300
edits
Changes
Jump to navigation
Jump to search
Hashing & Crypto + Password cracking added
*[https://ntcore.com/?page_id=388 CFF Explorer] - is a PE editor called CFF Explorer and a process viewer with a lot of features.
*[https://web.archive.org/web/20220331063153/http://www.rdgsoft.net/ RDG Packer Detector] - is a detector for packers, cryptors, compilers, installers.
*[https://github.com/petoolse/petools/ PE Tools] - is a portable executable (PE) manipulation toolkit.
====Hex Editors====
*[https://github.com/hasherezade/tiny_tracer tiny_tracer] - is a Pin Tool for tracing API calls including parameters of selected functions, selected instructions RDTSC, CPUID, INT, inline system calls inc parameters of selected syscalls and more.
====Hashing & Crypto====
These tools are used in authorized security audits to uncover flaws in hashing or cryptographic logic, as well as to detect backdoors or undocumented features. They are also commonly employed in crackme challenges to help improve reverse engineering skills.<br>
It includes support for a wide range of cryptographic algorithms and hash functions, such as AES, Blowfish, TEA family, RC2–RC6, Twofish, DES variants, MARS, and hashing standards like SHA-2, RIPEMD, TIGER, WHIRLPOOL, CRC variants, and HAVAL with multiple rounds and output lengths.
*[https://webscene.ir/distro/AT4RE/Tools Keygener Assistant v2.1.2] [[File:Keygener Assistant v2.1.2.zip]] - is a tool that combines several functions to facilitate the task and save time during the analysis of an algorithm.
*[https://webscene.ir/tools/show/SnD-Reverser-Tool-1.4 SnD Reverser Tool 1.4 (404)] [[File:SnD Reverser Tool 1.4.zip]] - is a cryptographic companion tool designed to support reverse engineering efforts, offering a wide range of features including hash function analysis, base conversions, and support for various encryption standards.
====Password cracking====
Most embedded devices, whether connected via wireless or wired interfaces, store credentials such as local account passwords, service keys, and API keys. If you need to evaluate or audit the cryptographic mechanisms protecting these credentials, password-cracking tools are essential.
Offline
*[https://github.com/hashcat/hashcat Hashcat] - is world's fastest and most advanced password recovery utility, supports many hash algorithms (MD5, SHA1, NTLM, bcrypt, etc).
*[https://github.com/openwall/john John the Ripper jumbo] - is a advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs.
Online (network based bruteforce in LAN).
*[https://github.com/vanhauser-thc/thc-hydra Hydra / THC Hydra] - is a parallelized network login cracker built into various operating systems like Kali Linux, Parrot and other major penetration testing environments. It was created as a proof of concept tool, for security researchers to demonstrate how easy it can be to crack logins.
*[https://github.com/jmk-foofus/medusa Medusa] - is a speedy, parallel, and modular, login brute-forcer.
====Virtualization technology (host isolation) or sandboxes====
