Inspired by http://www.nothink.org/utilities.php
- Awesome lists
- Books
- Bug bounty
- Cheat sheets
- CTF
- Decoder/Converter/Beautifier
- Domain name Research / Analysis / Reputation
- Exploits and vulnerabilities
- Forensic
- Free shell
- Fun
- Generic utilities
- GNU/Linux
- Honeypots
- IP Research / Analysis / Investigation
- Leak / Defaced
- Learning / Exercises
- Lock picking
- Mail utilities
- Malicious traffic detection
- Malware / Botnet sources
- Malware analysis - Sandbox
- Malware analysis - Sandbox - Online
- Mobile
- Network
- OSINT
- OS X
- Passwords
- Penetration testing
- Port scanners / Wide scans
- Search engines
- Security challenges / WarGames
- Skimmer
- SSH
- SSL
- TOR
- VOIP
- VPN
- Vulnerable environments
- Web browser
- Windows
- Wireless / Radio
Name | URL |
---|---|
Free programming books | https://github.com/EbookFoundation/free-programming-books |
Recommended Reading | http://dfir.org/?q=node/8 |
Name | URL |
---|---|
Bounty factory | https://bountyfactory.io |
Bugcrowd | https://bugcrowd.com/programs |
https://www.google.com/about/appsecurity/reward-program/ | |
HackerOne | https://hackerone.com β |
List of bug bounty | https://www.bugcrowd.com/bug-bounty-list/ |
Microsoft | https://technet.microsoft.com/en-us/security/dn425036 |
Open bug bounty | https://www.openbugbounty.org/ |
Programs and write-ups | https://github.com/djadmin/awesome-bug-bounty |
Write-ups | https://github.com/ngalongc/bug-bounty-reference |
Zerodium | https://www.zerodium.com/ π° |
Name | URL |
---|---|
General cheat sheets | http://www.cheat-sheets.org/ β |
Owasp series | https://github.com/OWASP/CheatSheetSeries ββ |
Packet life | http://packetlife.net/library/cheat-sheets/ |
Penetration test | https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/ |
Pentest monkey | http://pentestmonkey.net |
SANS Forensic | https://digital-forensics.sans.org/community/cheat-sheets |
Security Onion | https://github.com/Security-Onion-Solutions/security-onion/wiki/Cheat-Sheet |
Zeltser's cheat sheets list | https://zeltser.com/cheat-sheets/ |
Name | URL |
---|---|
Awesome CTF | https://github.com/apsdehal/awesome-ctf ββ |
CTFd platform | https://github.com/CTFd/CTFd β |
CTF PAD | https://github.com/StratumAuhuur/CTFPad |
CTF TIME | https://ctftime.org/ |
Mellivora platform | https://github.com/Nakiami/mellivora β |
Platform list | https://github.com/We5ter/Awesome-Platforms/blob/master/CTF-Platforms.md |
https://www.reddit.com/r/securityctf | |
Tools list | https://github.com/Laxa/HackingTools |
Tools list | https://github.com/zardus/ctf-tools |
Write-ups | https://github.com/ctfs |
Name | URL |
---|---|
Code beautifier | http://codebeautify.org/ |
Converter | https://github.com/koczkatamas/koczkatamas.github.io |
Cyber Chef | https://gchq.github.io/CyberChef/ π΄βββ |
JSUnpack | https://github.com/urule99/jsunpack-n |
JSBeautifier | http://jsbeautifier.org/ β |
Jjencode | http://utf-8.jp/public/jjencode.html |
JS deobfuscate | https://github.com/sevzero/honeybadger |
VB code beautifier | http://www.vbindent.com/ |
Name | URL |
---|---|
FreeShells list | http://www.freeshells.info/ |
Red-pill | http://shells.red-pill.eu/ |
Will be reorganized
Name | URL |
---|---|
Chkrootkit | https://packages.debian.org/en/jessie/chkrootkit |
Command collection | https://github.com/tuwid/GNU-Linux-OpsWiki |
Debsecan | https://packages.debian.org/en/jessie/debsecan |
GNU/Linux containers | https://github.com/Friz-zy/awesome-linux-containers#security |
GNU/Linux executable walkthrough | https://i.imgur.com/q5nyHp7.png |
GNU/Linux post exploitation | https://github.com/mubix/post-exploitation/wiki/Linux-Post-Exploitation-Command-List β |
GNU/Linux workstation | https://github.com/lfit/itpol/blob/master/linux-workstation-security.md ββ |
Kernel exploitation | https://github.com/xairy/linux-kernel-exploitation |
Lynis | https://packages.debian.org/en/jessie/lynis |
RE 101 | https://github.com/michalmalik/linux-re-101 |
RKhunter | https://packages.debian.org/en/jessie/rkhunter β |
Securing debian | https://www.debian.org/doc/manuals/securing-debian-howto/ch10.en.html β |
Vulnerability scanner | https://github.com/future-architect/vuls |
Name | URL |
---|---|
Awesome list - All of them ! | https://github.com/paralax/awesome-honeypots#honeypots ββ |
Honeynet | https://honeynet.org/project |
Live nothink | http://www.nothink.org/honeypots.php |
Name | URL |
---|---|
Abuse IP DB | https://www.abuseipdb.com/ |
BGP Toolkit | http://bgp.he.net/ β |
Bing dork | ip:$IP |
Black List Alert | http://www.blacklistalert.org/ |
Black List Check | http://whatismyipaddress.com/blacklist-check/ |
Check host | http://check-host.net/ |
FireHOL IP list | https://github.com/firehol/blocklist-ipsets β |
Google dork | "$IP" |
Host file | https://hosts-file.net/ |
IP void | http://www.ipvoid.com/ |
Multi RBL | http://multirbl.valli.org/lookup/ β |
Nirsoft country IP | http://www.nirsoft.net/countryip/ |
Project Honeypot | https://www.projecthoneypot.org/search_ip.php |
RIPE stat | https://stat.ripe.net/ |
Spamhaus | https://www.spamhaus.org/lookup/ |
Virus total | https://www.virustotal.com/gui/search/$IP |
Whatch Guard | http://www.reputationauthority.org/ |
Name | URL |
---|---|
Biggest db leaks | https://cdn.databases.today/ |
Breach alarm | https://breachalarm.com/ |
Darknet leaks | https://darknetleaks.ru/archive/leaked/dumps/ |
Hacked emails | https://hacked-emails.com/ |
Have I been pwned | https://haveibeenpwned.com/ |
Isithacked | http://www.isithacked.com |
Leakedin | http://www.leakedin.com/ |
Siph0n | https://twitter.com/datasiph0n |
Zone-H | https://zone-h.org/ |
Name | URL |
---|---|
Awesome training | http://opensecuritytraining.info/Training.html ββ |
Cybrary training | https://www.cybrary.it/ |
Essential basics | https://github.com/alex/what-happens-when ββ |
Exploits | https://thesprawl.org/research/ |
F-Secure training | https://moocfi.github.io/courses/2017/cybersecurity/ |
Malware Analysis course | https://github.com/RPISEC/Malware ββ |
Malware traffic training | http://www.malware-traffic-analysis.net/training-exercises.html β |
Practical analysis | https://practicalmalwareanalysis.com/labs/ |
Reverse - Malware | http://fumalwareanalysis.blogspot.se/p/malware-analysis-tutorials-reverse.html |
Security courses | https://bitvijays.github.io/ β |
Security training | https://github.com/rmusser01/Infosec_Reference/blob/master/Draft/Courses_Training.md |
Security talks | https://github.com/PaulSec/awesome-sec-talks β |
Name | URL |
---|---|
Awesome lockpicking | https://github.com/meitar/awesome-lockpicking |
Lock pick guide | http://lockpickguide.com β |
Bosnianbill video | https://www.youtube.com/user/bosnianbill/videos β |
Lock lab | https://lock-lab.com/ |
Lock wiki | http://www.lockwiki.com/ |
Name | URL |
---|---|
10 Minute Mail | http://10minutemail.com |
DNSBL | https://en.wikipedia.org/wiki/DNSBL |
DKIM validator | http://dkimvalidator.com/ |
Email recon | https://github.com/laramies/theHarvester |
Get air mail | http://en.getairmail.com/ |
Google Phishing quiz | https://phishingquiz.withgoogle.com/ βπ§π |
Gophish | https://github.com/gophish/gophish |
Mailinator | https://www.mailinator.com/ # https://gist.github.com/nocturnalgeek/1b8fa44283314544c487 |
Mailnesia | http://mailnesia.com/ |
Mailcatch | http://mailcatch.com/ |
Mxtoolbox | http://www.mxtoolbox.com/ |
Open phish | https://openphish.com/ β |
Openresolver JP | http://www.openresolver.jp/en/ |
Phishing Framework | https://github.com/pentestgeek/phishing-frenzy |
Phish tank | http://www.phishtank.com/ β |
SimplyEmail | https://github.com/killswitch-GUI/SimplyEmail |
Spam DB | http://www.dnsbl.info/dnsbl-database-check.php |
Spam encode secret | http://spammimic.com/encode.cgi |
SpeedPhish Framework | https://github.com/tatanus/SPF |
Yop mail | http://www.yopmail.com/ |
Name | URL |
---|---|
10 strategies cyber ops center | pr-13-1028-mitre-10-strategies-cyber-ops-center.pdf |
Awesome threat detection | https://github.com/0x4D31/awesome-threat-detection |
Maltrail | https://github.com/stamparm/maltrail |
Packetbeat | https://www.elastic.co/products/beats/packetbeat |
p0f | http://lcamtuf.coredump.cx/p0f3/ |
Tsusen | https://github.com/stamparm/tsusen |
Name | URL |
---|---|
Zeltser's list | https://zeltser.com/automated-malware-analysis/ |
Cuckoo Sandbox | https://www.cuckoosandbox.org/ |
Mastiff | https://github.com/KoreLogicSecurity/mastiff |
Fastir | https://github.com/SekoiaLab/Fastir_Collector |
SysAnalyser | https://github.com/dzzie/SysAnalyzer |
Viper | https://github.com/viper-framework/viper |
REMnux | http://zeltser.com/remnux/ |
Zeltser analysis | http://zeltser.com/reverse-malware/automated-malware-analysis.html |
Manalyze | https://github.com/JusticeRage/Manalyze |
Quarkslab IRMA | http://irma.quarkslab.com/ |
Dorothy2 | https://github.com/m4rco-/dorothy2 |
F-Secure see | https://github.com/F-Secure/see |
Noriben | https://github.com/Rurik/Noriben |
Malheur | https://github.com/rieck/malheur |
Drakvuf | https://github.com/tklengyel/drakvuf |
Zero Wine Tryouts | http://zerowine-tryout.sourceforge.net/ |
RFI sandbox | https://monkey.org/~jose/software/rfi-sandbox/ |
Malwasm | https://github.com/malwarelu/malwasm |
Name | URL |
---|---|
Any.run | https://any.run/ |
AVcaesar | https://avcaesar.malware.lu/ |
Cape | https://cape.contextis.com/ |
Comodo | https://cit.valkyrie.comodo.com/ |
Hybrid analysis | https://www.hybrid-analysis.com/ |
ID Ransomware | https://id-ransomware.malwarehunterteam.com/ |
Jotti | http://virusscan.jotti.org/it |
Joe sandbox | https://www.joesandbox.com/ |
Malwareconfig | http://malwareconfig.com/ |
Malware tracker | http://www.cryptam.com/ |
Malwr - Cuckoo | https://malwr.com/ |
Other list | http://cleanbytes.net/malware-online-scanners |
PDF examiner | http://www.pdfexaminer.com/ |
PE dump | https://github.com/zed-0xff/pedump |
Randomly changes Win32/64 PE Files | https://github.com/secretsquirrel/recomposer |
ViCheck | https://www.vicheck.ca/ |
Virscan | http://www.virscan.org/ |
VirusTotal | http://www.virustotal.com/ |
Virus Total Notifier | https://github.com/mubix/vt-notify |
Name | URL |
---|---|
APK Analzyer | http://www.apk-analyzer.net/ |
Droid Sec wiki | http://www.droidsec.org/wiki/ |
Joebox Cloud | https://jbxcloud.joesecurity.org/login |
Mobile security wiki | https://mobilesecuritywiki.com/ β |
OWASP Goat Droid | https://www.owasp.org/index.php/Projects/OWASP_GoatDroid_Project |
Sand droid | http://sanddroid.xjtu.edu.cn |
Wiki secmobi | https://github.com/secmobi/wiki.secmobi.com π |
Name | URL |
---|---|
Osint list | https://github.com/jivoi/awesome-osint β |
List of social network | https://en.wikipedia.org/wiki/List_of_social_networking_websites β |
https://www.reddit.com/r/SocialEngineering/ | |
Maltego | https://www.paterva.com/ |
Hunter | https://hunter.io/ |
Pipl | https://pipl.com/ |
Peek you | Β http://www.peekyou.com/ |
Lullar | http://com.lullar.com/ |
Lakako | http://www.lakako.com/ |
Yasni | http://www.yasni.com/ |
User search | https://usersearch.org/ |
https://www.google.com/advanced_search | |
Google dorks | intext:lastName firstName |
Google dorks | insubject:lastName firstName |
Google dorks | `intext:lastName firstName filetype:pdf |
Google Scraper | https://github.com/NikolaiT/GoogleScraper |
Bing | https://www.bing.com/ |
Bing dorks | lastName firstName (filetype:doc OR filetype:ppt OR filetype:pps OR filetype:xls OR filetype:docx OR filetype:pptx OR filetype:ppsx OR filetype:xlsx OR filetype:sxw OR filetype:sxc OR filetype:sxi OR filetype:odt OR filetype:ods OR filetype:odg OR filetype:odp OR filetype:pdf OR filetype:wpd OR filetype:svg OR filetype:svgz OR filetype:indd OR filetype:rdp OR filetype:ica) |
Yahoo | https://search.yahoo.com/ |
Duck duck go | https://duckduckgo.com/ |
Yandex | https://www.yandex.com/ |
Exa lead | http://www.exalead.com |
Osint stalker | https://github.com/milo2012/osintstalker |
Speed phish framework | https://github.com/tatanus/SPF |
Browser exploitation framework | https://github.com/beefproject/beef |
The harvester | https://github.com/laramies/theHarvester |
Meta goofil | https://github.com/laramies/metagoofil |
Name | URL |
---|---|
Awesome OSX & IOS sec list | https://github.com/ashishb/osx-and-ios-security-awesome |
OSX auditor | https://github.com/jipegit/OSXAuditor |
OWASP iGoat Project | https://www.owasp.org/index.php/OWASP_iGoat_Project |
Security and privacy guide | https://github.com/drduh/OS-X-Security-and-Privacy-Guide |
stronghold - Easily configure MacOS security settings from the terminal. | https://github.com/alichtman/stronghold |
Name | URL |
---|---|
Masscan | https://github.com/robertdavidgraham/masscan |
Masscan Defcon conference | https://defcon.org/ |
Network Scan Mon | https://scan.netlab.360.com/#/dashboard |
Nmap | https://nmap.org/7/ |
Nscan | https://github.com/OffensivePython/Nscan |
PFRing | https://github.com/ntop/PF_RING |
Rapid7 Sonar Labs | https://sonar.labs.rapid7.com/ |
Rapid7 Sonar Blackhat conference | https://www.blackhat.com/ |
Scans.io | https://scans.io/ |
Shadowserver | https://www.shadowserver.org/ ββββ |
Sonar similar projects | https://github.com/rapid7/sonar/wiki/Similar-Projects |
Trending Ports | https://isc.sans.edu/trends.html |
Zmap | https://zmap.io/ |
Zgrab | https://github.com/zmap/zgrab |
Name | URL |
---|---|
ZoomEye | https://zoomeye.org/ βπ¨π³ |
Shodan | https://www.shodan.io/ |
Censys | https://censys.io/ |
Gegereka | http://gegereka.com/ (not always up) |
https://www.google.com/advanced_search | |
Google dorks | https://gist.github.com/zbetcheckin/04e6a5d7f2d5ef8cfa3c298701f47f9c |
List of search engines | https://en.wikipedia.org/wiki/List_of_search_engines |
Threat crowd | https://www.threatcrowd.org/ |
Name | URL |
---|---|
Skimmer source from Krebs | https://krebsonsecurity.com/all-about-skimmers/ |
Great reverse engineering on skimmer | https://trustfoundry.net/reverse-engineering-a-discovered-atm-skimmer/ |
Name | URL |
---|---|
Bruteforce know hosts | https://github.com/Churro/bruteforce-known-hosts |
OpenSSH guidelines | https://wiki.mozilla.org/Security/Guidelines/OpenSSH |
SSH audit | https://github.com/arthepsy/ssh-audit.git |
SSH audit online | https://sshcheck.com |
Who's there | https://github.com/FiloSottile/whosthere |
Name | URL |
---|---|
Certificate search | https://crt.sh |
Bad SSL | https://github.com/chromium/badssl.com |
Htbridge - Online analysis | https://www.htbridge.com/ssl/ |
Mozilla SSL Configuration Generator | https://mozilla.github.io/server-side-tls/ssl-config-generator/ |
Observatory by Mozilla - Online analysis | https://observatory.mozilla.org/ ββββ |
O-Saft - Tools | https://www.owasp.org/index.php/O-Saft |
OWASP tests - Procedure | https://www.owasp.org/index.php/Testing_for_Weak_SSL/TLS_Ciphers |
Qualys SSL Labs - Online analysis | https://www.ssllabs.com/ssltest/ |
SSLscan - Tools | https://github.com/rbsec/sslscan |
SSLyze - Tools | https://github.com/iSECPartners/sslyze |
Testssl.sh - Tools | https://github.com/drwetter/testssl.sh β |
Name | URL |
---|---|
Penetration test | http://0daysecurity.com/penetration-testing/VoIP-security.html |
Name | URL |
---|---|
Open VPN | https://github.com/OpenVPN |
Comparison | https://thatoneprivacysite.net/vpn-comparison-chart/ |
Location test | https://www.dnsleaktest.com/ |
Location test | https://ipleak.net/ |
Name | URL |
---|---|
Owasp list | https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project/Pages/Offline |
Owasp BWA | https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project |
DVWA | http://www.dvwa.co.uk/ |
WebGoat | http://code.google.com/p/webgoat |
Metasploitable 3 | https://github.com/rapid7/metasploitable3/wiki |
Vulnerable systems list | https://www.amanhardikar.com/mindmaps/Practice.html β |
VulnHub | http://vulnhub.com/ |
LampSecurity | http://sourceforge.net/projects/lampsecurity/ |
Hackademic-RTB1 | http://www.aldeid.com/wiki/Hackademic-RTB1 |
Moth | http://www.bonsai-sec.com |
Peruggia | http://sourceforge.net/projects/peruggia/ |
Name | URL |
---|---|
Amiunique project | https://github.com/DIVERSIFY-project/amiunique |
Browser exploit | https://github.com/julienbedard/browsersploit |
Browser info | http://www.browser-info.net/ |
Browser leaks | https://www.browserleaks.com/ |
Browser recommendations | https://gist.github.com/atcuno/3425484ac5cce5298932 β |
Browserling | https://www.browserling.com/ |
Fingerprint | https://amiunique.org/ |
Fingerprint | https://panopticlick.eff.org/ |
Flash | http://isflashinstalled.com/ |
Referer | https://www.whatismyreferer.com/ |
SSL | https://www.ssllabs.com/ssltest/viewMyClient.html |
URL Shorter List | https://bit.do/list-of-url-shorteners.php |
User agent | http://useragentstring.com/pages/useragentstring.php |
User agent | http://whatsmyuseragent.com/ |
User agent | https://www.projecthoneypot.org/robot_useragents.php |
User agent | https://www.whatismybrowser.com/developers/tools/user-agent-parser/browse |
Web technologies support tables | https://caniuse.com/ |
Name | URL |
---|---|
Anti forensic Windows | https://www.reddit.com/r/security/comments/32fb1l/open_guide_to_scrubbing_windows_oss_from_forensic/ |
Security development | https://github.com/ExpLife0011/awesome-windows-kernel-security-development |
Windows executable walkthrough | https://i.imgur.com/pHjcI.png |
Windows exploitation | https://github.com/r3p3r/nixawk-awesome-windows-exploitation |
Windows hardening | https://github.com/PaulSec/awesome-windows-domain-hardening |
Name | URL |
---|---|
Awesome wifi tools list | https://github.com/0x90/wifi-arsenal |
Penetration test | http://0daysecurity.com/penetration-testing/wireless-penetration.html |
Great wifi map | https://wigle.net/ |
RFSec-ToolKit | https://github.com/cn0xroot/RFSec-ToolKit |
RTL-SDR | http://www.rtl-sdr.com/ |
Wireless in airports | https://www.google.com/maps/d/viewer?mid=1Z1dI8hoBZSJNWFx2xr_MMxSxSxY |