InfoSec Tools

Open-source intelligence (OSINT) tools like Infoga, Octoparse, and Splint allow the gathering of publicly available information from the internet for research, trend tracking, and competitive analysis. By leveraging these tools responsibly to extract data from public sources, organizations can gain valuable insights for making informed decisions and keeping up with technological and societal trends. However, these powerful technologies must be utilized legally and ethically.


AlienVault Unified Security Management (USM)AlienVault Unified Security Management (USM) offers powerful threat detection, incident response, and compliance management across cloud, on-premises, and hybrid environments.
Active Directory (AD)Attackers perform Active Directory (AD) enumeration to extract sensitive information such as users, groups, domains, and other resources from the target AD environment. Attackers enumerate AD using PowerShell tools such as PowerView.
Checkmarx CxSASTCheckmarx CxSAST is a unique source-code analysis solution that provides tools for identifying, tracking, and repairing technical and logical flaws in source code, such as security vulnerabilities, compliance issues, and business logic problems.
DPATDPAT is a Python script that generates password use statistics from password hashes dumped from a domain controller (DC) and a password crack file such as hashcat.pot generated using the hashcat tool during password cracking.
FiddlerFiddler is used for performing web-application security tests such as the decryption of HTTPS traffic and manipulation of requests using an MITM decryption technique.
InfogaInfoga is a tool used for gathering email account information (IP, hostname, country, etc.) from different public sources (search engines, PGP key servers, and Shodan), and it checks if an email was leaked using the haveibeenpwned.com API.
MaltegoMaltego is a program that can determine the relationships and real-world links between people, groups of people, organizations, websites, Internet infrastructure, and documents.
OctoparseOctoparse offers automatic data extraction, as it quickly scrapes web data without coding and turns web pages into structured data. As shown in the screenshot, attackers use Octoparse to capture information from webpages, such as text, links, image URLs, or HTML code.
ScranosScranos is a trojanized rootkit that masquerades as cracked software or a legitimate application, such as anti-malware, a video player, or an ebook reader, to infect systems and perform data exfiltration that damages the reputation of the target and steal intellectual property.
SplintSplint can detect common security vulnerabilities including buffer overflows.
Spytech SpyAgentSpytech SpyAgent is computer spy software that allows you to monitor everything users do on your computer—in total secrecy.
StegoStickStegoStick is a steganographic tool that allows attackers to hide any file in any other file.

Comments