#Security list for fun and profit
My initial idea came from this list : http://www.nothink.org/utilities.php
I wanted to update it with my sources, I will probably continue to update and reorganize it in the future.
- Awesome lists
- Cheat sheets
- Penetration testing
- Exploits and vulnerabilities
- CTF
- Exercises
- Vulnerable environments
- Security challenges
- Bug bounty
- Port scanners
- Search engines
- Wide Scans
- Honeypots
- Malware / Botnet sources
- Malware analysis - Sandbox
- Online malware analysis - Sandbox
- Decoder/Packer/Unpacker
- Free shell
- Domain reputation
- Mail utilities
- Passwords list
- Generic utilities
- Defaced websites / Data leak
- Forensic - Network
- IP List
- VPN List
- Web browser test
- Fingerprint
- SSL
- Tor resources
##Awesome lists π
| Name | URL |
|---|---|
| Malware analysis | https://github.com/rshipp/awesome-malware-analysis/ |
| Incident response | https://github.com/meirwah/awesome-incident-response/ |
| Honeypots | https://github.com/paralax/awesome-honeypots |
| PCAP | https://github.com/caesar0301/awesome-pcaptools |
| Network | https://github.com/Security-Onion-Solutions/security-onion/wiki/Tools |
| GNU/Linux workstation | https://github.com/lfit/itpol/blob/master/linux-workstation-security.md |
| GNU/Linux post exploitation | https://github.com/mubix/post-exploitation/wiki/Linux-Post-Exploitation-Command-List |
| GNU/Linux containers | https://github.com/Friz-zy/awesome-linux-containers#security |
| Android | https://github.com/ashishb/android-security-awesome |
| Web | https://github.com/infoslack/awesome-web-hacking |
| Security list | https://github.com/sbilly/awesome-security |
| Lists of lists of lists | https://github.com/t3chnoboy/awesome-awesome-awesome |
| Other lists of lists of lists | https://github.com/geekan/awesome-awesome-awesome |
##Cheat sheets π
| Name | URL |
|---|---|
| Owasp cheat sheet series | https://www.owasp.org/index.php/OWASP_Cheat_Sheet_Series |
| Web application cheat sheet | https://www.owasp.org/index.php/Web_Application_Security_Testing_Cheat_Sheet |
| Pentest monkey | http://pentestmonkey.net |
| Packet life | http://packetlife.net/library/cheat-sheets/ |
| Reverse | http://r00ted.com/cheat%20sheet%20reverse%20v5.png |
| SANS Penetration Testing | http://pen-testing.sans.org |
| SANS Forensic | https://digital-forensics.sans.org/community/cheat-sheets |
| SQL injection | http://websec.ca/kb/sql_injection |
| Zeltser's cheat sheets list | https://zeltser.com/cheat-sheets/ |
##Penetration testing π§
| Name | URL |
|---|---|
| Owasp Check list | https://www.owasp.org/index.php/Testing_Checklist |
| Owasp testing guide | https://www.owasp.org/images/5/52/OWASP_Testing_Guide_v4.pdf |
| Owasp tools | https://www.owasp.org/index.php/Category:OWASP_Tool |
| Services enumeration | http://www.0daysecurity.com/penetration-testing/enumeration.html - Thx rawger |
| Informaion gathering | http://www.w4rri0r.com/softwares-freeware-shareware-open-source/information-gathering.html |
| Footprinting | http://www.0daysecurity.com/penetration-testing/network-footprinting.html |
| Web | http://www.w4rri0r.com/softwares-freeware-shareware-open-source/web-application-analysis.html |
| Vulnerability | http://www.w4rri0r.com/softwares-freeware-shareware-open-source/vulnerability-assessment.html |
| More tools | https://github.com/enaqx/awesome-pentest |
##Exploits and vulnerabilities πͺ
| Name | URL |
|---|---|
| CVEdetails | http://www.cvedetails.com/ |
| CVE.mitre | https://cve.mitre.org/ |
| Full disclosure | http://seclists.org/fulldisclosure/ |
| CXSecurity | https://cxsecurity.com/ |
| Exploit-db | http://www.exploit-db.com |
| Vulnerability-lab | http://www.vulnerability-lab.com/ |
| Inj3ct0r | http://0day.today/ |
| Rapid7 DB | https://www.rapid7.com/db/modules/ |
| Intelligent Exploit | http://www.intelligentexploit.com |
| Exploits download | http://www.exploitsdownload.com |
| NIST | http://web.nvd.nist.gov/ |
| Security focus | http://www.securityfocus.com/vulnerabilities |
##CTF π©
| Name | URL |
|---|---|
| CTFTIME | https://ctftime.org/ |
| Write-ups | https://github.com/ctfs |
| https://www.reddit.com/r/securityctf |
##Exercises π
| Name | URL |
|---|---|
| Reverse - Malware | http://fumalwareanalysis.blogspot.se/p/malware-analysis-tutorials-reverse.html |
| Network - Malware | http://www.malware-traffic-analysis.net/training-exercises.html |
| Network - Forensic | https://www.honeynet.org/node/504 |
| Exploits | https://exploit-exercises.com/ |
| Exploits | https://thesprawl.org/research/ |
##Vulnerable environments π
| Name | URL |
|---|---|
| Owasp list | https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project/Pages/Offline |
| Owasp BWA | https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project |
| DVWA | http://www.dvwa.co.uk/ |
| WebGoat | http://code.google.com/p/webgoat |
| Metasploitable | http://information.rapid7.com |
| VulnHub | http://vulnhub.com/ |
| LampSecurity | http://sourceforge.net/projects/lampsecurity/ |
| Dragon | https://www.dragonresearchgroup.org/challenges/ |
| Hackademic-RTB1 | http://www.aldeid.com/wiki/Hackademic-RTB1 |
| Igoat | http://code.google.com/p/owasp-igoat/ |
| Moth | http://www.bonsai-sec.com |
| Peruggia | http://sourceforge.net/projects/peruggia/ |
| XSS play ground | http://xssplayground.net23.net/ |
##Security challenges π©
| Name | URL |
|---|---|
| Zenk-Security | https://www.zenk-security.com/ |
| Root-Me | http://www.root-me.org/ |
| Newbiecontest | https://www.newbiecontest.org/ |
| OWASP VWAD list | https://github.com/OWASP/OWASP-VWAD/blob/master/src/online.tsv |
| WeChall | https://www.wechall.net/ |
| Vulnhub | https://www.vulnhub.com/ |
| Hackthissite | http://www.hackthissite.org/ |
| Hack.me | https://hack.me |
| HackThis! | http://www.hackthis.co.uk/ |
| Backdoor.Sdslabs | https://backdoor.sdslabs.co/ |
| Bright-shadows | http://www.bright-shadows.net/ |
| SmashTheStack | http://smashthestack.org/ |
| Overthewire | http://overthewire.org/wargames/ |
| Ringzer0team | https://ringzer0team.com/challenges |
| Forensic contest | http://forensicscontest.com/puzzles |
| More challenges | http://captf.com/practice-ctf/ |
##Bug bounty π«
| Name | URL |
|---|---|
| BugCrowd.com | https://bugcrowd.com/programs |
| HackerOne | https://hackerone.com |
| BountyFactory | https://bountyfactory.io |
| Firebounty | https://firebounty.com |
| Bugsheet | http://www.bugsheet.com/ |
| BountySource | https://www.bountysource.com/ |
| NewsLetter about bug bounty | http://bugbountyweekly.com |
| More bug bounty | https://bugcrowd.com/list-of-bug-bounty-programs# |
##Port scanners π―
| Name | URL |
|---|---|
| Masscan | https://github.com/robertdavidgraham/masscan |
| Nmap | https://nmap.org/7/ |
| Zmap | https://zmap.io/ |
| Nscan | https://github.com/OffensivePython/Nscan |
| Scanrand | https://www.sans.org/security-resources/idfaq/scanrand.php |
| PFRing | https://github.com/ntop/PF_RING - High-speed packet processing framework |
##Search engines π‘
| Name | URL |
|---|---|
| ZoomEye | https://zoomeye.org/ |
| Shodan | https://www.shodan.io/ |
| Censys | https://censys.io/ |
##Wide Scans π
| Name | URL |
|---|---|
| Scans.io | https://scans.io/ |
| Rapid7 Sonar Labs | https://sonar.labs.rapid7.com/ |
| Similar projects | https://github.com/rapid7/sonar/wiki/Similar-Projects |
| Defcon conference | https://defcon.org/ |
| Blackhat conference | https://www.blackhat.com/ |
##Honeypots π―
| Name | URL |
|---|---|
| Awesome list - All of them ! | https://github.com/paralax/awesome-honeypots#honeypots |
| Live nothink | http://www.nothink.org/honeypots.php |
| Live sshpot | http://sshpot.com/ |
##Malware / Botnet sources πΌ
##Malware analysis - Sandbox π·
| Name | URL |
|---|---|
| Zeltser's list | https://zeltser.com/automated-malware-analysis/ |
| Cuckoo Sandbox | https://www.cuckoosandbox.org/ |
| Mastiff | https://github.com/KoreLogicSecurity/mastiff |
| Quarkslab IRMA | http://irma.quarkslab.com/ |
| Viper | https://github.com/viper-framework/viper |
| REMnux | http://zeltser.com/remnux/ |
| Fastir | https://github.com/SekoiaLab/Fastir_Collector |
| Zeltser analysis | http://zeltser.com/reverse-malware/automated-malware-analysis.html |
| Dorothy2 | https://github.com/m4rco-/dorothy2 |
| F-Secure see | https://github.com/F-Secure/see |
| Noriben | https://github.com/Rurik/Noriben |
| Norman | http://enterprise.norman.com/analysis |
| Malheur | https://github.com/rieck/malheur |
| Drakvuf | https://github.com/tklengyel/drakvuf |
| Zero Wine Tryouts | http://zerowine-tryout.sourceforge.net/ |
| CWSandbox | http://www.cwsandbox.org |
| RFI sandbox | https://monkey.org/~jose/software/rfi-sandbox/ |
| Malwasm | https://github.com/malwarelu/malwasm |
| Androidsandbox | http://androidsandbox.net/ (temporarily out of service) |
##Online malware analysis - Sandbox π·
##Decoder/Packer/Unpacker 
| Name | URL |
|---|---|
| URL | http://meyerweb.com/eric/tools/dencoder/ |
| HEXdecoder | http://ddecode.com/hexdecoder/ |
| JSDetox | http://www.relentless-coding.com/projects/jsdetox/ |
| JSNice | http://www.jsnice.org/ |
| JSUnpack | https://github.com/urule99/jsunpack-n |
| JSBeautifier | http://jsbeautifier.org/ |
| JavaScript Compressor | http://dean.edwards.name/packer/ |
| Jjencode | http://utf-8.jp/public/jjencode.html |
| JSFuck | http://www.jsfuck.com/ |
| Jsobfuscate | http://www.jsobfuscate.com/ |
| Netteleuthe | http://www.netteleuthe.de/gc/ |
| PHPdecoder | http://ddecode.com/phpdecoder/ |
| PHP encoding | http://yehg.net/encoding/ |
##Free shell π
| Name | URL |
|---|---|
| FreeShells list | http://www.freeshells.info/ |
| Devio.us OpenBSD | http://devio.us/ |
| Red-pill | http://shells.red-pill.eu/ |
##Domain reputation π
| Name | URL |
|---|---|
| Domain Analysis | https://github.com/rshipp/awesome-malware-analysis/#domain-analysis |
| Zeltser's list | https://zeltser.com/lookup-malicious-websites/ |
| Alien Vault | http://www.alienvault.com |
| Isithacked | http://www.isithacked.com |
| Sucuri | http://sitecheck.sucuri.net/scanner/ |
| Trustedsource | http://www.trustedsource.org/ |
| urlQuery | http://urlquery.net/search.php |
| URLVoid | http://www.urlvoid.com/ |
| Haveibeenpwned | http://haveibeenpwned.com/ |
| IPVoid | http://www.ipvoid.com/ |
##Mail utilities π¬
| Name | URL |
|---|---|
| 10 Minute Mail | http://10minutemail.com |
| Spam DB | http://www.dnsbl.info/dnsbl-database-check.php |
| Mxtoolbox | http://www.mxtoolbox.com/ |
| Open relay | http://www.mailradar.com |
| Openresolver JP | http://www.openresolver.jp/en/ |
| DKIM validator | http://dkimvalidator.com/ |
##Passwords list π
| Name | URL |
|---|---|
| Skull security list | https://wiki.skullsecurity.org/Passwords |
| SecLists | https://github.com/danielmiessler/SecLists/tree/master/Passwords |
| Other list | http://www.openwall.com/passwords/wordlists/ |
##Generic utilities π
Will be reorganized
##Defaced websites / Data leak π
| Name | URL |
|---|---|
| URL Find | http://urlfind.org/ |
| XSSposed | https://www.xssposed.org/ |
| Leakedin | http://www.leakedin.com/ |
##Forensic - Network π
| Name | URL |
|---|---|
| Forensic tools | http://forensicswiki.org/wiki/Tools |
| Windows tools list | http://forensic-proof.com/tools |
| More forensic links | http://www.amanhardikar.com/mindmaps/ForensicChallenges.html |
| Wireshark extentions | https://www.honeynet.org/project/WiresharkExtensions |
| GNU/Linux monitoring | https://blog.serverdensity.com/80-linux-monitoring-tools-know/ |
| Anti forensic Windows | https://www.reddit.com/r/security/ |
| Testing Images | http://dftt.sourceforge.net/ |
##IP List
| Name | URL |
|---|---|
| BGP Toolkit | http://bgp.he.net/ |
| Check-host | http://check-host.net/ |
| Nirsoft country IP | http://www.nirsoft.net/countryip/ |
| Wikiscan | http://fr.wikiscan.org/plage-ip |
| Malicious IP | https://zeltser.com/malicious-ip-blocklists/ |
##VPN List
| Name | URL |
|---|---|
| Comparaison | https://docs.google.com/spreadsheets/d/1FJTvWT5RHFSYuEoFVpAeQjuQPU4BVzbOigT0xebxTOw/ |
##Web browser test
| Name | URL |
|---|---|
| Location test | https://www.dnsleaktest.com/ |
| Location test | https://ipleak.net/ |
| Fingerprint | https://amiunique.org/ |
| Fingerprint | https://panopticlick.eff.org/ |
| SSL | https://www.ssllabs.com/ssltest/viewMyClient.html |
| User agent | http://whatsmyuseragent.com/ |
| Referer | https://www.whatismyreferer.com/ |
| Flash | http://isflashinstalled.com/ |
##Fingerprint
| Name | URL |
|---|---|
| Robtex | https://www.robtex.com/dns/ |
| Netcraft | http://www.netcraft.com/ |
| TCP utils | http://www.tcpiputils.com/ |
| DNS stuff | http://www.dnsstuff.com/ |
| Into dns | http://www.intodns.com/ |
| Web archive | https://web.archive.org/web/*/ |
| Web cookies | http://webcookies.org/cookies/ |
##SSL
| Name | URL |
|---|---|
| Qualys SSL Labs | https://www.ssllabs.com/ssltest/ |
| Htbridge | https://www.htbridge.com/ssl/ |
| SSLAnalyzer Comodoca | https://sslanalyzer.comodoca.com/ |
| Freak | https://freakattack.com/ |
| Heartbleed | http://heartbleed.com/,https://filippo.io/Heartbleed/ |
| Logjam | https://weakdh.org/sysadmin.html |
| Poodle | https://poodle.io/,https://www.poodlescan.com/ |
##Tor resources
| Name | URL |
|---|---|
| Tor Project | https://www.torproject.org/ |
| Know exit nodes | https://check.torproject.org/exit-addresses |
| Tor status | https://torstatus.blutmagie.de/ |
| Torsocks | https://gitweb.torproject.org/torsocks.git |
| Tor Hidden Services ".onion" search | http://www.ahmia.fi |
| Onion Mail | http://onionmail.info/ |
| Tails | https://blog.torproject.org/blogs/tails |