CJ's Security Toolbox! (Updated 6/14/12)

Connection/Host Investigation
Ipillion [Geolocator]
IP addresses by country for Geoblocking
URLVoid URL Scanner
Norton Safeweb URL Scanner
My Web of Trust
URLVoid HTTP Headers
URLVoid DNS Lookup
URLVoid URL Unshortener
URLVoid Parasite Scanner
DNS Tools [WHOIS, Traceroute, IP Information]
Network Tools [Ping, Lookup, Trace, Whois, DNS Records, Spam Blacklist Check, URL Decode/Encode, Headers, Email Verification]
Domain Tools [Reverse WHOIS/IP, Domain History, Domain Typos, Name transfers, etc etc]
Robtex [More of the same as the two above]
ThreatStop CheckIP
InterNIC WHOIS
UWhois
All-NetTools
All Whois
Better WHOIS
MX Record Lookup
What is this site running?
ServerSniff
WIMP Blacklist Check
Cisco SenderBase Reputation Check
McAfee SiteAdvisor Reputation Check
Norton SafeWeb Reputation Check
My Web of Trust Reputation Check
Master Snooper [What is this site doing?]
Malware Domain list
MAC Address Lookup
Another MAC Address Lookup

Conversion Tools
CIDR to IP Converter
IP to CIDR converter
Decimal - Hex - Octal - Binary conversion chart
ASCII Character Table and Alternate Version
Everything to ASCII converter
FLV to MP3
PDF to DOC
ASCII <-> HEX
ASCII <-> HTML
String Reverser
ASCII <-> Binary
ROT13
Epoch/Unix Timestamps

Virus Sandboxes
VirusTotal
Jotti
Joebox
Kaspersky File Scanner
Anubis
Virus.org
Virscan
Threat Expert
GFI Labs
Filterbit Metascan
JSUnpack [Unpacks Javascript to see what it does]
NoVirusThanks
Wepawet (Handles Flash, Javascript, and PDF specifically)
CloudShark
Norman
UploadMalware
ViCheck
WobZip [Uncompresses files]
Meta-Scan
URL Query

Incident Handling
SANS Working with Law Enforcement FAQ
SANS IH Forms
SANS Windows Cheat Sheet
SANS Intrusion Detection Cheat Sheet
SANS Linux Cheat Sheet
SANS Intrusion Detection Cheat Sheet
RTIR Incident Tracking

Forensics
Garner Forensic Acquisition Utilities
Windows XP SP2 Write Block
OllyDBG

Open Source Intelligence Gathering
PTES-G Standards
Onstrat's OSINT page

Phishing and Scam Fighting
Phish Tank
Spamhaus ROKSO
Miller Smiles
SNOPES!

Anonymization and Self-checks
Anonymouse
FreeProxies
TOR (The Onion Router) gives anonymity if you need to conceal your location for investigative/analysis purposes. You can run a lot of protocols through TOR
TORify other programs
All-Nettools [Proxy Checker]
SSL Test/User Agent from SpiderLabs
Java Version Test
User Agent Switcher Test

IR Live CDs, Etc.
Helix (Gone Commercial, Goodbye Old Friend) (Version 1.9 Torrent Available Here c/o Securitydistro.com
BackTrack
RIP Linux ("Recovery is Possible")
Bastille Linux (A set of scripts for various Linux distributions to harden the OS quickly)
OWASP Labrat

Firewall/IDS/Proxy Engineering
SANS SCORE Checklists
NIST Checklists
Spamhaus e-mail blacklists (SBL, XBL, PBL, DBL, ZEN)
URLBlacklist
Dansguardian Phraselists (Weighted)
Bleeding Snort
Snort! Rulesets
SANS ISC Top 10
Emerging Threats

Education
Damn Vulnerable Linux
ShadowServer
Zero Day Tracker
Malware Threat Center
OWASP Webgoat
     Webgoat Training Videos
Malc0de
OWASP Labrat (Live CD, VM versions, etc)
Hacme Casino
Web Security Dojo (Includes much of the above)
Gruyere
OWASP (Web Apps Security)
CrackMe tests
Offensive Security (Certifications and Training, Makers of Backtrack)
TildeDennis
SecureWorks Research: Whitepapers (The "Additional Articles" list at bottom has more useful items at present)
SecureWorks Research: Threat Analyses
SecureWorks Research: Tools
Hacker Convention Recordings
Chaos Computer Club Recordings
Symantec Whitepapers
SecurityTube

Connection Investigation
IP info, reputation, whois, geolocate, etc.
Conversion Tools
Not in the religious sense
Virus Sandboxes
You put a virus in to play!
Anonymizers
Whooooo are-re youu, who who? who who?
Incident Handling
Tools, guides
OSINT
Phishing and Scam Fighting
Are you a badfish too?
Forensics
"Of, or belonging to, the Forum"
Device Management
Device hardening, configuration, management
Education
Practice makes perfect
References

 

 

References!

References
See the Bogons chart, ICMP codes, and subnetting guide at the bottom of this page!
Megasecurity
F-Secure Encyclopedia
Is it down for everyone, or just me?
TCPDump Cheatsheet and WireShark Cheatsheet
Other Networking Cheatsheets
Johnny "I Hack Stuff" Long's Google Hacking Database
Other premade Google Hacks
Internet Health Check
Handy Bogons Chart

Bogon/Martian Ranges Corresponding IPTables rules  
0.0.0.0/8
5.0.0.0/8
10.0.0.0/8
23.0.0.0/8
36.0.0.0/7
39.0.0.0/8
42.0.0.0/8
100.0.0.0/8
102.0.0.0/7
104.0.0.0/7
106.0.0.0/8
127.0.0.0/8
169.254.0.0/16
172.16.0.0/12
179.0.0.0/8
185.0.0.0/8
192.0.0.0/24
192.0.2.0/24
192.168.0.0/16
198.18.0.0/15
198.51.100.0/24
203.0.113.0/24
224.0.0.0/3
iptables -A INPUT -s 0.0.0.0/8 -j DROP
iptables -A INPUT -s 5.0.0.0/8 -j DROP
iptables -A INPUT -s 10.0.0.0/8 -j DROP
iptables -A INPUT -s 23.0.0.0/8 -j DROP
iptables -A INPUT -s 36.0.0.0/7 -j DROP
iptables -A INPUT -s 39.0.0.0/8 -j DROP
iptables -A INPUT -s 42.0.0.0/8 -j DROP
iptables -A INPUT -s 100.0.0.0/8 -j DROP
iptables -A INPUT -s 102.0.0.0/7 -j DROP
iptables -A INPUT -s 104.0.0.0/7 -j DROP
iptables -A INPUT -s 106.0.0.0/8 -j DROP
iptables -A INPUT -s 127.0.0.0/8 -j DROP
iptables -A INPUT -s 169.254.0.0/16 -j DROP
iptables -A INPUT -s 172.16.0.0/12 -j DROP
iptables -A INPUT -s 179.0.0.0/8 -j DROP
iptables -A INPUT -s 185.0.0.0/8 -j DROP
iptables -A INPUT -s 192.0.0.0/24 -j DROP
iptables -A INPUT -s 192.0.2.0/24 -j DROP
iptables -A INPUT -s 192.168.0.0/16 -j DROP
iptables -A INPUT -s 198.18.0.0/15 -j DROP
iptables -A INPUT -s 198.51.100.0/24 -j DROP
iptables -A INPUT -s 203.0.113.0/24 -j DROP
iptables -A INPUT -s 224.0.0.0/3 -j DROP
 

Subnet Cheatsheet

Netmask Netmask (Binary) CIDR Notes
255.255.255.255
255.255.255.254
255.255.255.252
255.255.255.248
255.255.255.240
255.255.255.224
255.255.255.192
255.255.255.128
255.255.255.0

255.255.254.0
255.255.252.0
255.255.248.0
255.255.240.0
255.255.224.0
255.255.192.0
255.255.128.0
255.255.0.0

255.254.0.0
255.252.0.0
255.248.0.0
255.240.0.0
255.224.0.0
255.192.0.0
255.128.0.0
255.0.0.0

254.0.0.0
252.0.0.0
248.0.0.0
240.0.0.0
224.0.0.0
192.0.0.0
128.0.0.0
0.0.0.0

11111111.11111111.11111111.11111111
11111111.11111111.11111111.11111110
11111111.11111111.11111111.11111100
11111111.11111111.11111111.11111000
11111111.11111111.11111111.11110000
11111111.11111111.11111111.11100000
11111111.11111111.11111111.11000000
11111111.11111111.11111111.10000000
11111111.11111111.11111111.00000000

11111111.11111111.11111110.00000000
11111111.11111111.11111100.00000000
11111111.11111111.11111000.00000000
11111111.11111111.11110000.00000000
11111111.11111111.11100000.00000000
11111111.11111111.11000000.00000000
11111111.11111111.10000000.00000000
11111111.11111111.00000000.00000000

11111111.11111110.00000000.00000000
11111111.11111100.00000000.00000000
11111111.11111000.00000000.00000000
11111111.11110000.00000000.00000000
11111111.11100000.00000000.00000000
11111111.11000000.00000000.00000000
11111111.10000000.00000000.00000000
11111111.00000000.00000000.00000000

11111110.00000000.00000000.00000000
11111100.00000000.00000000.00000000
11111000.00000000.00000000.00000000
11110000.00000000.00000000.00000000
11100000.00000000.00000000.00000000
11000000.00000000.00000000.00000000
10000000.00000000.00000000.00000000
00000000.00000000.00000000.00000000

/32
/31
/30
/29
/28
/27
/26
/25
/24

/23
/22
/21
/20
/19
/18
/17
/16

/15
/14
/13
/12
/11
/10
/9
/8

/7
/6
/5
/4
/3
/2
/1
/0

Host (single address)
Unuseable
2 useable
6 useable
14 useable
30 useable
62 useable
126 useable
"Class C" 254 useable

2 Class C's
4 Class C's
8 Class C's
16 Class C's
32 Class C's
64 Class C's
128 Class C's
"Class B"

2 Class B's
4 Class B's
8 Class B's
16 Class B's
32 Class B's
64 Class B's
128 Class B's
"Class A"








IP space

ICMP(Types/Codes)
Testing Destination Reachability & Status
(0/0) Echo-Reply
(8/0) Echo
Unreachable Destinations
(3/0) Network Unreachable
(3/1) Host Unreachable
(3/2) Protocol Unreachable
(3/3) Port Unreachable
(3/4) Fragmentaion Needed and DF set (Pkt too big)
(3/5) Source Route Failed
(3/6) Network Unknown
(3/7) Host Unknown
(3/9) DOD Net Prohibited
(3/10) DOD Host Prohibited
(3/11) Net TOS Unreachable
(3/12) Host TOS Unreachable
(3/13) Administratively Prohibited
(3/14) Host Precedence Unreachable
(3/15) Precedence Unreachable
Flow Control
(4/0) Source-Quench [RFC 1016]
Route Change Requests from Gateways
(5/0) Redirect Datagrams for the Net
(5/1) Redirect Datagrams for the Host
(5/2) Redirect Datagrams for the TOS and Net
(5/3) Redirect Datagrams for the TOS and Host
Router
(6/-) Alternate-Address
(9/0) Router-Advertisement
(10/0) Router-Solicitation
Detecting Circular or Excessively Long Routes
(11/0) Time to Live Count Exceeded
(11/1) Fragment Reassembly Time Exceeded
Reporting Incorrect Datagram Headers
(12/0) Parameter-Problem
(12/1) Option Missing
(12/2) No Room for Option
Clock Synchronization and Transit Time Estimation
(13/0) Timestamp-Request
(14/0) Timestamp-Reply
Obtaining a Network Address (RARP Alternative)
(15/0) Information-Request
(16/0) Information-Reply
Obtaining a Subnet Mask [RFC 950]
(17/0) Address Mask-Request
(18/0) Address Mask-Reply
Other
(30/0) Traceroute
(31/0) Conversion-Error
(32/0) Mobile-Redirect

Martian Packet Space
0/8 ! broadcast
10/8 ! RFC 1918 private
127/8 ! loopback
169.254.0/16 ! link local/APIPA
172.16.0.0/12 ! RFC 1918 private
192.0.2.0/24 ! TEST-NET
192.168.0/16 ! RFC 1918 private
224.0.0.0/4 ! class D multicast
240.0.0.0/5 ! class E reserved
248.0.0.0/5 ! reserved
255.255.255.255/32 ! broadcast



Untitled Document Join EFF!