forensics-all for Debian ------------------------ LIST OF PACKAGES INSTALLED BY forensics-all DEBIAN PACKAGE COMMON PACKAGES (available for all machines) acct - GNU Accounting utilities for process and login accounting aesfix - tool for correcting bit errors in an AES key schedule aeskeyfind - tool for locating AES keys in a captured memory image afflib-tools - Advanced Forensics Format Library (utilities) aircrack-ng - wireless WEP/WPA cracking utilities arp-scan - arp scanning and fingerprinting tool binwalk - tool library for analyzing binary blobs and executable code braa - Mass SNMP scanner bruteforce-salted-openssl - try to find the passphrase for files encrypted with OpenSSL brutespray - Python bruteforce tool btscanner - ncurses-based scanner for Bluetooth devices capstone-tool - lightweight multi-architecture disassembly framework - command line tool ccrypt - secure encryption and decryption of files and streams cewl - custom word list generator chaosreader - trace network sessions and export it to html format chkrootkit - rootkit detector cowpatty - Brute-force WPA dictionary attack dc3dd - patched version of GNU dd with forensic features dirb - URL bruteforcing tool dislocker - read/write encrypted BitLocker volumes dnsrecon - Powerful DNS enumeration script doona - Network fuzzer forked from bed dsniff - Various tools to sniff network traffic for cleartext insecurities ed2k-hash - tool for generating ed2k-links exifprobe - read metadata from digital pictures ext4magic - recover deleted files from ext3 or ext4 partitions extundelete - utility to recover deleted files from ext3/ext4 partition fcrackzip - password cracker for zip archives forensic-artifacts - knowledge base of forensic artifacts (data files) forensics-colorize - show differences between files using color graphics galleta - Internet Explorer cookie forensic analysis tool goldeneye - HTTP DoS test tool grokevt - scripts for reading Microsoft Windows event log files hashdeep - recursively compute hashsums or piecewise hashings hashid - Identify the different types of hashes used to encrypt data hashrat - hashing tool supporting several hashes and recursivity hydra - very fast network logon cracker mac-robber - collects data about allocated files in mounted filesystems magicrescue - recover files by looking for magic bytes maskprocessor - high-performance word generator with a per-position configurable charset masscan - TCP port scanner mdk3 - Wireless attack tool for IEEE 802.11 networks mdk4 - Wireless attack tool for IEEE 802.11 networks medusa - fast, parallel, modular, login brute-forcer for network services memdump - utility to dump memory contents to standard output metacam - extract EXIF information from digital camera files mfcuk - MiFare Classic Universal toolKit mfoc - MIFARE Classic offline cracker missidentify - find win32 applications myrescue - rescue data from damaged disks nbtscan - scan networks searching for NetBIOS information ncat - NMAP netcat reimplementation ncrack - High-speed network authentication cracking tool ndiff - The Network Mapper - result compare utility neopi - web shell code detection nmap - The Network Mapper o-saft - SSL advanced forensic tool ophcrack-cli - Microsoft Windows password cracker using rainbow tables (cmdline) outguess - universal steganographic tool pasco - Internet Explorer cache forensic analysis tool patator - Multi-purpose brute-forcer pipebench - measure the speed of stdin/stdout communication pixiewps - Offline WPS bruteforce tool pnscan - Multi threaded port scanner polenum - Extracts the password policy from a Windows system pompem - Exploit and Vulnerability Finder recoverdm - recover files on disks with damaged sectors recoverjpeg - recover JFIF (JPEG) pictures and MOV movies reglookup - utility to analysis for Windows NT-based registry rephrase - Specialized passphrase recovery tool for GnuPG rfdump - tool to decode RFID tag data rhash - utility for computing hash sums and magnet links rifiuti - MS Windows recycle bin analysis tool rifiuti2 - replacement for rifiuti, a MS Windows recycle bin analysis tool rkhunter - rootkit, backdoor, sniffer and exploit scanner rsakeyfind - locates BER-encoded RSA private keys in memory images safecopy - data recovery tool for problematic or damaged media samdump2 - Dump Windows 2k/NT/XP password hashes scalpel - fast filesystem-independent file recovery scrounge-ntfs - Data recovery program for NTFS filesystems shed - simple hex editor with a pico-style interface sleuthkit - tools for forensics analysis on volume and filesystem data ssdeep - recursive piecewise hashing tool ssldump - SSLv3/TLS network protocol analyzer statsprocessor - word generator based on per-position Markov chains steghide - steganography hiding tool sucrack - multithreaded su bruteforcer tableau-parm - tableau write-blocking bridge query/command utility tcpick - TCP stream sniffer and connection tracker testssl.sh - Command line tool to check TLS/SSL ciphers, protocols and cryptographic flaws undbx - tool to extract, recover and undelete e-mail messages from .dbx files unhide - Forensic tool to find hidden processes and ports unhide.rb - Forensics tool to find processes hidden by rootkits vinetto - forensics tool to examine Thumbs.db files volatility - advanced memory forensics framework volatility-tools - generate profiles to Volatility Framework wapiti - web application vulnerability scanner wfuzz - Web application bruteforcer winregfs - Windows registry FUSE filesystem wipe - secure file deletion xmount - tool to crossmount between multiple input and output harddisk images yara - Pattern matching swiss knife for malware researchers RECOMMENDED PACKAGES (available for some architectures only) ext3grep - tool to help recover deleted files on ext3 filesystems gpart - Guess PC disk partition table, find lost partitions guymager - Forensic imaging tool based on Qt hashcat - World's fastest and most advanced password recovery utility ike-scan - discover and fingerprint IKE hosts (IPsec VPN Servers) radare2 - free and advanced command line hexadecimal editor wifite - Python script to automate wireless auditing using aircrack-ng tools -- Joao Eriberto Mota Filho Fri, 14 Dec 2018 16:10:19 -0200