This repository provides an overview of various cyber analysis tools used in different domains of cybersecurity.
Sarker, K. U., Yunus, F., & Deraman, A. (2023). Penetration Taxonomy: A Systematic Review on the Penetration Process, Framework, Standards, Tools, and Scoring Methods. Sustainability, 15(13), 10471. https://www.mdpi.com/2079-9292/12/5/1229
Bermejo Higuera J, Abad Aramburu C, Bermejo Higuera J-R, Sicilia Urban MA, Sicilia Montalvo JA. Systematic Approach to Malware Analysis (SAMA). Applied Sciences. 2020; 10(4):1360. https://doi.org/10.3390/app10041360
PentestTools https://github.com/arch3rPro/PentestTools
Penetration-Testing https://github.com/wtsxDev/Penetration-Testing
Shodan Search Engine https://www.shodan.io/
The tools are categorized into four main tables:
-
Cyber Analysis Domain, Tool, and Tool Description: This table lists the cyber analysis domains, the tools used in each domain, and a brief description of each tool along with its download link or access information.
-
Cyber Analysis Domain, Tool, Usage, and File Type: This table provides information about the usage of each tool in its respective domain and the file types associated with the tool.
-
Cyber Analysis Domain, Tool, and Reason for Cyber Analysis to Use It: This table highlights the reasons why each tool is used in its specific cyber analysis domain.
-
Cyber Analysis Domain, Tool, and Expected Outcome: This table outlines the expected outcomes or benefits of using each tool in its corresponding domain.
Cyber Analysis Domain | Cyber Tool | Tool Description |
---|---|---|
Reverse Engineering (Firmware) | BinWalk | Firmware analysis tool Tool Type: Firmware Analysis Download: https://github.com/ReFirmLabs/binwalk |
Reverse Engineering (Firmware) | QEMU | Emulation and virtualization tool Tool Type: Emulation and Virtualization Download: https://www.qemu.org/download/ |
Reverse Engineering (Firmware) | FAT-ng | Firmware analysis toolkit Tool Type: Firmware Analysis Download: https://github.com/attify/firmware-analysis-toolkit |
Reverse Engineering (Firmware) | Firmwalker | Firmware analysis script Tool Type: Firmware Analysis Download: https://github.com/craigz28/firmwalker |
Malware Analysis | PE Studio | PE file analysis tool Tool Type: PE File Analysis Download: https://www.winitor.com/ |
Malware Analysis | QEMU | Emulation and virtualization tool Tool Type: Emulation and Virtualization Download: https://www.qemu.org/download/ |
Malware Analysis | Cuckoo Sandbox | Automated malware analysis sandbox Tool Type: Malware Analysis Sandbox Download: https://github.com/cuckoosandbox/cuckoo |
Malware Analysis | Process Monitor (ProcMon) | System monitoring tool Tool Type: System Monitoring Download: https://docs.microsoft.com/en-us/sysinternals/downloads/procmon |
Malware Analysis | OllyDbg | Debugger for Windows binaries Tool Type: Debugger Download: http://www.ollydbg.de/ |
Malware Analysis | Fakenet-ng | Network simulation tool Tool Type: Network Simulation Download: https://github.com/fireeye/flare-fakenet-ng |
Malware Analysis | PEiD | Packing detection tool Tool Type: Packing Detection Download: https://www.aldeid.com/wiki/PEiD |
Malware Analysis | Detect It Easy (DIE) | Packing detection tool Tool Type: Packing Detection Download: https://github.com/horsicq/Detect-It-Easy |
Malware Analysis | oletools | Malicious document analysis tool Tool Type: Maldoc Analysis Download: https://github.com/decalage2/oletools |
Malware Analysis | olevba | VBA macro analysis tool Tool Type: Maldoc Analysis Download: https://github.com/decalage2/oletools/wiki/olevba |
Malware Analysis | XLMMacroDeobfuscator | Excel 4.0 macro deobfuscator Tool Type: Maldoc Analysis Download: https://github.com/DissectMalware/XLMMacroDeobfuscator |
Malware Analysis | Yara | Pattern matching tool Tool Type: Malware Analysis Download: https://github.com/VirusTotal/yara |
Malware Analysis | signsrch | Signature-based malware detection tool Tool Type: Malware Analysis Download: https://github.com/sherpya/signsrch |
Software Exploitation Analysis | OllyDbg | Debugger for Windows binaries Tool Type: Debugger Download: http://www.ollydbg.de/ |
Software Exploitation Analysis | x64dbg | Debugger for Windows binaries Tool Type: Debugger Download: https://x64dbg.com/ |
Software Exploitation Analysis | WinDbg | Debugger for Windows binaries Tool Type: Debugger Download: https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/debugger-download-tools |
Software Exploitation Analysis | GDB (GNU Debugger) | Debugger for Unix-based systems Tool Type: Debugger Download: https://www.gnu.org/software/gdb/ |
Software Exploitation Analysis | Metasploit | Exploitation framework Tool Type: Exploitation Framework Download: https://www.metasploit.com/ |
Common Analysis Tools | Data Duplicator (DD command) | Data duplication and imaging tool Tool Type: Data Duplication Built-in tool in Unix-based systems |
Common Analysis Tools | File command | File type identification tool Tool Type: File Type Identification Built-in tool in Unix-based systems |
Common Analysis Tools | Strings command | String extraction tool Tool Type: String Extraction Built-in tool in Unix-based systems |
Common Analysis Tools | IDA Pro | Disassembler and debugger Tool Type: Disassembler and Decompiler Download: https://www.hex-rays.com/products/ida/ |
Common Analysis Tools | Ghidra | Reverse engineering tool Tool Type: Disassembler and Decompiler Download: https://ghidra-sre.org/ |
Common Analysis Tools | Wireshark | Network protocol analyzer Tool Type: Network Analysis Download: https://www.wireshark.org/ |
Common Analysis Tools | Burp Suite | Web application security testing tool Tool Type: Web Application Security Download: https://portswigger.net/burp |
Online Analysis Tools | Joe Sandbox | Automated malware analysis platform Tool Type: Malware Analysis Access: https://www.joesecurity.org/ |
Online Analysis Tools | Any.Run | Interactive malware analysis platform Tool Type: Malware Analysis Access: https://any.run/ |
Online Analysis Tools | Hybrid Analysis | Malware analysis and threat intelligence platform Tool Type: Malware Analysis Access: https://www.hybrid-analysis.com/ |
Online Analysis Tools | URLhaus | Malicious URL database Tool Type: Threat Intelligence Access: https://urlhaus.abuse.ch/ |
Online Analysis Tools | CyberChef | Web-based data transformation tool Tool Type: Data Transformation Access: https://gchq.github.io/CyberChef/ |
Online Analysis Tools | VirusTotal | Online malware analysis and threat intelligence platform Tool Type: Malware Analysis Access: https://www.virustotal.com/ |
Analysis Platforms | Radare2 | Reverse engineering framework Tool Type: Reverse Engineering Download: https://rada.re/n/radare2.html |
Analysis Platforms | FLARE VM | Reverse engineering and malware analysis framework Tool Type: Malware Analysis Download: https://github.com/fireeye/flare-vm |
Analysis Platforms | Kali Linux | Linux distribution for security testing and analysis Tool Type: Security Testing Download: https://www.kali.org/ |
Analysis Platforms | REMnux | Linux distribution for reverse engineering and malware analysis Tool Type: Malware Analysis Download: https://remnux.org/ |
Analysis Platforms | Capa | Malware analysis framework Tool Type: Malware Analysis Download: https://github.com/fireeye/capa |
Cyber Analysis Domain | Cyber Tool | Usage | File Type |
---|---|---|---|
Reverse Engineering (Firmware) | BinWalk | Extracts firmware components | Firmware |
Reverse Engineering (Firmware) | QEMU | Emulates firmware environment | Firmware |
Reverse Engineering (Firmware) | FAT-ng | Automates firmware analysis tasks | Firmware |
Reverse Engineering (Firmware) | Firmwalker | Searches for interesting files and patterns | Firmware |
Malware Analysis | PE Studio | Analyzes PE file structure and properties | PE |
Malware Analysis | QEMU | Emulates malware environment | PE, ELF, Mach-O |
Malware Analysis | Cuckoo Sandbox | Analyzes malware behavior in a controlled environment | PE, ELF, Mach-O |
Malware Analysis | Process Monitor (ProcMon) | Monitors system activities and process behavior | PE |
Malware Analysis | OllyDbg | Debugs and analyzes malware at the assembly level | PE |
Malware Analysis | Fakenet-ng | Simulates network services and Internet connectivity | N/A |
Malware Analysis | PEiD | Detects common packers, cryptors, and compilers | PE |
Malware Analysis | Detect It Easy (DIE) | Detects packers, cryptors, and compilers | PE, ELF, Mach-O |
Malware Analysis | oletools | Analyzes and extracts information from Microsoft Office files | Office Documents |
Malware Analysis | olevba | Extracts and analyzes VBA macros from Office documents | Office Documents |
Malware Analysis | XLMMacroDeobfuscator | Deobfuscates and analyzes Excel 4.0 macros | Excel Documents |
Malware Analysis | Yara | Defines and matches patterns in malware samples | PE, ELF, Mach-O |
Malware Analysis | signsrch | Searches for specific byte sequences in files | PE, ELF, Mach-O |
Software Exploitation Analysis | OllyDbg | Debugs and analyzes software at the assembly level | PE |
Software Exploitation Analysis | x64dbg | Debugs and analyzes software at the assembly level | PE |
Software Exploitation Analysis | WinDbg | Debugs and analyzes software at the assembly level | PE |
Software Exploitation Analysis | GDB (GNU Debugger) | Debugs and analyzes software at the assembly level | ELF |
Software Exploitation Analysis | Metasploit | Develops and executes exploits against vulnerable systems | N/A |
Common Analysis Tools | Data Duplicator (DD command) | Creates forensic disk images | N/A |
Common Analysis Tools | File command | Identifies file types based on file signatures | N/A |
Common Analysis Tools | Strings command | Extracts printable strings from files | N/A |
Common Analysis Tools | IDA Pro | Disassembles and analyzes binary code | PE, ELF, Mach-O |
Common Analysis Tools | Ghidra | Disassembles and analyzes binary code | PE, ELF, Mach-O |
Common Analysis Tools | Wireshark | Captures and analyzes network traffic | PCAP |
Common Analysis Tools | Burp Suite | Analyzes and tests web application security | N/A |
Online Analysis Tools | Joe Sandbox | Analyzes malware behavior in a cloud environment | PE, ELF, Mach-O |
Online Analysis Tools | Any.Run | Analyzes malware behavior in a web-based environment | PE, ELF, Mach-O |
Online Analysis Tools | Hybrid Analysis | Analyzes malware and provides threat intelligence | PE, ELF, Mach-O |
Online Analysis Tools | URLhaus | Provides information on malicious URLs | N/A |
Online Analysis Tools | CyberChef | Performs various data transformations and analyses | N/A |
Online Analysis Tools | VirusTotal | Analyzes malware samples and provides threat intelligence | PE, ELF, Mach-O |
Analysis Platforms | Radare2 | Disassembles, analyzes, and debugs binary code | PE, ELF, Mach-O |
Analysis Platforms | FLARE VM | Provides tools and scripts for malware analysis | PE, ELF, Mach-O |
Analysis Platforms | Kali Linux | Provides a wide range of security tools | N/A |
Analysis Platforms | REMnux | Provides tools and scripts for malware analysis | PE, ELF, Mach-O |
Analysis Platforms | Capa | Detects capabilities and behaviors in executable files | PE, ELF, Mach-O |
Cyber Analysis Domain | Cyber Tool | Reason for Cyber Analysis to Use It |
---|---|---|
Reverse Engineering (Firmware) | BinWalk | Identify firmware structure and contents |
Reverse Engineering (Firmware) | QEMU | Analyze firmware behavior in a controlled environment |
Reverse Engineering (Firmware) | FAT-ng | Streamline firmware analysis process |
Reverse Engineering (Firmware) | Firmwalker | Identify potential security issues and sensitive information |
Malware Analysis | PE Studio | Understand PE file characteristics and potential malicious behavior |
Malware Analysis | QEMU | Analyze malware behavior in a controlled environment |
Malware Analysis | Cuckoo Sandbox | Understand malware functionality and interactions |
Malware Analysis | Process Monitor (ProcMon) | Identify malware's interactions with the system |
Malware Analysis | OllyDbg | Understand malware's low-level behavior and code execution |
Malware Analysis | Fakenet-ng | Analyze malware's network communications and interactions |
Malware Analysis | PEiD | Identify packed or obfuscated malware |
Malware Analysis | Detect It Easy (DIE) | Identify packed or obfuscated malware |
Malware Analysis | oletools | Identify malicious macros, scripts, and shellcode in Office documents |
Malware Analysis | olevba | Identify malicious VBA macros in Office documents |
Malware Analysis | XLMMacroDeobfuscator | Identify malicious Excel 4.0 macros |
Malware Analysis | Yara | Identify and classify malware based on specific patterns |
Malware Analysis | signsrch | Identify malware based on known signatures |
Software Exploitation Analysis | OllyDbg | Understand software's low-level behavior and code execution |
Software Exploitation Analysis | x64dbg | Understand software's low-level behavior and code execution |
Software Exploitation Analysis | WinDbg | Understand software's low-level behavior and code execution |
Software Exploitation Analysis | GDB (GNU Debugger) | Understand software's low-level behavior and code execution |
Software Exploitation Analysis | Metasploit | Test software vulnerabilities and exploit them |
Common Analysis Tools | Data Duplicator (DD command) | Preserve and analyze disk data |
Common Analysis Tools | File command | Determine the file type and format |
Common Analysis Tools | Strings command | Identify interesting strings and potential indicators |
Common Analysis Tools | IDA Pro | Understand binary code structure and functionality |
Common Analysis Tools | Ghidra | Understand binary code structure and functionality |
Common Analysis Tools | Wireshark | Understand network communication and protocols |
Common Analysis Tools | Burp Suite | Identify vulnerabilities and misconfigurations in web applications |
Online Analysis Tools | Joe Sandbox | Understand malware functionality and interactions |
Online Analysis Tools | Any.Run | Understand malware functionality and interactions |
Online Analysis Tools | Hybrid Analysis | Understand malware characteristics and associated threats |
Online Analysis Tools | URLhaus | Identify and investigate malicious URLs |
Online Analysis Tools | CyberChef | Manipulate and analyze data |
Online Analysis Tools | VirusTotal | Understand malware characteristics and associated threats |
Analysis Platforms | Radare2 | Understand binary code structure and functionality |
Analysis Platforms | FLARE VM | Automate malware analysis tasks |
Analysis Platforms | Kali Linux | Perform various security testing and analysis tasks |
Analysis Platforms | REMnux | Analyze malware behavior and characteristics |
Analysis Platforms | Capa | Identify malware capabilities and behaviors |
Cyber Analysis Domain | Cyber Tool | Expected Outcome |
---|---|---|
Reverse Engineering (Firmware) | BinWalk | Understand firmware components and architecture |
Reverse Engineering (Firmware) | QEMU | Observe firmware execution and interactions |
Reverse Engineering (Firmware) | FAT-ng | Identify vulnerabilities and extract firmware components |
Reverse Engineering (Firmware) | Firmwalker | Discover firmware vulnerabilities and misconfigurations |
Malware Analysis | PE Studio | Identify suspicious PE file attributes and indicators |
Malware Analysis | QEMU | Observe malware execution and interactions |
Malware Analysis | Cuckoo Sandbox | Generate detailed malware analysis reports |
Malware Analysis | Process Monitor (ProcMon) | Trace malware's actions and system modifications |
Malware Analysis | OllyDbg | Identify malware's functionality and evasion techniques |
Malware Analysis | Fakenet-ng | Identify malware's command and control (C2) servers and network indicators |
Malware Analysis | PEiD | Determine the packing or obfuscation method used |
Malware Analysis | Detect It Easy (DIE) | Determine the packing or obfuscation method used |
Malware Analysis | oletools | Detect and extract suspicious content from Office files |
Malware Analysis | olevba | Deobfuscate and understand the functionality of VBA macros |
Malware Analysis | XLMMacroDeobfuscator | Understand the functionality of obfuscated Excel 4.0 macros |
Malware Analysis | Yara | Detect malware variants and families |
Malware Analysis | signsrch | Detect specific malware variants or families |
Software Exploitation Analysis | OllyDbg | Identify vulnerabilities and exploit development opportunities |
Software Exploitation Analysis | x64dbg | Identify vulnerabilities and exploit development opportunities |
Software Exploitation Analysis | WinDbg | Identify vulnerabilities and exploit development opportunities |
Software Exploitation Analysis | GDB (GNU Debugger) | Identify vulnerabilities and exploit development opportunities |
Software Exploitation Analysis | Metasploit | Assess the impact and feasibility of exploits |
Common Analysis Tools | Data Duplicator (DD command) | Create a forensic copy of the disk for analysis |
Common Analysis Tools | File command | Identify file types for further analysis |
Common Analysis Tools | Strings command | Extract relevant strings for analysis |
Common Analysis Tools | IDA Pro | Identify interesting code segments and vulnerabilities |
Common Analysis Tools | Ghidra | Identify interesting code segments and vulnerabilities |
Common Analysis Tools | Wireshark | Identify suspicious network activities and indicators |
Common Analysis Tools | Burp Suite | Perform manual and automated security testing of web applications |
Online Analysis Tools | Joe Sandbox | Generate detailed malware analysis reports |
Online Analysis Tools | Any.Run | Interact with malware execution and observe behavior |
Online Analysis Tools | Hybrid Analysis | Obtain detailed malware analysis reports and threat intelligence |
Online Analysis Tools | URLhaus | Obtain threat intelligence on malicious URLs |
Online Analysis Tools | CyberChef | Decode, encrypt, compress, and perform various data operations |
Online Analysis Tools | VirusTotal | Obtain malware analysis reports and threat intelligence |
Analysis Platforms | Radare2 | Identify interesting code segments and vulnerabilities |
Analysis Platforms | FLARE VM | Identify malware characteristics and behavior |
Analysis Platforms | Kali Linux | Conduct comprehensive security assessments and analyses |
Analysis Platforms | REMnux | Perform in-depth malware analysis and reverse engineering |
Analysis Platforms | Capa | Understand the functionality and intent of malware |
These tables provide a comprehensive overview of the various cyber analysis tools, their usage, reasons for using them, and expected outcomes. They can serve as a reference for cybersecurity professionals and enthusiasts to explore and utilize the appropriate tools based on their specific analysis requirements.
Disclaimer This repository is intended for educational and research purposes.