Security Researcher Toolkit

30 November -0001

When you start working in computer security, as with many computer related fields, you'll find that there are a lot of expensive tools out there to assist in your work. You may even begin to believe that exploring the field of computer security will require a significant investment in order to purchase tools. In reality, much of what you need is available for free and available as open source software. In order to save people time and effort in having to track down the tools that I use most commonly in hacking and security research. Most of these tools work well on both Windows and Linux platforms.

1. VirtualBox - Innotech was recently acquired by Sun and they now distribute VirtualBox. VirtualBox is a full featured virtualization platform, comparable to VMWare Workstation. You can create virtual machines, run multiples at a time, take snapshots and roll back machine state. You can also edit virtual machine settings from within the tools. All these features and the fact that it is available for free makes VirtualBox my preferred emulation tool. Virtualization is essential for any security researcher. It allows you to set up systems and services and test them without having to invest in new hardware. It makes the installation and repair process extremely fast as well, saving you tons of time. You should have, at minimum, one Linux virtual machine and one Windows virtual machine to use for testing.

2. NMAP - NMAP port scanner is available for Windows and Linux and is essential in determining basic port information. The uses for NMAP are too many to list, but I'm confident you'll find it extremely useful.

3. Wireshark - Wireshark is a packet capturing utility with a great graphical front end. Formerly called Ethereal, Wireshark is great for listening to traffic and doing analysis. Wireshark beats the pants off of more robust tools like Snort for doing quick captures and analysis. Tools like communication tracking and searching make Wireshark a great analysis tool.

4. Truecrypt - Truecrypt is a wonderful encryption tool that allows you to create encrypted volumes and even do whole disk encryption. Although not directly useful for research, this is a great tool to have around so you can protect your privacy.

5. Axcrypt - Axcrypt allows you to encrypt files or folders on your machine and includes utilities to make password protected files that can be distributed to people without Axcrypt. Axcrypt also has a secure wipe tool that is wonderful for getting rid of files you don't want uncovered by forensics.

6. GPG - GPG (GNU Privacy Guard) is a wonderful tool for encryption, including sending and receiving encrypted messages. GPG utilizes the PGP encryption standard for public key cryptography.

7. PuTTY - PuTTY is my personal favorite SSH client. It's clean, simple and configurable. SSH is an encrypted communications protocol that is widely used to administer unix servers. I even SSH to locally hosted virtual machines just for convenience. PuTTY comes with lots of convenient GUI tools that allow you to configure SSH port forwarding and handle key based access.

8. WinSCP - for transferring files securely over SSH from Windows, WinSCP is my tool of choice. Even though WinSCP is GUI based, it comes with a command line tool as well. This is extremely handy for automating file transfers (such as backups) from windows.

9. Clam AV - ClamAV is an open source anti virus tool available for almost any platform. Using ClamWin on Windows is a perfect way to investigate odd behaviors and make sure your machine doesn't get infected with malware (by accident of course).

10. Firefox - Firefox has security related plug ins that makes it a must have for any security researcher.

11. Tamper Data - The Tamper Data Firefox plugin allows you to monitor, intercept, and change any client side data as it's being passed to a server. This is an extremely important tool for web application penetration testing.

12. Paros - Paros is a proxy that is used in much the same way as the Firefox Tamper Data plugin. The reason you want Paros as well is that you can use it to test any service, whether or not it is accessible via a web browser. For instance, if you want to test a Java applet you'll need a more robust tool than Tamper Data and so you'd use something like Paros.

12.5 Web Scarab - Web Scarab is the OWASP project's java based proxy monitor. It works in much the same way as Paros for testing web applications. Web Scarab can be used with tools like ProxMon to extend it's functionality and aid in pen testing.

13. A C/C++ Compiler - this one is a snap if you're working on a Linux platform, but if you're working on Windows this is a bit more of a challenge. Two good options are MinGW, a GNU C compatible compiler available for Windows, and Cygwin which is a Windows based Linux emulation platform that allows you to run Linux programs on your Windows machine.

14. Perl - you're going to need a Perl interpreter on your machine to make use of many of the tools and exploits that you'll want to work with. On Windows I would recommend ActivePerl by Active State.

14.5 Perl IDE - Perl IDE is one of the only FOSS products I'm aware of. Perl IDE runs on Windows and has nice debugging output, error console, and input parameters. It's a tabbed environment so you can work on several Perl programs at once.

15. Python - Python is increasingly becoming the language of choice amongst security researchers. Having a Python interpreter is another invaluable tool for security researchers. You can get Python from

16. TOR - TOR (The Onion Router) is a wonderful anonymizing tool that allows you to practically randomize your IP address. This is a must for penetration tests of applications and servers that have IDS installed. If you trigger a black list on one IP you can just use TOR to change your IP and continue your testing.

17. SQL Developer - If you're going to do any work with databases then you need a reliable database client that will allow you to test connections and issue commands easily. Oracle's SQL Developer is a Java based GUI client that will handle connections to Oracle and MySQL databases.

18. Olly Debug - If you're going to do any work on Windows working with buffer overflows then you're going to need a debugger so you can examine registers. Olly Debug is a free, GUI based debugger that you can use to examine memory registers and values in order to locate and exploit flaws in Windows binaries.

19. 7zip - 7zip is an incredibly useful Windows utility. It can open regular zip archives, but can also handle tar archives and other non-standard Windows archives. This can be extremely useful if you want to examine source code but it's distributed in bzip2 format or some other Unix/Linux standard format.

20. NetCat - It sort of goes without saying, but netcat is still one of the best tools out there for security work. You can get netcat (nc) with most Linux/Unix distributions, but there's also a version available for Windows. If you want to get sneaky you can also check out Cryptcat, which is essentially netcat with encryption applied.