Yellow - Code and CLI
You do not need to know how to code to be good at security. So many of those new to the industry are daunted at the prospect of learning how to code and it prevents them from taking the plunge into cyber. Does it help? Absolutely! But it is not necessary. There is a level of basic coding knowledge that is totally acceptable.
Think of it like learning the basics of a foreign language. Does everyone need 4-5 years to become completely fluent in Spanish before ordering food at your favorite taco joint? No! But understanding some of the more common terms and how to recognize the language when its used, goes a long way. The same is for code.
To help with this basic understanding, there have been many platforms, tools, and projects created around making understanding code, easier. As a security analyst, most are not expected to be able to write Javascript or in-depth powershell commands. But should you be able to recognize them and and be able to understand a bit of their function? Absolutely! And there are tools that can make that easier.
Secure Coding
Command Shells
Bash
pageBashWIndows CLI
Operator Handbook: Windows_Commands - pg. 328
Powershell
pagePowershellCLI Assistance Tools
https://www.commandlinefu.com - An amazing repository of command strings accomplishing different tasks. Simply search the task and see what commands have worked for others.
https://explainshell.com/ - Write down a command-line to see the help text that matches each argument
cheat.sh - Command Line cheatsheet tool
Code Reference Tools
https://stackoverflow.com/ - The one and only. More code has been made by snippets stolen from StackOverflow than anything else. If you cant figure out how to code something, stop here first.
Devhints - One of the largest collections of coding cheatsheets and guides available on the internet.
PublicWWW.com - Search engine for code
https://ryanstutorials.net/ - A collection of free, introductory tutorials on several technology topics including: Linux command line, Bash scripting, creating and styling webpages with HTML and CSS, counting and converting between different number systems, and writing regular expressions
https://www.markdownguide.org/ - free and open-source reference guide that explains how to use Markdown
Code libraries and collections
Pythonidae - Curated decibans of scientific programming resources in Python.
Regex
pageRegexDecoding Tools
CyberChef - Called the Cyber Swiss Army Knife, cyberchef is a tool with over 300+ functions that can encode/decode, encrypt/decrypt, convert, and parse just about anything thrown at it. You can copy and paste snippets of code for translation or even upload entire files. The most handy function is a processing option called "Magic". It will run some fuzzy logic against the target code and give suggestions as to what it is encoded with. You can even chain functions together in what they call "Recipes"
https://gist.github.com/michaelder - Cobalt Strike decoding recipies.
Hackvertor - Multi-function Code converter
https://encoding.tools - Basic HTML decoding and hash conversion tool
DCode toolkit - dCode is free and its tools are a valuable help in games, maths, geocaching, puzzles and problems to solve every day!
quipqiup - Cryptoquip and Cryptogram solver
DDecode - Hex,Octal,HTML Decoder
de4dot - de4dot is a .NET deobfuscator and unpacker.
gpp-decrypt - Decrypt the given Group Policy Preferences string
Javascript Decoders
Online JavaScript beautifier - Beautify, unpack or de-obfuscate JavaScript and HTML, make JSON/JSONP readable, etc.
UnPacker - Sort and organize JS into proper looking code. Makes it easier to read
Shellcoding
Shellcode - For those of the offensive persuation
shell-storm - Shellcodes Database
Code Vulnerability Scanning
Snyk - CLI and build-time tool to find & fix known vulnerabilities in open-source dependencies. It is one of the biggest support tools in DevSecOps. It even has its own convention.
WhiteSource Bolt for GitHub - WhiteSource Bolt for GitHub is a FREE app, which continuously scans all your repos, detects vulnerabilities in open source components and provides fixes.
Brakeman - A static analysis security vulnerability scanner for Ruby on Rails applications
Cppcheck - A tool for static C/C++ code analysis
FindBugs - Find Bugs in Java Programs
Sobelow - Security-focused static analysis for the Phoenix Framework
bandit - Bandit is a tool designed to find common security issues in Python code.
Package Hunter - Scan dependencies for potentially malicious code
semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
GGShield - Detect secret in source code, scan your repo for leaks. Find secrets with GitGuardian and prevent leaked credentials. GitGuardian is an automated secrets detection & remediation service.
puma-scan - Puma Scan is a software security Visual Studio extension that provides real time, continuous source code analysis as development teams write code.
https://github.com/deadbits/InsecureProgramming - Examples of insecure programming. For learning
https://github.com/PyCQA/bandit - Bandit is a tool designed to find common security issues in Python code.
betterscan-ce - Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan Community Edition (CE)
Misc Tools
Automation
NRE Labs - learn automation by doing it. Right now, right here, in your browser.
Grok
Hashes
Hashcalc - A fast and easy-to-use calculator that allows to compute message digests, checksums and HMACs for files, as well as for text and hex strings. It offers a choice of 13 of the most popular hash and checksum algorithms for calculations.
Md5 Decrypt & Encrypt - More than 10.000.000.000 hashes - Handy tool for hash lookups. Can save some time over brute forcing.
Hex Editors
HexEd.it - Browser-based Online and Offline Hex Editing
Hexinator - Powerful free hex editor
Frhed - Free Hex Editor
shed - shed (Simple Hex Editor) is an easy application for viewing and editing files in text mode, using ncurses.
Bless - Gtk# Hex Editor
Debugger
edb-debugger - edb is a graphical cross platform x86/x86-64 debugger.
ollydbg - OllyDbg is a 32-bit assembler level analysing debugger for Microsoft Windows. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable.
httopenocd - OpenOCD aims to provide debugging, in-system programming and boundary-scan testing for embedded target devices.
gdb - GBD/PEDA - GDB is a command line debugger for Linux that is essential for exploiting Linux binaries. Python Exploit Development Assistant (or PEDA) is an open-source extension to GDB that makes it easier to use.
Pattern - When looking for buffer overflows, one of the key components is identifying at which point the return pointer is overwritten. To help identify this location, PEDA can generate patterns that can be used as input, and then used to identify the location of the string.
Ropsearsch - Ropsearch will look for return-oriented programming (ROP) gadgets in memory that can be used for exploits that use ROP techniques.
Searchmem|find - ‘Searchmem’ and ‘find’ can be used to look for structure in memory. A typical case would be using it to look for strings like ‘sh’ that can be used in ret2libc payloads.
Skeleton - This will generate a Python skeleton program that can be used to create an exploit script.
Vmmap - Vmmap will show a table that lists all the memory regions of the binary. It will also include what read, write or execute permissions are set on each section. ◇ https://github.com/longld/peda
Install PEDA
Honorable Mention
Ciphey - Fully automated decryption/decoding/cracking tool using natural language processing & artificial intelligence, along with some common sense.
Replit - Collaborative, in-browser IDE to code in 50+ languages.
bytecode-viewer - an Advanced Lightweight Java Bytecode Viewer, GUI Java Decompiler, GUI Bytecode Editor, and much more.
Last updated