One of the benefits of the cyber security is its openness to sharing. There is a good sense of community in the industry with people freely creating and sharing tools.
In this blog post, we would like to cover some of the tools that we rely on frequently at SOCRadar.
Internet Wide Scanners
There are a few internet-wide scanners that allows users to choose from free or paid options. Security vendors and regular users alike frequent Shodan.io for external attack surface management use cases. You can do filtered searching including by country, port, or technology. It is a good place to spot external facing IoTs. A good use case here is of course vulnerability management as Shodan would provide any existing vulnerabilities if version of the technology running behind is detected.
Binary Edge is a similar resource that provides in depth analysis for the IP addresses with detailed banners.
We should also mention Zoomeye and Censys as other possible tools in this area.
Intelligence Sharing Tools
Many SOC analyst rely on crowdsourced intelligence tools such as Alien Vault OTX. When you are looking at an IOC, first thing you look for is if this has been reported by someone else. There are a number of good places to plug in your IOC and see who else also reported it such as VirusTotal, Abuse.ch, and IOC Bucket.
In a similar fashion for IP reputation check, you can use Cisco’s Talos Intelligence or Firehol IP Lists among many others.
Sometimes you may have to check various DNS records such as SPF/DMARC values for a domain and this can be achieved by MX Toolbox , which can also assist you in looking up blacklists for your email servers.
If you may have to verify if an email address is valid, which is usually required to see if a malicious email is active or not, Central Ops email verifier is the best free tool in the industry.
When it comes to emails, another resource you need is finding emails in a given domain. Kali Linux has some built in tools for this such as The Harvester. You can also use hunter.io to look up what emails have been found on the internet so far.
Similar to email verification or search tools, there are many yellow pages type resources to find emails, address, and phone numbers for a given person. White Pages or Been Verified can be used for this purpose.
Historical Investigation Tools
Sometimes you may need to have access to historical records to further your investigation.
One great tool for this purpose is archive.org, which visits websites at different times and takes a snapshot. It is like a time machine to see how a website looked in the past. Here you can find removed information from a website.
When you need historical DNS information Dnslytics or Domain Tools are two resources you can check where a website was hosted before as well as WHOIS information. Similarly for reverse WHOIS look up, including historical records, you can use WHOXY and ViewDNS.info.
Discover SOCRadar® Community Edition for free
With SOCRadar® Community Edition, you’ll be able to:
- Discover your unknown hacker-exposed assets
- Check if your IP addresses tagged as malicious
- Monitor your domain name on hacked websites and phishing databases
- Get notified when a critical zero-day vulnerability is disclosed
Free for 12 months for 1 corporate domain and 100 auto-discovered digital assets. Try for free