Awesome Cyber Tooling
Awesome Cyber Tooling

Awesome Cyber Tooling

Malware Analysis

RATDecoders

  • URL: https://github.com/kevthehermit/RATDecoders
  • 5c9f07006bb349168d0f319914ec3c10
    image

    6dcf4c75c2e846aea1ba3853f8962e58
    image

Malconf is a python3 library that can be used to statically analyze specific malware families (mostly RATs) and extract the Configuration data that can be used by Incident Responders during an incident. As a library, it can also be installed into automated malware analysis pipelines.

Network Data Analysis

PCredz

  • URL: https://github.com/lgandx/PCredz
  • ce63640ae35342378d11bc66d9e80100
    image

    c6ba07db8a68456290994292a6b6d473
    image

This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.

Nmap Atlas: Natlas

  • URL: https://github.com/natlas/natlas
  • dc4f9c9a34e7491e80fae3b792148951
    image

    ffc3c69e279441ff85fd7eb3975f7c64
    image

Natlas is a collection of nmaps in a website. Natlas’ objective is to make it easy to perform continuous scanning and review collected data.

The goal of Natlas is not to identify a bunch of vulnerabilities, necessarily, but rather to identify exposure. Perhaps you want to make sure that no one is running ssh with password auth enabled. Or perhaps you want to look for any exposed nfs, smb, or rsync shares. Maybe you want to look for expiring or expired ssl certificates, or weak ssl ciphers being used. Since Natlas uses the popular nmap port scanner, you can easily use any default nmap scripts in your scans.