Tool References¶
Cybersecurity & Forensics Tools Guide
Forensics Tools¶
Packet Analysis¶
Wireshark - Purpose: Network protocol analyzer and packet capture - Use Case: Deep packet inspection, protocol analysis, traffic troubleshooting - Platform: Windows, macOS, Linux - Website: wireshark.org
tcpdump - Purpose: Command-line packet analyzer - Use Case: Live packet capture, filtering, basic analysis - Platform: Unix/Linux (included by default) - Common Commands:
Network Forensics¶
NetworkMiner - Purpose: Network forensic analysis tool for PCAP files - Use Case: Extract artifacts (files, credentials, hostnames) from network traffic - Platform: Windows, Linux (Mono) - Website: netresec.com
Zeek (formerly Bro) - Purpose: Network analysis framework and IDS - Use Case: Protocol logging, file extraction, traffic analysis - Platform: Unix/Linux - Website: zeek.org
Endpoint Forensics¶
Volatility - Purpose: Memory forensics framework - Use Case: Analyze RAM dumps for malware, rootkits, process artifacts - Platform: Windows, macOS, Linux - Website: volatilityfoundation.org
The Sleuth Kit + Autopsy - Purpose: Disk forensics and file recovery - Use Case: File system analysis, deleted file recovery, timeline creation - Platform: Windows, macOS, Linux - Website: sleuthkit.org
Penetration Testing Tools¶
Reconnaissance¶
Nmap - Purpose: Network scanner and host discovery - Use Case: Port scanning, service enumeration, OS detection - Common Commands:
Shodan - Purpose: Internet-connected device search engine - Use Case: OSINT, exposed services, vulnerability research - Website: shodan.io
Vulnerability Assessment¶
Nessus - Purpose: Vulnerability scanner - Use Case: Automated vulnerability discovery and assessment - Platform: Windows, Linux, macOS - Vendor: Tenable
OpenVAS - Purpose: Open-source vulnerability scanner - Use Case: Comprehensive vulnerability testing - Platform: Linux - Website: openvas.org
Exploitation Frameworks¶
Metasploit - Purpose: Penetration testing framework - Use Case: Exploit development, validation, post-exploitation - Platform: Windows, Linux, macOS - Website: metasploit.com
Burp Suite - Purpose: Web application security testing platform - Use Case: Web app pen testing, proxy, scanner, intruder - Platform: Windows, macOS, Linux - Website: portswigger.net
Wireless Testing¶
Aircrack-ng - Purpose: Wireless network security testing suite - Use Case: Wi-Fi password cracking, packet injection, monitoring - Platform: Linux, Windows, macOS - Website: aircrack-ng.org
Kismet - Purpose: Wireless network detector and IDS - Use Case: Wireless network discovery, monitoring, packet capture - Platform: Linux, macOS - Website: kismetwireless.net
SIEM & Log Analysis¶
Splunk - Purpose: Security Information and Event Management platform - Use Case: Log aggregation, correlation, alerting, dashboards - Platform: Windows, Linux - Website: splunk.com
ELK Stack (Elasticsearch, Logstash, Kibana) - Purpose: Open-source log management and analysis - Use Case: Centralized logging, search, visualization - Platform: Linux, Docker - Website: elastic.co
Cisco-Specific Tools¶
Network Management¶
DNA Center (DNAC) - Purpose: Network automation and assurance platform - Use Case: SD-Access management, network health, AI insights - Platform: Appliance / VM - Vendor: Cisco Systems
vManage - Purpose: SD-WAN management and orchestration - Use Case: SD-WAN policy, monitoring, analytics - Platform: Appliance / Cloud - Vendor: Cisco Systems
Security Platforms¶
ISE (Identity Services Engine) - Purpose: Network access control and policy enforcement - Use Case: 802.1X, TrustSec, device profiling, pxGrid - Platform: Appliance / VM - Vendor: Cisco Systems
FMC (Firepower Management Center) - Purpose: Firewall and IPS management - Use Case: FTD policy management, threat intelligence, events - Platform: Appliance / VM - Vendor: Cisco Systems
SecureX (XDR) - Purpose: Extended Detection and Response platform - Use Case: Cross-platform correlation, threat hunting, automation - Platform: Cloud-based - Vendor: Cisco Systems
Threat Intelligence¶
Talos Intelligence - Purpose: Cisco threat research and intelligence - Use Case: IOCs, vulnerability research, threat trends - Website: talosintelligence.com
MISP (Malware Information Sharing Platform) - Purpose: Threat intelligence sharing platform - Use Case: IOC sharing, correlation, collaborative analysis - Platform: Linux - Website: misp-project.org
VirusTotal - Purpose: File and URL malware analysis - Use Case: Hash/file reputation, malware detection - Website: virustotal.com
Scripting & Automation¶
Python
- Libraries for Security:
- scapy — Packet manipulation
- requests — HTTP/API interactions
- beautifulsoup4 — Web scraping
- pycryptodome — Cryptography
- paramiko — SSH automation
PowerShell - Use Case: Windows automation, Active Directory queries, event log analysis - Security Modules: PowerSploit, Empire, Nishang
Bash - Use Case: Unix/Linux automation, log parsing, system administration - Common Tools: awk, sed, grep, jq
Malware Analysis¶
Cuckoo Sandbox - Purpose: Automated malware analysis system - Use Case: Behavioral analysis, network traffic capture - Platform: Linux - Website: cuckoosandbox.org
IDA Pro / Ghidra - Purpose: Reverse engineering and disassembly - Use Case: Binary analysis, malware reverse engineering - Platform: Windows, macOS, Linux - Ghidra: ghidra-sre.org (free, NSA)
Reporting & Documentation¶
Dradis - Purpose: Collaboration and reporting for security teams - Use Case: Penetration test report generation - Platform: Linux, Docker - Website: dradisframework.com
Obsidian / Notion - Purpose: Note-taking and knowledge management - Use Case: Research notes, investigation timelines, collaboration
Kali Linux Toolkit¶
Kali Linux includes 600+ pre-installed security tools including: - Reconnaissance: nmap, masscan, dnsenum, sublist3r - Vulnerability Analysis: OpenVAS, nikto, sqlmap - Wireless Attacks: aircrack-ng, reaver, wifite - Web Applications: burp suite, zaproxy, wpscan - Exploitation: metasploit, searchsploit, armitage - Password Attacks: john, hashcat, hydra, medusa - Forensics: autopsy, binwalk, bulk-extractor - Social Engineering: SET (Social-Engineer Toolkit)
Website: kali.org
Best Practices¶
Tool Selection¶
- Use official repositories and verified sources
- Keep tools updated to latest versions
- Verify file hashes before installation
- Review tool documentation and capabilities
Legal Compliance¶
- Only use tools on authorized systems
- Obtain written permission before testing
- Follow organizational security policies
- Document all tool usage for audit trails
Operational Security¶
- Use isolated testing environments
- Sanitize sensitive data from reports
- Secure tool configurations and credentials
- Practice proper evidence handling
Last Updated: March 2026 | Tool Count: 40+ platforms and utilities