This repository is a collection of various materials and tools that I use every day in my work. It contains a lot of useful information gathered in one piece. It is an invaluable source of knowledge for me that I often look back on.
๐ป For whom?
For everyone, really. Here everyone can find their favourite tastes. But to be perfectly honest, it is aimed towards System and Network administrators, DevOps, Pentesters, and Security Researchers.
โน๏ธ Contributing
If you find something which doesn't make sense, or something doesn't seem right, please make a pull request and please add valid and well-reasoned explanations about your changes or comments.
A few simple rules for this project:
inviting and clear
not tiring
useful
These below rules may be better:
easy to contribute to (Markdown + HTML ...)
easy to find (simple TOC, maybe it's worth extending them?)
Url marked * is temporary unavailable. Please don't delete it without confirming that it has permanently expired.
Before adding a pull request, please see the contributing guidelines. You should also remember about this:
+ This repository is not meant to contain everything but only good quality stuff.
All suggestions/PR are welcome!
Code Contributors
This project exists thanks to all the people who contribute.
Financial Contributors
Individuals
Become a financial contributor and help us sustain our community ยป contribute.
Organizations
Support this project with your organization. Your logo will show up here with a link to your website ยป contribute.
๐ Support
If this project is useful and important for you or if you really like the-book-of-secret-knowledge, you can bring positive energy by giving some good words or supporting this project. Thank you!
๐ฐ RSS Feed & Updates
GitHub exposes an RSS/Atom feed of the commits, which may also be useful if you want to be kept informed about all changes.
โ๏ธ ToDo
Add new stuff...
Add useful shell functions
Add one-liners for collection tools (eg. CLI Tools)
๐ธGNU Bash - is an sh-compatible shell that incorporates useful features from the Korn shell and C shell. ๐ธZsh - is a shell designed for interactive use, although it is also a powerful scripting language. ๐ธtclsh - is a very powerful cross-platform shell, suitable for a huge range of uses. ๐ธbash-it - is a framework for using, developing and maintaining shell scripts and custom commands. ๐ธOh My ZSH! - is the best framework for managing your Zsh configuration. ๐ธOh My Fish - the Fishshell framework. ๐ธStarship - the cross-shell prompt written in Rust. ๐ธpowerlevel10k - is a fast reimplementation of Powerlevel9k ZSH theme.
โช๏ธ Managers
๐ธMidnight Commander - is a visual file manager, licensed under GNU General Public License. ๐ธranger - is a VIM-inspired filemanager for the console. ๐ธnnn - is a tiny, lightning fast, feature-packed file manager. ๐ธscreen - is a full-screen window manager that multiplexes a physical terminal. ๐ธtmux - is a terminal multiplexer, lets you switch easily between several programs in one terminal. ๐ธtmux-cssh - is a tool to set comfortable and easy to use functionality, clustering and synchronizing tmux-sessions.
โช๏ธ Text editors
๐ธvi - is one of the most common text editors on Unix. ๐ธvim - is a highly configurable text editor. ๐ธemacs - is an extensible, customizable, free/libre text editor - and more. ๐ธmicro - is a modern and intuitive terminal-based text editor. ๐ธneovim - is a free open source, powerful, extensible and usable code editor. ๐ธspacemacs - a community-driven Emacs distribution.
โช๏ธ Files and directories
๐ธfd - is a simple, fast and user-friendly alternative to find. ๐ธncdu - is an easy to use, fast disk usage analyzer.
โช๏ธ Network
๐ธPuTTY - is an SSH and telnet client, developed originally by Simon Tatham. ๐ธnmap - is a free and open source (license) utility for network discovery and security auditing. ๐ธzmap - is a fast single packet network scanner designed for Internet-wide network surveys. ๐ธmasscan - is the fastest Internet port scanner, spews SYN packets asynchronously. ๐ธpbscan - is a faster and more efficient stateless SYN scanner and banner grabber. ๐ธhping - is a command-line oriented TCP/IP packet assembler/analyzer. ๐ธmtr - is a tool that combines the functionality of the 'traceroute' and 'ping' programs in a single network diagnostic tool. ๐ธmylg - is an open source utility which combines the functions of the different network probes in one diagnostic tool. ๐ธnetcat - is a networking utility which reads and writes data across network connections, using the TCP/IP protocol. ๐ธtcpdump - is a powerful command-line packet analyzer. ๐ธtshark - is a tool that allows us to dump and analyze network traffic (wireshark cli). ๐ธTermshark - is a simple terminal user-interface for tshark. ๐ธngrep - is like GNU grep applied to the network layer. ๐ธsockdump - dump unix domain socket traffic. ๐ธstenographer - is a packet capture solution which aims to quickly spool all packets to disk. ๐ธtcpterm - visualize packets in TUI. ๐ธbmon - is a monitoring and debugging tool to capture networking related statistics and prepare them visually. ๐ธiptraf-ng - is a console-based network monitoring program for Linux that displays information about IP traffic. ๐ธvnstat - is a network traffic monitor for Linux and BSD. ๐ธiPerf3 - is a tool for active measurements of the maximum achievable bandwidth on IP networks. ๐ธethr - is a Network Performance Measurement Tool for TCP, UDP & HTTP. ๐ธEtherate - is a Linux CLI based Ethernet and MPLS traffic testing tool. ๐ธechoip - is a IP address lookup service. ๐ธNemesis - packet manipulation CLI tool; craft and inject packets of several protocols. ๐ธpacketfu - a mid-level packet manipulation library for Ruby. ๐ธScapy - packet manipulation library; forge, send, decode, capture packets of a wide number of protocols. ๐ธimpacket - is a collection of Python classes for working with network protocols. ๐ธssh-audit - is a tool for SSH server auditing. ๐ธaria2 - is a lightweight multi-protocol & multi-source command-line download utility. ๐ธiptables-tracer - observe the path of packets through the iptables chains.
โช๏ธ Network (DNS)
๐ธdnsdiag - is a DNS diagnostics and performance measurement tools. ๐ธfierce - is a DNS reconnaissance tool for locating non-contiguous IP space. ๐ธsubfinder - is a subdomain discovery tool that discovers valid subdomains for websites. ๐ธsublist3r - is a fast subdomains enumeration tool for penetration testers. ๐ธamass - is tool that obtains subdomain names by scraping data sources, crawling web archives and more. ๐ธnamebench - provides personalized DNS server recommendations based on your browsing history. ๐ธmassdns - is a high-performance DNS stub resolver for bulk lookups and reconnaissance. ๐ธknock - is a tool to enumerate subdomains on a target domain through a wordlist. ๐ธdnsperf - DNS performance testing tools. ๐ธdnscrypt-proxy 2 - a flexible DNS proxy, with support for encrypted DNS protocols. ๐ธdnsdbq - API client providing access to passive DNS database systems (pDNS at Farsight Security, CIRCL pDNS). ๐ธgrimd - fast dns proxy, built to black-hole internet advertisements and malware servers.
โช๏ธ Network (HTTP)
๐ธCurl - is a command line tool and library for transferring data with URLs. ๐ธkurly - is an alternative to the widely popular curl program, written in Golang. ๐ธHTTPie - is an user-friendly HTTP client. ๐ธwuzz - is an interactive cli tool for HTTP inspection. ๐ธhtrace.sh - is a simple Swiss Army knife for http/https troubleshooting and profiling. ๐ธhttpstat - is a tool that visualizes curl statistics in a way of beauty and clarity. ๐ธhttplab - is an interactive web server. ๐ธLynx - is a text browser for the World Wide Web. ๐ธHeadlessBrowsers - a list of (almost) all headless web browsers in existence. ๐ธab - is a single-threaded command line tool for measuring the performance of HTTP web servers. ๐ธsiege - is an http load testing and benchmarking utility. ๐ธwrk - is a modern HTTP benchmarking tool capable of generating significant load. ๐ธwrk2 - is a constant throughput, correct latency recording variant of wrk. ๐ธvegeta - is a constant throughput, correct latency recording variant of wrk. ๐ธbombardier - is a fast cross-platform HTTP benchmarking tool written in Go. ๐ธgobench - http/https load testing and benchmarking tool. ๐ธhey - HTTP load generator, ApacheBench (ab) replacement, formerly known as rakyll/boom. ๐ธboom - is a script you can use to quickly smoke-test your web app deployment. ๐ธSlowHTTPTest - is a tool that simulates some Application Layer Denial of Service attacks by prolonging HTTP. ๐ธgobuster - is a free and open source directory/file & DNS busting tool written in Go. ๐ธssllabs-scan - command-line reference-implementation client for SSL Labs APIs. ๐ธhttp-observatory - Mozilla HTTP Observatory cli version.
โช๏ธ SSL
๐ธopenssl - is a robust, commercial-grade, and full-featured toolkit for the TLS and SSL protocols. ๐ธgnutls-cli - client program to set up a TLS connection to some other computer. ๐ธsslyze
- fast and powerful SSL/TLS server scanning library. ๐ธsslscan - tests SSL/TLS enabled services to discover supported cipher suites. ๐ธtestssl.sh - testing TLS/SSL encryption anywhere on any port. ๐ธcipherscan - a very simple way to find out which SSL ciphersuites are supported by a target. ๐ธspiped - is a utility for creating symmetrically encrypted and authenticated pipes between socket addresses. ๐ธCertbot - is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server. ๐ธmkcert - simple zero-config tool to make locally trusted development certificates with any names you'd like. ๐ธcertstrap - tools to bootstrap CAs, certificate requests, and signed certificates. ๐ธSublert - is a security and reconnaissance tool to automatically monitor new subdomains. ๐ธmkchain - open source tool to help you build a valid SSL certificate chain.
โช๏ธ Security
๐ธSELinux - provides a flexible Mandatory Access Control (MAC) system built into the Linux kernel. ๐ธAppArmor - proactively protects the operating system and applications from external or internal threats. ๐ธgrapheneX - Automated System Hardening Framework. ๐ธDevSec Hardening Framework - Security + DevOps: Automatic Server Hardening.
โช๏ธ Auditing Tools
๐ธossec - actively monitoring all aspects of system activity with file integrity monitoring. ๐ธauditd - provides a way to track security-relevant information on your system. ๐ธTiger - is a security tool that can be use both as a security audit and intrusion detection system. ๐ธLynis - battle-tested security tool for systems running Linux, macOS, or Unix-based operating system. ๐ธLinEnum - scripted Local Linux Enumeration & Privilege Escalation Checks. ๐ธRkhunter - scanner tool for Linux systems that scans backdoors, rootkits and local exploits on your systems. ๐ธPE-sieve - is a light-weight tool that helps to detect malware running on the system.
โช๏ธ System Diagnostics/Debuggers
๐ธstrace - diagnostic, debugging and instructional userspace utility for Linux. ๐ธDTrace - is a performance analysis and troubleshooting tool. ๐ธltrace - is a library call tracer, used to trace calls made by programs to library functions. ๐ธptrace-burrito - is a friendly wrapper around ptrace. ๐ธperf-tools - performance analysis tools based on Linux perf_events (aka perf) and ftrace. ๐ธbpftrace - high-level tracing language for Linux eBPF. ๐ธsysdig - system exploration and troubleshooting tool with first class support for containers. ๐ธValgrind - is an instrumentation framework for building dynamic analysis tools. ๐ธgperftools - high-performance multi-threaded malloc() implementation, plus some performance analysis tools. ๐ธglances - cross-platform system monitoring tool written in Python. ๐ธhtop - interactive text-mode process viewer for Unix systems. It aims to be a better 'top'. ๐ธnmon - a single executable for performance monitoring and data analysis. ๐ธatop - ASCII performance monitor. Includes statistics for CPU, memory, disk, swap, network, and processes. ๐ธlsof - displays in its output information about files that are opened by processes. ๐ธFlameGraph - stack trace visualizer. ๐ธlsofgraph - small utility to convert Unix lsof output to a graph showing FIFO and UNIX interprocess communication. ๐ธrr - is a lightweight tool for recording, replaying and debugging execution of applications. ๐ธPerformance Co-Pilot - a system performance analysis toolkit. ๐ธhexyl - a command-line hex viewer.
โช๏ธ Log Analyzers
๐ธangle-grinder - slice and dice log files on the command line. ๐ธlnav - log file navigator with search and automatic refresh. ๐ธGoAccess - real-time web log analyzer and interactive viewer that runs in a terminal. ๐ธngxtop - real-time metrics for nginx server.
โช๏ธ Databases
๐ธusql - universal command-line interface for SQL databases. ๐ธpgcli - postgres CLI with autocompletion and syntax highlighting. ๐ธmycli - terminal client for MySQL with autocompletion and syntax highlighting. ๐ธlitecli - SQLite CLI with autocompletion and syntax highlighting. ๐ธOSQuery - is a SQL powered operating system instrumentation, monitoring, and analytics framework.
โช๏ธ TOR
๐ธNipe - script to make Tor Network your default gateway. ๐ธmultitor - a tool that lets you create multiple TOR instances with a load-balancing.
โช๏ธ Messengers/IRC Clients
๐ธIrssi - is a free open source terminal based IRC client. ๐ธWeeChat - is an extremely extensible and lightweight IRC client.
โช๏ธ Other
๐ธsysadmin-util - tools for Linux/Unix sysadmins. ๐ธincron - is an inode-based filesystem notification technology. ๐ธlsyncd - synchronizes local directories with remote targets (Live Syncing Daemon). ๐ธGRV - is a terminal based interface for viewing Git repositories. ๐ธTig - text-mode interface for Git. ๐ธtldr - simplified and community-driven man pages. ๐ธarchiver - easily create and extract .zip, .tar, .tar.gz, .tar.bz2, .tar.xz, .tar.lz4, .tar.sz, and .rar. ๐ธcommander.js - minimal CLI creator in JavaScript. ๐ธgron - make JSON greppable! ๐ธbed - binary editor written in Go.
๐ธGuake - is a dropdown terminal made for the GNOME desktop environment. ๐ธTerminator - is based on GNOME Terminal, useful features for sysadmins and other users. ๐ธKitty - is a GPU based terminal emulator that supports smooth scrolling and images.
โช๏ธ Network
๐ธWireshark - is the worldโs foremost and widely-used network protocol analyzer. ๐ธEttercap - is a comprehensive network monitor tool. ๐ธEtherApe - is a graphical network monitoring solution. ๐ธPacket Sender - is a networking utility for packet generation and built-in UDP/TCP/SSL client and servers. ๐ธJMeterโข - open source software to load test functional behavior and measure performance. ๐ธlocust - scalable user load testing tool written in Python.
โช๏ธ Browsers
๐ธTOR Browser - protect your privacy and defend yourself against network surveillance and traffic analysis.
โช๏ธ Password Managers
๐ธKeePassXC - store your passwords safely and auto-type them into your everyday websites and apps. ๐ธEnpass - password manager and secure wallet.
โช๏ธ Messengers/IRC Clients
๐ธHexChat - is an IRC client based on XChat. ๐ธPidgin - is an easy to use and free chat client used by millions.
โช๏ธ Messengers (end-to-end encryption)
๐ธSignal - is an encrypted communications app. ๐ธWire - secure messaging, file sharing, voice calls and video conferences. All protected with end-to-end encryption. ๐ธTorChat - decentralized anonymous instant messenger on top of Tor Hidden Services.
โช๏ธ Text editors
๐ธSublime Text - is a lightweight, cross-platform code editor known for its speed, ease of use. ๐ธVisual Studio Code - an open-source and free source code editor developed by Microsoft. ๐ธAtom - a hackable text editor for the 21st Century.
๐ธSSL/TLS Capabilities of Your Browser - test your browser's SSL implementation. ๐ธCan I use - provides up-to-date browser support tables for support of front-end web technologies. ๐ธPanopticlick 3.0 - is your browser safe against tracking? ๐ธPrivacy Analyzer - see what data is exposed from your browser. ๐ธWeb Browser Security - it's all about Web Browser fingerprinting. ๐ธHow's My SSL? - help a web server developer learn what real world TLS clients were capable of. ๐ธsslClientInfo - client test (incl TLSv1.3 information).
โช๏ธ SSL/Security
๐ธSSLLabs Server Test - free online service performs a deep analysis of the configuration of any SSL web server. ๐ธSSLLabs Server Test (DEV) - free online service performs a deep analysis of the configuration of any SSL web server. ๐ธImmuniWebยฎ SSLScan - test SSL/TLS (PCI DSS, HIPAA and NIST). ๐ธSSL Check - scan your website for non-secure content. ๐ธCryptCheck - test your TLS server configuration (e.g. ciphers). ๐ธurlscan.io - service to scan and analyse websites. ๐ธReport URI - monitoring security policies like CSP and HPKP. ๐ธCSP Evaluator - allows developers and security experts to check if a Content Security Policy. ๐ธUseless CSP - public list about CSP in some big players (might make them care a bit more). ๐ธWhy No HTTPS? - list of the world's top 100 websites by Alexa rank not automatically redirecting insecure requests. ๐ธTLS Cipher Suite Search ๐ธcipherli.st - strong ciphers for Apache, Nginx, Lighttpd and more.* ๐ธdhtool - public Diffie-Hellman parameter service/tool. ๐ธbadssl.com - memorable site for testing clients against bad SSL configs. ๐ธtlsfun.de - registered for various tests regarding the TLS/SSL protocol. ๐ธCAA Record Helper - generate a CAA policy. ๐ธCommon CA Database - repository of information about CAs, and their root and intermediate certificates. ๐ธCERTSTREAM - real-time certificate transparency log update stream. ๐ธcrt.sh - discovers certificates by continually monitoring all of the publicly known CT. ๐ธHardenize - deploy the security standards. ๐ธCipher suite compatibility - test TLS cipher suite compatibility. ๐ธurlvoid - this service helps you detect potentially malicious websites. ๐ธsecurity.txt - a proposed standard (generator) which allows websites to define security policies. ๐ธssl-config-generator - help you follow the Mozilla Server Side TLS configuration guidelines.
โช๏ธ HTTP Headers & Web Linters
๐ธSecurity Headers - analyse the HTTP response headers (with rating system to the results). ๐ธObservatory by Mozilla - set of tools to analyze your website. ๐ธwebhint - is a linting tool that will help you with your site's accessibility, speed, security and more.
โช๏ธ DNS
๐ธViewDNS - one source for free DNS related tools and information. ๐ธDNSLookup - is an advanced DNS lookup tool. ๐ธDNSlytics - online DNS investigation tool. ๐ธDNS Spy - monitor, validate and verify your DNS configurations. ๐ธZonemaster - helps you to control how your DNS works. ๐ธLeaf DNS - comprehensive DNS tester. ๐ธFind subdomains online - find subdomains for security assessment penetration test. ๐ธDNSdumpster - dns recon & research, find & lookup dns records. ๐ธDNS Table online - search for DNS records by domain, IP, CIDR, ISP. ๐ธintoDNS - DNS and mail server health checker. ๐ธDNS Bajaj - check the delegation of your domain. ๐ธBuddyDNS Delegation LAB - check, trace and visualize delegation of your domain. ๐ธdnssec-debugger - DS or DNSKEY records validator. ๐ธPTRarchive.com - this site is responsible for the safekeeping of historical reverse DNS records. ๐ธxip.io - wildcard DNS for everyone. ๐ธdnslookup (ceipam) - one of the best DNS propagation checker (and not only). ๐ธWhat's My DNS - DNS propagation checking tool.
โช๏ธ Mail
๐ธsmtp-tls-checker - check an email domain for SMTP TLS support. ๐ธMX Toolbox - all of your MX record, DNS, blacklist and SMTP diagnostics in one integrated tool. ๐ธSecure Email - complete email test tools for email technicians. ๐ธblacklistalert - checks to see if your domain is on a Real Time Spam Blacklist. ๐ธMultiRBL - complete IP check for sending Mailservers. ๐ธDKIM SPF & Spam Assassin Validator - checks mail authentication and scores messages with Spam Assassin.
โช๏ธ Encoders/Decoders and Regex testing
๐ธURL Encode/Decode - tool from above to either encode or decode a string of text. ๐ธUncoder - the online translator for search queries on log data. ๐ธRegex101 - online regex tester and debugger: PHP, PCRE, Python, Golang and JavaScript. ๐ธRegExr - online tool to learn, build, & test Regular Expressions (RegEx / RegExp). ๐ธRegEx Testing - online regex testing tool. ๐ธRegEx Pal - online regex testing tool + other tools. ๐ธThe Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis.
โช๏ธ Net-tools
๐ธNetcraft - detailed report about the site, helping you to make informed choices about their integrity.* ๐ธRIPE NCC Atlas - a global, open, distributed Internet measurement platform. ๐ธRobtex - uses various sources to gather public information about IP numbers, domain names, host names, routes etc. ๐ธSecurity Trails - APIs for Security Companies, Researchers and Teams. ๐ธOnline Curl - curl test, analyze HTTP Response Headers. ๐ธOnline Tools for Developers - HTTP API tools, testers, encoders, converters, formatters, and other tools. ๐ธPing.eu - online Ping, Traceroute, DNS lookup, WHOIS and others. ๐ธNetwork-Tools - network tools for webmasters, IT technicians & geeks. ๐ธRiseup - provides online communication tools for people and groups working on liberatory social change. ๐ธVirusTotal - analyze suspicious files and URLs to detect types of malware.
โช๏ธ Privacy
๐ธprivacytools.io - provides knowledge and tools to protect your privacy against global mass surveillance. ๐ธDNS Privacy Test Servers - DNS privacy recursive servers list (with a 'no logging' policy).
โช๏ธ Code parsers/playgrounds
๐ธShellCheck - finds bugs in your shell scripts. ๐ธexplainshell - get interactive help texts for shell commands. ๐ธjsbin - live pastebin for HTML, CSS & JavaScript and more. ๐ธCodeSandbox - online code editor for web application development. Supports React, Vue, Angular, CxJS, Dojo, etc. ๐ธPHP Sandbox - test your PHP code with this code tester. ๐ธRepl.it - an instant IDE to learn, build, collaborate, and host all in one place.
โช๏ธ Performance
๐ธGTmetrix - analyze your siteโs speed and make it faster. ๐ธSucuri loadtimetester - test here the
performance of any of your sites from across the globe. ๐ธPingdom Tools - analyze your siteโs speed around the world. ๐ธPingMe.io - run website latency tests across multiple geographic regions. ๐ธPageSpeed Insights - analyze your siteโs speed and make it faster. ๐ธweb.dev - helps developers like you learn and apply the web's modern capabilities to your own sites and apps. ๐ธLighthouse - automated auditing, performance metrics, and best practices for the web.
โช๏ธ Mass scanners (search engines)
๐ธCensys - platform that helps information security practitioners discover, monitor, and analyze devices. ๐ธShodan - the world's first search engine for Internet-connected devices. ๐ธShodan 2000 - do you use Shodan for everyday work? This tool looks for randomly generated data from Shodan. ๐ธGreyNoise - mass scanner such as Shodan and Censys. ๐ธZoomEye - search engine for cyberspace that lets the user find specific network components. ๐ธnetograph - tools to monitor and understand deep structure of the web. ๐ธFOFA - is a cyberspace search engine. ๐ธonyphe - is a search engine for open-source and cyber threat intelligence data collected. ๐ธIntelligenceX - is a search engine and data archive. ๐ธbinaryedge - it scan the entire internet space and create real-time threat intelligence streams and reports. ๐ธwigle - is a submission-based catalog of wireless networks. All the networks. Found by Everyone. ๐ธPublicWWW - find any alphanumeric snippet, signature or keyword in the web pages HTML, JS and CSS code. ๐ธIntelTechniques - this repository contains hundreds of online search utilities. ๐ธhunter - lets you find email addresses in seconds and connect with the people that matter for your business. ๐ธGhostProject? - search by full email address or username. ๐ธdatabreaches - was my email affected by data breach? ๐ธWe Leak Info - world's fastest and largest data breach search engine. ๐ธPulsedive - scans of malicious URLs, IPs, and domains, including port scans and web requests. ๐ธscylla - db dumps and more. ๐ธBuckets by Grayhatwarfar - database with public search for Open Amazon S3 Buckets and their contents. ๐ธVigilante.pw - the breached database directory. ๐ธbuiltwith - find out what websites are built with. ๐ธNerdyData - search the web's source code for technologies, across millions of sites. ๐ธMamont's open FTP Index - if a target has an open FTP site with accessible content it will be listed here. ๐ธOSINT Framework - focused on gathering information from free tools or resources. ๐ธmaltiverse - is a service oriented to cybersecurity analysts for the advanced analysis of indicators of compromise. ๐ธLeaked Source - is a collaboration of data found online in the form of a lookup. ๐ธWe Leak Info - to help everyday individuals secure their online life, avoiding getting hacked. ๐ธpipl - is the place to find the person behind the email address, social username or phone number. ๐ธabuse.ch - is operated by a random swiss guy fighting malware for non-profit. ๐ธmalc0de - malware search engine. ๐ธCybercrime Tracker - monitors and tracks various malware families that are used to perpetrate cyber crimes. ๐ธshhgit - find GitHub secrets in real time. ๐ธsearchcode - helping you find real world examples of functions, API's and libraries. ๐ธInsecam - the world biggest directory of online surveillance security cameras. ๐ธindex-of - contains great stuff like: security, hacking, reverse engineering, cryptography, programming etc.
๐ธhave i been pwned? - check if you have an account that has been compromised in a data breach. ๐ธdehashed - is a hacked database search engine. ๐ธLeaked Source - is a collaboration of data found online in the form of a lookup.
โช๏ธ CVE/Exploits databases
๐ธCVE Mitre - list of publicly known cybersecurity vulnerabilities. ๐ธCVE Details - CVE security vulnerability advanced database. ๐ธExploit DB - CVE compliant archive of public exploits and corresponding vulnerable software. ๐ธ0day.today - exploits market provides you the possibility to buy zero-day exploits and also to sell 0day exploits. ๐ธsploitus - the exploit and tools database. ๐ธcxsecurity - free vulnerability database. ๐ธVulncode-DB - is a database for vulnerabilities and their corresponding source code if available. ๐ธcveapi - free API for CVE data.
โช๏ธ Mobile apps scanners
๐ธImmuniWebยฎ Mobile App Scanner - test security and privacy of mobile apps (iOS & Android). ๐ธQuixxi - free Mobile App Vulnerability Scanner for Android & iOS. ๐ธOstorlab - analyzes mobile application to identify vulnerabilities and potential weaknesses.
โช๏ธ Private Search Engines
๐ธStartpage - the world's most private search engine. ๐ธsearX - a privacy-respecting, hackable metasearch engine. ๐ธdarksearch - the 1st real Dark Web search engine. ๐ธQwant - the search engine that respects your privacy.
โช๏ธ Secure Webmail Providers
๐ธCounterMail - is a secure and easy to use online email service, designed to provide maximum security and privacy. ๐ธMail2Tor - is a Tor Hidden Service that allows anyone to send and receive emails anonymously. ๐ธTutanota - is the world's most secure email service and amazingly easy to use. ๐ธProtonmail - is the world's largest secure email service, developed by CERN and MIT scientists. ๐ธStartmail - private & encrypted email made easy.
โช๏ธ Crypto
๐ธKeybase - it's open source and powered by public-key cryptography.
๐ธSlackware - the most "Unix-like" Linux distribution. ๐ธOpenBSD - multi-platform 4.4BSD-based UNIX-like operating system. ๐ธHardenedBSD - HardenedBSD aims to implement innovative exploit mitigation and security solutions. ๐ธKali Linux - Linux distribution used for Penetration Testing, Ethical Hacking and network security assessments. ๐ธParrot Security OS - cyber security GNU/Linux environment. ๐ธBackbox Linux - penetration test and security assessment oriented Ubuntu-based Linux distribution. ๐ธBlackArch - is an Arch Linux-based penetration testing distribution for penetration testers and security researchers. ๐ธPentoo - is a security-focused livecd based on Gentoo. ๐ธSecurity Onion - Linux distro for intrusion detection, enterprise security monitoring, and log management. ๐ธTails - is a live system that aims to preserve your privacy and anonymity.
โช๏ธ HTTP(s) Services
๐ธVarnish Cache - HTTP accelerator designed for content-heavy dynamic web sites. ๐ธNginx - open source web and reverse proxy server that is similar to Apache, but very light weight. ๐ธOpenResty - is a dynamic web platform based on NGINX and LuaJIT. ๐ธTengine - a distribution of Nginx with some advanced features. ๐ธCaddy Server - is an open source, HTTP/2-enabled web server with HTTPS by default. ๐ธHAProxy - the reliable, high performance TCP/HTTP load balancer.
โช๏ธ DNS Services
๐ธUnbound - validating, recursive, and caching DNS resolver (with TLS). ๐ธKnot Resolver - caching full resolver implementation, including both a resolver library and a daemon. ๐ธPowerDNS - is an open source authoritative DNS server, written in C++ and licensed under the GPL.
๐ธEmerald Onion - is a 501(c)(3) nonprofit organization and transit internet service provider (ISP) based in Seattle. ๐ธpi-hole - the Pi-holeยฎ is a DNS sinkhole that protects your devices from unwanted content. ๐ธmaltrail - malicious traffic detection system. ๐ธsecurity_monkey - monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time. ๐ธfirecracker - secure and fast microVMs for serverless computing. ๐ธstreisand - sets up a new server running your choice of WireGuard, OpenSSH, OpenVPN, Shadowsocks, and more.
๐ธCapAnalysis - web visual tool to analyze large amounts of captured network traffic (PCAP analyzer). ๐ธnetbox - IP address management (IPAM) and data center infrastructure management (DCIM) tool.
โช๏ธ Labs
๐ธNRE Labs - learn automation by doing it. Right now, right here, in your browser.
๐ธgvisor - container runtime sandbox. ๐ธctop - top-like interface for container metrics. ๐ธdocker-bench-security - is a script that checks for dozens of common best-practices around deploying Docker.
โช๏ธ Web Tools
๐ธMoby - a collaborative project for the container ecosystem to assemble container-based system. ๐ธTraefik - open source reverse proxy/load balancer provides easier integration with Docker and Let's encrypt. ๐ธkong - The Cloud-Native API Gateway. ๐ธrancher - complete container management platform. ๐ธportainer - making Docker management easy. ๐ธnginx-proxy - automated nginx proxy for Docker containers using docker-gen.
โช๏ธ Manuals/Tutorials/Best Practices
๐ธdocker-cheat-sheet - a quick reference cheat sheet on Docker. ๐ธawesome-docker - a curated list of Docker resources and projects. ๐ธdocker_practice - learn and understand Docker technologies, with real DevOps practice! ๐ธlabs
- is a collection of tutorials for learning how to use Docker with various tools. ๐ธdockerfiles - various Dockerfiles I use on the desktop and on servers. ๐ธkubernetes-the-hard-way - bootstrap Kubernetes the hard way on Google Cloud Platform. No scripts. ๐ธkubernetes-the-easy-way - bootstrap Kubernetes the easy way on Google Cloud Platform. No scripts. ๐ธcheatsheet-kubernetes-A4 - Kubernetes CheatSheets in A4. ๐ธk8s-security - kubernetes security notes and best practices. ๐ธkubernetes-production-best-practices - checklists with best-practices for production-ready Kubernetes. ๐ธkubernetes-production-best-practices - kubernetes security - best practice guide. ๐ธkubernetes-failure-stories - is a compilation of public failure/horror stories related to Kubernetes.
๐ธpure-bash-bible - is a collection of pure bash alternatives to external processes. ๐ธpure-sh-bible - is a collection of pure POSIX sh alternatives to external processes. ๐ธbash-guide - is a guide to learn bash. ๐ธbash-handbook - for those who wanna learn Bash. ๐ธThe Bash Hackers Wiki - hold documentation of any kind about GNU Bash. ๐ธShell & Utilities - describes the commands and utilities offered to application programs by POSIX-conformant systems. ๐ธthe-art-of-command-line - master the command line, in one page. ๐ธShell Style Guide - a shell style guide for Google-originated open-source projects.
๐ธAwesome Python - a curated list of awesome Python frameworks, libraries, software and resources. ๐ธpython-cheatsheet - comprehensive Python cheatsheet. ๐ธpythoncheatsheet.org - basic reference for beginner and advanced developers.
โช๏ธ Sed & Awk & Other
๐ธFโAwk Yeah! - advanced sed and awk usage (Parsing for Pentesters 3).
โช๏ธ *nix & Network
๐ธnixCraft - linux and unix tutorials for new and seasoned sysadmin. ๐ธTecMint - the ideal Linux blog for Sysadmins & Geeks. ๐ธOmnisecu - free Networking, System Administration and Security tutorials. ๐ธlinux-cheat - Linux tutorials and cheatsheets. Minimal examples. Mostly user-land CLI utilities. ๐ธUnix Toolbox - collection of Unix/Linux/BSD commands and tasks which are useful for IT work or for advanced users. ๐ธLinux Guide and Hints - tutorials on system administration in Fedora and CentOS. ๐ธstrace-little-book - a little book which introduces strace. ๐ธhttp2-explained - a detailed document explaining and documenting HTTP/2. ๐ธhttp3-explained - a document describing the HTTP/3 and QUIC protocols. ๐ธHTTP/2 in Action - an excellent introduction to the new HTTP/2 standard. ๐ธLet's code a TCP/IP stack - great stuff to learn network and system programming at a deeper level. ๐ธNginx Admin's Handbook - describes how to improve NGINX performance, security and other important things. ๐ธnginxconfig.io - NGINX config generator on steroids. ๐ธopenssh guideline - is to help operational teams with the configuration of OpenSSH server and client. ๐ธPacketLife.net - a place to record notes while studying for Cisco's CCNP certification.
โช๏ธ Microsoft
๐ธAD-Attack-Defense - attack and defend active directory using modern post exploitation adversary tradecraft activity.
๐ธCIS Benchmarks - are secure configuration settings for over 100 technologies, available as a free PDF download. ๐ธSecurity Harden CentOS 7 - this walks you through the steps required to security harden CentOS. ๐ธCentOS 7 Server Hardening Guide - great guide for hardening CentOS; familiar with OpenSCAP. ๐ธawesome-security-hardening - is a collection of security hardening guides, tools and other resources. ๐ธThe Practical Linux Hardening Guide - provides a high-level overview of hardening GNU/Linux systems.
๐ธOWASP - worldwide not-for-profit charitable organization focused on improving the security of software. ๐ธOWASP ASVS 3.0.1 - OWASP Application Security Verification Standard Project. ๐ธOWASP ASVS 3.0.1 Web App - simple web app that helps developers understand the ASVS requirements. ๐ธOWASP ASVS 4.0 - is a list of application security requirements or tests. ๐ธOWASP Testing Guide v4 - includes a "best practice" penetration testing framework. ๐ธOWASP Dev Guide - this is the development version of the OWASP Developer Guide. ๐ธOWASP API Security Project - focuses specifically on the top ten vulnerabilities in API security. ๐ธMozilla Web Security - help operational teams with creating secure web applications. ๐ธsecurity-bulletins - security bulletins that relate to Netflix Open Source. ๐ธAPI-Security-Checklist - security countermeasures when designing, testing, and releasing your API. ๐ธEnable CORS - enable cross-origin resource sharing. ๐ธApplication Security Wiki - is an initiative to provide all application security related resources at one place. ๐ธWeird Proxies - reverse proxy related attacks; it is a result of analysis of various reverse proxies, cache proxies, etc. ๐ธWebshells - great series about malicious payloads. ๐ธPractical Web Cache Poisoning - show you how to compromise websites by using esoteric web features. ๐ธHidden directories and files - as a source of sensitive information about web application. ๐ธExplosive blog - great blog about cybersec and pentests. ๐ธSecurity Cookies - this paper will take a close look at cookie security. ๐ธAPISecurityBestPractices - help you keep secrets (API keys, db credentials, certificates) out of source code.
๐ธCTF Series : Vulnerable Machines - the steps below could be followed to find vulnerabilities and exploits. ๐ธ50M_CTF_Writeup - $50 million CTF from Hackerone - writeup. ๐ธctf-tasks - an archive of low-level CTF challenges developed over the years. ๐ธHow to start RE/malware analysis? - collection of some hints and useful links for the beginners. ๐ธThe C10K problem - it's time for web servers to handle ten thousand clients simultaneously, don't you think? ๐ธpoor man's profiler - sampling tools like dtrace's don't really provide methods to see what programs are blocking on. ๐ธHTTPS on Stack Overflow - this is the story of a long journey regarding the implementation of SSL. ๐ธJulia's Drawings - some drawings about programming and unix world, zines about systems & debugging tools. ๐ธHash collisions - this great repository is focused on hash collisions exploitation. ๐ธBGP Meets Cat - after 3072 hours of manipulating BGP, Job Snijders has succeeded in drawing a Nyancat. ๐ธbgp-battleships - playing battleships over BGP. ๐ธWhat happens when... - you type google.com into your browser and press enter? ๐ธhow-web-works - based on the 'What happens when...' repository. ๐ธHTTPS in the real world - great tutorial explain how HTTPS works in the real world. ๐ธGitlab and NFS bug - how we spent two weeks hunting an NFS bug in the Linux kernel. ๐ธGitlab melts down - postmortem on the database outage of January 31 2017 with the lessons we learned. ๐ธHow To Become A Hacker - if you want to be a hacker, keep reading. ๐ธOperation Costs in CPU - an infographics which should help to estimate costs of certain operations in CPU clocks. ๐ธLet's Build a Simple Database - writing a sqlite clone from scratch in C. ๐ธsimple-computer - great resource to understand how computers work under the hood. ๐ธThe story of "Have I been pwned?" - working with 154 million records on Azure Table Storage. ๐ธTOP500 Supercomputers - shows the 500 most powerful commercially available computer systems known to us. ๐ธHow to build a 8 GPU password cracker - any "black magic" or hours of frustration like desktop components do. ๐ธCERN Data Centre - 3D visualizations of the CERN computing environments (and more). ๐ธHow fucked is my database - evaluate how fucked your database is with this handy website. ๐ธFive Whys - you know what the problem is, but you cannot solve it? ๐ธhowhttps.works - how HTTPS works ...in a comic! ๐ธhowdns.works - a fun and colorful explanation of how DNS works.
๐ธAwesome Sysadmin - amazingly awesome open source sysadmin resources. ๐ธAwesome Shell - awesome command-line frameworks, toolkits, guides and gizmos. ๐ธCommand-line-text-processing - from finding text to search and replace, from sorting to beautifying text and more. ๐ธAwesome Pcaptools - collection of tools developed by other researchers to process network traces. ๐ธawesome-ebpf - a curated list of awesome projects related to eBPF. ๐ธLinux Network Performance - learn where some of the network sysctl variables fit into the Linux/Kernel network flow. ๐ธAwesome Postgres - list of awesome PostgreSQL software, libraries, tools and resources. ๐ธquick-SQL-cheatsheet - a quick reminder of all SQL queries and examples on how to use them. ๐ธAwesome-Selfhosted - list of Free Software network services and web applications which can be hosted locally. ๐ธList of applications - huge collection of applications sorted by category, as a reference for those looking for packages. ๐ธCS-Interview-Knowledge-Map - build the best interview map. ๐ธDevOps-Guide - DevOps Guide from basic to advanced with Interview Questions and Notes. ๐ธdevops-interview-questions - contains interview questions on various DevOps and SRE related topics.
โช๏ธ Developers
๐ธWeb Developer Roadmap - roadmaps, articles and resources to help you choose your path, learn and improve. ๐ธFront-End-Checklist - the perfect Front-End Checklist for modern websites and meticulous developers. ๐ธFront-End-Performance-Checklist - the only Front-End Performance Checklist that runs faster than the others. ๐ธPython's Magic Methods - what are magic methods? They're everything in object-oriented Python. ๐ธwtfpython - a collection of surprising Python snippets and lesser-known features. ๐ธjs-dev-reads - a list of books and articles for the discerning web developer to read. ๐ธCommit messages guide - a guide to understand the importance of commit messages.
โช๏ธ Security/Pentesting
๐ธAwesome Web Security - a curated list of Web Security materials and resources. ๐ธawesome-cyber-skills - a curated list of hacking environments where you can train your cyber skills. ๐ธawesome-devsecops - an authoritative list of awesome devsecops tools. ๐ธawesome-osint - is a curated list of amazingly awesome OSINT. ๐ธawesome-threat-intelligence - a curated list of Awesome Threat Intelligence resources. ๐ธRed-Teaming-Toolkit - a collection of open source and commercial tools that aid in red team operations. ๐ธawesome-burp-extensions - a curated list of amazingly awesome Burp Extensions. ๐ธFree Security eBooks - list of a Free Security and Hacking eBooks. ๐ธHacking-Security-Ebooks - top 100 Hacking & Security E-Books. ๐ธreverse-engineering - list of awesome reverse engineering resources. ๐ธlinux-re-101 - a collection of resources for linux reverse engineering. ๐ธreverseengineering-reading-list - a list of Reverse Engineering articles, books, and papers. ๐ธAwesome-WAF - a curated list of awesome web-app firewall (WAF) stuff. ๐ธawesome-shodan-queries - interesting, funny, and depressing search queries to plug into shodan.io. ๐ธRobotsDisallowed - a curated list of the most common and most interesting robots.txt disallowed directories. ๐ธHackingNeuralNetworks - is a small course on exploiting and defending neural networks. ๐ธwildcard-certificates - why you probably shouldn't use a wildcard certificate. ๐ธDon't use VPN services - which is what every third-party "VPN provider" does. ๐ธawesome-yara - a curated list of awesome YARA rules, tools, and people. ๐ธmacOS-Security-and-Privacy-Guide - guide to securing and improving privacy on macOS. ๐ธawesome-sec-talks - is a collected list of awesome security talks. ๐ธMovies for Hackers - list of movies every hacker & cyberpunk must watch.
โช๏ธ Other
๐ธCheatography - over 3,000 free cheat sheets, revision aids and quick references. ๐ธawesome-static-analysis - static analysis tools for all programming languages. ๐ธcomputer-science - path to a free self-taught education in Computer Science. ๐ธpost-mortems - is a collection of postmortems (config errors, hardware failures, and more). ๐ธbuild-your-own-x - build your own (insert technology here). ๐ธProject-Based-Tutorials-in-C - is a curated list of project-based tutorials in C. ๐ธThe-Documentation-Compendium - various README templates & tips on writing high-quality documentation. ๐ธawesome-python-applications - free software that works great, and also happens to be open-source Python. ๐ธawesome-public-datasets - a topic-centric list of HQ open datasets.
๐ธBrendan Gregg's Blog - is an industry expert in computing performance and cloud computing. ๐ธGynvael "GynDream" Coldwind - is a IT security engineer at Google. ๐ธMichaล "lcamtuf" Zalewski - white hat hacker, computer security expert. ๐ธMattias Geniar - developer, sysadmin, blogger, podcaster and public speaker. ๐ธNick Craver - software developer and systems administrator for Stack Exchange. ๐ธScott Helme - security researcher, international speaker and founder of securityheaders.com and report-uri.com. ๐ธBrian Krebs - The Washington Post and now an Independent investigative journalist. ๐ธBruce Schneier - is an internationally renowned security technologist, called a "security guru". ๐ธChrissy Morgan - advocate of practical learning, Chrissy also takes part in bug bounty programs. ๐ธAndy Gill - is a hacker at heart who works as a senior penetration tester. ๐ธDaniel Miessler - cybersecurity expert and writer. ๐ธSamy Kamkar - is an American privacy and security researcher, computer hacker. ๐ธJavvad Malik - is a security advocate at AlienVault, a blogger event speaker and industry commentator. ๐ธGraham Cluley - public speaker and independent computer security analyst. ๐ธKacper Szurek - detection engineer at ESET. ๐ธTroy Hunt - web security expert known for public education and outreach on security topics. ๐ธraymii.org - sysadmin specializing in building high availability cloud environments. ๐ธRobert Penz - IT security expert.
โช๏ธ Geeky Blogs
๐ธLinux Audit - the Linux security blog about auditing, hardening and compliance by Michael Boelen. ๐ธ
Linux Security Expert - trainings, howtos, checklists, security tools and more. ๐ธThe Grymoire - collection of useful incantations for wizards, be you computer wizards, magicians, or whatever. ๐ธSecjuice - is the only non-profit, independent and volunteer led publication in the information security space. ๐ธDecipher - security news that informs and inspires.
โช๏ธ Geeky Vendor Blogs
๐ธTenable Podcast - conversations and interviews related to Cyber Exposure, and more. ๐ธSophos - threat news room, giving you news, opinion, advice and research on computer security issues. ๐ธTripwire State of Security - blog featuring the latest news, trends and insights on current information security issues. ๐ธMalwarebytes Labs Blog - security blog aims to provide insider news about cybersecurity. ๐ธTrustedSec - latest news, and trends about cybersecurity. ๐ธPortSwigger Web Security Blog - about web app security vulns and top tips from our team of web security. ๐ธAT&T Cybersecurity blog - news on emerging threats and practical advice to simplify threat detection. ๐ธThycotic - where CISOs and IT Admins come to learn about industry trends, IT security, data breaches, and more.
โช๏ธ Geeky Cybersecurity Podcasts
๐ธRisky Business - is a weekly information security podcast featuring news and in-depth interviews. ๐ธCyber, by Motherboard - stories, and focus on the ideas about cybersecurity. ๐ธTenable Podcast - conversations and interviews related to Cyber Exposure, and more. ๐ธ
Cybercrime Investigations - podcast by Geoff White about cybercrimes. ๐ธThe many hats club - featuring stories from a wide range of Infosec people (Whitehat, Greyhat and Blackhat). ๐ธDarknet Diaries - true stories from the dark side of the Internet. ๐ธOSINTCurious Webcasts - is the investigative curiosity that helps people be successful in OSINT. ๐ธSecurity Weekly - the latest information security and hacking news.
โช๏ธ Geeky Cybersecurity Video Blogs
๐ธrev3rse security - offensive, binary exploitation, web application security, vulnerability, hardening, red team, blue team. ๐ธLiveOverflow - a lot more advanced topics than what is typically offered in paid online courses - but for free. ๐ธJ4vv4D - the important information regarding our internet security. ๐ธ
CyberTalks - talks, interviews, and article about cybersecurity.
โช๏ธ Best Personal Twitter Accounts
๐ธ@blackroomsec - a white-hat hacker/pentester. Intergalactic Minesweeper Champion 1990. ๐ธ@MarcoCiappelli - Co-Founder @ITSPmagazine, at the intersection of IT security and society. ๐ธ@binitamshah - Linux Evangelist. Malwares. Kernel Dev. Security Enthusiast. ๐ธ@joe_carson - an InfoSec Professional and Tech Geek. ๐ธ@mikko - CRO at F-Secure, Reverse Engineer, TED Speaker, Supervillain. ๐ธ@esrtweet - often referred to as ESR, is an American software developer, and open-source software advocate. ๐ธ@gynvael - security researcher/programmer, @DragonSectorCTF founder/player, technical streamer. ๐ธ@x0rz - Security Researcher & Cyber Observer. ๐ธ@hasherezade - programmer, malware analyst. Author of PEbear, PEsieve, libPeConv. ๐ธ@TinkerSec - tinkerer, cypherpunk, hacker. ๐ธ@alisaesage - independent hacker and researcher. ๐ธ@SwiftOnSecurity - systems security, industrial safety, sysadmin, author of decentsecurity.com. ๐ธ@dakami - chief scientist at White Ops, is one of just seven people with the authority to restore the DNS root keys. ๐ธ@samykamkar - is a famous "grey hat" hacker, security researcher, creator of the MySpace "Samy" worm. ๐ธ@securityweekly - founder & CTO of Security Weekly podcast network. ๐ธ@jack_daniel - @SecurityBSides co-founder. ๐ธ@thegrugq - Security Researcher. ๐ธ@matthew_d_green - a cryptographer and professor at Johns Hopkins University.
โช๏ธ Best Commercial Twitter Accounts
๐ธ@haveibeenpwned - check if you have an account that has been compromised in a data breach. ๐ธ@bugcrowd - trusted by more of the Fortune 500 than any other crowdsourced security platform. ๐ธ@Malwarebytes - most trusted security company. Unmatched threat visibility. ๐ธ@sansforensics - the world's leading Digital Forensics and Incident Response provider. ๐ธ@attcyber - AT&T Cybersecurityโs Edge-to-Edge technologies provide threat intelligence, and more. ๐ธ@TheManyHatsClub - an information security focused podcast and group of individuals from all walks of life. ๐ธ@hedgehogsec - Hedgehog Cyber. Gibraltar and Manchester's top boutique information security firm. ๐ธ@NCSC - the National Cyber Security Centre. Helping to make the UK the safest place to live and work online. ๐ธ@Synacktiv - IT security experts.
โช๏ธ A piece of history
๐ธHow to Do Things at ARL - how to configure modems, scan images, record CD-ROMs, and other useful techniques.*
๐ธSandcat Browser - a penetration-oriented browser with plenty of advanced functionality already built in. ๐ธMetasploit - tool and framework for pentesting system, web and many more, contains a lot a ready to use exploit. ๐ธBurp Suite - tool for testing web application security, intercepting proxy to replay, inject, scan and fuzz HTTP requests. ๐ธOWASP Zed Attack Proxy - intercepting proxy to replay, inject, scan and fuzz HTTP requests. ๐ธw3af - is a Web Application Attack and Audit Framework. ๐ธmitmproxy - an interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers. ๐ธNikto2 - web server scanner which performs comprehensive tests against web servers for multiple items. ๐ธsqlmap - tool that automates the process of detecting and exploiting SQL injection flaws. ๐ธRecon-ng - is a full-featured Web Reconnaissance framework written in Python. ๐ธAutoRecon - is a network reconnaissance tool which performs automated enumeration of services. ๐ธFaraday - an Integrated Multiuser Pentest Environment. ๐ธPhoton - incredibly fast crawler designed for OSINT. ๐ธXSStrike - most advanced XSS detection suite. ๐ธSn1per - automated pentest framework for offensive security experts. ๐ธvuls - is an agent-less vulnerability scanner for Linux, FreeBSD, and other. ๐ธaquatone - a tool for domain flyovers. ๐ธBillCipher - information gathering tool for a website or IP address. ๐ธWhatWaf - detect and bypass web application firewalls and protection systems. ๐ธCorsy - CORS misconfiguration scanner. ๐ธRaccoon - is a high performance offensive security tool for reconnaissance and vulnerability scanning. ๐ธdirhunt - find web directories without bruteforce. ๐ธJohn The Ripper - is a fast password cracker, currently available for many flavors of Unix, Windows, and other. ๐ธhashcat - world's fastest and most advanced password recovery utility. ๐ธp0f - is a tool to identify the players behind any incidental TCP/IP communications. ๐ธssh_scan - a prototype SSH configuration and policy scanner. ๐ธLeakLooker - find open databases - powered by Binaryedge.io ๐ธexploitdb - searchable archive from The Exploit Database. ๐ธgetsploit - is a command line utility for searching and downloading exploits. ๐ธctf-tools - some setup scripts for security research tools. ๐ธpwntools - CTF framework and exploit development library. ๐ธsecurity-tools - collection of small security tools created mostly in Python. CTFs, pentests and so on. ๐ธpentestpackage - is a package of Pentest scripts. ๐ธpython-pentest-tools - python tools for penetration testers. ๐ธfuzzdb - dictionary of attack patterns and primitives for black-box application fault injection and resource discovery. ๐ธsyzkaller - is an unsupervised, coverage-guided kernel fuzzer. ๐ธpwndbg - exploit development and reverse engineering with GDB made easy. ๐ธGDB PEDA - Python Exploit Development Assistance for GDB. ๐ธIDA - multi-processor disassembler and debugger useful for reverse engineering malware. ๐ธradare2 - framework for reverse-engineering and analyzing binaries. ๐ธroutersploit - exploitation framework for embedded devices. ๐ธGhidra - is a software reverse engineering (SRE) framework. ๐ธVulnreport - open-source pentesting management and automation platform by Salesforce Product Security. ๐ธMentalist - is a graphical tool for custom wordlist generation. ๐ธarcherysec - vulnerability assessment and management helps to perform scans and manage vulnerabilities. ๐ธOsmedeus - fully automated offensive security tool for reconnaissance and vulnerability scanning. ๐ธbeef - the browser exploitation framework project. ๐ธAutoSploit - automated mass exploiter. ๐ธSUDO_KILLER - is a tool to identify and exploit sudo rules' misconfigurations and vulnerabilities. ๐ธyara - the pattern matching swiss knife. ๐ธmimikatz - a little tool to play with Windows security.
โช๏ธ Pentests bookmarks collection
๐ธPTES - the penetration testing execution standard. ๐ธPentests MindMap - amazing mind map with vulnerable apps and systems. ๐ธWebApps Security Tests MindMap - incredible mind map for WebApps security tests. ๐ธBrute XSS - master the art of Cross Site Scripting. ๐ธXSS cheat sheet - contains many vectors that can help you bypass WAFs and filters. ๐ธOffensive Security Bookmarks - security bookmarks collection, all that things I need to pass OSCP. ๐ธAwesome Pentest Cheat Sheets - collection of the cheat sheets useful for pentesting. ๐ธAwesome Hacking by HackWithGithub - awesome lists for hackers, pentesters and security researchers. ๐ธAwesome Hacking by carpedm20 - a curated list of awesome hacking tutorials, tools and resources. ๐ธAwesome Hacking Resources - collection of hacking/penetration testing resources to make you better. ๐ธAwesome Pentest - collection of awesome penetration testing resources, tools and other shiny things. ๐ธAwesome-Hacking-Tools - is a curated list of awesome Hacking Tools. ๐ธHacking Cheat Sheet - author hacking and pentesting notes. ๐ธblackhat-arsenal-tools - official Black Hat arsenal security tools repository. ๐ธPenetration Testing and WebApp Cheat Sheets - the complete list of Infosec related cheat sheets. ๐ธCyber Security Resources - includes thousands of cybersecurity-related references and resources. ๐ธPentest Bookmarks - there are a LOT of pentesting blogs. ๐ธCheatsheet-God - Penetration Testing Reference Bank - OSCP/PTP & PTX Cheatsheet. ๐ธThreatHunter-Playbook - to aid the development of techniques and hypothesis for hunting campaigns. ๐ธPayloadsAllTheThings - a list of useful payloads and bypass for Web Application Security and Pentest/CTF. ๐ธpayloads - git all the Payloads! A collection of web attack payloads. ๐ธcommand-injection-payload-list - command injection payload list. ๐ธAwesomeXSS - is a collection of Awesome XSS resources. ๐ธphp-webshells - common php webshells. ๐ธPentesting Tools Cheat Sheet - a quick reference high level overview for typical penetration testing engagements. ๐ธOWASP Cheat Sheet Series - is a collection of high value information on specific application security topics. ๐ธOWASP dependency-check - is an open source solution the OWASP Top 10 2013 entry. ๐ธOWASP ProActive Controls - OWASP Top 10 Proactive Controls 2018. ๐ธPENTESTING-BIBLE - hacking & penetration testing & red team & cyber security & computer science resources. ๐ธpentest-wiki - is a free online security knowledge library for pentesters/researchers. ๐ธDEF CON Media Server - great stuff from DEFCON. ๐ธAwesome Malware Analysis - a curated list of awesome malware analysis tools and resources. ๐ธSQL Injection Cheat Sheet - detailed technical information about the many different variants of the SQL Injection. ๐ธEntersoft Knowledge Base - great and detailed reference about vulnerabilities. ๐ธHTML5 Security Cheatsheet - a collection of HTML5 related XSS attack vectors. ๐ธXSS String Encoder - for generating XSS code to check your input validation filters against XSS. ๐ธGTFOBins - list of Unix binaries that can be exploited by an attacker to bypass local security restrictions. ๐ธGuifre Ruiz Notes - collection of security, system, network and pentest cheatsheets. ๐ธSSRF Tips - a collection of SSRF Tips. ๐ธshell-storm repo CTF - great archive of CTFs. ๐ธctf - CTF (Capture The Flag) writeups, code snippets, notes, scripts. ๐ธMy-CTF-Web-Challenges - collection of CTF Web challenges. ๐ธMSTG - The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security testing. ๐ธInternal-Pentest-Playbook - notes on the most common things for an Internal Network Penetration Test. ๐ธKeyHacks - shows quick ways in which API keys leaked by a bug bounty program can be checked. ๐ธsecuritum/research - various Proof of Concepts of security research performed by Securitum. ๐ธpublic-pentesting-reports - is a list of public penetration test reports released by several consulting security groups. ๐ธhackso.me - a great journey into security.
โช๏ธ Backdoors/exploits
๐ธPHP-backdoors - a collection of PHP backdoors. For educational or testing purposes only.
โช๏ธ Wordlists and Weak passwords
๐ธWeakpass - for any kind of bruteforce find wordlists or unleash the power of them all at once! ๐ธHashes.org - is a free online hash resolving service incorporating many unparalleled techniques. ๐ธSecLists - collection of multiple types of lists used during security assessments, collected in one place. ๐ธProbable-Wordlists - sorted by probability originally created for password generation and testing. ๐ธskullsecurity passwords - password dictionaries and leaked passwords repository. ๐ธPolish PREMIUM Dictionary - official dictionary created by the team on the forum bezpieka.org.*1 ๐ธstatistically-likely-usernames - wordlists for creating statistically likely username lists for use in password attacks.
โช๏ธ Bounty platforms
๐ธYesWeHack - bug bounty platform with infosec jobs. ๐ธOpenbugbounty - allows any security researcher reporting a vulnerability on any website. ๐ธhackerone - global hacker community to surface the most relevant security issues. ๐ธbugcrowd - crowdsourced cybersecurity for the enterprise. ๐ธCrowdshield - crowdsourced security & bug bounty management. ๐ธSynack - crowdsourced security & bug bounty programs, crowd security intelligence platform and more. ๐ธHacktrophy - bug bounty platform.
โช๏ธ Web Training Apps (local installation)
๐ธOWASP-VWAD - comprehensive and well maintained registry of all known vulnerable web applications. ๐ธDVWA - PHP/MySQL web application that is damn vulnerable. ๐ธmetasploitable2 - vulnerable web application amongst security researchers. ๐ธmetasploitable3 - is a VM that is built from the ground up with a large amount of security vulnerabilities. ๐ธDSVW - is a deliberately vulnerable web application written in under 100 lines of code. ๐ธOWASP Mutillidae II - free, open source, deliberately vulnerable web-application. ๐ธOWASP Juice Shop Project - the most bug-free vulnerable application in existence. ๐ธOWASP Node js Goat Project - OWASP Top 10 security risks apply to web applications developed using Node.js. ๐ธjuicy-ctf - run Capture the Flags and Security Trainings with OWASP Juice Shop. ๐ธSecurityShepherd - web and mobile application security training platform. ๐ธSecurity Ninjas - open source application security training program. ๐ธhackazon - a modern vulnerable web app. ๐ธdvna - damn vulnerable NodeJS application. ๐ธdjango-DefectDojo - is an open-source application vulnerability correlation and security orchestration tool. ๐ธGoogle Gruyere - web application exploits and defenses. ๐ธBodhi - is a playground focused on learning the exploitation of client-side web vulnerabilities. ๐ธWebsploit - single vm lab with the purpose of combining several vulnerable appliations in one environment. ๐ธvulhub - pre-built Vulnerable Environments based on docker-compose. ๐ธCloudGoat 2 - the new & improved "Vulnerable by Design"
AWS deployment tool. ๐ธsecDevLabs - is a laboratory for learning secure web development in a practical manner. ๐ธCORS-vulnerable-Lab - sample vulnerable code and its exploit code. ๐ธRootTheBox - a Game of Hackers (CTF Scoreboard & Game Manager).
๐ธOffensive Security - true performance-based penetration testing training for over a decade. ๐ธHack The Box - online platform allowing you to test your penetration testing skills. ๐ธHacking-Lab - online ethical hacking, computer network and security challenge platform. ๐ธpwnable.kr - non-commercial wargame site which provides various pwn challenges regarding system exploitation. ๐ธPwnable.tw - is a wargame site for hackers to test and expand their binary exploiting skills. ๐ธpicoCTF - is a free computer security game targeted at middle and high school students. ๐ธCTFlearn - is an online platform built to help ethical hackers learn and practice their cybersecurity knowledge and skills. ๐ธctftime - CTF archive and a place, where you can get some another CTF-related info. ๐ธSilesia Security Lab - high quality security testing services. ๐ธPractical Pentest Labs - pentest lab, take your Hacking skills to the next level. ๐ธRoot Me - the fast, easy, and affordable way to train your hacking skills. ๐ธrozwal.to - a great platform to train your pentesting skills. ๐ธTryHackMe - learning Cyber Security made easy. ๐ธhackxor - is a realistic web application hacking game, designed to help players of all abilities develop their skills. ๐ธHack Yourself First - it's full of nasty app sec holes. ๐ธOverTheWire - can help you to learn and practice security concepts in the form of fun-filled games. ๐ธWizard Labs - is an online Penetration Testing Lab. ๐ธPentesterLab - provides vulnerable systems that can be used to test and understand vulnerabilities. ๐ธRingZer0 - tons of challenges designed to test and improve your hacking skills. ๐ธtry2hack - several security-oriented challenges for your entertainment. ๐ธUbeeri - preconfigured lab environments. ๐ธPentestit - emulate IT infrastructures of real companies for legal pen testing and improving penetration testing skills. ๐ธMicrocorruption - reversal challenges done in the web interface. ๐ธCrackmes - download crackmes to help improve your reverse engineering skills. ๐ธDomGoat - DOM XSS security learning and practicing platform. ๐ธStereotyped Challenges - upgrade your web hacking techniques today! ๐ธVulnhub - allows anyone to gain practical 'hands-on' experience in digital security. ๐ธW3Challs - is a penetration testing training platform, which offers various computer challenges. ๐ธRingZer0 CTF - offers you tons of challenges designed to test and improve your hacking skills. ๐ธHack.me - a platform where you can build, host and share vulnerable web apps for educational and research purposes. ๐ธHackThis! - discover how hacks, dumps and defacements are performed and secure your website against hackers. ๐ธEnigma Group WebApp Training - these challenges cover the exploits listed in the OWASP Top 10 Project. ๐ธReverse Engineering Challenges - challenges, exercises, problems and tasks - by level, by type, and more. ๐ธ0x00sec - the home of the Hacker - Malware, Reverse Engineering, and Computer Science. ๐ธWe Chall - there are exist a lots of different challenge types. ๐ธHacker Gateway - is the go-to place for hackers who want to test their skills. ๐ธHacker101 - is a free class for web security. ๐ธcontained.af - a stupid game for learning about containers, capabilities, and syscalls. ๐ธflAWS challenge! - a series of levels you'll learn about common mistakes and gotchas when using AWS. ๐ธCyberSec WTF - provides web hacking challenges derived from bounty write-ups. ๐ธCTF Challenge - CTF Web App challenges. ๐ธgCTF - most of the challenges used in the Google CTF 2017. ๐ธHack This Site - is a free, safe and legal training ground for hackers. ๐ธAttack & Defense - is a browser-based cloud labs.
โช๏ธ CTF platforms
๐ธfbctf - platform to host Capture the Flag competitions. ๐ธctfscoreboard - scoreboard for Capture The Flag competitions.
โช๏ธ Other resources
๐ธBugcrowd University - open source education content for the researcher community. ๐ธOSCPRepo - a list of resources and scripts that I have been gathering in preparation for the OSCP. ๐ธOWASP Top 10: Real-World Examples - test your web apps with real-world examples (two-part series). ๐ธphrack.org - an awesome collection of articles from several respected hackers and other thinkers.
๐ธThe Hacker News - leading news source dedicated to promoting awareness for security experts and hackers. ๐ธLatest Hacking News - provides the latest hacking news, exploits and vulnerabilities for ethical hackers. ๐ธSecurity Newsletter - security news as a weekly digest (email notifications). ๐ธGoogle Online Security Blog - the latest news and insights from Google on security and safety on the Internet. ๐ธQualys Blog - expert network security guidance and news. ๐ธDARKReading - connecting the Information Security Community. ๐ธDarknet - latest hacking tools, hacker news, cybersecurity best practices, ethical hacking & pen-testing. ๐ธpubliclyDisclosed - public disclosure watcher who keeps you up to date about the recently disclosed bugs. ๐ธReddit - Hacking - a subreddit dedicated to hacking and hackers. ๐ธPacket Storm - information security services, news, files, tools, exploits, advisories and whitepapers. ๐ธSekurak - about security, penetration tests, vulnerabilities and many others (PL/EN). ๐ธnf.sec - basic aspects and mechanisms of Linux operating system security (PL).
โช๏ธ Other/All-in-one
๐ธChangelog - is a community of hackers; news & podcasts for developers and hackers.
๐ธUnbound DNS Tutorial - a validating, recursive, and caching DNS server. ๐ธKnot Resolver on Fedora - how to get faster and more secure DNS resolution with Knot Resolver on Fedora. ๐ธDNS-over-HTTPS - tutorial to setup your own DNS-over-HTTPS (DoH) server. ๐ธdns-over-https - a cartoon intro to DNS over HTTPS. ๐ธDNS-over-TLS - following to your DoH server, setup your DNS-over-TLS (DoT) server. ๐ธDNS Servers - how (and why) i run my own DNS Servers.
Where private.key is the existing private key. As you can see you do not generate this CSR from your certificate (public key). Also you do not generate the "same" CSR, just a new one to request a new certificate.
# Supported escape sequences:
~. - terminate connection (and any multiplexed sessions)
~B - send a BREAK to the remote system
~C - open a command line
~R - Request rekey (SSH protocol 2 only)
~^Z - suspend ssh
~# - list forwarded connections
~& - background ssh (when waiting for connections to terminate)
~? - this message
~~ - send the escape character by typing it twice
function_ssh_sesslog() {
_sesdir="<path/to/session/logs>"
mkdir -p "${_sesdir}"&& \
ssh $@2>&1| tee -a "${_sesdir}/$(date +%Y%m%d).log"
}
# Alias:alias ssh='_ssh_sesslog'
Using Keychain for SSH logins
### Delete all of ssh-agent's keys.function_scl() {
/usr/bin/keychain --clear
}
### Add key to keychain.function_scg() {
/usr/bin/keychain /path/to/private-key
source"$HOME/.keychain/$HOSTNAME-sh"
}
SSH login without processing any login scripts
ssh -tt user@host bash
SSH local port forwarding
Example 1:
# Forwarding our local 2250 port to nmap.org:443 from localhost through localhost
host1> ssh -L 2250:nmap.org:443 localhost
# Connect to the service:
host1> curl -Iks --location -X GET https://localhost:2250
Example 2:
# Forwarding our local 9051 port to db.d.x:5432 from localhost through node.d.y
host1> ssh -nNT -L 9051:db.d.x:5432 node.d.y
# Connect to the service:
host1> psql -U db_user -d db_dev -p 9051 -h localhost
-n - redirects stdin from /dev/null
-N - do not execute a remote command
-T - disable pseudo-terminal allocation
SSH remote port forwarding
# Forwarding our local 9051 port to db.d.x:5432 from host2 through node.d.y
host1> ssh -nNT -R 9051:db.d.x:5432 node.d.y
# Connect to the service:
host2> psql -U postgres -d postgres -p 8000 -h localhost
