Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 164

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 167

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 170

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 173

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 176

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 178

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 180

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 202

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 206

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 224

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 225

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 227

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 321

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 321

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 321

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 321

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/admin/class.options.metapanel.php on line 56

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/admin/class.options.metapanel.php on line 49
Malware/Analyst Tools | Certified Ethical Hackers Security Analyst Malware Hacking Information

Some useful Malware/Forensic/Analyst tools that I have found useful:

 

http_analysis.pl v1.01
# Uses tshark to output the IP addresses, TCP ports, and key HTTP request and response headers from a PCAP file.
# Usage: http_analysis.pl [-d tcp.port] [-R display_filter] pcap_file

 


 httpAnalyzer.pl

# This script reads in a pcap network capture to analyze HTTP traffic. It
# will output an HTML file in the current directory that contains the analysis
# of every HTTP transfer recorded in the pcap file. The analysis output file has
# been tested to work in Firefox 3.5+ and may be very large. Please allow it to
# fully load before attempting to interact with it.


 

analyse_syn_packets.py
“”"

Script to calculate how often a ip or tcp field changes in a pcap file for a specified destination
ip address and port.

 


# stream.pl v1.31

# Uses tshark to identify or reassemble TCP streams.
# Advantages:
# 1. Only requires tshark 1.2.0 or later, and standard Perl modules.
# 2. Reassembles streams with duplicate, missing, out of order, or overlapping TCP segments.

# Usage: stream.pl [-R display_filter] pcap_file
# Prints out information about each identified TCP stream from pcap_file, including stream number, time, IPs, ports, and application protocol.
# -R optionally specifies a tshark display filter

 


 

# trafficAnalyzer.sh
################################################################################
# This script reads in a pcap network capture to analyze traffic. It
# will output a table with columns representing a count of packets, a source
# MAC address and its IP address, and a destination MAC address and its IP
# address.
#
# Usage:
# trafficAnalyzer.sh capture.pcap

 


 User_Agent_Tester.py

This tool is designed to automatically check a given URL using a list of standard and non-
standard User Agent strings provided by the user (1 per line).

Example .:

./UATester.py -u www.example.com -f ./useragentlist.txt -v
./UATester.py -u https://www.wordpress.com
./UATester.py -u http://www.defaultserver.com -v –debug
./UATester.py -u facebook.com -v -d MDBX
./UATester.py -u https://www.google.com -s “MySpecialUserAgent”\n”’


 

 # smtpcat
#################################################################################################
# This script reads a PCAP file and prints out all the smtp connections in the file and gives
# the user the option of dumping the payload as an eml file

 


 /* trimexe.c
*
* A small program for extracting PE files from small chunks
* of raw data. This is designed to fish executables out of the
* reassembled raw data you can get from “follow TCP stream” in
* wireshark, for example.
*
* At the moment it finds the first PE file in the stream and uses
* the PE coff and section header data to compute the file size
* of the executable. Output of various header values and offsets
* is in hex and decimal to save a trip to the calculator.

 


 

 

 

 

Leave a Reply

Set your Twitter account name in your settings to use the TwitterBar Section.