Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/zbetcheckin/security_list
Great security list for fun and profit
https://github.com/zbetcheckin/security_list
Last synced: 27 days ago
JSON representation
Great security list for fun and profit
- Host: GitHub
- URL: https://github.com/zbetcheckin/security_list
- Owner: zbetcheckin
- Created: 2016-03-29T22:04:28.000Z (over 8 years ago)
- Default Branch: master
- Last Pushed: 2022-12-14T20:09:58.000Z (almost 2 years ago)
- Last Synced: 2024-10-14T22:02:52.613Z (27 days ago)
- Homepage:
- Size: 152 KB
- Stars: 1,725
- Watchers: 116
- Forks: 350
- Open Issues: 9
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-security-collection - **1110**星
README
# Security list for fun and profit
Inspired by http://www.nothink.org/utilities.php
## Table of Contents
* [Awesome lists](#awesome-lists-1)
* [Books](#books-books)
* [Bug bounty](#bug-bounty-chocolate_bar)
* [Cheat sheets](#cheat-sheets-1)
* [CTF](#ctf-triangular_flag_on_post)
* [Decoder/Converter/Beautifier](#decoderconverterbeautifier-hurtrealbad)
* [Domain name Research / Analysis / Reputation](#domain-name-research--analysis--reputation-chart_with_downwards_trend)
* [Exploits and vulnerabilities](#exploits-and-vulnerabilities-door)
* [Forensic](#forensic-mag)
* [Free shell](#free-shell-shell)
* [Fun](#fun-trollface)
* [Generic utilities](#generic-utilities-file_folder)
* [GNU/Linux](#gnulinux)
* [Honeypots](#honeypots-honey_pot)
* [IP Research / Analysis / Investigation](#ip-research--analysis--investigation)
* [Leak / Defaced](#leak--defaced-ambulance)
* [Learning / Exercises](#learning--exercises-mortar_board)
* [Lock picking](#lock-picking-closed_lock_with_key)
* [Mail utilities](#mail-utilities-mailbox_with_mail)
* [Malicious traffic detection](#malicious-traffic-detection-vertical_traffic_light)
* [Malware / Botnet sources](#malware--botnet-sources-angel)
* [Malware analysis - Sandbox](#malware-analysis---sandbox-mask)
* [Malware analysis - Sandbox - Online](#malware-analysis---sandbox---online-mask)
* [Mobile](#mobile-iphone)
* [Network](#network)
* [OSINT](#osint)
* [OS X](#os-x)
* [Passwords](#passwords-key)
* [Penetration testing](#penetration-testing-wrench)
* [Port scanners / Wide scans](#port-scanners-dart--wide-scans-statue_of_liberty)
* [Search engines](#search-engines-satellite)
* [Security challenges / WarGames](#security-challenges--wargames-triangular_flag_on_post)
* [Skimmer](#skimmer-black_joker)
* [SSH](#ssh)
* [SSL](#ssl)
* [TOR](#tor)
* [VOIP](#voip-phone)
* [VPN](#vpn)
* [Vulnerable environments](#vulnerable-environments-unlock)
* [Web browser](#web-browser)
* [Windows](#windows)
* [Wireless / Radio](#wireless--radio-signal_strength)
----
## Awesome lists :+1:
Name | URL
------------------------------------ | ---------------------------------------------
Android | https://github.com/ashishb/android-security-awesome
Curated list of awesome lists | https://github.com/sindresorhus/awesome :star:
Fuzzing | https://github.com/secfigo/Awesome-Fuzzing
Hacking list | https://github.com/Hack-with-Github/Awesome-Hacking :star::star::star:
Honeypots | https://github.com/paralax/awesome-honeypots :star:
Incident response | https://github.com/meirwah/awesome-incident-response/ :star::star:
Indicators of compromise | https://github.com/sroberts/awesome-iocs
Info sec | https://github.com/rmusser01/Infosec_Reference
Malware analysis | https://github.com/rshipp/awesome-malware-analysis/ :star::star::star:
Personal Security | https://github.com/Lissy93/personal-security-checklist
Red team | https://github.com/yeyintminthuhtut/Awesome-Red-Teaming
Reversing | https://github.com/fdivrp/awesome-reversing
Security | https://github.com/sbilly/awesome-security
Threat intelligence | https://github.com/hslatman/awesome-threat-intelligence
Web | https://github.com/qazbnm456/awesome-web-security/ https://github.com/infoslack/awesome-web-hacking
## Books :books:
Name |URL
------------------------------------ | ---------------------------------------------
Free programming books | https://github.com/EbookFoundation/free-programming-books
Recommended Reading | http://dfir.org/?q=node/8
## Bug bounty :chocolate_bar:
Name |URL
------------------------------------ | ---------------------------------------------
Bounty factory | https://bountyfactory.io
Bugcrowd | https://bugcrowd.com/programs
Google | https://www.google.com/about/appsecurity/reward-program/
HackerOne | https://hackerone.com :star:
List of bug bounty | https://www.bugcrowd.com/bug-bounty-list/
Microsoft | https://technet.microsoft.com/en-us/security/dn425036
Open bug bounty | https://www.openbugbounty.org/
Programs and write-ups | https://github.com/djadmin/awesome-bug-bounty
Write-ups | https://github.com/ngalongc/bug-bounty-reference
Zerodium | https://www.zerodium.com/ :moneybag::trollface:
## Cheat sheets :+1:
Name | URL
------------------------------------ | ---------------------------------------------
General cheat sheets | http://www.cheat-sheets.org/ :star:
Owasp series | https://github.com/OWASP/CheatSheetSeries :star::star:
Packet life | http://packetlife.net/library/cheat-sheets/
Penetration test | https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/
Pentest monkey | http://pentestmonkey.net
SANS Forensic | https://digital-forensics.sans.org/community/cheat-sheets
Security Onion | https://github.com/Security-Onion-Solutions/security-onion/wiki/Cheat-Sheet
Zeltser's cheat sheets list | https://zeltser.com/cheat-sheets/
## CTF :triangular_flag_on_post:
Name | URL
------------------------------------ | ---------------------------------------------
Awesome CTF | https://github.com/apsdehal/awesome-ctf :star::star:
CTFd platform | https://github.com/CTFd/CTFd :star:
CTF PAD | https://github.com/StratumAuhuur/CTFPad
CTF TIME | https://ctftime.org/
Mellivora platform | https://github.com/Nakiami/mellivora :star:
Platform list | https://github.com/We5ter/Awesome-Platforms/blob/master/CTF-Platforms.md
Reddit | https://www.reddit.com/r/securityctf
Tools list | https://github.com/Laxa/HackingTools
Tools list | https://github.com/zardus/ctf-tools
Write-ups | https://github.com/ctfs
## Decoder/Converter/Beautifier :hurtrealbad:
Name | URL
------------------------------------ | ---------------------------------------------
Code beautifier | http://codebeautify.org/
Converter | https://github.com/koczkatamas/koczkatamas.github.io
Cyber Chef | https://gchq.github.io/CyberChef/ :fork_and_knife::star::star::star:
JSUnpack | https://github.com/urule99/jsunpack-n
JSBeautifier | http://jsbeautifier.org/ :star:
Jjencode | http://utf-8.jp/public/jjencode.html
JS deobfuscate | https://github.com/sevzero/honeybadger
VB code beautifier | http://www.vbindent.com/
## Domain name Research / Analysis / Reputation :chart_with_downwards_trend:
Name | URL
------------------------------------ | ---------------------------------------------
Archive | https://archive.is/
Archive | https://web.archive.org/ :star:
BGP Toolkit | http://bgp.he.net/ :star:
Biggest DNS history | https://securitytrails.com/list/ip/$IP :star:
Cache page | http://www.cachedpages.com/
Cache view | http://cachedview.com/
Checking multiple blocklists | http://rbls.org/ :star:
DGA intro | https://en.wikipedia.org/wiki/Domain_generation_algorithm
DNS Blacklists | https://raw.githubusercontent.com/zbetcheckin/DNSBLs/master/active_dnsbls.txt
DNS dumpster | https://dnsdumpster.com/
DNS Propagation Checker | https://www.whatsmydns.net/
DNS stuff | http://www.dnsstuff.com/
Domain analysis list | https://github.com/rshipp/awesome-malware-analysis/#domain-analysis
Domain hijacking intro | https://en.wikipedia.org/wiki/Domain_hijacking
Expired domain | https://www.expireddomains.net/backorder-expired-domains/
Google | https://www.google.com/transparencyreport/safebrowsing/diagnostic/
Into dns | http://www.intodns.com/
Multi RBL | http://multirbl.valli.org/lookup/ :star:
MXToolBox | https://mxtoolbox.com/SuperTool.aspx#
Netcraft | http://www.netcraft.com/
Reverse Whois | https://reversewhois.domaintools.com/
Robtex | https://www.robtex.com/dns/
Sucuri | http://sitecheck.sucuri.net/scanner/
TCP utils | http://www.tcpiputils.com/
Threat log | http://www.threatlog.com/
Threat miner | https://www.threatminer.org/
Top-Level Domains list | https://data.iana.org/TLD/tlds-alpha-by-domain.txt :star:
Trusted source | http://www.trustedsource.org/
URL Query | http://urlquery.net/ :star:
URL scan | https://urlscan.io/ :star:
URL shorter list | https://mirror1.malwaredomains.com/files/url_shorteners.txt
URL Void | http://www.urlvoid.com/
Virus total | https://www.virustotal.com/#url
Whois - ARIN | https://whois.arin.net/
Whois - LACNIC | http://lacnic.net/cgi-bin/lacnic/whois
Whois - RIPE NCC | https://apps.db.ripe.net/search/query.html
Whois - AFRINIC | http://www.afrinic.net/fr/services/whois-query
Whois - APNIC | http://wq.apnic.net/apnic-bin/whois.pl
Whois by registrant name | http://viewdns.info/reversewhois/
Zeltser's list | https://zeltser.com/lookup-malicious-websites/
## Exploits and vulnerabilities :door:
Name | URL
------------------------------------ | ---------------------------------------------
CVEdetails | http://www.cvedetails.com/ :star:
CVE.mitre | https://cve.mitre.org/ :star:
Full disclosure | http://seclists.org/fulldisclosure/
See bug | https://www.seebug.org/ :star:
CXSecurity | https://cxsecurity.com/ :star:
Inj3ct0r | http://0day.today/
Packet Storm | https://packetstormsecurity.com/files/tags/exploit/
Exploit-db | http://www.exploit-db.com
Vulnerability-lab | http://www.vulnerability-lab.com/
Vulndb | https://vuldb.com/?archive.2016
Vulners | https://vulners.com/search?query=order:published
Backdoor - TCP-32764 | https://github.com/elvanderb/TCP-32764
Rapid7 DB | https://www.rapid7.com/db/modules/
NIST | http://web.nvd.nist.gov/
Security focus | http://www.securityfocus.com/vulnerabilities
Country compatibility | https://cve.mitre.org/compatible/country.html
Mailing list | https://nmap.org/mailman/listinfo/fulldisclosure
Mail received | http://lists.openwall.net/full-disclosure/2016/
Mailing list | http://seclists.org/
Mailing list | https://lists.debian.org/debian-security-announce/
CVSS FIRST | https://www.first.org/cvss/calculator/3.0
CVSS NIST | https://nvd.nist.gov/cvss/v3-calculator
## Forensic :mag:
Name | URL
------------------------------------------- | ---------------------------------------------
Aldeid list | https://www.aldeid.com/wiki/Category:Digital-Forensics
Awesome forensic | https://github.com/Cugu/awesome-forensics
CFReDS | http://www.cfreds.nist.gov/ :star:
DFRWS challenge | http://www.dfrws.org/dfrws-forensic-challenge-2016
File signatures | https://en.wikipedia.org/wiki/List_of_file_signatures
File signatures | http://www.filesignatures.net/index.php?page=all
File signatures | http://www.garykessler.net/library/file_sigs.html
Forensic kb practical | http://www.forensickb.com/2008/01/forensic-practical.html
Forensic tools | https://forensics.cert.org/
Forensic - Technical graph | http://www.amanhardikar.com/mindmaps/ForensicChallenges.html
Learn with David Cowen | https://www.youtube.com/channel/UCZ7mQV3j4GNX-LU1IKPVQZg
Package - DEFT | http://www.deftlinux.net/package-list/
Package - forensic-all | https://packages.debian.org/stretch/forensics-all :star::star:
Testing Images | http://dftt.sourceforge.net/
Tools - DFIR | http://www.dfir.training/index.php/tools/ :star:
Tools - Forensics wiki | http://forensicswiki.org/wiki/Tools
Tools - NIST | https://toolcatalog.nist.gov/taxonomy/index.php
Windows tools | https://ericzimmerman.github.io/
Windows tools list | http://forensic-proof.com/tools
Windows Artifact | [https://blogs.sans.org/computer-forensics/](https://blogs.sans.org/computer-forensics/files/2012/06/SANS-Digital-Forensics-and-Incident-Response-Poster-2012.pdf)
Write blocker | http://www.cftt.nist.gov/software_write_block.htm
Write blocker | https://github.com/msuhanov/Linux-write-blocker
Zythom list | https://zythom.blogspot.se/2007/02/les-outils-dun-expert-judiciaire.html :fr:
## Free shell :shell:
Name | URL
------------------------------------ | ---------------------------------------------
FreeShells list | http://www.freeshells.info/
Red-pill | http://shells.red-pill.eu/
## Fun :trollface:
Name | URL
------------------------------------ | ---------------------------------------------
Akamai map | https://www.akamai.com/us/en/resources/visualizing-akamai/real-time-web-monitor.jsp :earth_americas:
BGP stream | https://bgpstream.com/ :earth_americas:
Bitdefender map | https://threatmap.bitdefender.com/ :earth_americas:
Blueliv map | https://community.blueliv.com/map/ :earth_americas:
Checkpoint map | https://threatmap.checkpoint.com/ :earth_americas:
DDoS attacks | http://www.digitalattackmap.com/ :trollface:
Dead drops | https://deaddrops.com/db/ :floppy_disk::skull:
Dshield map | https://dshield.org/threatmap.html :earth_americas:
Eset map | http://www.virusradar.com/ :earth_americas:
Fire eye map | https://www.fireeye.com/cyber-map/threat-map.html :earth_americas:
Flight radar | https://www.flightradar24.com :airplane:
Fortinet map | https://threatmap.fortiguard.com/ :earth_americas:
HE maps | https://he.net/3d-map/ :earth_americas:
Kaspersky AV map | https://cybermap.kaspersky.com/ :earth_americas:
Kaspersky map | https://apt.securelist.com/ :earth_americas:
Mozilla location service map | https://location.services.mozilla.com/map :earth_americas:
Open IP video cameras | http://www.insecam.org/ :video_camera::see_no_evil:
Pwnie Awards | http://pwnies.com/nominations/ :horse:
Sub marine cable | http://www.submarinecablemap.com/ :anchor:
Sub marine cable | http://submarine-cable-map-2016.telegeography.com/ :anchor:
Sub marine cable | http://lifewinning.com/submarine-cable-taps/ :anchor:
Threat butt | https://threatbutt.com/map/ :earth_americas::clown_face:
Tor flow map | https://torflow.uncharted.software :earth_americas:
Trendmicro map | https://botnet-cd.trendmicro.com/ :earth_americas:
World of VNC | https://worldofvnc.net/ :santa:
## Generic utilities :file_folder:
Will be reorganized
Name |URL
------------------------------------ | ---------------------------------------------
Abuse Contact DB | https://www.abusix.com/contactdb :closed_book:
CERT teams | https://www.first.org/about/organization/teams
Citizen lab | https://citizenlab.org/
Code analysises | https://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis
Codepad | http://codepad.org/
Crypto currency | https://coinmarketcap.com
Deepweb | https://www.reddit.com/r/deepweb/
Electronic Frontier Foundation | https://www.eff.org/
Face generator | https://www.thispersondoesnotexist.com/
Fake ID | http://www.fakenamegenerator.com/
Hackforum | http://hackforums.net/ :trollface:
Hardened BSD | https://hardenedbsd.org/content/easy-feature-comparison
Hashes example | https://hashcat.net/wiki/doku.php?id=example_hashes
Mibbit | http://www.mibbit.com/
Microsoft threat | http://www.microsoft.com/security
MIME types | https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types/Complete_list_of_MIME_types
MIME types | https://slick.pl/kb/htaccess/complete-list-mime-types/
MIME types | https://www.iana.org/assignments/media-types/media-types.xhtml :star:
Mindmaps | http://www.amanhardikar.com/mindmaps.html :star::star::star:
Random data generator | http://www.mockaroo.com/
Sans | http://isc.sans.edu/diary/ :star::star:
Security wiki | http://oss-security.openwall.org/wiki/
Understand your commands | https://explainshell.com/ :star:
## GNU/Linux
Name | URL
------------------------------------ | ---------------------------------------------
Chkrootkit | https://packages.debian.org/en/jessie/chkrootkit
Command collection | https://github.com/tuwid/GNU-Linux-OpsWiki
Debsecan | https://packages.debian.org/en/jessie/debsecan
GNU/Linux containers | https://github.com/Friz-zy/awesome-linux-containers#security
GNU/Linux executable walkthrough | https://i.imgur.com/q5nyHp7.png
GNU/Linux post exploitation | https://github.com/mubix/post-exploitation/wiki/Linux-Post-Exploitation-Command-List :star:
GNU/Linux workstation | https://github.com/lfit/itpol/blob/master/linux-workstation-security.md :star::star:
Kernel exploitation | https://github.com/xairy/linux-kernel-exploitation
Lynis | https://packages.debian.org/en/jessie/lynis
RE 101 | https://github.com/michalmalik/linux-re-101
RKhunter | https://packages.debian.org/en/jessie/rkhunter :star:
Securing debian | https://www.debian.org/doc/manuals/securing-debian-howto/ch10.en.html :star:
Vulnerability scanner | https://github.com/future-architect/vuls
## Honeypots :honey_pot:
Name | URL
------------------------------------ | ---------------------------------------------
Awesome list - All of them ! | https://github.com/paralax/awesome-honeypots#honeypots :star::star:
Honeynet | https://honeynet.org/project
Live nothink | http://www.nothink.org/honeypots.php
## IP Research / Analysis / Investigation
Name | URL
------------------------------------ | ---------------------------------------------
Abuse IP DB | https://www.abuseipdb.com/
BGP Toolkit | http://bgp.he.net/ :star:
Bing dork | ip:$IP
Black List Alert | http://www.blacklistalert.org/
Black List Check | http://whatismyipaddress.com/blacklist-check/
Check host | http://check-host.net/
FireHOL IP list | https://github.com/firehol/blocklist-ipsets :star:
Google dork | "$IP"
Host file | https://hosts-file.net/
IP void | http://www.ipvoid.com/
Multi RBL | http://multirbl.valli.org/lookup/ :star:
Nirsoft country IP | http://www.nirsoft.net/countryip/
Project Honeypot | https://www.projecthoneypot.org/search_ip.php
RIPE stat | https://stat.ripe.net/
Spamhaus | https://www.spamhaus.org/lookup/
Virus total | https://www.virustotal.com/gui/search/$IP
Whatch Guard | http://www.reputationauthority.org/
## Leak / Defaced :ambulance:
Name | URL
------------------------------------ | ---------------------------------------------
Biggest db leaks | https://cdn.databases.today/
Breach alarm | https://breachalarm.com/
Darknet leaks | https://darknetleaks.ru/archive/leaked/dumps/
Hacked emails | https://hacked-emails.com/
Have I been pwned | https://haveibeenpwned.com/
Isithacked | http://www.isithacked.com
Leakedin | http://www.leakedin.com/
Siph0n | https://twitter.com/datasiph0n
Zone-H | https://zone-h.org/
## Learning / Exercises :mortar_board:
Name | URL
------------------------------------ | ---------------------------------------------
Awesome training | http://opensecuritytraining.info/Training.html :star::star:
Cybrary training | https://www.cybrary.it/
Essential basics | https://github.com/alex/what-happens-when :star::star:
Exploits | https://thesprawl.org/research/
F-Secure training | https://moocfi.github.io/courses/2017/cybersecurity/
Malware Analysis course | https://github.com/RPISEC/Malware :star::star:
Malware traffic training | http://www.malware-traffic-analysis.net/training-exercises.html :star:
Practical analysis | https://practicalmalwareanalysis.com/labs/
Reverse - Malware | http://fumalwareanalysis.blogspot.se/p/malware-analysis-tutorials-reverse.html
Security courses | https://bitvijays.github.io/ :star:
Security training | https://github.com/rmusser01/Infosec_Reference/blob/master/Draft/Courses_Training.md
Security talks | https://github.com/PaulSec/awesome-sec-talks :star:
## Lock picking :closed_lock_with_key:
Name | URL
------------------------------------ | ---------------------------------------------
Awesome lockpicking | https://github.com/meitar/awesome-lockpicking
Lock pick guide | http://lockpickguide.com :star:
Bosnianbill video | https://www.youtube.com/user/bosnianbill/videos :star:
Lock lab | https://lock-lab.com/
Lock wiki | http://www.lockwiki.com/
## Mail utilities :mailbox_with_mail:
Name | URL
------------------------------------ | ---------------------------------------------
10 Minute Mail | http://10minutemail.com
DNSBL | https://en.wikipedia.org/wiki/DNSBL
DKIM validator | http://dkimvalidator.com/
Email recon | https://github.com/laramies/theHarvester
Get air mail | http://en.getairmail.com/
Google Phishing quiz | https://phishingquiz.withgoogle.com/ :star::e-mail::bar_chart:
Gophish | https://github.com/gophish/gophish
Mailinator | https://www.mailinator.com/ # https://gist.github.com/nocturnalgeek/1b8fa44283314544c487
Mailnesia | http://mailnesia.com/
Mailcatch | http://mailcatch.com/
Mxtoolbox | http://www.mxtoolbox.com/
Open phish | https://openphish.com/ :star:
Openresolver JP | http://www.openresolver.jp/en/
Phishing Framework | https://github.com/pentestgeek/phishing-frenzy
Phish tank | http://www.phishtank.com/ :star:
SimplyEmail | https://github.com/killswitch-GUI/SimplyEmail
Spam DB | http://www.dnsbl.info/dnsbl-database-check.php
Spam encode secret | http://spammimic.com/encode.cgi
SpeedPhish Framework | https://github.com/tatanus/SPF
Yop mail | http://www.yopmail.com/
## Malicious traffic detection :vertical_traffic_light:
Name | URL
------------------------------------------- | ---------------------------------------------
10 strategies cyber ops center | [pr-13-1028-mitre-10-strategies-cyber-ops-center.pdf](https://www.mitre.org/sites/default/files/publications/pr-13-1028-mitre-10-strategies-cyber-ops-center.pdf)
Awesome threat detection | https://github.com/0x4D31/awesome-threat-detection
Maltrail | https://github.com/stamparm/maltrail
Packetbeat | https://www.elastic.co/products/beats/packetbeat
p0f | http://lcamtuf.coredump.cx/p0f3/
Tsusen | https://github.com/stamparm/tsusen
## Malware / Botnet sources :angel:
Name | URL
------------------------------------ | ---------------------------------------------
0btemoslab tracker | http://tracker.0btemoslab.com/
Abuse CH | https://www.abuse.ch/
Benkow.cc tracker | http://benkow.cc/
Botnet.fr | https://www.botnets.fr/wiki/Main_Page
Clean MX | http://support.clean-mx.de/clean-mx/viruses.php
Contagio | http://contagiodump.blogspot.se/
Custom Google search engine | https://cse.google.com/cse/home?cx=011750002002865445766%3Apc60zx1rliu (from Corey Harrell)
Cybercrime tracker | http://cybercrime-tracker.net/
Dont need coffee | http://malware.dontneedcoffee.com/
Exposed Botnets | http://www.exposedbotnets.com/
H3X tracker | http://tracker.h3x.eu/
Malc0de | http://malc0de.com/database/
No more ransom | https://www.nomoreransom.org/
Kernel mode | http://www.kernelmode.info
Malware domain list | http://www.malwaredomainlist.com
Malware domain blocklist | http://www.malwaredomains.com
Malware museum | https://archive.org/details/malwaremuseum
Malware src | https://malwares.github.io/
Malware.lu | https://malware.lu/
Mirai tracker | https://mirai.security.gives/
MISP | https://github.com/MISP/MISP
Ransomware overview | https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml#
Ransomware simulator | https://shinolocker.com/
Ransomware tracker | https://ransomwaretracker.abuse.ch/tracker/
SafeGroup | http://www.malware.pl/ - https://www.scumware.org/
Structured Threat Information eXpression | https://stixproject.github.io/
The Zoo aka Malware DB | https://ytisf.github.io/theZoo/
Total hash | https://totalhash.cymru.com/
VirusBay | https://beta.virusbay.io/
VirusShare | https://virusshare.com/
VX Vault | http://vxvault.net/
Yararules | https://github.com/Yara-Rules/rules
ZeuS Tracker | https://zeustracker.abuse.ch
## Malware analysis - Sandbox :mask:
Name | URL
------------------------------------ | ---------------------------------------------
Zeltser's list | https://zeltser.com/automated-malware-analysis/
Cuckoo Sandbox | https://www.cuckoosandbox.org/
Mastiff | https://github.com/KoreLogicSecurity/mastiff
Fastir | https://github.com/SekoiaLab/Fastir_Collector
SysAnalyser | https://github.com/dzzie/SysAnalyzer
Viper | https://github.com/viper-framework/viper
REMnux | http://zeltser.com/remnux/
Zeltser analysis | http://zeltser.com/reverse-malware/automated-malware-analysis.html
Manalyze | https://github.com/JusticeRage/Manalyze
Quarkslab IRMA | http://irma.quarkslab.com/
Dorothy2 | https://github.com/m4rco-/dorothy2
F-Secure see | https://github.com/F-Secure/see
Noriben | https://github.com/Rurik/Noriben
Malheur | https://github.com/rieck/malheur
Drakvuf | https://github.com/tklengyel/drakvuf
Zero Wine Tryouts | http://zerowine-tryout.sourceforge.net/
RFI sandbox | https://monkey.org/~jose/software/rfi-sandbox/
Malwasm | https://github.com/malwarelu/malwasm
## Malware analysis - Sandbox - Online :mask:
Name |URL
------------------------------------ | ---------------------------------------------
Any.run | https://any.run/
AVcaesar | https://avcaesar.malware.lu/
Cape | https://cape.contextis.com/
Comodo | https://cit.valkyrie.comodo.com/
Hybrid analysis | https://www.hybrid-analysis.com/
ID Ransomware | https://id-ransomware.malwarehunterteam.com/
Jotti | http://virusscan.jotti.org/it
Joe sandbox | https://www.joesandbox.com/
Malwareconfig | http://malwareconfig.com/
Malware tracker | http://www.cryptam.com/
Malwr - Cuckoo | https://malwr.com/
Other list | http://cleanbytes.net/malware-online-scanners
PDF examiner | http://www.pdfexaminer.com/
PE dump | https://github.com/zed-0xff/pedump
Randomly changes Win32/64 PE Files | https://github.com/secretsquirrel/recomposer
ViCheck | https://www.vicheck.ca/
Virscan | http://www.virscan.org/
VirusTotal | http://www.virustotal.com/
Virus Total Notifier | https://github.com/mubix/vt-notify
## Mobile :iphone:
Name |URL
------------------------------------ | ---------------------------------------------
APK Analzyer | http://www.apk-analyzer.net/
Droid Sec wiki | http://www.droidsec.org/wiki/
Joebox Cloud | https://jbxcloud.joesecurity.org/login
Mobile security wiki | https://mobilesecuritywiki.com/ :star:
OWASP Goat Droid | https://www.owasp.org/index.php/Projects/OWASP_GoatDroid_Project
Sand droid | http://sanddroid.xjtu.edu.cn
Wiki secmobi | https://github.com/secmobi/wiki.secmobi.com :trophy:
## Network
Name | URL
------------------------------------ | ---------------------------------------------
Awesome PCAP | https://github.com/caesar0301/awesome-pcaptools :star:
BGPlay | https://stat.ripe.net/widget/bgplay :star:
GNU/Linux monitoring | https://blog.serverdensity.com/80-linux-monitoring-tools-know/
MAC address block | http://standards-oui.ieee.org/oui/oui.txt
MAC find | http://www.coffer.com/mac_find/
MAC find | http://hwaddress.com
Packet total | http://www.packettotal.com/
Ping.eu | http://ping.eu/
Project honeypot | https://www.projecthoneypot.org/
Protocol Numbers | http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
Publicly PCAP files | http://www.netresec.com/?page=PcapFiles
Service Port Number Registry | [https://www.iana.org/assignments/service-names-port-numbers/](https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml) :star::star:
Service Port Number Registry | https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
Subnet calculator | http://www.subnet-calculator.com/cidr.php
Subnet calculator | http://www.subnetonline.com/pages/subnet-calculators.php
Security Onion tools | https://github.com/Security-Onion-Solutions/security-onion/wiki/Tools
## OSINT
Name | URL
------------------------------------ | ---------------------------------------------
Osint list | https://github.com/jivoi/awesome-osint :star:
List of social network | https://en.wikipedia.org/wiki/List_of_social_networking_websites :star:
Reddit | https://www.reddit.com/r/SocialEngineering/
Maltego | https://www.paterva.com/
Hunter | https://hunter.io/
Pipl | https://pipl.com/
Peek you | http://www.peekyou.com/
Lullar | http://com.lullar.com/
Lakako | http://www.lakako.com/
Yasni | http://www.yasni.com/
User search | https://usersearch.org/
Google | https://www.google.com/advanced_search
Google dorks | `intext:lastName firstName`
Google dorks | `insubject:lastName firstName`
Google dorks | `intext:lastName firstName filetype:pdf || filetype:doc || filetype:xml || filetype:txt || filetype:xls || filetype:ppt || filetype:pps || filetype:docx || filetype:wps || filetype:rtf || filetype:csv || filetype:pptx || filetype:xlsx || filetype:xlr || filetype:sxw || filetype:ods || filetype:odt || filetype:psw`
Google Scraper | https://github.com/NikolaiT/GoogleScraper
Bing | https://www.bing.com/
Bing dorks | `lastName firstName (filetype:doc OR filetype:ppt OR filetype:pps OR filetype:xls OR filetype:docx OR filetype:pptx OR filetype:ppsx OR filetype:xlsx OR filetype:sxw OR filetype:sxc OR filetype:sxi OR filetype:odt OR filetype:ods OR filetype:odg OR filetype:odp OR filetype:pdf OR filetype:wpd OR filetype:svg OR filetype:svgz OR filetype:indd OR filetype:rdp OR filetype:ica)`
Yahoo | https://search.yahoo.com/
Duck duck go | https://duckduckgo.com/
Yandex | https://www.yandex.com/
Exa lead | http://www.exalead.com
Osint stalker | https://github.com/milo2012/osintstalker
Speed phish framework | https://github.com/tatanus/SPF
Browser exploitation framework | https://github.com/beefproject/beef
The harvester | https://github.com/laramies/theHarvester
Meta goofil | https://github.com/laramies/metagoofil
## OS X
Name | URL
------------------------------------ | ---------------------------------------------
Awesome OSX & IOS sec list | https://github.com/ashishb/osx-and-ios-security-awesome
OSX auditor | https://github.com/jipegit/OSXAuditor
OWASP iGoat Project | https://www.owasp.org/index.php/OWASP_iGoat_Project
Security and privacy guide | https://github.com/drduh/OS-X-Security-and-Privacy-Guide
stronghold - Easily configure MacOS security settings from the terminal. | https://github.com/alichtman/stronghold
## Passwords :key:
Name | URL
------------------------------------ | ---------------------------------------------
CrackStation | https://crackstation.net/buy-crackstation-wordlist-password-cracking-dictionary.htm
Default password | https://default-password.info/
Default password | https://cirt.net/passwords
Default password | http://www.defaultpassword.com/
Default password | http://www.defaultpassword.us/
Default cameras password | https://github.com/jeanphorn/wordlist/blob/master/README.md
Default password thc-hydra | https://github.com/vanhauser-thc/thc-hydra/blob/master/dpl4hydra_full.csv
Dafault router password | http://www.cleancss.com/router-default/
Default router password | https://github.com/jeanphorn/wordlist/blob/master/router_default_password.md
Default VoIP password | https://github.com/netbiosX/Default-Credentials/blob/master/VoIP-Default-Password-List.mdown
Fun secure password checker | https://password.kaspersky.com/
Hashcat WIKI | https://hashcat.net/wiki/
Multiple dictionary | https://github.com/danielmiessler/SecLists/tree/master/Passwords
Multiple dictionary | https://github.com/duyetdev/bruteforce-database
Online CrackStation | https://crackstation.net
Online Hask Killer | https://hashkiller.co.uk
Online Hash crack | http://www.onlinehashcrack.com/
Online MD5 and SHA1 db | http://hashtoolkit.com/
OpenWall | http://www.openwall.com/passwords/wordlists/ or ftp://ftp.openwall.com/pub/wordlists/
Outpost9 | http://www.outpost9.com/files/WordLists.html
Packets storm | https://packetstormsecurity.com/Crackers/wordlists/
Password research | http://www.passwordresearch.com/
Programming - Secure Password Storage | https://paragonie.com/blog/2016/02/how-safely-store-password-in-2016
SecLists | https://github.com/danielmiessler/SecLists/tree/master/Passwords
Skull security | https://wiki.skullsecurity.org/Passwords
SSH dictionary | https://github.com/droope/pwlist
## Penetration testing :wrench:
Name | URL
------------------------------------ | ---------------------------------------------
Awesome pentest | https://github.com/enaqx/awesome-pentest
Awesome WAF | https://github.com/0xInfection/Awesome-WAF
Footprinting - Procedure & tools | http://www.0daysecurity.com/penetration-testing/network-footprinting.html
GNU/Linux privilege escalation | https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/ :star:
Informaion gathering - Tools | http://www.w4rri0r.com/hacking-tools-windows-os-x-linux-android-solaris-unixware/information-gathering.html
IppSec channel | https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA
Organization of the Standard | http://www.pentest-standard.org/index.php/Main_Page :star:
Owasp - Check list | https://www.owasp.org/index.php/Testing_Checklist
Owasp testing guide | https://www.owasp.org/images/1/19/OTGv4.pdf :star::star:
Owasp - tools | https://www.owasp.org/index.php/Category:OWASP_Tool
Public pentest reports | https://github.com/juliocesarfort/public-pentesting-reports :star:
Python tools for pentest | https://github.com/dloss/python-pentest-tools
Report sample | https://www.offensive-security.com/reports/sample-penetration-testing-report.pdf
Reverse engineering | http://wiki.yobi.be/wiki/Reverse-Engineering
SANS Penetration Testing | http://pen-testing.sans.org
Services enumeration | http://www.0daysecurity.com/penetration-testing/enumeration.html :star:
Tools - BlackArch list | https://blackarch.org/tools.html
Tools - Great list | http://wiki.yobi.be/wiki/Table_of_contents#Security
Tools - Kali list | http://tools.kali.org/tools-listing
Web | http://www.w4rri0r.com/hacking-tools-windows-os-x-linux-android-solaris-unixware/web-application-analysis.html
Web vulnerabilities | http://www.w4rri0r.com/hacking-tools-windows-os-x-linux-android-solaris-unixware/vulnerability-assessment.html
Webshell list | https://github.com/tennc/webshell
## Port scanners :dart: && Wide Scans :statue_of_liberty:
Name | URL
------------------------------------ | ---------------------------------------------
Masscan | https://github.com/robertdavidgraham/masscan
Masscan Defcon conference | [https://defcon.org/](https://defcon.org/images/defcon-22/dc-22-presentations/Graham-McMillan-Tentler/DEFCON-22-Graham-McMillan-Tentler-Masscaning-the-Internet.pdf)
Network Scan Mon | https://scan.netlab.360.com/#/dashboard
Nmap | https://nmap.org/7/
Nscan | https://github.com/OffensivePython/Nscan
PFRing | https://github.com/ntop/PF_RING
Rapid7 Sonar Labs | https://sonar.labs.rapid7.com/
Rapid7 Sonar Blackhat conference | [https://www.blackhat.com/](https://www.blackhat.com/docs/asia-14/materials/Schloesser/Asia-14-Schloesser-Scan-All-The-Things.pdf)
Scans.io | https://scans.io/
Shadowserver | https://www.shadowserver.org/ :star::star::star::star:
Sonar similar projects | https://github.com/rapid7/sonar/wiki/Similar-Projects
Trending Ports | https://isc.sans.edu/trends.html
Zmap | https://zmap.io/
Zgrab | https://github.com/zmap/zgrab
## Search engines :satellite:
Name | URL
------------------------------------ | ---------------------------------------------
ZoomEye | https://zoomeye.org/ :star::cn:
Shodan | https://www.shodan.io/
Censys | https://censys.io/
Gegereka | http://gegereka.com/ (not always up)
Google | https://www.google.com/advanced_search
Google dorks | https://gist.github.com/zbetcheckin/04e6a5d7f2d5ef8cfa3c298701f47f9c
List of search engines | https://en.wikipedia.org/wiki/List_of_search_engines
Threat crowd | https://www.threatcrowd.org/
## Security challenges / WarGames :triangular_flag_on_post:
Name | URL
------------------------------------ | ---------------------------------------------
Zenk-Security | https://www.zenk-security.com/
Root-Me | http://www.root-me.org/
Overthewire | http://overthewire.org/wargames/
Reversing | http://reversing.kr/
Pwnable | http://pwnable.kr/
Newbiecontest | https://www.newbiecontest.org/
OWASP VWAD list | https://github.com/OWASP/OWASP-VWAD/
WeChall | https://www.wechall.net/
Vulnhub | https://www.vulnhub.com/ :star:
Net Garage | http://io.netgarage.org/
SmashTheStack | http://smashthestack.org/
Hackthissite | http://www.hackthissite.org/
Hack.me | https://hack.me
HackThis! | http://www.hackthis.co.uk/
Backdoor.Sdslabs | https://backdoor.sdslabs.co/
Bright-shadows | http://www.bright-shadows.net/
SmashTheStack | http://smashthestack.org/
Ringzer0team | https://ringzer0team.com/challenges
Forensic contest | http://forensicscontest.com/puzzles
Lost chall | http://www.lost-chall.org/
Rankk | http://www.rankk.org/
Happy Security | http://www.happy-security.de/
Net force | https://www.net-force.nl/challenges/
CanYouHack.it | http://canyouhack.it/
Hellboundhackers | https://www.hellboundhackers.org/
Microcorruption | https://microcorruption.com/
## Skimmer :black_joker:
Name |URL
------------------------------------ | ---------------------------------------------
Skimmer source from Krebs | https://krebsonsecurity.com/all-about-skimmers/
Great reverse engineering on skimmer | https://trustfoundry.net/reverse-engineering-a-discovered-atm-skimmer/
## SSH
Name | URL
------------------------------------ | ---------------------------------------------
Bruteforce know hosts | https://github.com/Churro/bruteforce-known-hosts
OpenSSH guidelines | https://wiki.mozilla.org/Security/Guidelines/OpenSSH
SSH audit | https://github.com/arthepsy/ssh-audit.git
SSH audit online | https://sshcheck.com
Who's there | https://github.com/FiloSottile/whosthere
## SSL
Name | URL
------------------------------------ | ---------------------------------------------
Certificate search | https://crt.sh
Bad SSL | https://github.com/chromium/badssl.com
Htbridge - Online analysis | https://www.htbridge.com/ssl/
Mozilla SSL Configuration Generator | https://mozilla.github.io/server-side-tls/ssl-config-generator/
Observatory by Mozilla - Online analysis | https://observatory.mozilla.org/ :star::star::star::star:
O-Saft - Tools | https://www.owasp.org/index.php/O-Saft
OWASP tests - Procedure | [https://www.owasp.org/index.php/Testing_for_Weak_SSL/TLS_Ciphers](https://www.owasp.org/index.php/Testing_for_Weak_SSL/TLS_Ciphers,_Insufficient_Transport_Layer_Protection_(OTG-CRYPST-002))
Qualys SSL Labs - Online analysis | https://www.ssllabs.com/ssltest/
SSLscan - Tools | https://github.com/rbsec/sslscan
SSLyze - Tools | https://github.com/iSECPartners/sslyze
Testssl.sh - Tools | https://github.com/drwetter/testssl.sh :star:
## TOR
Name | URL
------------------------------------ | ---------------------------------------------
Hidden services | https://www.torproject.org/docs/hidden-services.html.en
Hidden services scanner | https://github.com/superp00t/sadonion
Reddit | https://www.reddit.com/r/onions/
Scan Onion Services | https://github.com/s-rah/onionscan
Search engine - Grams | http://grams7enufi7jmdl.onion/
Search engine - Ahmia | https://ahmia.fi/
Search engine - TORCH | http://xmh57jrzrnw6insl.onion/
Search engine - DuckDuckGo | http://3g2upl4pq6kufc4m.onion/
Tails | https://tails.boum.org/
The hidden wiki | https://thehiddenwiki.org/
Tolerant ISP for exit node | https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs
Tor Browser Fingerprint | https://github.com/jonaslejon/tor-fingerprint
Tor Bulk exit list | https://check.torproject.org/cgi-bin/TorBulkExitList.py
Tor IP history | https://exonerator.torproject.org/
Tor Know exit nodes | https://check.torproject.org/exit-addresses
Tor Project | https://www.torproject.org/
Tor Relays bandwidth | https://github.com/TheTorProject/bwscanner
Tor Socks | https://gitweb.torproject.org/torsocks.git
Tor Status | https://torstatus.blutmagie.de/
URL onion inspector | https://github.com/k4m4/onioff
## VOIP :phone:
Name | URL
------------------------------------------- | ---------------------------------------------
Penetration test | http://0daysecurity.com/penetration-testing/VoIP-security.html
## VPN
Name | URL
------------------------------------ | ---------------------------------------------
Open VPN | https://github.com/OpenVPN
Comparison | https://thatoneprivacysite.net/vpn-comparison-chart/
Location test | https://www.dnsleaktest.com/
Location test | https://ipleak.net/
## Vulnerable environments :unlock:
Name | URL
------------------------------------ | ---------------------------------------------
Owasp list | https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project/Pages/Offline
Owasp BWA | https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project
DVWA | http://www.dvwa.co.uk/
WebGoat | http://code.google.com/p/webgoat
Metasploitable 3 | https://github.com/rapid7/metasploitable3/wiki
Vulnerable systems list | https://www.amanhardikar.com/mindmaps/Practice.html :star:
VulnHub | http://vulnhub.com/
LampSecurity | http://sourceforge.net/projects/lampsecurity/
Hackademic-RTB1 | http://www.aldeid.com/wiki/Hackademic-RTB1
Moth | http://www.bonsai-sec.com
Peruggia | http://sourceforge.net/projects/peruggia/
## Web browser
Name | URL
------------------------------------ | ---------------------------------------------
Amiunique project | https://github.com/DIVERSIFY-project/amiunique
Browser exploit | https://github.com/julienbedard/browsersploit
Browser info | http://www.browser-info.net/
Browser leaks | https://www.browserleaks.com/
Browser recommendations | https://gist.github.com/atcuno/3425484ac5cce5298932 :star:
Browserling | https://www.browserling.com/
Fingerprint | https://amiunique.org/
Fingerprint | https://panopticlick.eff.org/
Flash | http://isflashinstalled.com/
Referer | https://www.whatismyreferer.com/
SSL | https://www.ssllabs.com/ssltest/viewMyClient.html
URL Shorter List | https://bit.do/list-of-url-shorteners.php
User agent | http://useragentstring.com/pages/useragentstring.php
User agent | http://whatsmyuseragent.com/
User agent | https://www.projecthoneypot.org/robot_useragents.php
User agent | https://www.whatismybrowser.com/developers/tools/user-agent-parser/browse
Web technologies support tables | https://caniuse.com/
## Windows
Name | URL
------------------------------------ | ---------------------------------------------
Anti forensic Windows | https://www.reddit.com/r/security/comments/32fb1l/open_guide_to_scrubbing_windows_oss_from_forensic/
Security development | https://github.com/ExpLife0011/awesome-windows-kernel-security-development
Windows executable walkthrough | https://i.imgur.com/pHjcI.png
Windows exploitation | https://github.com/r3p3r/nixawk-awesome-windows-exploitation
Windows hardening | https://github.com/PaulSec/awesome-windows-domain-hardening
## Wireless / Radio :signal_strength:
Name | URL
------------------------------------------- | ---------------------------------------------
Awesome wifi tools list | https://github.com/0x90/wifi-arsenal
Penetration test | http://0daysecurity.com/penetration-testing/wireless-penetration.html
Great wifi map | https://wigle.net/
RFSec-ToolKit | https://github.com/cn0xroot/RFSec-ToolKit
RTL-SDR | http://www.rtl-sdr.com/
Wireless in airports | https://www.google.com/maps/d/viewer?mid=1Z1dI8hoBZSJNWFx2xr_MMxSxSxY