Skip to content

Latest commit

 

History

History
71 lines (60 loc) · 5.13 KB

README.md

File metadata and controls

71 lines (60 loc) · 5.13 KB

Cybersecurity Tools Index

Disclaimer: I am neither affiliated with any of the below programs nor assume any liability towards anyone's use of the below tools and resources.

This is simply an aggregation of tools that I have found which I find useful and have used or plan to use in the future.

Searching/Scanning Tools:

  • GitHound: Advanced Github searching tool.
  • GoGhost: SMBGhost scanning tool.
  • APKLeaks: APK scanning tool to search for secrets.

Active Directory Tools:

Domain Enumeration Tools:

  • reconFTW: Domain enumeration tool.
  • assetfinder: Tool to find related domains from a given domain.
  • waybackurls: Tool which fetches all URLs of a given domain which the Wayback Machine knows about.
  • findcdn: Tool to find which CDN a domain is using, created by CISA.
  • Pshtt: Domain enumeration tool designed by CISA.

Network/Web Tools:

Miscallaneous Enumeration Tools:

  • WAFW00F: WAF detection tool.
  • AutoRecon: Feature heavy enumeration tool.
  • Wfuzz: Web fuzzer.
  • Konan: Web directory and file brute force scanner.

Hardening Tools:

Hash Tools:

OSINT Tools:

  • MOSINT: Email OSINT tool.
  • ProOSINT: ProtonMail account detection tool.
  • linkedin2username: Linkedin OSINT tool which fetches all usernames of employees of a particular company.

List Collections:

  • SecLists: Large collection of various lists.
  • Leaky Paths: Lists of interesting URL paths and paths vulnerable to CVEs and misconfigurations.
  • Payloads All The Things: Extensive list of payloads and bypasses for websec.

Miscallaenous:

  • CSET: Cybersec infrastructure assessment tool made by CISA which directly includes numerous infrastrcuture security standards.
  • Hacks: Large collection of individual scripts.
  • Ghidra: Reverse engineering program designed by the NSA.
  • ImHex: Feature heavy hex editor.
  • CyberChef: Very extensive web toolkit of everything from small utilities to decryption tools created by the GCHQ.
  • John the Ripper: Advanced offline password cracker.
  • Cursed Chrome: Chrome extension that turns the victim's browser into a web proxy.
  • PHP Reverse Shell: PHP reverse shell.
  • Pi-Pwner: Pentesting suite deployer for Rasbian.
  • Fake Sandbox Artifacts: Sandbox/VM simulator to trick any malware that checks if it is running inside of a VM or not.
  • Telnet Logger: Telnet login logger.
  • Gophish: Phishing toolkit.
  • CallObfuscator: Windows API obfuscating tool.