These tools are used for security/malware analysis.
- PolarProxy - Real time transparent SSL/TLS proxy.
- Proxify - Go based proxy with filtering and a DSL to allow modification of requests/responses.
- BruteShark - BruteShark is a Network Forensic Analysis Tool (NFAT) that performs deep processing and inspection of network traffic (mainly PCAP files, but it also capable of directly live capturing from a network interface). It includes: password extracting, building a network map, reconstruct TCP sessions, extract hashes of encrypted passwords and even convert them to a Hashcat format in order to perform an offline Brute Force attack.
- chainsaw - Chainsaw provides a powerful ‘first-response’ capability to quickly identify threats within Windows event logs. It offers a generic and fast method of searching through event logs for keywords, and by identifying threats using built-in support for Sigma detection rules, and via custom Chainsaw detection rules.
- MASSCAN - Fast port scanning.
- Example usage:
masscan -oG result.txt -p80 --rate 50000 --banners 192.0.2.0/24
- evilginx2 - evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection.
- Modlishka - Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow, which allows to transparently proxy multi-domain destination traffic, both TLS and non-TLS, over a single domain, without a requirement of installing any additional certificate on the client.
- bbot - OSINT automation for hackers.
These tools can be used to analyse hashes to guess what kind of hash they are.
- de4js - Deobfuscate Javascript
- vmdiff - Diff a VM from snapshots to find what changes were applied
- sysdig - Capture and analyize processes