• Quarkslab’s blog
  • Le journal d’un reverser is a cool blog about the experiments of a penetration tester.
  • GTFOBins is a curated list of Unix binaries that can be exploited by an attacker to bypass local security restrictions.
  • r57.gen is a web shell collection.
  • PayloadsAllTheThings is a list of useful payloads and bypasses for Web Application Security.
  • SecLists is the security tester’s companion. It’s a collection of multiple types of lists used during security assessments, collected in one place.
  • SQL cheat sheet is a collection of useful syntax reminders for SQL Injection.
  • jsfuck is an esoteric and educational programming style based on the atomic parts of JavaScript. It uses only six different characters to write and execute code.
  • git-dumper is a tool to dump a git repository from a website.




  • DNSdumpster Find dns records in order to identify the Internet footprint of an organization
  • Zoomeye Domain/IP Lookup, GeoIP, banner grabber
  • Wigle GPS located Wifi
  • Publicwww Source code search engine
  • Robtex Domain/IP Lookup
  • Osintframework OSINT framework
  • Virustotal Analyze suspicious files and URLs to detect types of malware, automatically share them with the security community.
  • Enter an Identity (Domain Name, Organization Name, etc), a Certificate Fingerprint (SHA-1 or SHA-256)
  • Threatminer Data mining for threat intelligence
  • Dig Web Interface
  • Dnslytics See detailed information about every IP address, domain name and provider.
  • Research domaintools whois lookup
  • Search Web by Domain
  • Hybrid-analysis This is a free malware analysis service for the community that detects and analyzes unknown threats using a unique Hybrid Analysis technology.
  • Shodan search engine for Internet-connected devices
  • censys Find and analyze every reachable server and device on the Internet.
  • pipl is a stalking online tool
  • Wikileaks
  • DataSploit An OSINT Framework to perform various recon techniques on Companies, People, Phone Number, Bitcoin Addresses, etc., aggregate all the raw data, and give data in multiple formats.
  • Usersearch find the person behind a username, email address or phone number.
  • Zoomeye
  • Email hunter lets you find email addresses in seconds and connect with the people that matter for your business.
  • Gravatar find peoples from their avatar
  • Cymon is a tracker of malware, phishing, botnets, spam, and more.
  • datajournalism-resources A compilation of links to datajournalism & OSINT tools, guides and resources I find useful to keep at hand. PRs welcomed!
  • r3mlab OSINT tutorials

Reverse Engineering


  • Awesome-pentest is a large collections of interesting security resources
  • Shell-strom is a shellcodes database for study cases
  • Linux-insides is an awesome book-in-progress about the linux kernel and its insides.