CyberSecurity ToolKit
  • DoubtfulTurnip's CyberSecurity Toolkit
  • About the Turnip
  • CTF platforms
  • Tools List
    • Security Tools
      • Blue Team
      • Crypto & Cracking
      • Exploit
      • Post-Exploit
      • Forensics
      • ICS/IOT
      • Mobile
      • OSINT
      • POC
      • Red Team
      • Reversing & Binary Exploit
      • Scanning & Recon
    • Security Tool Plugins & Scripts
      • Nmap
      • Wordlists
      • Volatility
    • Privacy Tools
      • Collaboration
      • DNS
      • Email
      • Instant Messaging
      • Password Management
      • Search Engines
      • VPN
      • Web-Browser Privacy
    • Web Based Tools
      • Crypto & Cracking
      • Exploit
      • Forensics
      • OSINT
      • Reporting
      • Reversing & Binary Exploit
      • LOL
    • Misc Tools
      • Productivity
      • Web Browsing Enhancers
  • Guides
    • Cheat Sheets
      • General
      • Crypto & Cracking
      • Exploit
      • Forensics
      • Linux
      • Post-Exploitation
      • Recon
      • Network
      • Windows
      • SANS
    • Specific Techniques
      • Crypto & Cracking
      • Exploit
      • Forensic
      • Post-Exploit
      • Red Team
      • Reversing & Binary Exploit
    • Tool Usage Guides
    • Quick Reference Commands and Code
      • APK analysis
      • Linux Shell
      • LUA
      • Network Forensics
      • Perl
      • PowerShell
      • Python
      • Ruby
      • SSH Port Forwarding
      • Windows Command Prompt
  • Education
    • Educational Resources
      • Kids
      • Training Platform
      • Udemy
      • YouTube
      • Misc
  • CTF Archive
    • Retired CTF Write-ups
    • CSC CTF 2020 Challenges
      • Hack The Game 1 & 2
      • Respond Quickly or the puppy gets it
      • Corrupted File
      • raindoll
      • A Simple Cipher
      • Stop Being Esoteric
      • GrOops Policy
      • Unlocking Secrets
      • Numbers Stations and Locations 1
      • Numbers Stations and Locations 2
      • Numbers Stations and Locations 3
      • Numbers Stations and Locations 4
      • NoScope
      • ... If only we had MFA 1
      • ... If only we had MFA 2
      • ... If only we had MFA 3
      • ... If only we had MFA 4
      • Sometimes Simpler is Better
      • Catch Me If You Can Too
      • Guess What
      • Katz and Their Memory
      • A Bob's life 1
      • A Bob's life 2
      • A Bob's life 3
      • A Bob's life 4
      • A Bob's life 5
      • Hives 1
      • Hives 2
      • Hives 3
      • Hives 4
      • SNMP Shenanigans
      • Certified G
      • Magic Numbers are the best numbers
      • Getting Roasted
      • Remote Users / Getting Roasted 2
      • My Beautiful Research!
      • Find the Droids 1
      • Find the Droids 2
      • Find the Droids 4
      • TotalVirus
      • She sells PowerShells
    • CSC CTF 2020 Write-ups
      • Guess What
      • A Simple Cipher
      • Speed Me Up Scotty
      • Squinty
      • Down the rabbit hole 2
      • Sometimes Simpler is Better
      • Tiny Secrets
      • dota
      • TotalVirus
  • Sources
    • Curated List of Collated Lists
Powered by GitBook
On this page

Was this helpful?

  1. Tools List
  2. Security Tools

Forensics

DFIR tools to add capabilities for the analyses of protocols and data

AD-Replication-Metadata

DescriptionThis simple script allows you to track past changes on your AD objects, even if event logs were wiped (e.g. during an Incident Response), using Replication metadata history. No special permissions needed (no admin required).

AnalyzePDF

Analyzes PDF files by looking at their characteristics in order to add some intelligence into the determination of them being malicious or benign.

AudioStego

Tool for hiding and retreiving information from audio files

AutoVolatility

Run all plugins for Volatility and pass reports out into folder structure for review

Binwalk

Firmware Analyses Tool. Extract files, view Hex etc

BruteShark

BruteShark is a Network Forensic Analysis Tool (NFAT) that performs deep processing and inspection of network traffic (mainly PCAP files)

Deepix

Depix is a tool for recovering passwords from pixelized screenshots

Exif Tool

Offline EXIF identification and manipulation tool

Extundelete

Extundelete is a utility to undelete files from an ext3 or ext4 partition

Face_recognition

Basic Python script for facial recognition

Freq-PS

PowerShell Script to analyse objects in order to determine randomness. For example analysing domain names for DGA's

Foremost

DFIR file carving tool. Link is for Source build. Prebuilt found on SourceForge

Ghiro

Forensic analysis and report generation tool for images

Hayabusa

Hayabusa is a Windows event log fast forensics timeline generator and threat hunting tool

Hoarder

Hoarder is a script made to collect and parse the most valuable artifacts for forensics or incident response investigations rather than imaging the whole hard drive

NetworkMiner

Orochi

Orochi is an open source framework for collaborative forensic memory dump analysis.

Peepdf

Python tool to explore PDF files

pyWhat

what's job is to identify what something is. Whether it be a file or text! Or even the hex of a file! What about text within files? We have that too! what is recursive, it will identify everything in text and more!

Sonic Visualiser

Audio Analyses Tool

ssh_decoder

Can decrypt ssh connections if one end is using vulnerable openssl - from PCAP

StegCracker

Steganography brute-force utility to uncover hidden data inside files

Stego-toolkit

Many tools for Steganography challenges in one package. Can be run in docker.

Stegsolv

Steganography solving tool for image formats

unredacter

ViperMonkey

ViperMonkey is a VBA Emulation engine written in Python, designed to analyze and deobfuscate malicious VBA Macros contained in Microsoft Office files (Word, Excel, PowerPoint, Publisher, etc).

Volatility

DFIR tool for analyzing data in dumped file formats

Volatility Workbench

GUI for Volatility

VolUtility

Web Interface for Volatility Memory Analysis framework

Win10_Volatility

Volatility with additional support for Win 10

Wireshark

Network packet analyser

PreviousPost-ExploitNextICS/IOT

Last updated 2 years ago

Was this helpful?

NetworkMiner is an Network Forensic Analysis Tool (NFAT) for Windows (but also / / ).

Shows you why you should never ever ever use pixelation as a redaction technique. For a more complete writeup of how this works, .

https://github.com/YossiSassi/AD-Replication-Metadata
https://github.com/hiddenillusion/AnalyzePDF
https://github.com/danielcardeenas/AudioStego
https://github.com/carlospolop/autoVolatility
https://github.com/ReFirmLabs/binwalk
https://github.com/odedshimon/BruteShark
https://github.com/beurtschipper/Depix
https://exiftool.org/
https://sourceforge.net/projects/extundelete/
https://github.com/ageitgey/face_recognition
https://github.com/jcjohnson34/Freq-PS
https://github.com/jonstewart/foremost
https://github.com/Ghirensics/ghiro
https://github.com/Yamato-Security/hayabusa
https://github.com/muteb/Hoarder
open source
works in Linux
Mac OS X
FreeBSD
https://www.netresec.com/index.ashx?page=NetworkMiner
https://github.com/LDO-CERT/orochi
https://github.com/jesparza/peepdf
https://github.com/bee-san/pyWhat
https://www.sonicvisualiser.org
https://github.com/jjyg/ssh_decoder
https://github.com/Paradoxis/StegCracker
https://github.com/DominicBreuker/stego-toolkit
https://github.com/zardus/ctf-tools/blob/master/stegsolve/install
check out my blog post here
https://github.com/BishopFox/unredacter
https://github.com/decalage2/ViperMonkey
https://volatilityfoundation.org
https://www.osforensics.com/tools/volatility-workbench.html
https://github.com/kevthehermit/VolUtility
https://github.com/fireeye/win10_volatility
https://wireshark.org