These are some research related tools that I keep as shortcuts and frequently use. I use them when analyzing questionable files, URLs, security events, and also to supplement reporting. They are free for most common purposes; and some with paid options if you want to go beyond.
- URLScan – Online web sand boxing tool, used to help preview and snapshot URLs. May also have historical information, useful after take downs or removal of malicious sites.
- Hybrid Analysis – Online sand boxing tool, used to review questionable files, URLs, hashes & more.
- CyberChef – Regarded as the “Cyber Swiss Army Knife”, this tool helps convert, encode/decode, obfuscate/deobfuscate, and analyze data, strings, etc. Very helpful for decyphering phishing links, reversing evasion techniques and malware, and even CTFs!
- Virustotal – Scan a file or URL using multiple AV engines, also has hash search.
- Censys – Research IP and host reputations, includes banner grabbing.
- SecurityTrails – Another good host & IP research tool.
- Greynoise – Helpful analyst tool to determine what NOT to worry about.
- MX Toolbox – Everything mail server related. Also has decent DNS recon tools.
- Dehashed – Compromised asset search tool, free to see “IF” but pay for details.
- DNSdumpster – Helps to footprint and do recon on public DNS records
- RansomLook.io – Helpful for researching breach claims and groups without using TOR.
- BGP.tools – Border Gateway Protocol (BGP) is used for routing among autonomous systems (AS), good for connecting-the-dots with companies, ISPs, etc.
Compilations, lists, etc.
Instead of recreating the wheel, here’s a few spectacular compendiums maintained by other security professionals and are used by me too.
- Daniel Miessler – SecLists – GitHub with a curated compilation of useful security testing resources.
- RMusser01 – InfoSec Reference – GitHub that leads to hundreds of other useful InfoSec resources
For compilations focusing more on Open Source Intelligence (OSINT):
- IntelTechniques Tools – Lots of quick search tools & frequently updated. Used to be an exclusive benefit of owning the latest books, but MB and team have made it public and free!
- Datasets – Open datasets – Also see, “Awesome Data” for more references
- Jivoi – Awesome OSINT
- Ph055a – OSINT Collection
Other neat things I keep in my bookmarks and often use for capture-the-flag (CTF) competitons:
- IronGeek’s Homoglyph Attack Generator – Excellent to generate letter substitutions and obfuscations. Such as: Нellο Ꮃorlԁ (Which in code is: /xn--ell%20orl-s1g69kr5dhu5f/)
- Boxentriq – Almost a one-stop shop for crypto challenges. Has code breakers, analysis tools, and lots of great info too!
- Cryptii – Great for encoding and decoding various cryptography ciphers. Excellent for puzzles, CTFs, etc.