CS335: Resources

This page contains links and tools to help you throughout the course.

Development Environment

• Microsoft Visual Studio is an integrated development environment from Microsoft. It is used to develop computer programs, as well as websites, web apps, web services and mobile apps.
• GCC, the GNU Compiler Collection.
• GDB, the GNU Project Debugger.
  • A tutorial by the visualgdb folks.
• GNU make and GNU make manual.

Passive Capture

• Wireshark is the most popular tool for passive packet capture and analysis.
  • Sample Captures
• Microsoft Message Analyzer is an extensible tool for analyzing network. traffic on Windows. Retired on November 25, 2019.
• TCPDump & libpcap is a powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture, and it’s windows implementation WinPcap.
  • Programming with pcap by Tim Carstens.
• netwox is a network toolbox is a network toolbox for network administrators and network hackers.
• netwib is a network library is a network library, for network administrators and network hackers.
  • netwox already contains several tools using the netwib network library.
• netwag is a graphical front end for netwox.
  • netwox & netwag Troubleshooting guide.
• NetworkMiner is an open source Network Forensic Analysis Tool.
• tcptrace is a tool for analysis of TCP dump files.
• tcpflow is a powerful command line based tool for analyzing network traffic.

Active Capture

• The Canape tool as a generic network protocol man-in-the-middle testing, analyzing, and exploitation tool with a usable GUI.
• Canape Core is a stripped-down fork of the original Canape code base, are designed for use from the command line.
• Mallory is an extensible man-in-the-middle tool that acts as a network gateway, which makes the process of capturing, analyzing, and modifying traffic transparent to the application being tested.

Network Connectivity

• The Hping tool is similar to the traditional ping utility, but it supports more than just ICMP echo requests.
• Netcat is a command line tool that connects to an arbitrary TCP or UDP port and allows you to send and receive data.
  • Netcat cheat sheet pocket reference guide.
• If you need to scan the open network interface on a remote system, nothing is better than Nmap.
• netdiscover is a network address discovering tool, install by using sudo apt-get install netdiscover.
• Masscan is the world’s fastest internet port scanner.
• curl is a command line tool and library for transferring data with URLs (since 1998).
• wget is a free software package for retrieving files using HTTP, HTTPS, FTP and FTPS.
• HTTPie—aitch-tee-tee-pie is a user-friendly command-line HTTP client for the API era.

Web Testing (Web Proxies)

• Burp or Burp Suite is the gold standard of commercial web application–testing tools.
• OWASP Zed Attack Proxy ZAP.
• w3af is a Web Application Attack and Audit Framework.
• mitmproxy is an interactive, SSL/TLS-capable intercepting proxy with a console interface for HTTP/1, HTTP/2, and WebSockets.
• Charles is an HTTP proxy, an HTTP. monitor, and a reverse proxy. It enables you to view HTTPS traffic.
• HTTrack website copier.

Vulnerability Exploitation

• Metasploit is pretty much the only game in town when you need a generic vulnerability exploitation framework, at least if you don’t want to pay for one.
• Ettercap is a comprehensive suite for man in the middle attacks.
• Scapy is a network packet generation and manipulation library for Python.
  • Scapy Usage
• sqlmap allows for easy discovery and exploitation of SQL injection vulnerabilities.
• sqlninja is a SQL Server injection & takeover tool.
• ghauri utomates the process of detecting and exploiting SQL injection security flaws.
• nessus is a proprietary vulnerability scanner developed by Tenable Network Security.
• Nikto is an Open Source web server scanner.
• OpenVAS is an Open Vulnerability Assessment Scanner.
• Amass in-depth attack surface mapping and asset discovery.
• Gobuster is a tool used to brute-force URIs including directories and files as well as DNS subdomains.
• dsniff is a collection of tools for network auditing and penetration testing.
• Arachni is an open source, modular, high-performance Ruby framework with focus on evaluating the security of web applications.

Network Spoofing

• Ettercap is a man-in-the-middle tool designed to listen to network traffic between two devices.
• DNSMasq is designed to quickly set up basic network services, such as DNS and DHCP, so you don’t have to hassle with complex service configuration.
• arpspoof is a simple ARP spoofer for Windows.

Password Crackers

• Hash Suite is a Windows program to test security of password hashes.
• hashcat is the world’s fastest and most advanced password recovery utility.
• John the Ripper is a fast Open Source password cracker.
  • The official repo.
  • The password hash file bundle from the KoreLogic 2012 DEFCON challenge. Decompress with bzip2 -dk cmiyc_2012_password_hash_files.tar.bz2.
  • A large word list containing 1,493,677,782 words can be found at crackstation.
  • Bruteforce find wordlists
• RainbowCrack crack hashes with rainbow tables.
• Ophcrack is a free Windows password cracker based on rainbow tables.
• THC-Hydra is one of the most widely used online hacking tool.
• aircrack-ng is probably the best Wi-Fi hacking software available.
• Forgot your old windows box password? Try ntpasswd.

Steganography/Content Discovery

• OpenStego can hide any data within a cover file (e.g. images).
• Camouflage allows any file to be hidden within any other file.
• KiteRunner Contextual Content Discovery Tool.

System Utilities

• Sysinternals Suite is a suite of more than 70 freeware utilities used to monitor, manage and troubleshoot the Windows operating system.
• NirSoft is a unique collection of small and useful utilities, including password recovery, networking tools, forensics and more.

API Development

• Postman API development environment.
• Fiddler is free web debugging proxy for any browser, system or platform.
• A RESTful Tutorial.

Forensics

• Open Source Digital Forensics.
• OfflineRegistryView is a simple tool for Windows that allows you to read offline Registry files from external drive and view the desired Registry key in .reg file format. OfflineRegistryView is by NirSoft which also provides a plethora of other related tools.
• sleuthkit.org is the official website for The Sleuth Kit®, Autopsy®, and other open source digital investigation tools.
• The Cyber Swiss Army Knife CyberChef - a web app for encryption, encoding, compression and data analysis.
• Hash, hashing and encryption toolkit: https://md5hashing.net/
• Maltego is a computer forensics and OSINT tool.

Reverse Engineering

• The Java Decompiler JD aims to develop tools in order to decompile and analyze Java 5 “byte code” and the later versions.
• IDA PRO is the best-known tool for reverse engineering executables
• Hoppper is the macOS and Linux Disassembler.
• ILSpy is the open-source .NET assembly browser and decompiler.
• .NET Reflector is the original .NET decompiler.
• OllyDbg is a 32-bit assembler level analyzing debugger for Microsoft Windows.
• Ghidra software reverse engineering (SRE) suite of tools developed by NSA’s Research Directorate in support of the Cybersecurity mission.

Open-Source Intelligence

• OSINT Framework provides holistic look at resources and techniques.
• https://osintcurio.us/.
• OSINT framework by Bruno Mortier.
• Shodan is the first search engine for the Internet of Everything.
• Flight & Vessel tracking
  • https://www.adsbexchange.com
  • https://opensky-network.org
  • https://flightaware.com
  • http://shipfinder.co
  • http://www.myshiptracking.com
  • https://www.marinetraffic.com
  • https://www.vesselfinder.com
  • https://www.flightradar24.com
  • https://planefinder.net
• DNSDumpster DNS recon & research, find & lookup DNS records.
• spiderfoot automates OSINT so you can find what matters, fast.
• PimEyes is a face/reverse image search engine.
• OctoSuite is a framework for gathering OSINT on GitHub users, repositories and organizations.
• Recon-Ng is a gathering tool aimed at reducing the time spent harvesting information from open sources.
• theHarvester gathers names, subdomains, IP, email and URLs.
• metagoofil metadata information (pdf,doc,xls,ppt,docx,pptx,xlsx) gathering.
• searchcode searches 75 billion lines of code from 40 million projects.

Supplemental Material

• High Performance Browser Networking is what every web developer should know about networking and web performance.
• Eloquent JavaScript is a book about JavaScript, programming, and the wonders of the digital.
• Beej’s Guide to Network Programming.
• Principles of chaos engineering
• Programmable Web - retired.

Security Threats

• The OWASP Top Ten Project is a powerful awareness document for web application security.
• The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
• CWE™ is a community-developed list of common software security weaknesses.
• Web Security Threat Classification.
• The CAPTCHA Project Telling Humans and Computers Apart.
• CVE Details the ultimate security vulnerability data source.
• Common Vulnerability Scoring System Calculator
• OWASP Threat Modeling Cheat Sheet

Bounty Platform

• HackerOne is a vulnerability coordination and bug bounty platform that connects businesses with cybersecurity researchers.
• Bugcrowd is a crowdsourced security platform; managing organizations bug bounty, vulnerability disclosure, and next-gen pen test programs.

Penetration Testing Platforms

• Hack The Box is an online platform to test and advance your skills in penetration testing and cyber security.
• Vulnhub provides materials that allows anyone to gain practical ‘hands-on’ experience in digital security.
• Hack This Site is a legal free training ground for users to test and expand their hacking skills.
• The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of fun-filled games
• We Chall offers computer-related problems and links to other challenges.
• Google Gruyere - Web Application Exploits and Defenses.
• 247CTF The game never stops.
• TryHackMe

Repositories

• BIND 9 source code and issues.
• Google Project Zero make the discovery and exploitation of security vulnerabilities more difficult, and to significantly improve the safety and security of the Internet for everyone.

Exploit Databases

• The Exploit Database is a CVE compliant archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers.
  • The Google Hacking Database is a project from the Exploit-DB.com domain name, an alternative way to find vulnerable apps and extract information or to gain privileges.
• CXSecurity database offers direct access to latest exploits from a web-based interface.
• Rapid7 repository of vetted computer software exploits and exploitable vulnerabilities.
• Vulnerability Lab offers access to a large vulnerability database complete with exploits and PoCs for research purposes.

Technical Documentation