π¨ Cyber Tools π§
List of useful tools used by Ronald Bartels while supporting and working with Software Defined Wide Area Networking (SD-WAN) and Cybersecurity.
Routing
BGPalerter
BGP and RPKI monitoring tool. Pre-configured for real-time detection of visibility loss, RPKI invalid announcements, hijacks, ROA misconfiguration, and more.
hyperglass
hyperglass is the network looking glass that tries to make the internet better.
VPP
The VPP platform is an extensible framework that provides out-of-the-box production quality switch/router functionality. It is the open source version of Cisco's Vector Packet Processing (VPP) technology: a high performance, packet-processing stack that can run on commodity CPUs.
Bird
Aims to develop a fully functional dynamic IP routing daemon. Supports IPv4 and IPv6, multiple routing tables, BGP, RIP, OSPF, BFD, Babel, static routes, IPv6 RA, and inter-table protocol, and offers a CLI using the `birdcβ client and a powerful language for route filtering.
Free Range Routing
Internet routing protocol suite for Linux and Unix platforms. It implements BGP, OSPF, RIP, IS-IS, PIM, LDP, BFD, Babel, PBR, OpenFabric, and VRRP, with alpha support for EIGRP and NHRP. FRRβs seamless integration with native Linux/Unix IP networking stacks makes it a general purpose routing stack applicable to a wide variety of use cases including connecting hosts/VMs/containers to the network, advertising network services, LAN switching and routing, internet access routers, and internet peering.
PeeringDB
PeeringDB is a freely available, user-maintained, database of networks, and the go-to location for interconnection data.
BGPlay
BGPlay is an advanced RIPEstat widget that visualises BGP routing information.
INX Peering Traffic
INX-ZA operates the only completely neutral, and community-run Internet exchange points in South Africa, namely the Johannesburg Internet Exchange (JINX), Cape Town Internet Exchange (CINX), Durban Internet Exchange (DINX) and the Nelson Mandela Bay Internet Exchange (NMBINX). The JINX is Africa's oldest IXP; operating since 1996, with 100% uptime!
NAPAfrica Peering Traffic
MyBroadband SpeedTest π
Test your Internet connection bandwidth and latency to servers in Johannesburg, Cape Town and Durban on the MyBroadband Speed Test.
WARP π°
A service that connects you to the Cloudflare network. Useful to troubleshoot and an alternative to use looking glasses.
RIPE Looking Glass
Information coming from a Looking Glass where the data is based on a data feed from the RIPE NCC's network of BGP route collectors.
Net Actuate Looking Glass
Use this tool to perform ping/traceroutes via IPv4 or IPv6 from any of the Netactuate locations. If you are unable to ping due to a firewall, try a traceroute to get an idea of the route to your location.
Network Management
**Unimus ** π°
Unimus aim to make automation, disaster recovery, change management and configuration auditing painless and affordable for a network of any size
NeDi π
NeDi discovers your network devices and tracks connected end-nodes. It contains many additional features for managing enterprise networks including intelligent topology awareness, MAC address mapping/tracking, traffic, error, discard and broadcast graphing with threshold based alerting, uptime, BGP peer and interface status monitoring, correlate syslog messages and traps with discovery events, network maps for documentation and monitoring dashboards, detecting rouge access points and finding missing devices, and extensive reporting ranging from devices, modules, interfaces all the way to assets and nodes.
Monitoring
Uptime Kuma π
A fancy self-hosted monitoring tool
ntfy π
ntfy (pronounced notify) is a simple HTTP-based pub-sub notification service. It allows you to send notifications to your phone or desktop via scripts from any computer, and/or using a REST API.
Apprise
Apprise - Push Notifications that work with just about every platform!
Grafana
Easily collect, correlate, and visualize data with beautiful dashboards. Data visualization and monitoring solution that drives informed decisions, enhances system performance, and streamlines troubleshooting.
MikroCloud π°
Software-defined networking for MikroTik devices. Enhance the features and manageability of networks using a modern management cloud based platform.
Network Services
DNSMASQ
Dnsmasq provides network infrastructure for small networks: DNS, DHCP, router advertisement and network boot. It is designed to be lightweight and have a small footprint, suitable for resource constrained routers and firewalls.
Quad9
Quad9 is a free service that replaces your default ISP or enterprise Domain Name Server (DNS) configuration.
RethinkDNS
Block malware, spyware, ads, and trackers across all apps with Rethink DNS. Servers in 300+ locations: Experience Blazing fast speeds.
NextDNS π°
NextDNS protects you from all kinds of security threats, blocks ads and trackers on websites and in apps and provides a safe and supervised Internet
DNSProxy
A simple DNS proxy server that supports all existing DNS protocols including DNS-over-TLS, DNS-over-HTTPS, DNSCrypt, and DNS-over-QUIC. Moreover, it can work as a DNS-over-HTTPS, DNS-over-TLS or DNS-over-QUIC server.
DoH urls
DNS over HTTPS urls to use with the above DNS proxy
LibreQoS
Quality of Experience (QoE) platform that helps Internet Service Providers (ISPs) enhance their customersβ internet connections. It leverages state of the art Flow Queueing (FQ) and Active Queue Management (AQM) algorithms to manage latency and bufferbloat over existing infrastructure. It also monitors performance by measuring end-to-end TCP round trip time for each subscriber, Access Point, and Site on a network. LibreQoS ensures fair allocation of bandwidth, prioritizes critical real-time applications, and promotes connection quality, equity and access.
Pacemaker
Pacemaker is an open source, high availability resource manager suitable for both small and large clusters.
Pi.Alert
Scan the devices connected to your WIFI / LAN and alert you the connection of unknown devices. It also warns if a "always connected" device disconnects. In addition, it is possible to check web services for availability. For this purpose HTTP status codes and the response time of the service are evaluated.
Operating Systems
OpenWRT
Open Wireless RouTer. Linux operating system targeting embedded devices. Instead of trying to create a single, static firmware, OpenWRT provides a fully writable filesystem with package management. This frees you from the application selection and configuration provided by the vendor and allows you to customize the device through the use of packages to suit any application.
Best apps to install on openWRT
List of the best apps to install and use with openWRT.
Debian
Debian, also known as Debian GNU/Linux, is a Linux distribution composed of free and open-source software and optionally non-free firmware or software
openSUSE
openSUSE is a free and open-source Linux distribution developed by the openSUSE project.
Pi OS
Raspberry Pi OS with desktop and recommended software
Operating System Utilities
Balena Etcher
A cross-platform tool to flash OS images onto SD cards and USB drives safely and easily.
CyberSecurity Utilities
CANARY TOKENS
Canarytokens is a free tool that helps you discover you've been breached by having attackers announce themselves.
FastNetMon Community Edition
High-performance DDoS detector/sensor built on top of multiple packet capture engines: NetFlow, IPFIX, sFlow, AF_PACKET (port mirror). Detects hosts in the deployed network sending or receiving large volumes of traffic, packets/bytes/flows per second and perform a configurable action to handle that event. These configurable actions include notifying you, calling script or making BGP announcements.
Nmap
Tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. While Nmap is commonly used for security audits, many systems and network administrators find it useful for routine tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.
Stinger
Trellix Stinger utilizes next-generation scan technology, including rootkit scanning, and scan performance optimizations. It detects and removes threats identified under the "Threat List" option under Advanced menu options in the Stinger application. Stinger now detects and removes GameOver Zeus and CryptoLocker.
NetworkMiner
NetworkMiner is an open source network forensics tool that extracts artifacts, such as files, images, emails and passwords, from captured network traffic in PCAP files.
naabu
A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests
CyberSecurity Services
X-Force
IBM X-Force Exchange is a threat intelligence sharing platform enabling research on security threats, aggregation of intelligence, and collaboration
Shodan
The entire Shodan platform (crawling, IP lookups, searching, data streaming) is available to developers.
MX Toolbox
MX Toolbox is an online set of tools and services designed to assist with the management and troubleshooting of email-related issues.
Firewalls
Nftables
Replaces the popular {ip,ip6,arp,eb} tables. This software provides a new in-kernel packet classification framework thatβs based on a network-specific virtual machine and a new nft userspace command line tool. nftables reuses the existing Netfilter subsystems such as the existing hook infrastructure, the connection tracking system, NAT, userspace queueing, and logging subsystem.
OPNsense
Easy-to-use and easy-to-build FreeBSD based firewall and routing platform. OPNsense includes most of the features available in expensive commercial firewalls, and more in many cases. It brings the rich feature set of commercial offerings with the benefits of open and verifiable sources.
Clavister π°
Clavister delivers business continuity through holistic cybersecurity solutions, based on Swedish innovation with over 20 years of experience.
IPFire
IPFire is a hardened, versatile, state-of-the-art Open Source firewall based on Linux.
Connectivity
Wireguard
Extremely simple yet fast and modern VPN that uses state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN.
Command line
arp-scan πππ
arp-scan is a network scanning tool that uses the ARP protocol to discover and fingerprint IPv4 hosts on the local network.
Update mac vendors:
sudo get-oui -u
https://standards-oui.ieee.org/oui/oui.txt
asn πππππ
ASN / RPKI validity / BGP stats / IPv4v6 / Prefix / URL / ASPath / Organization / IP reputation / IP geolocation / IP fingerprinting / Network recon / lookup API server / Web traceroute server
mtr πππ
Combines the functionality of the βtracerouteβ and βpingβ programs in a single network diagnostic tool. As mtr starts, it investigates the network connection between the host mtr runs on and a user-specified destination host. After it determines the address of each network hop between the machines, it sends a sequence ICMP ECHO requests to each one to determine the quality of the link to each machine. As it does this, it prints running statistics about each machine.
trippy ππππ
Trippy combines the functionality of traceroute and ping and is designed to assist with the analysis of networking issues. mtr on steroids.
Sipcalc
Console-based IP subnet calculator with IPv4 and IPv6 support.
Boson Subnet Calculator
The best online subnet calculator.
Speedtest CLI
CLI-based up/down bandwidth test.
prettyping
prettyping
is a wrapper around the standard ping
tool, making the output prettier, more colorful, more compact, and easier to read.
btop
A monitor of resources
fastfetch
Like neofetch, but much faster because written mostly in C.
For Debian Buster use:
π https://github.com/fastfetch-cli/fastfetch/releases/download/2.16.0/fastfetch-linux-amd64.tar.gz
Packet capture
Wireshark
The worldβs most popular network protocol analyzer. It lets you see whatβs happening on your network at a microscopic level. Itβs the de facto (and often de jure) standard across many industries and educational institutions.
Netify π°
Netify is a Deep Packet Inspection (DPI) library - a software component or toolkit that provides the capability to analyze and inspect the content of network packets at a deep level, either in real time or from a packet capture (ex. tcpdump). DPI involves examining the payload of packets, beyond just the header information, to understand the nature and purpose of the data being transmitted.
pktstat
Simple ethernet interface traffic monitor and reporting tool
Infrastructure Management
rathole
A lightweight and high-performance reverse proxy for NAT traversal, written in Rust. An alternative to frp and ngrok.
Putty
PuTTY is an SSH and telnet client, developed originally by Simon Tatham for the Windows platform. PuTTY is open source software that is available with source code and is developed and supported by a group of volunteers.
Kitty
KiTTY is a fork from version 0.76 of PuTTY, the best telnet / SSH client in the world.
WinSCP
WinSCP is a free file manager for Windows supporting FTP, SFTP, S3 and WebDAV.
Virtualization
libvirt
libvirt is an open-source API, daemon and management tool for managing platform virtualization.
Proxmox π°
Proxmox Virtual Environment is a complete open-source platform for enterprise virtualization.
Browsers
Waterfox
Waterfox is the privacy-focused web browser engineered to give you speed, control, and peace of mind on the internet.
ublock Origin
The uBlock Origin is a free and open-source, cross-platform browser extension for content filteringβprimarily aimed at neutralizing privacy invasion
Collaboration
INX Jitsi
Local South African instance of a conference server. The perfect water cooler.
Cloud & Hosting
- Rackzar π°
Bespoke Hosting solutions in South Africa. Enjoy fast & reliable hosting with 24/7 support, flexible plans, and a range of add-ons.
π rackzar.com
Troubleshooting
Useful utilities worth their weight in gold when in comes to troubleshooting.
TCPView
TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. TCPView also reports the name of the process that owns the endpoint. TCPView provides a more informative and conveniently presented subset of the Netstat program that ships with Windows.
System Informer
A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware.
Toolboxes
Toolboxes are lists of tools aggregated by a 3rd party.
Open Source Networking Projects
An Open Source Networking Projects which is list put together by Ethan Banks
Hacking Articles- Cyber Security Mindmap
Repository will contain many mindmaps for cyber security technologies, methodologies, courses, and certifications in a tree structure to give brief details about them.
Garage shelf
Tools that have been recommended and will test on a rainy day.
OcNos from ipNFUSION
OcNOS provides complete solutions for access, aggregation, transport and data center use cases, with the same software.
dog
dog is an easy-to-use DNS lookup client, with support for DoT and DoH, nicely coloured outputs and the option to emit JSON
OliveTin
OliveTin gives safe and simple access to predefined shell commands from a web interface.
ping.pe
π ping.pe
traceroute-online.com
Utilize traceroute online to perform an advanced visual traceroute that maps and enriches output from mtr. With ASN and Geolocation data to better understand the network path.
Garden shed
Tools I will probably never get around to testing or tools I have previously used and have sunset.
FreeBSD
FreeBSD is an operating system used to power modern servers, desktops, and embedded platforms. A large community has continually developed it for more than thirty years. Its advanced networking, security, and storage features have made FreeBSD the platform of choice for many of the busiest web sites and most pervasive embedded networking and storage devices.
ElastiFlow π°
ElastiFlow provides granular information about network traffic flows, including source and destination IP addresses, ports, protocols, and the amount of data transmitted. This information allows network administrators to gain deep insights into the network's performance and identify potential issues.
π www.elastiflow.com
NTopNG π°
ntopng is a network traffic probe that provides 360Β° Network visibility, with its ability to gather traffic information from traffic mirrors, NetFlow exporters, SNMP devices, Firewall logs, Intrusion Detection systems.
Control D π°
Control D is a modern and customizable DNS service that blocks threats, unwanted content and ads - on all devices. Onboard in minutes, and forget about it.
Pi-hole
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application which acts as a DNS sinkhole and optionally a DHCP server, intended for use on a private network.
AdGuard Home
Free and open source, powerful network-wide ads & trackers blocking DNS server.
SmokePing
SmokePing is a deluxe latency measurement tool. It can measure, store and display latency, latency distribution and packet loss.
NMIS π°πππ
Monitor the status and performance of any organization's IT environment with NMIS. Relied on my thousands of IT teams gloablly, NMIS is a complete network management system which assists with fault, performance and configuration management.
π firstwave.com/products/network-management-information-system/
NethSecurity π°ππ
Designed specifically for Small and Medium-sized Businesses (SMBs). Itβs a cost-effective and integrated solution. No useless frills, just what a SMBs need.
Furious IP/Port Scanner ππ
Furious is a fast, lightweight, portable network scanner. A SYN scan of a single host, including all known ports (~6000) will typically take in the region of 4 seconds. On the same machine, nmap took 98 seconds and produced exactly the same results.
Ronald Bartels ensures that Internet inhabiting things are connected reliably online at Fusion Broadband South Africa - the leading specialized SD-WAN provider in South Africa.