Toolbox

• ⚙️ General

  ---

  Helpers

  • Online Compiler
  • Quick Ref
  • ListDiff
  • ExplainShell
  • CIDR Calculator
  • Tool VG
  • De4js
  Availability

  • URLscan
  • Wannabrowser
  • URL2PNG
  • Geopeeker
  • Testlocaly
  • Web Check
  • Down Detector
  Lookup

  • IP Info
  • BGP HE
  • BGP View
  • BGP Tools
  • RA DB
  • NetworksDB
  • DNSlytics
  • ViewDNS
  • DNS Checker
  • Netlas
  • MX Toolbox
  • Robotex
  • Domaintools
  • Netcraft
  • Hexillion
  Encryption & Hashing

  • CyberChef Tools
  • emn178 Tools
  • Crypto Tools
  • Hashcat Table
  • Hash Identifier
  • Crackstation

• 🔭 Reconnaissance

  ---

  Dorkers

  • Grep App
  • Search Code
  • PublicWWW Search Code
  • DorkSearch
  • GoogleDorking
  • Pagodo
  Surface

  • Shodan
  • Fofa
  • Zoomeye
  • Censys
  • Fullhunt
  • Binary Edge
  • DNS Dumpster
  • Security Trails
  • Whois XML API
  • OSINTSH
  • Buckets Grayhat Warfare
  • ZMap
  • Wigle
  Certificates

  • SSL Certificate Checker
  • CRT SH
  • Digicert
  • SSL Shopper
  • Certificate Transparency Policy Analyzer
  • Cipher Suite
  • Certificate Details
  Archives

  • Web Archive
  • CachedPages
  • stored.website
  • CommonCrawl
  • UK Web Archive
  • Arquivo
  • Archive-It
  • HAW
  • Archive.ph

• 🚨 Threat Detection

  ---

  Reputation

  • AbuseIPDB
  • API Void
  • Criminal IP
  • Abuse CH
  • Website Scam Detector
  Threat Intelligence

  • Hunting Abuse CH
  • Alien Vault OTX
  • IBM X-Force Exchange
  • Cisco Talos Intelligence
  • GreyNoise
  • Netlas
  • ODIN
  • ThreatBook (Cyber Threat Intelligence)
  • Maltiverse (Threat Intelligence Aggregator)
  • OpSecFailure (OpSec Mistakes)
  • TrailDiscover (CloudTrail Events)
  • Inquest Labs (Threat Intelligence & Malware FDR Signatures)
  • Detection.FYI (Sigma Rules & Threat Hunting)
  • ThreatMiner (Threat Intelligence Data Mining)
  • ThreatCrowd (Threat Search Engine)
  Scanners

  • Virus Total
  • Sucuri
  • Meta Defender
  • Intezer
  • Filescan IO
  • Polyswarm
  • Jotti
  • VxStream
  • CRXcavator (Browser Extensions)
  Canaries

  • Canary Tokens
  • Thinkst Canary
  • StationX CanaryTokens

• ⚠️ Vulnerability

  ---

  CVE

  • CVE Crowd
  • Vulnerability Lab
  • NVD - NIST
  • CVE Details
  • CVE Mitre
  • CVE NVD
  • CVE Search
  Vulnerability Databases

  • Vulners
  • Snyk Security
  • Rapid7 Database
  • Mend Vulnerability Database
  • VulnIQ
  • Aqua Security - AVD
  • VulDB
  • Vulmon
  • Cybersecurity Help
  • VarIoT (IoT Vuln)
  Advisories

  • Microsoft Security Response Center (MSRC)
  • Cisco Security Advisories
  • Red Hat Security Updates
  • Google Project Zero
  • Trend Micro Advisories
  • GitHub Security Advisories

• 💥 Exploitation

  ---

  Exploits

  • Six2Dez PentestBook
  • HackTricks
  • HackTricks Cloud
  • Exploit DB
  • Packet Storm
  • Rapid7
  • Metasploit
  • Vulners
  • 0day Today
  • Sploitify
  • ARP Syndicate
  • Exploit Pack
  • Exploit Notes
  • PwnWiki
  Living Off The Land

  • LOLBAS
  • GTFOBins
  • Drivers
  • Orchard: macOS Binaries
  • Applications
  • Pipeline
  • Active Directory
  • ESXi
  • Tunnels
  • Security Tools
  • Hardware
  • LOFP (False Positives in Threat Hunting)
  Payloads

  • Reverse Shell Generator
  • PayloadsAllTheThings
  • PayloadBox
  • Shell-Storm Shellcode Database
  • Freeze
  • Metasploit/msfvenom
  • Chimera
  • Pwndrop
  • Shellter
  • VBA Payloads

• ☣️ Malware

  ---

  Malware Information

  • Malpedia
  • VX-underground
  • Malware Traffic Analysis
  • MalAPI (Malicious API Calls)
  • HijackLibs (DLL Hijacking)
  • WTFBins (Suspicious Binaries)
  • Bootloaders.io (Malicious Bootloaders)
  • Feodo Tracker (Botnet C&C Servers)
  Samples

  • Malware Bazaar
  • MalShare
  • VirusShare
  • VirusBay
  • Malware Feed
  • Awesome Malware Analysis
  • theZoo - Live Malware Repository
  • The MALWARE Repo
  • Fabrimagic Malware Samples
  • Jstrosch Malware Samples
  • InQuest Malware Samples
  • Malware Sample Library
  • Virus Sample Sources
  • Cryptware Malware Database
  • Pyran1 Malware Database
  • Ultimate RAT Collection
  • Ransomware Samples
  • JavaScript Malware Collection
  • Rust for Malware Development
  • Rust Malware Gallery
  • trickster0 Offensive Rust
  • JPG to Malware (Steganography Techniques)
  • Linux Malware Samples
  • Android Malware Datasets
  • Android Malware Source Code Samples
  RATs

  • TheFatRat
  • QuasarRAT
  • Pupy
  • Covenant
  • AndroRAT
  • Merlin
  • EvilOSX
  • Venom
  • NjRat
  • Ghost
  • NanoCore
  • Revenge RAT
  • PlugX
  • Orcus
  • jRAT
  • Stitch
  • Emp3r0r
  • DogeRat
  • Powershell-RAT
  • Slackor
  • Gh0st
  Sandboxers

  • ANY RUN
  • Hybrid Analysis
  • Kasm Web
  • Joe Sandbox
  • VirusTotal
  • VxStream

• 🌐 Internet

  ---

  Live Maps

  • Kaspersky Cybermap
  • Fortinet Threat Map
  • ThousandEyes Outages
  • Pingdom Outages
  • Hacknet
  • Internet Monitor
  Live Cameras

  • Surveillance under Surveillance
  • Insecam.org
  • World Cams
  • Skylinewebcams
  • WebKams
  • WorldCam
  • Webcam Hopper
  • Live Traffic
  • Geocam.ru
  • Moldova's borders webcams
  • Earth Cam
  • Webcam Taxi
  • LiveWorldWebcams
  • AlleCam
  • WXYZ Webcams
  Tor

  • Tor
  • TorCheck
  • TorMetrics
  • TorFlow
  IANA

  • IANA
  • IANA-RIR
  • IANA-PROTOCOLS
  • IANA-ROOT-SERVERS
  • IANA-ROOT-DOMAINS
  • IANA-AS-NUMBERS
  • IANA-PORT-NUMBERS
  RFC (Request for Comments)

  • RFC 791 - Internet Protocol (IP)
  • RFC 793 - Transmission Control Protocol (TCP)
  • RFC 768 - User Datagram Protocol (UDP)
  • RFC 1035 - Domain Name System (DNS)
  • RFC 2616 - Hypertext Transfer Protocol (HTTP/1.1)
  • RFC 5246 - Transport Layer Security (TLS 1.2)
  • RFC 854 - Telnet Protocol Specification
  • RFC 2821 - Simple Mail Transfer Protocol (SMTP)
  • RFC 2131 - Dynamic Host Configuration Protocol (DHCP)
  • RFC 4291 - Internet Protocol Version 6 (IPv6) Addressing Architecture

• 📚 Learning

  ---

  Practice Labs

  • OWASP Vulnerable Web Applications Directory
  • CyberDefenders
  • LetsDefend
  • Blue Team Labs Online
  • Hack The Box (HTB)
  • TryHackMe
  • pwn.college
  • PentesterLab
  • VulnHub
  • CTFtime
  • OverTheWire
  • Root-Me
  • PortSwigger Web Security Academy
  • Hacker101 CTF
  • Hackers Academy
  • National Cyber League (NCL)
  • VulnMachines
  • Application Security Training
  • HackingHub
  • Google Public Firing Range
  • APIsec Training
  • OWASP crAPI
  • VAPI - Vulnerable API
  • VulnLab Red Team Labs
  Learning Resources

  • TCM Security Academy
  • Cybrary
  • AttackIQ Academy
  • EC-Council CodeRed
  • APIsec University
  • Open Security Training
  • OST2 Cybersecurity Training
  • Learn X in Y Minutes
  • Advanced Bash Scripting Guide
  • OSCP Guide
  • IPPSEC Rocks
  • OWASP Web Security Testing Guide (WSTG)
  • Pentest Reports Archive
  • Security Certification Roadmap
  BugBounty Resources

  • Resources for Beginner Bug Bounty Hunters
  • Bug Bounty Forum - Getting Started
  • BugBountyHunter (zSeano)
  • How To Hunt
  • BugHunterHandbook
  • All About Bug Bounty
  • Bug Bounty Cheat Sheet
  • Awesome Bug Bounty Writeups
  • HackerOne Reports Archive
  • BBRE (Bug Bounty Explained - Free Resources)
  • Bug Reader - Reports
  • Bug Bounty World - Slack Archives
  News Portals

  • TheHackerNews
  • CybersecurityNews
  • GBHackers
  • Threatpost
  • SecurityWeek
  • Wired
  • DarkReading
  • InfoSecurity Magazine
  • BleepingComputer
  • Krebs on Security
  • The Record by Recorded Future
  Blogs

  • VKremez Blog
  • 0xPat
  • Zeyad Azima
  • ZeroSum0x0 Blog
  • Guitmz Security Blog
  • Xcellerator Blog
  • Crow Blog
  • 0xRick Blog
  • CaptMeelo Blog
  • Cyb3rM3 Blog

• 👾 Bug Bounty

  ---

  Platforms

  • BBRadar
  • HackerOne
  • Bugcrowd
  • Intigriti
  • YesWeHack
  • FireBounty
  • Zero Day Initiative (ZDI)
  • Crowdfense
  • Synack
  • HackenProof
  • Code4rena
  BB Automation

  • Axiom
  • Osmedeus
  • ReconFTW
  • reNgine
  • BBOT (Black Lantern Security)
  Subdomain Enumeration

  • Sublist3r
  • Amass
  • massdns
  • Findomain
  • Sudomy
  • chaos-client
  • domained
  • bugcrowd-levelup-subdomain-enumeration
  • shuffledns
  • puredns
  • censys-subdomain-finder
  • Turbolist3r
  • censys-enumeration
  • tugarecon
  • as3nt
  • Subra
  • Substr3am
  • domain
  • altdns
  • brutesubs
  • dns-parallel-prober
  • dnscan
  • knock
  • hakrevdns
  • dnsx
  • subfinder
  • assetfinder
  • crtndstry
  • VHostScan
  • scilla
  • sub3suite
  • cero
  • shosubgo
  • haktrails
  • bbot
  Port Scanning

  • masscan
  • RustScan
  • naabu
  • nmap
  • sandmap
  • ScanCannon
  Screenshots

  • EyeWitness
  • aquatone
  • screenshoteer
  • gowitness
  • WitnessMe
  • eyeballer
  • scrying
  • Depix
  • httpscreenshot
  Technologies

  • wappalyzer
  • webanalyze
  • python-builtwith
  • whatweb
  • retire.js
  • httpx
  • fingerprintx
  Content Discovery

  • gobuster
  • recursebuster
  • feroxbuster
  • dirsearch
  • dirsearch (Go)
  • filebuster
  • dirstalk
  • dirbuster-ng
  • gospider
  • hakrawler
  • crawley
  • katana
  Links

  • LinkFinder
  • JS-Scan
  • LinksDumper
  • GoLinkFinder
  • BurpJSLinkFinder
  • urlgrab
  • waybackurls
  • gau
  • getJS
  • linx
  • waymore
  • xnLinkFinder
  Fuzzing

  • wfuzz
  • ffuf
  • fuzzdb
  • IntruderPayloads
  • fuzz.txt
  • fuzzilli
  • fuzzapi
  • qsfuzz
  • vaf
  BB Helpful

  • WebHackersWeapons
  • OneForAll
  • Scan4All
  • Nuclei Templates
  • Can I Take Over XYZ?
  • ProjectDiscovery