Yellow - Code and CLI
You do not need to know how to code to be good at security. So many of those new to the industry are daunted at the prospect of learning how to code and it prevents them from taking the plunge into cyber. Does it help? Absolutely! But it is not necessary. There is a level of basic coding knowledge that is totally acceptable.
Think of it like learning the basics of a foreign language. Does everyone need 4-5 years to become completely fluent in Spanish before ordering food at your favorite taco joint? No! But understanding some of the more common terms and how to recognize the language when its used, goes a long way. The same is for code.
To help with this basic understanding, there have been many platforms, tools, and projects created around making understanding code, easier. As a security analyst, most are not expected to be able to write Javascript or in-depth powershell commands. But should you be able to recognize them and and be able to understand a bit of their function? Absolutely! And there are tools that can make that easier.

Command Shells


WIndows CLI

  • Operator Handbook: Windows_Commands - pg. 328


CLI Assistance Tools

  • ​ - An amazing repository of command strings accomplishing different tasks. Simply search the task and see what commands have worked for others.
  • ​ - Write down a command-line to see the help text that matches each argument
  • ​ - Command Line cheatsheet tool

Code Reference Tools

Code libraries and collections


Decoding Tools

  • ​CyberChef - Called the Cyber Swiss Army Knife, cyberchef is a tool with over 300+ functions that can encode/decode, encrypt/decrypt, convert, and parse just about anything thrown at it. You can copy and paste snippets of code for translation or even upload entire files. The most handy function is a processing option called "Magic". It will run some fuzzy logic against the target code and give suggestions as to what it is encoded with. You can even chain functions together in what they call "Recipes"
  • ​Hackvertor - Multi-function Code converter
  • ​ - Basic HTML decoding and hash conversion tool
  • ​DCode toolkit - dCode is free and its tools are a valuable help in games, maths, geocaching, puzzles and problems to solve every day!
  • ​quipqiup - Cryptoquip and Cryptogram solver
  • ​DDecode - Hex,Octal,HTML Decoder
  • ​de4dot - de4dot is a .NET deobfuscator and unpacker.
  • ​gpp-decrypt - Decrypt the given Group Policy Preferences string

Javascript Decoders


Shellcode - For those of the offensive persuation

Code Vulnerability Scanning

  • ​Snyk - CLI and build-time tool to find & fix known vulnerabilities in open-source dependencies. It is one of the biggest support tools in DevSecOps. It even has its own convention.​
  • ​WhiteSource Bolt for GitHub - WhiteSource Bolt for GitHub is a FREE app, which continuously scans all your repos, detects vulnerabilities in open source components and provides fixes.
  • ​Brakeman - A static analysis security vulnerability scanner for Ruby on Rails applications
  • ​Cppcheck - A tool for static C/C++ code analysis
  • ​FindBugs - Find Bugs in Java Programs
  • ​Sobelow - Security-focused static analysis for the Phoenix Framework
  • ​bandit - Bandit is a tool designed to find common security issues in Python code.
  • ​Package Hunter - Scan dependencies for potentially malicious code
  • ​semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
  • ​GGShield - Detect secret in source code, scan your repo for leaks. Find secrets with GitGuardian and prevent leaked credentials. GitGuardian is an automated secrets detection & remediation service.
  • ​puma-scan - Puma Scan is a software security Visual Studio extension that provides real time, continuous source code analysis as development teams write code.
  • ​ - Examples of insecure programming. For learning

Misc Tools


  • ​NRE Labs - learn automation by doing it. Right now, right here, in your browser.



  • ​Hashcalc - A fast and easy-to-use calculator that allows to compute message digests, checksums and HMACs for files, as well as for text and hex strings. It offers a choice of 13 of the most popular hash and checksum algorithms for calculations.
  • ​Md5 Decrypt & Encrypt - More than hashes - Handy tool for hash lookups. Can save some time over brute forcing.

Hex Editors

  • ​ - Browser-based Online and Offline Hex Editing
  • ​Hexinator - Powerful free hex editor
  • ​Frhed - Free Hex Editor
  • ​shed - shed (Simple Hex Editor) is an easy application for viewing and editing files in text mode, using ncurses.


  • ​edb-debugger - edb is a graphical cross platform x86/x86-64 debugger.
  • ​ollydbg - OllyDbg is a 32-bit assembler level analysing debugger for Microsoft Windows. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable.
  • ​httopenocd - OpenOCD aims to provide debugging, in-system programming and boundary-scan testing for embedded target devices.
  • ​gdb - GBD/PEDA - GDB is a command line debugger for Linux that is essential for exploiting Linux binaries. Python Exploit Development Assistant (or PEDA) is an open-source extension to GDB that makes it easier to use.
    • Pattern - When looking for buffer overflows, one of the key components is identifying at which point the return pointer is overwritten. To help identify this location, PEDA can generate patterns that can be used as input, and then used to identify the location of the string.
    • Ropsearsch - Ropsearch will look for return-oriented programming (ROP) gadgets in memory that can be used for exploits that use ROP techniques.
    • Searchmem|find - β€˜Searchmem’ and β€˜find’ can be used to look for structure in memory. A typical case would be using it to look for strings like β€˜sh’ that can be used in ret2libc payloads.
    • Skeleton - This will generate a Python skeleton program that can be used to create an exploit script.
    • Vmmap - Vmmap will show a table that lists all the memory regions of the binary. It will also include what read, write or execute permissions are set on each section. β—‡​
    • Install PEDA
# git clone ~/peda
# echo "source ~/peda/" >> ~/.gdbinit

Honorable Mention

  • ​Ciphey - Fully automated decryption/decoding/cracking tool using natural language processing & artificial intelligence, along with some common sense.
  • ​Replit - Collaborative, in-browser IDE to code in 50+ languages.
  • ​bytecode-viewer - an Advanced Lightweight Java Bytecode Viewer, GUI Java Decompiler, GUI Bytecode Editor, and much more.