Home

Awesome

Security list for fun and profit

Inspired by http://www.nothink.org/utilities.php

Table of Contents


Awesome lists :+1:

NameURL
Androidhttps://github.com/ashishb/android-security-awesome
Curated list of awesome listshttps://github.com/sindresorhus/awesome :star:
Fuzzinghttps://github.com/secfigo/Awesome-Fuzzing
Hacking listhttps://github.com/Hack-with-Github/Awesome-Hacking :star::star::star:
Honeypotshttps://github.com/paralax/awesome-honeypots :star:
Incident responsehttps://github.com/meirwah/awesome-incident-response/ :star::star:
Indicators of compromisehttps://github.com/sroberts/awesome-iocs
Info sechttps://github.com/rmusser01/Infosec_Reference
Malware analysishttps://github.com/rshipp/awesome-malware-analysis/ :star::star::star:
Personal Securityhttps://github.com/Lissy93/personal-security-checklist
Red teamhttps://github.com/yeyintminthuhtut/Awesome-Red-Teaming
Reversinghttps://github.com/fdivrp/awesome-reversing
Securityhttps://github.com/sbilly/awesome-security
Threat intelligencehttps://github.com/hslatman/awesome-threat-intelligence
Webhttps://github.com/qazbnm456/awesome-web-security/ https://github.com/infoslack/awesome-web-hacking

Books :books:

NameURL
Free programming bookshttps://github.com/EbookFoundation/free-programming-books
Recommended Readinghttp://dfir.org/?q=node/8

Bug bounty :chocolate_bar:

NameURL
Bounty factoryhttps://bountyfactory.io
Bugcrowdhttps://bugcrowd.com/programs
Googlehttps://www.google.com/about/appsecurity/reward-program/
HackerOnehttps://hackerone.com :star:
List of bug bountyhttps://www.bugcrowd.com/bug-bounty-list/
Microsofthttps://technet.microsoft.com/en-us/security/dn425036
Open bug bountyhttps://www.openbugbounty.org/
Programs and write-upshttps://github.com/djadmin/awesome-bug-bounty
Write-upshttps://github.com/ngalongc/bug-bounty-reference
Zerodiumhttps://www.zerodium.com/ :moneybag::trollface:

Cheat sheets :+1:

NameURL
General cheat sheetshttp://www.cheat-sheets.org/ :star:
Owasp serieshttps://github.com/OWASP/CheatSheetSeries :star::star:
Packet lifehttp://packetlife.net/library/cheat-sheets/
Penetration testhttps://highon.coffee/blog/penetration-testing-tools-cheat-sheet/
Pentest monkeyhttp://pentestmonkey.net
SANS Forensichttps://digital-forensics.sans.org/community/cheat-sheets
Security Onionhttps://github.com/Security-Onion-Solutions/security-onion/wiki/Cheat-Sheet
Zeltser's cheat sheets listhttps://zeltser.com/cheat-sheets/

CTF :triangular_flag_on_post:

NameURL
Awesome CTFhttps://github.com/apsdehal/awesome-ctf :star::star:
CTFd platformhttps://github.com/CTFd/CTFd :star:
CTF PADhttps://github.com/StratumAuhuur/CTFPad
CTF TIMEhttps://ctftime.org/
Mellivora platformhttps://github.com/Nakiami/mellivora :star:
Platform listhttps://github.com/We5ter/Awesome-Platforms/blob/master/CTF-Platforms.md
Reddithttps://www.reddit.com/r/securityctf
Tools listhttps://github.com/Laxa/HackingTools
Tools listhttps://github.com/zardus/ctf-tools
Write-upshttps://github.com/ctfs

Decoder/Converter/Beautifier :hurtrealbad:

NameURL
Code beautifierhttp://codebeautify.org/
Converterhttps://github.com/koczkatamas/koczkatamas.github.io
Cyber Chefhttps://gchq.github.io/CyberChef/ :fork_and_knife::star::star::star:
JSUnpackhttps://github.com/urule99/jsunpack-n
JSBeautifierhttp://jsbeautifier.org/ :star:
Jjencodehttp://utf-8.jp/public/jjencode.html
JS deobfuscatehttps://github.com/sevzero/honeybadger
VB code beautifierhttp://www.vbindent.com/

Domain name Research / Analysis / Reputation :chart_with_downwards_trend:

NameURL
Archivehttps://archive.is/
Archivehttps://web.archive.org/ :star:
BGP Toolkithttp://bgp.he.net/ :star:
Biggest DNS historyhttps://securitytrails.com/list/ip/$IP :star:
Cache pagehttp://www.cachedpages.com/
Cache viewhttp://cachedview.com/
Checking multiple blocklistshttp://rbls.org/ :star:
DGA introhttps://en.wikipedia.org/wiki/Domain_generation_algorithm
DNS Blacklistshttps://raw.githubusercontent.com/zbetcheckin/DNSBLs/master/active_dnsbls.txt
DNS dumpsterhttps://dnsdumpster.com/
DNS Propagation Checkerhttps://www.whatsmydns.net/
DNS stuffhttp://www.dnsstuff.com/
Domain analysis listhttps://github.com/rshipp/awesome-malware-analysis/#domain-analysis
Domain hijacking introhttps://en.wikipedia.org/wiki/Domain_hijacking
Expired domainhttps://www.expireddomains.net/backorder-expired-domains/
Googlehttps://www.google.com/transparencyreport/safebrowsing/diagnostic/
Into dnshttp://www.intodns.com/
Multi RBLhttp://multirbl.valli.org/lookup/ :star:
MXToolBoxhttps://mxtoolbox.com/SuperTool.aspx#
Netcrafthttp://www.netcraft.com/
Reverse Whoishttps://reversewhois.domaintools.com/
Robtexhttps://www.robtex.com/dns/
Sucurihttp://sitecheck.sucuri.net/scanner/
TCP utilshttp://www.tcpiputils.com/
Threat loghttp://www.threatlog.com/
Threat minerhttps://www.threatminer.org/
Top-Level Domains listhttps://data.iana.org/TLD/tlds-alpha-by-domain.txt :star:
Trusted sourcehttp://www.trustedsource.org/
URL Queryhttp://urlquery.net/ :star:
URL scanhttps://urlscan.io/ :star:
URL shorter listhttps://mirror1.malwaredomains.com/files/url_shorteners.txt
URL Voidhttp://www.urlvoid.com/
Virus totalhttps://www.virustotal.com/#url
Whois - ARINhttps://whois.arin.net/
Whois - LACNIChttp://lacnic.net/cgi-bin/lacnic/whois
Whois - RIPE NCChttps://apps.db.ripe.net/search/query.html
Whois - AFRINIChttp://www.afrinic.net/fr/services/whois-query
Whois - APNIChttp://wq.apnic.net/apnic-bin/whois.pl
Whois by registrant namehttp://viewdns.info/reversewhois/
Zeltser's listhttps://zeltser.com/lookup-malicious-websites/

Exploits and vulnerabilities :door:

NameURL
CVEdetailshttp://www.cvedetails.com/ :star:
CVE.mitrehttps://cve.mitre.org/ :star:
Full disclosurehttp://seclists.org/fulldisclosure/
See bughttps://www.seebug.org/ :star:
CXSecurityhttps://cxsecurity.com/ :star:
Inj3ct0rhttp://0day.today/
Packet Stormhttps://packetstormsecurity.com/files/tags/exploit/
Exploit-dbhttp://www.exploit-db.com
Vulnerability-labhttp://www.vulnerability-lab.com/
Vulndbhttps://vuldb.com/?archive.2016
Vulnershttps://vulners.com/search?query=order:published
Backdoor - TCP-32764https://github.com/elvanderb/TCP-32764
Rapid7 DBhttps://www.rapid7.com/db/modules/
NISThttp://web.nvd.nist.gov/
Security focushttp://www.securityfocus.com/vulnerabilities
Country compatibilityhttps://cve.mitre.org/compatible/country.html
Mailing listhttps://nmap.org/mailman/listinfo/fulldisclosure
Mail receivedhttp://lists.openwall.net/full-disclosure/2016/
Mailing listhttp://seclists.org/
Mailing listhttps://lists.debian.org/debian-security-announce/
CVSS FIRSThttps://www.first.org/cvss/calculator/3.0
CVSS NISThttps://nvd.nist.gov/cvss/v3-calculator

Forensic :mag:

NameURL
Aldeid listhttps://www.aldeid.com/wiki/Category:Digital-Forensics
Awesome forensichttps://github.com/Cugu/awesome-forensics
CFReDShttp://www.cfreds.nist.gov/ :star:
DFRWS challengehttp://www.dfrws.org/dfrws-forensic-challenge-2016
File signatureshttps://en.wikipedia.org/wiki/List_of_file_signatures
File signatureshttp://www.filesignatures.net/index.php?page=all
File signatureshttp://www.garykessler.net/library/file_sigs.html
Forensic kb practicalhttp://www.forensickb.com/2008/01/forensic-practical.html
Forensic toolshttps://forensics.cert.org/
Forensic - Technical graphhttp://www.amanhardikar.com/mindmaps/ForensicChallenges.html
Learn with David Cowenhttps://www.youtube.com/channel/UCZ7mQV3j4GNX-LU1IKPVQZg
Package - DEFThttp://www.deftlinux.net/package-list/
Package - forensic-allhttps://packages.debian.org/stretch/forensics-all :star::star:
Testing Imageshttp://dftt.sourceforge.net/
Tools - DFIRhttp://www.dfir.training/index.php/tools/ :star:
Tools - Forensics wikihttp://forensicswiki.org/wiki/Tools
Tools - NISThttps://toolcatalog.nist.gov/taxonomy/index.php
Windows toolshttps://ericzimmerman.github.io/
Windows tools listhttp://forensic-proof.com/tools
Windows Artifacthttps://blogs.sans.org/computer-forensics/
Write blockerhttp://www.cftt.nist.gov/software_write_block.htm
Write blockerhttps://github.com/msuhanov/Linux-write-blocker
Zythom listhttps://zythom.blogspot.se/2007/02/les-outils-dun-expert-judiciaire.html :fr:

Free shell :shell:

NameURL
FreeShells listhttp://www.freeshells.info/
Red-pillhttp://shells.red-pill.eu/

Fun :trollface:

NameURL
Akamai maphttps://www.akamai.com/us/en/resources/visualizing-akamai/real-time-web-monitor.jsp :earth_americas:
BGP streamhttps://bgpstream.com/ :earth_americas:
Bitdefender maphttps://threatmap.bitdefender.com/ :earth_americas:
Blueliv maphttps://community.blueliv.com/map/ :earth_americas:
Checkpoint maphttps://threatmap.checkpoint.com/ :earth_americas:
DDoS attackshttp://www.digitalattackmap.com/ :trollface:
Dead dropshttps://deaddrops.com/db/ :floppy_disk::skull:
Dshield maphttps://dshield.org/threatmap.html :earth_americas:
Eset maphttp://www.virusradar.com/ :earth_americas:
Fire eye maphttps://www.fireeye.com/cyber-map/threat-map.html :earth_americas:
Flight radarhttps://www.flightradar24.com :airplane:
Fortinet maphttps://threatmap.fortiguard.com/ :earth_americas:
HE mapshttps://he.net/3d-map/ :earth_americas:
Kaspersky AV maphttps://cybermap.kaspersky.com/ :earth_americas:
Kaspersky maphttps://apt.securelist.com/ :earth_americas:
Mozilla location service maphttps://location.services.mozilla.com/map :earth_americas:
Open IP video camerashttp://www.insecam.org/ :video_camera::see_no_evil:
Pwnie Awardshttp://pwnies.com/nominations/ :horse:
Sub marine cablehttp://www.submarinecablemap.com/ :anchor:
Sub marine cablehttp://submarine-cable-map-2016.telegeography.com/ :anchor:
Sub marine cablehttp://lifewinning.com/submarine-cable-taps/ :anchor:
Threat butthttps://threatbutt.com/map/ :earth_americas::clown_face:
Tor flow maphttps://torflow.uncharted.software :earth_americas:
Trendmicro maphttps://botnet-cd.trendmicro.com/ :earth_americas:
World of VNChttps://worldofvnc.net/ :santa:

Generic utilities :file_folder:

Will be reorganized</sub>

NameURL
Abuse Contact DBhttps://www.abusix.com/contactdb :closed_book:
CERT teamshttps://www.first.org/about/organization/teams
Citizen labhttps://citizenlab.org/
Code analysiseshttps://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis
Codepadhttp://codepad.org/
Crypto currencyhttps://coinmarketcap.com
Deepwebhttps://www.reddit.com/r/deepweb/
Electronic Frontier Foundationhttps://www.eff.org/
Face generatorhttps://www.thispersondoesnotexist.com/
Fake IDhttp://www.fakenamegenerator.com/
Hackforumhttp://hackforums.net/ :trollface:
Hardened BSDhttps://hardenedbsd.org/content/easy-feature-comparison
Hashes examplehttps://hashcat.net/wiki/doku.php?id=example_hashes
Mibbithttp://www.mibbit.com/
Microsoft threathttp://www.microsoft.com/security
MIME typeshttps://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types/Complete_list_of_MIME_types
MIME typeshttps://slick.pl/kb/htaccess/complete-list-mime-types/
MIME typeshttps://www.iana.org/assignments/media-types/media-types.xhtml :star:
Mindmapshttp://www.amanhardikar.com/mindmaps.html :star::star::star:
Random data generatorhttp://www.mockaroo.com/
Sanshttp://isc.sans.edu/diary/ :star::star:
Security wikihttp://oss-security.openwall.org/wiki/
Understand your commandshttps://explainshell.com/ :star:

GNU/Linux

NameURL
Chkrootkithttps://packages.debian.org/en/jessie/chkrootkit
Command collectionhttps://github.com/tuwid/GNU-Linux-OpsWiki
Debsecanhttps://packages.debian.org/en/jessie/debsecan
GNU/Linux containershttps://github.com/Friz-zy/awesome-linux-containers#security
GNU/Linux executable walkthroughhttps://i.imgur.com/q5nyHp7.png
GNU/Linux post exploitationhttps://github.com/mubix/post-exploitation/wiki/Linux-Post-Exploitation-Command-List :star:
GNU/Linux workstationhttps://github.com/lfit/itpol/blob/master/linux-workstation-security.md :star::star:
Kernel exploitationhttps://github.com/xairy/linux-kernel-exploitation
Lynishttps://packages.debian.org/en/jessie/lynis
RE 101https://github.com/michalmalik/linux-re-101
RKhunterhttps://packages.debian.org/en/jessie/rkhunter :star:
Securing debianhttps://www.debian.org/doc/manuals/securing-debian-howto/ch10.en.html :star:
Vulnerability scannerhttps://github.com/future-architect/vuls

Honeypots :honey_pot:

NameURL
Awesome list - All of them !https://github.com/paralax/awesome-honeypots#honeypots :star::star:
Honeynethttps://honeynet.org/project
Live nothinkhttp://www.nothink.org/honeypots.php

IP Research / Analysis / Investigation

NameURL
Abuse IP DBhttps://www.abuseipdb.com/
BGP Toolkithttp://bgp.he.net/ :star:
Bing dorkip:$IP
Black List Alerthttp://www.blacklistalert.org/
Black List Checkhttp://whatismyipaddress.com/blacklist-check/
Check hosthttp://check-host.net/
FireHOL IP listhttps://github.com/firehol/blocklist-ipsets :star:
Google dork"$IP"
Host filehttps://hosts-file.net/
IP voidhttp://www.ipvoid.com/
Multi RBLhttp://multirbl.valli.org/lookup/ :star:
Nirsoft country IPhttp://www.nirsoft.net/countryip/
Project Honeypothttps://www.projecthoneypot.org/search_ip.php
RIPE stathttps://stat.ripe.net/
Spamhaushttps://www.spamhaus.org/lookup/
Virus totalhttps://www.virustotal.com/gui/search/$IP
Whatch Guardhttp://www.reputationauthority.org/

Leak / Defaced :ambulance:

NameURL
Biggest db leakshttps://cdn.databases.today/
Breach alarmhttps://breachalarm.com/
Darknet leakshttps://darknetleaks.ru/archive/leaked/dumps/
Hacked emailshttps://hacked-emails.com/
Have I been pwnedhttps://haveibeenpwned.com/
Isithackedhttp://www.isithacked.com
Leakedinhttp://www.leakedin.com/
Siph0nhttps://twitter.com/datasiph0n
Zone-Hhttps://zone-h.org/

Learning / Exercises :mortar_board:

NameURL
Awesome traininghttp://opensecuritytraining.info/Training.html :star::star:
Cybrary traininghttps://www.cybrary.it/
Essential basicshttps://github.com/alex/what-happens-when :star::star:
Exploitshttps://thesprawl.org/research/
F-Secure traininghttps://moocfi.github.io/courses/2017/cybersecurity/
Malware Analysis coursehttps://github.com/RPISEC/Malware :star::star:
Malware traffic traininghttp://www.malware-traffic-analysis.net/training-exercises.html :star:
Practical analysishttps://practicalmalwareanalysis.com/labs/
Reverse - Malwarehttp://fumalwareanalysis.blogspot.se/p/malware-analysis-tutorials-reverse.html
Security courseshttps://bitvijays.github.io/ :star:
Security traininghttps://github.com/rmusser01/Infosec_Reference/blob/master/Draft/Courses_Training.md
Security talkshttps://github.com/PaulSec/awesome-sec-talks :star:

Lock picking :closed_lock_with_key:

NameURL
Awesome lockpickinghttps://github.com/meitar/awesome-lockpicking
Lock pick guidehttp://lockpickguide.com :star:
Bosnianbill videohttps://www.youtube.com/user/bosnianbill/videos :star:
Lock labhttps://lock-lab.com/
Lock wikihttp://www.lockwiki.com/

Mail utilities :mailbox_with_mail:

NameURL
10 Minute Mailhttp://10minutemail.com
DNSBLhttps://en.wikipedia.org/wiki/DNSBL
DKIM validatorhttp://dkimvalidator.com/
Email reconhttps://github.com/laramies/theHarvester
Get air mailhttp://en.getairmail.com/
Google Phishing quizhttps://phishingquiz.withgoogle.com/ :star::e-mail::bar_chart:
Gophishhttps://github.com/gophish/gophish
Mailinatorhttps://www.mailinator.com/ # https://gist.github.com/nocturnalgeek/1b8fa44283314544c487
Mailnesiahttp://mailnesia.com/
Mailcatchhttp://mailcatch.com/
Mxtoolboxhttp://www.mxtoolbox.com/
Open phishhttps://openphish.com/ :star:
Openresolver JPhttp://www.openresolver.jp/en/
Phishing Frameworkhttps://github.com/pentestgeek/phishing-frenzy
Phish tankhttp://www.phishtank.com/ :star:
SimplyEmailhttps://github.com/killswitch-GUI/SimplyEmail
Spam DBhttp://www.dnsbl.info/dnsbl-database-check.php
Spam encode secrethttp://spammimic.com/encode.cgi
SpeedPhish Frameworkhttps://github.com/tatanus/SPF
Yop mailhttp://www.yopmail.com/

Malicious traffic detection :vertical_traffic_light:

NameURL
10 strategies cyber ops centerpr-13-1028-mitre-10-strategies-cyber-ops-center.pdf
Awesome threat detectionhttps://github.com/0x4D31/awesome-threat-detection
Maltrailhttps://github.com/stamparm/maltrail
Packetbeathttps://www.elastic.co/products/beats/packetbeat
p0fhttp://lcamtuf.coredump.cx/p0f3/
Tsusenhttps://github.com/stamparm/tsusen

Malware / Botnet sources :angel:

NameURL
0btemoslab trackerhttp://tracker.0btemoslab.com/
Abuse CHhttps://www.abuse.ch/
Benkow.cc trackerhttp://benkow.cc/
Botnet.frhttps://www.botnets.fr/wiki/Main_Page
Clean MXhttp://support.clean-mx.de/clean-mx/viruses.php
Contagiohttp://contagiodump.blogspot.se/
Custom Google search enginehttps://cse.google.com/cse/home?cx=011750002002865445766%3Apc60zx1rliu (from Corey Harrell)
Cybercrime trackerhttp://cybercrime-tracker.net/
Dont need coffeehttp://malware.dontneedcoffee.com/
Exposed Botnetshttp://www.exposedbotnets.com/
H3X trackerhttp://tracker.h3x.eu/
Malc0dehttp://malc0de.com/database/
No more ransomhttps://www.nomoreransom.org/
Kernel modehttp://www.kernelmode.info
Malware domain listhttp://www.malwaredomainlist.com
Malware domain blocklisthttp://www.malwaredomains.com
Malware museumhttps://archive.org/details/malwaremuseum
Malware srchttps://malwares.github.io/
Malware.luhttps://malware.lu/
Mirai trackerhttps://mirai.security.gives/
MISPhttps://github.com/MISP/MISP
Ransomware overviewhttps://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml#
Ransomware simulatorhttps://shinolocker.com/
Ransomware trackerhttps://ransomwaretracker.abuse.ch/tracker/
SafeGrouphttp://www.malware.pl/ - https://www.scumware.org/
Structured Threat Information eXpressionhttps://stixproject.github.io/
The Zoo aka Malware DBhttps://ytisf.github.io/theZoo/
Total hashhttps://totalhash.cymru.com/
VirusBayhttps://beta.virusbay.io/
VirusSharehttps://virusshare.com/
VX Vaulthttp://vxvault.net/
Yararuleshttps://github.com/Yara-Rules/rules
ZeuS Trackerhttps://zeustracker.abuse.ch

Malware analysis - Sandbox :mask:

NameURL
Zeltser's listhttps://zeltser.com/automated-malware-analysis/
Cuckoo Sandboxhttps://www.cuckoosandbox.org/
Mastiffhttps://github.com/KoreLogicSecurity/mastiff
Fastirhttps://github.com/SekoiaLab/Fastir_Collector
SysAnalyserhttps://github.com/dzzie/SysAnalyzer
Viperhttps://github.com/viper-framework/viper
REMnuxhttp://zeltser.com/remnux/
Zeltser analysishttp://zeltser.com/reverse-malware/automated-malware-analysis.html
Manalyzehttps://github.com/JusticeRage/Manalyze
Quarkslab IRMAhttp://irma.quarkslab.com/
Dorothy2https://github.com/m4rco-/dorothy2
F-Secure seehttps://github.com/F-Secure/see
Noribenhttps://github.com/Rurik/Noriben
Malheurhttps://github.com/rieck/malheur
Drakvufhttps://github.com/tklengyel/drakvuf
Zero Wine Tryoutshttp://zerowine-tryout.sourceforge.net/
RFI sandboxhttps://monkey.org/~jose/software/rfi-sandbox/
Malwasmhttps://github.com/malwarelu/malwasm

Malware analysis - Sandbox - Online :mask:

NameURL
Any.runhttps://any.run/
AVcaesarhttps://avcaesar.malware.lu/
Capehttps://cape.contextis.com/
Comodohttps://cit.valkyrie.comodo.com/
Hybrid analysishttps://www.hybrid-analysis.com/
ID Ransomwarehttps://id-ransomware.malwarehunterteam.com/
Jottihttp://virusscan.jotti.org/it
Joe sandboxhttps://www.joesandbox.com/
Malwareconfighttp://malwareconfig.com/
Malware trackerhttp://www.cryptam.com/
Malwr - Cuckoohttps://malwr.com/
Other listhttp://cleanbytes.net/malware-online-scanners
PDF examinerhttp://www.pdfexaminer.com/
PE dumphttps://github.com/zed-0xff/pedump
Randomly changes Win32/64 PE Fileshttps://github.com/secretsquirrel/recomposer
ViCheckhttps://www.vicheck.ca/
Virscanhttp://www.virscan.org/
VirusTotalhttp://www.virustotal.com/
Virus Total Notifierhttps://github.com/mubix/vt-notify

Mobile :iphone:

NameURL
APK Analzyerhttp://www.apk-analyzer.net/
Droid Sec wikihttp://www.droidsec.org/wiki/
Joebox Cloudhttps://jbxcloud.joesecurity.org/login
Mobile security wikihttps://mobilesecuritywiki.com/ :star:
OWASP Goat Droidhttps://www.owasp.org/index.php/Projects/OWASP_GoatDroid_Project
Sand droidhttp://sanddroid.xjtu.edu.cn
Wiki secmobihttps://github.com/secmobi/wiki.secmobi.com :trophy:

Network

NameURL
Awesome PCAPhttps://github.com/caesar0301/awesome-pcaptools :star:
BGPlayhttps://stat.ripe.net/widget/bgplay :star:
GNU/Linux monitoringhttps://blog.serverdensity.com/80-linux-monitoring-tools-know/
MAC address blockhttp://standards-oui.ieee.org/oui/oui.txt
MAC findhttp://www.coffer.com/mac_find/
MAC findhttp://hwaddress.com
Packet totalhttp://www.packettotal.com/
Ping.euhttp://ping.eu/
Project honeypothttps://www.projecthoneypot.org/
Protocol Numbershttp://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
Publicly PCAP fileshttp://www.netresec.com/?page=PcapFiles
Service Port Number Registryhttps://www.iana.org/assignments/service-names-port-numbers/ :star::star:
Service Port Number Registryhttps://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
Subnet calculatorhttp://www.subnet-calculator.com/cidr.php
Subnet calculatorhttp://www.subnetonline.com/pages/subnet-calculators.php
Security Onion toolshttps://github.com/Security-Onion-Solutions/security-onion/wiki/Tools

OSINT

NameURL
Osint listhttps://github.com/jivoi/awesome-osint :star:
List of social networkhttps://en.wikipedia.org/wiki/List_of_social_networking_websites :star:
Reddithttps://www.reddit.com/r/SocialEngineering/
Maltegohttps://www.paterva.com/
Hunterhttps://hunter.io/
Piplhttps://pipl.com/
Peek you http://www.peekyou.com/
Lullarhttp://com.lullar.com/
Lakakohttp://www.lakako.com/
Yasnihttp://www.yasni.com/
User searchhttps://usersearch.org/
Googlehttps://www.google.com/advanced_search
Google dorksintext:lastName firstName
Google dorksinsubject:lastName firstName
Google dorks`intext:lastName firstName filetype:pdf
Google Scraperhttps://github.com/NikolaiT/GoogleScraper
Binghttps://www.bing.com/
Bing dorkslastName firstName (filetype:doc OR filetype:ppt OR filetype:pps OR filetype:xls OR filetype:docx OR filetype:pptx OR filetype:ppsx OR filetype:xlsx OR filetype:sxw OR filetype:sxc OR filetype:sxi OR filetype:odt OR filetype:ods OR filetype:odg OR filetype:odp OR filetype:pdf OR filetype:wpd OR filetype:svg OR filetype:svgz OR filetype:indd OR filetype:rdp OR filetype:ica)
Yahoohttps://search.yahoo.com/
Duck duck gohttps://duckduckgo.com/
Yandexhttps://www.yandex.com/
Exa leadhttp://www.exalead.com
Osint stalkerhttps://github.com/milo2012/osintstalker
Speed phish frameworkhttps://github.com/tatanus/SPF
Browser exploitation frameworkhttps://github.com/beefproject/beef
The harvesterhttps://github.com/laramies/theHarvester
Meta goofilhttps://github.com/laramies/metagoofil

OS X

NameURL
Awesome OSX & IOS sec listhttps://github.com/ashishb/osx-and-ios-security-awesome
OSX auditorhttps://github.com/jipegit/OSXAuditor
OWASP iGoat Projecthttps://www.owasp.org/index.php/OWASP_iGoat_Project
Security and privacy guidehttps://github.com/drduh/OS-X-Security-and-Privacy-Guide
stronghold - Easily configure MacOS security settings from the terminal.https://github.com/alichtman/stronghold

Passwords :key:

NameURL
CrackStationhttps://crackstation.net/buy-crackstation-wordlist-password-cracking-dictionary.htm
Default passwordhttps://default-password.info/
Default passwordhttps://cirt.net/passwords
Default passwordhttp://www.defaultpassword.com/
Default passwordhttp://www.defaultpassword.us/
Default cameras passwordhttps://github.com/jeanphorn/wordlist/blob/master/README.md
Default password thc-hydrahttps://github.com/vanhauser-thc/thc-hydra/blob/master/dpl4hydra_full.csv
Dafault router passwordhttp://www.cleancss.com/router-default/
Default router passwordhttps://github.com/jeanphorn/wordlist/blob/master/router_default_password.md
Default VoIP passwordhttps://github.com/netbiosX/Default-Credentials/blob/master/VoIP-Default-Password-List.mdown
Fun secure password checkerhttps://password.kaspersky.com/
Hashcat WIKIhttps://hashcat.net/wiki/
Multiple dictionaryhttps://github.com/danielmiessler/SecLists/tree/master/Passwords
Multiple dictionaryhttps://github.com/duyetdev/bruteforce-database
Online CrackStationhttps://crackstation.net
Online Hask Killerhttps://hashkiller.co.uk
Online Hash crackhttp://www.onlinehashcrack.com/
Online MD5 and SHA1 dbhttp://hashtoolkit.com/
OpenWallhttp://www.openwall.com/passwords/wordlists/ or ftp://ftp.openwall.com/pub/wordlists/
Outpost9http://www.outpost9.com/files/WordLists.html
Packets stormhttps://packetstormsecurity.com/Crackers/wordlists/
Password researchhttp://www.passwordresearch.com/
Programming - Secure Password Storagehttps://paragonie.com/blog/2016/02/how-safely-store-password-in-2016
SecListshttps://github.com/danielmiessler/SecLists/tree/master/Passwords
Skull securityhttps://wiki.skullsecurity.org/Passwords
SSH dictionaryhttps://github.com/droope/pwlist

Penetration testing :wrench:

NameURL
Awesome pentesthttps://github.com/enaqx/awesome-pentest
Awesome WAFhttps://github.com/0xInfection/Awesome-WAF
Footprinting - Procedure & toolshttp://www.0daysecurity.com/penetration-testing/network-footprinting.html
GNU/Linux privilege escalationhttps://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/ :star:
Informaion gathering - Toolshttp://www.w4rri0r.com/hacking-tools-windows-os-x-linux-android-solaris-unixware/information-gathering.html
IppSec channelhttps://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA
Organization of the Standardhttp://www.pentest-standard.org/index.php/Main_Page :star:
Owasp - Check listhttps://www.owasp.org/index.php/Testing_Checklist
Owasp testing guidehttps://www.owasp.org/images/1/19/OTGv4.pdf :star::star:
Owasp - toolshttps://www.owasp.org/index.php/Category:OWASP_Tool
Public pentest reportshttps://github.com/juliocesarfort/public-pentesting-reports :star:
Python tools for pentesthttps://github.com/dloss/python-pentest-tools
Report samplehttps://www.offensive-security.com/reports/sample-penetration-testing-report.pdf
Reverse engineeringhttp://wiki.yobi.be/wiki/Reverse-Engineering
SANS Penetration Testinghttp://pen-testing.sans.org
Services enumerationhttp://www.0daysecurity.com/penetration-testing/enumeration.html :star:
Tools - BlackArch listhttps://blackarch.org/tools.html
Tools - Great listhttp://wiki.yobi.be/wiki/Table_of_contents#Security
Tools - Kali listhttp://tools.kali.org/tools-listing
Webhttp://www.w4rri0r.com/hacking-tools-windows-os-x-linux-android-solaris-unixware/web-application-analysis.html
Web vulnerabilitieshttp://www.w4rri0r.com/hacking-tools-windows-os-x-linux-android-solaris-unixware/vulnerability-assessment.html
Webshell listhttps://github.com/tennc/webshell

Port scanners :dart: && Wide Scans :statue_of_liberty:

NameURL
Masscanhttps://github.com/robertdavidgraham/masscan
Masscan Defcon conferencehttps://defcon.org/
Network Scan Monhttps://scan.netlab.360.com/#/dashboard
Nmaphttps://nmap.org/7/
Nscanhttps://github.com/OffensivePython/Nscan
PFRinghttps://github.com/ntop/PF_RING
Rapid7 Sonar Labshttps://sonar.labs.rapid7.com/
Rapid7 Sonar Blackhat conferencehttps://www.blackhat.com/
Scans.iohttps://scans.io/
Shadowserverhttps://www.shadowserver.org/ :star::star::star::star:
Sonar similar projectshttps://github.com/rapid7/sonar/wiki/Similar-Projects
Trending Portshttps://isc.sans.edu/trends.html
Zmaphttps://zmap.io/
Zgrabhttps://github.com/zmap/zgrab

Search engines :satellite:

NameURL
ZoomEyehttps://zoomeye.org/ :star::cn:
Shodanhttps://www.shodan.io/
Censyshttps://censys.io/
Gegerekahttp://gegereka.com/ (not always up)
Googlehttps://www.google.com/advanced_search
Google dorkshttps://gist.github.com/zbetcheckin/04e6a5d7f2d5ef8cfa3c298701f47f9c
List of search engineshttps://en.wikipedia.org/wiki/List_of_search_engines
Threat crowdhttps://www.threatcrowd.org/

Security challenges / WarGames :triangular_flag_on_post:

NameURL
Zenk-Securityhttps://www.zenk-security.com/
Root-Mehttp://www.root-me.org/
Overthewirehttp://overthewire.org/wargames/
Reversinghttp://reversing.kr/
Pwnablehttp://pwnable.kr/
Newbiecontesthttps://www.newbiecontest.org/
OWASP VWAD listhttps://github.com/OWASP/OWASP-VWAD/
WeChallhttps://www.wechall.net/
Vulnhubhttps://www.vulnhub.com/ :star:
Net Garagehttp://io.netgarage.org/
SmashTheStackhttp://smashthestack.org/
Hackthissitehttp://www.hackthissite.org/
Hack.mehttps://hack.me
HackThis!http://www.hackthis.co.uk/
Backdoor.Sdslabshttps://backdoor.sdslabs.co/
Bright-shadowshttp://www.bright-shadows.net/
SmashTheStackhttp://smashthestack.org/
Ringzer0teamhttps://ringzer0team.com/challenges
Forensic contesthttp://forensicscontest.com/puzzles
Lost challhttp://www.lost-chall.org/
Rankkhttp://www.rankk.org/
Happy Securityhttp://www.happy-security.de/
Net forcehttps://www.net-force.nl/challenges/
CanYouHack.ithttp://canyouhack.it/
Hellboundhackershttps://www.hellboundhackers.org/
Microcorruptionhttps://microcorruption.com/

Skimmer :black_joker:

NameURL
Skimmer source from Krebshttps://krebsonsecurity.com/all-about-skimmers/
Great reverse engineering on skimmerhttps://trustfoundry.net/reverse-engineering-a-discovered-atm-skimmer/

SSH

NameURL
Bruteforce know hostshttps://github.com/Churro/bruteforce-known-hosts
OpenSSH guidelineshttps://wiki.mozilla.org/Security/Guidelines/OpenSSH
SSH audithttps://github.com/arthepsy/ssh-audit.git
SSH audit onlinehttps://sshcheck.com
Who's therehttps://github.com/FiloSottile/whosthere

SSL

NameURL
Certificate searchhttps://crt.sh
Bad SSLhttps://github.com/chromium/badssl.com
Htbridge - Online analysishttps://www.htbridge.com/ssl/
Mozilla SSL Configuration Generatorhttps://mozilla.github.io/server-side-tls/ssl-config-generator/
Observatory by Mozilla - Online analysishttps://observatory.mozilla.org/ :star::star::star::star:
O-Saft - Toolshttps://www.owasp.org/index.php/O-Saft
OWASP tests - Procedurehttps://www.owasp.org/index.php/Testing_for_Weak_SSL/TLS_Ciphers
Qualys SSL Labs - Online analysishttps://www.ssllabs.com/ssltest/
SSLscan - Toolshttps://github.com/rbsec/sslscan
SSLyze - Toolshttps://github.com/iSECPartners/sslyze
Testssl.sh - Toolshttps://github.com/drwetter/testssl.sh :star:

TOR

NameURL
Hidden serviceshttps://www.torproject.org/docs/hidden-services.html.en
Hidden services scannerhttps://github.com/superp00t/sadonion
Reddithttps://www.reddit.com/r/onions/
Scan Onion Serviceshttps://github.com/s-rah/onionscan
Search engine - Gramshttp://grams7enufi7jmdl.onion/
Search engine - Ahmiahttps://ahmia.fi/
Search engine - TORCHhttp://xmh57jrzrnw6insl.onion/
Search engine - DuckDuckGohttp://3g2upl4pq6kufc4m.onion/
Tailshttps://tails.boum.org/
The hidden wikihttps://thehiddenwiki.org/
Tolerant ISP for exit nodehttps://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs
Tor Browser Fingerprinthttps://github.com/jonaslejon/tor-fingerprint
Tor Bulk exit listhttps://check.torproject.org/cgi-bin/TorBulkExitList.py
Tor IP historyhttps://exonerator.torproject.org/
Tor Know exit nodeshttps://check.torproject.org/exit-addresses
Tor Projecthttps://www.torproject.org/
Tor Relays bandwidthhttps://github.com/TheTorProject/bwscanner
Tor Sockshttps://gitweb.torproject.org/torsocks.git
Tor Statushttps://torstatus.blutmagie.de/
URL onion inspectorhttps://github.com/k4m4/onioff

VOIP :phone:

NameURL
Penetration testhttp://0daysecurity.com/penetration-testing/VoIP-security.html

VPN

NameURL
Open VPNhttps://github.com/OpenVPN
Comparisonhttps://thatoneprivacysite.net/vpn-comparison-chart/
Location testhttps://www.dnsleaktest.com/
Location testhttps://ipleak.net/

Vulnerable environments :unlock:

NameURL
Owasp listhttps://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project/Pages/Offline
Owasp BWAhttps://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project
DVWAhttp://www.dvwa.co.uk/
WebGoathttp://code.google.com/p/webgoat
Metasploitable 3https://github.com/rapid7/metasploitable3/wiki
Vulnerable systems listhttps://www.amanhardikar.com/mindmaps/Practice.html :star:
VulnHubhttp://vulnhub.com/
LampSecurityhttp://sourceforge.net/projects/lampsecurity/
Hackademic-RTB1http://www.aldeid.com/wiki/Hackademic-RTB1
Mothhttp://www.bonsai-sec.com
Peruggiahttp://sourceforge.net/projects/peruggia/

Web browser

NameURL
Amiunique projecthttps://github.com/DIVERSIFY-project/amiunique
Browser exploithttps://github.com/julienbedard/browsersploit
Browser infohttp://www.browser-info.net/
Browser leakshttps://www.browserleaks.com/
Browser recommendationshttps://gist.github.com/atcuno/3425484ac5cce5298932 :star:
Browserlinghttps://www.browserling.com/
Fingerprinthttps://amiunique.org/
Fingerprinthttps://panopticlick.eff.org/
Flashhttp://isflashinstalled.com/
Refererhttps://www.whatismyreferer.com/
SSLhttps://www.ssllabs.com/ssltest/viewMyClient.html
URL Shorter Listhttps://bit.do/list-of-url-shorteners.php
User agenthttp://useragentstring.com/pages/useragentstring.php
User agenthttp://whatsmyuseragent.com/
User agenthttps://www.projecthoneypot.org/robot_useragents.php
User agenthttps://www.whatismybrowser.com/developers/tools/user-agent-parser/browse
Web technologies support tableshttps://caniuse.com/

Windows

NameURL
Anti forensic Windowshttps://www.reddit.com/r/security/comments/32fb1l/open_guide_to_scrubbing_windows_oss_from_forensic/
Security developmenthttps://github.com/ExpLife0011/awesome-windows-kernel-security-development
Windows executable walkthroughhttps://i.imgur.com/pHjcI.png
Windows exploitationhttps://github.com/r3p3r/nixawk-awesome-windows-exploitation
Windows hardeninghttps://github.com/PaulSec/awesome-windows-domain-hardening

Wireless / Radio :signal_strength:

NameURL
Awesome wifi tools listhttps://github.com/0x90/wifi-arsenal
Penetration testhttp://0daysecurity.com/penetration-testing/wireless-penetration.html
Great wifi maphttps://wigle.net/
RFSec-ToolKithttps://github.com/cn0xroot/RFSec-ToolKit
RTL-SDRhttp://www.rtl-sdr.com/
Wireless in airportshttps://www.google.com/maps/d/viewer?mid=1Z1dI8hoBZSJNWFx2xr_MMxSxSxY