https://github.com/jpablo13/cybersecurity-web-tools

This repository is a centralized collection of web-based tools used in cybersecurity, organized by categories such as Red Team, Blue Team, OSINT, Forensics, and more.
https://github.com/jpablo13/cybersecurity-web-tools

blue-team cybersecurity forensics hacking infosec online-tools osint red-team web-tools

Last synced: 5 months ago
JSON representation

This repository is a centralized collection of web-based tools used in cybersecurity, organized by categories such as Red Team, Blue Team, OSINT, Forensics, and more.

• Host: GitHub
• URL: https://github.com/jpablo13/cybersecurity-web-tools
• Owner: JPablo13
• License: mit
• Created: 2025-03-11T02:46:05.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2025-06-16T18:20:09.000Z (about 1 year ago)
• Last Synced: 2025-06-27T16:51:14.024Z (12 months ago)
• Topics: blue-team, cybersecurity, forensics, hacking, infosec, online-tools, osint, red-team, web-tools
• Homepage:
• Size: 128 KB
• Stars: 6
• Watchers: 1
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# 🛠️Cybersecurity-Web-Tools

This repository contains a list of links to different web tools useful for cybersecurity, it is organized by categories for greater accessibility.

---

## 📋Table of Contents

### [🛡️Blue Team](#%EF%B8%8Fblue-team-1)

- [🔍URL Scanning](#url-scanning)

- [🔎IP Scanning](#ip-scanning)

- [📝File Scanning](#file-scanning)

- [📦Sandboxing](#sandboxing)

- [🔐Password Scanning](#password-scanning)

- [🛡️Vulnerability Management](#%EF%B8%8Fvulnerability-management)

- [🦠Malware Samples](#malware-samples)

- [📧Email Protection](#email-protection)

- [🌐Web Security](#web-security)

  

### [🐉Red Team](#red-team-1)

- [🎯Web Enumeration and Reconnaissance](#web-enumeration-and-reconnaissance)

- [📚Knowledge Bases & Cheatsheets](#knowledge-bases--cheatsheets)

- [🃏Data Analysis and Transformation](#data-analysis-and-transformation)

- [🔑Token & Auth Analysis Tools](#token--auth-analysis-tools)

- [🔐Web Security Configuration](#web-security-configuration)

- [💥Exploits and Vulnerabilities](#exploits-and-vulnerabilities)

### [🧩Browser Extensions](#-browser-extensions)

- [🛡️Privacy & Protection](#%EF%B8%8Fprivacy--protection)

- [🧪Pentesting, OSINT & Web Analysis](#pentesting-osint--web-analysis)

- [🍪Cookies & Headers](#cookies--headers)

---

# 🛡️Blue Team

## 🔍URL Scanning

* **[VirusTotal](https://www.virustotal.com/)**: Scans URLs and files for viruses and other threats using multiple antivirus engines. 

* **[Talos Intelligence](https://talosintelligence.com/)**: Offers information about online threats, including URL reputation.

* **[URLVoid](https://www.urlvoid.com/)**: Checks if a URL has been reported as malicious by various sources.

* **[Urlscan.io](https://urlscan.io/)**: Analyzes websites to detect malicious content, such as malware or phishing.

* **[Google Safe Browsing Site Status](https://transparencyreport.google.com/safe-browsing/search)**: Allows you to check if a website has been marked as unsafe by Google. 

## 🔎IP Scanning

* **[AbuseIPDB](https://www.abuseipdb.com/)**: Collects reports of abusive IP addresses, such as those that send spam or perform attacks.

* **[IPVoid](https://www.ipvoid.com/)**: Provides information about the reputation of an IP address, even if it is reported as malicious.

* **[Hurricane Electric](https://bgp.he.net/)**: Offers tools to analyze IP address routing information.

* **[DNSlytics](https://dnslytics.com/)**: Analyzes DNS records to obtain information about the infrastructure of a domain or IP address.

## 📝File Scanning

* **[Triage](https://tria.ge/)**: Analyzes files in an isolated environment (sandbox) to detect malicious behavior.

* **[Filescan.io](https://www.filescan.io/scan)**: Scans files for malware using multiple antivirus engines.

* **[MetaDefender](https://metadefender.opswat.com/)**: Analyzes files with multiple antivirus engines and threat detection technologies.

* **[Kaspersky Threat Intelligence](https://opentip.kaspersky.com/)**: Offers information about threats and malware, including file analysis.

* **[Hybrid Analysis](https://www.hybrid-analysis.com/)**: Analyzes files in a sandbox environment and provides detailed reports on their behavior.

* **[TinEye](https://tineye.com/)**: Reverse image search engine, useful for detecting unauthorized use of images.

## 📦Sandboxing

* **[Any.run](https://app.any.run/)**: Allows you to run files and analyze their behavior in an interactive virtual environment.

* **[Joe Sandbox](https://www.joesandbox.com/)**: Analyzes files and URLs in a sandbox environment and generates detailed reports.

## 🔐Password Scanning

* **[Have I Been Pwned](https://haveibeenpwned.com/)**: Checks if a password or email address has been compromised in a data breach.

* **[Password checker Kaspersky](https://password.kaspersky.com/)**: Checks the strength of a password and if it has been compromised.

* **[Dehashed](https://dehashed.com/)**: Search engine for leaked data, helps verify the exposure of sensitive information.

## 🛡️Vulnerability Management

- **[VulnCheck Tools](https://vulncheck.com/tools)**: Fast CVE lookups and exploit data.

- **[CVE Details](https://www.cvedetails.com/)**: Comprehensive CVE database with vendor/product filters.

- **[NVD – National Vulnerability Database](https://nvd.nist.gov/)**: Official U.S. government source for CVEs and severity metrics.

- **[Vulners](https://vulners.com/)**: Aggregated vulnerability intelligence and exploit database.

## 🦠Malware Samples

* **[MalwareBazaar](https://bazaar.abuse.ch/)**: Repository of malware samples for analysis.

* **[ThreatFox](https://threatfox.abuse.ch/)**: Platform for sharing threat indicators, including malware samples.

## 📧Email Protection

* **[10MinuteMail](https://10minutemail.com/)**: Provides temporary email addresses to protect privacy.

* **[Spamhaus](https://www.spamhaus.org/)**: Offers spam block lists and other tools to combat unwanted email.

## 🌐Web Security

* **[EFF (Electronic Frontier Foundation)](https://www.eff.org)**: Organization that defends digital rights and online privacy.

* **[BrowserLeaks](https://browserleaks.com/)**: Website that shows the information that websites can collect about your browser.

---

# 🐉Red Team

## 🎯Web Enumeration and Reconnaissance

- **[Subdomain Finder](https://subdomainfinder.c99.nl/)**: Enumerates the public subdomains of a target domain.

- **[Shodan](https://www.shodan.io/)**: Search engine for devices and services connected to the internet.

- **[Censys Search](https://search.censys.io/)**: Provides detailed information on certificates, open ports, and exposed services.

- **[BuiltWith](https://builtwith.com/)**: Discovers the technologies behind a specific website.

- **[GTFOBins](https://gtfobins.github.io/)**: Provides privilege escalation and binary abuse techniques on Unix/Linux systems.

- **[RequestBin](https://requestbin.whapi.cloud/)**: Create public endpoints to inspect incoming HTTP requests—useful for webhook testing.

## 📚Knowledge Bases & Cheatsheets

- **[GTFOBins](https://gtfobins.github.io/)**: Provides privilege escalation and binary abuse techniques on Unix/Linux systems.

- **[LOLBAS](https://lolbas-project.github.io/)**: Catalog of legitimate Windows binaries that can be abused for offensive purposes.

- **[HackTricks](https://book.hacktricks.wiki/en/index.html)**: Practical knowledge base for pentesting, privilege escalation, and CTFs.

- **[Pentestmonkey](https://pentestmonkey.net/)**: Tips, payloads, and cheat sheets for web exploitation and post-exploitation.

- **[PayloadAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings)**: Collection of payloads and techniques for web, network, and privilege escalation attacks.

  

## 🃏Data Analysis and Transformation

- **[CyberChef](https://gchq.github.io/CyberChef/)**: Versatile web tool for data encoding, encryption, and transformation.

- **[Regex101](https://regex101.com/)**: It is an online tool for testing and debugging regular expressions with instant feedback.

## 🔑Token & Auth Analysis Tools

- **[JWT.IO](https://jwt.io/)**: Decodes, verifies, and generates JSON web tokens.

- **[Token Inspector](https://token.dev/)**: Platform for inspecting and visualizing JWT, JWE, JWK and JWS tokens.

- **[Base64 Decode & Encode](https://www.base64decode.org/)**: Simple tool to decode or encode base64.

## 🔐Web Security Configuration

- **[SSL Labs Test](https://www.ssllabs.com/ssltest/)**: Comprehensive analysis of a web server's SSL/TLS configuration.

- **[Observatory by Mozilla](https://observatory.mozilla.org/)**: Analyzes website security configurations and provides practical recommendations.

- **[Security Headers](https://securityheaders.com/)**: Analyzes the security HTTP headers of any website.

- **[Snyk.io](https://snyk.io)**: Scans code, open-source dependencies, containers, and IaC configurations for known security vulnerabilities.

## 💥Exploits and Vulnerabilities

- **[Exploit Database](https://www.exploit-db.com/)**: Database of exploits and security vulnerabilities.

- **[OWASP Top 10](https://owasp.org/www-project-top-ten/)**: List of the 10 most critical web vulnerabilities.

- **[Mitre ATT&CK](https://attack.mitre.org/)**: Framework describing the tactics and techniques used by attackers.

- **[CVE](https://cve.mitre.org/)**: Catalog of known security vulnerabilities.

- **[CrackStation](https://crackstation.net/)**: A free password hash cracker that uses massive precomputed dictionaries to reverse weak hashes.

---

# 🧩 Browser Extensions 

## 🛡️Privacy & Protection

- **[Privacy Badger](https://addons.mozilla.org/en/firefox/addon/privacy-badger17/)**: Blocks invisible trackers and enhances user privacy during browsing.

- **[uBlock Origin](https://addons.mozilla.org/en/firefox/addon/ublock-origin/)**: Efficient content blocker that filters ads, malicious scripts, and trackers.

- **[ClearURLs](https://addons.mozilla.org/en/firefox/addon/clearurls/)**: Removes tracking elements from URLs to avoid activity profiling.

- **[I Don't Care About Cookies](https://addons.mozilla.org/en/firefox/addon/iadcaa/)**: Hides or auto-accepts cookie notices on supported websites.

- **[WebRTC Leak Shield](https://addons.mozilla.org/en/firefox/addon/webrtc-leak-shield/)**: Prevents IP leaks through WebRTC—essential when using VPNs or proxies.

- **[HTTPS Always (formerly HTTPS Everywhere)](https://addons.mozilla.org/en/firefox/addon/https-always/)**: Forces secure HTTPS connections when available.

## 🧪Pentesting, OSINT & Web Analysis

- **[Wappalyzer](https://addons.mozilla.org/en/firefox/addon/wappalyzer/)**: Identifies technologies used on websites (CMS, frameworks, web servers, etc.).

- **[Shodan](https://addons.mozilla.org/en/firefox/addon/shodan_io/)**: Allows quick queries to Shodan about the website, IP, or device you're visiting.

- **[HackTools](https://addons.mozilla.org/en/firefox/addon/hacktools/)**: Pentesting toolbox with payloads, encoding tools, hash generators, etc.

- **[User-Agent Switcher and Manager](https://addons.mozilla.org/en/firefox/addon/user-agent-string-switcher/)**: Emulates various browsers and devices by changing the User-Agent header.

- **[FoxyProxy Standard](https://addons.mozilla.org/en/firefox/addon/foxyproxy-standard/)**: Proxy manager with advanced rules, ideal for Burp Suite, TOR, or multi-proxy setups.

- **[Retire.js](https://addons.mozilla.org/en/firefox/addon/retire-js/)**: Scans websites for vulnerable JavaScript libraries in real-time.

- **[DotGit](https://addons.mozilla.org/en/firefox/addon/dotgit/)**: Detects exposed `.git` directories, commonly misconfigured in web deployments.

- **[Link Gopher](https://addons.mozilla.org/en/firefox/addon/link-gopher/)**: Extracts and lists all links from a webpage—great for passive recon or scraping.

- **[FindSomething](https://addons.mozilla.org/en/firefox/addon/findsomething/)**: Enables advanced keyword and content searching (visible or hidden) within pages.

- **[Temp Mail](https://addons.mozilla.org/en/firefox/addon/temp-mail-org/)**: Generates disposable email addresses to use in testing or account registration.

- **[Hunter](https://addons.mozilla.org/en/firefox/addon/hunter/)**: Searches for email addresses tied to a specific domain—very effective for OSINT.

- **[TWP - Translate Web Pages](https://addons.mozilla.org/en/firefox/addon/traductor-webpages/)**: Instantly translates full web pages—helpful for international OSINT or analysis.

## 🍪Cookies & Headers

- **[Cookie Editor](https://addons.mozilla.org/en/firefox/addon/cookie-editor/)**: Inspect, edit, export, and delete cookies in real-time—perfect for web app testing.

- **[Live HTTP Headers](https://addons.mozilla.org/en/firefox/addon/live-http-headers/)**: Monitors all HTTP headers in live traffic, useful for debugging and recon.

- **[ModHeader](https://addons.mozilla.org/en/firefox/addon/modheader-firefox/)** Allows modification of HTTP headers like `User-Agent`, `Referer`, `Origin`.

---

# 📬Contact

If you have any questions, please feel free to contact me at:  

[![LinkedIn](https://img.shields.io/badge/LinkedIn-%230077B5.svg?&style=for-the-badge&logo=linkedin&logoColor=white)](https://www.linkedin.com/in/jpablo-villalobos/)

[![GitHub](https://img.shields.io/badge/GitHub-%2312100E.svg?&style=for-the-badge&logo=github&logoColor=white)](https://github.com/JPablo13)

[![ProtonMail](https://img.shields.io/badge/ProtonMail-6D4AFF?style=for-the-badge&logo=protonmail&logoColor=white)](mailto:pablo13villalobos@proton.me)

[![Medium](https://img.shields.io/badge/Medium-12100E?style=for-the-badge&logo=medium&logoColor=white)](https://medium.com/@jpablo13)

---

## 🤝Support me