My initial idea came from this list : http://www.nothink.org/utilities.php
I wanted to update it with my sources, I will probably continue to update and reorganize it in the future.
- Awesome lists
- Books
- Bug bounty
- Cheat sheets
- CTF
- Decoder/Packer/Unpacker
- Domain name Research / Analysis / Reputation
- Exploits and vulnerabilities
- Forensic
- Free shell
- Fun
- Generic utilities
- GNU/Linux
- Honeypots
- IP Research / Analysis / Investigation
- Leak / Defaced
- Learning / Exercises
- Lock picking
- Mail utilities
- Malicious traffic detection
- Malware / Botnet sources
- Malware analysis - Sandbox
- Malware analysis - Sandbox - Online
- Mobile
- Network
- OSINT
- OS X
- Passwords
- Penetration testing
- Port scanners
- Search engines
- Security challenges / WarGames
- Skimmer
- SSH
- SSL
- TOR
- VOIP
- VPN
- Vulnerable environments
- Web browser
- Wide Scans
- Windows
- Wireless / Radio
Name | URL |
---|---|
Android | https://github.com/ashishb/android-security-awesome |
Collection of awesome lists | https://github.com/Hack-with-Github/Awesome-Hacking π |
Honeypots | https://github.com/paralax/awesome-honeypots π |
Incident response | https://github.com/meirwah/awesome-incident-response/ π |
Indicators of compromise | https://github.com/sroberts/awesome-iocs |
Lists of lists of lists | https://github.com/t3chnoboy/awesome-awesome-awesome |
Malware analysis | https://github.com/rshipp/awesome-malware-analysis/ π |
Reversing | https://github.com/fdivrp/awesome-reversing |
Security list | https://github.com/sbilly/awesome-security |
Threat intelligence | https://github.com/hslatman/awesome-threat-intelligence |
Web | https://github.com/infoslack/awesome-web-hacking |
Name | URL |
---|---|
Free programming books | https://github.com/vhf/free-programming-books |
Recommended Reading | http://dfir.org/?q=node/8 |
Name | URL |
---|---|
Programs and write-ups | https://github.com/djadmin/awesome-bug-bounty |
Write-ups | https://github.com/ngalongc/bug-bounty-reference |
HackerOne | https://hackerone.com π |
BugCrowd.com | https://bugcrowd.com/programs |
Zerodium | https://www.zerodium.com/ |
Vul box | https://www.vulbox.com/ |
Open bug bounty | https://www.openbugbounty.org/ |
BountyFactory | https://bountyfactory.io |
Firebounty | https://firebounty.com |
Bugsheet | http://www.bugsheet.com/ |
BountySource | https://www.bountysource.com/ |
NewsLetter about bug bounty | http://bugbountyweekly.com |
Hunter edu | http://www.bountyhunteredu.org/careers/ |
https://www.google.com/about/appsecurity/reward-program/ | |
Microsoft | https://technet.microsoft.com/en-us/security/dn425036 |
More bug bounty | https://bugcrowd.com/list-of-bug-bounty-programs# |
Name | URL |
---|---|
General cheat sheets | http://www.cheat-sheets.org/ |
LFI | https://highon.coffee/blog/lfi-cheat-sheet/ |
Owasp series | https://www.owasp.org/index.php/OWASP_Cheat_Sheet_Series π |
Packet life | http://packetlife.net/library/cheat-sheets/ |
Penetration test | https://github.com/jshaw87/Cheatsheets |
Penetration test | https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/ |
Pentest monkey | http://pentestmonkey.net |
SANS Forensic | https://digital-forensics.sans.org/community/cheat-sheets |
Security Onion | https://github.com/Security-Onion-Solutions/security-onion/wiki/Cheat-Sheet |
SQL injection | http://websec.ca/kb/sql_injection |
Reverse | http://r00ted.com/cheat%20sheet%20reverse%20v5.png |
Web application | https://www.owasp.org/index.php/Web_Application_Security_Testing_Cheat_Sheet |
Zeltser's cheat sheets list | https://zeltser.com/cheat-sheets/ |
Name | URL |
---|---|
CTFTIME | https://ctftime.org/ |
Write-ups | https://github.com/ctfs |
https://www.reddit.com/r/securityctf | |
Tools list | https://github.com/Laxa/HackingTools |
Tools list | https://github.com/zardus/ctf-tools |
Tools list | https://github.com/apsdehal/awesome-ctf |
Mellivora platform | https://github.com/Nakiami/mellivora π |
Tinyctf platform | https://github.com/balidani/tinyctf-platform |
Isislab platform | https://github.com/isislab/CTFd |
Facebook platform | https://github.com/facebook/fbctf |
Name | URL |
---|---|
Code beautifier | http://codebeautify.org/ |
VB code beautifier | http://www.vbindent.com/ |
PHP formatter | http://beta.phpformatter.com/ |
PHPdecoder | http://ddecode.com/phpdecoder/ |
PHP encoding | http://yehg.net/encoding/ |
XML formatter | http://chris.photobooks.com/xml/default.htm |
JSDetox | http://www.relentless-coding.com/projects/jsdetox/ |
JSNice | http://www.jsnice.org/ |
JSUnpack | https://github.com/urule99/jsunpack-n |
JSBeautifier | http://jsbeautifier.org/ |
JavaScript Compressor | http://dean.edwards.name/packer/ |
Jjencode | http://utf-8.jp/public/jjencode.html |
JSFuck | http://www.jsfuck.com/ |
Js obfuscate | http://www.jsobfuscate.com/ |
JS deobfuscate | https://github.com/sevzero/honeybadger |
Colour higlighter | http://quickhighlighter.com/ |
URL | http://meyerweb.com/eric/tools/dencoder/ |
HEXdecoder | http://ddecode.com/hexdecoder/ |
Hackvertor (Tag based decoder/encoder) | https://hackvertor.co.uk/public |
Name | URL |
---|---|
FreeShells list | http://www.freeshells.info/ |
Devio.us OpenBSD | http://devio.us/ |
Red-pill | http://shells.red-pill.eu/ |
Will be reorganized
Name | URL |
---|---|
Awesome list - All of them ! | https://github.com/paralax/awesome-honeypots#honeypots π |
Honeynet | https://honeynet.org/project |
Live nothink | http://www.nothink.org/honeypots.php |
Name | URL |
---|---|
BGP Toolkit | http://bgp.he.net/ π |
Bing dork | ip:xxx.xxx.xxx.xxx |
Black List Alert | http://www.blacklistalert.org/ |
Black List Check | http://whatismyipaddress.com/blacklist-check/ |
Check host | http://check-host.net/ |
FireHOL IP blacklist | https://github.com/firehol/blocklist-ipsets π |
Google dork | "xxx.xxx.xxx.xxx" (replace xxx.xxx.xxx.xxx with the ip you are looking for) |
Host file | https://hosts-file.net/ |
Host tracker | https://www.host-tracker.com/ |
IP in detail | http://ipindetail.com/ip-blacklist-checker |
IP void | http://www.ipvoid.com/ π |
IPv4 info | http://ipv4info.com/ π |
Multi RBL | http://multirbl.valli.org/lookup/ ππ |
Nirsoft country IP | http://www.nirsoft.net/countryip/ |
Project Honeypot | https://www.projecthoneypot.org/search_ip.php |
Spamhaus | https://www.spamhaus.org/lookup/ |
TCP utils | http://www.tcpiputils.com/ |
Virus total | https://www.virustotal.com/en/ip-address/xxx.xxx.xxx.xxx/information/ |
Whatch Guard | http://www.reputationauthority.org/ |
Name | URL |
---|---|
Breach alarm | https://breachalarm.com/ |
Cam | http://www.insecam.org/ |
Hacked emails | https://hacked-emails.com/ |
Have I been pwned | https://haveibeenpwned.com/ |
Isithacked | http://www.isithacked.com |
Leakedin | http://www.leakedin.com/ |
Siph0n | https://twitter.com/datasiph0n |
Zone-H | https://zone-h.org/ |
Name | URL |
---|---|
Awesome training | http://opensecuritytraining.info/Training.html π π |
Cybrary training | https://www.cybrary.it/ |
Essential basics | https://github.com/alex/what-happens-when π π |
Exploits | https://exploit-exercises.com/ |
Exploits | https://thesprawl.org/research/ |
F-Secure training | http://mooc.fi/courses/2016/cybersecurity/ |
Malware Analysis course | https://github.com/RPISEC/Malware π |
Malware traffic training | http://www.malware-traffic-analysis.net/training-exercises.html π |
Network - Forensic | https://www.honeynet.org/node/504 |
Practical analysis | https://practicalmalwareanalysis.com/labs/ |
Reverse - Malware | http://fumalwareanalysis.blogspot.se/p/malware-analysis-tutorials-reverse.html |
Security courses | https://bitvijays.github.io/ π |
Security talks | https://github.com/PaulSec/awesome-sec-talks π |
Name | URL |
---|---|
Lock pick guide | http://lockpickguide.com π |
Bosnianbill video | https://www.youtube.com/user/bosnianbill/videos :1: |
Lock lab | https://lock-lab.com/ |
Lock wiki | http://www.lockwiki.com/ |
Name | URL |
---|---|
APK Analzyer | http://www.apk-analyzer.net/ |
Droid Sec wiki | http://www.droidsec.org/wiki/ |
Joebox Cloud | https://jbxcloud.joesecurity.org/login |
Mobi sec lab | http://akana.mobiseclab.org/ |
Mobile security wiki | https://mobilesecuritywiki.com/ π |
OWASP Goat Droid | https://www.owasp.org/index.php/Projects/OWASP_GoatDroid_Project |
Tracedroid | http://tracedroid.few.vu.nl |
Wiki secmobi | https://github.com/secmobi/wiki.secmobi.com π |
Name | URL |
---|---|
Awesome OSX & IOS sec list | https://github.com/ashishb/osx-and-ios-security-awesome |
OSX auditor | https://github.com/jipegit/OSXAuditor |
OWASP iGoat Project | https://www.owasp.org/index.php/OWASP_iGoat_Project |
Security and privacy guide | https://github.com/drduh/OS-X-Security-and-Privacy-Guide |
Name | URL |
---|---|
Masscan | https://github.com/robertdavidgraham/masscan |
Nmap | https://nmap.org/7/ |
Zmap | https://zmap.io/ |
Zgrab | https://github.com/zmap/zgrab (Banner Grabber) |
Nscan | https://github.com/OffensivePython/Nscan |
Scanrand | https://www.sans.org/security-resources/idfaq/scanrand.php |
PFRing | https://github.com/ntop/PF_RING - High-speed packet processing framework |
Name | URL |
---|---|
ZoomEye | https://zoomeye.org/ π |
Shodan | https://www.shodan.io/ |
Censys | https://censys.io/ |
Gegereka | http://gegereka.com/ (not always up) |
https://www.google.com/advanced_search | |
Google dorks | https://gist.github.com/zbetcheckin/04e6a5d7f2d5ef8cfa3c298701f47f9c |
List of search engines | https://en.wikipedia.org/wiki/List_of_search_engines |
Threat crowd | https://www.threatcrowd.org/ |
Name | URL |
---|---|
Skimmer source from Krebs | https://krebsonsecurity.com/all-about-skimmers/ |
Great reverse engineering on skimmer | https://trustfoundry.net/reverse-engineering-a-discovered-atm-skimmer/ |
Name | URL |
---|---|
Bruteforce know hosts | https://github.com/Churro/bruteforce-known-hosts |
OpenSSH guidelines | https://wiki.mozilla.org/Security/Guidelines/OpenSSH |
SSH audit | https://github.com/arthepsy/ssh-audit.git |
SSH audit online | https://sshcheck.com |
Who's there | https://github.com/FiloSottile/whosthere |
Name | URL |
---|---|
Certificate search | https://crt.sh |
Bad SSL | https://github.com/chromium/badssl.com |
Htbridge - Online analysis | https://www.htbridge.com/ssl/ |
Mozilla SSL Configuration Generator | https://mozilla.github.io/server-side-tls/ssl-config-generator/ |
Observatory by Mozilla - Online analysis | https://observatory.mozilla.org/ ππ |
O-Saft - Tools | https://www.owasp.org/index.php/O-Saft |
OWASP tests - Procedure | https://www.owasp.org/index.php/Testing_for_Weak_SSL/TLS_Ciphers |
Qualys SSL Labs - Online analysis | https://www.ssllabs.com/ssltest/ |
SSLscan - Tools | https://github.com/rbsec/sslscan |
SSLyze - Tools | https://github.com/iSECPartners/sslyze |
Symantec report - Online analysis | https://cryptoreport.websecurity.symantec.com/checker/ |
Testssl.sh - Tools | https://github.com/drwetter/testssl.sh π |
Name | URL |
---|---|
Penetration test | http://0daysecurity.com/penetration-testing/VoIP-security.html |
Penetration test | http://www.backtrack-linux.org/wiki/index.php/Pentesting_VOIP |
Name | URL |
---|---|
Open VPN | https://github.com/OpenVPN |
Comparison | https://thatoneprivacysite.net/vpn-comparison-chart/ |
Location test | https://www.dnsleaktest.com/ |
Location test | https://ipleak.net/ |
Name | URL |
---|---|
Owasp list | https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project/Pages/Offline |
Owasp BWA | https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project |
DVWA | http://www.dvwa.co.uk/ |
WebGoat | http://code.google.com/p/webgoat |
Metasploitable 3 | https://github.com/rapid7/metasploitable3/wiki |
Vulnerable systems list | https://www.amanhardikar.com/mindmaps/Practice.html π |
VulnHub | http://vulnhub.com/ |
LampSecurity | http://sourceforge.net/projects/lampsecurity/ |
Dragon | https://www.dragonresearchgroup.org/challenges/ |
Hackademic-RTB1 | http://www.aldeid.com/wiki/Hackademic-RTB1 |
Moth | http://www.bonsai-sec.com |
Peruggia | http://sourceforge.net/projects/peruggia/ |
XSS play ground | http://xssplayground.net23.net/ |
Name | URL |
---|---|
Amiunique project | https://github.com/DIVERSIFY-project/amiunique |
Browser exploit | https://github.com/julienbedard/browsersploit |
Browser info | http://www.browser-info.net/ |
Browser leaks | https://www.browserleaks.com/ |
Browser recommendations | https://gist.github.com/atcuno/3425484ac5cce5298932 π |
Browserling | https://www.browserling.com/ |
Fingerprint | https://amiunique.org/ |
Fingerprint | https://panopticlick.eff.org/ |
Flash | http://isflashinstalled.com/ |
Referer | https://www.whatismyreferer.com/ |
SSL | https://www.ssllabs.com/ssltest/viewMyClient.html |
URL Shorter List | https://bit.do/list-of-url-shorteners.php |
User agent | http://useragentstring.com/pages/useragentstring.php |
User agent | http://whatsmyuseragent.com/ |
User agent | https://www.projecthoneypot.org/robot_useragents.php |
User agent | https://www.whatismybrowser.com/developers/tools/user-agent-parser/browse |
Name | URL |
---|---|
Anti forensic Windows | https://www.reddit.com/r/security/comments/32fb1l/open_guide_to_scrubbing_windows_oss_from_forensic/ |
Windows executable walkthrough | https://i.imgur.com/pHjcI.png |
Windows exploitation | https://github.com/enddo/awesome-windows-exploitation |
Windows hardening | https://github.com/PaulSec/awesome-windows-domain-hardening |
Name | URL |
---|---|
Scans.io | https://scans.io/ |
Rapid7 Sonar Labs | https://sonar.labs.rapid7.com/ |
Similar projects | https://github.com/rapid7/sonar/wiki/Similar-Projects |
Defcon conference | https://defcon.org/ |
Blackhat conference | https://www.blackhat.com/ |
Name | URL |
---|---|
Awesome wifi tools list | https://github.com/0x90/wifi-arsenal |
Penetration test | http://0daysecurity.com/penetration-testing/wireless-penetration.html |
Great wifi map | https://wigle.net/ |
RFSec-ToolKit | https://github.com/cn0xroot/RFSec-ToolKit |
RTL-SDR | http://www.rtl-sdr.com/ |
Wireless in airports | https://www.google.com/maps/d/viewer?mid=1Z1dI8hoBZSJNWFx2xr_MMxSxSxY |