DONT PANIC First Aid Kit

Incase of a real SNAFU

• nooooooooooooooo.com
• BOFH-Excuse
• The Random "Information Security" Job Title Generator

Security / Incident Cheat Sheets and References

• Security Incident Questionaire
• DDOS Incident Cheat Sheet
• DDOS Abwehr Tookit, german Version, by zeroBS
• Security Incident Survey Cheat Sheet
• Linux Intrusion Detection Discovery Cheat Sheet
• Checking UNIX/Linux - Systems for Signs of Compromise
• Critical Log Review Checklist for Security Incidents
• Windows Intrusion Detection Checklist
• Windows Intrusion Detection Discovery Cheat Sheet
• Checking Windows - Systems for Signs of Compromise
• Security Incidents Response & Tools - Collection

IP-and Network - Forensic

• Shodan IP-Search
• Binaryedge IP-Search
• Zoomeye IP-Search
• IP-Status @ NewSkySecurity, e.g. Part of Botnet etc
• Check ASN/Network for an IP / BGP-Toolkit
• DDoSMon - Check DDOS-Attacks against IPs or Domains

Security Online Resources

• Toolbox @ mxtoolbox.com

  possible actions (add servername or ip): blacklist: / smtp: / mx: / a: / txt: / whois: / scan:

• servercheck @ sucuri.net

  input dns-name, NOT ip

• SSL - Check @ ssllabs.com

  ssllab.com checks for valid and safe ssl-certs
  and misconfiguration / outdated ciphers

• Heise-Toolbox (Ping, Whois, Punycode, Scans)

• Internet Storm Center @ SANS.org
• US-CERT Current Events
• Digital Attack Map: worldwide DDoS in (nearly) realtime and historic data
• HPI-VDB - searchable Vuln-Database
• List of European CERTs

• Security Information Center @ 8ack.de
• autoshun.org -> live threats and stats from snort-sensors
• Down for everyone or just for me?
• DNSSEC - Debugger @ Verisign
• Check DNS Propagation / Zone Filetrasnfers via AXFR (reason)
• Google Safebrowsing Transparencyreport about Malware-infected Sites
• Mail-Header Analysis
• MakePW.com - Secure Password-Generator
• HTTP-Sitereport @ serversniff.de
• CrimeFlare - Look who's behind Cloudflare - Protection
• CRT.sh - SSL Cert Identity Search
• hashdd.com - an alternative for virustotal

Networking-Tools

• BGP-Toolkit - AS+Domain-Information from HE
• Who.Is - Extended WHOIS+DNS-Information
• Reverse IP Lookup @ ip-address.org
• Reverse IP Domain Check @ yougetsignal.com
• PeeringDB
• robtex.com - DNS/Serverinfo, RBL-Check

DNS-Tools

• ViewDNS - find all Domains sharing the same NS-Server
• DNSBL Lookup
• DNSRBL Lookup @ valli.org
• DNSHistory.org
• whoisrequest.com/history
• who.is/dns/
• viewdns.info/iphistory
• DNSDumpster
• List of registered Domains on a Nameserver

• Mnemonic Passive DNS

• see more below

Online Website - Check (Malware/Status)

SSL-Server-Checks

• SNI-Client-Test @ velox.ch
• SSLLabs Server-Test
• HTBridge SSL Server Test
• Thawte SSL-Check
• DigiCert - Check
• SSL-Check @ sslshopper.com
• CRT.sh - SSL Cert Identity Search
• Mozilla Observatory - Website-Header-Check and more

SSL-Client-Tests

• SSLLabs Client-Test
• How's My SSL?

the following checks doesnt seem to support SNI?

• Symantec SSL-Cert-Check
• SSL-Trust

Malware-Checks

• URLScan
• urlvoid.com
• sitecheck.sucuri.net
• unmaskparasites.com
• WebOfTrust mywot.com
• Google-Safebrowsing
• URL-Scan @ VirusTotal
• MARE Sitescan
• WatchScript.pl
• Check if Your Wordpress is used as DDoS-Bot @ sucuri
• Check Website for XMLRPC-Vulnerability

misc Website-Tests/Browser-Tests

• GZIP/Deflate - Test @ gidnetwork.com
• SSL - Check @ ssllabs.com
• SPDY-server-check @ spdycheck.org
• HTTP/2 - Checktool(Server & Client)
• Heise-Toolbox (Ping, Whois, Punycode, Scans)
• SecurityHeaders.com
• WebServer Security-Headers (htbridge)
• PhishTank.com - Get a Screenshot from an URL
• Browser-Headers
• Website-Speed-Test @ pingdom
• Wappalyzer - Identify used Technologies and Stacks on Websites
• Unfurl - extract and visualize parts of an url github

  top  

SysAdmin - References

• CheatSheet-Collection local copy

Human Translation

• Human Communications Cheat-Sheet
• TechSupport Cheat Sheet by xkcd
• Protocol Status / Error-Codes

Unix

• UNIX Rosetta Stone bhami.com/rosetta.html
• Treebeard's Unix Cheat Sheet
• Unix Reference Card
• Guide to Unix - Book :: compiled from wikibooks.org
• BSDA-Command_Reference from bsdcertification.org
• BigAdmin Solaris - Shell - Commands @ sun.com

Linux

• Linux Admin Quick Reference
• Linux Security Quick Reference
• Excellent IPTables-Tutorial

• NFTables - Intro

• Debian Reference PocketCard

• Debian Reference (Full, txt)
• Debian Reference (Full, html)

• Linux Command Line Tools Summary

• Zypper CheatSheet

• SysVInit to Systemd Cheatsheet

Windows & co

• Windows Shell Commands
• Windows PowerShell 3.0 and Server Manager Quick Reference Guides
• Windows PowerShell Quick Reference
• Windows Offline Password & Registry Editor
• Command Line References @ SS64.com
• OSX-Reference
• WindowsXP
• Windows PowerShell
• SQL-Server
• Oracle

Shells and other animals

• ExplainShell.com - explains longer shell-commands based on manpages
• ShellSheck.com - Test Shellscripts online
• Bash Reference Manual from gnu.org
• bash Quick Reference
• Bash Programming Pocket Reference (pdf)
  Bash Programming Pocket Reference (txt)
  Bash Programming Pocket Reference (html)
• bash
• Sed-Tutorial
• SedChart from Bruce Barnett's Sed-Turotial http://www.grymoire.com/Unix/Sed.html
• TRIPWIRE Reference Card
• SCREEN Cheat Sheet
• VI Quick Reference
• EMACS Quick Reference
• The Jargon File
  txt-version
• BOFH -Excuse-Server
  telnet bofh.jeffballard.us 666
  telnet towel.blinkenlights.nl
• Security Problem Excuse Bingo
• StarWars - Weather
• FOAAS
• 10MinuteMail
• Nmap CheatSheet
• KVM CheatSheet (uncomplete)
• RedHat KVM Cheat sheet
• Linux Virtualisation Cheat Sheet

Developer-Stuff & misc. Checktools

• GIT Quick Reference (also nice artwork)
  (large version)
• SVN Quick Reference
• Mercurial Usage Reference
  more versions, 300dpi
• GNU Manuals Online
• Developer-Cheatsheets @ devcheatsheet.com
• Search.Lores.EU
• PunyCode-Converter
• PunyCode-Converter @ VeriSign
• XML-Validator @ w3schools
• URL Encode/Decode
• Base64/PHP-Decoder
• UTF8-Decoder
• REDBot - HTTP-Resources-Check and analysis

Incase of a real SNAFU

• nooooooooooooooo.com
• BOFH-Excuse
• The Random "Information Security" Job Title Generator

  top  

Realtime-Attacks / Outages

• Digital Attack Map: worldwide DDoS in (nearly) realtime and historic data

• Realtime-Attack-Map by Norse

• Akamai Global Statistics

• Team Cymru Internet Critical Infrastructure Monitoring

• Internet Traffic Report

• autoshun.org -> live threats and stats from snort-sensors
• Internet Storm Center Infocon-Status
• heise.de iMonitor - Internet-Störungsmeldungen (de)

• heise.de iMonitor-RSS-Feed (de)

• Internet World Stats

• curent Anti-Virus Alerts and Stats
• Realtime (nearly) Spam-Statistics

Rescue-CDs

• SystemRescueCd
• GRML
• Knoppix
• DamnSmallLinux
• DrWeb Live&RescueCD
• F-Secure Rescue-CD 3.11
• Avira AntiVir Rescue System

• Bitdefender RescueCD

• Kaspersky RescueCD

• FREE Bootable AntiVirus Rescue CDs Download List (blog)

• 13 Antivirus Rescue CDs Software Compared in Search For the Best Rescue Disk (blog)

  top  

Whois/Traceroute-Info

• mxtoolbox.com - Nameserver - Lookup

  
  
  possible actions (add servername or ip):
  blacklist: / smtp: / mx: / a: / txt: / whois: / scan:

• whois.domaintools.com - Nameserver - Lookup

• robtex.com - DNS/Serverinfo

• dshield.org whois_info @ / enter IP (only)
  

• Traceroute.org

• Global Traceroute, utilizing the Atlas NCC-Probes
• Locaping

Networkcalculations & Cheatsheets

• Subnet-Calculator
• ISC TCP/IP + tcpdump - Cheatsheet
• Full Cheat Sheet List @ packetlife.net
• IPv4 - Subnetting Cheat Sheet @ packetlife.net
• Common Ports Cheat Sheet @ packetlife.net
• TCP Ports List
• Network Cheat Sheet

• Subnet - Cheatsheet

• ICMP Cheat Sheet

• HTTP - Status - Codes
• SMTP - Status - Codes

  top  

System- and Browsercheck

System- and Browsercheck

• Panopticlick@EFF
• Mozilla-Plugincheck
• Browser - SSL Cipher Suite Details
• The H Browsercheck
• Windows-System-Check (.de)

• Qualys - Browsercheck for insecure Plugins or Browserversions

• SPDY-Browser-Test

• SPDY-Browser-Test (de

• Browser-Fingerprinting - Article @ The H

DNSRBL - lookups

• Spam-List-Check @ heise.de
• RBL-Toolbox @ webhotel.net

• mxtoolbox.com - DNSRBL-Lookup

  
  
  possible actions (add servername or ip)
  : blacklist: / smtp: / mx: / a: / txt: / whois: / scan:

• uceprotect.net DNSRBL-Lookup

Current Spam-Stats

• UCE-Protect Network
• Barracuda Central
• Google spam and Security trends

  top  

About Notfallkoffer / DONT PANIC First Aid Kit + Credits

Notfallkoffer, which is german for "First Aid Kit", is a collection of DONT PANIC resources, links, manuals, howtos, best-practice-guides and tools that might help you in case of emergency, security breach/incident or any other (security) related problem with servers or networks, which might be intrusion, data-exposure, *.attacks, viruses et al.

This page is javascript-free and works excellent with console-browsers

The Notfallkoffer / DONT PANIC First Aid Kit is public accessible via http://www.mare-system.de/dontpanic/, but might also be downloaded as html_version with resources included. (not yet, kemraden, not yet!)

Credits

All the kudos goes to the writers of that cheat-sheets, manuals, documents, images and helpful informations; didn't found time to name them all here, but we're standing on your shoulders. A BIGUP && Thanx for sharing your knowlegde!

License

(batteries NOT included and Warranty Removed)

All linked txt/html/pdf and other material is (c) copyright by the authors and published here, either allowed by license (you'll find that license within each document, if given) or by written permission by the authors.

The Notfallkoffer/DONT PANIC First Aid Kit is free software, published under the terms of the GNU Free Documentation License as published by the Free Software Foundation, version 1.3.

This is distributed in the hope that it will be useful, but without any warranty; without even the implied warranty of merchantability or fitness for a particular purpose. See the GNU General Public License for more details. A copy of the GNU Free Documentation License is available on the World Wide Web at http://www.gnu.org/licenses/fdl.txt. You can also obtain it by writing to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.

Contact

Feel free to contact us via: dontpanic () zero DOT bs for suggestions, comments or bugs.

• actual version: see source (top)

Changelog

v2.x - 2018-05

• after beeing offline for nearly a year, new home @ zero.bs

• additional section: passive recon-tools

• more ressouces

  • locaping
  • atlas ncc and stuff
  • additional IP-reputation-section

v0.8.x - 2017-12

• converted to markdown
• some cleanup
• added ssl-check to website-online-check - area

• more (re)sources

  • How's My SSL?
  • Digital Attack Map
  • SSLLabs Browser Test
  • NMAP CheatSheet
  • Thawte-SSL - Check
  • more SSL-Checks
  • punycode-converter
  • heise-tools
  • securityheaders.com
  • xml-validator
  • SedChart
  • KVM
  • SNAFU-Links
  • URL En/Decode
  • CheatSheet-Collection
  • Security Problem Excuse Bingo
  • DNS zonetransfer / AXFR - check
  • viewdns & http/2 check
  • changed the link to ESET online-scanner (thanx for notifying, ESET!)
  • more links to dns-tools and dns-history
  • crimeflare
  • crt.sh
  • dnsdumpster
  • pingdom speedtest
  • wappalyzer

• linkcheck / deleted legacy-stuff

v0.7.x - 2010-10

• added more system/online-checks
• added website-online-checker
• added more refs to sysadmin + sec
• added sslabs.org for ssl-checks in online-scources
• credits and license included

  top