Thanks to visit codestin.com
Credit goes to github.com

Skip to content

zbetcheckin/Security_list

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

148 Commits
README.md
README.md
Β 
Β 

Repository files navigation

Security list for fun and profit

Inspired by http://www.nothink.org/utilities.php

Table of Contents

Awesome lists πŸ‘

Name URL
Android https://github.com/ashishb/android-security-awesome
Curated list of awesome lists https://github.com/sindresorhus/awesome ⭐
Fuzzing https://github.com/secfigo/Awesome-Fuzzing
Hacking list https://github.com/Hack-with-Github/Awesome-Hacking ⭐⭐⭐
Honeypots https://github.com/paralax/awesome-honeypots ⭐
Incident response https://github.com/meirwah/awesome-incident-response/ ⭐⭐
Indicators of compromise https://github.com/sroberts/awesome-iocs
Info sec https://github.com/rmusser01/Infosec_Reference
Malware analysis https://github.com/rshipp/awesome-malware-analysis/ ⭐⭐⭐
Personal Security https://github.com/Lissy93/personal-security-checklist
Red team https://github.com/yeyintminthuhtut/Awesome-Red-Teaming
Reversing https://github.com/fdivrp/awesome-reversing
Security https://github.com/sbilly/awesome-security
Threat intelligence https://github.com/hslatman/awesome-threat-intelligence
Web https://github.com/qazbnm456/awesome-web-security/ https://github.com/infoslack/awesome-web-hacking

Books πŸ“š

Name URL
Free programming books https://github.com/EbookFoundation/free-programming-books
Recommended Reading http://dfir.org/?q=node/8

Bug bounty 🍫

Name URL
Bounty factory https://bountyfactory.io
Bugcrowd https://bugcrowd.com/programs
Google https://www.google.com/about/appsecurity/reward-program/
HackerOne https://hackerone.com ⭐
List of bug bounty https://www.bugcrowd.com/bug-bounty-list/
Microsoft https://technet.microsoft.com/en-us/security/dn425036
Open bug bounty https://www.openbugbounty.org/
Programs and write-ups https://github.com/djadmin/awesome-bug-bounty
Write-ups https://github.com/ngalongc/bug-bounty-reference
Zerodium https://www.zerodium.com/ πŸ’°:trollface:

Cheat sheets πŸ‘

Name URL
General cheat sheets http://www.cheat-sheets.org/ ⭐
Owasp series https://github.com/OWASP/CheatSheetSeries ⭐⭐
Packet life http://packetlife.net/library/cheat-sheets/
Penetration test https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/
Pentest monkey http://pentestmonkey.net
SANS Forensic https://digital-forensics.sans.org/community/cheat-sheets
Security Onion https://github.com/Security-Onion-Solutions/security-onion/wiki/Cheat-Sheet
Zeltser's cheat sheets list https://zeltser.com/cheat-sheets/

CTF 🚩

Name URL
Awesome CTF https://github.com/apsdehal/awesome-ctf ⭐⭐
CTFd platform https://github.com/CTFd/CTFd ⭐
CTF PAD https://github.com/StratumAuhuur/CTFPad
CTF TIME https://ctftime.org/
Mellivora platform https://github.com/Nakiami/mellivora ⭐
Platform list https://github.com/We5ter/Awesome-Platforms/blob/master/CTF-Platforms.md
Reddit https://www.reddit.com/r/securityctf
Tools list https://github.com/Laxa/HackingTools
Tools list https://github.com/zardus/ctf-tools
Write-ups https://github.com/ctfs

Decoder/Converter/Beautifier :hurtrealbad:

Name URL
Code beautifier http://codebeautify.org/
Converter https://github.com/koczkatamas/koczkatamas.github.io
Cyber Chef https://gchq.github.io/CyberChef/ 🍴⭐⭐⭐
JSUnpack https://github.com/urule99/jsunpack-n
JSBeautifier http://jsbeautifier.org/ ⭐
Jjencode http://utf-8.jp/public/jjencode.html
JS deobfuscate https://github.com/sevzero/honeybadger
VB code beautifier http://www.vbindent.com/

Domain name Research / Analysis / Reputation πŸ“‰

Name URL
Archive https://archive.is/
Archive https://web.archive.org/ ⭐
BGP Toolkit http://bgp.he.net/ ⭐
Biggest DNS history https://securitytrails.com/list/ip/$IP ⭐
Cache page http://www.cachedpages.com/
Cache view http://cachedview.com/
Checking multiple blocklists http://rbls.org/ ⭐
DGA intro https://en.wikipedia.org/wiki/Domain_generation_algorithm
DNS Blacklists https://raw.githubusercontent.com/zbetcheckin/DNSBLs/master/active_dnsbls.txt
DNS dumpster https://dnsdumpster.com/
DNS Propagation Checker https://www.whatsmydns.net/
DNS stuff http://www.dnsstuff.com/
Domain analysis list https://github.com/rshipp/awesome-malware-analysis/#domain-analysis
Domain hijacking intro https://en.wikipedia.org/wiki/Domain_hijacking
Expired domain https://www.expireddomains.net/backorder-expired-domains/
Google https://www.google.com/transparencyreport/safebrowsing/diagnostic/
Into dns http://www.intodns.com/
Multi RBL http://multirbl.valli.org/lookup/ ⭐
MXToolBox https://mxtoolbox.com/SuperTool.aspx#
Netcraft http://www.netcraft.com/
Reverse Whois https://reversewhois.domaintools.com/
Robtex https://www.robtex.com/dns/
Sucuri http://sitecheck.sucuri.net/scanner/
TCP utils http://www.tcpiputils.com/
Threat log http://www.threatlog.com/
Threat miner https://www.threatminer.org/
Top-Level Domains list https://data.iana.org/TLD/tlds-alpha-by-domain.txt ⭐
Trusted source http://www.trustedsource.org/
URL Query http://urlquery.net/ ⭐
URL scan https://urlscan.io/ ⭐
URL shorter list https://mirror1.malwaredomains.com/files/url_shorteners.txt
URL Void http://www.urlvoid.com/
Virus total https://www.virustotal.com/#url
Whois - ARIN https://whois.arin.net/
Whois - LACNIC http://lacnic.net/cgi-bin/lacnic/whois
Whois - RIPE NCC https://apps.db.ripe.net/search/query.html
Whois - AFRINIC http://www.afrinic.net/fr/services/whois-query
Whois - APNIC http://wq.apnic.net/apnic-bin/whois.pl
Whois by registrant name http://viewdns.info/reversewhois/
Zeltser's list https://zeltser.com/lookup-malicious-websites/

Exploits and vulnerabilities πŸšͺ

Name URL
CVEdetails http://www.cvedetails.com/ ⭐
CVE.mitre https://cve.mitre.org/ ⭐
Full disclosure http://seclists.org/fulldisclosure/
See bug https://www.seebug.org/ ⭐
CXSecurity https://cxsecurity.com/ ⭐
Inj3ct0r http://0day.today/
Packet Storm https://packetstormsecurity.com/files/tags/exploit/
Exploit-db http://www.exploit-db.com
Vulnerability-lab http://www.vulnerability-lab.com/
Vulndb https://vuldb.com/?archive.2016
Vulners https://vulners.com/search?query=order:published
Backdoor - TCP-32764 https://github.com/elvanderb/TCP-32764
Rapid7 DB https://www.rapid7.com/db/modules/
NIST http://web.nvd.nist.gov/
Security focus http://www.securityfocus.com/vulnerabilities
Country compatibility https://cve.mitre.org/compatible/country.html
Mailing list https://nmap.org/mailman/listinfo/fulldisclosure
Mail received http://lists.openwall.net/full-disclosure/2016/
Mailing list http://seclists.org/
Mailing list https://lists.debian.org/debian-security-announce/
CVSS FIRST https://www.first.org/cvss/calculator/3.0
CVSS NIST https://nvd.nist.gov/cvss/v3-calculator

Forensic πŸ”

Name URL
Aldeid list https://www.aldeid.com/wiki/Category:Digital-Forensics
Awesome forensic https://github.com/Cugu/awesome-forensics
CFReDS http://www.cfreds.nist.gov/ ⭐
DFRWS challenge http://www.dfrws.org/dfrws-forensic-challenge-2016
File signatures https://en.wikipedia.org/wiki/List_of_file_signatures
File signatures http://www.filesignatures.net/index.php?page=all
File signatures http://www.garykessler.net/library/file_sigs.html
Forensic kb practical http://www.forensickb.com/2008/01/forensic-practical.html
Forensic tools https://forensics.cert.org/
Forensic - Technical graph http://www.amanhardikar.com/mindmaps/ForensicChallenges.html
Learn with David Cowen https://www.youtube.com/channel/UCZ7mQV3j4GNX-LU1IKPVQZg
Package - DEFT http://www.deftlinux.net/package-list/
Package - forensic-all https://packages.debian.org/stretch/forensics-all ⭐⭐
Testing Images http://dftt.sourceforge.net/
Tools - DFIR http://www.dfir.training/index.php/tools/ ⭐
Tools - Forensics wiki http://forensicswiki.org/wiki/Tools
Tools - NIST https://toolcatalog.nist.gov/taxonomy/index.php
Windows tools https://ericzimmerman.github.io/
Windows tools list http://forensic-proof.com/tools
Windows Artifact https://blogs.sans.org/computer-forensics/
Write blocker http://www.cftt.nist.gov/software_write_block.htm
Write blocker https://github.com/msuhanov/Linux-write-blocker
Zythom list https://zythom.blogspot.se/2007/02/les-outils-dun-expert-judiciaire.html πŸ‡«πŸ‡·

Free shell 🐚

Name URL
FreeShells list http://www.freeshells.info/
Red-pill http://shells.red-pill.eu/

Fun :trollface:

Name URL
Akamai map https://www.akamai.com/us/en/resources/visualizing-akamai/real-time-web-monitor.jsp 🌎
BGP stream https://bgpstream.com/ 🌎
Bitdefender map https://threatmap.bitdefender.com/ 🌎
Blueliv map https://community.blueliv.com/map/ 🌎
Checkpoint map https://threatmap.checkpoint.com/ 🌎
DDoS attacks http://www.digitalattackmap.com/ :trollface:
Dead drops https://deaddrops.com/db/ πŸ’ΎπŸ’€
Dshield map https://dshield.org/threatmap.html 🌎
Eset map http://www.virusradar.com/ 🌎
Fire eye map https://www.fireeye.com/cyber-map/threat-map.html 🌎
Flight radar https://www.flightradar24.com ✈️
Fortinet map https://threatmap.fortiguard.com/ 🌎
HE maps https://he.net/3d-map/ 🌎
Kaspersky AV map https://cybermap.kaspersky.com/ 🌎
Kaspersky map https://apt.securelist.com/ 🌎
Mozilla location service map https://location.services.mozilla.com/map 🌎
Open IP video cameras http://www.insecam.org/ πŸ“ΉπŸ™ˆ
Pwnie Awards http://pwnies.com/nominations/ 🐴
Sub marine cable http://www.submarinecablemap.com/ βš“
Sub marine cable http://submarine-cable-map-2016.telegeography.com/ βš“
Sub marine cable http://lifewinning.com/submarine-cable-taps/ βš“
Threat butt https://threatbutt.com/map/ 🌎🀑
Tor flow map https://torflow.uncharted.software 🌎
Trendmicro map https://botnet-cd.trendmicro.com/ 🌎
World of VNC https://worldofvnc.net/ πŸŽ…

Generic utilities πŸ“

Will be reorganized

Name URL
Abuse Contact DB https://www.abusix.com/contactdb πŸ“•
CERT teams https://www.first.org/about/organization/teams
Citizen lab https://citizenlab.org/
Code analysises https://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis
Codepad http://codepad.org/
Crypto currency https://coinmarketcap.com
Deepweb https://www.reddit.com/r/deepweb/
Electronic Frontier Foundation https://www.eff.org/
Face generator https://www.thispersondoesnotexist.com/
Fake ID http://www.fakenamegenerator.com/
Hackforum http://hackforums.net/ :trollface:
Hardened BSD https://hardenedbsd.org/content/easy-feature-comparison
Hashes example https://hashcat.net/wiki/doku.php?id=example_hashes
Mibbit http://www.mibbit.com/
Microsoft threat http://www.microsoft.com/security
MIME types https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types/Complete_list_of_MIME_types
MIME types https://slick.pl/kb/htaccess/complete-list-mime-types/
MIME types https://www.iana.org/assignments/media-types/media-types.xhtml ⭐
Mindmaps http://www.amanhardikar.com/mindmaps.html ⭐⭐⭐
Random data generator http://www.mockaroo.com/
Sans http://isc.sans.edu/diary/ ⭐⭐
Security wiki http://oss-security.openwall.org/wiki/
Understand your commands https://explainshell.com/ ⭐

GNU/Linux

Name URL
Chkrootkit https://packages.debian.org/en/jessie/chkrootkit
Command collection https://github.com/tuwid/GNU-Linux-OpsWiki
Debsecan https://packages.debian.org/en/jessie/debsecan
GNU/Linux containers https://github.com/Friz-zy/awesome-linux-containers#security
GNU/Linux executable walkthrough https://i.imgur.com/q5nyHp7.png
GNU/Linux post exploitation https://github.com/mubix/post-exploitation/wiki/Linux-Post-Exploitation-Command-List ⭐
GNU/Linux workstation https://github.com/lfit/itpol/blob/master/linux-workstation-security.md ⭐⭐
Kernel exploitation https://github.com/xairy/linux-kernel-exploitation
Lynis https://packages.debian.org/en/jessie/lynis
RE 101 https://github.com/michalmalik/linux-re-101
RKhunter https://packages.debian.org/en/jessie/rkhunter ⭐
Securing debian https://www.debian.org/doc/manuals/securing-debian-howto/ch10.en.html ⭐
Vulnerability scanner https://github.com/future-architect/vuls

Honeypots 🍯

Name URL
Awesome list - All of them ! https://github.com/paralax/awesome-honeypots#honeypots ⭐⭐
Honeynet https://honeynet.org/project
Live nothink http://www.nothink.org/honeypots.php

IP Research / Analysis / Investigation

Name URL
Abuse IP DB https://www.abuseipdb.com/
BGP Toolkit http://bgp.he.net/ ⭐
Bing dork ip:$IP
Black List Alert http://www.blacklistalert.org/
Black List Check http://whatismyipaddress.com/blacklist-check/
Check host http://check-host.net/
FireHOL IP list https://github.com/firehol/blocklist-ipsets ⭐
Google dork "$IP"
Host file https://hosts-file.net/
IP void http://www.ipvoid.com/
Multi RBL http://multirbl.valli.org/lookup/ ⭐
Nirsoft country IP http://www.nirsoft.net/countryip/
Project Honeypot https://www.projecthoneypot.org/search_ip.php
RIPE stat https://stat.ripe.net/
Spamhaus https://www.spamhaus.org/lookup/
Virus total https://www.virustotal.com/gui/search/$IP
Whatch Guard http://www.reputationauthority.org/

Leak / Defaced πŸš‘

Name URL
Biggest db leaks https://cdn.databases.today/
Breach alarm https://breachalarm.com/
Darknet leaks https://darknetleaks.ru/archive/leaked/dumps/
Hacked emails https://hacked-emails.com/
Have I been pwned https://haveibeenpwned.com/
Isithacked http://www.isithacked.com
Leakedin http://www.leakedin.com/
Siph0n https://twitter.com/datasiph0n
Zone-H https://zone-h.org/

Learning / Exercises πŸŽ“

Name URL
Awesome training http://opensecuritytraining.info/Training.html ⭐⭐
Cybrary training https://www.cybrary.it/
Essential basics https://github.com/alex/what-happens-when ⭐⭐
Exploits https://thesprawl.org/research/
F-Secure training https://moocfi.github.io/courses/2017/cybersecurity/
Malware Analysis course https://github.com/RPISEC/Malware ⭐⭐
Malware traffic training http://www.malware-traffic-analysis.net/training-exercises.html ⭐
Practical analysis https://practicalmalwareanalysis.com/labs/
Reverse - Malware http://fumalwareanalysis.blogspot.se/p/malware-analysis-tutorials-reverse.html
Security courses https://bitvijays.github.io/ ⭐
Security training https://github.com/rmusser01/Infosec_Reference/blob/master/Draft/Courses_Training.md
Security talks https://github.com/PaulSec/awesome-sec-talks ⭐

Lock picking πŸ”

Name URL
Awesome lockpicking https://github.com/meitar/awesome-lockpicking
Lock pick guide http://lockpickguide.com ⭐
Bosnianbill video https://www.youtube.com/user/bosnianbill/videos ⭐
Lock lab https://lock-lab.com/
Lock wiki http://www.lockwiki.com/

Mail utilities πŸ“¬

Name URL
10 Minute Mail http://10minutemail.com
DNSBL https://en.wikipedia.org/wiki/DNSBL
DKIM validator http://dkimvalidator.com/
Email recon https://github.com/laramies/theHarvester
Get air mail http://en.getairmail.com/
Google Phishing quiz https://phishingquiz.withgoogle.com/ β­πŸ“§πŸ“Š
Gophish https://github.com/gophish/gophish
Mailinator https://www.mailinator.com/ # https://gist.github.com/nocturnalgeek/1b8fa44283314544c487
Mailnesia http://mailnesia.com/
Mailcatch http://mailcatch.com/
Mxtoolbox http://www.mxtoolbox.com/
Open phish https://openphish.com/ ⭐
Openresolver JP http://www.openresolver.jp/en/
Phishing Framework https://github.com/pentestgeek/phishing-frenzy
Phish tank http://www.phishtank.com/ ⭐
SimplyEmail https://github.com/killswitch-GUI/SimplyEmail
Spam DB http://www.dnsbl.info/dnsbl-database-check.php
Spam encode secret http://spammimic.com/encode.cgi
SpeedPhish Framework https://github.com/tatanus/SPF
Yop mail http://www.yopmail.com/

Malicious traffic detection 🚦

Name URL
10 strategies cyber ops center pr-13-1028-mitre-10-strategies-cyber-ops-center.pdf
Awesome threat detection https://github.com/0x4D31/awesome-threat-detection
Maltrail https://github.com/stamparm/maltrail
Packetbeat https://www.elastic.co/products/beats/packetbeat
p0f http://lcamtuf.coredump.cx/p0f3/
Tsusen https://github.com/stamparm/tsusen

Malware / Botnet sources πŸ‘Ό

Name URL
0btemoslab tracker http://tracker.0btemoslab.com/
Abuse CH https://www.abuse.ch/
Benkow.cc tracker http://benkow.cc/
Botnet.fr https://www.botnets.fr/wiki/Main_Page
Clean MX http://support.clean-mx.de/clean-mx/viruses.php
Contagio http://contagiodump.blogspot.se/
Custom Google search engine https://cse.google.com/cse/home?cx=011750002002865445766%3Apc60zx1rliu (from Corey Harrell)
Cybercrime tracker http://cybercrime-tracker.net/
Dont need coffee http://malware.dontneedcoffee.com/
Exposed Botnets http://www.exposedbotnets.com/
H3X tracker http://tracker.h3x.eu/
Malc0de http://malc0de.com/database/
No more ransom https://www.nomoreransom.org/
Kernel mode http://www.kernelmode.info
Malware domain list http://www.malwaredomainlist.com
Malware domain blocklist http://www.malwaredomains.com
Malware museum https://archive.org/details/malwaremuseum
Malware src https://malwares.github.io/
Malware.lu https://malware.lu/
Mirai tracker https://mirai.security.gives/
MISP https://github.com/MISP/MISP
Ransomware overview https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml#
Ransomware simulator https://shinolocker.com/
Ransomware tracker https://ransomwaretracker.abuse.ch/tracker/
SafeGroup http://www.malware.pl/ - https://www.scumware.org/
Structured Threat Information eXpression https://stixproject.github.io/
The Zoo aka Malware DB https://ytisf.github.io/theZoo/
Total hash https://totalhash.cymru.com/
VirusBay https://beta.virusbay.io/
VirusShare https://virusshare.com/
VX Vault http://vxvault.net/
Yararules https://github.com/Yara-Rules/rules
ZeuS Tracker https://zeustracker.abuse.ch

Malware analysis - Sandbox 😷

Name URL
Zeltser's list https://zeltser.com/automated-malware-analysis/
Cuckoo Sandbox https://www.cuckoosandbox.org/
Mastiff https://github.com/KoreLogicSecurity/mastiff
Fastir https://github.com/SekoiaLab/Fastir_Collector
SysAnalyser https://github.com/dzzie/SysAnalyzer
Viper https://github.com/viper-framework/viper
REMnux http://zeltser.com/remnux/
Zeltser analysis http://zeltser.com/reverse-malware/automated-malware-analysis.html
Manalyze https://github.com/JusticeRage/Manalyze
Quarkslab IRMA http://irma.quarkslab.com/
Dorothy2 https://github.com/m4rco-/dorothy2
F-Secure see https://github.com/F-Secure/see
Noriben https://github.com/Rurik/Noriben
Malheur https://github.com/rieck/malheur
Drakvuf https://github.com/tklengyel/drakvuf
Zero Wine Tryouts http://zerowine-tryout.sourceforge.net/
RFI sandbox https://monkey.org/~jose/software/rfi-sandbox/
Malwasm https://github.com/malwarelu/malwasm

Malware analysis - Sandbox - Online 😷

Name URL
Any.run https://any.run/
AVcaesar https://avcaesar.malware.lu/
Cape https://cape.contextis.com/
Comodo https://cit.valkyrie.comodo.com/
Hybrid analysis https://www.hybrid-analysis.com/
ID Ransomware https://id-ransomware.malwarehunterteam.com/
Jotti http://virusscan.jotti.org/it
Joe sandbox https://www.joesandbox.com/
Malwareconfig http://malwareconfig.com/
Malware tracker http://www.cryptam.com/
Malwr - Cuckoo https://malwr.com/
Other list http://cleanbytes.net/malware-online-scanners
PDF examiner http://www.pdfexaminer.com/
PE dump https://github.com/zed-0xff/pedump
Randomly changes Win32/64 PE Files https://github.com/secretsquirrel/recomposer
ViCheck https://www.vicheck.ca/
Virscan http://www.virscan.org/
VirusTotal http://www.virustotal.com/
Virus Total Notifier https://github.com/mubix/vt-notify

Mobile πŸ“±

Name URL
APK Analzyer http://www.apk-analyzer.net/
Droid Sec wiki http://www.droidsec.org/wiki/
Joebox Cloud https://jbxcloud.joesecurity.org/login
Mobile security wiki https://mobilesecuritywiki.com/ ⭐
OWASP Goat Droid https://www.owasp.org/index.php/Projects/OWASP_GoatDroid_Project
Sand droid http://sanddroid.xjtu.edu.cn
Wiki secmobi https://github.com/secmobi/wiki.secmobi.com πŸ†

Network

Name URL
Awesome PCAP https://github.com/caesar0301/awesome-pcaptools ⭐
BGPlay https://stat.ripe.net/widget/bgplay ⭐
GNU/Linux monitoring https://blog.serverdensity.com/80-linux-monitoring-tools-know/
MAC address block http://standards-oui.ieee.org/oui/oui.txt
MAC find http://www.coffer.com/mac_find/
MAC find http://hwaddress.com
Packet total http://www.packettotal.com/
Ping.eu http://ping.eu/
Project honeypot https://www.projecthoneypot.org/
Protocol Numbers http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
Publicly PCAP files http://www.netresec.com/?page=PcapFiles
Service Port Number Registry https://www.iana.org/assignments/service-names-port-numbers/ ⭐⭐
Service Port Number Registry https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
Subnet calculator http://www.subnet-calculator.com/cidr.php
Subnet calculator http://www.subnetonline.com/pages/subnet-calculators.php
Security Onion tools https://github.com/Security-Onion-Solutions/security-onion/wiki/Tools

OSINT

Name URL
Osint list https://github.com/jivoi/awesome-osint ⭐
List of social network https://en.wikipedia.org/wiki/List_of_social_networking_websites ⭐
Reddit https://www.reddit.com/r/SocialEngineering/
Maltego https://www.paterva.com/
Hunter https://hunter.io/
Pipl https://pipl.com/
Peek you Β http://www.peekyou.com/
Lullar http://com.lullar.com/
Lakako http://www.lakako.com/
Yasni http://www.yasni.com/
User search https://usersearch.org/
Google https://www.google.com/advanced_search
Google dorks intext:lastName firstName
Google dorks insubject:lastName firstName
Google dorks `intext:lastName firstName filetype:pdf
Google Scraper https://github.com/NikolaiT/GoogleScraper
Bing https://www.bing.com/
Bing dorks lastName firstName (filetype:doc OR filetype:ppt OR filetype:pps OR filetype:xls OR filetype:docx OR filetype:pptx OR filetype:ppsx OR filetype:xlsx OR filetype:sxw OR filetype:sxc OR filetype:sxi OR filetype:odt OR filetype:ods OR filetype:odg OR filetype:odp OR filetype:pdf OR filetype:wpd OR filetype:svg OR filetype:svgz OR filetype:indd OR filetype:rdp OR filetype:ica)
Yahoo https://search.yahoo.com/
Duck duck go https://duckduckgo.com/
Yandex https://www.yandex.com/
Exa lead http://www.exalead.com
Osint stalker https://github.com/milo2012/osintstalker
Speed phish framework https://github.com/tatanus/SPF
Browser exploitation framework https://github.com/beefproject/beef
The harvester https://github.com/laramies/theHarvester
Meta goofil https://github.com/laramies/metagoofil

OS X

Name URL
Awesome OSX & IOS sec list https://github.com/ashishb/osx-and-ios-security-awesome
OSX auditor https://github.com/jipegit/OSXAuditor
OWASP iGoat Project https://www.owasp.org/index.php/OWASP_iGoat_Project
Security and privacy guide https://github.com/drduh/OS-X-Security-and-Privacy-Guide
stronghold - Easily configure MacOS security settings from the terminal. https://github.com/alichtman/stronghold

Passwords πŸ”‘

Name URL
CrackStation https://crackstation.net/buy-crackstation-wordlist-password-cracking-dictionary.htm
Default password https://default-password.info/
Default password https://cirt.net/passwords
Default password http://www.defaultpassword.com/
Default password http://www.defaultpassword.us/
Default cameras password https://github.com/jeanphorn/wordlist/blob/master/README.md
Default password thc-hydra https://github.com/vanhauser-thc/thc-hydra/blob/master/dpl4hydra_full.csv
Dafault router password http://www.cleancss.com/router-default/
Default router password https://github.com/jeanphorn/wordlist/blob/master/router_default_password.md
Default VoIP password https://github.com/netbiosX/Default-Credentials/blob/master/VoIP-Default-Password-List.mdown
Fun secure password checker https://password.kaspersky.com/
Hashcat WIKI https://hashcat.net/wiki/
Multiple dictionary https://github.com/danielmiessler/SecLists/tree/master/Passwords
Multiple dictionary https://github.com/duyetdev/bruteforce-database
Online CrackStation https://crackstation.net
Online Hask Killer https://hashkiller.co.uk
Online Hash crack http://www.onlinehashcrack.com/
Online MD5 and SHA1 db http://hashtoolkit.com/
OpenWall http://www.openwall.com/passwords/wordlists/ or ftp://ftp.openwall.com/pub/wordlists/
Outpost9 http://www.outpost9.com/files/WordLists.html
Packets storm https://packetstormsecurity.com/Crackers/wordlists/
Password research http://www.passwordresearch.com/
Programming - Secure Password Storage https://paragonie.com/blog/2016/02/how-safely-store-password-in-2016
SecLists https://github.com/danielmiessler/SecLists/tree/master/Passwords
Skull security https://wiki.skullsecurity.org/Passwords
SSH dictionary https://github.com/droope/pwlist

Penetration testing πŸ”§

Name URL
Awesome pentest https://github.com/enaqx/awesome-pentest
Awesome WAF https://github.com/0xInfection/Awesome-WAF
Footprinting - Procedure & tools http://www.0daysecurity.com/penetration-testing/network-footprinting.html
GNU/Linux privilege escalation https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/ ⭐
Informaion gathering - Tools http://www.w4rri0r.com/hacking-tools-windows-os-x-linux-android-solaris-unixware/information-gathering.html
IppSec channel https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA
Organization of the Standard http://www.pentest-standard.org/index.php/Main_Page ⭐
Owasp - Check list https://www.owasp.org/index.php/Testing_Checklist
Owasp testing guide https://www.owasp.org/images/1/19/OTGv4.pdf ⭐⭐
Owasp - tools https://www.owasp.org/index.php/Category:OWASP_Tool
Public pentest reports https://github.com/juliocesarfort/public-pentesting-reports ⭐
Python tools for pentest https://github.com/dloss/python-pentest-tools
Report sample https://www.offensive-security.com/reports/sample-penetration-testing-report.pdf
Reverse engineering http://wiki.yobi.be/wiki/Reverse-Engineering
SANS Penetration Testing http://pen-testing.sans.org
Services enumeration http://www.0daysecurity.com/penetration-testing/enumeration.html ⭐
Tools - BlackArch list https://blackarch.org/tools.html
Tools - Great list http://wiki.yobi.be/wiki/Table_of_contents#Security
Tools - Kali list http://tools.kali.org/tools-listing
Web http://www.w4rri0r.com/hacking-tools-windows-os-x-linux-android-solaris-unixware/web-application-analysis.html
Web vulnerabilities http://www.w4rri0r.com/hacking-tools-windows-os-x-linux-android-solaris-unixware/vulnerability-assessment.html
Webshell list https://github.com/tennc/webshell

Port scanners 🎯 && Wide Scans πŸ—½

Name URL
Masscan https://github.com/robertdavidgraham/masscan
Masscan Defcon conference https://defcon.org/
Network Scan Mon https://scan.netlab.360.com/#/dashboard
Nmap https://nmap.org/7/
Nscan https://github.com/OffensivePython/Nscan
PFRing https://github.com/ntop/PF_RING
Rapid7 Sonar Labs https://sonar.labs.rapid7.com/
Rapid7 Sonar Blackhat conference https://www.blackhat.com/
Scans.io https://scans.io/
Shadowserver https://www.shadowserver.org/ ⭐⭐⭐⭐
Sonar similar projects https://github.com/rapid7/sonar/wiki/Similar-Projects
Trending Ports https://isc.sans.edu/trends.html
Zmap https://zmap.io/
Zgrab https://github.com/zmap/zgrab

Search engines πŸ“‘

Name URL
ZoomEye https://zoomeye.org/ β­πŸ‡¨πŸ‡³
Shodan https://www.shodan.io/
Censys https://censys.io/
Gegereka http://gegereka.com/ (not always up)
Google https://www.google.com/advanced_search
Google dorks https://gist.github.com/zbetcheckin/04e6a5d7f2d5ef8cfa3c298701f47f9c
List of search engines https://en.wikipedia.org/wiki/List_of_search_engines
Threat crowd https://www.threatcrowd.org/

Security challenges / WarGames 🚩

Name URL
Zenk-Security https://www.zenk-security.com/
Root-Me http://www.root-me.org/
Overthewire http://overthewire.org/wargames/
Reversing http://reversing.kr/
Pwnable http://pwnable.kr/
Newbiecontest https://www.newbiecontest.org/
OWASP VWAD list https://github.com/OWASP/OWASP-VWAD/
WeChall https://www.wechall.net/
Vulnhub https://www.vulnhub.com/ ⭐
Net Garage http://io.netgarage.org/
SmashTheStack http://smashthestack.org/
Hackthissite http://www.hackthissite.org/
Hack.me https://hack.me
HackThis! http://www.hackthis.co.uk/
Backdoor.Sdslabs https://backdoor.sdslabs.co/
Bright-shadows http://www.bright-shadows.net/
SmashTheStack http://smashthestack.org/
Ringzer0team https://ringzer0team.com/challenges
Forensic contest http://forensicscontest.com/puzzles
Lost chall http://www.lost-chall.org/
Rankk http://www.rankk.org/
Happy Security http://www.happy-security.de/
Net force https://www.net-force.nl/challenges/
CanYouHack.it http://canyouhack.it/
Hellboundhackers https://www.hellboundhackers.org/
Microcorruption https://microcorruption.com/

Skimmer πŸƒ

Name URL
Skimmer source from Krebs https://krebsonsecurity.com/all-about-skimmers/
Great reverse engineering on skimmer https://trustfoundry.net/reverse-engineering-a-discovered-atm-skimmer/

SSH

Name URL
Bruteforce know hosts https://github.com/Churro/bruteforce-known-hosts
OpenSSH guidelines https://wiki.mozilla.org/Security/Guidelines/OpenSSH
SSH audit https://github.com/arthepsy/ssh-audit.git
SSH audit online https://sshcheck.com
Who's there https://github.com/FiloSottile/whosthere

SSL

Name URL
Certificate search https://crt.sh
Bad SSL https://github.com/chromium/badssl.com
Htbridge - Online analysis https://www.htbridge.com/ssl/
Mozilla SSL Configuration Generator https://mozilla.github.io/server-side-tls/ssl-config-generator/
Observatory by Mozilla - Online analysis https://observatory.mozilla.org/ ⭐⭐⭐⭐
O-Saft - Tools https://www.owasp.org/index.php/O-Saft
OWASP tests - Procedure https://www.owasp.org/index.php/Testing_for_Weak_SSL/TLS_Ciphers
Qualys SSL Labs - Online analysis https://www.ssllabs.com/ssltest/
SSLscan - Tools https://github.com/rbsec/sslscan
SSLyze - Tools https://github.com/iSECPartners/sslyze
Testssl.sh - Tools https://github.com/drwetter/testssl.sh ⭐

TOR

Name URL
Hidden services https://www.torproject.org/docs/hidden-services.html.en
Hidden services scanner https://github.com/superp00t/sadonion
Reddit https://www.reddit.com/r/onions/
Scan Onion Services https://github.com/s-rah/onionscan
Search engine - Grams http://grams7enufi7jmdl.onion/
Search engine - Ahmia https://ahmia.fi/
Search engine - TORCH http://xmh57jrzrnw6insl.onion/
Search engine - DuckDuckGo http://3g2upl4pq6kufc4m.onion/
Tails https://tails.boum.org/
The hidden wiki https://thehiddenwiki.org/
Tolerant ISP for exit node https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs
Tor Browser Fingerprint https://github.com/jonaslejon/tor-fingerprint
Tor Bulk exit list https://check.torproject.org/cgi-bin/TorBulkExitList.py
Tor IP history https://exonerator.torproject.org/
Tor Know exit nodes https://check.torproject.org/exit-addresses
Tor Project https://www.torproject.org/
Tor Relays bandwidth https://github.com/TheTorProject/bwscanner
Tor Socks https://gitweb.torproject.org/torsocks.git
Tor Status https://torstatus.blutmagie.de/
URL onion inspector https://github.com/k4m4/onioff

VOIP ☎️

Name URL
Penetration test http://0daysecurity.com/penetration-testing/VoIP-security.html

VPN

Name URL
Open VPN https://github.com/OpenVPN
Comparison https://thatoneprivacysite.net/vpn-comparison-chart/
Location test https://www.dnsleaktest.com/
Location test https://ipleak.net/

Vulnerable environments πŸ”“

Name URL
Owasp list https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project/Pages/Offline
Owasp BWA https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project
DVWA http://www.dvwa.co.uk/
WebGoat http://code.google.com/p/webgoat
Metasploitable 3 https://github.com/rapid7/metasploitable3/wiki
Vulnerable systems list https://www.amanhardikar.com/mindmaps/Practice.html ⭐
VulnHub http://vulnhub.com/
LampSecurity http://sourceforge.net/projects/lampsecurity/
Hackademic-RTB1 http://www.aldeid.com/wiki/Hackademic-RTB1
Moth http://www.bonsai-sec.com
Peruggia http://sourceforge.net/projects/peruggia/

Web browser

Name URL
Amiunique project https://github.com/DIVERSIFY-project/amiunique
Browser exploit https://github.com/julienbedard/browsersploit
Browser info http://www.browser-info.net/
Browser leaks https://www.browserleaks.com/
Browser recommendations https://gist.github.com/atcuno/3425484ac5cce5298932 ⭐
Browserling https://www.browserling.com/
Fingerprint https://amiunique.org/
Fingerprint https://panopticlick.eff.org/
Flash http://isflashinstalled.com/
Referer https://www.whatismyreferer.com/
SSL https://www.ssllabs.com/ssltest/viewMyClient.html
URL Shorter List https://bit.do/list-of-url-shorteners.php
User agent http://useragentstring.com/pages/useragentstring.php
User agent http://whatsmyuseragent.com/
User agent https://www.projecthoneypot.org/robot_useragents.php
User agent https://www.whatismybrowser.com/developers/tools/user-agent-parser/browse
Web technologies support tables https://caniuse.com/

Windows

Name URL
Anti forensic Windows https://www.reddit.com/r/security/comments/32fb1l/open_guide_to_scrubbing_windows_oss_from_forensic/
Security development https://github.com/ExpLife0011/awesome-windows-kernel-security-development
Windows executable walkthrough https://i.imgur.com/pHjcI.png
Windows exploitation https://github.com/r3p3r/nixawk-awesome-windows-exploitation
Windows hardening https://github.com/PaulSec/awesome-windows-domain-hardening

Wireless / Radio πŸ“Ά

Name URL
Awesome wifi tools list https://github.com/0x90/wifi-arsenal
Penetration test http://0daysecurity.com/penetration-testing/wireless-penetration.html
Great wifi map https://wigle.net/
RFSec-ToolKit https://github.com/cn0xroot/RFSec-ToolKit
RTL-SDR http://www.rtl-sdr.com/
Wireless in airports https://www.google.com/maps/d/viewer?mid=1Z1dI8hoBZSJNWFx2xr_MMxSxSxY

About

Great security list for fun and profit

Resources

Readme
Activity

Stars

1.8k stars

Watchers

116 watching

Forks

346 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 8