Security list for fun and profit

Inspired by http://www.nothink.org/utilities.php

Table of Contents

• Awesome lists
• Books
• Bug bounty
• Cheat sheets
• CTF
• Decoder/Converter/Beautifier
• Domain name Research / Analysis / Reputation
• Exploits and vulnerabilities
• Forensic
• Free shell
• Fun
• Generic utilities
• GNU/Linux
• Honeypots
• IP Research / Analysis / Investigation
• Leak / Defaced
• Learning / Exercises
• Lock picking
• Mail utilities
• Malicious traffic detection
• Malware / Botnet sources
• Malware analysis - Sandbox
• Malware analysis - Sandbox - Online
• Mobile
• Network
• OSINT
• OS X
• Passwords
• Penetration testing
• Port scanners
• Search engines
• Security challenges / WarGames
• Skimmer
• SSH
• SSL
• TOR
• VOIP
• VPN
• Vulnerable environments
• Web browser
• Windows
• Wireless / Radio

Awesome lists :+1:

Name | URL------------------------------------ | ---------------------------------------------Android | https://github.com/ashishb/android-security-awesomeCurated list of awesome lists | https://github.com/sindresorhus/awesome :star::star::star:Fuzzing | https://github.com/secfigo/Awesome-FuzzingHacking list | https://github.com/Hack-with-Github/Awesome-Hacking :star::star::star::star:Honeypots | https://github.com/paralax/awesome-honeypots :star::star:Incident response | https://github.com/meirwah/awesome-incident-response/ :star::star:Indicators of compromise | https://github.com/sroberts/awesome-iocsMalware analysis | https://github.com/rshipp/awesome-malware-analysis/ :star::star::star:Red team | https://github.com/yeyintminthuhtut/Awesome-Red-TeamingReversing | https://github.com/fdivrp/awesome-reversingSecurity | https://github.com/sbilly/awesome-securityThreat intelligence | https://github.com/hslatman/awesome-threat-intelligenceWeb | https://github.com/infoslack/awesome-web-hacking

Books :books:

Name |URL------------------------------------ | ---------------------------------------------Free programming books | https://github.com/EbookFoundation/free-programming-booksRecommended Reading | http://dfir.org/?q=node/8

Bug bounty :chocolate_bar:

Name |URL------------------------------------ | ---------------------------------------------Bounty factory | https://bountyfactory.ioBounty source | https://www.bountysource.com/Bugcrowd programs | https://bugcrowd.com/programsGoogle | https://www.google.com/about/appsecurity/reward-program/HackerOne | https://hackerone.com :star:List of bug bounty | https://www.bugcrowd.com/bug-bounty-list/Microsoft | https://technet.microsoft.com/en-us/security/dn425036Open bug bounty | https://www.openbugbounty.org/Programs and write-ups | https://github.com/djadmin/awesome-bug-bountyWrite-ups | https://github.com/ngalongc/bug-bounty-referenceZerodium | https://www.zerodium.com/ :star:

Cheat sheets :+1:

Name | URL------------------------------------ | ---------------------------------------------General cheat sheets | http://www.cheat-sheets.org/ :star:Java Deserialization | https://github.com/GrrrDog/Java-Deserialization-Cheat-SheetLFI | https://highon.coffee/blog/lfi-cheat-sheet/Owasp series | https://www.owasp.org/index.php/OWASPCheatSheetSeries :star:Packet life | http://packetlife.net/library/cheat-sheets/Penetration test | https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/Pentest monkey | http://pentestmonkey.netSANS Forensic | https://digital-forensics.sans.org/community/cheat-sheetsSecurity Onion | https://github.com/Security-Onion-Solutions/security-onion/wiki/Cheat-SheetSQL injection | http://websec.ca/kb/sqlinjectionWeb application | https://www.owasp.org/index.php/WebApplicationSecurityTestingCheat_SheetZeltser's cheat sheets list | https://zeltser.com/cheat-sheets/

CTF :triangularflagon_post:

Name | URL------------------------------------ | ---------------------------------------------CTFTIME | https://ctftime.org/CTF PAD | https://github.com/StratumAuhuur/CTFPadWrite-ups | https://github.com/ctfsReddit | https://www.reddit.com/r/securityctfTools list | https://github.com/Laxa/HackingToolsTools list | https://github.com/zardus/ctf-toolsTools list | https://github.com/apsdehal/awesome-ctfPlatform list | https://github.com/We5ter/Awesome-Platforms/blob/master/CTF-Platforms.mdMellivora platform | https://github.com/Nakiami/mellivora :star:Tinyctf platform | https://github.com/balidani/tinyctf-platformIsislab platform | https://github.com/isislab/CTFdFacebook platform | https://github.com/facebook/fbctf

Decoder/Converter/Beautifier :hurtrealbad:

Name | URL------------------------------------ | ---------------------------------------------Code beautifier | http://codebeautify.org/Converter | https://github.com/koczkatamas/koczkatamas.github.ioCyber Chef | https://gchq.github.io/CyberChef/ :forkandknife::star::star::star:JSUnpack | https://github.com/urule99/jsunpack-nJSBeautifier | http://jsbeautifier.org/ :star:Jjencode | http://utf-8.jp/public/jjencode.htmlJS deobfuscate | https://github.com/sevzero/honeybadgerVB code beautifier | http://www.vbindent.com/

Domain name Research / Analysis / Reputation :chartwithdownwards_trend:

Name | URL------------------------------------ | ---------------------------------------------Archive | https://archive.is/Archive | https://web.archive.org/ :star:BGP Toolkit | http://bgp.he.net/ :star:Biggest DNS history | https://securitytrails.com/list/ip/$IP :star:Cache page | http://www.cachedpages.com/Cache view | http://cachedview.com/Checking multiple blocklists | http://rbls.org/ :star:DGA intro | https://en.wikipedia.org/wiki/DomaingenerationalgorithmDNS Blacklists | https://raw.githubusercontent.com/zbetcheckin/DNSBLs/master/activednsbls.txtDNS dumpster | https://dnsdumpster.com/DNS Propagation Checker | https://www.whatsmydns.net/DNS stuff | http://www.dnsstuff.com/Domain analysis list | https://github.com/rshipp/awesome-malware-analysis/#domain-analysisDomain hijacking intro | https://en.wikipedia.org/wiki/DomainhijackingExpired domain | https://www.expireddomains.net/backorder-expired-domains/Google | https://www.google.com/transparencyreport/safebrowsing/diagnostic/Into dns | http://www.intodns.com/Multi RBL | http://multirbl.valli.org/lookup/ :star:MXToolBox | https://mxtoolbox.com/SuperTool.aspx#Netcraft | http://www.netcraft.com/Reverse Whois | https://reversewhois.domaintools.com/Robtex | https://www.robtex.com/dns/Sucuri | http://sitecheck.sucuri.net/scanner/TCP utils | http://www.tcpiputils.com/Threat log | http://www.threatlog.com/Threat miner | https://www.threatminer.org/Top-Level Domains list | https://data.iana.org/TLD/tlds-alpha-by-domain.txt :star:Trusted source | http://www.trustedsource.org/URL Query | http://urlquery.net/ :star:URL scan | https://urlscan.io/ :star:URL shorter list | https://mirror1.malwaredomains.com/files/url_shorteners.txtURL Void | http://www.urlvoid.com/Virus total | https://www.virustotal.com/#urlWhois - ARIN | https://whois.arin.net/Whois - LACNIC | http://lacnic.net/cgi-bin/lacnic/whoisWhois - RIPE NCC | https://apps.db.ripe.net/search/query.htmlWhois - AFRINIC | http://www.afrinic.net/fr/services/whois-queryWhois - APNIC | http://wq.apnic.net/apnic-bin/whois.plWhois by registrant name | http://viewdns.info/reversewhois/Zeltser's list | https://zeltser.com/lookup-malicious-websites/

Exploits and vulnerabilities :door:

Name | URL------------------------------------ | ---------------------------------------------CVEdetails | http://www.cvedetails.com/ :star:CVE.mitre | https://cve.mitre.org/ :star:Full disclosure | http://seclists.org/fulldisclosure/See bug | https://www.seebug.org/ :star:CXSecurity | https://cxsecurity.com/ :star:Inj3ct0r | http://0day.today/Packet Storm | https://packetstormsecurity.com/files/tags/exploit/Exploit-db | http://www.exploit-db.comVulnerability-lab | http://www.vulnerability-lab.com/Vulndb | https://vuldb.com/?archive.2016Vulners | https://vulners.com/search?query=order:publishedBackdoor - TCP-32764 | https://github.com/elvanderb/TCP-32764Rapid7 DB | https://www.rapid7.com/db/modules/NIST | http://web.nvd.nist.gov/Security focus | http://www.securityfocus.com/vulnerabilitiesCountry compatibility | https://cve.mitre.org/compatible/country.htmlMailing list | https://nmap.org/mailman/listinfo/fulldisclosureMail received | http://lists.openwall.net/full-disclosure/2016/Mailing list | http://seclists.org/Mailing list | https://lists.debian.org/debian-security-announce/CVSS FIRST | https://www.first.org/cvss/calculator/3.0CVSS NIST | https://nvd.nist.gov/cvss/v3-calculator

Forensic :mag:

Name | URL------------------------------------------- | ---------------------------------------------Aldeid list | https://www.aldeid.com/wiki/Category:Digital-ForensicsAwesome forensic | https://github.com/Cugu/awesome-forensicsCFReDS | http://www.cfreds.nist.gov/ :star:DFRWS challenge | http://www.dfrws.org/dfrws-forensic-challenge-2016File signatures | https://en.wikipedia.org/wiki/ListoffilesignaturesFile signatures | http://www.filesignatures.net/index.php?page=allFile signatures | http://www.garykessler.net/library/filesigs.htmlForensic control | https://forensiccontrol.com/resources/free-software/Forensic kb practical | http://www.forensickb.com/2008/01/forensic-practical.htmlForensic tools | https://forensics.cert.org/Forensic - Technical graph | http://www.amanhardikar.com/mindmaps/ForensicChallenges.htmlPackage - DEFT | http://www.deftlinux.net/package-list/Package - forensic-all | https://packages.debian.org/stretch/forensics-all :star::star:Testing Images | http://dftt.sourceforge.net/Tools - DFIR | http://www.dfir.training/index.php/tools/ :star:Tools - Forensics wiki | http://forensicswiki.org/wiki/ToolsTools - NIST | http://toolcatalog.nist.gov/populatedtaxonomy/index.phpWindows tools | https://ericzimmerman.github.io/Windows tools list | http://forensic-proof.com/toolsWindows Artifact | https://blogs.sans.org/computer-forensics/Write blocker | http://www.cftt.nist.gov/softwarewrite_block.htmWrite blocker | https://github.com/msuhanov/Linux-write-blockerZythom list - FR | https://zythom.blogspot.se/2007/02/les-outils-dun-expert-judiciaire.html

Free shell :shell:

Name | URL------------------------------------ | ---------------------------------------------FreeShells list | http://www.freeshells.info/Red-pill | http://shells.red-pill.eu/

Fun :trollface:

Name | URL------------------------------------ | ---------------------------------------------Akamai map | https://www.akamai.com/fr/fr/solutions/intelligent-platform/visualizing-akamai/real-time-web-monitor.jsp :earthamericas:Bitdefender map | https://threatmap.bitdefender.com/ :earthamericas:Blueliv map | https://community.blueliv.com/map/ :earthamericas:Checkpoint map | https://threatmap.checkpoint.com/ :earthamericas:Cymon map | https://cymon.io/map :earthamericas:DDoS attacks | http://www.digitalattackmap.com/ :trollface:Dead drops | https://deaddrops.com/db/ :floppydisk::skull:Dshield map | https://dshield.org/threatmap.html :earthamericas:Eset map | http://www.virusradar.com/ :earthamericas:Fire eye map | https://www.fireeye.com/cyber-map/threat-map.html :earthamericas:Flight radar | https://www.flightradar24.com :airplane:Fortinet map | https://threatmap.fortiguard.com/ :earthamericas:HE maps | https://he.net/3d-map/ :earthamericas:Kaspersky AV map | https://cybermap.kaspersky.com/ :earthamericas:Kaspersky map | https://apt.securelist.com/ :earthamericas:Norse map | http://map.norsecorp.com/ :earthamericas:Mozilla location service map | https://location.services.mozilla.com/map :earthamericas: - Thx rawgerOpen IP video cameras | http://www.insecam.org/ :videocamera::seenoevil:Pwnie Awards | http://pwnies.com/nominations/ :horse:Sub marine cable | http://www.submarinecablemap.com/ :anchor:Sub marine cable | http://submarine-cable-map-2016.telegeography.com/ :anchor:Sub marine cable | http://lifewinning.com/submarine-cable-taps/ :anchor:Tor flow map | https://torflow.uncharted.software :earthamericas:Trendmicro map | https://botnet-cd.trendmicro.com/ :earthamericas:World of VNC | https://worldofvnc.net/ :santa:

Generic utilities :file_folder:

Will be reorganized

Name |URL------------------------------------ | ---------------------------------------------Abuse Contact DB | https://www.abusix.com/contactdb :closedbook:CERT teams | https://www.first.org/about/organization/teamsCitizen lab | https://citizenlab.org/Code analysises | https://en.wikipedia.org/wiki/ListoftoolsforstaticcodeanalysisCodepad | http://codepad.org/Crypto currency | https://coinmarketcap.comDarknet stats | https://dnstats.net/Deepweb | https://www.reddit.com/r/deepweb/Electronic Frontier Foundation | https://www.eff.org/Fake ID | http://www.fakenamegenerator.com/Hackforum | http://hackforums.net/ :trollface:Hardened BSD | https://hardenedbsd.org/content/easy-feature-comparisonHashes example | https://hashcat.net/wiki/doku.php?id=examplehashesMibbit | http://www.mibbit.com/Microsoft threat | http://www.microsoft.com/securityMIME types | https://developer.mozilla.org/en-US/docs/Web/HTTP/BasicsofHTTP/MIMEtypes/CompletelistofMIME_typesMIME types | https://slick.pl/kb/htaccess/complete-list-mime-types/MIME types | https://www.iana.org/assignments/media-types/media-types.xhtml :star:Mindmaps | http://www.amanhardikar.com/mindmaps.html :star::star::star:Random data generator | http://www.mockaroo.com/Sans | http://isc.sans.edu/diary/ :star::star:Security wiki | http://oss-security.openwall.org/wiki/Understand your commands | https://explainshell.com/ :star:

GNU/Linux

Name | URL------------------------------------ | ---------------------------------------------Chkrootkit | https://packages.debian.org/en/jessie/chkrootkitCommand collection | https://github.com/tuwid/GNU-Linux-OpsWikiDebsecan | https://packages.debian.org/en/jessie/debsecanGNU/Linux containers | https://github.com/Friz-zy/awesome-linux-containers#securityGNU/Linux executable walkthrough | https://i.imgur.com/q5nyHp7.pngGNU/Linux post exploitation | https://github.com/mubix/post-exploitation/wiki/Linux-Post-Exploitation-Command-List :star:GNU/Linux workstation | https://github.com/lfit/itpol/blob/master/linux-workstation-security.md :star::star:Kernel exploitation | https://github.com/xairy/linux-kernel-exploitationLynis | https://packages.debian.org/en/jessie/lynisRE 101 | https://github.com/michalmalik/linux-re-101RKhunter | https://packages.debian.org/en/jessie/rkhunter :star:Securing debian | https://www.debian.org/doc/manuals/securing-debian-howto/ch10.en.html :star:Vulnerability scanner | https://github.com/future-architect/vuls

Honeypots :honey_pot:

Name | URL------------------------------------ | ---------------------------------------------Awesome list - All of them ! | https://github.com/paralax/awesome-honeypots#honeypots :star::star:Honeynet | https://honeynet.org/projectLive nothink | http://www.nothink.org/honeypots.php

IP Research / Analysis / Investigation

Name | URL------------------------------------ | ---------------------------------------------BGP Toolkit | http://bgp.he.net/ :star:Bing dork | ip:$IPBlack List Alert | http://www.blacklistalert.org/Black List Check | http://whatismyipaddress.com/blacklist-check/Check host | http://check-host.net/FireHOL IP blacklist | https://github.com/firehol/blocklist-ipsets :star:Google dork | "$IP"Host file | https://hosts-file.net/Host tracker | https://www.host-tracker.com/IP in detail | http://ipindetail.com/ip-blacklist-checkerIP void | http://www.ipvoid.com/IPv4 info | http://ipv4info.com/Multi RBL | http://multirbl.valli.org/lookup/ :star:Nirsoft country IP | http://www.nirsoft.net/countryip/Project Honeypot | https://www.projecthoneypot.org/search_ip.phpSpamhaus | https://www.spamhaus.org/lookup/TCP utils | http://www.tcpiputils.com/Virus total | https://www.virustotal.com/en/ip-address/$IP/information/Whatch Guard | http://www.reputationauthority.org/

Leak / Defaced :ambulance:

Name | URL------------------------------------ | ---------------------------------------------Biggest db leaks | https://cdn.databases.today/Breach alarm | https://breachalarm.com/Darknet leaks | https://darknetleaks.ru/archive/leaked/dumps/Hacked emails | https://hacked-emails.com/Have I been pwned | https://haveibeenpwned.com/Isithacked | http://www.isithacked.comLeakedin | http://www.leakedin.com/Siph0n | https://twitter.com/datasiph0nZone-H | https://zone-h.org/

Learning / Exercises :mortar_board:

Name | URL------------------------------------ | ---------------------------------------------Awesome training | http://opensecuritytraining.info/Training.html :star::star:Cybrary training | https://www.cybrary.it/Essential basics | https://github.com/alex/what-happens-when :trophy:Exploits | https://thesprawl.org/research/F-Secure training | http://mooc.fi/courses/2016/cybersecurity/Malware Analysis course | https://github.com/RPISEC/Malware :star::star:Malware traffic training | http://www.malware-traffic-analysis.net/training-exercises.html :star:Network - Forensic | https://www.honeynet.org/node/504Practical analysis | https://practicalmalwareanalysis.com/labs/Reverse - Malware | http://fumalwareanalysis.blogspot.se/p/malware-analysis-tutorials-reverse.htmlSecurity courses | https://bitvijays.github.io/ :star:Security talks | https://github.com/PaulSec/awesome-sec-talks :star:

Lock picking :closedlockwith_key:

Name | URL------------------------------------ | ---------------------------------------------Awesome lockpicking | https://github.com/meitar/awesome-lockpickingLock pick guide | http://lockpickguide.com :star:Bosnianbill video | https://www.youtube.com/user/bosnianbill/videos :star:Lock lab | https://lock-lab.com/Lock wiki | http://www.lockwiki.com/

Mail utilities :mailboxwithmail:

Name | URL------------------------------------ | ---------------------------------------------10 Minute Mail | http://10minutemail.comDNSBL | https://en.wikipedia.org/wiki/DNSBLDKIM validator | http://dkimvalidator.com/Email recon | https://github.com/laramies/theHarvesterGet air mail | http://en.getairmail.com/Gophish | https://github.com/gophish/gophishMailinator | https://www.mailinator.com/ # https://gist.github.com/nocturnalgeek/1b8fa44283314544c487Mailnesia | http://mailnesia.com/Mailcatch | http://mailcatch.com/Mxtoolbox | http://www.mxtoolbox.com/Open phish | https://openphish.com/ :star:Openresolver JP | http://www.openresolver.jp/en/Phishing Framework | https://github.com/pentestgeek/phishing-frenzyPhish tank | http://www.phishtank.com/ :star:SimplyEmail | https://github.com/killswitch-GUI/SimplyEmailSpam DB | http://www.dnsbl.info/dnsbl-database-check.phpSpam encode secret | http://spammimic.com/encode.cgiSpeedPhish Framework | https://github.com/tatanus/SPFYop mail | http://www.yopmail.com/

Malicious traffic detection :verticaltrafficlight:

Name | URL------------------------------------------- | ---------------------------------------------Maltrail | https://github.com/stamparm/maltrailTsusen | https://github.com/stamparm/tsusenPacketbeat | https://www.elastic.co/products/beats/packetbeatp0f | http://lcamtuf.coredump.cx/p0f3/

Malware / Botnet sources :angel:

Name | URL------------------------------------ | ---------------------------------------------Abuse CH | https://www.abuse.ch/Botnet.fr | https://www.botnets.fr/wiki/Main_PageClean MX | http://support.clean-mx.de/clean-mx/viruses.phpContagio | http://contagiodump.blogspot.se/Custom Google search engine | https://cse.google.com/cse/home?cx=011750002002865445766%3Apc60zx1rliu (from Corey Harrell)Cybercrime tracker | http://cybercrime-tracker.net/Dont need coffee | http://malware.dontneedcoffee.com/Exposed Botnets | http://www.exposedbotnets.com/Malc0de | http://malc0de.com/database/Malekal | http://malwaredb.malekal.com/No more ransom | https://www.nomoreransom.org/Tracker | http://tracker.h3x.eu/Kernel mode | http://www.kernelmode.infoMalware domain list | http://www.malwaredomainlist.comMalware domain blocklist | http://www.malwaredomains.comMalware museum | https://archive.org/details/malwaremuseumMalware src | https://malwares.github.io/Malware.lu | https://malware.lu/MISP | https://github.com/MISP/MISPRansomware overview | https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml#Ransomware simulator | https://shinolocker.com/Ransomware tracker | https://ransomwaretracker.abuse.ch/tracker/SafeGroup | http://www.malware.pl/ - https://www.scumware.org/Structured Threat Information eXpression | https://stixproject.github.io/The Zoo aka Malware DB | https://ytisf.github.io/theZoo/Total hash | https://totalhash.cymru.com/VirusBay | https://beta.virusbay.io/VirusShare | http://virusshare.com/VX Vault | http://vxvault.net/Yararules | https://github.com/Yara-Rules/rulesZeuS Tracker | https://zeustracker.abuse.ch

Malware analysis - Sandbox :mask:

Name | URL------------------------------------ | ---------------------------------------------Zeltser's list | https://zeltser.com/automated-malware-analysis/Cuckoo Sandbox | https://www.cuckoosandbox.org/Mastiff | https://github.com/KoreLogicSecurity/mastiffFastir | https://github.com/SekoiaLab/Fastir_CollectorSysAnalyser | https://github.com/dzzie/SysAnalyzerViper | https://github.com/viper-framework/viperREMnux | http://zeltser.com/remnux/Zeltser analysis | http://zeltser.com/reverse-malware/automated-malware-analysis.htmlManalyze | https://github.com/JusticeRage/ManalyzeQuarkslab IRMA | http://irma.quarkslab.com/Dorothy2 | https://github.com/m4rco-/dorothy2F-Secure see | https://github.com/F-Secure/seeNoriben | https://github.com/Rurik/NoribenMalheur | https://github.com/rieck/malheurDrakvuf | https://github.com/tklengyel/drakvufZero Wine Tryouts | http://zerowine-tryout.sourceforge.net/RFI sandbox | https://monkey.org/~jose/software/rfi-sandbox/Malwasm | https://github.com/malwarelu/malwasm

Malware analysis - Sandbox - Online :mask:

Name |URL------------------------------------ | ---------------------------------------------Any.run | https://any.run/AVcaesar | https://avcaesar.malware.lu/Cape | https://cape.contextis.com/Comodo | https://cit.valkyrie.comodo.com/Hybrid analysis | https://www.hybrid-analysis.com/ID Ransomware | https://id-ransomware.malwarehunterteam.com/Jotti | http://virusscan.jotti.org/itJoe sandbox | https://www.joesandbox.com/Malwareconfig | http://malwareconfig.com/Malware tracker | http://www.cryptam.com/Malwr - Cuckoo | https://malwr.com/Other list | http://cleanbytes.net/malware-online-scannersPDF examiner | http://www.pdfexaminer.com/PE dump | https://github.com/zed-0xff/pedumpRandomly changes Win32/64 PE Files | https://github.com/secretsquirrel/recomposerViCheck | https://www.vicheck.ca/Virscan | http://www.virscan.org/VirusTotal | http://www.virustotal.com/Virus Total Notifier | https://github.com/mubix/vt-notify

Mobile :iphone:

Name |URL------------------------------------ | ---------------------------------------------AndroTotal | https://andrototal.org/APK Analzyer | http://www.apk-analyzer.net/Droid Sec wiki | http://www.droidsec.org/wiki/Joebox Cloud | https://jbxcloud.joesecurity.org/loginMobile security wiki | https://mobilesecuritywiki.com/ :star:OWASP Goat Droid | https://www.owasp.org/index.php/Projects/OWASPGoatDroidProjectSand droid | http://sanddroid.xjtu.edu.cnTracedroid | http://tracedroid.few.vu.nlWiki secmobi | https://github.com/secmobi/wiki.secmobi.com :trophy:

Network

Name | URL------------------------------------ | ---------------------------------------------Awesome PCAP | https://github.com/caesar0301/awesome-pcaptools :star:BGPlay | https://stat.ripe.net/widget/bgplay :star:GNU/Linux monitoring | https://blog.serverdensity.com/80-linux-monitoring-tools-know/MAC address block | http://standards-oui.ieee.org/oui/oui.txtMAC find | http://www.coffer.com/macfind/MAC find | http://hwaddress.comPacket total | http://www.packettotal.com/Ping.eu | http://ping.eu/Project honeypot | https://www.projecthoneypot.org/Protocol Numbers | http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtmlPublicly PCAP files | http://www.netresec.com/?page=PcapFilesService Port Number Registry | https://www.iana.org/assignments/service-names-port-numbers/ :star::star:Service Port Number Registry | https://en.wikipedia.org/wiki/ListofTCPandUDPport_numbersSubnet calculator | http://www.subnet-calculator.com/cidr.phpSubnet calculator | http://www.subnetonline.com/pages/subnet-calculators.phpSecurity Onion tools | https://github.com/Security-Onion-Solutions/security-onion/wiki/ToolsWireshark extentions | https://www.honeynet.org/project/WiresharkExtensions

OSINT

Name | URL------------------------------------ | ---------------------------------------------Osint list | https://github.com/jivoi/awesome-osint :star:List of social network | https://en.wikipedia.org/wiki/Listofsocialnetworkingwebsites :star:Reddit | https://www.reddit.com/r/SocialEngineering/Maltego | https://www.paterva.com/Hunter | https://hunter.io/Pipl | https://pipl.com/Peek you | http://www.peekyou.com/Yatedo | http://www.yatedo.com/Lullar | http://com.lullar.com/Lakako | http://www.lakako.com/Yasni | http://www.yasni.com/User search | https://usersearch.org/Google | https://www.google.com/advanced_searchGoogle dorks | intext:lastName firstNameGoogle dorks | insubject:lastName firstNameGoogle dorks | intext:lastName firstName filetype:pdf || filetype:doc || filetype:xml || filetype:txt || filetype:xls || filetype:ppt || filetype:pps || filetype:docx || filetype:wps || filetype:rtf || filetype:csv || filetype:pptx || filetype:xlsx || filetype:xlr || filetype:sxw || filetype:ods || filetype:odt || filetype:pswGoogle Scraper | https://github.com/NikolaiT/GoogleScraperBing | https://www.bing.com/Bing dorks | lastName firstName (filetype:doc OR filetype:ppt OR filetype:pps OR filetype:xls OR filetype:docx OR filetype:pptx OR filetype:ppsx OR filetype:xlsx OR filetype:sxw OR filetype:sxc OR filetype:sxi OR filetype:odt OR filetype:ods OR filetype:odg OR filetype:odp OR filetype:pdf OR filetype:wpd OR filetype:svg OR filetype:svgz OR filetype:indd OR filetype:rdp OR filetype:ica)Yahoo | https://search.yahoo.com/Duck duck go | https://duckduckgo.com/Yandex | https://www.yandex.com/Exa lead | http://www.exalead.comOsint stalker | https://github.com/milo2012/osintstalkerSpeed phish framework | https://github.com/tatanus/SPFBrowser exploitation framework | https://github.com/beefproject/beefThe harvester | https://github.com/laramies/theHarvesterMeta goofil | https://github.com/laramies/metagoofil

OS X

Name | URL------------------------------------ | ---------------------------------------------Awesome OSX & IOS sec list | https://github.com/ashishb/osx-and-ios-security-awesomeOSX auditor | https://github.com/jipegit/OSXAuditorOWASP iGoat Project | https://www.owasp.org/index.php/OWASPiGoatProjectSecurity and privacy guide | https://github.com/drduh/OS-X-Security-and-Privacy-Guidestronghold - Easily configure MacOS security settings from the terminal. | https://github.com/alichtman/stronghold

Passwords :key:

Name | URL------------------------------------ | ---------------------------------------------CrackStation | https://crackstation.net/buy-crackstation-wordlist-password-cracking-dictionary.htmDefault password | https://default-password.info/Default password | https://cirt.net/passwordsDefault password | http://www.defaultpassword.com/Default password | http://www.defaultpassword.us/Default cameras password | https://github.com/jeanphorn/wordlist/blob/master/README.mdDefault password thc-hydra | https://github.com/vanhauser-thc/thc-hydra/blob/master/dpl4hydrafull.csvDafault router password | http://www.cleancss.com/router-default/Default router password | https://github.com/jeanphorn/wordlist/blob/master/routerdefault_password.mdDefault VoIP password | https://github.com/netbiosX/Default-Credentials/blob/master/VoIP-Default-Password-List.mdownFun secure password checker | https://password.kaspersky.com/Hashcat WIKI | https://hashcat.net/wiki/Multiple dictionary | https://github.com/danielmiessler/SecLists/tree/master/PasswordsMultiple dictionary | https://github.com/duyetdev/bruteforce-databaseOnline CrackStation | https://crackstation.netOnline Hask Killer | https://hashkiller.co.ukOnline Hash crack | http://www.onlinehashcrack.com/Online MD5 and SHA1 db | http://hashtoolkit.com/OpenWall | http://www.openwall.com/passwords/wordlists/ or ftp://ftp.openwall.com/pub/wordlists/Outpost9 | http://www.outpost9.com/files/WordLists.htmlPackets storm | https://packetstormsecurity.com/Crackers/wordlists/Password research | http://www.passwordresearch.com/Programming - Secure Password Storage | https://paragonie.com/blog/2016/02/how-safely-store-password-in-2016SecLists | https://github.com/danielmiessler/SecLists/tree/master/PasswordsSkull security | https://wiki.skullsecurity.org/PasswordsSSH dictionary | https://github.com/droope/pwlist

Penetration testing :wrench:

Name | URL------------------------------------ | ---------------------------------------------Awesome pentest | https://github.com/enaqx/awesome-pentestFootprinting - Procedure & tools | http://www.0daysecurity.com/penetration-testing/network-footprinting.htmlGNU/Linux privilege escalation | https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/ :star:Informaion gathering - Tools | http://www.w4rri0r.com/hacking-tools-windows-os-x-linux-android-solaris-unixware/information-gathering.htmlOrganization of the Standard | http://www.pentest-standard.org/index.php/MainPage :star:Owasp - Check list | https://www.owasp.org/index.php/TestingChecklistOwasp testing guide | https://www.owasp.org/images/5/52/OWASPTestingGuidev4.pdf :star::star:Owasp - tools | https://www.owasp.org/index.php/Category:OWASPToolPublic pentest reports | https://github.com/juliocesarfort/public-pentesting-reports :star:Python tools for pentest | https://github.com/dloss/python-pentest-toolsReport sample | https://www.offensive-security.com/reports/sample-penetration-testing-report.pdfReverse engineering | http://wiki.yobi.be/wiki/Reverse-EngineeringSANS Penetration Testing | http://pen-testing.sans.orgServices enumeration | http://www.0daysecurity.com/penetration-testing/enumeration.html :star: Thx rawgerTools - BlackArch list | https://blackarch.org/tools.htmlTools - Great list | http://wiki.yobi.be/wiki/Tableofcontents#SecurityTools - Kali list | http://tools.kali.org/tools-listingWeb | http://www.w4rri0r.com/hacking-tools-windows-os-x-linux-android-solaris-unixware/web-application-analysis.htmlWeb vulnerabilities | http://www.w4rri0r.com/hacking-tools-windows-os-x-linux-android-solaris-unixware/vulnerability-assessment.htmlWebshell list | https://github.com/tennc/webshell

Port scanners :dart: && Wide Scans :statueofliberty:

Name | URL------------------------------------ | ---------------------------------------------Masscan | https://github.com/robertdavidgraham/masscanMasscan Defcon conference | https://defcon.org/Nmap | https://nmap.org/7/Nscan | https://github.com/OffensivePython/NscanPFRing | https://github.com/ntop/PF_RINGRapid7 Sonar Labs | https://sonar.labs.rapid7.com/Rapid7 Sonar Blackhat conference | https://www.blackhat.com/Scans.io | https://scans.io/Shadowserver | https://www.shadowserver.org/ :trophy::trophy:Sonar similar projects | https://github.com/rapid7/sonar/wiki/Similar-ProjectsZmap | https://zmap.io/Zgrab | https://github.com/zmap/zgrab

Search engines :satellite:

Name | URL------------------------------------ | ---------------------------------------------ZoomEye | https://zoomeye.org/ :star::cn:Shodan | https://www.shodan.io/Censys | https://censys.io/Gegereka | http://gegereka.com/ (not always up)Google | https://www.google.com/advancedsearchGoogle dorks | https://gist.github.com/zbetcheckin/04e6a5d7f2d5ef8cfa3c298701f47f9cList of search engines | https://en.wikipedia.org/wiki/ListofsearchenginesThreat crowd | https://www.threatcrowd.org/

Security challenges / WarGames :triangularflagon_post:

Name | URL------------------------------------ | ---------------------------------------------Zenk-Security | https://www.zenk-security.com/Root-Me | http://www.root-me.org/Overthewire | http://overthewire.org/wargames/CrackMe.de | http://crackmes.de/Reversing | http://reversing.kr/Pwnable | http://pwnable.kr/Newbiecontest | https://www.newbiecontest.org/OWASP VWAD list | https://github.com/OWASP/OWASP-VWAD/WeChall | https://www.wechall.net/Vulnhub | https://www.vulnhub.com/ :star:Net Garage | http://io.netgarage.org/SmashTheStack | http://smashthestack.org/Hackthissite | http://www.hackthissite.org/Hack.me | https://hack.meHackThis! | http://www.hackthis.co.uk/Backdoor.Sdslabs | https://backdoor.sdslabs.co/Bright-shadows | http://www.bright-shadows.net/SmashTheStack | http://smashthestack.org/Ringzer0team | https://ringzer0team.com/challengesForensic contest | http://forensicscontest.com/puzzlesLost chall | http://www.lost-chall.org/Rankk | http://www.rankk.org/Happy Security | http://www.happy-security.de/Net force | https://www.net-force.nl/challenges/CanYouHack.it | http://canyouhack.it/Hellboundhackers | https://www.hellboundhackers.org/Microcorruption | https://microcorruption.com/More challenges | http://captf.com/practice-ctf/

Skimmer :black_joker:

Name |URL------------------------------------ | ---------------------------------------------Skimmer source from Krebs | https://krebsonsecurity.com/all-about-skimmers/Great reverse engineering on skimmer | https://trustfoundry.net/reverse-engineering-a-discovered-atm-skimmer/

SSH

Name | URL------------------------------------ | ---------------------------------------------Bruteforce know hosts | https://github.com/Churro/bruteforce-known-hostsOpenSSH guidelines | https://wiki.mozilla.org/Security/Guidelines/OpenSSHSSH audit | https://github.com/arthepsy/ssh-audit.gitSSH audit online | https://sshcheck.comWho's there | https://github.com/FiloSottile/whosthere

SSL

Name | URL------------------------------------ | ---------------------------------------------Certificate search | https://crt.shBad SSL | https://github.com/chromium/badssl.comHtbridge - Online analysis | https://www.htbridge.com/ssl/Mozilla SSL Configuration Generator | https://mozilla.github.io/server-side-tls/ssl-config-generator/Observatory by Mozilla - Online analysis | https://observatory.mozilla.org/ :star::star::star::star:O-Saft - Tools | https://www.owasp.org/index.php/O-SaftOWASP tests - Procedure | https://www.owasp.org/index.php/TestingforWeakSSL/TLSCiphersQualys SSL Labs - Online analysis | https://www.ssllabs.com/ssltest/SSLscan - Tools | https://github.com/rbsec/sslscanSSLyze - Tools | https://github.com/iSECPartners/sslyzeTestssl.sh - Tools | https://github.com/drwetter/testssl.sh :star:

TOR

Name | URL------------------------------------ | ---------------------------------------------Hidden services | https://www.torproject.org/docs/hidden-services.html.enHidden services scanner | https://github.com/superp00t/sadonionReddit | https://www.reddit.com/r/onions/Scan Onion Services | https://github.com/s-rah/onionscanSearch engine - Grams | http://grams7enufi7jmdl.onion/Search engine - Ahmia | https://ahmia.fi/Search engine - TORCH | http://xmh57jrzrnw6insl.onion/Search engine - DuckDuckGo | http://3g2upl4pq6kufc4m.onion/Tails | https://tails.boum.org/The hidden wiki | https://thehiddenwiki.org/Tolerant ISP for exit node | https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPsTor Browser Fingerprint | https://github.com/jonaslejon/tor-fingerprintTor Bulk exit list | https://check.torproject.org/cgi-bin/TorBulkExitList.pyTor IP history | https://exonerator.torproject.org/Tor Know exit nodes | https://check.torproject.org/exit-addressesTor Project | https://www.torproject.org/Tor Relays bandwidth | https://github.com/TheTorProject/bwscannerTor Socks | https://gitweb.torproject.org/torsocks.gitTor Status | https://torstatus.blutmagie.de/URL onion inspector | https://github.com/k4m4/onioff

VOIP :phone:

Name | URL------------------------------------------- | ---------------------------------------------Penetration test | http://0daysecurity.com/penetration-testing/VoIP-security.html

VPN

Name | URL------------------------------------ | ---------------------------------------------Open VPN | https://github.com/OpenVPNComparison | https://thatoneprivacysite.net/vpn-comparison-chart/Location test | https://www.dnsleaktest.com/Location test | https://ipleak.net/

Vulnerable environments :unlock:

Name | URL------------------------------------ | ---------------------------------------------Owasp list | https://www.owasp.org/index.php/OWASPVulnerableWebApplicationsDirectoryProject/Pages/OfflineOwasp BWA | https://www.owasp.org/index.php/OWASPBrokenWebApplications_ProjectDVWA | http://www.dvwa.co.uk/WebGoat | http://code.google.com/p/webgoatMetasploitable 3 | https://github.com/rapid7/metasploitable3/wikiVulnerable systems list | https://www.amanhardikar.com/mindmaps/Practice.html :star:VulnHub | http://vulnhub.com/LampSecurity | http://sourceforge.net/projects/lampsecurity/Hackademic-RTB1 | http://www.aldeid.com/wiki/Hackademic-RTB1Moth | http://www.bonsai-sec.comPeruggia | http://sourceforge.net/projects/peruggia/

Web browser

Name | URL------------------------------------ | ---------------------------------------------Amiunique project | https://github.com/DIVERSIFY-project/amiuniqueBrowser exploit | https://github.com/julienbedard/browsersploitBrowser info | http://www.browser-info.net/Browser leaks | https://www.browserleaks.com/Browser recommendations | https://gist.github.com/atcuno/3425484ac5cce5298932 :star:Browserling | https://www.browserling.com/Fingerprint | https://amiunique.org/Fingerprint | https://panopticlick.eff.org/Flash | http://isflashinstalled.com/Referer | https://www.whatismyreferer.com/SSL | https://www.ssllabs.com/ssltest/viewMyClient.htmlURL Shorter List | https://bit.do/list-of-url-shorteners.phpUser agent | http://useragentstring.com/pages/useragentstring.phpUser agent | http://whatsmyuseragent.com/User agent | https://www.projecthoneypot.org/robot_useragents.phpUser agent | https://www.whatismybrowser.com/developers/tools/user-agent-parser/browse

Windows

Name | URL------------------------------------ | ---------------------------------------------Anti forensic Windows | https://www.reddit.com/r/security/comments/32fb1l/openguidetoscrubbingwindowsossfrom_forensic/Security development | https://github.com/ExpLife0011/awesome-windows-kernel-security-developmentWindows executable walkthrough | https://i.imgur.com/pHjcI.pngWindows exploitation | https://github.com/enddo/awesome-windows-exploitationWindows hardening | https://github.com/PaulSec/awesome-windows-domain-hardening

Wireless / Radio :signal_strength:

Name | URL------------------------------------------- | ---------------------------------------------Awesome wifi tools list | https://github.com/0x90/wifi-arsenalPenetration test | http://0daysecurity.com/penetration-testing/wireless-penetration.htmlGreat wifi map | https://wigle.net/RFSec-ToolKit | https://github.com/cn0xroot/RFSec-ToolKitRTL-SDR | http://www.rtl-sdr.com/Wireless in airports | https://www.google.com/maps/d/viewer?mid=1Z1dI8hoBZSJNWFx2xr_MMxSxSxY

wget https://archive.org/download/github.com-zbetcheckin-Security_list_-_2018-12-06_22-52-15/zbetcheckin-Security_list_-_2018-12-06_22-52-15.bundle

 git clone zbetcheckin-Security_list_-_2018-12-06_22-52-15.bundle 

plus-circle Add Review

comment

Reviews