Cybersecurity Tools

Web application security tools

• Burp Suite – Framework. https://portswigger.net/burp
• ZAP Proxy – Framework. https://www.zaproxy.org/
• wfuzz – bruteforcing web http://www.edge-security.com/wfuzz.php
• Wapiti https://wapiti-scanner.github.io/
• w3af http://w3af.org/
• Dirsearch – HTTP bruteforcing. https://github.com/maurosoria/dirsearch
• Nmap – Port scanning. https://nmap.org/
• Sublist3r – Subdomain discovery. https://github.com/aboul3la/Sublist3r
• Amass – Subdomain discovery. https://github.com/owasp-amass/amass
• SQLmap – SQLi exploitation. http://sqlmap.org/
• Nogotifail https://security.googleblog.com/2014/11/introducing-nogotofaila-network-traffic.html
• Iron Wasp https://ironwasp.org/
• Arachni https://ecsypno.com/pages/arachni-web-application-security-scanner-framework
• Metasploit – Framework. https://www.metasploit.com/
• WPscan – WordPress exploitation. https://wpscan.com/
• Nikto – Webserver scanning https://github.com/sullo/nikto
• HTTPX – HTTP probing. https://www.python-httpx.org/
• Nuclei – YAML based template scanning. https://github.com/projectdiscovery/nuclei
• FFUF – HTTP probing. https://github.com/ffuf/ffuf
• Subfinder – Subdomain discovery. https://github.com/projectdiscovery/subfinder
• Masscan – Mass IP and port scanner. https://github.com/robertdavidgraham/masscan
• Lazy Recon – Subdomain discovery. https://github.com/nahamsec/lazyrecon
• XSS Hunter – Blind XSS discovery. https://xsshunter.com/
• Aquatone – HTTP based recon. https://github.com/michenriksen/aquatone
• LinkFinder – Endpoint discovery through JS files. https://github.com/GerbenJavado/LinkFinder
• JS-Scan – Endpoint discovery through JS files. https://github.com/zseano/JS-Scan
• Parameth – Bruteforce GET and POST parameters. https://github.com/maK-/parameth
• truffleHog – Find credentials in GitHub commits. https://github.com/trufflesecurity/trufflehog

Pentesting

• Sn1per is an automated scanner that can automate the process of collecting data for exploration and penetration testing. https://gbhackers.com/sn1per/

Cybersec&Labs

• Attack-Defense – https://attackdefense.com/
• Alert to win – https://alf.nu/alert1?world=alert&level=alert0
• CTF Komodo Security – https://ctf.komodosec.com/
• CryptoHack – https://cryptohack.org/
• CMD Challenge –https://cmdchallenge.com/
• Exploitation Education – https://exploit.education/
• Google CTF – https://capturetheflag.withgoogle.com/
• HackTheBox – https://www.hackthebox.com/
• Hackthis – https://defendtheweb.net/
• SmashTheStack – https://www.smashthestack.org/main.html#
• The Cryptopals Crypto Challenges – https://cryptopals.com/
• Try Hack Me – https://tryhackme.com/
• Vulnhub – https://www.vulnhub.com/
• W3Challs – https://w3challs.com/
• WeChall – https://www.wechall.net/
• Zenk-Security – https://www.zenk-security.com/
• Cyberdefenders – https://cyberdefenders.org/blueteam-ctf-challenges/
• LetsDefend – https://letsdefend.io/
• Vulnmachines – https://vulnmachines.com/
• Rangeforce – https://www.rangeforce.com/
• Ctftime – https://ctftime.org/
• Pwn college – https://pwn.college/
• Great CTF Chines: https://lnkd.in/gtDyWgxE
• Perfect CTF for Crypto X challenges: https://mysterytwister.org
• Hacksplaining – https://www.hacksplaining.com/lessons
• Hacker101 – https://ctf.hacker101.com/
• Hacker Security – https://hackersec.com/ctf/
• Hacking-Lab – https://hacking-lab.com/services/
• HSTRIKE – https://hackersec.com/hstrike/
• NewbieContest – https://www.newbiecontest.org/
• OverTheWire – https://overthewire.org/wargames/
• Practical Pentest Labs – https://www.amanhardikar.com/mindmaps/Practice.html
• Pentestlab – https://pentesterlab.com/
• Hackaflag BR – https://pentesterlab.com/
• PentestIT LAB – https://lab.pentestit.ru/
• PicoCTF – https://picoctf.com/
• PWNABLE – https://pwnable.kr/play.php
• Root-Me – https://www.root-me.org/
• Root in Jail – http://rootinjail.com/
• SANS Challenger – https://www.holidayhackchallenge.com/2022/

IP & URL Reputation

• Virus Total : https://www.virustotal.com/gui/home/upload
• URL Scan : https://urlscan.io/
• AbuseIPDB: https://www.abuseipdb.com/
• Cisco Talos: https://www.talosintelligence.com/
• IBM X-Force: https://exchange.xforce.ibmcloud.com/
• URL Filtering(Palo Alto): https://urlfiltering.paloaltonetworks.com/
• URL Filtering(Symantec): https://sitereview.bluecoat.com/#/
• IP Void: https://www.ipvoid.com/
• URL Void: https://www.urlvoid.com/

File | Hash | Search | Analysis | Sandboxing

• File Extension >>https://filesec.io/#
• LOLBAS >>https://lnkd.in/dDa8XgiM
• GTFOBins >>https://gtfobins.github.io/
• File Hash Check >> https://www.virustotal.com/gui/home/search
• Hash Search >> https://valkyrie.comodo.com/
• Hash Search >> https://www.malwares.com/
• MetaDefender >> https://metadefender.opswat.com/
• Kaspersky Threat Intel. >> https://opentip.kaspersky.com/#search/
• Cuckoo Sabdbox >> https://cuckoosandbox.org/
• AnyRun >> Online sandboxing >> https://any.run/ 
• Hybrid-Analysis >> https://www.hybrid-analysis.com/ 
• Joe Sandbox >> https://www.joesecurity.org/service-offline#windows
• VMRay Sandbox >> https://www.vmray.com/
• Triage >> http://tria.ge/ 
• Browser Sandbox >> https://www.browserling.com/

File hash

• HashTools> Windows > https://www.binaryfortress.com/HashTools/
• Powershell : Get-FileHash -Path C:\path\to\file.txt -Algorithm MD5 Get-FileHash -InputObject “This is a string” -Algorithm MD5
• QuickHash > MacOS > https://www.quickhash-gui.org/ Terminal: shasum -a 256 filename

Find Suspicious Artifacts | Reverse Engineer | Debug Files

• PeStudio: https://www.winitor.com/download
• CFF Explorer: https://ntcore.com/?page_id=388
• DocGuard files: https://www.docguard.io/
• File Scan: https://www.filescan.io/scan
• Ghidra >> https://ghidra-sre.org/
• IDA Pro >>https://hex-rays.com/ida-pro/
• Radare2/Cutter >>https://rada.re/n/radare2.html https://lnkd.in/gdb3MQn2

Monitor System Resources | Detect malware

• Process Hacker >> https://processhacker.sourceforge.io/
• Process Monitor >> https://learn.microsoft.com/en-us/sysinternals/downloads/procmon
• ProcDot >> https://www.procdot.com/
• Autoruns >> https://learn.microsoft.com/en-us/sysinternals/downloads/autoruns
• TcpView >>https://learn.microsoft.com/en-us/sysinternals/downloads/tcpview

Web proxy

• Fiddler >> https://lnkd.in/gnJ9BvFN

Malware Samples

• Malware Samples – Abuse.ch 
• MalwareBazaar ==> https://bazaar.abuse.ch/ 
• FeodoTracker ==> https://feodotracker.abuse.ch/
• SSLBlacklist ==> https://sslbl.abuse.ch/ 
• URLHaus ==> https://urlhaus.abuse.ch/ 
• ThreatFox ==> https://threatfox.abuse.ch/
• YARAIfy ==> https://yaraify.abuse.ch/

Sandbox Malware Analyst

• Cuckoo Sandbox: An open-source sandbox that provides automated analysis of suspicious files and behaviors. 🔗https://github.com/cuckoosandbox/cuckoo
• Any.Run: A web-based interactive sandbox that allows users to run and analyze malware in real-time. 🔗 https://any.run/
• Joe Sandbox: Community Edition of Joe Sandbox offers a free version for malware analysis. 🔗 https://www.joesecurity.org/service-offline#windows
• IRMA (Incident Response & Malware Analysis): An open-source platform for analyzing malware and performing incident response 🔗 https://github.com/quarkslab/irma
• Viper: A framework for analyzing malware samples. It provides a user-friendly web interface and supports multiple analysis tools. 🔗 https://github.com/viper-framework/viper
• Limon Sandbox: An open-source sandbox developed to automate the analysis of Linux malware. 🔗 https://github.com/monnappa22/Limon
• BinaruGuard: Automated malware analysis on a revolutionary bare-metal platform in the cloud. 🔗http://www.binaryguard.com/
• Hybrid Analysis: A cloud-based platform that combines sandbox analysis with threat intelligence feeds. 🔗 https://www.hybrid-analysis.com/
• Filescan: operating at 10x speed compared to traditional sandboxes with 90% less resource usage 🔗 https://www.filescan.io/scan
• Sandblast: Its a malware analysis system by Checkpoint 🔗 https://threatpoint.checkpoint.com/ThreatPortal/emulation

Altri

• WordPress admin finder 🔗 Link : https://github.com/kancotdiq/wpaf
• Smb scanner tool 🔗 Link : https://github.com/TechnicalMujeeb/smb-scanner
• Heart Bleed scanner 🔗 Link : https://github.com/TechnicalMujeeb/HeartBleed
• weevely php web shell 🔗 Link : https://github.com/tom00111/Weevely
• Webponized web shell 🔗 Link : https://github.com/epinna/weevely3
• Nikto web scanner tool 🔗 Link : https://github.com/sullo/nikto
• Auto Ip or domain Attacking Tool 🔗 Link : https://github.com/Bhai4You/Ip-Attack
• Click jacking vulnerability scanner 🔗 Link : https://github.com/D4Vinci/Clickjacking-Tester
• All in 1 information gathering and web penetration tool DTect 🔗 Link : https://github.com/Audi0x01/D-TECT-1
• Detect phishing URL 🔗 Link : https://github.com/UndeadSec/checkURL
• Dos attack tool – Golden eye 🔗 Link : https://github.com/jseidl/GoldenEye
• Dos attack with hulk 🔗 Link : https://github.com/grafov/hulk
• Sql vulnerability scanner 🔗 Link : https://github.com/grafov/hulk
• hack website with sqlmap 🔗 Link : https://github.com/sqlmapproject/sqlmap
• information and vulnerability scanner with striker 🔗 Link : https://github.com/s0md3v/Striker
• web server attacking tool with dost 🔗 Link : https://lnkd.in/d-pcrbA8
• advanced multithreaded admin panel finder 🔗 Link : https://github.com/s0md3v/Breacher
• Ssl vulnerability scanner 🔗 Link : https://github.com/PortSwigger/ssl-scanner
• sublister – Subdomain enumeration 🔗 Link : https://github.com/aboul3la/Sublist3r
• WordPress vulnerability scanner and attacker 🔗 Link : https://github.com/wpscanteam/wpscan
• Hunner scanner framework 🔗 Link : https://github.com/b3-v3r/Hunner
• Red hawk all in 1 information gathering and scanning tool 🔗 Link : https://github.com/Tuhinshubhra/RED_HAWK
• Dos attack tool with Xerxes 🔗 Link : https://github.com/sepehrdaddev/Xerxes
• social fish phishing tool 🔗 Link : https://github.com/UndeadSec/SocialFish
• weeman phishing tool no root 🔗 Link : https://github.com/evait-security/weeman
• WordPress security scanner Wpseku 🔗 Link : https://lnkd.in/dDwTzntt
• IDN homograph attack tool 🔗 Link : https://github.com/UndeadSec/EvilURL
• Detect security flaws with CMS 🔗 Link : https://github.com/Dionach/CMSmap
• Fire crack , admin, finders, deface, bing dorking etc 🔗 Link : https://github.com/Ranginang67/Firecrack
• Pish web tool 🔗 Link : https://github.com/Cabdulahi/pish
• MITM attack tool 🔗 Link : https://github.com/websploit/websploit
• kill shot pentesting framework 🔗 Link :https://github.com/bahaabdelwahed/killshot

Search Engines for IoT Devices.

• Shodan 🔗https://www.shodan.io/
• Censys 🔗https://censys.io/
• ZoomEye 🔗https://www.zoomeye.org/
• BinaryEdge 🔗https://www.binaryedge.io/
• Thingful 🔗https://www.thingful.net/
• Wigle 🔗https://wigle.net/
• Hunter.io 🔗https://hunter.io/
• BuiltWith 🔗https://builtwith.com/
• NetDB 🔗https://netdbtracking.sourceforge.net/
• Recon-ng 🔗https://github.com/lanmaster53/recon-ng
• PublicWWW 🔗https://publicwww.com/