#Security list for fun and profit
My initial idea came from this list : http://www.nothink.org/utilities.php
I wanted to update it with my sources, I will probably continue to update and reorganize it in the future.
- Awesome lists
- Cheat sheets
- Penetration testing
- Exploits and vulnerabilities
- CTF
- Exercises
- Vulnerable environments
- Security challenges
- Bug bounty
- Port scanners
- Search engines
- Wide Scans
- Honeypots
- Malware / Botnet sources
- Malware analysis - Sandbox
- Online malware analysis - Sandbox
- Decoder/Packer/Unpacker
- Free shell
- Domain reputation
- Mail utilities
- Passwords list
- Generic utilities
- Defaced websites / Data leak
- Forensic - Network
- IP List
- VPN List
- Web browser test
- Fingerprint
- SSL
- Tor resources
- Fun
##Awesome lists π
Name | URL |
---|---|
Malware analysis | https://github.com/rshipp/awesome-malware-analysis/ |
Incident response | https://github.com/meirwah/awesome-incident-response/ |
Honeypots | https://github.com/paralax/awesome-honeypots |
PCAP | https://github.com/caesar0301/awesome-pcaptools |
Network | https://github.com/Security-Onion-Solutions/security-onion/wiki/Tools |
GNU/Linux workstation | https://github.com/lfit/itpol/blob/master/linux-workstation-security.md |
GNU/Linux post exploitation | https://github.com/mubix/post-exploitation/wiki/Linux-Post-Exploitation-Command-List |
GNU/Linux containers | https://github.com/Friz-zy/awesome-linux-containers#security |
Android | https://github.com/ashishb/android-security-awesome |
Web | https://github.com/infoslack/awesome-web-hacking |
Security list | https://github.com/sbilly/awesome-security |
Lists of lists of lists | https://github.com/t3chnoboy/awesome-awesome-awesome |
Other lists of lists of lists | https://github.com/geekan/awesome-awesome-awesome |
##Cheat sheets π
Name | URL |
---|---|
Owasp cheat sheet series | https://www.owasp.org/index.php/OWASP_Cheat_Sheet_Series |
Web application cheat sheet | https://www.owasp.org/index.php/Web_Application_Security_Testing_Cheat_Sheet |
Pentest monkey | http://pentestmonkey.net |
Packet life | http://packetlife.net/library/cheat-sheets/ |
Reverse | http://r00ted.com/cheat%20sheet%20reverse%20v5.png |
SANS Penetration Testing | http://pen-testing.sans.org |
SANS Forensic | https://digital-forensics.sans.org/community/cheat-sheets |
SQL injection | http://websec.ca/kb/sql_injection |
Zeltser's cheat sheets list | https://zeltser.com/cheat-sheets/ |
##Penetration testing π§
Name | URL |
---|---|
Owasp Check list | https://www.owasp.org/index.php/Testing_Checklist |
Owasp testing guide | https://www.owasp.org/images/5/52/OWASP_Testing_Guide_v4.pdf |
Owasp tools | https://www.owasp.org/index.php/Category:OWASP_Tool |
Services enumeration | http://www.0daysecurity.com/penetration-testing/enumeration.html - Thx rawger |
Informaion gathering | http://www.w4rri0r.com/softwares-freeware-shareware-open-source/information-gathering.html |
Footprinting | http://www.0daysecurity.com/penetration-testing/network-footprinting.html |
Web | http://www.w4rri0r.com/softwares-freeware-shareware-open-source/web-application-analysis.html |
Vulnerability | http://www.w4rri0r.com/softwares-freeware-shareware-open-source/vulnerability-assessment.html |
More tools | https://github.com/enaqx/awesome-pentest |
##Exploits and vulnerabilities πͺ
Name | URL |
---|---|
CVEdetails | http://www.cvedetails.com/ |
CVE.mitre | https://cve.mitre.org/ |
Full disclosure | http://seclists.org/fulldisclosure/ |
CXSecurity | https://cxsecurity.com/ |
Exploit-db | http://www.exploit-db.com |
Vulnerability-lab | http://www.vulnerability-lab.com/ |
Inj3ct0r | http://0day.today/ |
Rapid7 DB | https://www.rapid7.com/db/modules/ |
Intelligent Exploit | http://www.intelligentexploit.com |
Exploits download | http://www.exploitsdownload.com |
NIST | http://web.nvd.nist.gov/ |
Security focus | http://www.securityfocus.com/vulnerabilities |
##CTF π©
Name | URL |
---|---|
CTFTIME | https://ctftime.org/ |
Write-ups | https://github.com/ctfs |
https://www.reddit.com/r/securityctf | |
Tools list | https://github.com/Laxa/HackingTools |
Tools list | https://github.com/zardus/ctf-tools |
Tools list | https://github.com/apsdehal/awesome-ctf |
Tools list | http://tools.kali.org/tools-listing |
##Exercises π
Name | URL |
---|---|
Reverse - Malware | http://fumalwareanalysis.blogspot.se/p/malware-analysis-tutorials-reverse.html |
Network - Malware | http://www.malware-traffic-analysis.net/training-exercises.html |
Network - Forensic | https://www.honeynet.org/node/504 |
Exploits | https://exploit-exercises.com/ |
Exploits | https://thesprawl.org/research/ |
##Vulnerable environments π
Name | URL |
---|---|
Owasp list | https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project/Pages/Offline |
Owasp BWA | https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project |
DVWA | http://www.dvwa.co.uk/ |
WebGoat | http://code.google.com/p/webgoat |
Metasploitable | http://information.rapid7.com |
VulnHub | http://vulnhub.com/ |
LampSecurity | http://sourceforge.net/projects/lampsecurity/ |
Dragon | https://www.dragonresearchgroup.org/challenges/ |
Hackademic-RTB1 | http://www.aldeid.com/wiki/Hackademic-RTB1 |
Igoat | http://code.google.com/p/owasp-igoat/ |
Moth | http://www.bonsai-sec.com |
Peruggia | http://sourceforge.net/projects/peruggia/ |
XSS play ground | http://xssplayground.net23.net/ |
##Security challenges π©
Name | URL |
---|---|
Zenk-Security | https://www.zenk-security.com/ |
Root-Me | http://www.root-me.org/ |
Newbiecontest | https://www.newbiecontest.org/ |
OWASP VWAD list | https://github.com/OWASP/OWASP-VWAD/blob/master/src/online.tsv |
WeChall | https://www.wechall.net/ |
Vulnhub | https://www.vulnhub.com/ |
Hackthissite | http://www.hackthissite.org/ |
Hack.me | https://hack.me |
HackThis! | http://www.hackthis.co.uk/ |
Backdoor.Sdslabs | https://backdoor.sdslabs.co/ |
Bright-shadows | http://www.bright-shadows.net/ |
SmashTheStack | http://smashthestack.org/ |
Overthewire | http://overthewire.org/wargames/ |
Ringzer0team | https://ringzer0team.com/challenges |
Forensic contest | http://forensicscontest.com/puzzles |
More challenges | http://captf.com/practice-ctf/ |
##Bug bounty π«
Name | URL |
---|---|
BugCrowd.com | https://bugcrowd.com/programs |
HackerOne | https://hackerone.com |
BountyFactory | https://bountyfactory.io |
Firebounty | https://firebounty.com |
Bugsheet | http://www.bugsheet.com/ |
BountySource | https://www.bountysource.com/ |
NewsLetter about bug bounty | http://bugbountyweekly.com |
More bug bounty | https://bugcrowd.com/list-of-bug-bounty-programs# |
##Port scanners π―
Name | URL |
---|---|
Masscan | https://github.com/robertdavidgraham/masscan |
Nmap | https://nmap.org/7/ |
Zmap | https://zmap.io/ |
Nscan | https://github.com/OffensivePython/Nscan |
Scanrand | https://www.sans.org/security-resources/idfaq/scanrand.php |
PFRing | https://github.com/ntop/PF_RING - High-speed packet processing framework |
##Search engines π‘
Name | URL |
---|---|
ZoomEye | https://zoomeye.org/ |
Shodan | https://www.shodan.io/ |
Censys | https://censys.io/ |
##Wide Scans π
Name | URL |
---|---|
Scans.io | https://scans.io/ |
Rapid7 Sonar Labs | https://sonar.labs.rapid7.com/ |
Similar projects | https://github.com/rapid7/sonar/wiki/Similar-Projects |
Defcon conference | https://defcon.org/ |
Blackhat conference | https://www.blackhat.com/ |
##Honeypots π―
Name | URL |
---|---|
Awesome list - All of them ! | https://github.com/paralax/awesome-honeypots#honeypots |
Live nothink | http://www.nothink.org/honeypots.php |
Live sshpot | http://sshpot.com/ |
##Malware / Botnet sources πΌ
##Malware analysis - Sandbox π·
Name | URL |
---|---|
Zeltser's list | https://zeltser.com/automated-malware-analysis/ |
Cuckoo Sandbox | https://www.cuckoosandbox.org/ |
Mastiff | https://github.com/KoreLogicSecurity/mastiff |
Quarkslab IRMA | http://irma.quarkslab.com/ |
Viper | https://github.com/viper-framework/viper |
REMnux | http://zeltser.com/remnux/ |
Fastir | https://github.com/SekoiaLab/Fastir_Collector |
Zeltser analysis | http://zeltser.com/reverse-malware/automated-malware-analysis.html |
Dorothy2 | https://github.com/m4rco-/dorothy2 |
F-Secure see | https://github.com/F-Secure/see |
Noriben | https://github.com/Rurik/Noriben |
Norman | http://enterprise.norman.com/analysis |
Malheur | https://github.com/rieck/malheur |
Drakvuf | https://github.com/tklengyel/drakvuf |
Zero Wine Tryouts | http://zerowine-tryout.sourceforge.net/ |
CWSandbox | http://www.cwsandbox.org |
RFI sandbox | https://monkey.org/~jose/software/rfi-sandbox/ |
Malwasm | https://github.com/malwarelu/malwasm |
Androidsandbox | http://androidsandbox.net/ (temporarily out of service) |
##Online malware analysis - Sandbox π·
##Decoder/Packer/Unpacker
Name | URL |
---|---|
URL | http://meyerweb.com/eric/tools/dencoder/ |
HEXdecoder | http://ddecode.com/hexdecoder/ |
JSDetox | http://www.relentless-coding.com/projects/jsdetox/ |
JSNice | http://www.jsnice.org/ |
JSUnpack | https://github.com/urule99/jsunpack-n |
JSBeautifier | http://jsbeautifier.org/ |
JavaScript Compressor | http://dean.edwards.name/packer/ |
Jjencode | http://utf-8.jp/public/jjencode.html |
JSFuck | http://www.jsfuck.com/ |
Jsobfuscate | http://www.jsobfuscate.com/ |
Netteleuthe | http://www.netteleuthe.de/gc/ |
PHPdecoder | http://ddecode.com/phpdecoder/ |
PHP encoding | http://yehg.net/encoding/ |
Hackvertor (Tag based decoder/encoder) | https://hackvertor.co.uk/public |
##Free shell π
Name | URL |
---|---|
FreeShells list | http://www.freeshells.info/ |
Devio.us OpenBSD | http://devio.us/ |
Red-pill | http://shells.red-pill.eu/ |
##Domain reputation π
Name | URL |
---|---|
Domain Analysis | https://github.com/rshipp/awesome-malware-analysis/#domain-analysis |
Zeltser's list | https://zeltser.com/lookup-malicious-websites/ |
Alien Vault | http://www.alienvault.com |
Isithacked | http://www.isithacked.com |
Sucuri | http://sitecheck.sucuri.net/scanner/ |
Trustedsource | http://www.trustedsource.org/ |
urlQuery | http://urlquery.net/search.php |
URLVoid | http://www.urlvoid.com/ |
Haveibeenpwned | http://haveibeenpwned.com/ |
IPVoid | http://www.ipvoid.com/ |
##Mail utilities π¬
Name | URL |
---|---|
10 Minute Mail | http://10minutemail.com |
Spam DB | http://www.dnsbl.info/dnsbl-database-check.php |
Mxtoolbox | http://www.mxtoolbox.com/ |
Open relay | http://www.mailradar.com |
Openresolver JP | http://www.openresolver.jp/en/ |
DKIM validator | http://dkimvalidator.com/ |
##Passwords list π
Name | URL |
---|---|
Skull security list | https://wiki.skullsecurity.org/Passwords |
SecLists | https://github.com/danielmiessler/SecLists/tree/master/Passwords |
Other list | http://www.openwall.com/passwords/wordlists/ |
##Generic utilities π
Will be reorganized
##Defaced websites / Data leak π
Name | URL |
---|---|
URL Find | http://urlfind.org/ |
XSSposed | https://www.xssposed.org/ |
Leakedin | http://www.leakedin.com/ |
##Forensic - Network π
Name | URL |
---|---|
Forensic tools | http://forensicswiki.org/wiki/Tools |
Windows tools list | http://forensic-proof.com/tools |
More forensic links | http://www.amanhardikar.com/mindmaps/ForensicChallenges.html |
Wireshark extentions | https://www.honeynet.org/project/WiresharkExtensions |
GNU/Linux monitoring | https://blog.serverdensity.com/80-linux-monitoring-tools-know/ |
Anti forensic Windows | https://www.reddit.com/r/security/ |
Testing Images | http://dftt.sourceforge.net/ |
##IP List
Name | URL |
---|---|
BGP Toolkit | http://bgp.he.net/ |
Check-host | http://check-host.net/ |
Nirsoft country IP | http://www.nirsoft.net/countryip/ |
Wikiscan | http://fr.wikiscan.org/plage-ip |
Malicious IP | https://zeltser.com/malicious-ip-blocklists/ |
##VPN List
Name | URL |
---|---|
Comparaison | https://docs.google.com/spreadsheets/d/1FJTvWT5RHFSYuEoFVpAeQjuQPU4BVzbOigT0xebxTOw/ |
##Web browser test
Name | URL |
---|---|
Location test | https://www.dnsleaktest.com/ |
Location test | https://ipleak.net/ |
Fingerprint | https://amiunique.org/ |
Fingerprint | https://panopticlick.eff.org/ |
SSL | https://www.ssllabs.com/ssltest/viewMyClient.html |
User agent | http://whatsmyuseragent.com/ |
Referer | https://www.whatismyreferer.com/ |
Flash | http://isflashinstalled.com/ |
##Fingerprint
Name | URL |
---|---|
Robtex | https://www.robtex.com/dns/ |
Netcraft | http://www.netcraft.com/ |
TCP utils | http://www.tcpiputils.com/ |
DNS stuff | http://www.dnsstuff.com/ |
Into dns | http://www.intodns.com/ |
Web archive | https://web.archive.org/web/*/ |
Web cookies | http://webcookies.org/cookies/ |
##SSL
Name | URL |
---|---|
Qualys SSL Labs | https://www.ssllabs.com/ssltest/ |
Htbridge | https://www.htbridge.com/ssl/ |
SSLAnalyzer Comodoca | https://sslanalyzer.comodoca.com/ |
Freak | https://freakattack.com/ |
Heartbleed | http://heartbleed.com/,https://filippo.io/Heartbleed/ |
Logjam | https://weakdh.org/sysadmin.html |
Poodle | https://poodle.io/,https://www.poodlescan.com/ |
##Tor resources
Name | URL |
---|---|
Tor Project | https://www.torproject.org/ |
Know exit nodes | https://check.torproject.org/exit-addresses |
Tor status | https://torstatus.blutmagie.de/ |
Torsocks | https://gitweb.torproject.org/torsocks.git |
Tor Hidden Services ".onion" search | http://www.ahmia.fi |
Onion Mail | http://onionmail.info/ |
Tails | https://blog.torproject.org/blogs/tails |
##Fun
Name | URL |
---|---|
Norse map | http://map.norsecorp.com/ |
Fire eye map | https://www.fireeye.com/cyber-map/threat-map.html |
Kaspersky map | https://apt.securelist.com/ |
Eset map | http://www.virusradar.com/ |
DDoS attacks | http://www.digitalattackmap.com/ |
Submarine cable | http://lifewinning.com/submarine-cable-taps/ |
Flight radar | https://www.flightradar24.com |