README.md

Security References

References for various tools or resources for playing CTF's or conducting pentests

Contents:

• Reversing
• Pwn
• Web
• Network
• Stego
• Misc
• Forensic
• OSINT
• General Resources
• Tricks & Tips

---

Reversing

• ghidra | Reverse Engineering Framework
• gdb | Gnu Debugger for binaries
• radare2 | Dynamic Binary Analysis
• Imhex | Hex Editor especially for Reversing
• strings | Extract all strings from a file

Pwn

• metasploit | Exploit Toolkit
• searchsploit / exploitdb | Let's you search exploit db in the command line

Web

• sqlmap | Exploit tool for sql injection.
• gobuster | Path / Folder enumeration in URL's
• Burp Suite (Free Community Edition) | Web Proxy
• Zap | Web Proxy
• CeWL | Custom Wordlist Generator
• ffuf | Enumeration Tool for URL's

Network

• hydra | Bruteforce Tool
• Wireshark | Network Packet Analyzer / Listener
• Netcat | Commandlinetool to interact with services
• Swaks | Tool to interact with SMTP
• nmap | classic port scanner
• plink.exe | can be used to port forward on windows machines
• chisel | network pivoting tool
• evil-winrm | Tool to interact with Windows WinRM

Stego

• perl-image-exiftool | Tool to view metadata of images
• foremost | Let's you extract hidden data from a file
• imagemagick | Similar to exiftool. Let's you view image meta data
• stegextract | Extracts hidden information in images
• stegsolve | Similar to stegextract, extract hidden information in images
• stegoveritas | Tool for stego does a lot
• binwalk | Extracting Files in another File
• Aperi Solve | Website that does A TON of stego stuff

Misc

• imgclip | Extracts text from image
• tldr | Better man pages / short intro to the command and examples
• sqsh | Client for MSSQL
• beam | OpenVPN File Manager
• john (John The Ripper) | Password Cracker
• hashcat | Password Cracker
• hashid | Hash Identifier
• pspy | Process monitor without root priv
• jq | sed,awk,grep for json data
• Default Creds Cheat Sheet | Commandline Tool for looking up default creds for services

Forensics

• Volatility | Memory Forensic Tool
• SleuthKit | Volume and File System forensic

OSINT

• OSINT-Framework | A website that allows to do a lot of osint stuff

General Resources

• Webhooks | Web-based application to capture incoming requests
• Debuggex | Reggex Viewer
• ngrok | Tool for hosting a local port to the outside (still need to check to out)
• Impacket | Network Toolkit in Python
• PowerSploit | Powershell Tools for Pentesting
• Bloodhound | Analyze Active Directory Data
• bloodhound-python | Collects information remotely for bloodhound

Tricks & Tips

To see some useful tricks and tips see tips.md