcing
toolsentropyA simple tool to test entropy of a file
toolsextundeleteRecover deleted files from an ext3 or ext4 partition.
toolspngtoolsDump info on a PNG file.
toolspyunpackUnpacker for packed Python executables
toolsshoeA simple tool to assist with TCP remote communication
toolsswftoolsTools for reading, creating, and working with swf files.
toolswordlistA huge wordlist to use for cracking or whatever.
webburpsuiteWeb proxy to do naughty web stuff.
webdirsearchWeb path scanner.
webhashpumpA tool for exploiting hash extension vulnerabilities.
webmitmproxyA programmable and interactive HTTP proxy useful
webnet-credsSniffs sensitive data from interface or pcap
websqlmapSQL injection automation engine.

Usage ❤️‍❤️‍

To use, do:

# download and set up
git clone https://github.com/eugenekolo/sec-tools.git
./sec-tools/sec-tools setup && source ~/.bashrc

# list the available category/tools
sec-tools list

# install whatever <category/tool-name>
sec-tools install binary/apktool

# use the tool - your path is automatically configured
apktool --version

Virtualization and Containers

Ready to launch, will install every tool for you. Grab a :coffee: while making these.

Docker Docker Badge

git clone https://github.com/eugenekolo/sec-tools.git
docker build -t sec-tools .
docker run -it sec-tools

Vagrant Vagrant Badge

wget https://raw.githubusercontent.com/eugenekolo/sec-tools/master/Vagrantfile
vagrant up
vagrant ssh

Adding Tools

To add a tool (say, named toolname), do the following:

  1. Decide what category it falls under. You probably shouldn't create a new one.
  2. Create a category\toolname directory.
  3. Create an install-ctf.sh script. It's a simple bash script, look at already made ones for example.

License :star2::star2:

The individual tools are all licensed under their own licenses. As for sec-tools itself, it is "starware". If you find it useful, star it on github (https://github.com/eugenekolo/sec-tools).

Acknowledgements

Built upon ctf-tools. Be sure to check them out.