Cyber Security Tools
Autopsy is an open-source, digital forensic platform, that is capable of analysing all types of mobile devices and digital media, and is produced by an organisation called Basis Tech. It provides a plug-in architecture that allows you to find add-on modules or develop custom modules in Java or Python.
Autopsy's graphical user interface provides access to the collection of command line tools found in The Sleuth Kit and is available on platforms including Microsoft Windows, Linux and macOS.
Useful Links
CyberChef is said to be the cyber Swiss army knife. It is a browser-based web application for carry out cyber related tasks including, simple encoding, complex encryption, creating binary and hexdumps, compression, and decompression of data, calculating hashes and checksums, IPv6 and X.509 certificate parsing, changing character encodings, and much more.
CyberChef provides many different operations that can be combined together to perform a larger task, referred to as a recipe, which can be saved for later use.
Useful Links
Nessus, developed by an organisation called Tenable, Inc, is an open-source vulnerability scanner. It is a tool that checks computers to find vulnerabilities that could be exploited. It can be used to check for vulnerabilities that allow unauthorised control or access to sensitive data, misconfigurations, as well as denial of service vulnerabilities and more.
Nessus uses the Common Vulnerabilities and Exposures architecture for easy cross-linking between compliant security tools. It works by testing each port on a computer, determining what service it is running, and then testing this service to make sure there are no vulnerabilities in it that could be used by a hacker to carry out a malicious attack.
Useful Links
Nmap, short for Network Mapper, is an open-source tool for exploring networks and auditing their security. It can be used to determine what hosts are available on a network, what services the hosts are running, what operating systems they are using, the type of packet filters and firewalls in use, and much more. As well as security auditing, it can also be useful for routine tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.
Below is a sample of Nmap commands.
Scan a single IP address.
nmap 192.168.1.1
Scan two IP addresses at the same time.
nmap 192.168.1.1 192.168.2.1
Scan a range of IP addresses.
nmap 192.168.1.1-254
Scan a web address.
nmap www.example.com
Exclude an IP address from a scan.
nmap -exclude 192.168.1.1
List target IP addresses without completing a scan.
nmap 192.168.1.1-3 -sL
Scan selected TCP ports for a specified IP address.
nmap 192.168.1.1 -p T:21-25,80
Scan selected protocol for a specified IP address.
nmap 192.168.1.1 -p https
Useful Links
Snort is an open-source, network-based intrusion detection system (IDS) and intrusion prevention system (IPS). It provides real-time network traffic analysis, enabling the monitoring of suspicious activity, such as attempts to take advantage of software flaws or unauthorised access.
A wide range of network-based attacks, such as malware infections, efforts at network reconnaissance, and denial-of-service attacks, to name a few, can be found with Snort. It uses a pre-established set of rules in order to do this.
Useful Links
Wireshark is software that allows the user to see what is happening on a computer network at a low level in detail. It is said to be the world’s foremost and widely-used network protocol analyser, which is used in both commercial and non-profit organisations, as well as government agencies and educational establishments.
Wireshark is free, open-source software, that runs on a number of different platforms including, Microsoft Windows, Linux and macOS. Some of its features include, live capture of network data, the ability to inspect hundreds of protocols, view and analyse network data through a graphical user interface, as well as decryption support for many protocols and much more.
Useful Links
Zed Attack Proxy, or ZAP for short, is a penetration testing tool for finding vulnerabilities in web applications. Due to its ease of use, it can be used by security professionals, as well as developers and those involved in functional testing.
ZAP was initially started as a small project by the Open Web Application Security Project (OWASP), however, today it is maintained by a community of individuals from all over the world.
ZAP provides automated vulnerability scans, as well as a set of tools that allow for the discovery of security vulnerabilities manually.