#Security list for fun and profit
My initial idea came from this list : http://www.nothink.org/utilities.php
I wanted to update it with my sources, I will probably continue to update and reorganize it in the future.
- Awesome lists
- Cheat sheets
- Penetration testing / Tools
- Exploits and vulnerabilities
- CTF
- Exercises
- Vulnerable environments
- Security challenges / WarGames
- Books
- Bug bounty
- Port scanners
- Malicious traffic detection
- Search engines
- Wide Scans
- Honeypots
- Malware / Botnet sources
- Malware analysis - Sandbox
- Online malware analysis - Sandbox
- Decoder/Packer/Unpacker
- GNU/Linux
- Windows
- OS X
- Forensic - Network
- IP Research / Analysis / Investigation
- Domain Research / Analysis / Reputation
- Mail utilities
- Passwords
- Generic utilities
- Defaced websites / Data leak
- Wireless
- VOIP
- Free shell
- VPN
- Web browser
- Fingerprint
- SSL
- Tor resources
- Fun
##Awesome lists ๐
Name | URL |
---|---|
Malware analysis | https://github.com/rshipp/awesome-malware-analysis/ ๐ |
Incident response | https://github.com/meirwah/awesome-incident-response/ ๐ |
Honeypots | https://github.com/paralax/awesome-honeypots ๐ |
PCAP | https://github.com/caesar0301/awesome-pcaptools |
Network | https://github.com/Security-Onion-Solutions/security-onion/wiki/Tools |
GNU/Linux workstation | https://github.com/lfit/itpol/blob/master/linux-workstation-security.md |
GNU/Linux post exploitation | https://github.com/mubix/post-exploitation/wiki/Linux-Post-Exploitation-Command-List |
GNU/Linux containers | https://github.com/Friz-zy/awesome-linux-containers#security |
Android | https://github.com/ashishb/android-security-awesome |
Web | https://github.com/infoslack/awesome-web-hacking |
Security list | https://github.com/sbilly/awesome-security |
Lists of lists of lists | https://github.com/t3chnoboy/awesome-awesome-awesome |
Other lists of lists of lists | https://github.com/geekan/awesome-awesome-awesome |
##Cheat sheets ๐
Name | URL |
---|---|
Owasp cheat sheet series | https://www.owasp.org/index.php/OWASP_Cheat_Sheet_Series |
Web application cheat sheet | https://www.owasp.org/index.php/Web_Application_Security_Testing_Cheat_Sheet |
Pentest monkey | http://pentestmonkey.net |
Packet life | http://packetlife.net/library/cheat-sheets/ |
Reverse | http://r00ted.com/cheat%20sheet%20reverse%20v5.png |
SANS Forensic | https://digital-forensics.sans.org/community/cheat-sheets |
Penetration test | https://github.com/jshaw87/Cheatsheets |
Penetration Test | https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/ |
SQL injection | http://websec.ca/kb/sql_injection |
LFI | https://highon.coffee/blog/lfi-cheat-sheet/ |
Zeltser's cheat sheets list | https://zeltser.com/cheat-sheets/ |
##Penetration testing ๐ง
##Exploits and vulnerabilities ๐ช
Name | URL |
---|---|
CVEdetails | http://www.cvedetails.com/ |
CVE.mitre | https://cve.mitre.org/ |
Full disclosure | http://seclists.org/fulldisclosure/ |
CXSecurity | https://cxsecurity.com/ ๐ |
Exploit-db | http://www.exploit-db.com |
Vulnerability-lab | http://www.vulnerability-lab.com/ |
Inj3ct0r | http://0day.today/ |
Backdoor - TCP-32764 | https://github.com/elvanderb/TCP-32764 |
Rapid7 DB | https://www.rapid7.com/db/modules/ |
Intelligent Exploit | http://www.intelligentexploit.com |
Exploits download | http://www.exploitsdownload.com |
NIST | http://web.nvd.nist.gov/ |
Security focus | http://www.securityfocus.com/vulnerabilities |
Country compatibility | https://cve.mitre.org/compatible/country.html |
Mailing list | https://nmap.org/mailman/listinfo/fulldisclosure |
Mail received | http://lists.openwall.net/full-disclosure/2016/ |
Mailing list | https://lists.debian.org/debian-security-announce/ |
##CTF ๐ฉ
Name | URL |
---|---|
CTFTIME | https://ctftime.org/ |
Write-ups | https://github.com/ctfs |
https://www.reddit.com/r/securityctf | |
Tools list | https://github.com/Laxa/HackingTools |
Tools list | https://github.com/zardus/ctf-tools |
Tools list | https://github.com/apsdehal/awesome-ctf |
Tinyctf platform | https://github.com/balidani/tinyctf-platform |
Isislab platform | https://github.com/isislab/CTFd |
Facebook platform | https://github.com/facebook/fbctf |
Mellivora platform | https://github.com/Nakiami/mellivora |
##Exercises ๐
Name | URL |
---|---|
Reverse - Malware | http://fumalwareanalysis.blogspot.se/p/malware-analysis-tutorials-reverse.html |
Network - Malware | http://www.malware-traffic-analysis.net/training-exercises.html |
Network - Forensic | https://www.honeynet.org/node/504 |
Exploits | https://exploit-exercises.com/ |
Exploits | https://thesprawl.org/research/ |
##Security challenges / WarGames ๐ฉ
##Vulnerable environments ๐
Name | URL |
---|---|
Owasp list | https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project/Pages/Offline |
Owasp BWA | https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project |
DVWA | http://www.dvwa.co.uk/ |
WebGoat | http://code.google.com/p/webgoat |
Metasploitable | http://information.rapid7.com |
VulnHub | http://vulnhub.com/ |
LampSecurity | http://sourceforge.net/projects/lampsecurity/ |
Dragon | https://www.dragonresearchgroup.org/challenges/ |
Hackademic-RTB1 | http://www.aldeid.com/wiki/Hackademic-RTB1 |
Moth | http://www.bonsai-sec.com |
Peruggia | http://sourceforge.net/projects/peruggia/ |
XSS play ground | http://xssplayground.net23.net/ |
##Books ๐
Name | URL |
---|---|
Many books | https://yadi.sk/d/Fkww0QKbuTdVF ๐ |
Books | https://github.com/JpGallegos/CySecBooks/ |
##Bug bounty ๐ซ
Name | URL |
---|---|
BugCrowd.com | https://bugcrowd.com/programs |
HackerOne | https://hackerone.com |
BountyFactory | https://bountyfactory.io |
Firebounty | https://firebounty.com |
Bugsheet | http://www.bugsheet.com/ |
BountySource | https://www.bountysource.com/ |
NewsLetter about bug bounty | http://bugbountyweekly.com |
More bug bounty | https://bugcrowd.com/list-of-bug-bounty-programs# |
##Port scanners ๐ฏ
Name | URL |
---|---|
Masscan | https://github.com/robertdavidgraham/masscan |
Nmap | https://nmap.org/7/ |
Zmap | https://zmap.io/ |
Zgrab | https://github.com/zmap/zgrab (Banner Grabber) |
Nscan | https://github.com/OffensivePython/Nscan |
Scanrand | https://www.sans.org/security-resources/idfaq/scanrand.php |
PFRing | https://github.com/ntop/PF_RING - High-speed packet processing framework |
##Search engines ๐ก
Name | URL |
---|---|
ZoomEye | https://zoomeye.org/ ๐ |
Shodan | https://www.shodan.io/ |
Censys | https://censys.io/ |
Gegereka | http://gegereka.com/ (not always up) |
##Malicious traffic detection ๐ฆ
Name | URL |
---|---|
Maltrail | https://github.com/stamparm/maltrail ๐ |
Tsusen | https://github.com/stamparm/tsusen |
Packetbeat | https://www.elastic.co/products/beats/packetbeat |
p0f | http://lcamtuf.coredump.cx/p0f3/ |
##Wide Scans ๐
Name | URL |
---|---|
Scans.io | https://scans.io/ |
Rapid7 Sonar Labs | https://sonar.labs.rapid7.com/ |
Similar projects | https://github.com/rapid7/sonar/wiki/Similar-Projects |
Defcon conference | https://defcon.org/ |
Blackhat conference | https://www.blackhat.com/ |
##Honeypots ๐ฏ
Name | URL |
---|---|
Awesome list - All of them ! | https://github.com/paralax/awesome-honeypots#honeypots ๐ |
Live nothink | http://www.nothink.org/honeypots.php |
Live sshpot | http://sshpot.com/ |
##Malware / Botnet sources ๐ผ
##Malware analysis - Sandbox ๐ท
##Online malware analysis - Sandbox ๐ท
##Decoder/Packer/Unpacker
Name | URL |
---|---|
URL | http://meyerweb.com/eric/tools/dencoder/ |
HEXdecoder | http://ddecode.com/hexdecoder/ |
JSDetox | http://www.relentless-coding.com/projects/jsdetox/ |
JSNice | http://www.jsnice.org/ |
JSUnpack | https://github.com/urule99/jsunpack-n |
JSBeautifier | http://jsbeautifier.org/ |
JavaScript Compressor | http://dean.edwards.name/packer/ |
Jjencode | http://utf-8.jp/public/jjencode.html |
JSFuck | http://www.jsfuck.com/ |
Jsobfuscate | http://www.jsobfuscate.com/ |
Netteleuthe | http://www.netteleuthe.de/gc/ |
PHPdecoder | http://ddecode.com/phpdecoder/ |
PHP encoding | http://yehg.net/encoding/ |
Hackvertor (Tag based decoder/encoder) | https://hackvertor.co.uk/public |
##GNU/Linux
Name | URL |
---|---|
Lynis | https://packages.debian.org/en/jessie/lynis |
Chkrootkit | https://packages.debian.org/en/jessie/chkrootkit |
RKhunter | https://packages.debian.org/en/jessie/rkhunter |
Debsecan | https://packages.debian.org/en/jessie/debsecan |
GNU/Linux post exploitation | https://github.com/mubix/post-exploitation/wiki/Linux-Post-Exploitation-Command-List |
GNU/Linux workstation | https://github.com/lfit/itpol/blob/master/linux-workstation-security.md |
Securing debian | https://www.debian.org/doc/manuals/securing-debian-howto/ch10.en.html |
GNU/Linux containers | https://github.com/Friz-zy/awesome-linux-containers#security |
Command collection | https://github.com/tuwid/GNU-Linux-OpsWiki |
##Windows
Name | URL |
---|---|
Windows exploitation | https://github.com/enddo/awesome-windows-exploitation |
Anti forensic Windows | https://www.reddit.com/r/security/comments/32fb1l/open_guide_to_scrubbing_windows_oss_from_forensic/ |
##OS X
Name | URL |
---|---|
Security and privacy guide | https://github.com/drduh/OS-X-Security-and-Privacy-Guide |
##Forensic - Network ๐
##IP Research / Analysis / Investigation
Name | URL |
---|---|
BGP Toolkit | http://bgp.he.net/ ๐ |
Google dork | "xxx.xxx.xxx.xxx" (replace xxx.xxx.xxx.xxx with the ip you are looking for) |
Bing dork | ip:xxx.xxx.xxx.xxx |
Whois | https://whois.domaintools.com/ |
IP void | http://www.ipvoid.com/ ๐ |
IPv4 info | http://ipv4info.com/ ๐ |
TCP utils | http://www.tcpiputils.com/ |
Black List Alert | http://www.blacklistalert.org/ |
Whatch Guard | http://www.reputationauthority.org/ |
Black List Check | http://whatismyipaddress.com/blacklist-check/ |
Project Honeypot | https://www.projecthoneypot.org/search_ip.php |
Spamhaus | https://www.spamhaus.org/lookup/ |
Nirsoft country IP | http://www.nirsoft.net/countryip/ |
Check-host | http://check-host.net/ |
##Domain Research / Analysis / Reputation ๐
Name | URL |
---|---|
Checking multiple blocklists | http://rbls.org/ ๐ |
Into DNS | http://www.intodns.com/intodns.com |
URL Void | http://www.urlvoid.com/ ๐ |
urlQuery | http://urlquery.net/search.php ๐ |
Virus total | https://www.virustotal.com/#url |
https://www.google.com/transparencyreport/safebrowsing/diagnostic/ | |
Sucuri | http://sitecheck.sucuri.net/scanner/ |
Trusted source | http://www.trustedsource.org/ |
Isithacked | http://www.isithacked.com |
MXToolBox | https://mxtoolbox.com/SuperTool.aspx# |
Wois | https://whois.domaintools.com/ |
Build with | https://builtwith.com/ |
Expired domain | https://www.expireddomains.net/backorder-expired-domains/ |
Zeltser's list | https://zeltser.com/lookup-malicious-websites/ |
Domain analysis list | https://github.com/rshipp/awesome-malware-analysis/#domain-analysis |
##Wireless ๐ถ
Name | URL |
---|---|
Awesome wifi tools list | https://github.com/0x90/wifi-arsenal |
Penetration test | http://0daysecurity.com/penetration-testing/wireless-penetration.html |
Great wifi map | https://wigle.net/ |
Wireless in airports | https://www.google.com/maps/d/viewer?mid=1Z1dI8hoBZSJNWFx2xr_MMxSxSxY |
##VOIP โ๏ธ
Name | URL |
---|---|
Penetration test | http://0daysecurity.com/penetration-testing/VoIP-security.html |
Penetration test | http://www.backtrack-linux.org/wiki/index.php/Pentesting_VOIP |
##Free shell ๐
Name | URL |
---|---|
FreeShells list | http://www.freeshells.info/ |
Devio.us OpenBSD | http://devio.us/ |
Red-pill | http://shells.red-pill.eu/ |
##Mail utilities ๐ฌ
Name | URL |
---|---|
10 Minute Mail | http://10minutemail.com |
Spam DB | http://www.dnsbl.info/dnsbl-database-check.php |
Mxtoolbox | http://www.mxtoolbox.com/ |
Open relay | http://www.mailradar.com |
Openresolver JP | http://www.openresolver.jp/en/ |
DKIM validator | http://dkimvalidator.com/ |
Email recon | https://github.com/laramies/theHarvester |
Gophish | https://github.com/gophish/gophish |
SimplyEmail | https://github.com/killswitch-GUI/SimplyEmail |
SpeedPhish Framework | https://github.com/tatanus/SPF |
Phishing Framework | https://github.com/pentestgeek/phishing-frenzy |
Spam encode secret | http://spammimic.com/encode.cgi |
##Passwords ๐
##Generic utilities ๐
Will be reorganized
##Defaced websites / Data leak ๐
Name | URL |
---|---|
Zone-H | https://zone-h.org/ |
Mr white | https://mrwhite.biz/ |
URL Find | http://urlfind.org/ |
XSSposed | https://www.xssposed.org/ |
Leakedin | http://www.leakedin.com/ |
##VPN
Name | URL |
---|---|
Comparison | https://thatoneprivacysite.net/vpn-comparison-chart/ |
Location test | https://www.dnsleaktest.com/ |
Location test | https://ipleak.net/ |
##Tor resources
Name | URL |
---|---|
Tor Project | https://www.torproject.org/ |
Tor know exit nodes | https://check.torproject.org/exit-addresses |
Tor bulk exit list | https://check.torproject.org/cgi-bin/TorBulkExitList.py |
Tor status | https://torstatus.blutmagie.de/ |
Tor socks | https://gitweb.torproject.org/torsocks.git |
Tor hidden services | https://www.torproject.org/docs/hidden-services.html.en |
Tor Hidden Services search | http://www.ahmia.fi |
Tor hidden services scanner | https://github.com/superp00t/sadonion |
Scan Onion Services | https://github.com/s-rah/onionscan |
Tor Browser Fingerprint | https://github.com/jonaslejon/tor-fingerprint |
Tor relays bandwidth | https://github.com/TheTorProject/bwscanner |
Tor flow map | https://torflow.uncharted.software |
Onion Mail | http://onionmail.info/ |
Tails | https://blog.torproject.org/blogs/tails |
##Web browser
Name | URL |
---|---|
Browser recommendations | https://gist.github.com/atcuno/3425484ac5cce5298932 |
Fingerprint | https://amiunique.org/ |
Amiunique project | https://github.com/DIVERSIFY-project/amiunique |
Fingerprint | https://panopticlick.eff.org/ |
Browser info | http://www.browser-info.net/ |
SSL | https://www.ssllabs.com/ssltest/viewMyClient.html |
User agent | http://whatsmyuseragent.com/ |
Referer | https://www.whatismyreferer.com/ |
Flash | http://isflashinstalled.com/ |
##Fingerprint
Name | URL |
---|---|
Robtex | https://www.robtex.com/dns/ |
Netcraft | http://www.netcraft.com/ |
TCP utils | http://www.tcpiputils.com/ |
DNS stuff | http://www.dnsstuff.com/ |
Into dns | http://www.intodns.com/ |
Web archive | https://web.archive.org/web/*/ |
Web cookies | http://webcookies.org/cookies/ |
##SSL
Name | URL |
---|---|
OWASP tests | https://www.owasp.org/index.php/Testing_for_Weak_SSL/TLS_Ciphers |
Testssl.sh | https://github.com/drwetter/testssl.sh |
O-Saft | https://www.owasp.org/index.php/O-Saft |
SSLyze | https://github.com/iSECPartners/sslyze |
SSLscan | https://github.com/rbsec/sslscan |
Qualys SSL Labs | https://www.ssllabs.com/ssltest/ |
Htbridge | https://www.htbridge.com/ssl/ |
SSLAnalyzer Comodoca | https://sslanalyzer.comodoca.com/ |
Freak | https://freakattack.com/ |
Heartbleed | http://heartbleed.com/,https://filippo.io/Heartbleed/ |
Logjam | https://weakdh.org/sysadmin.html |
Poodle | https://poodle.io/,https://www.poodlescan.com/ |
##Fun
Name | URL |
---|---|
Pwnie Awards | http://pwnies.com/nominations/ |
Malware museum | https://archive.org/details/malwaremuseum |
Dead drops | https://deaddrops.com/db/ |
The cyber shark map | https://lab.thecybershark.com/ |
Norse map | http://map.norsecorp.com/ |
Fire eye map | https://www.fireeye.com/cyber-map/threat-map.html |
Kaspersky AV map | https://cybermap.kaspersky.com/ |
Kaspersky map | https://apt.securelist.com/ |
Eset map | http://www.virusradar.com/ |
Fortinet map | https://threatmap.fortiguard.com/ |
Blueliv map | https://community.blueliv.com/map/ |
DDoS attacks | http://www.digitalattackmap.com/ |
Sub marine cable | http://www.submarinecablemap.com/ |
Sub marine cable | http://submarine-cable-map-2016.telegeography.com/ |
Sub marine cable | http://lifewinning.com/submarine-cable-taps/ |
Flight radar | https://www.flightradar24.com |
Fligh aware | https://flightaware.com/ |
World of VNC | https://worldofvnc.net/ |