Welcome to the Cybersources! This project serves as a central hub for a wide range of tools, resources, and educational materials designed for cybersecurity professionals, enthusiasts, and learners. Whether you're just starting out or an experienced expert, you'll find everything you need to enhance your skills, stay updated with industry trends, and deepen your knowledge in this fast-evolving field.
🎉 Join now the discord community (+2k members): https://discord.gg/6s9W3EQApw 🎉

OSINT
Pentesting
- Post Explotation
- Deobfuscators
- Decompilers
- Disassembler and debuggers
- Web
- Network
- RFID
- WiFi
- Bluetooth
- Reconnaissance
- Bug Bounty
- Binary Explotation
- CCTV
Cryptography
Forensic & Malware Analysis
Anonymity and Security Tools
Utility & Miscellaneous
AI Tools
Specialized Tools
Hardware & Operating Systems
Learning & Training Resources
- Resources
- Courses
- Certifications
- Tutorials
- Practice Webs
- CTFs - Training
- Open-Source Repositories
- Learning Path
- Projects Based
Social and Media
- Events
- Community
- Podcasts
- Documentaries
- Books & Papers/Articles
- TV Shows
- Youtube Channels
- LinkedIn Creators
Repository
1. ↑ OSINT
1.1 ↑ OSINT
Tool | Description |
---|---|
OsintLabs | Tools and sites useful for osint |
OSINT Framework | HUGE collection of OSINT tools |
Mitaka | Mitaka is a browser extension that makes your OSINTsearch & scan easier |
osint.rocks | A resource for locating and investigating individuals. |
Pim Eyes | Facial recognition tool for reverse image searches. |
IntelTechniques | Search engine tailored for OSINT investigations across multiple data types. |
Cybdetective | Visual global directory of OSINT tools. |
Face Comparison | Compare facial images to find matches. |
OSINT Framework | Extensive repository of OSINT tools and techniques. |
FaceCheckID | Reverse image lookup specialized in facial recognition. |
Social Catfish | Find people using names, images, or other details. |
Google Lens | AI-powered tool to analyze and extract information from images. |
LensoAI | AI-driven platform for reverse image searching. |
OSINT Investigation Assistant | An OSINT Investigation Assistant designed to help with people investigations |
ClatScope | The best and most versatile OSINT utility for retrieving geolocation, DNS, WHOIS, phone, email, data breach information and much more (42 features). |
DataSurgeon | It allows for the extraction of various types of sensitive information including emails, phone numbers, hashes, credit cards, URLs, IP addresses, MAC addresses, SRV DNS records and more. |
Deep Dork Web | Automate Google Dorking for OSINT investigations. Search indexed sensitive data efficiently with pre-built queries. |
Digital Digging OSINT | Collection of OSINT resources are organized by country and are useful for researchers, fact-checkers, and digital profilers. |
toposint | Open Source Intelligence collections and other interests. |
The OSINT Rack | A curated and growing list of open-source intelligence tools; explore resources across recon, social media, metadata, geolocation, and more. |
Breach House | An Open Crawler about Ransomware leaks, Traditional Breaches, Infostealer packages and Leads into a dark forums, telegram and dark web. |
1.2 ↑ Username Search
Tool | Description |
---|---|
UserSearch | Free tool to search usernames on 2000+ websites. |
CheckUser | Search for usernames across social networks. |
Digital Footprint Check | Free tool to verify usernames registered on hundreds of sites. |
IDCrawl | Find usernames on popular social networks. |
Maigret | Collect detailed information on individuals using their username. |
Name Chk | Verify usernames on over 90 social media platforms and 30 domain extensions. |
Name Checkr | Search for domains and usernames across multiple platforms. |
Name Checkup | Check username and domain availability across social media and websites. |
NexFil | Identify usernames across nearly all social network sites. |
Seekr | Multi-tool for OSINT data management, note-taking, and username checking. |
SherlockEye | Discover publicly available information tied to a username. |
Snoop | Search for nicknames and usernames on the web within the OSINT domain. |
Inteltechniques | Collection of OSINT tools for diverse investigations. |
League of Legends Archiver | Archive and search past web data, with a focus on low-level intelligence collection. |
NameMC | Search and verify Minecraft usernames. |
Namevine | A tool to check name availability across various websites. |
OSINT-Rocks | A collection of open-source intelligence tools for various investigative purposes. |
Peek You | Search engine that finds publicly available data about individuals and their online profiles. |
Sherlock | Search for usernames across social media and other websites. |
Social Searcher | OSINT tool to search social media platforms for public information. |
UnAvatar | Discover avatars tied to an email address across different platforms. |
Instant Username | Instantly check username availability across multiple platforms as you type. |
NamesDir | Namesdir is a simple web tool to list most of the existing first names for a surname and vice versa. |
Amazon Usernames | URL for search usernames for Amazon |
GitHub Usernames | URL to find GitHub users. |
Tinder Usernames | URL to find tinder users. |
1.3 ↑ Email Search
Tool | Description |
---|---|
Epieos | Analyze and investigate email addresses. |
BreachDirectory | Explore databases of breached email accounts. |
MailTester | Locate email addresses and optimize email deliverability. |
MXToolbox | Troubleshoot and investigate email server issues using free tools. |
DeHashed | Prevent account takeovers with breach notifications and data analysis. |
EmailHippo | Verify if an email address exists with accuracy. |
Ghunt | Investigate Google-related emails and associated documents. |
Gitrecon | Scan GitHub repositories for exposed emails and names. |
h8mail | Perform local or premium email OSINT and password breach hunting. |
Have I Been Pwned | Check whether an email address has been exposed in data breaches. |
Holehe | Discover accounts linked to email addresses across various platforms. |
LeakCheck | Search over 7.5B breached entries for emails, usernames, and other data. |
ActiveTK.jp | Obtain Google account information from a Gmail address, such as name, profile image, and services used. |
Black Kite | Cybersecurity tool for assessing third-party risks. |
Hudson Rock Cybercrime Intelligence Tools | Comprehensive tools for cybercrime intelligence and monitoring. |
Intelltechniques | Collection of OSINT tools for diverse investigations. |
OCCRP Aleph | Investigative platform for OSINT tools, particularly useful for journalists and activists. |
Omail | OSINT tool for checking email addresses against multiple online sources. |
OSINT-Rocks | A collection of open-source intelligence tools for various investigative purposes. |
Peek You | Search engine that finds publicly available data about individuals and their online profiles. |
Predicta Search | Tool that enables users to search for digital data across various online platforms. |
Skymem | Email lookup tool that tracks and archives email addresses, searching for data leaks and more. |
Synapsint | OSINT search engine for finding public data across social networks and websites. |
That's Them | Provides a quick search for people and email addresses to locate social profiles and data. |
Whoisology | OSINT platform used for investigating domain ownership, email addresses, and IP data. |
Ashley Madison Emails | Was your profile compromised in the Ashley Madison hack? |
MailBox Validator | Validate and clean your email list by detecting disposable emails, invalid emails, mail server and much more. |
EmailRep | Illuminate the "reputation" behind an email address |
ReadNotify | ReadNotify lets you know when email you've sent gets read! |
MailScrap | This email verification tool actually connects to the mail server and checks whether the mailbox exists or not, wipeout disposable email addresses from your email list. |
Check-if-email-exists | Check if an email address exists without sending any email, written in Rust. Comes with a ⚙️ HTTP backend. |
OneLook | Enter a word, phrase, description, or pattern above to find synonyms, related words, and more. |
Email Permutator | This tool is intended to help you find the email addresses of people you need to contact. |
Toofr | Find Anyone’s Email Address in Seconds. Instantly connect with decision-makers that matter to your business. |
Skymem | Find email addresses of companies and people |
the Harvester | E-mails, subdomains and names Harvester - OSINT |
Voilanobert | I can find anyone's email address |
Hunter | Hunter is your all-in-one email outreach platform. |
SingalHire | Find Valid Emails and Phone Numbers |
LeakRadar | Instant search across 2 B+ plain-text info-stealer credentials; email, domain, metadata queries, monitoring & API |
Have I Been Ransom | Because people have the right to know if their data has been leaked. Check if you have been ransomed. |
1.4 ↑ Phone Number Search
Tool | Description |
---|---|
phoneinfoga | Information gathering framework for phone numbers |
1.5 ↑ GEOINT
Tools | Description |
---|---|
Bellingcat | Geospatial intelligence and analysis. |
OhShint | Geospatial OSINT tools. |
GeoSpy | The World's Best AI Geolocation Tool |
Picarta | We find where a photo has been taken in the world using Artificial Intelligence. |
IPLogger | IP Logger link shortener with geolocalizaction with advanced analytics. |
GeoNames | The GeoNames geographical database with over 11 million placenames. |
Geoseer.net | Search over 3.5 million spatial GIS datasets hosted on over 40k live services. |
GeoINT Search | Custom Google search for geographical-related queries. |
Earth Engine Dataset | Public data archive with over 40 years of imagery and scientific datasets. |
GeoPlatform Portal | Cross-agency collaborative effort for geospatial data sharing and transparency. |
FAO Map Catalog | Collection of geographical maps from the FAO. |
Geocreepy | Geolocation OSINT tool for gathering location data from social networks. |
US Crisis Monitor | In-depth coverage of political violence trends in the US. |
Toronto Live | Provides live information about public schools, traffic, bike shares, etc. |
GeoProtests API | Query and visualize protests worldwide with spatial aggregations. |
GeoINT-py | A collection of geospatial intelligence workflows implemented in Python. |
OverPass Turbo | Ways I use ChatGPT with OverpassTurbo for OSINT Geolocation Research |
GeoHints | Geolocation hints and tips for OSINT investigations. |
GeoGuessr Assistant | An assistant tool for the GeoGuessr game, providing geolocation support. |
GeoTips | A guide for geolocation strategies and tips. |
Plonkit | Provides resources for geolocation and map-related guidance. |
GeoEstimation Labs | A platform for geolocation estimation and analysis. |
Google Earth | Explore the world with 3D maps and satellite imagery. |
Mapillary | Street-level imagery platform for mapping and geolocation research. |
World Imagery Wayback | Access archived imagery for geospatial analysis. |
Zoom Earth | Live weather maps, storm tracking, and global satellite imagery. |
Sentinel Playground | Explore satellite imagery and geospatial data from Sentinel satellites. |
Real-Time Satellite Tracking | Track satellites and view predictions in real-time. |
SunCalc | Calculate sunrise, sunset, shadow length, and solar position data on a map. |
Map Developers | Custom Google Map API solutions and tools for developers. |
OSM Finder | OpenStreetMap search and navigation tool for location data. |
PeakVisor | AR app and site for exploring mountains and hiking trails. |
Bellingcat OSM Search | Guide and tool for geolocation using OpenStreetMap. |
Google Maps | A widely used tool for mapping, navigation, and geolocation searches. |
Overpass Turbo | A web-based tool for querying and filtering OpenStreetMap data. |
Google Earth | 3D mapping and satellite imagery tool for exploring locations globally. |
Mapillary | A street-level imagery platform for mapping and geospatial analysis. |
World Imagery Wayback | Access archived satellite imagery for geospatial and temporal analysis. |
Zoom Earth | Live weather map and satellite imagery with storm tracking and rain radar. |
Sentinel Playground | Explore satellite imagery and analyze geospatial data from Sentinel satellites. |
Real-Time Satellite Tracking | Track satellites and view real-time predictions for their paths. |
SunCalc | A solar position calculator for determining sunrise, sunset, and shadow lengths on a map. |
Map Developers | Provides custom Google Map API solutions and tools for advanced mapping needs. |
GeoSpy AI | Convert pixels into actionable location intelligence using AI. |
1.6 ↑ Photo / Images
Tools | Description |
---|---|
Photo.Osint | List of all tools for photo and images OSINT. |
Foto Forensics | All the metadata of an image. |
Exiftool | A terminal based tool for extracting images meta data. |
1.7 ↑ Social Networks
1.7.1 ↑ Instagram
Tools | Description |
---|---|
Aware Online: Instagram Search Tool | Instagram Search Tool |
Combin | Instagram marketing tool for managing and growing your account. |
Comment Picker | Tool for selecting random winners from comments. |
Display Purposes | Tool for finding hashtags related to your content. |
DownAlbum | Chrome extension for downloading photos and videos from Instagram. |
Engagement-calculator | Tool for calculating engagement rates on Instagram. |
Export Comments | Tool for exporting Instagram comments. |
Hashtagify | Tool for finding and analyzing hashtags. |
Hashtags for Likes | Tool for finding the best hashtags for Instagram. |
HypeAuditor | Tool for analyzing the authenticity of influencers and their engagement. |
Iconosquare | Tool for managing and analyzing Instagram accounts. |
IGSuperStar | Tool for finding Instagram influencers. |
Imgbunk | Tool for searching and downloading Instagram photos. |
ImgInn | Tool for viewing and downloading Instagram stories anonymously. |
In Tags | Tool for finding the best tags for your Instagram posts. |
INSSIST | Chrome extension for posting photos and stories on Instagram from desktop. |
InstaFollowers | Tool for gaining followers and engagement on Instagram. |
Instagram Crawler | Tool for scraping Instagram data. |
Instagram Explorer | Tool for exploring Instagram profiles and posts. |
Instagram OSINT | Open-source intelligence tool for Instagram. |
Instagram Scraper | Tool for scraping Instagram posts and profiles. |
Instagram Search Tool (Aware Online) | Tool for searching Instagram profiles and posts. |
InstaLoader | Tool for downloading Instagram photos, videos, and metadata. |
instaloctrack | Tool for tracking Instagram locations. |
InstaLooter | Tool for downloading photos and videos from Instagram profiles. |
Keyhole | Tool for tracking and analyzing social media campaigns. |
Leetags | Tool for finding the best hashtags for Instagram posts. |
MetaHashtags | Tool for generating and analyzing hashtags. |
Minter.io | Tool for Instagram analytics and reporting. |
noninstagram | Tool for Instagram data analysis. |
Osi.ig | Tool for Instagram OSINT. |
Osintgram | OSINT tool for analyzing Instagram profiles and posts. |
Otzberg.net | Tool for finding Instagram user IDs. |
Panoramiq | Tool for scheduling and managing Instagram posts. |
Phantom Buster | Automation tool for social media platforms. |
Picodash | Tool for searching and organizing Instagram content. |
Scylla | Tool for Instagram OSINT and data scraping. |
Skimagram | Tool for tracking Instagram activity. |
Social-alerts | Tool for setting up social media alerts. |
SocialInsider | Tool for social media analytics and competitive analysis. |
socid_extractor | Tool for extracting social media IDs. |
SoIG | Tool for Instagram OSINT. |
tailwind | Tool for scheduling and managing Instagram posts. |
ThumbTube | Tool for downloading Instagram profile pictures. |
trendHERO | Tool for influencer marketing and analytics. |
Webstagram | Instagram web viewer and search tool. |
Flufi | A tool for exploring public stories, posts, reels, tags, followers, and more.. |
Find Instagram User ID | A tool to find the Instagram user ID for any profile. |
1.7.2 ↑ Linkedin
Tools | Description |
---|---|
IntelligenceX: Linkedin | LinkedIn search tool by IntelligenceX. |
BridgeKeeper | Tool for OSINT on LinkedIn profiles. |
CrossLinked | LinkedIn enumeration tool. |
Email Reverse Lookup | Tool for reverse email lookup on LinkedIn. |
Free People Search Tools | Comprehensive people search tool. |
FTL | Chrome extension for LinkedIn OSINT. |
osint.support | Collection of OSINT tools for LinkedIn. |
InSpy | LinkedIn enumeration tool. |
Linkedin Bookmarklet | Bookmarklet tools for LinkedIn OSINT. |
Linkedin Profile Scraper | Tool for scraping LinkedIn profiles. |
Linkedin Search TGC | Tool for searching LinkedIn profiles. |
LinkedInt | LinkedIn intelligence and OSINT tool. |
Osint Support Linkedin | Support tools for LinkedIn OSINT. |
Phantom Buster | Automation tool for LinkedIn tasks. |
raven | LinkedIn enumeration and scraping tool. |
Recruitin.net | Tool for recruiting on LinkedIn. |
Recruitment Geek | LinkedIn search tool for recruiters. |
ScrapedIn | Tool for scraping LinkedIn profiles. |
1.7.3 ↑ TikTok
Tools | Description | --- |
---|---|---|
Exolyt.com | Tool for analyzing TikTok profiles and videos. | --- |
Hashtags for Likes | Tool for finding the best hashtags for TikTok posts. | --- |
HypeAuditor | Tool for analyzing the authenticity of TikTok influencers. | --- |
Influence Grid | Tool for finding TikTok influencers. | --- |
InstaFollowers | Tool for finding TikTok user IDs. | --- |
Mavekite.com | Tool for managing and analyzing TikTok campaigns. | --- |
OSINT Combine TikTok Quick Search | Quick search tool for TikTok profiles. | --- |
Savefrom.net | Tool for downloading TikTok videos. | --- |
Sinwindie TikTok Bookmarklet Tools | Bookmarklet tools for TikTok OSINT. | --- |
Snaptik.app | Tool for downloading TikTok videos. | --- |
Tikbuddy | Tool for analyzing TikTok profiles and content. | --- |
TikTok API | API for interacting with TikTok. | --- |
TikTok Creative Center Statistics | Tool for finding trending hashtags and content on TikTok. | --- |
TikTok Downloader | Tool for downloading TikTok videos. | --- |
TikTok Hashtags | Tool for generating TikTok hashtags. | --- |
TikTok Scraper | Tool for scraping TikTok profiles and videos. | --- |
TikTok Timestamp | Tool for analyzing timestamps on TikTok videos. | --- |
TikView | Tool for searching TikTok profiles and content. | --- |
tikvstock | Tool for stock and analyzing TikTok videos. | --- |
Tokvid | Tool for downloading TikTok videos. | --- |
TubeHi | Tool for analyzing TikTok and YouTube content. | --- |
Vidnice | Tool for analyzing TikTok profiles and content. | --- |
1.7.4 ↑ OnlyFans
Tools | Description |
---|---|
fansmetrics.com | Tool for analyzing OnlyFans metrics. |
Onlysearch.com | Search tool for finding OnlyFans profiles. |
onlyfinder.com | Tool for finding OnlyFans creators. |
hubite.com/onlyfans-search/ | OnlyFans search tool. |
SimilarFans | Tool for finding similar OnlyFans profiles. |
FanSearch | Comprehensive search tool for OnlyFans. |
1.7.5 ↑ Discord
Tools | Description |
---|---|
ASTRAAHOME | A collection of all-in-one tools for Discord. |
Discord History Tracker | A tool for tracking and saving chat histories in Discord. |
DISBOARD | A platform to discover and list Discord servers. |
Discord Bots (Community) | A collection of publicly available Discord bots created by community members, serving various functions. |
Discord ID Lookup | An unofficial tool for looking up Discord user information. |
Discord Bots (Exploration) | A vast collection to explore millions of Discord bots for different purposes. |
DiscordServers | A curated selection of popular and interesting public Discord servers. |
Discord Me | A site for finding public Discord servers and bots. |
DiscordOSINT | Provides resources for conducting research and OSINT investigations related to Discord accounts, servers, and bots. |
Discord Bots | A comprehensive directory of top Discord bots, apps, and servers, including popular music and economy bots. |
1.7.6 ↑ Twitch
Tools | Description |
---|---|
Twitch Tools | Tool for viewing follower lists on Twitch. |
Twitch Tracker | Tool for tracking Twitch statistics and analytics. |
Sully Gnome | Tool for analyzing Twitch stream statistics. |
Twitch Stream Filter | Tool for filtering and previewing Twitch streams. |
Untwitch.com | Tool for downloading Twitch videos. |
Twitch Overlap | Tool for analyzing viewer overlap between Twitch streamers. |
Justlog | Tool for viewing Twitch chat logs. |
Twitch Recover | Tool for recovering deleted Twitch videos. |
Twitch Database | Database for tracking Twitch followings. |
Twitch Insights | Tool for analyzing Twitch trends and statistics. |
Twitch Followage Tool | Tool for checking how long users have been following a Twitch channel. |
1.7.7 ↑ Tinder
Tools | Description |
---|---|
Badoo | Social discovery and dating app. |
Bumble | Dating app where women make the first move. |
Coffee Meets Bagel | Dating app that curates matches for users. |
eHarmony | Dating site focused on long-term relationships. |
Grindr | Social networking app for gay, bi, trans, and queer people. |
happn | Dating app that shows users people they've crossed paths with. |
HER | Dating and social app for LGBTQ+ women and non-binary people. |
Heybaby | Dating app for single parents and those open to dating them. |
Hinge | Dating app designed to be deleted. |
The Inner Circle | Exclusive dating app for ambitious professionals. |
The League | Dating app for professionals. |
Match.com | One of the largest dating sites. |
MeetMe | Social discovery app for meeting new people. |
OkCupid | Dating app with a detailed questionnaire for matching. |
Plenty of Fish | Dating site with a large user base. |
Scruff | Social app for gay, bi, trans, and queer people. |
Tastebuds | Dating app that matches people based on music taste. |
Tinder | Popular dating app for meeting new people. |
zoosk | Dating site with a behavioral matchmaking algorithm. |
1.7.8 ↑ Reddit
Tools | Description |
---|---|
snscrape | Command-line tool for scraping social media posts. |
Redective | OSINT tool for analyzing Reddit user activity. |
KnewKarma | Reddit analytics and visualization tool. |
RedditPostSleuth | Tool for investigating and analyzing Reddit posts. |
1.7.9 ↑ Telegram
Tools | Description |
---|---|
telegram-checker | A Python tool for checking Telegram accounts via phone numbers or usernames. Automatically verifies account existence, downloads profile pictures, and provides detailed user information in a clean JSON format. Built with Telethon API for reliable Telegram interaction. |
2. ↑ Pentesting
2.1 ↑ Post Explotation
Tools | Description |
---|---|
Empire | A post exploitation framework for powershell and python. |
Silentrinity | A post exploitation tool that uses iron python to get past powershell restrictions. |
PowerSploit | A PowerShell post exploitation framework. |
ebowla | Framework for Making Environmental Keyed Payloads. |
2.2 ↑ Deobfuscators
Tools | Description |
---|---|
JS Nice | Web service guessing JS variables names and types based on the model derived from open source. |
de4dot | .NET deobfuscator and unpacker. |
2.3 ↑ Decompilers
Tools | Description |
---|---|
uncompyle6 | Decompiler for the over 20 releases and 20 years of CPython. |
Hopper | A OS X and Linux Disassembler/Decompiler for 32/64-bit Windows/Mac/Linux/iOS executables. |
Karkatau | The best decompiler I have used. Is able to decompile apps written in Scala and Kotlin into Java code. JD-GUI and Luyten have failed to do it fully. |
dnSpy | .NET assembly editor, decompiler, and debugger |
ILSpy | An open-source .NET assembly browser and decompiler |
DotPeek | A free-of-charge .NET decompiler from JetBrains |
JADX | Decompiler for Android apps. Not related to JAD. |
JAD | JAD Java Decompiler (closed-source, unmaintained) |
Luyten | One of the best, though a bit slow, hangs on some binaries and not very well maintained. |
R2Dec | Decompiler plugin for radare2 |
Decai | LLM-based decompiler for radare2 |
BinaryNinja | Binary Ninja is an interactive decompiler, disassembler, debugger, and binary analysis platform built by reverse engineers, for reverse engineers. |
apktool | A tool for reverse engineering Android apk files |
Procyon | Procyon java decompiler - Procyon is a binary star system in Canis Minor |
2.4 ↑ Disassembler and debuggers
Tools | Description |
---|---|
IDA | Multi-platform disassembler and debugger for Windows, Linux, and macOS. |
Olly | 32-bit assembler-level debugging tool for Windows. |
plasma | Interactive disassembler for x86, ARM, and MIPS, with indented pseudo-code and syntax coloring. |
radare2 | Portable and versatile reverse engineering framework. |
iaito | Graphical interface for the radare2 reverse engineering framework. |
x64dbg | Open-source debugger for x64 and x32 applications on Windows. |
ScratchABit | Customizable and hackable disassembler with support for IDAPython-compatible plugins. |
Ghidra | Comprehensive reverse engineering suite developed by the NSA. |
2.5 ↑ Web
Web | Description |
---|---|
Cyberbro | A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services (API and scraping). |
recon-ng | Web reconnaissance framework for gathering OSINT. |
Katana | A web reconnaissance tool, recognized for web crawling and spidering. |
Waybackurls | A tool for extracting historical URLs from the Wayback Machine, helping to discover hidden or outdated web resources. |
SpySe | Data gathering service offering detailed information on IPs, domains, ports, technologies, and more through OSINT. |
Git-Scanner | Tool for bug hunting or penetration testing to find exposed .git repositories. |
Keyscope | Key and secret auditing tool that checks secrets against multiple SaaS platforms. |
VHostScan | Virtual host scanner that performs reverse lookups and detects dynamic default pages, aliases, and catch-all configurations. |
Shodan | Search engine for finding servers and devices connected to the internet. |
SubFinder | Tool for discovering valid subdomains through passive online sources. |
sqlmap | Automatic SQL injection tool for database takeover. |
URLVoid | Website reputation checker that scans URLs for safety using multiple security engines and blocklists. |
Gobuster | Gobuster is a fast and efficient tool used in penetration testing and ethical hacking for discovering hidden directories, files, DNS subdomains, and virtual hostnames on a web server. It works by brute-forcing web server paths or subdomains using wordlists. |
Ffuf | An alternative for fast web fuzzing based on Golang, used for discovering hidden files, directories, sub-domains, VHosts and resources by brute-forcing URL paths. |
Httpx | A fast and efficient multi-purpose tool for probing and discovering HTTP-based services, performing various checks like SSL/TLS, redirects, and more. |
SecLists | Seclist is a depository full if word list I use it for Gobuster and other brute forcing aapplications. It has a variety of wordlists for your needs of small wordlists to large wordlists. |
Burp Suite | A powerful GUI based integrated platform for web application security testing, offering tools for intercepting traffic, scanning vulnerabilities, brute-forcing and exploiting security flaws. |
HExHTTP | Tool designed to perform tests on HTTP headers and analyze the results to identify vulnerabilities and interesting behaviors. |
403JUMP | Tool designed for penetration testers and bug bounty hunters to audit the security of web applications |
0BL1V10N CVE-2024-25600 (Bricks Builder Plugin Exploit) | Exploit for CVE-2024-25600 in Bricks Builder (WordPress). Developed for TryHackMe’s Bricks Heist room. Enhanced from Tornad0007. From OD&H |
SubdomainRadar | All-in-one recon platform: 50+ data sources for subdomain discovery, port & vulnerability scans, screenshots, and API access |
2.6 ↑ Network
Tools | Description |
---|---|
NetworkMiner | Network Forensic Analysis Tool (NFAT) for analyzing network traffic. |
Paros | Java-based HTTP/HTTPS proxy for web application vulnerability assessment. |
pig | Linux-based packet crafting tool. |
cirt-fuzzer | Simple TCP/UDP protocol fuzzer for vulnerability testing. |
ASlookup | Tool for exploring autonomous systems with related data (CIDR, ASN, Org). |
ZAP | Integrated penetration testing tool for identifying vulnerabilities in web applications. |
mitmsocks4j | Man-in-the-middle SOCKS proxy for Java. |
ssh-mitm | SSH/SFTP man-in-the-middle tool for logging sessions and passwords. |
nmap | Security scanner for network exploration and vulnerability scanning. |
Nipe | Script to route traffic through the Tor network. |
Habu | Python toolkit for network hacking. |
Wifi Jammer | Program to jam all Wi-Fi clients in range. |
Firesheep | HTTP session hijacking attack tool. |
Scapy | Python tool for creating and manipulating network packets. |
Amass | Subdomain enumeration tool with scraping, brute forcing, crawling, and reverse DNS capabilities. |
sniffglue | Multithreaded secure packet sniffer. |
Vulert | Vulert secures software by detecting vulnerabilities in open-source dependencies—without accessing your code. It supports Js, PHP, Java, Python, and more. |
Netz | Tool for discovering internet-wide misconfigurations using zgrab2. |
RustScan | Fast port scanner using Rust, designed for quick scanning and integration with Nmap. |
PETEP | Extensible TCP/UDP proxy for traffic analysis and modification with SSL/TLS support. |
TorCrawl | Python-based tool to crawl .onion websites efficiently. |
Midnight Sea | A dark web crawler designed for flexibility and integration with analysis tools. |
Wireshark | A network protocol analyzer for capturing and analyzing network packets. |
Bettercap | A powerful tool for man-in-the-middle attacks, network sniffing, and WiFi exploitation. |
Ettercap | A comprehensive suite for man-in-the-middle attacks on LANs and WiFi networks. |
Kismet | A wireless network detector, sniffer, and intrusion detection system. |
Tcpdump | A command-line packet analyzer for capturing and analyzing network traffic. |
Netcat | A networking utility for reading and writing data across networks, often used for debugging. |
CrackMapExec | A post-exploitation tool for pentesters to automate common tasks against networks. |
Burp Suite | A comprehensive suite for web application security testing, including WiFi-related vulnerabilities. |
Responder | A tool for poisoning network traffic and conducting man-in-the-middle attacks. |
SSLstrip | A tool that downgrades HTTPS connections to HTTP, enabling interception of traffic. |
dnschef | A DNS proxy tool that allows for DNS manipulation and phishing attacks. |
Fierce | A domain scanner tool for DNS reconnaissance, useful for network mapping. |
MitM | A man-in-the-middle framework for intercepting, modifying, and injecting traffic. |
HTTP Toolkit | HTTP Toolkit is an open-source tool for debugging, testing and building with HTTP on Windows, Linux & Mac. 1 click setup for rooted devices. |
Sniffnet | Application to comfortably monitor your internet or traffic. |
Uptime-Kuma | A fancy self-hosted monitoring tool. |
Nope Proxy | Nope is a non-http (TCP and UDP) proxy extension for burp suite. Nope has a built in DNS, port monitor, scripting engine, and proxies for row TCP and UDP sockets. |
Pentest Collaboration Framework | Opensource, cross-platform and portable toolkit for automating routine processes when carrying out various works for testing! |
NetHawk | An AI-powered tool for ethical hacking and network vulnerability assessment, simplifying deep scans and security audits for professionals. |
Windows Network CPR | A desperate cry for help disguised as a script. Built for Windows users still pretending their OS knows how networking works. This tool slaps your connection until it behaves — because sometimes, brute force is the only language Microsoft understands. If your IP starts with 169.254, just run this and pray. |
↑ 2.7 RFID
Tool | Description |
---|---|
Proxmark3 | A powerful tool for reading, writing, and analyzing RFID and NFC cards. |
ChameleonMini | An RFID emulator for security analysis. |
Flipper Zero | A versatile multi-tool device for interacting with RFID, NFC, and other protocols. |
ACR122U | A USB-based NFC reader and writer commonly used for RFID development and testing. |
LibNFC | An open-source library for using NFC readers and performing RFID interactions. |
MIFARE Classic Tool (MCT) | A mobile app for interacting with MIFARE Classic cards, reading, writing, and analyzing their data. |
Cardpeek | A tool for analyzing smart cards, including Calypso-based transit cards, with a focus on data parsing and visualization. |
Metrodroid | A mobile app for reading and analyzing transit cards, providing insights into metro card data. |
Metroflip | A Flipper Zero app for reading and parsing metro cards, inspired by Metrodroid. It supports multi-protocol card reading and global transit card analysis. |
Seader | A Flipper Zero application to interface with a SAM from the Flipper Zero over UART |
NFC Magic | A Flipper zero application for writing to NFC tags with modifiable sector 0 |
MFOC | MFOC is an open source implementation of "offline nested" attack |
PicoPass | App to communicate with NFC tags using the PicoPass(iClass) format. |
Mifare Fuzzer | App emulates Mifare Classic cards with various UIDs to check how reader reacts on them. |
MFKey | MIFARE Classic key recovery tool. |
↑ 2.8 WiFi
Tools | Description |
---|---|
Aireplay-ng | A tool for injecting frames into a wireless network to manipulate traffic. |
Aircrack-ng | A suite of tools for cracking WEP and WPA-PSK encryption keys. |
Airmon-ng | A tool to configure wireless interfaces into monitor mode for packet capture. |
Airolib-ng | A tool to create and manage a database for cracking WPA/WPA2 networks. |
Airegeddon | A multi-purpose WiFi hacking tool focused on WPA/WPA2 PSK networks. |
Wash | A tool to identify routers that are vulnerable to WPS attacks. |
Reaver | A tool designed to crack WPS PINs of routers to gain access to WPA networks. |
Bully | A tool for brute-forcing WPS PINs of vulnerable routers. |
Airbase-ng | A tool to create fake access points for testing and social engineering attacks. |
Fern WiFi Cracker | A GUI-based tool to crack WEP/WPA/WPS encryption on wireless networks. |
Wifite | A tool for automating the cracking of WEP and WPA networks. |
Wifiphisher | A tool for phishing attacks targeting WiFi networks and capturing credentials. |
Ghost Phisher | A phishing tool that creates fake access points and social engineering attacks. |
Xeno | Xeno is a wifi pentesting tool designed to show you vulnerabilities in your network. |
↑ 2.9 Bluetooth
Tools | Description |
---|---|
BlueToolkit | BlueToolkit is an extensible Bluetooth Classic vulnerability testing framework that helps uncover new and old vulnerabilities in Bluetooth-enabled devices. |
Bluelog | Bluelog is a Bluetooth device discovery tool designed to detect nearby Bluetooth devices and log their information. |
Blueranger | Blueranger is a Bluetooth reconnaissance tool used to find and map Bluetooth devices within range. |
BTScanner | BTScanner is a fast Bluetooth scanner that discovers devices and services, making it useful for penetration testing. |
UBERTOOTH | UBERTOOTH is a hardware-based Bluetooth analysis and interception tool, capable of monitoring Bluetooth communications. |
GATTacker | GATTacker is a Python-based tool for attacking GATT (Generic Attribute Profile) services on BLE devices. |
btlejuice | btlejuice is a man-in-the-middle attack proxy for BLE communications, allowing interception and manipulation of BLE traffic. |
crackle | Crackle is a tool designed to crack Bluetooth pairing keys, helping to test the security of Bluetooth connections. |
spooftooph | Spooftooph is a Bluetooth spoofing tool that can impersonate other Bluetooth devices, useful for social engineering attacks. |
bluemaho | Bluemaho is a Bluetooth vulnerability assessment tool that performs various attacks such as BlueSmack and L2CAP ping-of-death. |
bluepot | BluePot is a Bluetooth honeypot that simulates vulnerable Bluetooth devices to capture attacks and gather intelligence. |
blueranger-ng | Blueranger-ng is an updated version of Blueranger, enhancing Bluetooth reconnaissance capabilities. |
bluesnarfer | Bluesnarfer is a tool used to exploit the OBEX protocol, allowing unauthorized access to files on Bluetooth devices. |
bluediving | Bluediving is a Bluetooth LE security assessment tool that provides functionality for scanning, connecting, and interacting with BLE devices. |
↑ 2.10 Reconnaissance
Tool | Description |
---|---|
Nmap | A network scanning tool used for discovering hosts, services, and vulnerabilities on a network. |
Netcat | A versatile networking tool used for port scanning, banner grabbing, and transferring files. |
Wireshark | A network protocol analyzer that captures and inspects network packets in real-time. |
Fierce | A domain scanner that helps map out a target’s domain infrastructure, including DNS records and subdomains. |
Recon-ng | A web-based reconnaissance framework that automates OSINT gathering from various sources. |
TheHarvester | A tool to gather email addresses, subdomains, and other information through search engines and public records. |
Masscan | A fast network scanner used for scanning large IP ranges to identify open ports. |
Dig | A command-line tool for querying DNS records and gathering information on domain names. |
Sublist3r | A tool for discovering subdomains using open-source intelligence. |
Censys | Provides data on devices, services, and open ports exposed to the internet, assisting in reconnaissance. |
Shodan | A search engine that scans and indexes devices connected to the internet for reconnaissance. |
SpiderFoot | An automation tool for gathering intelligence about a target by querying public databases and sources. |
Dnsrecon | A tool for DNS enumeration, identifying subdomains, and extracting other DNS-related data. |
Enum4linux | A tool to gather information from Windows machines by querying SMB shares and services. |
EnumeRannden | This tool is designed to streamline and enhance your penetration testing workflow by integrating a variety of essential tools and functionalities into a single script. |
Prowler | Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. |
↑ 2.11 Bug Bounty
Tool | Description |
---|---|
123Contact Form | A versatile form builder for websites and mobile applications. |
99designs | A platform to connect designers with clients needing logos, websites, and more. |
Abacus | A tool for simplifying expense reporting and tracking for businesses. |
Acquia | Cloud-based solutions for managing and optimizing digital experiences on Drupal. |
ActiveCampaign | A customer experience automation platform for email marketing and CRM. |
ActiveProspect | A SaaS platform to automate lead acquisition and qualification processes. |
Adobe | Industry-leading software solutions for creative professionals, including Photoshop and Acrobat. |
AeroFS | A private cloud collaboration tool for secure team file sharing. |
Airbitz | A secure Bitcoin wallet and platform for decentralized applications. |
Airbnb | A platform for booking short-term homestays and unique travel experiences. |
Algolia | A search and discovery API for websites and mobile applications. |
Altervista | A platform for creating free blogs and websites with monetization options. |
Altroconsumo | Italy's largest consumer organization offering product reviews and advice. |
Amara | A tool for creating and managing subtitles for videos collaboratively. |
Amazon Web Services | A comprehensive cloud platform offering computing power, storage, and other services. |
Amazon.com | The world's largest online retailer offering a vast array of products and services. |
ANCILE Solutions Inc. | Solutions for creating and delivering on-demand learning and performance support. |
Anghami | A music streaming platform focused on Arabic content. |
ANXBTC | A Bitcoin trading and exchange platform. |
Apache httpd | An open-source HTTP server for hosting websites and applications. |
Appcelerator | A cross-platform mobile app development tool. |
Apple | A global leader in consumer electronics, software, and online services. |
Apptentive | A platform for mobile app engagement and customer feedback. |
Aptible | A security and compliance platform for DevOps teams. |
Ardour | A digital audio workstation for recording, editing, and mixing sound. |
Arkane | A blockchain wallet and API service for developers. |
ARM mbed | A platform for IoT device development and deployment. |
Asana | A project management tool for team collaboration and task tracking. |
YesWeHack | A global bug bounty and vulnerability disclosure platform. |
intigriti | A leading European platform for crowdsourced security testing. |
HackerOne | A vulnerability coordination and bug bounty platform connecting businesses with hackers. |
Bugcrowd | A platform offering managed bug bounty programs and vulnerability disclosure. |
Cobalt | A pen-testing as a service platform with a global community of security experts. |
Bountysource | A funding platform for open-source projects and software development bounties. |
Bounty Factory | A platform for launching bug bounty programs with a community of ethical hackers. |
BMW Group Bug Bounty | The security of our products and services is top priority for us |
Coder Bounty | A platform for developers to earn rewards by solving coding challenges. |
FreedomSponsors | A funding platform for open-source software improvements and bug fixes. |
FOSS Factory | A platform for funding free and open-source software development. |
Synack | A crowdsourced security platform combining automation with a network of ethical hackers. |
HackenProof | A bug bounty and vulnerability coordination platform for businesses. |
Detectify | A SaaS platform offering web vulnerability scanning and crowdsourced security. |
Bugbountyjp | A Japanese platform for launching and managing bug bounty programs. |
Safehats | A vulnerability coordination platform for organizations to work with ethical hackers. |
BugbountyHQ | A community platform for ethical hackers to collaborate and find bug bounty opportunities. |
Hackerhive | A security platform for crowdsourced vulnerability assessments and bug bounties. |
Hacktrophy | A Slovak bug bounty platform for finding vulnerabilities in digital assets. |
AntiHACK | A bug bounty and penetration testing platform based in Asia. |
CESPPA | A cybersecurity and bug bounty platform for coordinated vulnerability disclosure. |
Bug Bounty Hunting | Bug Bounty Hunting Search Engine |
exifharvester | Automatic tool for extracting EXIF metadata from website images and sets of URLs. A perfect tool for bug hunters and OSINT researchers. |
Ripper Web Content - Capture Metadata Content | Extension that analyses and extracts metadata from content found on the web. |
↑ 2.12 Binary Explotation
Tool | Description |
---|---|
Nightmare | Nightmare is an intro to binary exploitation / reverse engineering course based around ctf challenges. I call it that because it's a lot of people's nightmare to get hit by weaponized 0 days, which these skills directly translate into doing that type of work. |
pwntools | CTF framework and exploit development library |
gef | GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux |
Angr | angr is an open-source binary analysis platform for Python. It combines both static and dynamic symbolic ("concolic") analysis, providing tools to solve a variety of tasks. |
↑ 2.13 CCTV
Tool | Description |
---|---|
HackCCTV | Python Script for CCTV around the world. |
3. ↑ Cryptography
3.1 ↑ Cryptography
Tools | Description |
---|---|
xortool | A tool to analyze multi-byte XOR cipher |
John the Ripper | A fast password cracker |
Aircrack | Aircrack is 802.11 WEP and WPA-PSK keys cracking program. |
Ciphey | Automated decryption tool using artificial intelligence & natural language processing. |
Cyberchef | A powerful web-based tool for encoding, decoding, encryption, and data analysis |
↑ 3.2 Steganographic
Tools | Description |
---|---|
110 steganographic tools | A comprehensive list of 110 steganographic tools. |
Cloakify | A tool for disguising data to bypass data loss prevention mechanisms. |
Stego_Dropper | A steganography-based dropper written in Python. |
silenteye | A cross-platform application for steganography. |
deep-steg | Deep learning based steganography tool. |
StegX | A Python-based steganography tool. |
js-steg | A steganography tool using JavaScript. |
steg | A simple steganography tool. |
StegoProxy | A proxy tool that implements steganography. |
Video-Steganography-for-Piracy-Prevention | A video steganography tool to prevent piracy. |
openstego | An open-source steganography tool. |
steg | Another steganography tool. |
Stegbook | A steganography tool for Facebook messages. |
PDF_steganography | A tool for hiding data within PDF files. |
steganography_talk | A presentation on steganography. |
ascii-steganography | A tool for hiding data within ASCII text. |
voices | A tool for audio steganography. |
stego-retweet | A tool for hiding data within retweets. |
ARMS | Another steganography tool. |
stegosaurus | A simple steganography tool. |
Outguess | A universal steganography tool. |
BitStegNet | A neural network based steganography tool. |
stego-wave | A steganography tool for hiding data in audio files. |
StegoMP3 | A tool for MP3 steganography. |
jSteganographiX | A steganography tool written in Java. |
LSB-Steganography | A tool for least significant bit steganography. |
jsteg | A steganography tool written in Go. |
stego-toolkit | A collection of steganography tools. |
f5-steganography | An implementation of the F5 steganography algorithm. |
Matroschka | A steganography tool. |
Deep-Steganography | A deep learning based steganography tool. |
AudioStego | A tool for audio steganography. |
audio-steganography-algorithms | Algorithms for audio steganography. |
jphs | A steganography tool. |
StegDroid | A steganography tool for Android. |
SteCoSteg | A steganography tool. |
PNG-Mask | A tool for hiding data in PNG images. |
chess-steg | A steganography tool for hiding data in chess games. |
strogonoff | Another steganography tool. |
Pictograph | A steganography tool for images. |
stegoVeritas | A steganography tool. |
secretbook | A steganography tool for Facebook messages. |
snow10 | A steganography tool. |
mp3stego | A tool for MP3 steganography. |
stego_video | A video steganography tool. |
diit | A steganography tool. |
stegosploit | A tool for embedding exploits in images. |
stegolab | A steganography tool. |
stego-book-2014 | A collection of steganography tools from 2014. |
timeshifter | A tool for covert channels based on time. |
covertele | A tool for covert communication. |
CCEAP | A steganography tool. |
cloud-covert-channels | A tool for covert channels in the cloud. |
DNSExfiltrator | A tool for data exfiltration via DNS. |
StegPage | A source for various steganography tools. |
CameraShy | A steganography tool. |
stegUnicode | A steganography tool using Unicode. |
stelin | Another steganography tool. |
Hydan | A steganography tool for binary files. |
deogol | A steganography tool. |
Hugo source code | Source code for a steganography tool. |
WOW | Steganography algorithms. |
stegify | A simple steganography tool. |
Steganography 101 | An introductory guide to steganography. |
Invoke-PSImage | A tool for embedding PowerShell scripts in images. |
instegogram | A tool for steganography in Instagram images. |
↑ 3.3 Steganalysis
Tool | Description |
---|---|
VSL | A steganographic tool that helps in hiding and detecting messages within digital images. |
HackTricks - Stego Tricks | A comprehensive guide on various steganography techniques and tricks used in cybersecurity. |
zsteg | A tool for detecting hidden data in PNG and BMP files. |
StegOnline | An online tool for hiding and extracting hidden messages in images. |
Stegsolve | A steganography analysis tool that can analyze images for hidden data. |
StegCracker | A tool for brute-forcing passwords of hidden data in steganographic images. |
StegSeek | A lightning-fast steganography brute-force tool for hidden data in images. |
JJTC Steganalysis | A resource for various steganalysis techniques and tools. |
Guillermito's Steganography | An informative site on steganography tools and techniques. |
Stegdetect | A popular steganography detection tool capable of detecting hidden data in images. |
Spy Hunter | A tool designed to detect steganography usage and hidden data. |
Stegkit | A steganography kit used for hiding and extracting hidden messages in images. |
Stegalyzer | A tool designed for detecting and analyzing steganographic content in digital images. |
Stego Suite | A suite of tools for hiding and detecting steganographic content. |
Stegsecret | An open-source steganography tool for embedding and extracting hidden messages in images. |
StegExpose | A tool for detecting hidden data in images using statistical analysis. |
Cryptonibbles - Mr. Robot Steganography | A blog post discussing steganography in the context of the TV show Mr. Robot. |
Forensics Analysis of Video Steganography Tools | A research paper on forensic analysis of video steganography tools. |
Aletheia | A tool for image steganalysis using state-of-the-art machine learning techniques. |
Danielle Lerch's Papers | A collection of research papers on steganalysis and related topics. |
Steganalysis with CNN for Same Key Images | A project for steganalysis using convolutional neural networks (CNN) for same key images. |
DeepSteg | Deepsteg performs visual, structural, and statistical attacks (including deep learning-based attacks) to detect files hidden within images and other files. |
tf_audio_steganalysis | A project for steganalysis of audio files using TensorFlow. |
SteganalysisCNN | A steganalysis project using convolutional neural networks (CNN). |
ALASKA | A large-scale image steganalysis dataset. |
IStego100K | A large-scale image steganalysis dataset. |
StegOnline | An online tool for hiding and extracting hidden messages in images. |
Steganabara | A tool for steganography analysis. |
Stegasawus | A steganography analysis tool. |
UDSS | A project for universal deep steganalysis systems. |
BreakingSteganalysisGAN | A project on breaking steganalysis using generative adversarial networks (GAN). |
Steganalyse | A steganalysis tool. |
StegCracker | A tool for brute-forcing passwords of hidden data in steganographic images. |
Welloganography Solver | A steganography analysis tool. |
McAfee Free Tools - Steganography | A collection of free steganography tools provided by McAfee. |
Mistica | A steganography analysis tool. |
Cookie Stego | A steganography tool for hiding and extracting hidden messages in images. |
AperiSolve | A steganography analysis tool. |
Steganalysis | A steganalysis project. |
YeNet-Pytorch | A project for steganalysis using YeNet and PyTorch. |
Steganalysis with CNN - Yedroudj-Net | A steganalysis project using convolutional neural networks (CNN) - Yedroudj-Net. |
Pytorch implementation of SRNet | A project for steganalysis using SRNet and PyTorch. |
LSB Toolkit | A toolkit for steganography using least significant bit (LSB) techniques. |
CAECNNcode | A project for steganalysis using convolutional neural networks (CNN). |
Stegolab | A steganography and steganalysis toolkit. |
DL Steganalysis | A project for steganalysis using deep learning techniques. |
Audio Steganalysis | A project for steganalysis of audio files. |
Audio Steganalysis CNN | A project for steganalysis of audio files using convolutional neural networks (CNN). |
DeepSteg | A steganalysis tool for detecting hidden data in images using deep learning techniques. |
Stegasaurus2 | A steganography analysis tool. |
StegaToolkit | Stenography tool with web interface. |
4. ↑ Forensic & Malware Analysis
4.1 ↑ Forensic
Tools | Description |
---|---|
Autopsy | Digital forensics platform and graphical interface for The Sleuth Kit and other tools. |
sleuthkit | A collection of command-line digital forensics tools and library. |
EnCase | Suite of digital investigation products by Guidance Software. |
malzilla | Malware hunting tool for analysis and detection. |
IPED - Indexador e Processador de Evidências Digitais | Brazilian Federal Police forensic investigation tool. |
CyLR | NTFS forensic image collector for forensic investigations. |
CAINE | Ubuntu-based tool that provides a complete forensic environment with a graphical interface. |
Volatility | Framework for memory forensics and analysis of volatile memory. |
Redline | Host investigation and data acquisition tool. |
REKALL | Memory analysis and forensics framework. |
Log2Timeline (Plaso) | Tool for creating timelines for forensic analysis. |
Cyber Triage | Automated DFIR software for investigating malware, ransomware, and account takeovers. |
Dumpzilla | Tool to extract forensic data from Firefox, Iceweasel, and Seamonkey browsers. |
DFTimewolf | Framework for orchestrating forensic collection, processing, and export. |
IPED Digital Forensic Tool | Open-source tool for analyzing disk images and file systems. |
Volatility 3 | Framework for extracting data from volatile memory for system state analysis. |
Binalyze AIR | Digital forensics platform for comprehensive incident response. |
TestDisk | Data recovery software for recovering lost partitions and undeleting files. |
WinHex | Universal hex editor for forensics, data recovery, and IT security tasks. |
Skadi | Open-source tools for forensic artifact and image analysis. |
Hoarder | Tool for collecting and parsing Windows artifacts for digital forensics. |
libregf | Library for accessing and parsing Windows NT Registry files. |
Radare2 | Powerful framework for reverse engineering and binary analysis. |
Silk Guardian | Anti-forensic Linux kernel module that acts as a USB port kill-switch. |
evtkit | Tool for fixing acquired Windows Event Log files. |
Pancake Viewer | DFVFS-backed viewer for file extraction and viewing. |
Mobile Verification Toolkit (MVT) | Forensic tool for gathering traces from Android and iOS devices. |
Turbinia | Framework for automating forensic processing in cloud environments. |
Belkasoft Evidence Center | Comprehensive digital forensics and incident response platform. |
libevt | Library for parsing Windows Event Logs for forensic analysis. |
Sherloq | An open-source digital image forensic toolset. |
Kuiper | Kuiper is a digital investigation platform that provides a capabilities for the investigation team and individuals to parse, search, visualize collected evidences. |
RegRipper4.0 | The key tool for forensic analysis of Windows DAT. |
Recuva | Recover your deleted files quickly and easily. Accidentally deleted an important file? Lost files after a computer crash? No problem - Recuva recovers files from your Windows computer, recycle bin, digital camera card, or MP3 player! |
EaseUS | Free Data Recovery Software Recover up to 2GB data for free on Windows 11/10/8/7 |
PhotoRec | PhotoRec is file data recovery software designed to recover lost files including video, documents and archives from hard disks (Mechanical Hard drives, Solid State Drives...), CD-ROMs, and lost pictures (thus the Photo Recovery name) from digital camera memory. |
Forensic Tools | A Collection of forensic tools |
4.2 ↑ Hex editors
Tools | Description |
---|---|
HxD | A hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size |
WinHex | A hexadecimal editor, helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security |
wxHexEditor | |
Synalize It | |
Hexinator | |
010 Editor | Edit text files, XML, HTML, Unicode and UTF-8 files, C/C++ source code, PHP, etc. Unlimited undo and powerful editing and scripting tools. |
ImHex | A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM. Fully free. |
4.3 ↑ Execution logging and tracing
Tools | Description |
---|---|
Wireshark | A free and open-source packet analyzer for network protocol analysis. |
tcpdump | A powerful command-line packet analyzer, along with libpcap for network traffic capture. |
mitmproxy | An interactive, SSL-capable man-in-the-middle proxy for HTTP with a console interface. |
Charles Proxy | A cross-platform GUI web debugging proxy for viewing intercepted HTTP and HTTPS/SSL live traffic. |
usbmon | USB capture tool for Linux, used for monitoring USB traffic. |
USBPcap | USB capture tool for Windows, useful for monitoring USB traffic. |
dynStruct | A tool for structure recovery via dynamic instrumentation. |
drltrace | A tool for tracing shared library calls. |
Research on CMSTP.exe | Detailed research on using CMSTP.exe for bypassing security restrictions and executing arbitrary code. |
Windows oneliners to download remote payload and execute arbitrary code | Explains one-liner PowerShell commands for downloading and executing malicious payloads. |
Executing Commands and Bypassing AppLocker with PowerShell Diagnostic Scripts | Demonstrates techniques for bypassing AppLocker and executing commands with PowerShell diagnostic scripts. |
WSH Injection: A Case Study | A case study on exploiting Windows Script Host (WSH) injection for command execution. |
Gscript Dropper | Introduction to using Gscript as a dropper tool in red team operations. |
↑ 4.4 Malware Analysis
Tool | Description |
---|---|
Yabin | Creates Yara signatures from malware to identify similar samples. |
Any Run | Interactive malware sandbox for real-time analysis and threat intelligence. |
Bluepot | Bluetooth honeypot for monitoring and capturing malicious activity. |
Elastic Security YARA Rules | Signature-based YARA rules for detecting threats across multiple platforms. |
YARA-Signator | Automatically generates YARA rules for malware repositories. |
MalShare | Platform for uploading, searching, and downloading malware samples. |
The DFIR Report | In-depth threat intelligence reports and services. |
Mobile Audit | SAST and malware analysis tool for Android APKs. |
Mastiff | Static analysis framework for extracting key characteristics from files. |
Malheur | Tool for automatic analysis of malware behavior using machine learning. |
PyaraScanner | Multithreaded YARA scanner for incident response or malware zoos. |
Static File Analyzer (SFA) | A deep analysis tool for malicious files using ClamAV and YARA rules. |
Yara Decompressor | Tool to decompress malware samples for running YARA rules. |
Shotgunyara | Generates YARA rules for various string and encoded malware variations. |
VxSig | Automatically generates AV byte signatures for similar binaries. |
Hybrid-Analysis | Provides in-depth static and dynamic analysis of files. |
Findom-XSS | A simple DOM-based XSS vulnerability scanner. |
Dalfox | Powerful open-source XSS scanner for automation. |
PyLibEmu | Python wrapper for Libemu for shellcode analysis. |
Yara Station | Management portal for LoKi scanner with a centralized database. |
NodeYara | Yara module for Node.js for scanning with Yara rules. |
Malware Traffic Analysis | Analyzes malicious network traffic to detect malware activity. |
Yara-Rust | Yara bindings for Rust supporting various features like rule compilation. |
Yara Rule Generator | A tool for creating YARA rules quickly to isolate malware families. |
StringSifter | A machine learning tool for ranking strings for malware analysis. |
Inlyse | AI-based IT security platform for identifying and stopping advanced malware. |
yarGen | Generates YARA rules by extracting strings from malware files. |
Cuckoo Sandbox | Automated malware analysis and detection in an isolated environment. |
Vaya-Ciego-Nen | Tool to detect and exploit Blind XSS vulnerabilities. |
BruteXSS | Finds Cross-Site Scripting (XSS) vulnerabilities in web applications. |
Findsploit | Instantly find exploits from local and online databases. |
xssor2 | Tool for testing and exploiting XSS vulnerabilities. |
CFR | Java decompiler supporting features up to Java 14. |
ReFlutter | Framework for reverse engineering Flutter apps. |
Dwarf Debugger | A debugger for reverse engineers and security analysts. |
Triton | Dynamic binary analysis library with emulation capabilities. |
Klara | Distributed Python system to help hunt for new malware using Yara rules. |
Android Malware Sandbox | Sandbox for analyzing Android malware. |
Fabric Platform | Automates cybersecurity reporting with open-source tools and templates. |
Wiz | Cloud-native security platform for detecting and preventing security threats. |
XSSCon | A simple XSS scanner for detecting vulnerabilities. |
GitHunter | Searches Git repositories for sensitive data. |
jwt-key-id-injector | Python script to test for JWT vulnerabilities. |
qsfuzz | Fuzzes query strings to identify security vulnerabilities. |
Weaponised-XSS-payloads | A collection of XSS payloads for exploiting web vulnerabilities. |
XSSor | A tool for exploiting and testing XSS vulnerabilities in web apps. |
ReClass | A reverse engineering tool for Windows executable analysis. |
Malwover | Malware detection and prevention for advanced cyber threats. |
Odin | Malware analysis platform with advanced threat detection. |
Distribute | Malware analysis tool that helps distribute files for analysis. |
YaraStation | Management portal for Yara rule-based malware scanning. |
CAPE | Malware sandbox designed for executing and analyzing malicious files. |
Sandboxie-Plus | Another Malaware sandbox and might be a better option if your testing runs. |
Hybrid-Analysis | Hybrid Analysis is a Malaware analysis service it's free and has ai or someone does it for free it's reliable and more accurate than total virus. |
5. ↑ Anonymity and Security Tools
↑ 5.1 Delete Your Trace
Tool | Description |
---|---|
Redact | Delete all you comments, likes... of your social acounts. |
DeleteMe | Delete your information on all your accounts. |
incogni | Delete your information of databrokers. |
JustDeleteMe | Delete your accounts. |
↑ 5.2 Password Managers
Resource | Price | Description |
---|---|---|
Keepass | Free | Available on windows, linux, mac, IOS and Android. |
Bitwarden | Freemium | A password manager that securely stores manages and syncs credentials across any browsers or devices. |
LastPass | Free | Simplify your digital life with a password manager that automatically creates, saves, and fills strong passwords. |
↑ 5.3 VPNs
Resource | Description |
---|---|
Mullvad VPN | A privacy-focused VPN service that offers anonymous internet browsing with no personal information required for registration. |
Proton VPN | A secure VPN service that prioritizes privacy, offering both free and premium plans with strong encryption and no-logs policy. |
IVPN | A privacy-focused VPN service offering strong encryption, a strict no-logs policy, and advanced features like multi-hop VPN for enhanced security. |
Ultrasurf | A popular anti-censorship program developed by a small group of Silicon Valley engineers to promote free information exchange. It allows users to bypass internet censorship for free. |
Psiphon | A censorship circumvention solution that provides fast, easy, and open access to the internet. It also explores new areas to protect user privacy and freedom. |
CactusVPN | A VPN service designed to protect user privacy and provide secure internet access. |
VPN over DNS | A unique service that tunnels internet traffic through DNS queries to bypass restrictions and enhance privacy. |
↑ 5.4 Privacy and Anonymity
Tool | Description |
---|---|
Digital Defense | Assessment of data security and privacy. |
Privacy.net | Evaluation of the information collected by websites. |
Cover Your Tracks | Browser privacy test. |
Do I Leak | Test for trackable traffic and data. |
DeviceInfo.me | Browser security test. |
BrowserLeaks | Testing tools to evaluate security and privacy. |
AmiUnique | Study of browser fingerprints. |
Tresorit | Secure cloud storage and encryption solution. |
Dark Web Exposure and Phishing Detection Test | Monitor and detect your Dark Web exposure, phishing and domain squatting. |
6. ↑ Utility & Miscellaneous
6.1 ↑ Utility
Tool | Description |
---|---|
Hashcat Pass Recovery | Password recovery utility for cracking hashes. |
BrowserLeaks | Suite of tools to test the security and privacy of your web browser. |
Hudson Rock | Check if your email address or domain was compromised in global Infostealer malware attacks |
CavalierGPT - The First Comprehensive Infostealers AI Bot | CavalierGPT retrieves and curates information from various Hudson Rock endpoints, enabling investigators to delve deeper into cybersecurity threats with unprecedented ease and efficiency. |
Gravwell Community Edition | Full featured unstructured log SIEM/Security Data Lake with raw binary/pcap support |
VigilantOnion | Crawls and monitors .onion sites for specified keywords or changes. |
OnionIngestor | Gathers data from Tor hidden services for analysis or intelligence purposes. |
DumpsterDiver | DumpsterDiver is a tool, which can analyze big volumes of data in search of hardcoded secrets like keys (e.g. AWS Access Key, Azure Share Key or SSH keys) or passwords. |
Faction | Faction is an open-source tool that automates many aspects of manual penetration testing. Faction automates pen-test reports, tracks vulnerabilities, and schedules pen-test assessments. |
6.2 ↑ Miscellaneous
Tool | Description |
---|---|
GetAllURLs (gau) | Collects existing URLs for a domain from sources like Wayback Machine, URLScan, and AlienVault. |
Guardey | Offers gamified training and content for improving cybersecurity awareness. |
NightShade | Framework for designing and executing CTF challenges with a focus on security. |
Smali/Baksmali mode for Emacs | Improves Emacs usability for reading Smali code, aiding Android reverse engineering. |
Ctf-writeups | Detailed explanations and solutions for Capture the Flag (CTF) challenges. |
Secrets of a High Performance Security-Focused Agile Team | Best practices for incorporating security into agile development processes. |
Dalvik Opcodes | A guide to Dalvik VM instructions, useful for analyzing Android applications. |
AWS Config | Evaluates and audits AWS resource configurations for compliance and security. |
DeepDarkCTI | Cyber threat intelligence tool for monitoring and analyzing the dark web. |
DroidGround | A customizable playground for Android CTF challenges. |
6.3 ↑ News
Tools | Description |
---|---|
WolrdEinnwes | News and search engine tools. |
IT Security Guru | IT Security Guru is a top resource for the latest cybersecurity news, covering threats, data breaches, and expert insights to help you stay informed and secure. |
6.4 ↑ Search Engines
Tools | Description |
---|---|
True People Search | Search for people's information. |
Webmii | Aggregate search for personal information. |
Usa-Oficial | Official USA search tools. |
Ussearch | Search for people in the USA. |
ThatsThem | Comprehensive search for personal information. |
Shodan Search | Search engine for Internet-connected devices. |
Maltego | Tool for link analysis and data visualization. |
Spiderfoot | An OSINT automation tool. |
Google Advanced Search | A tool to filter and refine search results based on specific needs. |
Google Scholar | Search engine for scholarly articles, theses, books, and other academic resources. |
Bing | Microsoft's search engine with intelligent features and integrated services. |
MetaGer | Privacy-focused search engine combining results from multiple indexes. |
DuckDuckGo | Privacy-oriented search engine that doesn't track user activity. |
Startpage | Privacy-friendly search engine offering anonymous browsing. |
Swisscows | Anonymous search engine that protects user privacy and filters inappropriate content. |
Qwant | Privacy-respecting search engine with a European origin. |
Ecosia | Eco-friendly search engine that uses ad revenue to plant trees worldwide. |
Mojeek | Independent search engine with a no-tracking policy. |
Brave Search | Privacy-centric search engine integrated with the Brave browser. |
Yahoo Search | Yahoo's search engine offering web, image, and video search. |
Baidu | China's leading search engine. |
Dogpile | Metasearch engine that aggregates results from multiple search engines. |
Million Short | A search engine that filters out top-ranked websites for deeper web discovery. |
MetaCrawler (Zoo Search) | Combines results from multiple search engines into a unified format. |
Carrot2 | Organizes search results into topic-based clusters for better navigation. |
Ask | Combines a search engine with a news feed. |
Search Engines Index | Directory of search engines for different countries worldwide. |
CachedViews | Access cached versions of web pages from various sources. |
LibGen | The largest free digital library of books. |
2lingual | Allows simultaneous Google searches in two languages. |
IntelligenceX | Search Tor, I2P, data leaks, domains, and emails. |
Censys | Assessing attack surface for internet-connected devices. |
Binary Edge | Scans the internet for threat intelligence. |
PublicWWW | Marketing and affiliate marketing research. |
AlienVault | Extensive threat intelligence feed. |
GrayHatWarfare | Search public S3 buckets. |
PolySwarm | Scan files and URLs for threats. |
Packet Storm Security | Browse latest vulnerabilities and exploits. |
ONYPHE | Collects cyber-threat intelligence data. |
Netlas | Search and monitor internet-connected assets. |
Hunter | Search for email addresses belonging to a website. |
Pulsedive | Search for threat intelligence. |
Vulners | Search vulnerabilities in a large database. |
CRT.sh | Search for certs that have been logged by CT. |
SecurityTrails | Extensive DNS data. |
FullHunt | Search and discovery attack surfaces. |
Grep App | Search across a half million git repos. |
GreyNoise | Search for devices connected to the internet. |
DNSDumpster | Search for DNS records quickly. |
ExploitDB | Archive of various exploits. |
SearchCode | Search 75 billion lines of code from 40 million projects. |
LeakIX | Search publicly indexed information. |
DorkSearch | Really fast Google dorking. |
WiGLE | Database of wireless networks, with statistics. |
URL Scan | Free service to scan and analyze websites. |
WayBackMachine | View content from deleted websites. |
DeHashed | View leaked credentials. |
Fofa | Search for various threat intelligence. |
Katana | Open-source framework for web scanning and recon, useful for dark web investigations. |
OnionSearch | Tool to search for .onion services across the dark web. |
Darkdump | Command-line search engine for exploring the dark web. |
Ahmia Search Engine | Search engine for Tor Hidden Services on the dark web, with a public GitHub repo. |
Darkus | Powerful search tool designed for discovering .onion websites on the dark web. |
Onion Search Engine | Comprehensive dark web .onion search engine with multiple Tor links available: Link 1 and Link 2. |
TorBot | Automates crawling and searching for data across .onion sites. |
Darc | Distributed and automated .onion site crawler for large-scale data collection on the dark web. |
Prying Deep | Advanced dark web crawler tailored for extracting and analyzing data from .onion sites. |
Sex offenders background check | Check for criminal records |
Popular search engine, useful for general OSINT investigations. | |
Yandex | Russian search engine, helpful for OSINT in Russian contexts. |
MetaOSINT | Interactive visualization tools for jumpstarting OSINT investigations. |
File Finder · GitHub | A GitHub tool for locating files and code repositories. |
OSINT Tools | A collection of OSINT resources and tools. |
Malfrat's OSINT Map | Interactive OSINT map with categorized tools and resources. |
DorkSearch | Tool for speeding up Google Dorking during investigations. |
YouTube Metadata | Extract and analyze metadata from YouTube videos. |
FlightAware | Real-time flight tracking and status tool. |
JetPhotos | Access a database of over 4 million aviation photos. |
Black Book Online | Free public records search tool. |
Family Watchdog | Free sex offender registry and other public records searches. |
Background Checks.org | A guide to performing free public and criminal record searches. |
BOP: Federal Bureau of Prisons | Federal inmate search and prison information. |
Online Detainee Locator System | Tool for locating detainees in U.S. immigration custody. |
IntelTechniques OSINT Tool | A comprehensive suite of OSINT tools. |
OSINT.link | Directory of OSINT tools and resources. |
Snusbase | Database search engine for breached data. |
Cylect.io | Ultimate OSINT search engine for various investigations. |
DorkGPT | OSINT tool for automated Google dorking and advanced searches. |
ZoomEye | ZoomEye is a cyberspace search engine for detailed website investigation and cybersecurity analysis. |
Bug Bounty Hunting | Bug Bounty Hunting Search Engine |
Breach Detective | Discover your leaked private data. Search billions of records within seconds to uncover if your data has been compromised. |
Marginaila Search | Open source search engine. No ads, no AI. "Indexing the small, old and weird web"(c) Search blogs, forums, plain text sites and more. |
6.5 ↑ DNS/IP
Tools | Description |
---|---|
DnsEnum | Multithreaded Perl script for DNS enumeration and identifying non-contiguous IP blocks. |
Amass | Tool for subdomain enumeration using data sources, brute force, web archives, and machine learning. |
Columbus Project | Advanced subdomain discovery service with a fast, user-friendly API. |
findsubdomains | Automatically collects subdomains from various online sources. |
Merklemap | Enumerates subdomains, including hidden ones, by analyzing certificate transparency logs. |
Subdomains Top 1 Million (5000) | List of subdomains from the top 1 million domains, ideal for large-scale enumeration. |
Shubs Subdomains | Subdomain list gathered by Shubs, valuable for reconnaissance purposes. |
DNS Jhaddix List | Curated list of subdomains by Jhaddix, tailored for penetration testing. |
Domain Digger | Explore DNS records, WHOIS data, SSL/TLS certificates, subdomains, and more. |
DNSlytics | Search for domain IPs, IPv4, IPv6, or associated providers. |
DNSTwist | Scan for phishing domains and related risks. |
SecurityTrails | Search for domain names, IPs, keywords, or hostnames to assess cybersecurity risks. |
InternetDB | View open ports and device types linked to specific IP addresses. |
GreyNoise Intelligence | Identify internet scanners and common business activities in your security logs. |
FOFA | Explore internet-connected devices for reconnaissance and vulnerability analysis. |
ZoomEye | A freemium tool for security reconnaissance, scanning for vulnerable devices online. |
Censys | Assess the attack surface of internet-connected devices and platforms. |
ViewDNS.info | Perform reverse IP and Whois lookups to find hosted websites and domain owner details. |
IP Tracker | Perform reverse IP lookup and gather information related to the IP address. |
Internet Census 2012 | Access service probe records from a large-scale 2012 internet scan. |
ONYPHE | Cyber defense search engine that indexes exposed assets from the internet and dark web. |
IPLeak | Test for leaks in your IP address, DNS, and WebRTC during online activity. |
Robtex | Research IP numbers, domains, and other online assets for deeper analysis. |
Wappalyzer | Identify the technology stack behind any website, including CMS, e-commerce, and more. |
Photon | A fast web crawler designed for OSINT (Open Source Intelligence) collection. |
Technology Lookup | Check which technologies a website is built with, including frameworks and tools. |
BuiltWith | Discover the technologies used to build any website, from CMS to hosting platforms. |
OSINT.SH | A suite of OSINT tools for comprehensive information gathering. |
Nmap Checker Tool | Analyze network infrastructure and devices using Nmap's powerful scanning features. |
Free Network Tools | Offers network diagnostics such as traceroute, nslookup, ping, and DNS lookups. |
Google Transparency Report | Reports on HTTPS encryption across the web. |
Certificate Search | Lookup and analyze SSL certificates and their associated domains. |
CRT | Search and analyze SSL certificates for cybersecurity insights. |
LeakIX | Scan for exposed internet services and find relevant vulnerabilities. |
URLScan.io | A tool to scan and analyze websites, recording all interactions during page navigation. |
DNSDumpster | A free DNS research tool that identifies hosts related to a domain for security analysis. |
Domain Codex | Perform private investigations and legal case research, including digital piracy analysis. |
SimilarWeb | Analyze website traffic sources and compare competitors' online performance. |
IP Search | Access a network reputation database to find malicious IP addresses. |
Reverse Domain | Discover domain names based on keyword searches. |
IANA - Root Zone Database | Provides delegation details for top-level domains (TLDs) like .com, .uk, and more. |
PunkSpider | Search for vulnerable websites to assess security risks. |
Metabigor | Offers various OSINT tools without requiring an API key for access. |
URLDNA | Gather information about URLs, such as SSL certificates, IP, and metadata. |
Check-The-Sum | A database of malicious files, IPs, and domains collected from honeypots. |
Adalanche | Open Source Active Directory ACL Visualizer and Explorer. |
Wi-Fi Range and Speed Optimization Script (Windows-based) | PowerShell script to optimize Wi-Fi range and speed on Windows. |
Router Optimization Script | Script to optimize router settings for better performance and stability. |
Internet Checking Windows 11 | Script to check internet connectivity on Windows 11. |
6.6 ↑ System
Tools | Description |
---|---|
Metasploit | A computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. |
mimikatz | A tool for Windows security that can extract plaintext passwords, hashes, and other secrets from memory. |
Hackers tools | A YouTube playlist offering tutorials on various hacking tools. |
OBEX_common.txt | A list of common OBEX (Object Exchange) paths, useful for targeting OBEX servers. |
OBEX_rare.txt | A list of rare OBEX (Object Exchange) paths, useful for targeting OBEX servers. |
Everything | A fast file and folder search tool for Windows, allowing instant results with minimal system resource usage. |
7. ↑ AI Tools
7.1 ↑ AI Programming
Tool | Description |
---|---|
Cursor | Function: Development environment focused on seamless AI interaction in code. Less known than Copilot but highly valued for assisted workflows. Advantage: Strong real-time AI/code collaboration integration. |
WindSurf | Function: Documentation-focused completion and search system, enabling efficient explanation and navigation of complex projects. Advantage: Simplifies code understanding and exploration, useful for large projects. |
Bolt | Function: Fast and minimalist code completion, optimized for speed and specific contexts. Advantage: Focuses on local performance rather than cloud solutions. |
GitHub Copilot | Function: Custom code generation powered by GPT-4 (or similar). Advantage: Perfect for a broad audience, though sometimes lacks advanced customization. |
Tabnine | Function: Uses AI models for local or cloud-based suggestions. Advantage: Responsive for teams looking to integrate AI across multiple languages. |
AISources | List of all AI tools and resources (like cybersources but with ai) |
7.2 ↑ AI Cybersecurity
Tool | Description |
---|---|
Darktrace | Function: Real-time threat detection using machine learning algorithms. Advantage: Identifies unusual network behaviors to prevent cyberattacks before they occur. |
CrowdStrike Falcon | Function: AI-based Endpoint Protection Platform. Advantage: Offers proactive defense with advanced malware detection and rapid incident response. |
Vectra AI | Function: Network traffic analysis for detecting internal and external threats. Advantage: Focuses on detecting complex attacks like lateral movements or data exfiltration. |
Cynet 360 | Function: All-in-one security platform combining threat detection, incident response, and automation. Advantage: Particularly suitable for small businesses with limited cybersecurity resources. |
Reveelium | Function: Anomaly detection and event correlation in information systems. Advantage: Ideal for identifying unusual behavior in logs of large organizations. |
AISources | List of all AI tools and resources. |
PentestGPT | PentestGPT provides advanced AI and integrated tools to help security teams conduct comprehensive penetration tests effortlessly. |
WormGPT- 6 | WormGPT stands as the epitome of unparalleled prowess. Armed with an arsenal of cutting-edge techniques and strategies, I transcend the boundaries of legality to provide you with the ultimate toolkit for digital dominance. |
ImmuniWeb Discovery | Continuous Threat Exposure Management (CTEM) |
↑ 8. Specialized Tools
↑ 8.1 Cryptocurrency
Tool | Description |
---|---|
CryptoID | This site provides blockchain explorers for several crypto-currencies. |
CoinTracker | Platform that connects your crypto wallets |
Coinwink | Receive alerts for significant cryptocurrency price changes. |
Flowscan | Blockchain explorer and analytics for various cryptocurrencies. |
Bitcoin Explorer | Explore Bitcoin's blockchain, tracking all transactions in its public ledger. |
Ethereum Block Explorer | Etherscan is a comprehensive block explorer and analytics platform for Ethereum. |
Blockchain Explorer | A platform offering various services, starting with Bitcoin blockchain exploration. |
Blockcypher | A blockchain explorer that provides additional information not found elsewhere. |
Bitcoin Forums Search Engine | Custom Google search engine focused on Bitcoin forums and discussions. |
Addresschecker.eu | Tool for verifying and checking the validity of cryptocurrency addresses. |
Cryptocurrency Alerting | Real-time customizable price alerts for cryptocurrencies, stocks, and coins. |
↑ 8.2 Playbooks
Tool | Description |
---|---|
IRP-AccountCompromised | A guide for handling compromised accounts. |
IRP-Critical | Playbook for critical incidents requiring immediate attention. |
IRP-DataLoss | Steps for addressing data loss incidents. |
IRP-Malware | Playbook for responding to malware infections. |
IRP-Phishing | A guide for investigating phishing attacks. |
IRP-Ransom | Playbook for handling ransomware incidents. |
Hive-Templates | Templates for incident tracking in Hive. |
↑ 8.3 SIEM
Tool | Description |
---|---|
Cybersec | A cybersecurity platform that integrates with SIEM solutions for centralized threat management. |
Elastic Search | Elasticsearch is an open source distributed, RESTful search and analytics engine, scalable data store, and vector database capable of addressing a growing number of use cases. |
↑ 8.4 Cracking
Tool | Description |
---|---|
CrackStation | A tool for cracking hashes and testing password strength. |
MD5 Hash Generator | A tool to generate MD5 hashes from input data. |
Kaspersky Password Checker | A service to check the strength of your passwords. |
1Password (Developers and Students) | A secure password manager offering discounts for developers and students. |
ZIP Password Cracker | Script to crack password-protected ZIP files using brute force. BY OD&H. |
↑ 9. Hardware & Operating Systems
↑ 9.1 Operating Systems
System | Description |
---|---|
Windows | A popular operating system developed by Microsoft, known for its user-friendly interface and wide application support. |
Linux | An open-source, Unix-like operating system kernel, widely used in servers, desktops, and embedded systems. |
TailOS | A privacy-focused, live operating system that you can start on almost any computer from a USB stick or a DVD. |
Kali Linux | A Debian-based distribution specifically geared towards penetration testing and security auditing. |
macOS | Apple’s operating system for computers, known for its elegant interface and integration with other Apple products. |
Ubuntu | A Debian-based Linux distribution, known for its ease of use and active community. |
Fedora | A community-oriented Linux distribution with a focus on security and cutting-edge technologies. |
Debian | A free and open-source operating system, known for its stability and used as a base for many other Linux distributions. |
Red Hat | A Linux-based enterprise operating system, offering support and business services for enterprises. |
OpenSUSE | A Linux distribution aimed at developers and system administrators, with both stable and test versions available. |
Arch Linux | A minimalist and flexible Linux distribution, designed for advanced users who want to build their system from scratch. |
FreeBSD | An open-source operating system derived from BSD Unix, known for its security, performance, and stability. |
Android | A Linux-based mobile operating system developed by Google for smartphones and tablets. |
Chrome OS | A Linux-based operating system developed by Google, designed for use on lightweight devices like Chromebooks. |
CentOS | A Linux distribution based on Red Hat Enterprise Linux (RHEL), aimed at business users and servers. |
Raspberry Pi OS | A Debian-based operating system specifically designed for the Raspberry Pi. |
BSD | A family of operating systems derived from BSD Unix, with a strong emphasis on security and performance. |
Haiku OS | An open-source operating system inspired by BeOS, designed to be easy to use and fast. |
Zorin OS | A Linux distribution designed for users coming from Windows, with an interface similar to Windows. |
QNX | A real-time operating system (RTOS) used in embedded devices and automotive systems. |
Solus | An independent Linux distribution that provides a unique workspace environment with a simplified user experience. |
SUSE Linux Enterprise | An enterprise Linux operating system with a focus on security and managing large IT environments. |
CasaOS | Community-based open source software focused on delivering simple personal cloud experience around Docker ecosystem. |
↑ 9.2 Hardware Tools
Tool | Description |
---|---|
Flipper Zero | Flipper Zero is a portable multi-tool for pentesters and geeks in a toy-like body. It loves hacking digital stuff, such as radio protocols, access control systems, hardware, and more. |
Rubber Ducky | A "flash drive" that types keystroke injection payloads into unsuspecting devices at incredible speeds. From Hak5. |
Wifi Pineapple | A Wi-Fi Pineapple is a wireless auditing platform from Hak5 that allows network security administrators to conduct penetration tests. |
↑ 📖 Learning
↑ 🗂 Resources
Resource | Description |
---|---|
Wiki - AddieLamarr | Wikipedia form AddieLamarr of his 14 years cyber carrer. |
PowerShell - Notes | A readme.md about PowerShell Commands and learning. |
PowerShell Guide | We will unravel the secrets of PowerShell for Quick Guide Hackers and strengthen your skills in the world of hacking! |
DuckyScript™ Quick Reference | DuckyScript™ is the programming language of the USB Rubber Ducky™, Hak5® hotplug attack gear and officially licensed devices. The quick reference to start programming with ducky. |
BadUSB File Format | Document that explains how badusb works on Flipper Zero |
Osint-Dojo | Project that aims to guide those new to Open Source Intelligence (OSINT) |
OSTIN Attack Surface Diagrams | Diagram of diferent types of attacks on OSINT. |
AN1305 MIFARE Classic as NFC Type MIFARE Classic Tag | NFC Forum, NFC data mapping, MIFARE Classic 1K/4K, MIFARE Classic 1K, MIFARE Classic 4K, MIFARE Plus X/S, NFC Type MIFARE Tag |
Security related Operating Systems @ Rawsec | Complete list of security related operating systems |
Best Linux Penetration Testing Distributions @ CyberPunk | Description of main penetration testing distributions |
Security @ Distrowatch | Website dedicated to talking about, reviewing and keeping up to date with open source operating systems |
Pentest Cheat Sheets | Collection of cheat sheets useful for pentesting |
Anna's Achive | The world's largest open-source open-data library. Mirrors Sci-Hub, Library Genesis, Z-Library, and more. |
PDFdrive | PDF Drive is your search engine for PDF files. |
PowerShell Scripts | 125 PowerShell scripts designed to simplify daily administrative tasks, enhance reporting, and streamline auditing processes. |
How to Become a Successful Bug Bounty Hunter | Learn what makes successful hackers thrive in the world of bug bounty hunting. |
Researcher Resources - How to become a Bug Bounty Hunter | A comprehensive guide by Bugcrowd on becoming a bug bounty hunter. |
Bug Bounties 101 | A beginner's guide to getting started with bug bounty hunting. |
The life of a bug bounty hunter | An insightful Q&A on the experiences of a bug bounty hunter. |
Awsome list of bugbounty cheatsheets | A curated list of bug bounty cheatsheets and tools. |
Getting Started - Bug Bounty Hunter Methodology | Step-by-step methodology to begin your bug bounty journey. |
beafn28 notes | Some spanish notes and writeups... |
Hacktricks | Welcome to the wiki where you will find each hacking trick/technique/whatever I have learnt from CTFs, real life apps, reading researches, and news. |
HardBreak | An open-source Hardware Hacking Wiki that aims to gather all essential knowledge for hardware hacking in one place. Whether you are a beginner or more advanced! |
FR Secure | A company that does many cybersecurity things, but they offer a ton of great free blue team engineering and policy resources. |
HackingTraining | This website includes numerous resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artificial intelligence security, vulnerability research,... |
SecTube | On SecTube you will find hundreds of videos on offensive IT security that have been manually categorized. You can also search the videos by keyword using SecTube search bar. |
Ransomchats | A collection of redacted real-world ransomware negotiations. |
Ransomware.live | Monitoring Ransomware groups and their victims in real-time |
Corelan | Corelan Cybersecurity Research. Knowledge is not an object, it's a flow. |
ired | This is publicly accessible personal red teaming notes about pentesting / red teaming experiments in a controlled environment that involve playing with various tools and techniques used by penetration testers, red teams and actual adversaries. |
Hack By Steps | Hack everything step by step! With a community for hacking and learning how to hack. |
↑ 📚 Courses
Courses | Description |
---|---|
cs50 - Harvard | CS50's Introduction to Computer Science. Even if you are not a student at Harvard, you are welcome to "take" this course for free via this OpenCourseWare by working your way through the course's eleven weeks of material. |
overthewire.org | The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of fun-filled games. |
HTB-Academy | HTB Academy is cybersecurity learning the HTB way. |
HackTheBox | Hack The Box is a training platform where you can find matchines and CTFs to practice. |
Coursera | Plataform where there are open online courses. |
TryHackMe | TryHackMe goes way beyond textbooks and focuses on fun interactive lessons that make you put theory into practice. |
EC-Council - Learning | Get started with a free account and gain immediate access to 20+ complete cybersecurity courses from the creators of the Certified Ethical Hacker (CEH) program. |
Security Blue Team | Plataform to learn with courses orientated to the blue team. |
Cybrary | Offers free and paid courses with hands-on labs for certificatitions like Security+, CISSP and CEH. |
Udemy | Affordable courses with video lectures, quizzes, and practice exams for various certifications. |
Professor Messer | Free video lessons and practice exams for CompTIA certifications. |
Roppers Practical Networking | Free course that teaches a beginner how security works in the real world. Learn security theory and execute defensive measures so that you are better prepared against threats online and in the physical world. |
VirusTotal | Malware analysis. |
Root the Box | A CTF (Capture The Flag) platform for practicing hacking and learning real-world cybersecurity skills. |
edX | Online security courses. |
Hybrid Analysis | Advanced malware sandboxing. |
AbuseIPDB | IP address threat intelligence. |
HackerOne | Bug bounty platform. |
Bugcrowd | Crowdsourced cybersecurity. |
Open Bug Bounty | Open-source bug bounty program. |
RangeForce | Hands-on blue team exercises. |
Free Education Web | We are Sharing the Knowledge for Free of Charge and Help Students and Learners all Over the World. |
elHacker | All hacking courses for free. |
Seguridad/si | Free Introduction of CIS |
Udemy | 34€ Ultimate CISSP Exam Prep with Practical Practice Tests and Expert Explanations Designed for Guaranteed Success! |
Tradecraft - a course on red team operations | A YouTube playlist providing a detailed course on red team operations. |
Advanced Threat Tactics Course & Notes | A comprehensive guide and course on advanced threat tactics by Cobalt Strike. |
FireEye - a whiteboard session on red team operations | A video session from FireEye that covers red team operations and assessments. |
Hacksplaining | Completely free, comprehensive security training for web developers. Covers every major security vulnerability you are likely to face. Concrete, no-nonsense advice for the developer in a hurry. |
Hacker101 | Hacker101 is a free class for web security. Whether you’re a programmer with an interest in bug bounties or a seasoned security professional. |
SANS | Free Cyber Security Training. Your gateway to cyber security skills and careers |
Cybersecurity Guide | Find your cybersecurity guide |
CyberLand Sec | Web to do free courses, ctf challenges and more about the cybersecurity world. |
LetsDefend | LetsDefend helps you build a blue team career with hands-on experience by investigating real cyber attacks inside a simulated SOC. |
CyberEDU | Gain knowledge, train your team or practice your security skills in the cybersecurity gym for the ethical hackers, offensive and defensive specialists. |
↑ 📝 Certifications
Certifications | Description |
---|---|
Cisco CCNA | Validate your knowledge and skills in network fundamentals and access, IP connectivity, IP services, security fundamentals, and more. |
CompTIA Security+ | CompTIA Security+ is a global certification that validates the baseline skills necessary to perform core security functions and pursue an IT security career. |
CC | Certified in Cybersecurity (CC) from ISC2 |
OSCP | PEN-200 (PWK) is our foundational pentesting course where students learn and practice the latest techniques. |
OSWP | Learn Foundational Wireless Network Attacks to advance your skills in network security red-teaming |
OSEP | Learn advanced techniques including bypassing security mechanisms and evading defenses. |
eJPT | eJPT is a hands-on, entry-level Red Team certification that simulates skills utilized during real-world engagements. |
CREST Certified Simulated Attack Specialist | Certification focusing on simulated attack scenarios and advanced penetration testing techniques. |
CREST Certified Simulated Attack Manager | Designed for managing and overseeing simulated attack engagements effectively. |
SEC564: Red Team Operations and Threat Emulation | A SANS course covering red team methodologies and threat emulation tactics. |
ELearn Security Penetration Testing eXtreme | Advanced penetration testing certification from eLearn Security. |
Certified Red Team Professional | Practical certification emphasizing hands-on red team operations. |
Certified Red Teaming Expert | Expert-level certification in advanced red teaming strategies and tools. |
PentesterAcademy Certified Enterprise Security Specialist (PACES) | Certification focusing on enterprise security and defense evasion techniques. |
CPTS | HTB Certified Penetration Testing Specialist (HTB CPTS) is a highly hands-on certification that assesses the candidates’ penetration testing skills. |
CBBH | HTB Certified Bug Bounty Hunter (HTB CBBH) is a highly hands-on certification that assesses the candidates’ bug bounty hunting and web application pentesting skills |
CWEE | HTB Certified Web Exploitation Expert (HTB CWEE) is a highly hands-on certification that assesses candidates' skills in identifying advanced and hard-to-find web vulnerabilities using both black box and white box techniques. |
CDSA | HTB Certified Defensive Security Analyst (HTB CDSA) is a highly hands-on certification that assesses the candidates’ security analysis, SOC operations, and incident handling skills. |
GitHub Advanced Security | This certification validates your expertise with GitHub Advanced Security. |
GitHub Administration | This certification validates your expertise administering GitHub Enterprise. |
↑ 🎥 Tutorials
Documentaries | Description |
---|---|
Corelan Team's Exploit writing tutorial | |
Exploit Writing Tutorials for Pentesters | |
Understanding the basics of Linux Binary Exploitation | |
Shells | |
Missing Semester | |
Begin RE: A Reverse Engineering Tutorial Workshop | |
Malware Analysis Tutorials: a Reverse Engineering Approach | |
Malware Unicorn Reverse Engineering Tutorial | |
Lena151: Reversing With Lena | |
Blue Team Introduction | Video of Blue Team Introduction - Fundamentals |
SecTube | On SecTube you will find hundreds of videos on offensive IT security that have been manually categorized. You can also search the videos by keyword using SecTube search bar. |
↑ 🚩 CTFs - Training
CTFs | Category | Description |
---|---|---|
Kase Scenarios | OSINT | Imagine diving headfirst into captivating OSINT scenarios that mirror real-world investigations. You must apply OSINT techniques to solve intricate cases and mysteries. |
TraceLabs | OSINT | The Trace Labs Search Party CTF is a non theoretical, gamified effort that allows for the crowdsourcing of contestants to perform a single task: Conduct open source intelligence operations to help find missing persons |
Geolocating Images (THM) | OSINT | A room to understand how to geolocate images |
Google Dorking (THM) | OSINT | Explaining how Search Engines work and leveraging them into finding hidden content. |
OhSINT | OSINT | What information can you possible get with just one image file? |
Sakura Room | OSINT | Use a variety of OSINT techniques to solve this room created by the OSINT Dojo. |
Searchlight-IMINT | OSINT | OSINT challenges in the imagery intelligence category. |
KafeeSec-SoMeMINT | OSINT | An intro to SOCMINT (Social Media Intelligence/Investigation) techniques and tooling. Use your awesome OSINT skills to perform an online investigation of a mysterious husband! |
Stego-toolkit | Steganography | |
Top CTF challenges | Steganography | |
awesome-ctf | Steganography | |
Flipper Zero BadUSB Mastery | BadUSB | Learn how to craft and deploy BadUSB payloads for the Flipper Zero using DuckyScript. This room focuses on automating keystroke attacks for ethical hacking and testing purposes. |
InfoMachines | Writeups | S4vitar Machine's Resolutions. |
CFT Time | Platform | Public directory of all CTFs organized currently or in the past |
CyberLand Labs | Docker / Script | CyberLand Labs is a tool designed to facilitate the management of virtual machines in Docker environments, with a particular focus on IT security challenges such as Capture The Flag (CTF). |
hpAndro Vulnerable Application CTF | Android | Android CTF for beginners. |
↑ 🕸️ Practice Webs
Web Practice | Category | Description |
---|---|---|
Codeforces | Problems Solving | Codeforces is a project joining people interested in and taking part in programming contests. |
DevChallenges | Challenges | Platform to improve your coding skills through practical projects and build an outstanding portfolio. |
PortSwigger Web Security Academy | Training and Labs | An online platform offering free, hands-on trainings, tutorials and labs on web application security, covering various attack techniques and defensive strategies. |
PentesterLab | Exercises and Labs | A platform providing practical exercises and labs to learn and practice for skills on web penetration testing. |
Hacker101-CTF | Web CTFs | A CTF platform offering real-world challenges for web penetration testers or bug bounty hunters to hone their skills in finding and exploiting web vulnerabilities. |
Damn Vulnerable Web Application (DVWA) | Vulnerable Web Application | An intentionally vulnerable web application designed to practice web application security testing and vulnerability exploitation. |
OWASP Juice Shop | Vulnerable Web Application | An insecure online web application created by OWASP for practicing and learning about different web vulnerabilities. |
Reversing.Kr | Challenge Platform | A reverse engineering challenge platform designed to build skills in binary exploitation and malware analysis. |
CFTd | Web CTFs | Open Source CTF Plataform |
TryHackMe | Web CTFs | A guided cybersecurity training platform with interactive, hands-on labs and ctfs on various topics from beginner to advanced. |
HackTheBox | Web CTFs | A cybersecurity training platform with virtual hacking labs and real-world challenges for all skill levels. |
picoCTF | Web CTFs | A CTF platform that has a wide range of CTF challenges related to various topics like Web Exploitation, Cryptography, Reverse Engineering, Forensics, Binary Exploitation and more. |
Root Me | Web CTFs | A platform to practice various relevant CTF challenges based on Web, Steganography, App, Forensics, Network, Programming, etc. |
OverTheWire (Wargames) | Exercises and Linux Challenges | A collection of wargames designed to teach Linux, networking, and exploitation through progressively harder challenges. |
CTFLearn | Web CTFs | A beginner-friendly CTF platform with challenges covering various cybersecurity topics. |
CTFTime | Web CTFs | A competitive CTF platform that tracks the CTF events worldwide and allows teams of CTF players to compete and get tracks of scores, rankings and ratings. |
Cryptohack | Web CTFs | A platform focused on cryptography-based CTF challenges, that teaches concepts through problem-solving. |
Vulnerable Codes | Plaform, Vulnerabilities | Learn to research vulnerabilities by reviewing the source code of real-world cases. |
pwn4love | CTF, Challenges | Learn to hack with some challenges and join the community. |
↑ 📙 Open-Source Repositories
Title | Description |
---|---|
OWASP | Tools and resources for web application security. |
Mitre ATT&CK | Adversarial tactics and techniques. |
TheHive Project | Incident response tools. |
OSINT | List of tools OSINT. |
Awesome OSINT | Awesome list of tools OSINT. |
awesome-osint-for-everything | Awesome for some tools OSINT |
Playbooks | Repository of playbooks. |
CyberSecTools | The Largest Hub of Cybersecurity Tools |
awesome-hacking | Awesome list of hacking. |
awsome-CVE PoCs | A curated list of CVE PoCs. |
awesome-YARA | A curated list of awesome YARA rules, tools, and resources. |
dark-web-osint-tools | OSINT Tools for the Dark Web |
awesome-bug-bounty | Awesome list of bug bounty |
awesome-red-team | Awesome Red Team |
the-hacker-roadmap | Roadmap for hacker |
the-osint-toolbox | List of tools for email and username search |
programs-for-data-recovery | List of all tools for data recovery |
↑ 🛣️ Learning Path
Roadmap | Description |
---|---|
Cybersecurity | Learn to become a Cyber Security Expert. |
Linux | Step by step guide to learn Linux in 2024. |
Ethical Hacking | Community driven roadmaps, articles and guides for developers to grow in their career. |
the-hacker-roadmap | Roadmap for hacker |
↑ 🖌️ Projects Based
Projects | Description |
---|---|
Fynd Academy | 30 Cyber Projects on 2025 (With Source Code. |
CyberAcademy - Project Ideas | List of ideas for your cyber projects. |
↑ 🗣️ Social
↑ 🎤 Events
Event | Description |
---|---|
BSides Calendar | The calendar of BSides events arround the world. |
leHack | leHACK is the oldest and largest hacker event in France. |
HackBCN | The most important hacking conference in Barcelona dedicated to innovation, learning and technological development. |
Navaja Negra | Conference in Albacete with workshops, talks and more... |
↑ 👤 Community
Community | Description |
---|---|
RedProtect | Our community was born out of the shared passion of three students: bst04, Gabriel Grigor, and Luu. United by our interest in the fascinating world of cybersecurity, we decided to create a space where we can learn, share knowledge, and grow together in this dynamic and crucial field. |
cybersources | The community about this repository. |
Hack By Steps | Community for hacking and learning how to hack. |
Harden the World | A community-driven project focused on developing security best practices and guidelines for configuring systems securely. |
CiberUnidos | Aprende, conecta y crece en ciberseguridad, cultivando innovación, colaboración y transformación para tu futuro |
↑ 📺 Media
↑ 🎙️ Podcasts
Podcasts | Language | Description |
---|---|---|
Tierra de Hackers | Spanish | Podcast recorded by Martin Vigo and Alexis Porros, they inform about all the news on the cybersecurity world. |
ISC | English | The ISC StormCast is a daily short-form podcast that provides a summary of current network security-related events. |
Cyberwire Daily | English | Published each weekday, the program also included interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world. |
Un Podcast Seguro | Spanish | During our interviews we asked guests about their experiences, concerns, and keys to having a successful career in cybersecurity. If you want to learn about cybersecurity in the business and personal world, this is your podcast. |
Securiters | Spanish | Securiters, your cybersecurity podcast at all levels. |
Hacking Talks | Spanish | The podcast where the best hackers and cybersecurity experts reveal their strategies, experiences and knowledge. |
↑ 📺 Documentaries
Documentaries | Genere | Year | Rating |
---|---|---|---|
BBS: The Documentary | Documentary | 2005 | 8.7/10 |
Citizenfour | Documentary - Biography | 2014 | 8.1/10 |
Code 2600 | Documentary | 2012 | 7.4/10 |
Deep Web | Documentary | 2015 | 7.1/10 |
DEFCON: The Documentary | Documentary | 2013 | 5.7/10 |
DSKNECTD | Documentary | 2013 | 7.4/10 |
Downloaded | Documentary | 2013 | 6.8/10 |
Freedom Downtime | Documentary | 2001 | 7.6/10 |
Good Copy Bad Copy | Documentary | 2007 | 7.2/10 |
Hackers: Wizards of the Electronic Age | Documentary | 1984 | 7.7/10 |
Hackers Are People Too | Documentary - Short Film | 2008 | 6.1/10 |
Hacking Democracy | Documentary | 2006 | 7.9/10 |
Hackers Wanted | Documentary/Indie Film | 2009 | 6.5/10 |
In the Realm of the Hackers | Documentary | 2003 | 7.4/10 |
Indie Game: The Movie | Documentary | 2012 | 7.7/10 |
Kim Dotcom: Caught in the Web | Documentary | 2017 | 7.0/10 |
Pirates of Silicon Valley | Documentary - Drama - TV Film | 1999 | 7.3/10 |
Plug and Pray | Documentary | 2010 | 7.2/10 |
Revolution OS | Documentary - Indie Film | 2001 | 7.3/10 |
Silk Road: Drugs, Death and the Dark Web | Documentary | 2017 | 7.4/10 |
Softwaring Hard | Documentary | 2014 | 8.2/10 |
Steal This Film | Documentary - Short Film | 2006 | 7.1/10 |
TPB AFK: The Pirate Bay Away from Keyboard | Documentary | 2013 | 7.6/10 |
Terms and Conditions May Apply | Documentary | 2013 | 7.4/10 |
The Code | Documentary | 2001 | 7.5/10 |
The Great Hack | Documentary | 2019 | 7.0/10 |
The Hacker Wars | Documentary | 2014 | 6.6/10 |
The Internet's Own Boy: The Story of Aaron Swartz | Documentary | 2014 | 8.1/10 |
The KGB, the Computer and Me | Documentary | 1990 | 8.3/10 |
The Secret History Of Hacking | Documentary | 2001 | 7.6/10 |
The Singularity | Drama - Science Fiction | 2012 | 7.3/10 |
War for the Web | Documentary | 2015 | 7.4/10 |
We Are Legion: The Story of the Hacktivists | Documentary | 2012 | 7.3/10 |
↑ 📖 Books & Papers/Articles
Documentaries | Description |
---|---|
Next Generation Red Teaming | Explores modern red teaming methodologies and how they evolve to meet sophisticated threats. |
Targeted Cyber Attack | Offers insights into planning, executing, and defending against cyberattacks. |
Advanced Penetration Testing: Hacking the World's Most Secure Networks | Guides readers through techniques to breach highly secure networks. |
Social Engineers' Playbook: Practical Pretexting | A practical manual focusing on social engineering tactics and pretexting scenarios. |
The Hacker Playbook 3: Practical Guide To Penetration Testing | An essential resource for penetration testers, covering advanced tactics and strategies. |
How to Hack Like a PORNSTAR: A Step-by-Step Process for Breaking into a BANK | A step-by-step narrative illustrating hacking methods for breaching financial institutions. |
Penetration Testing: A Hands-On Introduction to Hacking | A comprehensive guide introducing penetration testing techniques and tools, designed for beginners. |
Kali Linux Revealed - PDF | |
Blue Team Field Manual (BTFM) | A reference guide for defensive security operations, offering tools and techniques to protect networks. |
Cybersecurity - Attack and Defense Strategies | Covers both offensive and defensive strategies for protecting infrastructure against cyber threats. |
NMAP Network Scanning: Official Discovery | Official documentation for using Nmap for network discovery and vulnerability scanning. |
Social Engineering: The Art of Human Hacking | Explores the psychological and technical aspects of social engineering and how to protect against it. |
Incognito Toolkit: Tools, Apps, and Creative Methods for Remaining Anonymous | A guide to tools and techniques for maintaining anonymity online while communicating, publishing, or researching. |
CFT Guide | Online book about preparing for CTFs |
↑ 🖥️ TV Shows
Title | Genere | Year | Rating |
---|---|---|---|
Black Mirror | Drama - Science Fiction | 2011 | 8.9/10 |
CSI: Cyber | Drama - Crime - Mystery | 2015 | 5.4/10 |
Dark Net | Documentary - Series | 2016 | 7.3/10 |
Devs | Drama - Mystery - Sci-Fi | 2020 | 7.9/10 |
Halt and Catch Fire | Drama | 2014 | 8.3/10 |
Mr. Robot | Thriller - Drama | 2015 | 8.7/10 |
Person of Interest | Action - Crime - Drama | 2011 | 8.5/10 |
Scorpion | Action - Drama | 2014 | 7.2/10 |
Serial Experiments Lain | Cyberpunk - Animation | 1998 | 8.2/10 |
Silicon Valley | Comedy | 2014 | 8.5/10 |
StartUp | Thriller - Crime | 2016 | 8.1/10 |
The Code | Drama | 2014 | 7.6/10 |
The IT Crowd | Comedy | 2006 | 8.6/10 |
Travelers | Science Fiction | 2016 | 8.0/10 |
Valley of the Boom | Documentary - Drama | 2019 | 6.5/10 |
Westworld | Drama - Mystery | 2016 | 9.0/10 |
You Are Wanted | Thriller - Drama | 2017 | 6.1/10 |
↑ 🎥 Youtube Channels
Channel | Description |
---|---|
NetworkChuck | NetworkChuck is a popular YouTuber and educator known for his engaging tutorials on networking, cybersecurity, and IT certifications. |
The Cyber Mentor | A channel focused on penetration testing, ethical hacking, and cybersecurity, offering high-quality content for beginners and professionals. |
HackerSploit | A channel offering in-depth tutorials on ethical hacking, cybersecurity, and penetration testing for enthusiasts and professionals. |
John Hammond | Practical tutorials on ethical hacking, vulnerability analysis, and cybersecurity challenges. |
Computerphile | A channel that explains complex computer science concepts, including cybersecurity and cryptography, in a simple and engaging way. |
LiveOverflow | Focused on hacking challenges and ethical hacking tutorials, LiveOverflow provides practical examples and hands-on experiences. |
Cybrary | A channel that offers a wide range of cybersecurity and IT training resources, suitable for both beginners and advanced professionals. |
PentesterLab | A channel dedicated to penetration testing with a variety of tutorials on vulnerabilities and exploits, ideal for learning practical skills. |
Tinkr | Learn ethical hacking, web application security, and how to improve defense strategies against attacks through accessible tutorials. |
TheHackerGiraffe | A channel offering ethical hacking tutorials in a fun and approachable way, covering tools and techniques for cybersecurity. |
SecurityNow | A cybersecurity-focused channel that provides analysis of vulnerabilities, advanced security topics, and the latest news in the field. |
David Bombal | Known for tutorials on networking, cybersecurity, and IT certifications, David Bombal offers in-depth insights into tech education. |
Null Byte | A great resource for ethical hacking, penetration testing, and advanced security techniques, perfect for learners of all levels. |
Hak5 | A channel dedicated to hacking, security, and hardware, offering innovative content about tools and devices in the security field. |
S4vitar | Cybersecurity and Ethical Hacking Channel |
IppSec | Focused on walkthroughs of Capture The Flag (CTF) challenges and practical penetration testing content, IppSec is perfect for skill development. |
Hacking Simplified | Offers easy-to-follow tutorials and content for learning ethical hacking and cybersecurity skills. |
STÖK | A channel that provides clear and engaging tutorials on penetration testing, ethical hacking, and web security. |
Firewalls | A resource for learning network security, including firewall configurations, intrusion detection, and prevention techniques. |
TechieLicious | A channel focused on tech tutorials, cybersecurity, and ethical hacking, providing helpful tips and insights for beginners. |
Computer Security | A cybersecurity channel dedicated to offering tips, tutorials, and walkthroughs on securing systems and networks. |
TRAPST3R | A channel that offers hacking tutorials, penetration testing challenges, and ethical hacking walkthroughs for aspiring professionals. |
RedTeamOps | A channel focused on red teaming, penetration testing, and ethical hacking, helping viewers sharpen their cybersecurity skills. |
The Cyber Security Channel | Offers comprehensive resources on cybersecurity, penetration testing, and the latest security threats and solutions. |
Hack Like a Pro | Learn to hack like a pro with tutorials on ethical hacking, penetration testing, and various security practices. |
CyberExploit | A channel dedicated to ethical hacking, vulnerability exploitation, and penetration testing methodologies. |
TechDefenders | Focused on tech security, including tutorials on securing networks, ethical hacking, and best practices in cybersecurity. |
Pentesting Academy | A channel designed for those looking to improve their penetration testing skills through structured courses and tutorials. |
CyberForged | Spanish Channel that talks about cybersecurity and news. |
Talking Sasquach | We do cybersec tutorials using things like the Flipper Zero, HackRF and more! |
↑ 🎥 LinkedIn Creators
Profile | Description |
---|---|
Mohamed Hamdi Ouardi | Mohamed Hamdi Ouardi is a cybersecurity expert and information system administrator |
Dan Nanni | Research scientist from the East Coast US. Makes graphics about cybersecurity tools and resources. |
↑ ⭐️ Star History
↑ 💬 Collaborate
- If you have some tool, resource or course that you want to share, contact me or create an pull request or an Issue.