After the huge success of Black Hat Arsenal USA 2017, @toolswatch has now announced the list of tools selected for Black Hat Arsenal USA 2018.

This time there were a huge number of proposals than expected, so the Arsenal team had a tough time selecting the tools.

NOTE: If you have submitted a proposal and didn’t get selected, don’t worry. Please do submit it again for Black Hat Arsenal EU 2018 / ASIA 2019. The rejected tools don’t necessarily mean that they aren’t good. Also the rejected tools are on the priority list for consideration in upcoming Black Hat Arsenal events.

Some of the selected tools are already present on GitHub and some are yet to be uploaded. This article contains the links to their respective repositories. The tools are arranged according to their tracks. If you like the tool, go to its repository and click Watch to keep updated on the latest commits and pushes.

Some tools will be updated during/after the Arsenal event. Links to the GitHub repositories of those tools will be eventually updated in this article.

If you feel that this article is missing links to some Arsenal tools hosted on GitHub, please comment so that it will updated.

NOTE: Arsenal Theater Demos are denoted using the Projector emoji — 📽️

Android, iOS and Mobile Hacking

Damn Vulnerable iOS App: Swift Edition

https://github.com/prateek147/DVIA-v2

Presenter: Prateek Gianchandani (@prateekg147)

Code Assessment

OWASP Dependency-Check

https://github.com/jeremylong/DependencyCheck

Presenter: Jeremy Long (@ctxt)

https://github.com/jeremylong/DependencyCheck Jeremy Long (@ctxt) Puma Scan

https://github.com/pumasecurity/puma-scan

Twitter: (@puma_scan)

Presenter: Eric Johnson (@emjohn20)

Cryptography

DeepViolet: SSL/TLS Scanning API & Tools

https://github.com/spoofzu/DeepViolet

Presenter: Milton Smith (@spoofzu)

Data Forensics and Incident Response

Bro: Do You Bro? Beginner to Expert

https://github.com/bro/bro

Presenter: Seth Hall (@remor)

https://github.com/bro/bro Seth Hall (@remor) CyBot: Open-Source Threat Intelligence Chat Bot (Full Circle)

https://github.com/CylanceSPEAR/CyBot

Presenter: Tony Lee

https://github.com/CylanceSPEAR/CyBot Tony Lee LogonTracer

https://github.com/JPCERTCC/LogonTracer

Presenters: Shusei Tomonaga (@shu_tom), Tomoaki Tani

https://github.com/JPCERTCC/LogonTracer Shusei Tomonaga (@shu_tom), Tomoaki Tani rastrea2r (reloaded!): Collecting & Hunting for IOCs with Gusto and Style

https://github.com/rastrea2r/rastrea2r

Presenters: Ismael Valenzuela (@aboutsecurity), Sudheendra Bhat

https://github.com/rastrea2r/rastrea2r Ismael Valenzuela (@aboutsecurity), Sudheendra Bhat RedHunt OS (VM): A Virtual Machine for Adversary Emulation and Threat Hunting

https://github.com/redhuntlabs/RedHunt-OS

Presenter: Sudhanshu Chauhan (@Sudhanshu_C)

Exploitation and Ethical Hacking

AVET: AntiVirus Evasion Tool

https://github.com/govolution/avet

Presenter: Daniel Sauder (@DanielX4v3r)

https://github.com/govolution/avet Daniel Sauder (@DanielX4v3r) DSP: Docker Security Playground

https://github.com/giper45/DockerSecurityPlayground

Presenter: Simon Pietro Romano (@spromano)

https://github.com/giper45/DockerSecurityPlayground Simon Pietro Romano (@spromano) hideNsneak: An Attack Obfuscation Framework

https://github.com/rmikehodges/hideNsneak

Presenters: Michelle Hodges, Mike Hodges (@rmikehodges)

https://github.com/rmikehodges/hideNsneak Michelle Hodges, Mike Hodges (@rmikehodges) Merlin

https://github.com/Ne0nd0g/merlin

Presenter: Russel Van Tuyl (@Ne0nd0g)

https://github.com/Ne0nd0g/merlin Russel Van Tuyl (@Ne0nd0g) RouterSploit

https://github.com/threat9/routersploit

Twitter: @routersploit

Presenters: Blane Cordes, Marcin Bury

Hardware/Embedded

ChipWhisperer

https://github.com/newaetech/chipwhisperer

Presenter: Colin O’Flynn (@colinoflynn)

https://github.com/newaetech/chipwhisperer Colin O’Flynn (@colinoflynn) 📽️ JTAGulator: Uncovering the Achilles Heel of Hardware Security

https://github.com/grandideastudio/jtagulator

Presenter: Joe Grand (@joegrand)

https://github.com/grandideastudio/jtagulator Joe Grand (@joegrand) Micro-Renovator: Bringing Processor Firmware up to Code

https://github.com/syncsrc/MicroRenovator

Presenter: Matt King (@syncsrc)

https://github.com/syncsrc/MicroRenovator Matt King (@syncsrc) TumbleRF: RF Fuzzing Made Easy

https://github.com/riverloopsec/tumblerf

Presenters: Matt Knight (@embeddedsec)

https://github.com/riverloopsec/tumblerf Matt Knight (@embeddedsec) Walrus: Make the Most of Your Card Cloning Devices

https://github.com/TeamWalrus/Walrus

Presenters: Daniel Underhay, Matthew Daley

Internet of Things

An Extensible Dynamic Analysis Framework for IoT Devices

https://github.com/sycurelab/DECAF

Presenters: Heng Yin, Xunchao Hu, Yaowen Zheng

https://github.com/sycurelab/DECAF Heng Yin, Xunchao Hu, Yaowen Zheng BLE CTF Project

https://github.com/hackgnar/ble_ctf

Presenter: Ryan Holeman (@hackgnar)

https://github.com/hackgnar/ble_ctf Ryan Holeman (@hackgnar) WHID Injector and WHID Elite: A New Generation of HID Offensive Devices

https://github.com/whid-injector/WHID

Presenter: Luca Bongiorni (@LucaBongiorni)

Malware Defense

Advanced Deep Learning Analytic Platform Made Easy for Every Security Researcher

https://github.com/intel/Resilient-ML-Research-Platform

Presenters: Evan Yang, Li Chen

https://github.com/intel/Resilient-ML-Research-Platform Evan Yang, Li Chen EKTotal

https://github.com/nao-sec/ektotal

Presenters: Keita Nomura, Rintaro Koike

https://github.com/nao-sec/ektotal Keita Nomura, Rintaro Koike Firmware Audit: Platform Firmware Security Automation for Blue Teams and DFIR

https://github.com/PreOS-Security/fwaudit

Presenters: Lee Fisher (@LeeFisher_PreOS), Paul English

https://github.com/PreOS-Security/fwaudit Lee Fisher (@LeeFisher_PreOS), Paul English MaliceIO

https://github.com/maliceio/malice

Twitter: @maliceio

Presenter: Josh Maine

https://github.com/maliceio/malice @maliceio Josh Maine Objective-See’s MacOS Security Tools

https://github.com/objective-see

Twitter: @objective_see

Presenter: Patrick Wardle (@patrickwardle)

Malware Offense

BloodHound 1.5

https://github.com/BloodHoundAD/BloodHound

Presenters: Andy Robbins (@_wald0), Rohan Vazarkar (@CptJesus)

Network Attacks

Armory

https://github.com/depthsecurity/armory

Presenter: Daniel Lawson (@fang0654)

https://github.com/depthsecurity/armory Daniel Lawson (@fang0654) Chiron: An Advanced IPv6 Security Assessment and Penetration Testing Framework

https://github.com/aatlasis/Chiron

Presenter: Antonios Atlasis (@AntoniosAtlasis)

https://github.com/aatlasis/Chiron Antonios Atlasis (@AntoniosAtlasis) DELTA: SDN Security Evaluation Framework

https://github.com/OpenNetworkingFoundation/DELTA

Presenters: Jinwoo Kim, Seungsoo Lee, Seungwon Shin, Seungwon Woo

https://github.com/OpenNetworkingFoundation/DELTA Jinwoo Kim, Seungsoo Lee, Seungwon Shin, Seungwon Woo Mallet: An Intercepting Proxy for Arbitrary Protocols

https://github.com/sensepost/mallet

Presenter: Rogan Dawes (@RoganDawes)

https://github.com/sensepost/mallet Rogan Dawes (@RoganDawes) PowerUpSQL: A PowerShell Toolkit for Attacking SQL Servers in Enterprise Environments

https://github.com/NetSPI/PowerUpSQL

Presenters: Antti Rantasaari, Scott Sutherland (@_nullbind)

https://github.com/NetSPI/PowerUpSQL Antti Rantasaari, Scott Sutherland (@_nullbind) 📽️ WarBerryPi

https://github.com/secgroundzero/warberry

Presenters: Stella Constantinou, Yiannis Ioannides

Network Defense

ANWI (All New Wireless IDS): The $5 WIDS

https://github.com/SanketKarpe/anwi

Presenters: Rishikesh Bhide, Sanket Karpe

https://github.com/SanketKarpe/anwi Rishikesh Bhide, Sanket Karpe CHIRON: Home-Based Network Analytics & Machine Learning Threat Detection Framework

https://github.com/jzadeh/chiron-elk

Presenters: Joseph Zadeh (@JosephZadeh), Rod Soto (@rodsoto)

https://github.com/jzadeh/chiron-elk Joseph Zadeh (@JosephZadeh), Rod Soto (@rodsoto) Cloud Security Suite: One Stop Tool for AWS/GCP/Azure Security Audit

https://github.com/SecurityFTW/cs-suite

Twitter: @CS_Suite

Presenters: Divya John, Jayesh Chauhan (@jayeshsch), Shivankar Madaan (@shivankarmadaan)

https://github.com/SecurityFTW/cs-suite @CS_Suite Divya John, Jayesh Chauhan (@jayeshsch), Shivankar Madaan (@shivankarmadaan) DejaVu: An Open Source Deception Framework

https://github.com/bhdresh/Dejavu

Presenters: Bhadreshkumar Patel (@bhdresh), Harish Ramadoss (@hramados)

OSINT — Open Source Intelligence

DataSploit 2.0

https://github.com/DataSploit/datasploit

Twitter: @datasploit

Presenter: Shubham Mittal (@upgoingstar)

https://github.com/DataSploit/datasploit @datasploit Shubham Mittal (@upgoingstar) 📽️ Dradis Framework: Learn How to Cut Your Reporting Time in Half

https://github.com/dradis/dradis-ce

Twitter: @dradisfw

Presenter: Daniel Martin (@etdsoft)

Reverse Engineering

Snake: The Malware Storage Zoo

https://github.com/countercept/snake

Presenter: Alex Kornitzer (@AlexKornitzer)

Smart Grid / Industrial Security

📽️ GRFICS: A Graphical Realism Framework for Industrial Control Simulations

https://github.com/djformby/GRFICS

Presenter: David Formby

Vulnerability Assessment

📽️ Adversarial Robustness Toolbox for Machine Learning Models

https://github.com/IBM/adversarial-robustness-toolbox

Presenter: Irina Nicolae

https://github.com/IBM/adversarial-robustness-toolbox Irina Nicolae Android Dynamic Analysis Tool (ADA)

https://github.com/ANELKAOS/ada

Presenter: Anelkaos (@ANELKAOS1)

https://github.com/ANELKAOS/ada Anelkaos (@ANELKAOS1) 📽️ Archery: Open Source Vulnerability Assessment and Management

https://github.com/archerysec/archerysec

Twitter: @ArcherySec

Presenter: Anand Tiwari (@anandtiwarics)

https://github.com/archerysec/archerysec @ArcherySec Anand Tiwari (@anandtiwarics) boofuzz

https://github.com/jtpereyda/boofuzz

Presenter: Joshua Pereyda (@jtpereyda)

https://github.com/jtpereyda/boofuzz Joshua Pereyda (@jtpereyda) BTA

https://github.com/airbus-seclab/bta

Presenter: Joffrey Czarny (@_Sn0rkY)

https://github.com/airbus-seclab/bta Joffrey Czarny (@_Sn0rkY) Deep Exploit

https://github.com/13o-bbr-bbq/machine_learning_security/tree/master/DeepExploit

Presenter: Isao Takaesu (@bbr_bbq)

https://github.com/13o-bbr-bbq/machine_learning_security/tree/master/DeepExploit Isao Takaesu (@bbr_bbq) Halcyon IDE: For Nmap Script Developers

https://github.com/s4n7h0/Halcyon

Presenter: Sanoop Thomas (@s4n7h0)

https://github.com/s4n7h0/Halcyon Sanoop Thomas (@s4n7h0) 📽️ SimpleRisk

https://github.com/simplerisk

Twitter: @simpleriskfree

Presenter: Josh Sokol (@joshsokol)

https://github.com/simplerisk @simpleriskfree Josh Sokol (@joshsokol) 📽️ TROMMEL

https://github.com/CERTCC/trommel

Presenter: Kyle O’Meara

Web AppSec