Skip to content

Latest commit

 

History

History
840 lines (752 loc) · 41 KB

README.md

File metadata and controls

840 lines (752 loc) · 41 KB

Security list for fun and profit

Inspired by http://www.nothink.org/utilities.php

Table of Contents


Awesome lists 👍

Name URL
Android https://github.com/ashishb/android-security-awesome
Curated list of awesome lists https://github.com/sindresorhus/awesome ⭐⭐⭐
Fuzzing https://github.com/secfigo/Awesome-Fuzzing
Hacking list https://github.com/Hack-with-Github/Awesome-Hacking ⭐⭐⭐⭐
Honeypots https://github.com/paralax/awesome-honeypots ⭐⭐
Incident response https://github.com/meirwah/awesome-incident-response/ ⭐⭐
Indicators of compromise https://github.com/sroberts/awesome-iocs
Malware analysis https://github.com/rshipp/awesome-malware-analysis/ ⭐⭐⭐
Red team https://github.com/yeyintminthuhtut/Awesome-Red-Teaming
Reversing https://github.com/fdivrp/awesome-reversing
Security https://github.com/sbilly/awesome-security
Threat intelligence https://github.com/hslatman/awesome-threat-intelligence
Web https://github.com/infoslack/awesome-web-hacking

Books 📚

Name URL
Free programming books https://github.com/EbookFoundation/free-programming-books
Recommended Reading http://dfir.org/?q=node/8

Bug bounty 🍫

Name URL
Bounty factory https://bountyfactory.io
Bounty source https://www.bountysource.com/
Bugcrowd programs https://bugcrowd.com/programs
Google https://www.google.com/about/appsecurity/reward-program/
HackerOne https://hackerone.com
List of bug bounty https://www.bugcrowd.com/bug-bounty-list/
Microsoft https://technet.microsoft.com/en-us/security/dn425036
Open bug bounty https://www.openbugbounty.org/
Programs and write-ups https://github.com/djadmin/awesome-bug-bounty
Write-ups https://github.com/ngalongc/bug-bounty-reference
Zerodium https://www.zerodium.com/

Cheat sheets 👍

Name URL
General cheat sheets http://www.cheat-sheets.org/
Java Deserialization https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
LFI https://highon.coffee/blog/lfi-cheat-sheet/
Owasp series https://www.owasp.org/index.php/OWASP_Cheat_Sheet_Series
Packet life http://packetlife.net/library/cheat-sheets/
Penetration test https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/
Pentest monkey http://pentestmonkey.net
SANS Forensic https://digital-forensics.sans.org/community/cheat-sheets
Security Onion https://github.com/Security-Onion-Solutions/security-onion/wiki/Cheat-Sheet
SQL injection http://websec.ca/kb/sql_injection
Web application https://www.owasp.org/index.php/Web_Application_Security_Testing_Cheat_Sheet
Zeltser's cheat sheets list https://zeltser.com/cheat-sheets/

CTF 🚩

Name URL
CTFTIME https://ctftime.org/
CTF PAD https://github.com/StratumAuhuur/CTFPad
Write-ups https://github.com/ctfs
Reddit https://www.reddit.com/r/securityctf
Tools list https://github.com/Laxa/HackingTools
Tools list https://github.com/zardus/ctf-tools
Tools list https://github.com/apsdehal/awesome-ctf
Platform list https://github.com/We5ter/Awesome-Platforms/blob/master/CTF-Platforms.md
Mellivora platform https://github.com/Nakiami/mellivora
Tinyctf platform https://github.com/balidani/tinyctf-platform
Isislab platform https://github.com/isislab/CTFd
Facebook platform https://github.com/facebook/fbctf

Decoder/Converter/Beautifier :hurtrealbad:

Name URL
Code beautifier http://codebeautify.org/
Converter https://github.com/koczkatamas/koczkatamas.github.io
Cyber Chef https://gchq.github.io/CyberChef/ 🍴⭐⭐⭐
JSUnpack https://github.com/urule99/jsunpack-n
JSBeautifier http://jsbeautifier.org/
Jjencode http://utf-8.jp/public/jjencode.html
JS deobfuscate https://github.com/sevzero/honeybadger
VB code beautifier http://www.vbindent.com/

Domain name Research / Analysis / Reputation 📉

Name URL
Archive https://archive.is/
Archive https://web.archive.org/
BGP Toolkit http://bgp.he.net/
Biggest DNS history https://securitytrails.com/list/ip/$IP
Cache page http://www.cachedpages.com/
Cache view http://cachedview.com/
Checking multiple blocklists http://rbls.org/
DGA intro https://en.wikipedia.org/wiki/Domain_generation_algorithm
DNS Blacklists https://raw.githubusercontent.com/zbetcheckin/DNSBLs/master/active_dnsbls.txt
DNS dumpster https://dnsdumpster.com/
DNS Propagation Checker https://www.whatsmydns.net/
DNS stuff http://www.dnsstuff.com/
Domain analysis list https://github.com/rshipp/awesome-malware-analysis/#domain-analysis
Domain hijacking intro https://en.wikipedia.org/wiki/Domain_hijacking
Expired domain https://www.expireddomains.net/backorder-expired-domains/
Google https://www.google.com/transparencyreport/safebrowsing/diagnostic/
Into dns http://www.intodns.com/
Multi RBL http://multirbl.valli.org/lookup/
MXToolBox https://mxtoolbox.com/SuperTool.aspx#
Netcraft http://www.netcraft.com/
Reverse Whois https://reversewhois.domaintools.com/
Robtex https://www.robtex.com/dns/
Sucuri http://sitecheck.sucuri.net/scanner/
TCP utils http://www.tcpiputils.com/
Threat log http://www.threatlog.com/
Threat miner https://www.threatminer.org/
Top-Level Domains list https://data.iana.org/TLD/tlds-alpha-by-domain.txt
Trusted source http://www.trustedsource.org/
URL Query http://urlquery.net/
URL scan https://urlscan.io/
URL shorter list https://mirror1.malwaredomains.com/files/url_shorteners.txt
URL Void http://www.urlvoid.com/
Virus total https://www.virustotal.com/#url
Whois - ARIN https://whois.arin.net/
Whois - LACNIC http://lacnic.net/cgi-bin/lacnic/whois
Whois - RIPE NCC https://apps.db.ripe.net/search/query.html
Whois - AFRINIC http://www.afrinic.net/fr/services/whois-query
Whois - APNIC http://wq.apnic.net/apnic-bin/whois.pl
Whois by registrant name http://viewdns.info/reversewhois/
Zeltser's list https://zeltser.com/lookup-malicious-websites/

Exploits and vulnerabilities 🚪

Name URL
CVEdetails http://www.cvedetails.com/
CVE.mitre https://cve.mitre.org/
Full disclosure http://seclists.org/fulldisclosure/
See bug https://www.seebug.org/
CXSecurity https://cxsecurity.com/
Inj3ct0r http://0day.today/
Packet Storm https://packetstormsecurity.com/files/tags/exploit/
Exploit-db http://www.exploit-db.com
Vulnerability-lab http://www.vulnerability-lab.com/
Vulndb https://vuldb.com/?archive.2016
Vulners https://vulners.com/search?query=order:published
Backdoor - TCP-32764 https://github.com/elvanderb/TCP-32764
Rapid7 DB https://www.rapid7.com/db/modules/
NIST http://web.nvd.nist.gov/
Security focus http://www.securityfocus.com/vulnerabilities
Country compatibility https://cve.mitre.org/compatible/country.html
Mailing list https://nmap.org/mailman/listinfo/fulldisclosure
Mail received http://lists.openwall.net/full-disclosure/2016/
Mailing list http://seclists.org/
Mailing list https://lists.debian.org/debian-security-announce/
CVSS FIRST https://www.first.org/cvss/calculator/3.0
CVSS NIST https://nvd.nist.gov/cvss/v3-calculator

Forensic 🔍

Name URL
Aldeid list https://www.aldeid.com/wiki/Category:Digital-Forensics
Awesome forensic https://github.com/Cugu/awesome-forensics
CFReDS http://www.cfreds.nist.gov/
DFRWS challenge http://www.dfrws.org/dfrws-forensic-challenge-2016
File signatures https://en.wikipedia.org/wiki/List_of_file_signatures
File signatures http://www.filesignatures.net/index.php?page=all
File signatures http://www.garykessler.net/library/file_sigs.html
Forensic control https://forensiccontrol.com/resources/free-software/
Forensic kb practical http://www.forensickb.com/2008/01/forensic-practical.html
Forensic tools https://forensics.cert.org/
Forensic - Technical graph http://www.amanhardikar.com/mindmaps/ForensicChallenges.html
Package - DEFT http://www.deftlinux.net/package-list/
Package - forensic-all https://packages.debian.org/stretch/forensics-all ⭐⭐
Testing Images http://dftt.sourceforge.net/
Tools - DFIR http://www.dfir.training/index.php/tools/
Tools - Forensics wiki http://forensicswiki.org/wiki/Tools
Tools - NIST http://toolcatalog.nist.gov/populated_taxonomy/index.php
Windows tools https://ericzimmerman.github.io/
Windows tools list http://forensic-proof.com/tools
Windows Artifact https://blogs.sans.org/computer-forensics/
Write blocker http://www.cftt.nist.gov/software_write_block.htm
Write blocker https://github.com/msuhanov/Linux-write-blocker
Zythom list - FR https://zythom.blogspot.se/2007/02/les-outils-dun-expert-judiciaire.html

Free shell 🐚

Name URL
FreeShells list http://www.freeshells.info/
Red-pill http://shells.red-pill.eu/

Fun :trollface:

Name URL
Akamai map https://www.akamai.com/fr/fr/solutions/intelligent-platform/visualizing-akamai/real-time-web-monitor.jsp 🌎
Bitdefender map https://threatmap.bitdefender.com/ 🌎
Blueliv map https://community.blueliv.com/map/ 🌎
Checkpoint map https://threatmap.checkpoint.com/ 🌎
Cymon map https://cymon.io/map 🌎
DDoS attacks http://www.digitalattackmap.com/ :trollface:
Dead drops https://deaddrops.com/db/ 💾💀
Dshield map https://dshield.org/threatmap.html 🌎
Eset map http://www.virusradar.com/ 🌎
Fire eye map https://www.fireeye.com/cyber-map/threat-map.html 🌎
Flight radar https://www.flightradar24.com ✈️
Fortinet map https://threatmap.fortiguard.com/ 🌎
HE maps https://he.net/3d-map/ 🌎
Kaspersky AV map https://cybermap.kaspersky.com/ 🌎
Kaspersky map https://apt.securelist.com/ 🌎
Norse map http://map.norsecorp.com/ 🌎
Mozilla location service map https://location.services.mozilla.com/map 🌎 - Thx rawger
Open IP video cameras http://www.insecam.org/ 📹🙈
Pwnie Awards http://pwnies.com/nominations/ 🐴
Sub marine cable http://www.submarinecablemap.com/
Sub marine cable http://submarine-cable-map-2016.telegeography.com/
Sub marine cable http://lifewinning.com/submarine-cable-taps/
Tor flow map https://torflow.uncharted.software 🌎
Trendmicro map https://botnet-cd.trendmicro.com/ 🌎
World of VNC https://worldofvnc.net/ 🎅

Generic utilities 📁

Will be reorganized

Name URL
Abuse Contact DB https://www.abusix.com/contactdb 📕
CERT teams https://www.first.org/about/organization/teams
Citizen lab https://citizenlab.org/
Code analysises https://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis
Codepad http://codepad.org/
Crypto currency https://coinmarketcap.com
Darknet stats https://dnstats.net/
Deepweb https://www.reddit.com/r/deepweb/
Electronic Frontier Foundation https://www.eff.org/
Fake ID http://www.fakenamegenerator.com/
Hackforum http://hackforums.net/ :trollface:
Hardened BSD https://hardenedbsd.org/content/easy-feature-comparison
Hashes example https://hashcat.net/wiki/doku.php?id=example_hashes
Mibbit http://www.mibbit.com/
Microsoft threat http://www.microsoft.com/security
MIME types https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types/Complete_list_of_MIME_types
MIME types https://slick.pl/kb/htaccess/complete-list-mime-types/
MIME types https://www.iana.org/assignments/media-types/media-types.xhtml
Mindmaps http://www.amanhardikar.com/mindmaps.html ⭐⭐⭐
Random data generator http://www.mockaroo.com/
Sans http://isc.sans.edu/diary/ ⭐⭐
Security wiki http://oss-security.openwall.org/wiki/
Understand your commands https://explainshell.com/

GNU/Linux

Name URL
Chkrootkit https://packages.debian.org/en/jessie/chkrootkit
Command collection https://github.com/tuwid/GNU-Linux-OpsWiki
Debsecan https://packages.debian.org/en/jessie/debsecan
GNU/Linux containers https://github.com/Friz-zy/awesome-linux-containers#security
GNU/Linux executable walkthrough https://i.imgur.com/q5nyHp7.png
GNU/Linux post exploitation https://github.com/mubix/post-exploitation/wiki/Linux-Post-Exploitation-Command-List
GNU/Linux workstation https://github.com/lfit/itpol/blob/master/linux-workstation-security.md ⭐⭐
Kernel exploitation https://github.com/xairy/linux-kernel-exploitation
Lynis https://packages.debian.org/en/jessie/lynis
RE 101 https://github.com/michalmalik/linux-re-101
RKhunter https://packages.debian.org/en/jessie/rkhunter
Securing debian https://www.debian.org/doc/manuals/securing-debian-howto/ch10.en.html
Vulnerability scanner https://github.com/future-architect/vuls

Honeypots 🍯

Name URL
Awesome list - All of them ! https://github.com/paralax/awesome-honeypots#honeypots ⭐⭐
Honeynet https://honeynet.org/project
Live nothink http://www.nothink.org/honeypots.php

IP Research / Analysis / Investigation

Name URL
BGP Toolkit http://bgp.he.net/
Bing dork ip:$IP
Black List Alert http://www.blacklistalert.org/
Black List Check http://whatismyipaddress.com/blacklist-check/
Check host http://check-host.net/
FireHOL IP blacklist https://github.com/firehol/blocklist-ipsets
Google dork "$IP"
Host file https://hosts-file.net/
Host tracker https://www.host-tracker.com/
IP in detail http://ipindetail.com/ip-blacklist-checker
IP void http://www.ipvoid.com/
IPv4 info http://ipv4info.com/
Multi RBL http://multirbl.valli.org/lookup/
Nirsoft country IP http://www.nirsoft.net/countryip/
Project Honeypot https://www.projecthoneypot.org/search_ip.php
Spamhaus https://www.spamhaus.org/lookup/
TCP utils http://www.tcpiputils.com/
Virus total https://www.virustotal.com/en/ip-address/$IP/information/
Whatch Guard http://www.reputationauthority.org/

Leak / Defaced 🚑

Name URL
Biggest db leaks https://cdn.databases.today/
Breach alarm https://breachalarm.com/
Darknet leaks https://darknetleaks.ru/archive/leaked/dumps/
Hacked emails https://hacked-emails.com/
Have I been pwned https://haveibeenpwned.com/
Isithacked http://www.isithacked.com
Leakedin http://www.leakedin.com/
Siph0n https://twitter.com/datasiph0n
Zone-H https://zone-h.org/

Learning / Exercises 🎓

Name URL
Awesome training http://opensecuritytraining.info/Training.html ⭐⭐
Cybrary training https://www.cybrary.it/
Essential basics https://github.com/alex/what-happens-when 🏆
Exploits https://thesprawl.org/research/
F-Secure training http://mooc.fi/courses/2016/cybersecurity/
Malware Analysis course https://github.com/RPISEC/Malware ⭐⭐
Malware traffic training http://www.malware-traffic-analysis.net/training-exercises.html
Network - Forensic https://www.honeynet.org/node/504
Practical analysis https://practicalmalwareanalysis.com/labs/
Reverse - Malware http://fumalwareanalysis.blogspot.se/p/malware-analysis-tutorials-reverse.html
Security courses https://bitvijays.github.io/
Security talks https://github.com/PaulSec/awesome-sec-talks

Lock picking 🔐

Name URL
Awesome lockpicking https://github.com/meitar/awesome-lockpicking
Lock pick guide http://lockpickguide.com
Bosnianbill video https://www.youtube.com/user/bosnianbill/videos
Lock lab https://lock-lab.com/
Lock wiki http://www.lockwiki.com/

Mail utilities 📬

Name URL
10 Minute Mail http://10minutemail.com
DNSBL https://en.wikipedia.org/wiki/DNSBL
DKIM validator http://dkimvalidator.com/
Email recon https://github.com/laramies/theHarvester
Get air mail http://en.getairmail.com/
Gophish https://github.com/gophish/gophish
Mailinator https://www.mailinator.com/ # https://gist.github.com/nocturnalgeek/1b8fa44283314544c487
Mailnesia http://mailnesia.com/
Mailcatch http://mailcatch.com/
Mxtoolbox http://www.mxtoolbox.com/
Open phish https://openphish.com/
Openresolver JP http://www.openresolver.jp/en/
Phishing Framework https://github.com/pentestgeek/phishing-frenzy
Phish tank http://www.phishtank.com/
SimplyEmail https://github.com/killswitch-GUI/SimplyEmail
Spam DB http://www.dnsbl.info/dnsbl-database-check.php
Spam encode secret http://spammimic.com/encode.cgi
SpeedPhish Framework https://github.com/tatanus/SPF
Yop mail http://www.yopmail.com/

Malicious traffic detection 🚦

Name URL
Maltrail https://github.com/stamparm/maltrail
Tsusen https://github.com/stamparm/tsusen
Packetbeat https://www.elastic.co/products/beats/packetbeat
p0f http://lcamtuf.coredump.cx/p0f3/

Malware / Botnet sources 👼

Name URL
Abuse CH https://www.abuse.ch/
Botnet.fr https://www.botnets.fr/wiki/Main_Page
Clean MX http://support.clean-mx.de/clean-mx/viruses.php
Contagio http://contagiodump.blogspot.se/
Custom Google search engine https://cse.google.com/cse/home?cx=011750002002865445766%3Apc60zx1rliu (from Corey Harrell)
Cybercrime tracker http://cybercrime-tracker.net/
Dont need coffee http://malware.dontneedcoffee.com/
Exposed Botnets http://www.exposedbotnets.com/
Malc0de http://malc0de.com/database/
Malekal http://malwaredb.malekal.com/
No more ransom https://www.nomoreransom.org/
Tracker http://tracker.h3x.eu/
Kernel mode http://www.kernelmode.info
Malware domain list http://www.malwaredomainlist.com
Malware domain blocklist http://www.malwaredomains.com
Malware museum https://archive.org/details/malwaremuseum
Malware src https://malwares.github.io/
Malware.lu https://malware.lu/
MISP https://github.com/MISP/MISP
Ransomware overview https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml#
Ransomware simulator https://shinolocker.com/
Ransomware tracker https://ransomwaretracker.abuse.ch/tracker/
SafeGroup http://www.malware.pl/ - https://www.scumware.org/
Structured Threat Information eXpression https://stixproject.github.io/
The Zoo aka Malware DB https://ytisf.github.io/theZoo/
Total hash https://totalhash.cymru.com/
VirusBay https://beta.virusbay.io/
VirusShare http://virusshare.com/
VX Vault http://vxvault.net/
Yararules https://github.com/Yara-Rules/rules
ZeuS Tracker https://zeustracker.abuse.ch

Malware analysis - Sandbox 😷

Name URL
Zeltser's list https://zeltser.com/automated-malware-analysis/
Cuckoo Sandbox https://www.cuckoosandbox.org/
Mastiff https://github.com/KoreLogicSecurity/mastiff
Fastir https://github.com/SekoiaLab/Fastir_Collector
SysAnalyser https://github.com/dzzie/SysAnalyzer
Viper https://github.com/viper-framework/viper
REMnux http://zeltser.com/remnux/
Zeltser analysis http://zeltser.com/reverse-malware/automated-malware-analysis.html
Manalyze https://github.com/JusticeRage/Manalyze
Quarkslab IRMA http://irma.quarkslab.com/
Dorothy2 https://github.com/m4rco-/dorothy2
F-Secure see https://github.com/F-Secure/see
Noriben https://github.com/Rurik/Noriben
Malheur https://github.com/rieck/malheur
Drakvuf https://github.com/tklengyel/drakvuf
Zero Wine Tryouts http://zerowine-tryout.sourceforge.net/
RFI sandbox https://monkey.org/~jose/software/rfi-sandbox/
Malwasm https://github.com/malwarelu/malwasm

Malware analysis - Sandbox - Online 😷

Name URL
Any.run https://any.run/
AVcaesar https://avcaesar.malware.lu/
Cape https://cape.contextis.com/
Comodo https://cit.valkyrie.comodo.com/
Hybrid analysis https://www.hybrid-analysis.com/
ID Ransomware https://id-ransomware.malwarehunterteam.com/
Jotti http://virusscan.jotti.org/it
Joe sandbox https://www.joesandbox.com/
Malwareconfig http://malwareconfig.com/
Malware tracker http://www.cryptam.com/
Malwr - Cuckoo https://malwr.com/
Other list http://cleanbytes.net/malware-online-scanners
PDF examiner http://www.pdfexaminer.com/
PE dump https://github.com/zed-0xff/pedump
Randomly changes Win32/64 PE Files https://github.com/secretsquirrel/recomposer
ViCheck https://www.vicheck.ca/
Virscan http://www.virscan.org/
VirusTotal http://www.virustotal.com/
Virus Total Notifier https://github.com/mubix/vt-notify

Mobile 📱

Name URL
AndroTotal https://andrototal.org/
APK Analzyer http://www.apk-analyzer.net/
Droid Sec wiki http://www.droidsec.org/wiki/
Joebox Cloud https://jbxcloud.joesecurity.org/login
Mobile security wiki https://mobilesecuritywiki.com/
OWASP Goat Droid https://www.owasp.org/index.php/Projects/OWASP_GoatDroid_Project
Sand droid http://sanddroid.xjtu.edu.cn
Tracedroid http://tracedroid.few.vu.nl
Wiki secmobi https://github.com/secmobi/wiki.secmobi.com 🏆

Network

Name URL
Awesome PCAP https://github.com/caesar0301/awesome-pcaptools
BGPlay https://stat.ripe.net/widget/bgplay
GNU/Linux monitoring https://blog.serverdensity.com/80-linux-monitoring-tools-know/
MAC address block http://standards-oui.ieee.org/oui/oui.txt
MAC find http://www.coffer.com/mac_find/
MAC find http://hwaddress.com
Packet total http://www.packettotal.com/
Ping.eu http://ping.eu/
Project honeypot https://www.projecthoneypot.org/
Protocol Numbers http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
Publicly PCAP files http://www.netresec.com/?page=PcapFiles
Service Port Number Registry https://www.iana.org/assignments/service-names-port-numbers/ ⭐⭐
Service Port Number Registry https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
Subnet calculator http://www.subnet-calculator.com/cidr.php
Subnet calculator http://www.subnetonline.com/pages/subnet-calculators.php
Security Onion tools https://github.com/Security-Onion-Solutions/security-onion/wiki/Tools
Wireshark extentions https://www.honeynet.org/project/WiresharkExtensions

OSINT

Name URL
Osint list https://github.com/jivoi/awesome-osint
List of social network https://en.wikipedia.org/wiki/List_of_social_networking_websites
Reddit https://www.reddit.com/r/SocialEngineering/
Maltego https://www.paterva.com/
Hunter https://hunter.io/
Pipl https://pipl.com/
Peek you  http://www.peekyou.com/
Yatedo http://www.yatedo.com/
Lullar http://com.lullar.com/
Lakako http://www.lakako.com/
Yasni http://www.yasni.com/
User search https://usersearch.org/
Google https://www.google.com/advanced_search
Google dorks intext:lastName firstName
Google dorks insubject:lastName firstName
Google dorks `intext:lastName firstName filetype:pdf
Google Scraper https://github.com/NikolaiT/GoogleScraper
Bing https://www.bing.com/
Bing dorks lastName firstName (filetype:doc OR filetype:ppt OR filetype:pps OR filetype:xls OR filetype:docx OR filetype:pptx OR filetype:ppsx OR filetype:xlsx OR filetype:sxw OR filetype:sxc OR filetype:sxi OR filetype:odt OR filetype:ods OR filetype:odg OR filetype:odp OR filetype:pdf OR filetype:wpd OR filetype:svg OR filetype:svgz OR filetype:indd OR filetype:rdp OR filetype:ica)
Yahoo https://search.yahoo.com/
Duck duck go https://duckduckgo.com/
Yandex https://www.yandex.com/
Exa lead http://www.exalead.com
Osint stalker https://github.com/milo2012/osintstalker
Speed phish framework https://github.com/tatanus/SPF
Browser exploitation framework https://github.com/beefproject/beef
The harvester https://github.com/laramies/theHarvester
Meta goofil https://github.com/laramies/metagoofil

OS X

Name URL
Awesome OSX & IOS sec list https://github.com/ashishb/osx-and-ios-security-awesome
OSX auditor https://github.com/jipegit/OSXAuditor
OWASP iGoat Project https://www.owasp.org/index.php/OWASP_iGoat_Project
Security and privacy guide https://github.com/drduh/OS-X-Security-and-Privacy-Guide
stronghold - Easily configure MacOS security settings from the terminal. https://github.com/alichtman/stronghold

Passwords 🔑

Name URL
CrackStation https://crackstation.net/buy-crackstation-wordlist-password-cracking-dictionary.htm
Default password https://default-password.info/
Default password https://cirt.net/passwords
Default password http://www.defaultpassword.com/
Default password http://www.defaultpassword.us/
Default cameras password https://github.com/jeanphorn/wordlist/blob/master/README.md
Default password thc-hydra https://github.com/vanhauser-thc/thc-hydra/blob/master/dpl4hydra_full.csv
Dafault router password http://www.cleancss.com/router-default/
Default router password https://github.com/jeanphorn/wordlist/blob/master/router_default_password.md
Default VoIP password https://github.com/netbiosX/Default-Credentials/blob/master/VoIP-Default-Password-List.mdown
Fun secure password checker https://password.kaspersky.com/
Hashcat WIKI https://hashcat.net/wiki/
Multiple dictionary https://github.com/danielmiessler/SecLists/tree/master/Passwords
Multiple dictionary https://github.com/duyetdev/bruteforce-database
Online CrackStation https://crackstation.net
Online Hask Killer https://hashkiller.co.uk
Online Hash crack http://www.onlinehashcrack.com/
Online MD5 and SHA1 db http://hashtoolkit.com/
OpenWall http://www.openwall.com/passwords/wordlists/ or ftp://ftp.openwall.com/pub/wordlists/
Outpost9 http://www.outpost9.com/files/WordLists.html
Packets storm https://packetstormsecurity.com/Crackers/wordlists/
Password research http://www.passwordresearch.com/
Programming - Secure Password Storage https://paragonie.com/blog/2016/02/how-safely-store-password-in-2016
SecLists https://github.com/danielmiessler/SecLists/tree/master/Passwords
Skull security https://wiki.skullsecurity.org/Passwords
SSH dictionary https://github.com/droope/pwlist

Penetration testing 🔧

Name URL
Awesome pentest https://github.com/enaqx/awesome-pentest
Footprinting - Procedure & tools http://www.0daysecurity.com/penetration-testing/network-footprinting.html
GNU/Linux privilege escalation https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
Informaion gathering - Tools http://www.w4rri0r.com/hacking-tools-windows-os-x-linux-android-solaris-unixware/information-gathering.html
Organization of the Standard http://www.pentest-standard.org/index.php/Main_Page
Owasp - Check list https://www.owasp.org/index.php/Testing_Checklist
Owasp testing guide https://www.owasp.org/images/5/52/OWASP_Testing_Guide_v4.pdf ⭐⭐
Owasp - tools https://www.owasp.org/index.php/Category:OWASP_Tool
Public pentest reports https://github.com/juliocesarfort/public-pentesting-reports
Python tools for pentest https://github.com/dloss/python-pentest-tools
Report sample https://www.offensive-security.com/reports/sample-penetration-testing-report.pdf
Reverse engineering http://wiki.yobi.be/wiki/Reverse-Engineering
SANS Penetration Testing http://pen-testing.sans.org
Services enumeration http://www.0daysecurity.com/penetration-testing/enumeration.html ⭐ Thx rawger
Tools - BlackArch list https://blackarch.org/tools.html
Tools - Great list http://wiki.yobi.be/wiki/Table_of_contents#Security
Tools - Kali list http://tools.kali.org/tools-listing
Web http://www.w4rri0r.com/hacking-tools-windows-os-x-linux-android-solaris-unixware/web-application-analysis.html
Web vulnerabilities http://www.w4rri0r.com/hacking-tools-windows-os-x-linux-android-solaris-unixware/vulnerability-assessment.html
Webshell list https://github.com/tennc/webshell

Port scanners 🎯 && Wide Scans 🗽

Name URL
Masscan https://github.com/robertdavidgraham/masscan
Masscan Defcon conference https://defcon.org/
Nmap https://nmap.org/7/
Nscan https://github.com/OffensivePython/Nscan
PFRing https://github.com/ntop/PF_RING
Rapid7 Sonar Labs https://sonar.labs.rapid7.com/
Rapid7 Sonar Blackhat conference https://www.blackhat.com/
Scans.io https://scans.io/
Shadowserver https://www.shadowserver.org/ 🏆🏆
Sonar similar projects https://github.com/rapid7/sonar/wiki/Similar-Projects
Zmap https://zmap.io/
Zgrab https://github.com/zmap/zgrab

Search engines 📡

Name URL
ZoomEye https://zoomeye.org/ ⭐🇨🇳
Shodan https://www.shodan.io/
Censys https://censys.io/
Gegereka http://gegereka.com/ (not always up)
Google https://www.google.com/advanced_search
Google dorks https://gist.github.com/zbetcheckin/04e6a5d7f2d5ef8cfa3c298701f47f9c
List of search engines https://en.wikipedia.org/wiki/List_of_search_engines
Threat crowd https://www.threatcrowd.org/

Security challenges / WarGames 🚩

Name URL
Zenk-Security https://www.zenk-security.com/
Root-Me http://www.root-me.org/
Overthewire http://overthewire.org/wargames/
CrackMe.de http://crackmes.de/
Reversing http://reversing.kr/
Pwnable http://pwnable.kr/
Newbiecontest https://www.newbiecontest.org/
OWASP VWAD list https://github.com/OWASP/OWASP-VWAD/
WeChall https://www.wechall.net/
Vulnhub https://www.vulnhub.com/
Net Garage http://io.netgarage.org/
SmashTheStack http://smashthestack.org/
Hackthissite http://www.hackthissite.org/
Hack.me https://hack.me
HackThis! http://www.hackthis.co.uk/
Backdoor.Sdslabs https://backdoor.sdslabs.co/
Bright-shadows http://www.bright-shadows.net/
SmashTheStack http://smashthestack.org/
Ringzer0team https://ringzer0team.com/challenges
Forensic contest http://forensicscontest.com/puzzles
Lost chall http://www.lost-chall.org/
Rankk http://www.rankk.org/
Happy Security http://www.happy-security.de/
Net force https://www.net-force.nl/challenges/
CanYouHack.it http://canyouhack.it/
Hellboundhackers https://www.hellboundhackers.org/
Microcorruption https://microcorruption.com/
More challenges http://captf.com/practice-ctf/

Skimmer 🃏

Name URL
Skimmer source from Krebs https://krebsonsecurity.com/all-about-skimmers/
Great reverse engineering on skimmer https://trustfoundry.net/reverse-engineering-a-discovered-atm-skimmer/

SSH

Name URL
Bruteforce know hosts https://github.com/Churro/bruteforce-known-hosts
OpenSSH guidelines https://wiki.mozilla.org/Security/Guidelines/OpenSSH
SSH audit https://github.com/arthepsy/ssh-audit.git
SSH audit online https://sshcheck.com
Who's there https://github.com/FiloSottile/whosthere

SSL

Name URL
Certificate search https://crt.sh
Bad SSL https://github.com/chromium/badssl.com
Htbridge - Online analysis https://www.htbridge.com/ssl/
Mozilla SSL Configuration Generator https://mozilla.github.io/server-side-tls/ssl-config-generator/
Observatory by Mozilla - Online analysis https://observatory.mozilla.org/ ⭐⭐⭐⭐
O-Saft - Tools https://www.owasp.org/index.php/O-Saft
OWASP tests - Procedure https://www.owasp.org/index.php/Testing_for_Weak_SSL/TLS_Ciphers
Qualys SSL Labs - Online analysis https://www.ssllabs.com/ssltest/
SSLscan - Tools https://github.com/rbsec/sslscan
SSLyze - Tools https://github.com/iSECPartners/sslyze
Testssl.sh - Tools https://github.com/drwetter/testssl.sh

TOR

Name URL
Hidden services https://www.torproject.org/docs/hidden-services.html.en
Hidden services scanner https://github.com/superp00t/sadonion
Reddit https://www.reddit.com/r/onions/
Scan Onion Services https://github.com/s-rah/onionscan
Search engine - Grams http://grams7enufi7jmdl.onion/
Search engine - Ahmia https://ahmia.fi/
Search engine - TORCH http://xmh57jrzrnw6insl.onion/
Search engine - DuckDuckGo http://3g2upl4pq6kufc4m.onion/
Tails https://tails.boum.org/
The hidden wiki https://thehiddenwiki.org/
Tolerant ISP for exit node https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs
Tor Browser Fingerprint https://github.com/jonaslejon/tor-fingerprint
Tor Bulk exit list https://check.torproject.org/cgi-bin/TorBulkExitList.py
Tor IP history https://exonerator.torproject.org/
Tor Know exit nodes https://check.torproject.org/exit-addresses
Tor Project https://www.torproject.org/
Tor Relays bandwidth https://github.com/TheTorProject/bwscanner
Tor Socks https://gitweb.torproject.org/torsocks.git
Tor Status https://torstatus.blutmagie.de/
URL onion inspector https://github.com/k4m4/onioff

VOIP ☎️

Name URL
Penetration test http://0daysecurity.com/penetration-testing/VoIP-security.html

VPN

Name URL
Open VPN https://github.com/OpenVPN
Comparison https://thatoneprivacysite.net/vpn-comparison-chart/
Location test https://www.dnsleaktest.com/
Location test https://ipleak.net/

Vulnerable environments 🔓

Name URL
Owasp list https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project/Pages/Offline
Owasp BWA https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project
DVWA http://www.dvwa.co.uk/
WebGoat http://code.google.com/p/webgoat
Metasploitable 3 https://github.com/rapid7/metasploitable3/wiki
Vulnerable systems list https://www.amanhardikar.com/mindmaps/Practice.html
VulnHub http://vulnhub.com/
LampSecurity http://sourceforge.net/projects/lampsecurity/
Hackademic-RTB1 http://www.aldeid.com/wiki/Hackademic-RTB1
Moth http://www.bonsai-sec.com
Peruggia http://sourceforge.net/projects/peruggia/

Web browser

Name URL
Amiunique project https://github.com/DIVERSIFY-project/amiunique
Browser exploit https://github.com/julienbedard/browsersploit
Browser info http://www.browser-info.net/
Browser leaks https://www.browserleaks.com/
Browser recommendations https://gist.github.com/atcuno/3425484ac5cce5298932
Browserling https://www.browserling.com/
Fingerprint https://amiunique.org/
Fingerprint https://panopticlick.eff.org/
Flash http://isflashinstalled.com/
Referer https://www.whatismyreferer.com/
SSL https://www.ssllabs.com/ssltest/viewMyClient.html
URL Shorter List https://bit.do/list-of-url-shorteners.php
User agent http://useragentstring.com/pages/useragentstring.php
User agent http://whatsmyuseragent.com/
User agent https://www.projecthoneypot.org/robot_useragents.php
User agent https://www.whatismybrowser.com/developers/tools/user-agent-parser/browse

Windows

Name URL
Anti forensic Windows https://www.reddit.com/r/security/comments/32fb1l/open_guide_to_scrubbing_windows_oss_from_forensic/
Security development https://github.com/ExpLife0011/awesome-windows-kernel-security-development
Windows executable walkthrough https://i.imgur.com/pHjcI.png
Windows exploitation https://github.com/enddo/awesome-windows-exploitation
Windows hardening https://github.com/PaulSec/awesome-windows-domain-hardening

Wireless / Radio 📶

Name URL
Awesome wifi tools list https://github.com/0x90/wifi-arsenal
Penetration test http://0daysecurity.com/penetration-testing/wireless-penetration.html
Great wifi map https://wigle.net/
RFSec-ToolKit https://github.com/cn0xroot/RFSec-ToolKit
RTL-SDR http://www.rtl-sdr.com/
Wireless in airports https://www.google.com/maps/d/viewer?mid=1Z1dI8hoBZSJNWFx2xr_MMxSxSxY