Cyber-Sec-Resources-Tools

Cyber Sec: Resources & Tools

Intrusion Detection Tools

• Snort https://www.snort.org
• Suricata https://suricata-ids.org
• AlienVault® OSSIM™ (https://cybersecurity.att.com)
• SolarWinds Security Event Manager (https://www.solarwinds.com)
• OSSEC (https://www.ossec.net)
• Zeek (https://zeek.org)
• Sagan Log Analysis Engine (https://quadrantsec.com)

Honeypot Tools

• HoneyBOT https://www.atomicsoftwaresolutions.com
• KFSensor (http://www.keyfocus.net)
• MongoDB-HoneyProxy (https://github.com)
• Modern Honey Network (https://github.com)
• ESPot (https://github.com)
• HoneyPy (https://github.com)

Proxy Server:

• Squid Proxy http://www.squid-cache.org
• Whonix (https://www.whonix.org)
• Psiphon (https://psiphon.ca)
• FoxyProxy (https://getfoxyproxy.org)
• GeoSurf (https://www.geosurf.com)
• JonDo (https://anonymous-proxy-servers.net)
• Proxify (https://proxify.com)
• Guardster (http://www.guardster.com)
• Global Proxy Network (https://infatica.io)
• Anonym8 (https://github.com)
• ProxySite (https://www.proxysite.com)
• ProxyCap (https://www.proxycap.com)
• CCProxy (https://www.youngzsoft.net)
• Fiddler (https://www.telerik.com)
• BlackArch Proxy (https://blackarch.org)
• Artica Proxy (https://artica-proxy.com)

SIEM Solutions:

• Splunk Enterprise https://www.splunk.com
• ArcSight ESM (https://www.microfocus.com)
• IBM Qradar SIEM (https://www.ibm.com)
• AlienVault OSSIM (https://cybersecurity.att.com)
• FortiSIEM (https://www.fortinet.com)
• SolarWinds Security Event Manager (SEM) (https://www.solarwinds.com)

Digital Evidence

• Federal Rules of Evidence (United States) https://www.rulesofevidence.org
• Scientific Working Group on Digital Evidence (SWGDE) https://www.swgde.org
• The Association of Chief Police Officers (ACPO) Principles of Digital Evidence https://www.college.police.uk

UBA Tools (User Behavior Analytics)

• Exabeam Advanced Analytics (https://www.exabeam.com)
• LogRhythm UEBA (https://logrhythm.com)
• Dtex Systems (https://dtexsystems.com)
• Gurucul Risk Analytics (GRA) (https://gurucul.com)
• Securonix UEBA (https://www.securonix.com)

Anti-Trojan Software

• Kaspersky Internet Security https://www.kaspersky.com
• McAfee® LiveSafe™ (https://www.mcafee.com)
• Bitdefender Total Security (https://bitdefender.com)
• HitmanPro (https://www.hitmanpro.com)
• Malwarebytes (https://www.malwarebytes.org)
• Zemana Antimalware (https://www.zemana.com)

Antivirus Software

• Bitdefender Antivirus Plus https://www.bitdefender.com
• ClamWin (http://www.clamwin.com)
• Kaspersky Anti-Virus (https://www.kaspersky.com)
• McAfee Total Protection (https://www.mcafee.com)
• Avast Premier Antivirus (https://www.avast.com)
• ESET Internet Security (https://www.eset.com)

Common Virtualization Vendors

• VMware ESXi https:/www.vmware.com
• Citrix Hypervisor https://www.citrix.com
• Virtual Iron https://www.oracle.com
• Microsoft Hyper-V Server https://www.microsoft.com
• VirtualBox https://www.virtualbox.org

Docker Security Tools

• Docker Bench for Security https://github.com
• Twistlock (https://github.com)
• Aqua (https://www.aquasec.com)
• Anchore (https://anchore.com)
• NeuVector (https://neuvector.com)
• CloudPassage Halo (https://www.cloudpassage.com)

Cloud Service Providers

• Amazon Web Service (AWS) https://aws.amazon.com
• Microsoft Azure https://azure.microsoft.com
• Google Cloud Platform (GCP) https://cloud.google.com
• IBM Cloud https://www.ibm.com

Cloud Security Tools

• Qualys Cloud Platform https://www.qualys.com
• CloudPassage Halo (https://www.cloudpassage.com)
• McAfee MVISION Cloud (https://www.mcafee.com)
• CipherCloud (https://www.ciphercloud.com)
• Netskope Security Cloud (https://www.netskope.com)
• Prisma Cloud (https://www.paloaltonetworks.com)

Cloud Attack Tools

• Nimbostratus https://andresriancho.github.io
• S3Scanner https://github.com
• Cloud Container Attack Tool (CCAT) https://github.com
• Pacu https://github.com
• DumpsterDiver https://github.com
• GCPBucketBrute https://rhinosecuritylabs.com

Container Management Platforms

• Docker https://www.docker.com
• Amazon Elastic Container Service (ECS) (https://aws.amazon.com)
• Microsoft Azure Container Instances (ACI) (https://azure.microsoft.com)
• Red Hat OpenShift Container Platform (https://www.openshift.com)
• Portainer (https://www.portainer.io)
• HPE Ezmeral Container Platform (https://www.hpe.com)

Kubernetes Platforms

• Kubernetes https://kubernetes.io
• Amazon Elastic Kubernetes Service (EKS) (https://aws.amazon.com)
• Docker Kubernetes Service (DKS) (https://www.docker.com)
• Knative (https://cloud.google.com)
• IBM Cloud Kubernetes Service (https://www.ibm.com)
• Google Kubernetes Engine (GKE) (https://cloud.google.com)

Wireless Security Tools

• Cisco Adaptive Wireless IPS https://www.cisco.com
• AirMagnet WiFi Analyzer PRO (https://www.netally.com)
• RFProtect (https://www.arubanetworks.com)
• Fern Wifi Cracker (https://github.com)
• OSWA-Assistant (http://securitystartshere.org)
• BoopSuite (https://github.com)

Mobile Security Management Solutions

Mobile Device Management Solutions

• Miradore https://www.miradore.com
• AirWatch (https://www.vmware.com)
• Microsoft Intune (https://www.microsoft.com)
• IBM MaaS360 (https://www.ibm.com)
• XenMobile (https://www.citrix.com)
• Absolute Manage MDM (http://www.absolute.com)

Examples of Mobile Application Management (MAM)

• Microsoft Intune https://www.microsoft.com
• AppStation's MAM (https://www.mobileiron.com)
• Scalefusion Application Management (https://scalefusion.com)
• ManageEngine Mobile Device Manager Plus (https://www.manageengine.com)
• Apriorit Enterprise Mobile Device and Application Management (https://www.apriorit.com)
• Appaloosa (https://www.appaloosa.io)

Mobile Content Management Solutions

• Vaultize (https://www.vaultize.com)
• MobileIron (https://www.mobileiron.com)
• AppTec360° (https://www.apptec360.com)

Mobile Threat Defense Solutions

• MobileIron Threat Defense (MTD) (https://www.mobileiron.com)
• Pradeo Security Mobile Threat Defense (https://www.pradeo.com)
• Zimperium Mobile Threat Defense (MTD) (https://www.zimperium.com)
• Wandera Mobile Threat Defense (https://www.wandera.com)
• Lookout MTD (https://www.lookout.com)

Mobile Email Management Solutions

• 42Gears MEM (https://www.42gears.com)
• Hexnode Mobile Email Management (https://www.hexnode.com)
• Mimecast Mobile Email Management (https://www.mimecast.com)

Enterprise Mobility Management Solutions

• ManageEngine Mobile Device Manager Plus (https://www.manageengine.com)
• 42Gears Enterprise Mobility Management (EMM) (https://www.42gears.com)
• Scalefusion EMM (https://scalefusion.com)
• IBM Security MaaS360® (https://www.ibm.com)
• Zebra Enterprise Mobility Management (EMM) Tool Kit (https://www.zebra.com)

Unified Endpoint Management Solutions

• Mobileiron UEM (https://www.mobileiron.com)
• Ivanti Unified Endpoint Manager (https://www.ivanti.com)
• Workspace ONE UEM (https://www.vmware.com)
• ManageEngine Desktop Central (https://www.manageengine.com)
• 42Gears UEM (https://www.42gears.com)

Mobile Security Tools

• Malwarebytes Security https://play.google.com
• Lookout Personal (https://www.lookout.com)
• Zimperium’s zIPS (https://www.zimperium.com)
• BullGuard Mobile Security (https://www.bullguard.com)
• Norton Security for iOS (https://us.norton.com)
• Comodo Mobile Security (https://m.comodo.com)

Android Hacking Tools

• zANTI https://www.zimperium.com An Android app that allows you to perform attacks, such as spoof MAC address, creating a malicious Wi-Fi hotspot, and hijack session
• Network Spoofer (https://www.digitalsquid.co.uk)
• Low Orbit Ion Cannon (LOIC) (https://droidinformer.org)
• DroidSheep (https://droidsheep.info)
• Orbot Proxy (https://guardianproject.info)
• PhoneSploit (https://github.com)

Android Security Tools

• Kaspersky Internet Security for Android https://my.kaspersky.com
• Avira Antivirus Security (https://www.avira.com)
• Avast Mobile Security (https://www.avast.com)
• McAfee Mobile Security (https://www.mcafeemobilesecurity.com)
• Lookout Mobile Security and Antivirus (https://www.lookout.com)
• Sophos Mobile Security (https://www.sophos.com)

iOS Hacking Tools

• Elcomsoft Phone Breaker https://www.elcomsoft.com
• Fing - Network Scanner (https://apps.apple.com)
• Network Analyzer Master (https://apps.apple.com)
• Spyic (https://spyic.com)
• iWepPRO (https://apps.apple.com)
• Frida (https://www.frida.re)

iOS Device Security Tools

• Avira Mobile Security Source: https://www.avira.com
• Norton Mobile Security (https://us.norton.com)
• LastPass Password Manager (https://www.lastpass.com)
• Lookout Mobile Security (https://www.lookout.com)
• SplashID Safe Password Manager (https://www.splashid.com)
• Webroot Mobile Security (https://www.webroot.com)

IoT Attack Tools

• Firmalyzer https://firmalyzer.com
• RIoT Vulnerability Scanner https://www.beyondtrust.com
• Foren6 https://cetic.github.io
• IoT Inspector https://www.iot-inspector.com
• RFCrack https://github.com
• HackRF One https://greatscottgadgets.com

IoT Device Management Solutions

• Azure IoT Central https://azure.microsoft.com
• Oracle IoT Asset Monitoring Cloud (https://www.oracle.com)
• Predix (https://www.ge.com)
• Cloud IoT Core (https://cloud.google.com)
• IBM Watson IoT Platform (https://www.ibm.com)
• AT&T IoT Connectivity Management (https://www.business.att.com)

IoT Security Tools

• Bevywise IoT Simulator https://www.bevywise.com
• SeaCat.io (https://teskalabs.com)
• DigiCert IoT Security Solutions (https://www.digicert.com)
• FortiNAC (https://www.fortinet.com)
• Darktrace (https://www.darktrace.com)
• Cisco IoT Threat Defense (https://www.cisco.com)
• Symantec Critical System Protection (https://www.symantec.com)

OT Attack Tools

• ICS Exploitation Framework (ISF) https://github.com
• SCADA Shutdown Tool https://github.com
• GRASSMARLIN https://github.com
• Metasploit https://www.metasploit.com
• modbus-cli https://github.com
• PLCinject https://github.com

OT Security Tools

• Flowmon https://www.flowmon.com Flowmon empowers manufacturers and utility companies to ensure the reliability of their industrial networks to avoid downtime and disruption of service continuity
• tenable.ot https://www.tenable.com
• Forescout https://www.forescout.com
• PA-220R https://www.paloaltonetworks.com
• Fortinet ICS/SCADA solution https://www.fortinet.com
• Nozomi Networks Guardian https://www.nozominetworks.com

MD5 and MD6 Hash Calculators

• MD5 Calculator https://www.bullzip.com
• HashMyFiles https://www.nirsoft.net
• MD6 Hash Generator (https://www.browserling.com)
• All Hash Generator (https://www.browserling.com)
• MD6 Hash Generator (https://convert-tool.com)
• md5 hash generator (https://onlinehashtools.com)
• HashCalc (https://www.slavasoft.com)
• FastSum https://www.fastsum.com
• WinMD5 https://www.winmd5.com

Hash Calculators for Mobile

• Hash Tools https://play.google.com
• Hash Droid https://play.google.com
• Hash Checker (https://play.google.com)
• Hashr Hash & Checksum Calculator (https://play.google.com)
• Hash Calc (https://play.google.com)
• Hash Generator Checksum Calculator (https://play.google.com)
• Hash Smart Checker (https://play.google.com)

Cryptography Tools

• BCTextEncoder https://www.jetico.com
• AxCrypt (https://axcrypt.net)
• Microsoft Cryptography Tools (https://docs.microsoft.com)
• Concealer (https://www.belightsoft.com)
• CryptoForge (https://www.cryptoforge.com)
• Cyphertop (https://cyphertop.com)

Certification Authorities

• Comodo https://www.comodoca.com
• IdenTrust https://www.identrust.com
• DigiCert CertCentral https://www.digicert.com
• GoDaddy https://www.godaddy.com

Disk Encryption Tools

• VeraCrypt https://www.veracrypt.fr
• BitLocker Drive Encryption (https://docs.microsoft.com)
• FinalCrypt (https://www.finalcrypt.org)
• Seqrite Encryption Manager (https://www.seqrite.com)
• FileVault (https://support.apple.com)
• Gilisoft Full Disk Encryption (http://www.gilisoft.com)

File Encryption Tools

• Advanced Encryption Package http://www.aeppro.com
• AxCrypt (https://www.axcrypt.net)
• idoo File Encryption (https://www.idooencryption.com)
• Cryptomator (https://cryptomator.org)
• Encrypto (https://macpaw.com)
• AES Crypt (https://www.aescrypt.com)

Removable Media Encryption Tools

• GiliSoft USB Encryption http://www.gilisoft.com
• idoo USB Encryption (https://www.idooencryption.com)
• Kakasoft USB Security (https://www.kakasoft.com)
• Rohos Mini Drive (https://www.rohos.com)
• McAfee File & Removable Media Protection (https://www.mcafee.com)
• MFG’s Removable Media Encryption (https://www.managedencryption.co.uk)

Steganography Detection Tools

• OpenStego https://www.openstego.com
• StegSpy http://www.spy-hunter.com

Anti-forensics Tools

• Steganography Studio (http://stegstudio.sourceforge.net)
• CryptaPix (https://www.briggsoft.com)
• GiliSoft File Lock Pro (http://gilisoft.com)
• wbStego (https://wbstego.wbailer.com)
• Data Stash (https://www.skyjuicesoftware.com)
• OmniHide PRO (https://omnihide.com)
• Masker (http://softpuls.weebly.com)
• DeepSound (http://jpinsoft.net)
• DBAN (https://dban.org)
• east-tec InvisibleSecrets (https://www.east-tec.com)

Collecting Open Files: Using NetworkOpenedFiles

• NetworkOpenedFiles https://www.nirsoft.net

Process Memory

• Process Dumper https://github.com

Network Status

• PromiscDetect tool https://vidstromlabs.com

Examining .edb File Using ESEDatabaseView

• ESEDatabaseView https://www.nirsoft.net

Detecting Externally Connected Devices to the System

• DriveLetterView https://www.nirsoft.net

Memory Forensics: Malware Analysis

• Redline https://www.fireeye.com

Cache, Cookie, and History Recorded in Web Browsers

Cache, Cookie, and History Analysis: Google Chrome

• ChromeCacheView https://www.nirsoft.net
• ChromeCookiesView https://www.nirsoft.net
• ChromeHistoryView https://www.nirsoft.net
• MZCacheView (https://www.nirsoft.net)
• MZCookiesView (https://www.nirsoft.net)
• MZHistoryView (https://www.nirsoft.net)

Cache, Cookie, and History Analysis: Microsoft Edge

• IECacheView (https://www.nirsoft.net)
• EdgeCookiesView (https://www.nirsoft.net)
• BrowsingHistoryView (https://www.nirsoft.net)

Metadata Analysis Tool:

• Metashield Analyzer https://www.elevenpaths.com

Memory Dumps

• Volatility Framework https://volatilityfoundation.org/
• PhotoRec Tool https://www.cgsecurity.org

Mac Forensics Tools

• OS X Auditor (https://github.com)
• Recon Imager (https://sumuri.com)
• Memoryze for the Mac (https://www.fireeye.com)
• Stellar Data Recovery Professional for Mac (https://www.stellarinfo.com)
• F-Response (https://www.f-response.com)
• volafox (https://github.com)
• Volatility (https://www.volatilityfoundation.org)
• mac_apt macOS (and iOS) Artifact Parsing Tool (https://github.com)

Thunderbird Local Email Files

• SysTools Mailpro+ https://www.systoolsgroup.com

Email Headers: Checking Email Authenticity

• Email Dossier https://centralops.net
• Email Address Verifier https://tools.verifyemailaddress.io
• Email Checker https://email-checker.net
• G-Lock Software Email Verifier https://www.glocksoft.com

Recovering Deleted Email Messages

• Paraben's Electronic Evidence Examiner https://paraben.com

Malware Analysis

• Malware Analysis Challenges https://www.hhs.gov
• VirusTotal https://www.virustotal.com

Tools for Malware Analysis

Hypervisors

• Virtual Box (https://www.virtualbox.org)
• Parallels Desktop (https://www.parallels.com)
• VMware vSphere Hypervisor (https://www.vmware.com)

Network and Internet Simulation Tools

• NetSim (https://www.tetcos.com)
• ns-3 (https://www.nsnam.org)
• Riverbed Modeler (https://www.riverbed.com)
• QualNet (https://www.scalable-networks.com)

Screen Capture and Recording Tools

• Snagit (https://www.techsmith.com)
• Camtasia (https://www.techsmith.com)
• Ezvid (https://www.ezvid.com)

OS Backup and Imaging Tools

• Genie Backup Manager Pro (https://www.zoolz.com)
• Macrium Reflect Server (https://www.macrium.com)
• R-Drive Image (https://www.drive-image.com)
• O&O DiskImage (https://www.oo-software.com)

Static Malware Analysis

Identifying Packing/Obfuscation Methods

• PEiD https://github.com

Finding the Portable Executables (PE) Information

• Pestudio https://www.winitor.com

Identifying File Dependencies

• Dependency Walker https://www.dependencywalker.com

Malware Disassembly

• OllyDbg http://www.ollydbg.de

Dynamic Malware Analysis

Monitoring Host Integrity

• WhatChanged Portable https://portableapps.com

Windows AutoStart Registry Keys

• RegRipper https://github.com

System Behavior Analysis

Monitoring Windows Services

• Windows Service Manager (SrvMan) https://sysprogs.com

Monitoring API Calls

API Monitor http://www.rohitab.com

Device Driver Monitoring Tool

• DriverView https://www.nirsoft.net

Monitoring Files and Folders

• Tripwire Enterprise https://www.tripwire.com
• PA File Sight https://www.poweradmin.com

Data Backup Tools

• Genie Backup Manager Pro (https://www.zoolz.com)
• BullGuard Backup (https://www.bullguard.com)
• NTI Backup Now EZ (https://www.nticorp.com)
• Power2Go 13 (https://www.cyberlink.com)
• Backup4all (https://www.backup4all.com)

Data Recovery Tools

• EaseUS Data Recovery Wizard https://www.easeus.com
• Recuva (https://www.ccleaner.com)
• Puran File Recovery (http://www.puransoftware.com)
• Glary Undelete (https://www.glarysoft.com)
• SoftPerfect File Recovery (https://www.softperfect.com)
• Wise Data Recovery (https://www.wisecleaner.com)
• WinHex https://x-ways.net
• Recover My Files https://getdata.com
• DiskDigger https://diskdigger.org
• Handy Recovery https://www.handyrecovery.com
• Quick Recovery https://www.recoveryourdata.com
• Stellar Phoenix Windows Data Recovery https://www.stellarinfo.com

Password Cracking Tools

• Passware Kit Forensic https://www.passware.com
• L0phtCrack https://www.l0phtcrack.com
• ophcrack https://ophcrack.sourceforge.io
• Cain & Abel https://www.oxid.it
• RainbowCrack https://project-rainbowcrack.com
• Offline NT Password & Registry Editor https://pogostick.net
• John the Ripper https://www.openwall.com
• hashcat https://hashcat.net
• THC-Hydra https://github.com
• Medusa http://foofus.net

Default Passwords

• https://open-sez.me
• https://www.fortypoundhead.com
• https://cirt.net
• http://www.defaultpassword.us
• https://www.routerpasswords.com
• https://default-password.info
• https://www.defpass.com

DLP Solutions (Data Loss Prevention)

• MyDLP https://mydlp.com
• Symantec Data Loss Prevention (https://www.symantec.com)
• SecureTrust Data Loss Prevention (https://www.securetrust.com)
• McAfee Total Protection (https://www.mcafee.com)
• Check Point Data Loss Prevention (https://www.checkpoint.com)
• Digital Guardian Endpoint DLP (https://digitalguardian.com)

Acquire Volatile Data from a Windows Machine

• Belkasoft Live RAM Capturer https://belkasoft.com
• Bulk Extractor https://digitalcorpora.org

Acquire Non-volatile Data (Using a Windows Forensic Workstation)

• AccessData FTK Imager https://accessdata.com

Phishing Tools

• Examples of Phishing Emails https://its.tntech.edu
• ShellPhish https://github.com
• BLACKEYE https://github.com
• PhishX https://github.com
• Modlishka https://github.com
• Trape https://github.com
• Evilginx https://github.com

Anti-Phishing Toolbar

• Netcraft https://www.netcraft.com
• PhishTank https://www.phishtank.com

Social Engineering Tools:

• Social Engineering Toolkit (SET) https://www.trustedsec.com
• SpeedPhish Framework (SPF) (https://github.com)
• Gophish (https://getgophish.com)
• King Phisher (https://github.com)
• LUCY (https://www.lucysecurity.com)
• MSI Simple Phish (https://microsolved.com)

Audit Organization's Security for Phishing Attacks

• OhPhish https://ohphish.eccouncil.org

Sniffing Techniques

MAC flooding

• Mac Flooding Switches with macof https://www.monkey.org

ARP Poisoning Tools

• arpspoof https://linux.die.net
• BetterCAP (https://www.bettercap.org)
• Ettercap (http://www.ettercap-project.org)
• dsniff (https://www.monkey.org)
• MITMf (https://github.com)
• Arpoison (https://sourceforge.net)

DoS/DDoS Attack Tools

• High Orbit Ion Cannon (HOIC) https://sourceforge.net
• Low Orbit Ion Cannon (LOIC) https://sourceforge.net
• XOIC (http://anonhacktivism.blogspot.com)
• HULK (https://siberianlaika.ru)
• Tor’s Hammer (https://sourceforge.net)
• Slowloris (https://github.com)
• PyLoris (https://sourceforge.net)
• R-U-Dead-Yet (https://sourceforge.net)

DoS/DDoS Protection Tools

• Anti DDoS Guardian http://www.beethink.com
• Imperva DDoS Protection (https://www.imperva.com)
• DOSarrest’s DDoS protection service (https://www.dosarrest.com)
• DDoS-GUARD (https://ddos-guard.net)
• Cloudflare (https://www.cloudflare.com)
• F5 (https://f5.com)

Session Hijacking Tools

• OWASP ZAP https://owasp.org
• Burp Suite (https://portswigger.net)
• bettercap (https://www.bettercap.org)
• netool toolkit (https://sourceforge.net)
• WebSploit Framework (https://sourceforge.net)
• sslstrip (https://pypi.org)

Session Hijacking Detection Tools

• Wireshark https://www.wireshark.org
• USM Anywhere (https://cybersecurity.att.com)
• Check Point IPS (https://www.checkpoint.com)
• LogRhythm (https://logrhythm.com)
• SolarWinds Security Event Manager (SEM) (https://www.solarwinds.com)
• IBM Security Network Intrusion Prevention System (https://www.ibm.com)

Web Server Attack Tools

• Metasploit https://www.metasploit.com
• Immunity’s CANVAS (https://www.immunityinc.com)
• THC Hydra (https://github.com)
• HULK DoS (https://github.com)
• MPack (https://sourceforge.net)
• w3af (https://w3af.org)

Web Server Security Tools

• Fortify WebInspect Source: https://www.microfocus.com
• Acunetix Web Vulnerability Scanner (https://www.acunetix.com)
• Retina Host Security Scanner (https://www.beyondtrust.com)
• NetIQ Secure Configuration Manager (https://www.netiq.com)
• SAINT Security Suite (https://www.carson-saint.com)
• Sophos Intercept X for Server (https://www.sophos.com)

Web Application Attack Tools

• Burp Suite https://portswigger.net
• OWASP Zed Attack Proxy (ZAP) https://www.owasp.org
• Metasploit (https://www.metasploit.com)
• w3af (http://w3af.org)
• Nikto (https://cirt.net)
• Sn1per (https://github.com)
• WSSiP (https://github.com)

Web Application Security Testing Tools

• N-Stalker Web App Security Scanner https://www.nstalker.com
• Acunetix WVS (https://www.acunetix.com)
• Browser Exploitation Framework (BeEF) (http://beefproject.com)
• Metasploit (https://www.metasploit.com)
• PowerSploit (https://github.com)
• Watcher (https://www.casaba.com)

SQL Injection Tools

• sqlmap http://sqlmap.org
• Mole (https://sourceforge.net)
• Blisqy (https://github.com)
• blind-sql-bitshifting (https://github.com)
• NoSQLMap (https://github.com)
• SQL Power Injector (http://www.sqlpowerinjector.com)

SQL Injection Detection Tools

• Damn Small SQLi Scanner (DSSS) https://github.com
• OWASP ZAP (https://www.owasp.org)
• Snort (https://www.snort.org)
• Burp Suite (https://portswigger.net)
• HCL AppScan (https://www.hcltech.com)
• w3af (https://w3af.org)

Wireless Attack Tools

• Aircrack-ng Suite: http://www.aircrack-ng.org
• AirMagnet WiFi Analyzer PRO https://www.netally.com
• Ettercap https://www.ettercap-project.org
• Wifiphisher https://wifiphisher.org
• Reaver https://github.com
• Fern Wifi Cracker https://github.com
• Elcomsoft Wireless Security Auditor https://www.elcomsoft.com

Wireless Security Tools

• Cisco Adaptive Wireless IPS https://www.cisco.com
• AirMagnet WiFi Analyzer PRO (https://www.netally.com)
• RFProtect (https://www.arubanetworks.com)
• WatchGuard WIPS (https://www.watchguard.com)
• AirMagnet Planner (https://www.netally.com)
• Extreme AirDefense (https://www.extremenetworks.com)

Bluetooth Attack Tools

• BluetoothView https://www.nirsoft.net
• BlueZ (http://www.bluez.org)
• BtleJack (https://github.com)
• BTCrawler (http://petronius.sourceforge.net)
• BlueScan (http://bluescanner.sourceforge.net)
• Bluetooth Scanner btCrawler (https://play.google.com)

Reconnaissance Tools

• Web Data Extractor http://www.webextractor.com
• Whois Lookup https://whois.domaintools.com
• Tamos https://www.tamos.com

Scanning Tools

• Nmap https://nmap.org
• MegaPing http://www.magnetosoft.com
• Unicornscan https://www.kali.org/tools/unicornscan/
• Hping2/Hping3 http://www.hping.org
• NetScanTools Pro https://www.netscantools.com
• SolarWinds Port Scanner https://www.solarwinds.com
• PRTG Network Monitor https://www.paessler.com
• OmniPeek Network Protocol Analyzer https://www.liveaction.com

Enumeration Tools

• Nbtstat Utility https://docs.microsoft.com
  • nbtstat [-a RemoteName] [-A IP Address] [-c] [-n] [-r] [-R] [-RR] [-s] [-S] [Interval]
• NetBIOS Enumerator http://nbtenum.sourceforge.net

NetBIOS Enumeration Tools:

• Global Network Inventory http://www.magnetosoft.com
• Advanced IP Scanner https://www.advancedip-scanner.com
• Hyena https://www.systemtools.com
• Nsauditor Network Security Auditor https://www.nsauditor.com

Vulnerability Scoring Systems and Databases

• Common Vulnerability Scoring System (CVSS) https://www.first.org
• Common Vulnerabilities and Exposures (CVE) https://cve.mitre.org
• National Vulnerability Database (NVD) https://nvd.nist.gov
• Common Weakness Enumeration (CWE) https://cwe.mitre.org

Vulnerability Assessment Tools

• Qualys Vulnerability Management https://www.qualys.com
• OpenVAS https://www.openvas.org
• GFI LanGuard https://www.gfi.com
• Nessus Professional https://www.tenable.com
• Nikto https://cirt.net
• Qualys FreeScan https://freescan.qualys.com
• Acunetix Web Vulnerability Scanner https://www.acunetix.com
• Nexpose https://www.rapid7.com
• Network Security Scanner https://www.beyondtrust.com
• SAINT Security Suite https://www.carson-saint.com
• beSECURE (AVDS) https://www.beyondsecurity.com
• Core Impact https://www.coresecurity.com
• N-Stalker Web Application Security Scanner https://www.nstalker.com

Vulnerability Exploitation

• Exploit-DB https://www.exploit-db.com
• SecurityFocus https://www.securityfocus.com

Vulnerability Research

• Microsoft Vulnerability Research (MSVR) (https://www.microsoft.com)
• Dark Reading (https://www.darkreading.com)
• SecurityTracker (https://securitytracker.com)
• Trend Micro (https://www.trendmicro.com)
• Security Magazine (https://www.securitymagazine.com)
• PenTest Magazine (https://pentestmag.com)
• SC Magazine (https://www.scmagazine.com)
• Help Net Security (https://www.helpnetsecurity.com)
• HackerStorm (http://www.hackerstorm.co.uk)
• Computerworld (https://www.computerworld.com)
• WindowsSecurity (http://www.windowsecurity.com)
• D’Crypt (https://www.d-crypt.com)

Network Sniffers for Network Monitoring

• Wireshark https://www.wireshark.org https://wiki.wireshark.org
• tcpdump https://www.tcpdump.org
• Riverbed Packet Analyzer Plus (https://www.riverbed.com)
• OmniPeek (https://www.liveaction.com)
• Observer Analyzer (https://www.viavisolutions.com)
• SolarWinds Deep Packet Inspection and Analysis (https://www.solarwinds.com)
• Xplico (https://www.xplico.org)
• SteelCentral Packet Analyzer https://www.riverbed.com

Network Monitoring Tools

• PRTG Network Monitor https://www.paessler.com
• SolarWinds Network Performance Monitor (https://www.solarwinds.com)
• ManageEngine OpManager (https://www.manageengine.com)
• Capsa Free Network Analyzer (https://www.colasoft.com)
• Monitis Network Monitoring Solution (https://www.monitis.com)
• Nagios Network Analyzer (https://www.nagios.com)

Regulatory Frameworks

• Payment Card Industry Data Security Standard (PCI DSS) https://www.pcisecuritystandards.org
• Health Insurance Portability and Accountability Act (HIPAA) https://www.hhs.gov
• Sarbanes Oxley Act (SOX) https://www.sec.gov
• Gramm-Leach-Bliley Act (GLBA) https://www.ftc.gov
• General Data Protection Regulation (GDPR) https://gdpr.eu
• Data Protection Act 2018 (DPA) https://www.legislation.gov.uk
• ISO Information Security Standards https://www.iso27001security.com
• The Digital Millennium Copyright Act (DMCA) https://www.copyright.gov
• The Federal Information Security Management Act (FISMA) https://csrc.nist.gov
• The Electronic Communications Privacy Act https://it.ojp.gov

Tools

• http://www.metasploit.com/ – World’s most used penetration testing software
• http://www.arachni-scanner.com/ – Web Application Penetration Testing Scanner Framework
• https://github.com/sullo/nikto – Nikto web server scanner
• http://www.tenable.com/products/nessus-vulnerability-scanner – Nessus Vulnerability Scanner
• http://www.portswigger.net/burp/intruder.html – Burp Intruder is a Web Application Penetration Testing Tools for automating customized attacks against web apps.
• http://www.openvas.org/ – The world’s most advanced Open Source vulnerability scanner and manager.
• https://github.com/iSECPartners/Scout2 – Security auditing tool for AWS environments
• https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project – Is a multi threaded java application designed to brute force directories and files names on web/application servers.
• https://www.owasp.org/index.php/ZAP – The Zed Attack Proxy is an easy-to-use integrated penetration testing tool for finding vulnerabilities in web applications.
• https://github.com/tecknicaltom/dsniff – dsniff is a collection of tools for network auditing and penetration testing.
• https://github.com/WangYihang/Webshell-Sniper – Manage your web shell via terminal.
• https://github.com/DanMcInerney/dnsspoof – DNS spoofer. Drops DNS responses from the router and replaces it with the spoofed DNS response
• https://github.com/trustedsec/social-engineer-toolkit – The Social-Engineer Toolkit (SET) repository from TrustedSec
• https://github.com/sqlmapproject/sqlmap – Automatic SQL injection and database takeover tool
• https://github.com/beefproject/beef – The Browser Exploitation Framework Project
• http://w3af.org/ – w3af is a Web Application Attack and Audit Framework
• https://github.com/espreto/wpsploit – WPSploit, Exploiting WordPress With Metasploit
• https://github.com/WangYihang/Reverse-Shell-Manager – Reverse shell manager via terminal.
• https://github.com/RUB-NDS/WS-Attacker – WS-Attacker is a modular framework for web services penetration testing
• https://github.com/wpscanteam/wpscan – WPScan is a black box WordPress vulnerability scanner
• http://sourceforge.net/projects/paros/ Paros proxy
• https://www.owasp.org/index.php/Category:OWASP_WebScarab_Project Web Scarab proxy
• https://code.google.com/p/skipfish/ Skipfish, an active Web Application Penetration Testing reconnaissance tool
• http://www.acunetix.com/vulnerability-scanner/ Acunetix Web Vulnerability Scanner
• http://www-03.ibm.com/software/products/en/appscan IBM Security AppScan
• https://www.netsparker.com/web-vulnerability-scanner/ Netsparker web vulnerability scanner
• http://www8.hp.com/us/en/software-solutions/webinspect-dynamic-analysis-dast/index.html HP Web Inspect
• https://github.com/sensepost/wikto Wikto – Nikto for Windows with some extra features
• http://samurai.inguardians.com Samurai Web Testing Framework
• https://code.google.com/p/ratproxy/ Ratproxy
• http://www.websecurify.com Websecurify
• http://sourceforge.net/projects/grendel/ Grendel-scan
• https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project DirBuster
• http://www.edge-security.com/wfuzz.php Wfuzz
• http://wapiti.sourceforge.net wapiti
• https://github.com/neuroo/grabber Grabber
• https://subgraph.com/vega/ Vega
• http://websecuritytool.codeplex.com Watcher passive web scanner
• http://xss.codeplex.com x5s XSS and Unicode transformations security testing assistant
• http://www.beyondsecurity.com/avds AVDS Vulnerability Assessment and Management
• http://www.golismero.com Golismero
• http://www.ikare-monitoring.com IKare
• http://www.nstalker.com N-Stalker X
• https://www.rapid7.com/products/nexpose/index.jsp Nexpose
• http://www.rapid7.com/products/appspider/ App Spider
• http://www.milescan.com ParosPro
• https://www.qualys.com/enterprises/qualysguard/web-application-scanning/ Qualys Web Application Scanning
• http://www.beyondtrust.com/Products/RetinaNetworkSecurityScanner/ Retina
• https://www.owasp.org/index.php/OWASP_Xenotix_XSS_Exploit_Framework Xenotix XSS Exploit Framework
• https://github.com/future-architect/vuls Vulnerability scanner for Linux, agentless, written in golang.
• https://github.com/rastating/wordpress-exploit-framework A Ruby framework for developing and using modules that aid in the penetration testing of WordPress-powered websites and systems.
• http://www.xss-payloads.com/ XSS Payloads to leverage XSS vulnerabilities, build custom payloads, and practice penetration testing skills.
• https://github.com/joaomatosf/jexboss JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool
• https://github.com/commixproject/commix Automated All-in-One OS command injection and exploitation tool
• https://github.com/pathetiq/BurpSmartBuster A Burp Suite content discovery plugin that adds the smart into the Buster!
• https://github.com/GoSecure/csp-auditor Burp and ZAP plugin to analyze CSP headers
• https://github.com/ffleming/timing_attack Perform timing attacks against web applications
• https://github.com/lalithr95/fuzzapi Fuzzapi is a tool used for REST API pentesting
• https://github.com/owtf/owtf Offensive Web Testing Framework (OWTF)
• https://github.com/nccgroup/wssip Application for capturing, modifying, and sending custom WebSocket data from client to server and vice versa.
• https://github.com/tijme/angularjs-csti-scanner Automated client-side template injection (sandbox escape/bypass) detection for AngularJS (ACSTIS).

Port Checker & Port Scanner Tools

• https://www.advanced-port-scanner.com/ Advanced Port Scanner
• https://nmap.org/book/port-scanning-tutorial.html TCP with Nmap
• https://www.ipvoid.com/ IPVOID
• https://networkappers.com/ Network Tool
• https://mxtoolbox.com/DNSLookup.aspx DNS Tools
• https://hidemy.io/en/ Web Proxy and Privacy Tool
• https://www.solarwinds.com/engineers-toolset/use-cases/open-port-scanner Solar Winds Port Scanner
• https://www.whatismyip.com/ IP Tool
• https://www.home.neustar/about-us/news-room/press-releases/2010/neustar-ultradns-unveils-free-ultratools-website UltraTools
• https://www.yougetsignal.com/ Yougetsignal

Deep Web Search Engine List

• https://pipl.com/ pipl
• http://www.mylife.com/ MyLife
• https://yippy.com/ Yippy
• http://lookahead.surfwax.com/ Surfwax
• https://archive.org/web/ Way Back Machine
• https://scholar.google.com.ph/ Google Scholar
• https://duckduckgo.com/ DuckDuckgo
• https://fazzle.com/ Fazzle
• http://hss3uro2hsxfogfq.onion not Evil
• https://www.startpage.com/ Start Page
• https://www.spokeo.com/ Spokeo

Cheat Sheets

• http://n0p.net/penguicon/php_app_sec/mirror/xss.html – XSS cheatsheet
• https://highon.coffee/blog/lfi-cheat-sheet/ – LFI Cheat Sheet
• https://highon.coffee/blog/reverse-shell-cheat-sheet/ – Reverse Shell Cheat Sheet
• https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/ – SQL Injection Cheat Sheet
• https://www.gracefulsecurity.com/path-traversal-cheat-sheet-windows/ – Path Traversal Cheat Sheet: Windows

Vulnerability Scanner Tools

• https://www.manageengine.com/vulnerability-management/ OpenVAS Vulnerability Scanner
• https://www.tripwire.com/products/tripwire-ip360 Tripwire IP360
• https://intruder.io/?&utm_source=gbhackers&utm_medium=p_referral&utm_campaign=global|fixed|vulnerability_scanner_tools Intruder vulnerability scanner
• https://www.comodo.com/hackerproof/?track=8258 Comodo HackerProof
• https://www.tenable.com/products/nessus Nessus Vulnerability Scanner
• https://www.rapid7.com/products/nexpose/ Nexpose community
• https://www.cirt.net/nikto2/ Nikto
• https://www.wireshark.org/ Wireshark
• https://www.aircrack-ng.org/ Aircrack-ng
• https://retina234.rssing.com/chan-14983683/article50.html Retina network security scanner

Vulnerabilities

• http://cve.mitre.org/ – Common Vulnerabilities and Exposures. The Standard for Information Security Vulnerability Names. Web Application Pentesting Tools.
• https://www.exploit-db.com/ – The Exploit Database – the ultimate archive of Exploits, Shellcode, and Security Papers.
• http://0day.today/ – Inj3ct0r is the ultimate database of exploits and vulnerabilities and a great resource for vulnerability researchers and security professionals.
• http://osvdb.org/ – OSVDB’s goal is to provide accurate, detailed, current, and unbiased technical security information.
• http://www.securityfocus.com/ – Since its inception in 1999, SecurityFocus has been a mainstay in the security community.
• http://packetstormsecurity.com/ – Global Security Resource
• https://wpvulndb.com/ – WPScan Vulnerability Database

Free Password Manager

• https://my.norton.com/extspa/passwordmanager Norton Password Manager
• https://www.lastpass.com/password-manager LastPass Password Manager
• https://www.dashlane.com/ Dashlane Password Manager
• https://www.zoho.com/vault/ Zoho Vault
• https://www.stickypassword.com/ Sticky Password
• https://www.splashid.com/best-password-manager SplashID Password Manager
• https://keepass.info/ Keepass Password Manager
• https://www.roboform.com/ RoboForm
• https://logmeonce.com/ LogMeOnce Password Manager
• https://www.enpass.io/ Enpass Password Manager

Unified Endpoint Management Tools

• https://www.ivanti.com/products/endpoint-manager Ivanti Endpoint Management Software
• https://www.sentinelone.com/platform/?utm_medium=paid-search&utm_source=google-paid&utm_campaign=apj-ind-en-g-s-brand&utm_term=Sentinelone&utm_campaignid=19538119170&ad_id=644475838448&gad_source=1&gclid=CjwKCAiA3aeqBhBzEiwAxFiOBiAS_iTVzYZVM6tKK6F4EqsU4-lHptzubhNcBodiq-YVVK8feRJdahoCBKIQAvD_BwE SentinelOne
• https://www.sophos.com/en-us/products/endpoint-antivirus?cmp=7014w000001sQT4AAM&utm_source=Google&utm_campaign=IndiaSearchV4%7cBrand%7cB-Endpointprotection&utm_medium=cpc&utm_id=01010&utm_content=SM118385&gad_source=1&gclid=CjwKCAiA3aeqBhBzEiwAxFiOBv9NF84uu-ZVYakUW_exmBsqpHQtNHVl0l8BHY6NiUUAgWdu4bOtrxoCGLgQAvD_BwE&gclsrc=aw.ds Sophos
• https://www.manageengine.com/products/desktop-central/ EndPoint Central
• https://learn.microsoft.com/en-us/mem/intune/fundamentals/what-is-intune Microsoft Intune
• https://www.vmware.com/in/topics/glossary/content/unified-endpoint-management.html VMware
• https://docs.citrix.com/en-us/citrix-endpoint-management/endpoint-management.html Citrix Systems
• https://www.gendigital.com/us/en/ Gen Digital
• https://www.bitdefender.com/business/solutions/endpoint-security.html Bitdefender
• https://www.crowdstrike.com/cybersecurity-101/endpoint-security/endpoint-management/ CrowdStrike

SIEM Tools List 2024

• https://www.splunk.com/en_us/download/splunk-cloud.html Splunk
• https://www.ibm.com/account/reg/signup?formid=urx-30445 IBM Security QRadar
• https://www.microfocus.com/cyberres/products?trial=true ArcSight
• https://learn.microsoft.com/en-us/azure/sentinel/overview Microsoft Sentinel
• https://chronicle.security/ Google Chronicle Security
• https://cybersecurity.att.com/products/usm-anywhere/free-trial?utm_internal=sb_freetrial_modal OSSIM
• https://www.ossec.net/ossec-downloads/ OSSEC
• https://console.cloud.wazuh.com/sign-up?landing=trial Wazuh
• https://metron.apache.org/documentation/#releases Apache Metron
• https://aws.amazon.com/marketplace/pp/prodview-saajoeydschi2 SIEMonster
• https://www.prelude-siem.org/projects/prelude/files Prelude SIEM
• https://securityonionsolutions.com/ Security Onion
• https://suricata.io/download/ Suricata

SSL

• https://www.ssllabs.com/ssltest/index.html – This service performs a deep analysis of the configuration of any SSL web server on the public Internet.
• https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html – Strong SSL Security on nginx
• https://weakdh.org/ – Weak Diffie-Hellman and the Logjam Attack
• https://letsencrypt.org/ – Let’s Encrypt is a new Certificate Authority: It’s free, automated, and open.
• https://filippo.io/Heartbleed/ – A checker (site and tool) for CVE-2014-0160 (Heartbleed).

SSL Checker Tools

• https://www.ssllabs.com/ssltest/ SSL Labs
• https://www.immuniweb.com/ssl/ SSL Security Test
• https://www.sslchecker.com/certdecoder SSL certificate Decoder
• https://comodosslstore.com/ssltools/ssl-checker.php COMODO SSL Analyzer
• https://certs.securetrust.com/support/support-certificate-analyzer.php Certificate Analyzer
• https://www.digicert.com/help/ DigiCert SSL Checker
• https://appsec-labs.com/ssl_analyzer/ AppSec SSL Analyzer
• https://www.geocerts.com/ GocertsSSL
• https://www.sslshopper.com/ SSLShopper

Security Ruby On Rails

• http://brakemanscanner.org/ – A static analysis security vulnerability scanner and Web Application Security Tools for Ruby on Rails applications.
• https://github.com/rubysec/ruby-advisory-db – A database of vulnerable Ruby Gems
• https://github.com/rubysec/bundler-audit – Patch-level verification for Bundler
• https://github.com/hakirisec/hakiri_toolbelt – Hakiri Toolbelt is a command line interface for the Hakiri platform.
• https://hakiri.io/facets – Scan Gemfile.lock for vulnerabilities.
• http://rails-sqli.org/ – This page lists many query methods and options in ActiveRecord that do not sanitize raw SQL arguments and are not intended to be called with unsafe user input.
• https://github.com/0xsauby/yasuo – A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network

Linux Distros 2024

• https://ubuntu.com/ Ubuntu
• https://www.centos.org/ CentOS
• https://www.debian.org/ Debian
• https://linuxmint.com/ Linux Mint
• https://archlinux.org/ Arch Linux
• https://tails.net/ Tails
• https://fedoraproject.org/ Fedora
• https://elementary.io/ Elementary OS
• https://www.kali.org/ Kali Linux
• https://mxlinux.org/ MX Linux

Secure Messaging Apps 2024

• https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en_US Signal Private Messenger
• https://play.google.com/store/apps/details?id=org.telegram.messenger&hl=en&gl=US Telegram
• https://play.google.com/store/apps/details?id=com.wido.connected&hl=en_IN&gl=US Cyphr
• https://play.google.com/store/apps/details?id=com.whatsapp&hl=en&gl=US WhatsApp
• https://play.google.com/store/apps/details?id=pl.cisza&hl=en_US Silence
• https://play.google.com/store/apps/details?id=com.viber.voip&hl=en&gl=US Viber Messenger
• https://apps.apple.com/us/app/messages/id1146560473 iMessage
• https://play.google.com/store/apps/details?id=ch.threema.app&hl=en&gl=US Threema
• https://play.google.com/store/apps/details?id=com.mywickr.wickr2&hl=en&gl=US Wickr Me
• https://play.google.com/store/apps/details?id=com.silentcircle.silentphone&hl=en&gl=US Silent Phone