Forensic acquisition :

• dd : tool to make bit to bit copies and backups
• dd_rescue : more or less the same as dd but handles disk errors
• dd_rhelp : a script to facilitate the use of dd_rescue
• dcfldd : tool to make bit to bit copies
• AFFLIB : Advanced Forensic Format tools
• sdd : a dd clone specialized in tapes
• AIR : A graphical frontend for dd and dcfldd

Forensic analysis :

• Sleuthkit/Autopsy : tool to find deleted files (and many more features)
• Galetta : a ms-windows cookies analyzer
• Pasco : a ms-windows IExplorer cache analyzer
• Rifiuti : a ms-windows trashcan analyzer
• mork.pl : perl script to read firefox history.dat
• cookie_cruncher.pl : a tool to parse cookies
• dumpster_dive.pl : a tool to read m$ recycle bin files
• browser-history-viewer : as the name says

Undelete :

• Sleuthkit/Autopsy : tool to find deleted files (and many more features)
• testdisk : tool to recover damaged partitions (WIP version)
• NTFS Tools : tools to find deleted files on NTFS partitions
• Scrounge-NTFS : a tool to rescue data from NTFS partitions
• recoverjpeg : a tool to recover jpeg images
• fatback : a tool to undelete files on a fat filesytsem
• foremost : a tool to find files on a raw disk based on their headers
• magicrescue : another one
• e2undel : recover deleted files on ext2
• recover : like e2undel
• e2retrieve : a tool to recover deleted files on ext2 filesystems
• myrescue : a tool to recover data on damaged hard disk drives
• recoverdm : another tool to recover data on damaged hard disk drives
• scalpel : another foremost/magicrescue like tool
• gzrecover : a tool to recover data from damaged gz files
• safecopy : a tool to recover data from damaged devices

Hardware utils :

• discover : a tool to discover hardware
• lshw : a very useful tool to list hardware
• scsitools : some useful scsi tools
• scsiadd : a script to rescan scsi chain
• blktool : a tool to display or change block devices settings

Disk/partition utils :

• setmax : A tool to change Host Protected Area settings (no support of large disks)
• testdisk : tool to recover damaged partitions (WIP version)
• disktype : a tool to list disk partitions and other useful informations
• ms-sys : a tool to create ms boot sectors (fdisk /mbr)
• safecopy : a tool to recover data from damaged devices

Archive tools :

• zoo : the zoo compression algorythm support
• p7zip : the 7zip compression tools
• orange : cab file reader
• spantape : a tool to span data on multiple tapes
• unshield : a reader for self extraction shield files
• unrar : a tool to uncompress rar files
• unace : a tool to uncompress ace files
• gzrecover : a tool to recover data from damaged gz files

Pictures tools :

• FBI : tool to view images in console mode
• exiftags : a tool to extract exif informations in jpeg files
• exif : another one
• metacam : a third one
• jhead : a fourth one
• dcraw : a tool to read raw photo images from digital cameras
• jpeginfo : a tool view jpeg files informations
• recoverPhotos : another image recovery tool
• exifprobe : another exif extractor

Video tools :

• MPlayer : tool to view movies in console mode

Password cracker :

• cmospwd : a tool to recover cmos passwords
• pwl : a tool to crack win 9x pwl files
• John the ripper : a password cracker for unixes, and win nt,2k and xp passwords
• lcrack : lepton cracker
• chntpw : a tool to help cracking NT passwords
• crack : a password cracker
• samdump : a tool to extract password hashes from MS Windows registry files
• bkhive : a tool to extract Syskey bootkey from MS Windows system hive file
• pgpcrack : a pgp brute force attacker
• nasty : a tool to try to recover PGP or GPG passphrases
• fcrackzip : a zip file password cracker
• medussa : a distributed password cracker

Crypto/Stegano tools :

• cryptcat : a encrypted version of netcat
• outguess : a stegano tool
• stegdetect : a tool to detect stegano
• bcrypt : crypto utility
• ccrypt : an encryption decryption tool

Anti-virus :

• clamav : command line antivirus
• rkhunter : a rootkit hunter

MS files tools :

• Galetta : a ms-windows cookies analyzer
• Pasco : a ms-windows IExplorer cache analyzer
• Rifiuti : a ms-windows trashcan analyzer
• readpst : a tools to read ms-Outlook pst files
• antiword : a tool to read ms-Word files
• mdbtools : playing with MS mdb access databases
• ripole : A tool to rip attachements from MS files
• tnef : A tool to decode MS encapsulation format
• fccu-docprop : a tool to read MS OLE files (mainly doc, xls) properties
• fccu.evtreader : a tool to parse MS evt log files
• reglookup : MS windows registry viewer
• grokevt : An MS win event log viewer with dll message import
• eindeutig : read and convert dbx files
• clit : convert MS e-books
• cookie_cruncher.pl : a tool to parse cookies
• dumpster_dive.pl : a tool to read m$ recycle bin files
• mscompress : Decompress files compressed with compress.exe

Network :

• RIP and PXE boot : A complete system for large network keyword search
• sbd : a netcat like utility with encryption supprot
• smbc : samba commander
• p0f : A passive OS fingerprinting tool
• arping : a ping utility
• ngrep : grep utility for network packets
• netwox : a toolbox with more than 200 network tools
• sshfs : a filesystem client based on ssh
• lft : a traceroute tool
• socat : a netcat like tool
• netdiscover : a tool to discover networks
• mimms : download mms streams
• weplab : a wep security analyzer
• netsed : network srteam altering tool

Network scanner :

• knocker : TCP security port scanner
• nikto : web server security scanner
• nbtscan : a smb network scanner

Network capture :

• tcpick : textmode sniffer
• tcptrack : another one
• tcpflow : a tool to capture tcp packets
• tcpreplay : a tool to replay TCP dumps (replay a tap)
• tcpextract : a tool to extract files from network traffic based on file headersw
• netdude : a tool to analyze captured tcp packets
• dsniff : a tool to sniff packets on a network
• hunt : packet sniffer
• sniffit : another one
• ettercap : a packet sniffer
• driftnet : sniff images (jpegs ...) on the network
• karpski : another sniffer
• nast : another one
• scapy : packet manipulation tool
• hydra : a network services password guessing tool
• chatsniff : an instant messenger sniffer
• msn-capture : a tool to capture msn traffic from the network
• imsniff : an instant messaging sniffer
• darkstat : another packet sniffer
• netwox : a toolbox with more than 200 network tools
• prismstumbler : a wireless sniffer

Malware collection :

• nepenthes : A tool to collect malware
• mwcollect : A tool to collect malware

VNC utils :

• xvncviewer : a VNC client (runs under X)
• direct-vnc : a VNC client in console mode

Common tools :

• pipebench : a pipe progress viewer
• pv : another pipe progress viewer
• cpipe : another pipe progress viewer
• pipemeter : another pipe progress viewer
• biew : an HEX editor
• bfr : a buffer optimizer
• biabam : Bash Attachement mailer
• aish : convert too and from uuencode or base 64
• mimedecode : like the name says
• ftimes : a tool to gather informations about files
• md5deep : a tool to recursively calculate md5 hashes
• glark : a sort of colorized grep
• curl : a tool to play with http like mirroring a website
• star : a tar archiver
• sgrep : a grep for structures

Other, unsorted :

Back to Previous Page