20 websites every cyber security analyst needs to know about
After working in Cyber Security for 3 years, I thought I would share some of my favourite websites and tools that I use on a day to day basis, lets get into it.
GENERAL INFORMATION GATHERING
First off, Robtex. It doesn’t look great at first glance however Robtex is a very powerful tool, which lets you research IPs, Domain names etc. It has been running for over 10 years and has a vast database of useful information.
Censys is a search engine that contains information about devices on the internet and how they are set up and deployed. You can search for things like websites, IPs and certificates to gather information on them.
Shodan is another search engine but this time it lets you find internet connected devices using a variety of filters. For example, you can search for any device with port 20 open, or any device with a specific vulnerability. This can be really powerful for monitoring your own network and identifying vulnerabilities which need sorted.
Malwares.com is a website which lets you search for specific Hashes, URLs, IPs and Hostnames, however that is not its main feature. It uses tags – which means you can search something like “cve_2018_4878” and it will bring up all data in its database which have been submitted with that tag. It also has a built in AI which scores malware submissions from 1 (Safe) to 100 (Malicious)
This site lets you check if any accounts relating to an email address have been compromised. The site has a vast database of breaches which can be easily searched. You can also set up notifications to be sent to your email address if you are part of a breach. You can also be notified if there are any breaches on a particular domain.
MALWARE AND FILE ANALYSIS
Hybrid Analysis is free malware analysis service that uses an online sandbox. You can submit files or URLs to be checked. Once it has finished running, it gives you detailed report of what it has found. Please be aware that submissions made in the free version are public – this also applies to the next two sites I am going to mention.
Virus Total is a little different from Hybrid Analysis. Instead of running the scans itself, it instead checks any file or URL you enter against a large number of security companies databases to check if any of them have classed the file or URL to be malicious. If they do, you can then click on the site’s which are saying this to find out more.
APP.ANY.RUN is probably my favourite site on this list. It is a free online malware sandbox like Hybrid Analysis but it is also interactive. This means you can click around during analysis, which is required to detect some files and ATPs. Another bonus is you get to watch the analysis live and see how the malware works.
MXToolbox is very powerful and it lives up to its name. It truly is a toolbox full of useful networking tools. It lets you do a variety of lookups on DNS records, certificates, ASN among many others. Check it out to see exactly what I mean, I know you will find it useful.
DNS Checker offer a variety of things, but they are in this list for their MAC Address lookup function. It is the fastest and most reliable one I have managed to find, and thought it was worth a mention on this list.
Central Ops provide a list of free networking tools. These include Domain and Email “Dossiers” which provide all in one reports with valuable information. It also has browser mirror which shows exactly what information your browser is sharing about you.
URLScan.io is a site which will tell you in depth information about any site or URL, along with the resources which are requested when accessing site or URL. Once complete it shows all this along with screenshots of what the URL displays when accessed, along with a detailed breakdown of the site.
BuiltWith does exactly as its name suggests – it tells you exactly what a website is built with. It will tell you exactly what tracking, CDN, CMS, advertising and document standards the site is using.
14. SUCURI SITECHECK
Sucuri SiteCheck is a free website security checker and malware scanner, and its fantastic. It will tell you if the site has any malware or appears on any blacklists. It then gives you a detailed breakdown of any security issues it finds, and explains how to fix them
Its easy to forget our CIDR notation / subnet masking once in a while. This is where this calculator comes in, enter your IP / range, and it will break down the full networking information, including usable IP addresses within the subnet.
Regex 101 is a online regex tester and debugger. It makes creating and / or debugging regex simple with its clean layout and explanations of your regex as you type it. It also highlights your regex matches against the example information you provided as you go.
Uncoder.IO is an online translator for SIEM saved searches, filters and queries. Got a Sigma rule you want to translate into QRadar AQL? Simple. Just copy in the Sigma logic, hit translate and you are done. The translator is designed to work with all popular SIEM solutions.
CyberChef was created by GCHQ and was self proclaimed as a “Cyber Swiss Army Knife” It lives up to this. It can be used for tasks such as encryption, encoding, compression and data analysis.
Analysing Email headers manually can be time consuming – this tool takes the work out of it. Simply enter the header and click submit, and it will break down all the important information for you. The site also contains a link which explains how to extract email headers, if you are unsure how to do this.
UnPHP is a online PHP Decoder which helps analysts analyse obfuscated and malicious PHP code. Malicious actors commonly hide code by obfuscating it and without the correct skill set it can be hard to analyse, luckily – this tool does the job for you.
There we go, 20 of my favourite websites / tools I believe every security analyst needs to know about. I hope you found at least one of them useful – if you have any questions about using any of the tools mentioned please contact me and I will be happy to help.