πŸ”¨ Cyber Tools 🚧

List of useful tools used by Ronald Bartels while supporting and working with Software Defined Wide Area Networking (SD-WAN) and Cybersecurity.

Routing

  • BGPalerter

BGP and RPKI monitoring tool. Pre-configured for real-time detection of visibility loss, RPKI invalid announcements, hijacks, ROA misconfiguration, and more.

  • hyperglass

hyperglass is the network looking glass that tries to make the internet better.

  • VPP

The VPP platform is an extensible framework that provides out-of-the-box production quality switch/router functionality. It is the open source version of Cisco's Vector Packet Processing (VPP) technology: a high performance, packet-processing stack that can run on commodity CPUs.

  • Bird

Aims to develop a fully functional dynamic IP routing daemon. Supports IPv4 and IPv6, multiple routing tables, BGP, RIP, OSPF, BFD, Babel, static routes, IPv6 RA, and inter-table protocol, and offers a CLI using the `birdc’ client and a powerful language for route filtering.

  • Free Range Routing

Internet routing protocol suite for Linux and Unix platforms. It implements BGP, OSPF, RIP, IS-IS, PIM, LDP, BFD, Babel, PBR, OpenFabric, and VRRP, with alpha support for EIGRP and NHRP. FRR’s seamless integration with native Linux/Unix IP networking stacks makes it a general purpose routing stack applicable to a wide variety of use cases including connecting hosts/VMs/containers to the network, advertising network services, LAN switching and routing, internet access routers, and internet peering.

  • PeeringDB

PeeringDB is a freely available, user-maintained, database of networks, and the go-to location for interconnection data.

  • BGPlay

BGPlay is an advanced RIPEstat widget that visualises BGP routing information.

  • INX Peering Traffic

INX-ZA operates the only completely neutral, and community-run Internet exchange points in South Africa, namely the Johannesburg Internet Exchange (JINX), Cape Town Internet Exchange (CINX), Durban Internet Exchange (DINX) and the Nelson Mandela Bay Internet Exchange (NMBINX). The JINX is Africa's oldest IXP; operating since 1996, with 100% uptime!

  • NAPAfrica Peering Traffic

  • MyBroadband SpeedTest πŸ‘

Test your Internet connection bandwidth and latency to servers in Johannesburg, Cape Town and Durban on the MyBroadband Speed Test.

  • WARP πŸ’°

A service that connects you to the Cloudflare network. Useful to troubleshoot and an alternative to use looking glasses.

  • RIPE Looking Glass

Information coming from a Looking Glass where the data is based on a data feed from the RIPE NCC's network of BGP route collectors.

  • Net Actuate Looking Glass

Use this tool to perform ping/traceroutes via IPv4 or IPv6 from any of the Netactuate locations. If you are unable to ping due to a firewall, try a traceroute to get an idea of the route to your location.

Network Management

  • **Unimus ** πŸ’°

Unimus aim to make automation, disaster recovery, change management and configuration auditing painless and affordable for a network of any size

  • NeDi πŸ‘

NeDi discovers your network devices and tracks connected end-nodes. It contains many additional features for managing enterprise networks including intelligent topology awareness, MAC address mapping/tracking, traffic, error, discard and broadcast graphing with threshold based alerting, uptime, BGP peer and interface status monitoring, correlate syslog messages and traps with discovery events, network maps for documentation and monitoring dashboards, detecting rouge access points and finding missing devices, and extensive reporting ranging from devices, modules, interfaces all the way to assets and nodes.

Monitoring

  • Uptime Kuma πŸ‘

A fancy self-hosted monitoring tool

  • ntfy πŸ‘

ntfy (pronounced notify) is a simple HTTP-based pub-sub notification service. It allows you to send notifications to your phone or desktop via scripts from any computer, and/or using a REST API.

  • Apprise

Apprise - Push Notifications that work with just about every platform!

  • Grafana

Easily collect, correlate, and visualize data with beautiful dashboards. Data visualization and monitoring solution that drives informed decisions, enhances system performance, and streamlines troubleshooting.

  • MikroCloud πŸ’°

Software-defined networking for MikroTik devices. Enhance the features and manageability of networks using a modern management cloud based platform.

Network Services

  • DNSMASQ

Dnsmasq provides network infrastructure for small networks: DNS, DHCP, router advertisement and network boot. It is designed to be lightweight and have a small footprint, suitable for resource constrained routers and firewalls.

  • Quad9

Quad9 is a free service that replaces your default ISP or enterprise Domain Name Server (DNS) configuration.

  • RethinkDNS

Block malware, spyware, ads, and trackers across all apps with Rethink DNS. Servers in 300+ locations: Experience Blazing fast speeds.

  • NextDNS πŸ’°

NextDNS protects you from all kinds of security threats, blocks ads and trackers on websites and in apps and provides a safe and supervised Internet

  • DNSProxy

A simple DNS proxy server that supports all existing DNS protocols including DNS-over-TLS, DNS-over-HTTPS, DNSCrypt, and DNS-over-QUIC. Moreover, it can work as a DNS-over-HTTPS, DNS-over-TLS or DNS-over-QUIC server.

  • DoH urls

DNS over HTTPS urls to use with the above DNS proxy

  • LibreQoS

Quality of Experience (QoE) platform that helps Internet Service Providers (ISPs) enhance their customers’ internet connections. It leverages state of the art Flow Queueing (FQ) and Active Queue Management (AQM) algorithms to manage latency and bufferbloat over existing infrastructure. It also monitors performance by measuring end-to-end TCP round trip time for each subscriber, Access Point, and Site on a network. LibreQoS ensures fair allocation of bandwidth, prioritizes critical real-time applications, and promotes connection quality, equity and access.

  • Pacemaker

Pacemaker is an open source, high availability resource manager suitable for both small and large clusters.

  • Pi.Alert

Scan the devices connected to your WIFI / LAN and alert you the connection of unknown devices. It also warns if a "always connected" device disconnects. In addition, it is possible to check web services for availability. For this purpose HTTP status codes and the response time of the service are evaluated.

Operating Systems

  • OpenWRT

Open Wireless RouTer. Linux operating system targeting embedded devices. Instead of trying to create a single, static firmware, OpenWRT provides a fully writable filesystem with package management. This frees you from the application selection and configuration provided by the vendor and allows you to customize the device through the use of packages to suit any application.

  • Best apps to install on openWRT

List of the best apps to install and use with openWRT.

  • Debian

Debian, also known as Debian GNU/Linux, is a Linux distribution composed of free and open-source software and optionally non-free firmware or software

  • openSUSE

openSUSE is a free and open-source Linux distribution developed by the openSUSE project.

  • Pi OS

Raspberry Pi OS with desktop and recommended software

Operating System Utilities

  • Balena Etcher

A cross-platform tool to flash OS images onto SD cards and USB drives safely and easily.

CyberSecurity Utilities

  • CANARY TOKENS

Canarytokens is a free tool that helps you discover you've been breached by having attackers announce themselves.

  • FastNetMon Community Edition

High-performance DDoS detector/sensor built on top of multiple packet capture engines: NetFlow, IPFIX, sFlow, AF_PACKET (port mirror). Detects hosts in the deployed network sending or receiving large volumes of traffic, packets/bytes/flows per second and perform a configurable action to handle that event. These configurable actions include notifying you, calling script or making BGP announcements.

  • Nmap

Tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. While Nmap is commonly used for security audits, many systems and network administrators find it useful for routine tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

  • Stinger

Trellix Stinger utilizes next-generation scan technology, including rootkit scanning, and scan performance optimizations. It detects and removes threats identified under the "Threat List" option under Advanced menu options in the Stinger application. Stinger now detects and removes GameOver Zeus and CryptoLocker.

  • NetworkMiner

NetworkMiner is an open source network forensics tool that extracts artifacts, such as files, images, emails and passwords, from captured network traffic in PCAP files.

  • naabu

A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests

CyberSecurity Services

  • X-Force

IBM X-Force Exchange is a threat intelligence sharing platform enabling research on security threats, aggregation of intelligence, and collaboration

  • Shodan

The entire Shodan platform (crawling, IP lookups, searching, data streaming) is available to developers.

  • MX Toolbox

MX Toolbox is an online set of tools and services designed to assist with the management and troubleshooting of email-related issues.

Firewalls

  • Nftables

Replaces the popular {ip,ip6,arp,eb} tables. This software provides a new in-kernel packet classification framework that’s based on a network-specific virtual machine and a new nft userspace command line tool. nftables reuses the existing Netfilter subsystems such as the existing hook infrastructure, the connection tracking system, NAT, userspace queueing, and logging subsystem.

  • OPNsense

Easy-to-use and easy-to-build FreeBSD based firewall and routing platform. OPNsense includes most of the features available in expensive commercial firewalls, and more in many cases. It brings the rich feature set of commercial offerings with the benefits of open and verifiable sources.

  • Clavister πŸ’°

Clavister delivers business continuity through holistic cybersecurity solutions, based on Swedish innovation with over 20 years of experience.

  • IPFire

IPFire is a hardened, versatile, state-of-the-art Open Source firewall based on Linux.

Connectivity

  • Wireguard

Extremely simple yet fast and modern VPN that uses state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN.

Command line

  • arp-scan 🍍🍍🍍

arp-scan is a network scanning tool that uses the ARP protocol to discover and fingerprint IPv4 hosts on the local network.

Update mac vendors:

sudo get-oui -uhttps://standards-oui.ieee.org/oui/oui.txt

  • asn 🍍🍍🍍🍍🍍

ASN / RPKI validity / BGP stats / IPv4v6 / Prefix / URL / ASPath / Organization / IP reputation / IP geolocation / IP fingerprinting / Network recon / lookup API server / Web traceroute server

  • mtr 🍍🍍🍍

Combines the functionality of the β€˜traceroute’ and β€˜ping’ programs in a single network diagnostic tool. As mtr starts, it investigates the network connection between the host mtr runs on and a user-specified destination host. After it determines the address of each network hop between the machines, it sends a sequence ICMP ECHO requests to each one to determine the quality of the link to each machine. As it does this, it prints running statistics about each machine.

  • trippy 🍍🍍🍍🍍

Trippy combines the functionality of traceroute and ping and is designed to assist with the analysis of networking issues. mtr on steroids.

  • Sipcalc

Console-based IP subnet calculator with IPv4 and IPv6 support.

  • Boson Subnet Calculator

The best online subnet calculator.

  • Speedtest CLI

CLI-based up/down bandwidth test.

  • prettyping

prettyping is a wrapper around the standard ping tool, making the output prettier, more colorful, more compact, and easier to read.

  • btop

A monitor of resources

  • fastfetch

Like neofetch, but much faster because written mostly in C.

For Debian Buster use:

πŸ‘‰ https://github.com/fastfetch-cli/fastfetch/releases/download/2.16.0/fastfetch-linux-amd64.tar.gz

Packet capture

  • Wireshark

The world’s most popular network protocol analyzer. It lets you see what’s happening on your network at a microscopic level. It’s the de facto (and often de jure) standard across many industries and educational institutions.

  • Netify πŸ’°

Netify is a Deep Packet Inspection (DPI) library - a software component or toolkit that provides the capability to analyze and inspect the content of network packets at a deep level, either in real time or from a packet capture (ex. tcpdump). DPI involves examining the payload of packets, beyond just the header information, to understand the nature and purpose of the data being transmitted.

  • pktstat

Simple ethernet interface traffic monitor and reporting tool

Infrastructure Management

  • rathole

A lightweight and high-performance reverse proxy for NAT traversal, written in Rust. An alternative to frp and ngrok.

  • Putty

PuTTY is an SSH and telnet client, developed originally by Simon Tatham for the Windows platform. PuTTY is open source software that is available with source code and is developed and supported by a group of volunteers.

  • Kitty

KiTTY is a fork from version 0.76 of PuTTY, the best telnet / SSH client in the world.

  • WinSCP

WinSCP is a free file manager for Windows supporting FTP, SFTP, S3 and WebDAV.

Virtualization

  • libvirt

libvirt is an open-source API, daemon and management tool for managing platform virtualization.

  • Proxmox πŸ’°

Proxmox Virtual Environment is a complete open-source platform for enterprise virtualization.

Browsers

  • Waterfox

Waterfox is the privacy-focused web browser engineered to give you speed, control, and peace of mind on the internet.

  • ublock Origin

The uBlock Origin is a free and open-source, cross-platform browser extension for content filteringβ€”primarily aimed at neutralizing privacy invasion

Collaboration

  • INX Jitsi

Local South African instance of a conference server. The perfect water cooler.

Cloud & Hosting

  • Rackzar πŸ’°

Bespoke Hosting solutions in South Africa. Enjoy fast & reliable hosting with 24/7 support, flexible plans, and a range of add-ons.

πŸ‘‰ rackzar.com

Troubleshooting

Useful utilities worth their weight in gold when in comes to troubleshooting.

  • TCPView

TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. TCPView also reports the name of the process that owns the endpoint. TCPView provides a more informative and conveniently presented subset of the Netstat program that ships with Windows.

  • System Informer

A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware.

Toolboxes

Toolboxes are lists of tools aggregated by a 3rd party.

  • Open Source Networking Projects

An Open Source Networking Projects which is list put together by Ethan Banks

  • Hacking Articles- Cyber Security Mindmap

Repository will contain many mindmaps for cyber security technologies, methodologies, courses, and certifications in a tree structure to give brief details about them.

Garage shelf

Tools that have been recommended and will test on a rainy day.

  • OcNos from ipNFUSION

OcNOS provides complete solutions for access, aggregation, transport and data center use cases, with the same software.

  • dog

dog is an easy-to-use DNS lookup client, with support for DoT and DoH, nicely coloured outputs and the option to emit JSON

  • OliveTin

OliveTin gives safe and simple access to predefined shell commands from a web interface.

  • ping.pe

πŸ‘‰ ping.pe

  • traceroute-online.com

Utilize traceroute online to perform an advanced visual traceroute that maps and enriches output from mtr. With ASN and Geolocation data to better understand the network path.

πŸ‘‰ traceroute-online.com

Garden shed

Tools I will probably never get around to testing or tools I have previously used and have sunset.

  • FreeBSD

FreeBSD is an operating system used to power modern servers, desktops, and embedded platforms. A large community has continually developed it for more than thirty years. Its advanced networking, security, and storage features have made FreeBSD the platform of choice for many of the busiest web sites and most pervasive embedded networking and storage devices.

  • ElastiFlow πŸ’°

ElastiFlow provides granular information about network traffic flows, including source and destination IP addresses, ports, protocols, and the amount of data transmitted. This information allows network administrators to gain deep insights into the network's performance and identify potential issues.

πŸ‘‰ www.elastiflow.com

  • NTopNG πŸ’°

ntopng is a network traffic probe that provides 360Β° Network visibility, with its ability to gather traffic information from traffic mirrors, NetFlow exporters, SNMP devices, Firewall logs, Intrusion Detection systems.

  • Control D πŸ’°

Control D is a modern and customizable DNS service that blocks threats, unwanted content and ads - on all devices. Onboard in minutes, and forget about it.

  • Pi-hole

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application which acts as a DNS sinkhole and optionally a DHCP server, intended for use on a private network.

  • AdGuard Home

Free and open source, powerful network-wide ads & trackers blocking DNS server.

  • SmokePing

SmokePing is a deluxe latency measurement tool. It can measure, store and display latency, latency distribution and packet loss.

  • NMIS πŸ’°πŸπŸπŸ

Monitor the status and performance of any organization's IT environment with NMIS. Relied on my thousands of IT teams gloablly, NMIS is a complete network management system which assists with fault, performance and configuration management.

πŸ‘‰ firstwave.com/products/network-management-information-system/

  • NethSecurity πŸ’°πŸπŸ

Designed specifically for Small and Medium-sized Businesses (SMBs). It’s a cost-effective and integrated solution. No useless frills, just what a SMBs need.

  • Furious IP/Port Scanner πŸ‘ŽπŸ

Furious is a fast, lightweight, portable network scanner. A SYN scan of a single host, including all known ports (~6000) will typically take in the region of 4 seconds. On the same machine, nmap took 98 seconds and produced exactly the same results.

Ronald Bartels ensures that Internet inhabiting things are connected reliably online at Fusion Broadband South Africa - the leading specialized SD-WAN provider in South Africa.