This repository provides an overview of various cyber analysis tools used in different domains of cybersecurity.
Sarker, K. U., Yunus, F., & Deraman, A. (2023). Penetration Taxonomy: A Systematic Review on the Penetration Process, Framework, Standards, Tools, and Scoring Methods. Sustainability, 15(13), 10471. https://www.mdpi.com/2079-9292/12/5/1229
Bermejo Higuera J, Abad Aramburu C, Bermejo Higuera J-R, Sicilia Urban MA, Sicilia Montalvo JA. Systematic Approach to Malware Analysis (SAMA). Applied Sciences. 2020; 10(4):1360. https://doi.org/10.3390/app10041360
PentestTools https://github.com/arch3rPro/PentestTools
Penetration-Testing https://github.com/wtsxDev/Penetration-Testing
Shodan Search Engine https://www.shodan.io/
The tools are categorized into four main tables:
-
Cyber Analysis Domain, Tool, and Tool Description: This table lists the cyber analysis domains, the tools used in each domain, and a brief description of each tool along with its download link or access information.
-
Cyber Analysis Domain, Tool, Usage, and File Type: This table provides information about the usage of each tool in its respective domain and the file types associated with the tool.
-
Cyber Analysis Domain, Tool, and Reason for Cyber Analysis to Use It: This table highlights the reasons why each tool is used in its specific cyber analysis domain.
-
Cyber Analysis Domain, Tool, and Expected Outcome: This table outlines the expected outcomes or benefits of using each tool in its corresponding domain.
| Cyber Analysis Domain | Cyber Tool | Tool Description |
|---|---|---|
| Reverse Engineering (Firmware) | BinWalk | Firmware analysis tool Tool Type: Firmware Analysis Download: https://github.com/ReFirmLabs/binwalk |
| Reverse Engineering (Firmware) | QEMU | Emulation and virtualization tool Tool Type: Emulation and Virtualization Download: https://www.qemu.org/download/ |
| Reverse Engineering (Firmware) | FAT-ng | Firmware analysis toolkit Tool Type: Firmware Analysis Download: https://github.com/attify/firmware-analysis-toolkit |
| Reverse Engineering (Firmware) | Firmwalker | Firmware analysis script Tool Type: Firmware Analysis Download: https://github.com/craigz28/firmwalker |
| Malware Analysis | PE Studio | PE file analysis tool Tool Type: PE File Analysis Download: https://www.winitor.com/ |
| Malware Analysis | QEMU | Emulation and virtualization tool Tool Type: Emulation and Virtualization Download: https://www.qemu.org/download/ |
| Malware Analysis | Cuckoo Sandbox | Automated malware analysis sandbox Tool Type: Malware Analysis Sandbox Download: https://github.com/cuckoosandbox/cuckoo |
| Malware Analysis | Process Monitor (ProcMon) | System monitoring tool Tool Type: System Monitoring Download: https://docs.microsoft.com/en-us/sysinternals/downloads/procmon |
| Malware Analysis | OllyDbg | Debugger for Windows binaries Tool Type: Debugger Download: http://www.ollydbg.de/ |
| Malware Analysis | Fakenet-ng | Network simulation tool Tool Type: Network Simulation Download: https://github.com/fireeye/flare-fakenet-ng |
| Malware Analysis | PEiD | Packing detection tool Tool Type: Packing Detection Download: https://www.aldeid.com/wiki/PEiD |
| Malware Analysis | Detect It Easy (DIE) | Packing detection tool Tool Type: Packing Detection Download: https://github.com/horsicq/Detect-It-Easy |
| Malware Analysis | oletools | Malicious document analysis tool Tool Type: Maldoc Analysis Download: https://github.com/decalage2/oletools |
| Malware Analysis | olevba | VBA macro analysis tool Tool Type: Maldoc Analysis Download: https://github.com/decalage2/oletools/wiki/olevba |
| Malware Analysis | XLMMacroDeobfuscator | Excel 4.0 macro deobfuscator Tool Type: Maldoc Analysis Download: https://github.com/DissectMalware/XLMMacroDeobfuscator |
| Malware Analysis | Yara | Pattern matching tool Tool Type: Malware Analysis Download: https://github.com/VirusTotal/yara |
| Malware Analysis | signsrch | Signature-based malware detection tool Tool Type: Malware Analysis Download: https://github.com/sherpya/signsrch |
| Software Exploitation Analysis | OllyDbg | Debugger for Windows binaries Tool Type: Debugger Download: http://www.ollydbg.de/ |
| Software Exploitation Analysis | x64dbg | Debugger for Windows binaries Tool Type: Debugger Download: https://x64dbg.com/ |
| Software Exploitation Analysis | WinDbg | Debugger for Windows binaries Tool Type: Debugger Download: https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/debugger-download-tools |
| Software Exploitation Analysis | GDB (GNU Debugger) | Debugger for Unix-based systems Tool Type: Debugger Download: https://www.gnu.org/software/gdb/ |
| Software Exploitation Analysis | Metasploit | Exploitation framework Tool Type: Exploitation Framework Download: https://www.metasploit.com/ |
| Common Analysis Tools | Data Duplicator (DD command) | Data duplication and imaging tool Tool Type: Data Duplication Built-in tool in Unix-based systems |
| Common Analysis Tools | File command | File type identification tool Tool Type: File Type Identification Built-in tool in Unix-based systems |
| Common Analysis Tools | Strings command | String extraction tool Tool Type: String Extraction Built-in tool in Unix-based systems |
| Common Analysis Tools | IDA Pro | Disassembler and debugger Tool Type: Disassembler and Decompiler Download: https://www.hex-rays.com/products/ida/ |
| Common Analysis Tools | Ghidra | Reverse engineering tool Tool Type: Disassembler and Decompiler Download: https://ghidra-sre.org/ |
| Common Analysis Tools | Wireshark | Network protocol analyzer Tool Type: Network Analysis Download: https://www.wireshark.org/ |
| Common Analysis Tools | Burp Suite | Web application security testing tool Tool Type: Web Application Security Download: https://portswigger.net/burp |
| Online Analysis Tools | Joe Sandbox | Automated malware analysis platform Tool Type: Malware Analysis Access: https://www.joesecurity.org/ |
| Online Analysis Tools | Any.Run | Interactive malware analysis platform Tool Type: Malware Analysis Access: https://any.run/ |
| Online Analysis Tools | Hybrid Analysis | Malware analysis and threat intelligence platform Tool Type: Malware Analysis Access: https://www.hybrid-analysis.com/ |
| Online Analysis Tools | URLhaus | Malicious URL database Tool Type: Threat Intelligence Access: https://urlhaus.abuse.ch/ |
| Online Analysis Tools | CyberChef | Web-based data transformation tool Tool Type: Data Transformation Access: https://gchq.github.io/CyberChef/ |
| Online Analysis Tools | VirusTotal | Online malware analysis and threat intelligence platform Tool Type: Malware Analysis Access: https://www.virustotal.com/ |
| Analysis Platforms | Radare2 | Reverse engineering framework Tool Type: Reverse Engineering Download: https://rada.re/n/radare2.html |
| Analysis Platforms | FLARE VM | Reverse engineering and malware analysis framework Tool Type: Malware Analysis Download: https://github.com/fireeye/flare-vm |
| Analysis Platforms | Kali Linux | Linux distribution for security testing and analysis Tool Type: Security Testing Download: https://www.kali.org/ |
| Analysis Platforms | REMnux | Linux distribution for reverse engineering and malware analysis Tool Type: Malware Analysis Download: https://remnux.org/ |
| Analysis Platforms | Capa | Malware analysis framework Tool Type: Malware Analysis Download: https://github.com/fireeye/capa |
| Cyber Analysis Domain | Cyber Tool | Usage | File Type |
|---|---|---|---|
| Reverse Engineering (Firmware) | BinWalk | Extracts firmware components | Firmware |
| Reverse Engineering (Firmware) | QEMU | Emulates firmware environment | Firmware |
| Reverse Engineering (Firmware) | FAT-ng | Automates firmware analysis tasks | Firmware |
| Reverse Engineering (Firmware) | Firmwalker | Searches for interesting files and patterns | Firmware |
| Malware Analysis | PE Studio | Analyzes PE file structure and properties | PE |
| Malware Analysis | QEMU | Emulates malware environment | PE, ELF, Mach-O |
| Malware Analysis | Cuckoo Sandbox | Analyzes malware behavior in a controlled environment | PE, ELF, Mach-O |
| Malware Analysis | Process Monitor (ProcMon) | Monitors system activities and process behavior | PE |
| Malware Analysis | OllyDbg | Debugs and analyzes malware at the assembly level | PE |
| Malware Analysis | Fakenet-ng | Simulates network services and Internet connectivity | N/A |
| Malware Analysis | PEiD | Detects common packers, cryptors, and compilers | PE |
| Malware Analysis | Detect It Easy (DIE) | Detects packers, cryptors, and compilers | PE, ELF, Mach-O |
| Malware Analysis | oletools | Analyzes and extracts information from Microsoft Office files | Office Documents |
| Malware Analysis | olevba | Extracts and analyzes VBA macros from Office documents | Office Documents |
| Malware Analysis | XLMMacroDeobfuscator | Deobfuscates and analyzes Excel 4.0 macros | Excel Documents |
| Malware Analysis | Yara | Defines and matches patterns in malware samples | PE, ELF, Mach-O |
| Malware Analysis | signsrch | Searches for specific byte sequences in files | PE, ELF, Mach-O |
| Software Exploitation Analysis | OllyDbg | Debugs and analyzes software at the assembly level | PE |
| Software Exploitation Analysis | x64dbg | Debugs and analyzes software at the assembly level | PE |
| Software Exploitation Analysis | WinDbg | Debugs and analyzes software at the assembly level | PE |
| Software Exploitation Analysis | GDB (GNU Debugger) | Debugs and analyzes software at the assembly level | ELF |
| Software Exploitation Analysis | Metasploit | Develops and executes exploits against vulnerable systems | N/A |
| Common Analysis Tools | Data Duplicator (DD command) | Creates forensic disk images | N/A |
| Common Analysis Tools | File command | Identifies file types based on file signatures | N/A |
| Common Analysis Tools | Strings command | Extracts printable strings from files | N/A |
| Common Analysis Tools | IDA Pro | Disassembles and analyzes binary code | PE, ELF, Mach-O |
| Common Analysis Tools | Ghidra | Disassembles and analyzes binary code | PE, ELF, Mach-O |
| Common Analysis Tools | Wireshark | Captures and analyzes network traffic | PCAP |
| Common Analysis Tools | Burp Suite | Analyzes and tests web application security | N/A |
| Online Analysis Tools | Joe Sandbox | Analyzes malware behavior in a cloud environment | PE, ELF, Mach-O |
| Online Analysis Tools | Any.Run | Analyzes malware behavior in a web-based environment | PE, ELF, Mach-O |
| Online Analysis Tools | Hybrid Analysis | Analyzes malware and provides threat intelligence | PE, ELF, Mach-O |
| Online Analysis Tools | URLhaus | Provides information on malicious URLs | N/A |
| Online Analysis Tools | CyberChef | Performs various data transformations and analyses | N/A |
| Online Analysis Tools | VirusTotal | Analyzes malware samples and provides threat intelligence | PE, ELF, Mach-O |
| Analysis Platforms | Radare2 | Disassembles, analyzes, and debugs binary code | PE, ELF, Mach-O |
| Analysis Platforms | FLARE VM | Provides tools and scripts for malware analysis | PE, ELF, Mach-O |
| Analysis Platforms | Kali Linux | Provides a wide range of security tools | N/A |
| Analysis Platforms | REMnux | Provides tools and scripts for malware analysis | PE, ELF, Mach-O |
| Analysis Platforms | Capa | Detects capabilities and behaviors in executable files | PE, ELF, Mach-O |
| Cyber Analysis Domain | Cyber Tool | Reason for Cyber Analysis to Use It |
|---|---|---|
| Reverse Engineering (Firmware) | BinWalk | Identify firmware structure and contents |
| Reverse Engineering (Firmware) | QEMU | Analyze firmware behavior in a controlled environment |
| Reverse Engineering (Firmware) | FAT-ng | Streamline firmware analysis process |
| Reverse Engineering (Firmware) | Firmwalker | Identify potential security issues and sensitive information |
| Malware Analysis | PE Studio | Understand PE file characteristics and potential malicious behavior |
| Malware Analysis | QEMU | Analyze malware behavior in a controlled environment |
| Malware Analysis | Cuckoo Sandbox | Understand malware functionality and interactions |
| Malware Analysis | Process Monitor (ProcMon) | Identify malware's interactions with the system |
| Malware Analysis | OllyDbg | Understand malware's low-level behavior and code execution |
| Malware Analysis | Fakenet-ng | Analyze malware's network communications and interactions |
| Malware Analysis | PEiD | Identify packed or obfuscated malware |
| Malware Analysis | Detect It Easy (DIE) | Identify packed or obfuscated malware |
| Malware Analysis | oletools | Identify malicious macros, scripts, and shellcode in Office documents |
| Malware Analysis | olevba | Identify malicious VBA macros in Office documents |
| Malware Analysis | XLMMacroDeobfuscator | Identify malicious Excel 4.0 macros |
| Malware Analysis | Yara | Identify and classify malware based on specific patterns |
| Malware Analysis | signsrch | Identify malware based on known signatures |
| Software Exploitation Analysis | OllyDbg | Understand software's low-level behavior and code execution |
| Software Exploitation Analysis | x64dbg | Understand software's low-level behavior and code execution |
| Software Exploitation Analysis | WinDbg | Understand software's low-level behavior and code execution |
| Software Exploitation Analysis | GDB (GNU Debugger) | Understand software's low-level behavior and code execution |
| Software Exploitation Analysis | Metasploit | Test software vulnerabilities and exploit them |
| Common Analysis Tools | Data Duplicator (DD command) | Preserve and analyze disk data |
| Common Analysis Tools | File command | Determine the file type and format |
| Common Analysis Tools | Strings command | Identify interesting strings and potential indicators |
| Common Analysis Tools | IDA Pro | Understand binary code structure and functionality |
| Common Analysis Tools | Ghidra | Understand binary code structure and functionality |
| Common Analysis Tools | Wireshark | Understand network communication and protocols |
| Common Analysis Tools | Burp Suite | Identify vulnerabilities and misconfigurations in web applications |
| Online Analysis Tools | Joe Sandbox | Understand malware functionality and interactions |
| Online Analysis Tools | Any.Run | Understand malware functionality and interactions |
| Online Analysis Tools | Hybrid Analysis | Understand malware characteristics and associated threats |
| Online Analysis Tools | URLhaus | Identify and investigate malicious URLs |
| Online Analysis Tools | CyberChef | Manipulate and analyze data |
| Online Analysis Tools | VirusTotal | Understand malware characteristics and associated threats |
| Analysis Platforms | Radare2 | Understand binary code structure and functionality |
| Analysis Platforms | FLARE VM | Automate malware analysis tasks |
| Analysis Platforms | Kali Linux | Perform various security testing and analysis tasks |
| Analysis Platforms | REMnux | Analyze malware behavior and characteristics |
| Analysis Platforms | Capa | Identify malware capabilities and behaviors |
| Cyber Analysis Domain | Cyber Tool | Expected Outcome |
|---|---|---|
| Reverse Engineering (Firmware) | BinWalk | Understand firmware components and architecture |
| Reverse Engineering (Firmware) | QEMU | Observe firmware execution and interactions |
| Reverse Engineering (Firmware) | FAT-ng | Identify vulnerabilities and extract firmware components |
| Reverse Engineering (Firmware) | Firmwalker | Discover firmware vulnerabilities and misconfigurations |
| Malware Analysis | PE Studio | Identify suspicious PE file attributes and indicators |
| Malware Analysis | QEMU | Observe malware execution and interactions |
| Malware Analysis | Cuckoo Sandbox | Generate detailed malware analysis reports |
| Malware Analysis | Process Monitor (ProcMon) | Trace malware's actions and system modifications |
| Malware Analysis | OllyDbg | Identify malware's functionality and evasion techniques |
| Malware Analysis | Fakenet-ng | Identify malware's command and control (C2) servers and network indicators |
| Malware Analysis | PEiD | Determine the packing or obfuscation method used |
| Malware Analysis | Detect It Easy (DIE) | Determine the packing or obfuscation method used |
| Malware Analysis | oletools | Detect and extract suspicious content from Office files |
| Malware Analysis | olevba | Deobfuscate and understand the functionality of VBA macros |
| Malware Analysis | XLMMacroDeobfuscator | Understand the functionality of obfuscated Excel 4.0 macros |
| Malware Analysis | Yara | Detect malware variants and families |
| Malware Analysis | signsrch | Detect specific malware variants or families |
| Software Exploitation Analysis | OllyDbg | Identify vulnerabilities and exploit development opportunities |
| Software Exploitation Analysis | x64dbg | Identify vulnerabilities and exploit development opportunities |
| Software Exploitation Analysis | WinDbg | Identify vulnerabilities and exploit development opportunities |
| Software Exploitation Analysis | GDB (GNU Debugger) | Identify vulnerabilities and exploit development opportunities |
| Software Exploitation Analysis | Metasploit | Assess the impact and feasibility of exploits |
| Common Analysis Tools | Data Duplicator (DD command) | Create a forensic copy of the disk for analysis |
| Common Analysis Tools | File command | Identify file types for further analysis |
| Common Analysis Tools | Strings command | Extract relevant strings for analysis |
| Common Analysis Tools | IDA Pro | Identify interesting code segments and vulnerabilities |
| Common Analysis Tools | Ghidra | Identify interesting code segments and vulnerabilities |
| Common Analysis Tools | Wireshark | Identify suspicious network activities and indicators |
| Common Analysis Tools | Burp Suite | Perform manual and automated security testing of web applications |
| Online Analysis Tools | Joe Sandbox | Generate detailed malware analysis reports |
| Online Analysis Tools | Any.Run | Interact with malware execution and observe behavior |
| Online Analysis Tools | Hybrid Analysis | Obtain detailed malware analysis reports and threat intelligence |
| Online Analysis Tools | URLhaus | Obtain threat intelligence on malicious URLs |
| Online Analysis Tools | CyberChef | Decode, encrypt, compress, and perform various data operations |
| Online Analysis Tools | VirusTotal | Obtain malware analysis reports and threat intelligence |
| Analysis Platforms | Radare2 | Identify interesting code segments and vulnerabilities |
| Analysis Platforms | FLARE VM | Identify malware characteristics and behavior |
| Analysis Platforms | Kali Linux | Conduct comprehensive security assessments and analyses |
| Analysis Platforms | REMnux | Perform in-depth malware analysis and reverse engineering |
| Analysis Platforms | Capa | Understand the functionality and intent of malware |
These tables provide a comprehensive overview of the various cyber analysis tools, their usage, reasons for using them, and expected outcomes. They can serve as a reference for cybersecurity professionals and enthusiasts to explore and utilize the appropriate tools based on their specific analysis requirements.
Disclaimer This repository is intended for educational and research purposes.
Copyright 2024 Eric Yocam
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.