Pentest
- Quarkslab’s blog
- Le journal d’un reverser is a cool blog about the experiments of a penetration tester.
- GTFOBins is a curated list of Unix binaries that can be exploited by an attacker to bypass local security restrictions.
- r57.gen is a web shell collection.
- PayloadsAllTheThings is a list of useful payloads and bypasses for Web Application Security.
- SecLists is the security tester’s companion. It’s a collection of multiple types of lists used during security assessments, collected in one place.
- SQL cheat sheet is a collection of useful syntax reminders for SQL Injection.
- jsfuck is an esoteric and educational programming style based on the atomic parts of JavaScript. It uses only six different characters to write and execute code.
- git-dumper is a tool to dump a git repository from a website.
Malware
Botnets
OSINT
- DNSdumpster Find dns records in order to identify the Internet footprint of an organization
- Zoomeye Domain/IP Lookup, GeoIP, banner grabber
- Wigle GPS located Wifi
- Publicwww Source code search engine
- Robtex Domain/IP Lookup
- Osintframework OSINT framework
- Virustotal Analyze suspicious files and URLs to detect types of malware, automatically share them with the security community.
- crt.sh Enter an Identity (Domain Name, Organization Name, etc),
a Certificate Fingerprint (SHA-1 or SHA-256)
- Threatminer Data mining for threat intelligence
- Dig Web Interface
- Dnslytics See detailed information about every IP address, domain name and provider.
- Research domaintools whois lookup
- Search Web by Domain
- Hybrid-analysis This is a free malware analysis service for the community that detects and analyzes unknown threats using a unique Hybrid Analysis technology.
- Shodan search engine for Internet-connected devices
- censys Find and analyze every reachable server and device on the Internet.
- pipl is a stalking online tool
- Wikileaks
- DataSploit An OSINT Framework to perform various recon techniques on Companies, People, Phone Number, Bitcoin Addresses, etc., aggregate all the raw data, and give data in multiple formats.
- Usersearch find the person behind a username, email address or phone number.
- Zoomeye
- Email hunter lets you find email addresses in seconds and connect with the people that matter for your business.
- Gravatar find peoples from their avatar
- Cymon is a tracker of malware, phishing, botnets, spam, and more.
- datajournalism-resources A compilation of links to datajournalism & OSINT tools, guides and resources I find useful to keep at hand. PRs welcomed!
- r3mlab OSINT tutorials
Reverse Engineering
Others
- Awesome-pentest is a large collections of interesting security resources
- Shell-strom is a shellcodes database for study cases
- Linux-insides is an awesome book-in-progress about the linux kernel and its insides.