SpiderFoot is an open source intelligence automation tool. Its goal is to automate the process of gathering intelligence about a given target.
There are three main areas where SpiderFoot can be useful:
If you are a pen-tester, SpiderFoot will automate the reconnaissance stage of the test, giving you a rich set of data to help you pin-point areas of focus for the test.
Understand what your network/organization is openly exposing to the outside world. Such information in the wrong hands could be a significant risk.
SpiderFoot can also be used to gather threat intelligence about suspected malicious IPs you might be seeing in your logs or have obtained via threat intelligence data feeds.
this tool has the main purpose of finding any ASCII and unicode string inside PE and ELF executables with the possibility of modifying them using any external text editor and re-injecting them in the original executable.
technically the finding of the strings works in the following way: it disassembles all the executable sections of the input file (like .text, only x86 32 bit supported) and visualizes any string or any array of strings, so any instruction like push "string" or mov eax, "string" or mov eax, "[4*edx+array]" and so on is handled perfectly.instead the injecting of the modified strings back in the executable (ELF not supported) is performed through the adding of a new "stringz" section which contains all the new strings and the substituting of all the pointers to those strings collected in the "finding" operation with the new ones (relocation).the tool can be also used as a quick and advanced strings program (the one available on *nix) with the difference that the strings found by exestringz are not casuals but are found and confirmed by the disassembled code avoiding false positives.anyway through the -b option the tool can acts exactly like the strings program and naturally can also re-import the modified strings.there is also an "experimental" option specific for the Asian utf8 which was also the reason of the initial creation of this tool for the translating of a Japanese game.note that for obvious technical reasons is not possible to export and re import ever all the strings for any executable because in some cases (usually with big programs) could be generated false positives, anyway the output file generated by the tool is very easy to understand and edit so it's not a problem.
tool for monitoring the offsets of specific files read and written by a target program and breaks its execution for debugging it.
Offbreak can set an INT3, set an hardware and software breakpoint, automatically attach the system debugger and display a MessageBox when the monitored files and offsets are handled by the target.to make the debugging more easy, Offbreak sets some registers to show the buffer containing the data read/written, the amount of bytes in the operation, name of the API and full name of the file.
additional information are available at runtime.
Dr. Memory is a memory monitoring tool capable of identifying memory-related programming errors such as accesses of uninitialized memory, accesses to unaddressable memory (including outside of allocated heap units and heap underflow and overflow), accesses to freed memory, double frees, memory leaks, and (on Windows) handle leaks, GDI API usage errors, and accesses to un-reserved thread local storage slots.
Dr. Memory operates on unmodified application binaries running on Windows, Linux, Mac, or Android on commodity IA-32, AMD64, and ARM hardware.
Dr. Memory is built on the DynamoRIO dynamic instrumentation tool platform.
LLDB is a next generation, high-performance debugger. It is built as a set of reusable components which highly leverage existing libraries in the larger LLVM Project, such as the Clang expression parser and LLVM disassembler.LLDB is the default debugger in Xcode on Mac OS X and supports debugging C, Objective-C and C++ on the desktop and iOS devices and simulator.All of the code in the LLDB project is available under the standard LLVM License, an open source "BSD-style" license.
LLDB currently converts debug information into clang types so that it can leverage the clang compiler infrastructure. This allows LLDB to support the latest C, C++, Objective C and Objective C++ language features and runtimes in expressions without having to reimplement any of this functionality. It also leverages the compiler to take care of all ABI details when making functions calls for expressions, when disassembling instructions and extracting instruction details, and much more.
The major benefits include:
Up to date language support for C, C++, Objective C
Multi-line expressions that can declare local variables and types
Utilize the JIT for expressions when supported
Evaluate expression Intermediate Representation (IR) when JIT can't be used
Valgrind is an instrumentation framework for building dynamic analysis tools. There are Valgrind tools that can automatically detect many memory management and threading bugs, and profile your programs in detail. You can also use Valgrind to build new tools.
The Valgrind distribution currently includes six production-quality tools: a memory error detector, two thread error detectors, a cache and branch-prediction profiler, a call-graph generating cache and branch-prediction profiler, and a heap profiler. It also includes three experimental tools: a stack/global array overrun detector, a second heap profiler that examines how heap blocks are used, and a SimPoint basic block vector generator. It runs on the following platforms: X86/Linux, AMD64/Linux, ARM/Linux, ARM64/Linux, PPC32/Linux, PPC64/Linux, PPC64LE/Linux, S390X/Linux, MIPS32/Linux, MIPS64/Linux, TILEGX/Linux, X86/Solaris, AMD64/Solaris, ARM/Android (2.3.x and later), ARM64/Android, X86/Android (4.0 and later), MIPS32/Android, X86/Darwin and AMD64/Darwin (Mac OS X 10.10, with initial support for 10.11).
Valgrind is Open Source / Free Software, and is freely available under the GNU General Public License, version 2.
native debugger. Works transparently, neither script nor PHP engine modifications required.
server part (dbg module) runs on all platforms where PHP itself runs.
works transparently across the global network as well as locally.
JIT. When enabled it can start debugging Just In Time when an error happens.
supports back-trace, e.g. displays a list of all procedures with their local variables, the current execution position reached from. In other words you can watch local variables or function parameters in all active and nested scopes.
certainly, you can execute script in the debugger step by step (step-in, step-out, step-over, run to cursor, change execution point withing current scope...), evaluate any valid php expression(s) or inspect arrays, classes and simple variables, modify their values on the fly and even create any new variables. Dbg supports conditional breakpoints and even global ones (commercial version only). Breakpoints can be skipped specified number of times.
allows to change execution point (commercial version only).
has embedded profiler, so now it's easy to find out a bottleneck in the scripts.
allows multiple debugger processes running simultaneously.
compatible with php-4.0.6 and higher (commercial is compatible with php 4.3 and higher).
has open COM interfaces for integration with win32-based 3rd party IDEs.
Commercial version of DBG (3.x) is available with commercial version of PhpED PHP IDE only, see review for details.
Linux, BSD, SunOs, MacOs and Win32 platoforms are supported.
Free version (2.15) is available on this site. It works with PHP Edit, PHP Coder and some other IDEs.
Free dbg front-end (dbg-cli) for Linux/Unix can be used to debug scripts either directly or under DDD 3.3.9 (GNU debugger). Also see RedHat 7.3, YellowDog and Mandrake distributions at RPM Find site.
FusionDebug an interactive step debugger for CFML, compatible with Adobe ColdFusion, Railo and Lucee. It enables developers to step through code line-by-line, step into, over or out of code to better understand how code is running.
No code changes.
Can debug Flex, Ajax, Web Service and Flash Remoting requests.
Change variables on the fly.
Debug requests from any user.
Debug complex applications.
View stack traces.
Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF and its supporting vendors.
WHAT IS KISMET?
Kismet is a wireless network detector, sniffer, and intrusion detection system. Kismet works predominately with Wi-Fi (IEEE 802.11) networks, but can be expanded via plug-ins to handle other network types.
Standard PCAP logging (compatible with Wireshark, TCPDump, etc)
Client/Server modular architecture
Plug-in architecture to expand core features
Multiple capture source support
Live export of packets to other tools via tun/tap virtual interfaces
Distributed remote sniffing via light-weight remote capture
XML output for integration with other tools