Following is a list the tabs I've accumulated over the past many months. Tons of great cyber resources here that I'll be adding to and orgnizing regularly.
-
ComodoSecurity / OpenEDR - Free open source EDR tool from Comodo Security
-
Active Countermeasures - Lots of great cyber tools and resources
- ACM webpage - check out the resources here - trainings, webcasts, tools, more!
- AC-Hunter - AC-Hunter™ is a solution that Threat Hunts your network to identify which of your systems have been compromised.
-
- WWHF Training Schedule - Check out the PWYC Courses!
- [The CredDefense Toolkit](The CredDefense Toolkit) - Detect and prevent credential abuse attacks
- RITA (Real Intelligence Threat Analytics) - RITA is an open source framework for network traffic analysis.
- ustayready - divergent thinker/breaker and researcher of stuff
- CredSniper - Easily launch a new phishing site fully presented with SSL and capture credentials along with 2FA tokens using CredSniper. The API provides secure access to the currently captured credentials which can be consumed by other applications using a randomly generated API token.
- CredKing - Easily launch a password spray using AWS Lambda across multiple regions, rotating IP addresses with each request.
-
KingOfBugbounty - Our main goal is to share tips from some well-known bughunters,We wish to influence Onelinetips and explain the commands, 4 the better understanding of hunter's
- KingOfBugBountyTips - Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wish to influence Onelinetips and explain the commands, for the better understanding of new hunters.. 👑
-
sandmap -
sandmapis a tool supporting network and system reconnaissance using the massive Nmap engine. It provides a user-friendly interface, automates and speeds up scanning and allows you to easily use many advanced scanning techniques. -
ReconDog - Reconnaissance Swiss Army Knife
-
VulnX - Vulnx 🕷️ is An Intelligent Bot Auto Shell Injector that detects vulnerabilities in multiple types of Cms, fast cms detection, informations gathering and vulnerability scanning of the target, like subdomains, IP addresses, country, time zone, region, and more.
-
OWASP Foundation - The Open Web Application Security Project® (OWASP) is a nonprofit foundation that works to improve the security of software. Through community-led open-source software projects, hundreds of local chapters worldwide, tens of thousands of members, and leading educational and training conferences, the OWASP Foundation is the source for developers and technologists to secure the web.
- AMASS - The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.
- OWASP Amass OSINT Reconnaissance - quick Medium article guide
- How to Use OWASP Amass: An Extensive Tutorial - extensive guide
- UPGRADE YOUR WORKFLOW, PART 1: BUILDING OSINT CHECKLISTS - good ideas for OSINT/OPSEC checklist
- OWASP Honeypot - OWASP Honeypot is an open-source software in Python language which designed for creating honeypot and honeynet in an easy and secure way!
- OWASP Nettacker - OWASP Nettacker project is created to automate information gathering, vulnerability scanning and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and other information.
- AMASS - The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.
-
subjack - Subjack is a Subdomain Takeover tool written in Go designed to scan a list of subdomains concurrently and identify ones that are able to be hijacked.
-
Infoga - Email OSINT - Infoga is a tool to gather email account information (ip, hostname, country, etc.) from different public sources (search engines, pgp key servers, and shodan) and check if emails were leaked using haveibeenpwned.com API. A really simple tool, but very effective for the early stages of a penetration test or just to know the visibility of your company on the Internet.
-
Anubis - Anubis is a subdomain enumeration and information gathering tool. Anubis collates data from a variety of sources, including HackerTarget, DNSDumpster, x509 certs, VirusTotal, Google, Pkey, and NetCraft. Anubis also has a sister project, AnubisDB, which serves as a centralized repository of subdomains.
-
Hak9 - https://www.youtube.com/c/Hak9xx
- Hak9Tools - Install on Kali, Cyborg, Parrot,... Linux.
- fbi - FBI is an accurate facebook account information gathering, all sensitive information can be easily gathered even though the target converts all of its privacy to (only me), Sensitive information about residence, date of birth, occupation, phone number and email address.
- Hak9Tools - Install on Kali, Cyborg, Parrot,... Linux.
-
SANS DeepBlueCLI - DeepBlueCLI - a PowerShell Module for Threat Hunting via Windows Event Logs
-
Sigma - Generic Signature Format for SIEM Systems
-
Security Onion 2 - Security Onion 2 - Linux distro for threat hunting, enterprise security monitoring, and log management
-
OSSEC (HIDS) - OSSEC is a full platform to monitor and control your systems. It mixes together all the aspects of HIDS (host-based intrusion detection), log monitoring and SIM/SIEM together in a simple, powerful and open source solution.
-
Wazuh - Wazuh is a free and open source platform used for threat prevention, detection, and response. Intrusion detection, Log data analysis, File integrity monitoring, Vulnerability detection, Configuration assessment, Incident response, Regulatory compliance, Cloud security, Containers security. Wazuh solution consists of an endpoint security agent, deployed to the monitored systems, and a management server, which collects and analyzes data gathered by the agents. Besides, Wazuh has been fully integrated with the Elastic Stack, providing a search engine and data visualization tool that allows users to navigate through their security alerts.
-
Velociraptor - Velociraptor is a unique, advanced open-source endpoint monitoring, digital forensic and cyber response platform.
- Velociraptor Training Class - Enterprise Hunting and Incident Response
- Original event page
-
Ninjutsu OS - Windows hacking distro
-
- https://www.thehacker.recipes/ - Technical guides on hacking topics: Active Directory services, Servers, Web services, Intelligence gathering, Physical intrusion, Social engineering, Phishing, Mobile apps, etc.
- openvpn-install - This script will let you setup your own VPN server in no more than a minute, even if you haven't used OpenVPN before. It has been designed to be as unobtrusive and universal as possible.
- Exegol - Exegol is a community-driven hacking environment, powerful and yet simple enough to be used by anyone in day to day engagements. Exegol is a fully configured docker with many useful additional tools, resources (scripts and binaries for privesc, credential theft etc.) and some configuration (oh-my-zsh, history, aliases, colorized output for some tools). It can be used in pentest engagements, bugbounty, CTF, HackTheBox, OSCP lab & exam and so on. Exegol's original fate was to be a ready-to-hack docker in case of emergencies during engagements.
-
Optiv Security - Optiv Security is a security solutions integrator that enables clients to reduce risk by taking a strategic approach to cybersecurity.
- ScareCrow - ScareCrow is a payload creation framework for side loading (not injecting) into a legitimate Windows process (bypassing Application Whitelisting controls).
- Talon - A password guessing tool that targets the Kerberos and LDAP services within the Windows Active Directory environment. Talon is a tool designed to perform automated password guessing attacks while remaining undetected.
- InsecureShop - An Android application that is designed to be intentionally vulnerable.
-
QeeqBox - Security Projects for Red, Blue and Purple Teams
- social-analyzer - Social Analyzer - API, CLI & Web App for analyzing & finding a person's profile across +800 social media \ websites. It includes different string analysis and detection modules, you can choose which combination of modules to use during the investigation process.
- Chameleon - 19 Customizable honeypots for monitoring network traffic, bots activities and username\password credentials (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, RDP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres, MySQL, MSSQL, Elastic and ldap)
- mitre-visualizer - 🧬 Mitre Interactive Network Graph (APTs, Malware, Tools, Techniques & Tactics)
- url-sandbox - Scalable URL Sandbox for analyzing URLs and Domains from phishing attacks
- woodpecker - Custom security distro for remote penetration testing
- rhino - Agile Sandbox for analyzing malware and execution behaviors. Customizable, Expandable and can be quickly altered during the analysis iteration. Inspired by the Rhinoceros and Agile methodology.
-
Kerberoast Toolkit - Kerberoast is a series of tools for attacking MS Kerberos implementations. Below is a brief overview of what each tool does.
-
juliocesarfort - Director of Professional Services at @blazeinfosec.
- Public Penetration Testing Reports - Curated list of public penetration test reports released by several consulting firms and academic security groups.
- natsec-cyberops-papers - List of whitepapers and documents on cyber operations and intelligence/national security matters.
-
Wojciech - https://www.offensiveosint.io/
- Kamerka-GUI - Hack the planet with ꓘamerka GUI — Ultimate Internet of Things/Industrial Control Systems reconnaissance tool.
- PEPE - Post Exploitation Pastebin Emails - Collect information about leaked email addresses from Pastebin
- OSINT - Small scripts for OSINT.
- Bad-Ads - Monitor advertisements on Bedpage. Human Trafficking OSINT tool.
-
Paulino Calderon - Network security specialist | Open Source contributor | @nmap NSE developer | OWASP IoT Goat Project Leader | Chapter leader of @owasp_riviera
- nmap-nse-scripts - Repository for NSE (Nmap Scripting Engine) development. You will find my scripts (including non-official ones), libraries, resources and other related material from my workshops.
- external-nse-script-library - External NSE script library (Collection of unofficial scripts) - Feel free to submit your NSE scripts!