This is a repository of free cybersecurity tools and resources that can be used for investigations and other cybersecurity purposes.
Cybersecurity tools are expensive and finding free decent tools are difficult. Although, the free stuff are not as sophisticated as the paid ones, I believe these will still be a huge help. I compiled the tools I discovered and learned in this blog post and I regularly keep this updated.
OSINTs
Useful tools for IOC-based and community-backed detections.
- Virustotal - URL, file, domain, IP, hash
- Cisco Talos - domain, IP, email, sha256
- Abuse IPDB - IP
- Censys - hosts, certificates
- IBM X-Force - URL, IP, domain, email, cve, cidr, hash, mutex, yara
- Open Threat - URL, IP, domain, email, cve, cidr, hash, mutex, yara
- Domain Tools - check domain info
- Threat Miner - IP, domain, hash, email, ssl cert, file, registry, mutex expired domain
- Threat Crowd
- Sherlock - Social media OSINT
Mutex is a type of object used by programs for multithreading to avoid threads writing into the same shared memory. Reference: SANS.
Sandbox
Useful tools to check suspicious website or detonate malicious files.
- Browserling - Interact with websites
- Hybrid Analysis - Malware file sandboxing
Phishing Analysis
Useful tools to aid when performing phishing analysis
- Google Admin Toolbox - Email header analyzer
- PhishTank - A public threat feed that provides intelligence regarding phishing attacks and malicious artifacts
- DNS Twist - A phishing domain scanner
- PunyCoder - A tool to check for homographs
- Wannabrowser - A tool to check the destination URL of shortened URLs
- DNS Reverse Lookup - Useful to reverse DNS the
x-sender-ip - PhishTool - Easier way to gather email artifacts
Data Manipulation
Useful tool to encode, decode, hash, encrypt, decrypt, and more.