{"id":23919386,"url":"https://github.com/snatev/sechelp","last_synced_at":"2026-02-27T09:06:37.601Z","repository":{"id":243471036,"uuid":"812485050","full_name":"snatev/sechelp","owner":"snatev","description":"A comprehensive collection of security services, tools, and information catering to a wide variety of uses","archived":false,"fork":false,"pushed_at":"2025-07-26T10:55:54.000Z","size":52274,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-07-26T16:44:42.622Z","etag":null,"topics":["collections","security","security-tools"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/snatev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-06-09T03:03:38.000Z","updated_at":"2025-07-26T10:55:57.000Z","dependencies_parsed_at":"2024-12-02T09:20:08.913Z","dependency_job_id":"50464227-d39d-446c-948b-a391e47ad4f3","html_url":"https://github.com/snatev/sechelp","commit_stats":null,"previous_names":["snatev/thm"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/snatev/sechelp","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/snatev%2Fsechelp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/snatev%2Fsechelp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/snatev%2Fsechelp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/snatev%2Fsechelp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/snatev","download_url":"https://codeload.github.com/snatev/sechelp/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/snatev%2Fsechelp/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29888914,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-27T08:34:21.514Z","status":"ssl_error","status_checked_at":"2026-02-27T08:32:38.035Z","response_time":57,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["collections","security","security-tools"],"created_at":"2025-01-05T14:51:42.622Z","updated_at":"2026-02-27T09:06:37.595Z","avatar_url":"https://github.com/snatev.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n# Useful Security Services and Tools\nA comprehensive collection of security services, tools, and information catering to a wide variety of uses.\n\n![shield](https://github.com/snatev/sechelp/assets/169693246/502ffbdb-70d1-4c36-88b1-e690ab09546e)\n\n\u003cbr\u003e\n\n### Navigation\n[API Testing and Security](#api-testing-and-security)\n\n[Metadata and File Analysis](#metadata-and-file-analysis)\n\n[Log Analysis and Monitoring](#log-analysis-and-monitoring)\n\n[Security Standards and Frameworks](#security-standards-and-frameworks)\n\n[Network Analysis and Packet Capture](#network-analysis-and-packet-capture)\n\n[Information Gathering and Enumeration](#information-gathering-and-enumeration)\n\n[Web Application Enumeration and Fuzzing](#web-application-enumeration-and-fuzzing)\n\n[Security Assessments and Threat Intelligence](#security-assessments-and-threat-intelligence)\n\n\u003cbr\u003e\u003cbr\u003e\n\n\u003c/div\u003e\n\n### API Testing and Security\n\n|||\n|----------|-------------|\n| **Postman** | Comprehensive API development environment that allows users to create, test, and document APIs, with features for automated testing and collaboration. |\n| **Burp Suite** | Integrated platform for performing security testing of web applications, including tools for scanning, crawling, and advanced vulnerability detection. |\n| **RequestBin** | Enables users to create custom endpoints to collect, inspect, and debug HTTP requests, facilitating API testing and webhook inspection. |\n\n\u003cbr\u003e\n\n### Metadata and File Analysis\n\n|||\n|----------|-------------|\n| **pdfinfo** | Command-line tool displaying PDF file information, such as title, author, subject, keywords, and page count, along with more details. |\n| **ExifTool** | Platform-independent tool for reading, writing, and editing metadata in various file formats, offering comprehensive functionality. |\n| **CyberChef** | Web-based tool for carrying out various encryption, encoding, compression, and data analysis operations, providing a simple and intuitive interface for complex tasks. |\n| **Steghide** | Command-line steganography tool for embedding and extracting hidden data within various file formats like images and audio, while preserving file integrity. |\n| **Binwalk** | Tool for analyzing binary files, commonly used to identify and extract embedded files or data. |\n| **FLOSS** | Stands for FireEye Labs Obfuscated String Solver, a tool to automatically extract obfuscated and deobfuscated strings from malware binaries. |\n| **jq** | Lightweight and flexible command-line JSON processor for parsing, manipulating, and formatting JSON data. |\n\n\u003cbr\u003e\n\n### Log Analysis and Monitoring\n\n|||\n|----------|-------------|\n| **ELK Stack** | Open-source stack combining Elasticsearch, Logstash, and Kibana to collect, search, analyze, and visualize log and monitoring data, widely used for security information and event management (SIEM). |\n| **CloudWatch** | AWS monitoring and observability service for collecting and analyzing logs, metrics, and events to monitor infrastructure and applications in real-time. |\n| **CloudTrail** | AWS service that provides governance, compliance, and operational auditing by logging API calls and activity across AWS accounts. |\n\n\u003cbr\u003e\n\n### Security Standards and Frameworks\n\n|||\n|----------|-------------|\n| **OSSTMM** | The Open Source Security Testing Methodology Manual, providing a peer-reviewed methodology for performing security tests and metrics. |\n| **OWASP** | The Open Web Application Security Project, offering free and open resources focused on improving the security of software, including tools, documentation, and community support. |\n| **NIST** | The National Institute of Standards and Technology, providing standards and guidelines to improve the security and resilience of information systems. |\n| **NCSC CAF** | The National Cyber Security Centre Cyber Assessment Framework, offering guidance on how to assess and improve cyber security measures. |\n| **OSINT** | Open-source intelligence tools and techniques for gathering and analyzing publicly available information to support security assessments and investigations. |\n| **MITRE ATT\u0026CK Framework** | A knowledge base of adversary tactics and techniques based on real-world observations, used for understanding and enhancing detection, response, and mitigation strategies. |\n\n\u003cbr\u003e\n\n\u003cbr\u003e\n\n### Network Analysis and Packet Capture\n\n|||\n|----------|-------------|\n| **tcpdump** | Command-line packet analyzer for capturing and inspecting network traffic in real time, supporting filtering and detailed output for in-depth network troubleshooting and analysis. |\n| **Wireshark** | Comprehensive network protocol analyzer with a graphical interface for capturing and examining network packets in real-time or offline, supporting a wide range of protocols and use cases. |\n| **TShark** | Command-line version of Wireshark for capturing and analyzing network traffic, ideal for scripting and headless environments. |\n| **Ettercap** | Comprehensive suite for man-in-the-middle attacks on LAN, supporting sniffing of live connections, content filtering, and network protocol analysis. |\n| **Bettercap** | Advanced, modular network attack and monitoring tool with support for network packet capture, man-in-the-middle attacks, and protocol manipulation. |\n\n### Information Gathering and Enumeration\n\n|||\n|----------|-------------|\n| **Nmap** | Network scanning tool for discovering devices, hosts, services, and vulnerabilities on a network. |\n| **Wappalyzer** | Technology profiler that detects CMS, eCommerce platforms, web servers, JavaScript frameworks, and analytics tools on websites. |\n| **OWASP Favicon Database** | Identifies web technologies based on favicon hashes, useful for gathering information about web applications. |\n| **Wayback Machine** | Digital archive of the Web, enabling users to view historical versions of web pages for research and content recovery. |\n| **crt.sh** | Queries Certificate Transparency logs to search for certificates issued for a domain, aiding in subdomain identification and security assessment. |\n| **Netcat** | Versatile networking tool for reading from and writing to network connections using TCP or UDP, often used for network debugging and security testing. |\n| **Socat** | Versatile networking tool for data transfer, port forwarding, and tunneling between two endpoints. Basically a more powerful version of Netcat. |\n| **rlwrap** | Adds readline editing and history capabilities to command-line tools that lack them, enhancing usability during interactive sessions. |\n| **Sublist3r** | Enumerates subdomains using multiple search engines and services like Netcraft, Virustotal, and DNSdumpster. |\n| **Shodan** | Search engine for Internet-connected devices, allowing users to discover and analyze devices and services exposed to the Internet. |\n| **dnsdumpster** | Online tool for performing DNS reconnaissance to discover hosts related to a domain. |\n| **whois** | Queries domain registration records to retrieve details about ownership, registration dates, and contact information. |\n| **nslookup** | Command-line tool for querying DNS to obtain domain name or IP address mapping, facilitating DNS troubleshooting and reconnaissance. |\n| **dig** | Command-line DNS lookup utility providing detailed information about DNS queries, such as A, MX, and CNAME records. |\n| **FoxyProxy** | Browser extension for managing multiple proxy configurations, streamlining proxy switching for security and anonymity purposes. |\n| **User-Agent Switcher and Manager** | Browser extension allowing users to change their user-agent string for testing, anonymity, and bypassing restrictions. |\n| **ping** | Network tool for testing reachability of hosts and measuring round-trip time for messages sent to a target. |\n| **traceroute** | Network diagnostic tool that maps the path data takes to a host and identifies any intermediate hops. |\n| **Masscan** | High-performance port scanner capable of scanning large sections quickly, used for identifying open ports and services. |\n\n\u003cbr\u003e\n\n### Web Application Enumeration and Fuzzing\n\n|||\n|----------|-------------|\n| **Gobuster** | Brute-forces URLs, DNS subdomains, and virtual host names in web applications, supporting directory/file brute-forcing and DNS enumeration. |\n| **FFUF** | A fast web fuzzer for brute-forcing web applications, including directory/file discovery and virtual host name brute-forcing. |\n| **Dirb** | Command-line tool for discovering hidden directories and files on web servers through brute-force attacks. |\n| **WPScan** | WordPress security scanner that identifies vulnerabilities in WordPress installations, including plugins and themes. |\n| **DNSRecon** | Performs DNS checks, including record enumeration, zone transfers, reverse lookups, and subdomain brute-forcing. |\n\n\u003cbr\u003e\n\n### Security Assessments and Threat Intelligence\n\n|||\n|----------|-------------|\n| **PayloadsAllTheThings** | Curated collection of offensive security payloads and techniques for web apps, APIs. |\n| **SecLists** | Collection of lists used in security assessments, including usernames, passwords, URLs, sensitive data patterns, and fuzzing payloads. |\n| **AbuseIPDB** | Collaborative project for reporting and checking IP addresses for malicious activities, helping to identify and mitigate threats. |\n| **CrackStation** | Online password cracking tool using a massive database of known password hashes to recover passwords through hash comparison. |\n| **HackerOne** | Platform connecting businesses with penetration testers and security researchers to identify and resolve security vulnerabilities through bug bounty programs. |\n| **XSS Polyglots** | Collection of XSS payloads designed to test and bypass various XSS filters and protections, aiding in the detection and exploitation of XSS vulnerabilities. |\n| **Command Injection Payload List** | Curated list of command injection payloads to test and exploit command injection vulnerabilities in web applications and services. |\n| **Exploit-DB** | Archive of public exploits and corresponding vulnerable software, offering a comprehensive resource for security researchers and penetration testers. |\n| **Atomic Red Team** | Open-source library of small, focused tests mapped to the MITRE ATT\u0026CK framework to simulate adversary techniques and evaluate security controls. |\n| **SearchSploit** | Command-line utility for offline searching of the Exploit-DB database, allowing quick access to public exploits and their references. |\n| **John the Ripper** | Fast and customizable password cracker that supports a variety of hash types, widely used for security testing and forensic investigations. |\n| **Hydra** | Fast and flexible brute-force password cracking tool supporting numerous protocols and services. |\n| **msfvenom** | Payload generator that combines the functionality of msfpayload and msfencode, allowing users to create custom payloads for penetration testing and exploit development. |\n| **Metasploit** | Powerful and flexible penetration testing framework with a vast library of exploits, payloads, and auxiliary modules to assess and validate vulnerabilities. |\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsnatev%2Fsechelp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsnatev%2Fsechelp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsnatev%2Fsechelp/lists"}