Volatility - An advanced memory forensics framework - 2.6.1 a438e76 Analyze suspicious files and URLs to detect malware. TruffleHog Searches through git repositories for accidentally committed secretsĪ Tool for parsing PCAP and capturing network traffic.Ī VBA parser and emulation engine to analyze malicious macros Ssdeep - For computing context triggered piecewise hashes (CTPH), also called fuzzy hashes.Ī Steganography program - hide data (and extract) in various kinds of image- and audio-files. Snowman-decompile - a native code to C/C++ decompiler Radare2 is complete unix-like framework for reverse engineering and binary analysisĮLF, Mach-O, Fatmach-O, PE, PE+, MZ, COFF, OMF, TE, XBE, BIOS/UEFI, Dyldcache, DEX, ART, CGC, Java class, Android boot image, Plan9 executable, ZIMG, MBN/SBL bootloader, ELF coredump, MDMP (Windows minidump), WASM (WebAssembly binary), Commodore VICE emulator, QNX, Game Boy (Advance), Nintendo DS ROMs and Nintendo 3DS FIRMs, various filesystems.Ī collection of command line tools that allows you to analyze disk images and recover files. Radamsa is a test case generator for robustness testing, a.k.a. Pywhois - retrieve information from IP addresses Optical character recognition (OCR) wrapper for Tesseract OCR engine PEframe - static analysis for PE executables and MS office documents Powerful Python tool to analyze PDF documents. PDF X-RAY Lite 1.0 to analyze PDF files for malicious objects. PDFID - scan PDFs for certain keywords, triage potentially malicious files PDF-parser - parse PDF to identify fundamental elements Pastelyzer - find security and privacy related artifacts from text documents Generate md report from Cincan's Concourse pipelines, or convert single tool output to JSON.Ĭincan/binwalk, cincan/pdf2john, cincan/pdfxray_lite and cincan/strings outputs Oletools - a set of tools to analyze Microsoft OLE2 files MVT - Mobile Verification Toolkit by AmnestyĪndroid backup, Android filesystem dump, Android device with adb iTunes/Finder backup, iOS filesystem dump Manalyze - a static analyzer for PE executables Jsunpack-n - Emulates browser functionality, detect exploits etc. arscĬommand line wrapper around JD Core Java Decompiler. Visualizing webserver's access log data to help detecting malicious activityĪ tool for reverse engineering 3rd party, closed, binary Android apps.īox-ps - A Powershell sandboxing utility used to deobfuscate PowerShell scriptsĬlass File Reader - another java decompilerįlawfinder - Finds possible security weaknesses in C/C++ source codeĪny software binary in native instructions.Įxtracts urls, hashes, emails, ips, domains and base64 (other) from a file.Īdvanced Indicator of Compromise (IOC) extractor cincan Linux tools Stable Tool nameĬommand line port of 7-Zip which provides utilities to (un)pack compressed archivesħz, ZIP, GZIP, BZIP2, XZ, TAR, APM, ARJ, CAB, CHM, CPIO, CramFS, DEB, DMG, FAT, HFS, ISO, LZH, LZMA, LZMA2, MBR, MSI, MSLZ, NSIS, NTFS, RAR, RPM, SquashFS, UDF,VHD, WIM, XAR, Z Here is the list of tools we have dockerized for the CinCan project so far.
0 Comments
Leave a Reply. |