5 Webapps to Add to Your Security Tool Arsenal

When you’re mobile, away from the office, or just caught off-guard without your tools and security setup, you need a way to analyze, assess, and interpret emerging threats on-the-fly.  That’s why these 5 free web applications are absolute must-haves for your Favorites Folder.

When you’re mobile, away from the office, or just caught off-guard without your tools and security setup, you need a way to analyze, assess, and interpret emerging threats on-the-fly.  That’s why these 5 free web applications are absolute must-haves for your Favorites Folder.

Site: http://urlquery.net/index.php

Purpose: Visits URLs so you don’t have to.

About: Scans whatever URL you give it, applies some snort to it, gives you a screenshot, and displays all HTTP transactions that page caused to run.  It allows you to visit a site that might be malicious without actually exposing your web browser to any funk, then tells you if it encounters any exploit kits/snort rules and tells you what those are. 

Site: http://robtex.com/

Purpose: Looking up Domain Name information, A must-have for malware analysis.

About: Lets you know if a given domain name is in a blacklist, tells you all the other records that map to the same IP.  Also has awesome graphs and meta-info about a target domain.

Site: http://onlinedisassembler.com/odaweb/

Purpose: Disassembling binaries

About: This is probably one of the coolest and most-technical.  Forget IDA pro at home? No problem.  Upload your binary and it’ll spit out formatted assembly for you to look at, including sectioned formatting and hex dumps.  It’ll also tell you if it’s known good or known bad (unknown how it’s determining that thought) Sweet.

Site: https://www.virustotal.com/

Purpose: Scans uploaded files or URLs for malware

About: You should already know about this one, but if you don’t, this is a great tool for using when you don’t quite trust a file.  While it doesn’t run the file (which is important since many engines have run-time behavior checking) it will cross-reference the definitions of more than 40 antivirus vendors.  There’s also a voting system and comments section that’ll give you more info if the results are mixed.  Results show up in Google too.

Site: https://malwr.com/

Purpose: Runs your malware, for you

About: Upload malware, and malwr.com will run it inside of the Cuckoo Sandbox, an open-source malware analysis program built for the express purpose of compartmentalizing and analyzing malware samples.  It’ll break everything down from registry changes, network traffic, ASCII strings dump, static and live analysis, the whole enchilada!  Seriously powerful stuff if you know what you’re looking at/for.  This free tool does as much as the $50,000 Fireeye Malware Analysis Tool.