engagement, standard process, mitre att&ck, certifications and etc.

IMAGE	NAME	LINKS	DESCRIPTION
	Pentest Standard	Website	(Engagement): A comprehensive framework designed to standardize the process of conducting penetration tests
	Red-Team-Infra	Github	(Infrastructure): Disposable and resilient red team infrastructure with Terraform
	Red-Team-Infras-Wiki	Github	(Infrastructure): Wiki to collect Red Team infrastructure hardening resources
	RedInfraCraft	Github	(Infrastructure):automates the deployment of powerful red team infrastructures! makes it easy to create advanced phishing & payload infras

🔝 Back to top

notes, methodology , resources, techniques and etc.

IMAGE	NAME	LINKS	DESCRIPTION
	HackTricks	Website	(General): HackTricks is a comprehensive resource that provides a wide range of information and tips related to pentesting, redteaming and etc.
	Payloads All The Things	Github	(General): A list of useful payloads and bypasses for Web Application Security and also a cheatsheets
	Atomic RedTeam	Website	(TTPs): Atomic Red Team can be used as a reference for cheatsheets. It provides detailed examples of specific commands, scripts, and guides that can be used to simulate various adversary techniques (TTPs).
	OWASP Cheatsheet	Website	(Web-APP): The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
	Internall-all-the-things	Github.io	(General): Active Directory and Internal Pentest Cheatsheets
	Arsenal	Github	(Cheatsheets): In arsenal you can search for a command, select one and it's prefilled directly in your terminal. This functionality is independent of the shell used.
	cheat.sh	Website	(Cheatsheets): Unified access to the best community driven cheat sheets repositories of the world. Covers 56 programming languages, several DBMSes, and more than 1000 most important UNIX/Linux commands.
	THC cheatshets	Github	(Cheatsheets): THC's favourite Tips, Tricks & Hacks (Cheat Sheet)
	cheat	Github	(Cheasheets): cheat allows you to create and view interactive cheatsheets on the command-line. It was designed to help remind *nix system administrators of options for commands that they use frequently, but not frequently enough to remember.
	RedTeam-Tools	Github	(Resources): A github repository contains a collection of 130+ tools and resources that can be useful for red teaming activities.
	BlueTeam-Tools	Github	(Resources): A github repository contains a collection of 65+ tools and resources that can be useful for blue teaming activities.
	Activate Directory Cheatsheets	Github	(Cheatsheets): A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
	CloudPentest	Github	(Cheatsheets): 🛡️ Awesome Cloud Security Resources and cheatsheets ⚔️
	RedTeam Guide	Github	(Cheatsheets): Red Team Cheatsheet in constant expansion.
	Exploits Notes	Website	(Resources): Search hacking techniques and tools for penetration testings, bug bounty, CTFs.
	RedTeam Cheatsheets	Github	(Cheatsheets): Useful C2 techniques and cheatsheets learned from engagements (Cobalt strike and sliver c2)
	Appsecexplained	Gitbook	(Cheatsheets): This is a curated repository of notes and experience over many years of testing web applications.
	Awesome-Pentest Cheatsheets	Github	Collection of cheat sheets and check lists useful for security and pentesting. The list contains a huge list of very sorted and selected resources, which can help you to save a lot of time.
	Awesome-Hacking	Github	(Genreal): A collection of various awesome lists for hackers, pentesters and security researchers
	Awesome-Pentest	Github	(General): Awesome Pentest Cheat Sheets a collection of the cheat sheets useful for pentesting
	RedTeam Notes 2.0	Gitbook	(General): It is very beginner friendly and have everything from MITRE with more great images and high level explanations
	RedTeam	Website	(General): These are notes about all things focusing on, but not limited to, red teaming and offensive security.
	Red Teaming and Malware Analysis	Gitbook	(Resources): Personal notes on red teaming / pentest and malware analysis, various techniques used during assessments.
	Offensive Security Cheatsheet	Website	(General): Their are few useful resources for penetration testing and enumerations staff.

🔝 Back to top

reconnaissance, enumeration, fuzzing, AD DC etc.

IMAGE	NAME	LINKS	DESCRIPTION
	huntools	GitHub	(General): streamlined solution for managing your entire arsenal
	pdtm	GitHub	(General-Recon): ProjectDiscovery's Open Source Tool Manager
	ffuf	GitHub	(General-Recon): Fast web fuzzer written in Go.
	gobuster	GitHub	(General-Recon): DNS and VHost busting tool written in Go.
	Axiom	GitHub	(General-Tool): The dynamic infrastructure framework for hacking! different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!
	reconftw	GitHub	(General-Recon): Perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
	wappalyzer	GitHub	(Technologies): Identify technology on websites.
	Sublist3r	GitHub	(Subdomain): Fast subdomains enumeration tool for penetration testers
	katana	GitHub	(Crawling): A next-generation crawling and spidering framework.
	BloodHound	GitHub	(AD): BloodHound is a powerful tool used for Active Directory (AD) security assessments. It helps identify and analyze security vulnerabilities and relationships within an Active Directory environment.
	CrackMapExec	GitHub	(Network): A swiss army knife for pentesting networks
	Recon-AD	GitHub	(AD): recon-ad tool based on ADSI and reflective DLL’s
	PSPKIAudit	GitHub	(AD CS): PowerShell toolkit for auditing Active Directory Certificate Services.
	powerview 3.0	GitHub	(AD): Active Directory enumeration tools
	ImproHound	GitHub	(AD): sIdentify the attack paths in BloodHound breaking your AD tiering
	ADRecon	GitHub	(AD): ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.
	Amass	GitHub	(Subdomain): In-depth Attack Surface Mapping and Asset Discovery
	wfuzz	GitHub	(Fuzzing): Web application fuzzer.
	scilla	GitHub	(Subdomain): Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration
	httpx	GitHub	(Technologies): Fast and multi-purpose HTTP toolkit for probing.
	dirbuster-ng	GitHub	(Directory): dirbuster-ng is C CLI implementation of the Java dirbuster tool.
	massdns	GitHub	(DNS): High-performance DNS stub resolver for bulk lookups
	Findomain	GitHub	(Subdomain): The fastest and cross-platform subdomain enumerator
	RustScan	GitHub	(Ports): The Modern Port Scanner. Find ports quickly (3 seconds at its fastest). Run scripts through our scripting engine (Python, Lua, Shell supported).
	gitleaks	GitHub	(Web): Gitleaks is a SAST tool for detecting hardcoded secrets like passwords, api keys, and tokens in git repos.
	s3scanner	GitHub	(Web): Scan for open S3 buckets and dump the contents
	Whatwaf	GitHub	(WAF Detector): Detect and bypass web application firewalls and protection systems
	cloud_enum	GitHub	(Cloud): Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
	recon-ng	GitHub	(Web): Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.
	witnessme	GitHub	(Web): Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier
	spoofcheck	GitHub	(Web): A program that checks if a domain can be spoofed from. The program checks SPF and DMARC records for weak configurations that allow spoofing.
	Sudomy	GitHub	(General): Automated reconnaissance tool for bug hunting / pentesting
	chaos-client	GitHub	(Subdomain): Go client to communicate with Chaos DNS API
	domained	GitHub	(Subdomain): Multi Tool Subdomain Enumeration
	shuffledns	GitHub	(Subdomain): Wrapper around massdns for subdomain enumeration with active bruteforce
	puredns	GitHub	(Subdomain): Fast domain resolver and subdomain bruteforcing
	censys-subdomain-finder	GitHub	(Subdomain): enumeration using Censys certificate transparency logs
	Turbolist3r	GitHub	(Subdomain): enumeration tool with analysis features
	domain	GitHub	(Subdomain): Setup script for Recon-ng for subdomain enumeration
	altdns	GitHub	(Subdomain): Generates permutations, alterations, and mutations of subdomains
	brutesubs	GitHub	(Subdomain): Automation framework for running multiple subdomain bruteforcing tools
	dns-parallel-prober	GitHub	(Subdomain): Parallelised domain name prober for subdomain enumeration
	dnscan	GitHub	(Subdomain): Python wordlist-based DNS subdomain scanner
	knock	GitHub	(Subdomain): Enumerate subdomains on a target domain through a wordlist
	hakrevdns	GitHub	(DNS): Tool for performing reverse DNS lookups en masse
	dnsx	GitHub	(Subdomain): Fast and multi-purpose DNS toolkit for running DNS queries
	subfinder	GitHub	(Subdomain): discovery tool that finds valid subdomains for websites
	assetfinder	GitHub	(Subdomain): Find domains and subdomains related to a given domain
	VHostScan	GitHub	(Vhost): Virtual host scanner that performs reverse lookups
	sub3suite	GitHub	(Subdomain): Research-grade suite of tools for subdomain enumeration
	cero	GitHub	(Subdomain): Scrape domain names from SSL certificates of arbitrary hosts
	shosubgo	GitHub	(Subdomain): Tool to grab subdomains using Shodan API
	haktrails	GitHub	(Subdomain): Golang client for querying SecurityTrails API data
	bbot	GitHub	(Subdomain): Recursive internet scanner for hackers
	webanalyze	GitHub	(Technologies): Port of Wappalyzer to automate mass scanning.
	whatweb	GitHub	(Technologies): Next generation web scanner.
	retire.js	GitHub	(Technologies): Scanner detecting JavaScript libraries with known vulnerabilities.
	fingerprintx	GitHub	(Technologies): Standalone utility for service discovery on open ports.
	recursebuster	GitHub	(Content-Discovery): Rapid content discovery tool for recursively querying webservers.
	feroxbuster	GitHub	(Content-Discovery): A fast, simple, recursive content discovery tool written in Rust.
	dirsearch	GitHub	(Content-Discovery): Web path scanner.
	dirsearch	GitHub	(Content-Discovery): A Go implementation of dirsearch.
	filebuster	GitHub	(Content-Discovery): An extremely fast and flexible web fuzzer.
	dirstalk	GitHub	(Content-Discovery): Modern alternative to dirbuster/dirb.
	gospider	GitHub	(Content-Discovery): Gospider - Fast web spider written in Go.
	hakrawler	GitHub	(Content-Discovery): Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application.
	crawley	GitHub	(Content-Discovery): Fast, feature-rich unix-way web scraper/crawler written in Golang.
	LinkFinder	GitHub	(Links): A python script that finds endpoints in JavaScript files.
	JS-Scan	GitHub	(Links): A .js scanner built in PHP, designed to scrape URLs and other information.
	GoLinkFinder	GitHub	(Links): A fast and minimal JS endpoint extractor.
	BurpJSLinkFinder	GitHub	(Links): Burp Extension for passive scanning of JS files for endpoint links.
	urlgrab	GitHub	(Links): A Go utility to spider through a website searching for additional links.
	waybackurls	GitHub	(Links): Fetches all URLs that the Wayback Machine knows about for a domain.
	gau	GitHub	(Links): Fetches known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
	getJS	GitHub	(Links): A tool to quickly get all JavaScript sources/files.
	linx	GitHub	(Links): Reveals invisible links within JavaScript files.
	waymore	GitHub	(Links): Finds more from the Wayback Machine.
	xnLinkFinder	GitHub	(Links): A Python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target.
	parameth	GitHub	(Parameters): Tool for brute discovering GET and POST parameters.
	param-miner	GitHub	(Parameters): Identifies hidden, unlinked parameters, useful for finding web cache poisoning vulnerabilities.
	ParamPamPam	GitHub	(Parameters): Tool for brute discovering GET and POST parameters.
	Arjun	GitHub	(Parameters): HTTP parameter discovery suite.
	ParamSpider	GitHub	(Parameters): Mines parameters from dark corners of Web Archives.
	x8	GitHub	(Parameters): Hidden parameters discovery suite written in Rust.
	fuzzdb	GitHub	(Fuzzing): Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
	IntruderPayloads	GitHub	(Fuzzing): Collection of Burpsuite Intruder payloads, fuzz lists, and web pentesting methodologies.
	fuzz.txt	GitHub	(Fuzzing): Potentially dangerous files.
	fuzzilli	GitHub	(Fuzzing): JavaScript Engine Fuzzer.
	qsfuzz	GitHub	(Fuzzing): Allows building custom rules to fuzz query strings and identify vulnerabilities.
	vaf	GitHub	(Fuzzing): Very advanced (web) fuzzer written in Nim.
	CMSeeK	GitHub	(CMS Detection): Scan WordPress, Joomla, Drupal and over 180 other CMSs
	cms-wordlists	GitHub	(CMS Wordlists): contains wordlists for each versions of common web applications (CMS). Each version contains a wordlist of all the files directories for this version.
	GitFive	GitHub	(Git/OSINT): GitFive is an OSINT tool to investigate GitHub profiles.
	gixposed	GitHub	(Git/OSINT): Gixposed is a powerful command-line tool designed to search the commit history of Git repositories for sensitive information, such as API keys and access tokens.
	Gitdumper	GitHub	(Git): A tool to dump a git repository from a website
	Eviltree	GitHub	(Regex): Searching for secrets (passwords/accounts) in files of nested directory structures, being able to visualize which files contain user provided keywords/regex patterns and where those files are located.
	Beeceptor	Website	(webhook): Instantly create a webhook and mock a server over HTTPS
	webhooks	Github	(webhook): Lightweight HTTP Server with Public Exposure for Pentesting, Red Teaming and Bughunting
	assetnote wordlists	Website	(wordlists): This website provides you with wordlists that are up to date and effective against the most popular technologies on the internet.

🔝 Back to top

servers, IoT, routers and etc.

IMAGE	NAME	LINKS	DESCRIPTION
	Shodan	Website	Search Engine for the Internet of Everything.
	Censys Search	Website	Search Engine for every server on the Internet to reduce exposure and improve security.
	FOFA	Website	Cyberspace Mapping
	Hunter.how	Website	Internet search engine for security researchers.
	Onyphe	Website	Cyber Defense search engine for open-source and cyber threat intelligence data.
	ZoomEye	Website	Global Cyberspace mapping.
	GreyNoise	Website	The source for understanding internet noise.
	Netlas	Website	Discove, Research and monitor any assets available online.
	Quake	Website	Global Cyberspace Surveying and mapping system.
	Qualys SSL Labs	Website	This free online service performs a deep analysis of the configuration of any SSL web server on the public Internet.

🔝 Back to top

tracking computers, laptop, Androids, iOS, Bluetooth, Realtime tracking, IoT devices, Social Engineering monitoring.

IMAGE	NAMES	LINKS	DESCRIPTIONS
	HoneyBadgerV3	Website Github	(WIFI/Phishing/meterpreter): HoneyBadger is an Active Defense tool to determine who the malicious actor is and where they are located in realtime locatio (Desktop, Mobile).
	Seeker	Github	(Phishing): Seeker a is host phishing pages to get credentials by hosting a fake page that requests your location like many popular location based websites.
	Grabify IP Logger	Website	(SocialEngineering): Grabify IP logger will help you find and track the IP address of any person.
	QCSuper	Github	(hardware/triangulation): QCSuper is a tool communicating with Qualcomm-based phones and modems, allowing to capture raw 2G/3G/4G radio frames, among other things.
	SigPloit	Github	(Mobile/ISMI/SS7): SigPloit: Telecom Signaling Exploitation Framework - SS7, GTP, Diameter & SIP
	Silent SMS Ping	Github	(Mobile/Detector/Ping): Silent SMS ping and detector an android application for detecting (and sending) Class-0 silent SMS messages (binary messages) that does not require rooted device.

🔝 Back to top

HUMINT, SIGINT, COMINT, Telcos, IMSI catcher, Drones Interception, Cellular Interception, WIFI Interception, SMS senders, Jammer, Polygraph, VoIP, LRF, Bluetooth and etc.

IMAGE	NAMES	LINKS	DESCRIPTIONS
	Intercept Monitoring System	Website	(Hardware/Software/Resources/Shops): Note: not-verified. Advanced Interception Systems. Intelligence and surveillance etc.
	Discovery Telecom	Original Website	(Note: not-verified Shops): Advanced Interception Systems. Intelligence and surveillance etc.
	DragonOS SDR	Website	(SDR/OS/Linux): specifically designed for (SDR) enthusiasts, pre-installed with a wide range of open-source SDR tools and software like GNU Radio, GQRX, easily capture, analyz.

🔝 Back to top

IMAGE	NAME	LINKS	DESCRIPTION
	NIST NVD	Website	US National Vulnerability Database
	MITRE CVE	Website	Identify, define, and catalog publicly disclosed cybersecurity vulnerabilities
	CVE Search	Github	The main objective of the "cve search" is to avoid doing direct and public lookups into the public CVE databases.
	GitHub Advisory Database	Github	Security vulnerability database inclusive of CVEs and GitHub originated security advisories
	AttackerKB	Website	AttackerKB is a technical analysis tool on which you can search vulnerabilities that are rated by the community.
	Cloudvulndb.org	Website	The Open Cloud Vulnerability & Security Issue Database
	Osv.dev	Website	Open Source Vulnerabilities
	Vulners.com	Website	Your Search Engine for Security Intelligence
	Opencve.io	Website	Easiest way to track CVE updates and be alerted about new vulnerabilities
	Security.snyk.io	Website	Open Source Vulnerability Database
	Mend Vulnerability Database	Website	The largest open source vulnerability DB
	Rapid7 - DB	Website	Vulnerability & Database
	CVE Details	Website	The ultimate security vulnerability datasource
	VulnIQ	Website	Vulnerability intelligence and management solution
	SynapsInt	Website	The unified OSINT research tool
	Aqua Vulnerability Database	Website	Vulnerabilities and weaknesses in open source applications and cloud native infrastructure
	VulDB	Website	Number one vulnerability database
	ScanFactory	Website	Realtime Security Monitoring
	Trend Micro Zero Day Initiative	Website	Publicly disclosed vulnerabilities discovered by Zero Day Initiative researchers
	Google Project Zero	Website	Vulnerabilities including Zero Days
	Trickest CVE Repository	GitHub	Gather and update all available and newest CVEs with their PoC
	Cnvd.org.cn	Website	Chinese National Vulnerability Database
	InTheWild.io	Website	Check CVEs in our free, open source feed of exploited vulnerabilities
	Vulnerability Lab	Website	Vulnerability research, bug bounties, and vulnerability assessments
	Red Hat Security Advisories	Website	Information about security flaws that affect Red Hat products and services in the form of security advisories
	Cisco Security Advisories	Website	Security advisories and vulnerability information for Cisco products, including network equipment and software
	Microsoft Security Response Center	Website	Reports of security vulnerabilities affecting Microsoft products and services
	CISA	Website	Known Exploited Vulnerabilities Catalog
	CVEFeed	Website	CVE vulnerability & Threat Intelligence Hub

🔝 Back to top

IMAGE	NAME	LINKS	DESCRIPTION
	Nuclei	GitHub	(Network-Web): Fast and customizable vulnerability scanner based on simple YAML based DSL.
	OWASP ZAP	GitHub	(Web): Dynamic application security testing tool for finding vulnerabilities in web applications.
	Nmap	GitHub	(Network-Web): Powerful network scanner with built-in vulnerability scanning capabilities.
	Vulnscan	GitHub	(Network-Web): Vulnerability scanning and management tool.
	vulners	GitHub	(Network-Web): NSE script based on Vulners.com API
	Nikto	GitHub	(Web): Web server scanner for detecting vulnerabilities and misconfigurations.
	Metasploit	Github	(Network-Web): Computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.
	Arachni	GitHub	(Web): Modular web application security scanner.
	OpenVAS	GitHub	(Network-Web): Comprehensive vulnerability scanner for network services and applications.
	Nexpose	Website	(Network-Web): Nexpose is a comprehensive vulnerability management solution developed by Rapid7. It is designed to help organizations proactively identify, assess, and address security vulnerabilities across their IT environments
	Wapiti	GitHub	(Web): vulnerability scanner for black-box scanning.
	Vuls	GitHub	(Network-Web): Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices.
	Retire.js	GitHub	(Web): Scans for outdated JavaScript libraries with known vulnerabilities.
	Clair	GitHub	(Network): Static analysis of vulnerabilities in container images.
	Trivy	GitHub	(Network-Web): Vulnerability scanner for container images and other artifacts.
	Bandit	GitHub	(Programming): Finds common security issues in Python code.
	Grouper	GitHub	(Network): A PowerShell script for helping to find vulnerable settings in AD Group Policy. (deprecated, use Grouper2 instead!)
	SecLists	GitHub	(wordlists): Collection of multiple lists used in security assessments.
	SonarQube (Community Edition)	GitHub	(Web): Code quality and security analysis tool.
	Docker-Bench-Security	GitHub	(Network): Checks Docker containers against best security practices.
	Snyk CLI	GitHub	(Network): Finds and fixes vulnerabilities in dependencies and Docker images.
	OWASP Dependency-Check	GitHub	(Web): Identifies project dependencies with known vulnerabilities.
	Forta	GitHub	(Web): Real-time vulnerability detection for Ethereum smart contracts.
	sqlmap	GitHub	(Web): Automatic SQL injection and database takeover tool.
	xray	GitHub	(Web): A complete security assessment tool that supports scanning of common web security issues and custom POC | Be sure to read the documentation before using it.
	osv-scanner	GitHub	(Web): Vulnerability scanner written in Go which uses the data provided by.
	commix	GitHub	(Web): Automated All-in-One OS Command Injection Exploitation Tool.
	afrog	GitHub	(Network-Web): afrog is a high-performance vulnerability scanner that is fast and stable. It supports user-defined PoC and comes with several built-in types, such as CVE, CNVD, default passwords, information disclosure, fingerprint identification, unauthorized access, arbitrary file reading, and command execution.
	Nettacker	GitHub	(Network): Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management.
	Raccoon	GitHub	(Web): A high-performance offensive security tool for reconnaissance and vulnerability scanning.
	fuxploider	GitHub	(Web): File upload vulnerability scanner and exploitation tool.
	crawlergo	GitHub	(Web): A powerful browser crawler for web vulnerability scanners.
	Golismero	GitHub	(Web): Open-source security tool for web application assessment.
	Sn1per	GitHub	(Network-Web): Penetration testing tool for vulnerability scanning and enumeration.
	WhiteWidow	GitHub	(Web): SQL Vulnerability Scanner
	w3af	GitHub	(Web): Application Attack and Audit Framework.

🔝 Back to top

IMAGE	NAME	LINKS	DESCRIPTION
	Exploit-DB	Website	Exploit Database
	Sploitus	Website	(PoC): Convenient central place for identifying the newest exploits
	Rapid7 - DB	Website	(Databse): Vulnerability & Exploit Database
	Vulmon	Website	(Database): Vulnerability and exploit search engine
	packetstormsecurity.com	Website	Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
	0day.today	Website	Ultimate database of exploits and vulnerabilities
	LOLBAS	Github	(Windows): Living Off The Land Binaries, Scripts and Libraries
	GTFOBins	Github	(Linux-Unix): Curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
	XSS Payloads	Website	(WEB-XSS): The wonderland of JavaScript unexpected usages, and more
	NetExec	Github Website	(Network): NetExec (a.k.a nxc) is a network service exploitation tool that helps automate assessing the security of large networks.
	Reverse Shell generator	Website	(Reverse-Shell): Online Reverse Shell generator with Local Storage functionality, URI & Base64 Encoding, MSFVenom Generator, and Raw Mode
	GTFOArgs	Github	(Linux-Unix): Curated list of Unix binaries that can be manipulated for argument injection
	Shell-storm.org/shellcode	Website	(Database): Shellcodes database for study cases
	Hacking the Cloud	Website	(TTPs): Encyclopedia of the attacks/tactics/techniques that offensive security professionals can use on their next cloud exploitation adventure
	LOLDrivers	Website	(Windows): Open-source project that brings together vulnerable, malicious, and known malicious Windows drivers
	PwnWiki	Website	(TTPs): Collection of TTPs (tools, tactics, and procedures) for what to do after access has been gained
	CVExploits Search	Website	(Database): Your comprehensive database for CVE exploits from across the internet
	nanorobeus	Github	(Windows): A minimalistic tool for managing Kerberos tickets. Supports redteam frameworks
	SploitScan	Github	(PoC): SploitScan is a sophisticated cybersecurity utility designed to provide detailed information on vulnerabilities and associated proof-of-concept (PoC) exploits.
	Sicat	Github	(PoC): SiCat is an advanced exploit search tool designed to identify and gather information about exploits from both open sources and local repositories effectively.
	DNS Tunnel Keylogger	Github	Keylogging server and client that uses DNS tunneling/exfiltration to transmit keystrokes through firewalls.
	Payloads All The Things	Github	A list of useful payloads and bypasses for Web Application Security
	Commix	GitHub	(Command-Injection): Automated All-in-One OS command injection and exploitation tool
	Corsy	GitHub	(CORS-Misconfig): CORS Misconfiguration Scanner
	CORStest	GitHub	(CORS-Misconfig): A simple CORS misconfiguration scanner
	CorsMe	GitHub	(CORS-Misconfig): Cross Origin Resource Sharing MisConfiguration Scanner
	CRLFsuite	GitHub	(CRLF-Injection): A fast tool specially designed to scan CRLF injection
	crlfuzz	GitHub	(CRLF-Injection): A fast tool to scan CRLF vulnerability written in Go
	CRLF-Injection-Scanner	GitHub	(CRLF-Injection): Command line tool for testing CRLF injection on a list of domains
	XSRFProbe	GitHub	(CSRF-Injection): The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit
	dotdotpwn	GitHub	(Directory-Traversal): DotDotPwn - The Directory Traversal Fuzzer
	FDsploit	GitHub	(Directory-Traversal): File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
	off-by-slash	GitHub	(Directory-Traversal): Burp extension to detect alias traversal via NGINX misconfiguration at scale.
	liffy	GitHub	(File-Inclusion): Local file inclusion exploitation tool
	LFISuite	GitHub	(File-Inclusion): Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner
	inql	GitHub	(GraphQL-Injection): InQL - A Burp Extension for GraphQL Security Testing
	GraphQLmap	GitHub	(GraphQL-Injection): GraphQLmap is a scripting engine to interact with a GraphQL endpoint for pentesting purposes.
	clairvoyance	GitHub	(GraphQL-Injection): Obtain GraphQL API schema despite disabled introspection!
	headi	GitHub	(Header-Injection): Customisable and automated HTTP header injection.
	ysoserial	GitHub	(Deserialization): A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
	GadgetProbe	GitHub	(Deserialization): Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
	ysoserial.net	GitHub	(Deserialization): payload generator for a variety of .NET formatters
	phpggc	GitHub	(Deserialization): PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.
	Autorize	GitHub	(IDOR): Automatic authorization enforcement detection extension for Burp Suite written in Jython developed by Barak Tawily
	Oralyzer	GitHub	(Open-Redirect): Open Redirection Analyzer
	OpenRedireX	GitHub	(Open-Redirect): A Fuzzer for OpenRedirect issues
	razzer	GitHub	(Race-Condition): A Kernel fuzzer focusing on race bugs
	racepwn	GitHub	(Race-Condition): Race Condition framework
	requests-racer	GitHub	(Race-Condition): Small Python library that makes it easy to exploit race conditions in web apps with Requests
	turbo-intruder	GitHub	(Race-Condition): Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results
	race-the-web	GitHub	(Race-Condition): Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline
	http-request-smuggling	GitHub	HTTP Request Smuggling Detection Tool
	smuggler	GitHub	Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3
	h2csmuggler	GitHub	(Request-Smuggling): HTTP Request Smuggling over HTTP/2 Cleartext (h2c)
	tiscripts	GitHub	(Request-Smuggling): These scripts I use to create Request Smuggling Desync payloads for CLTE and TECL style attacks
	SSRFmap	GitHub	(SSRF): Automatic SSRF fuzzer and exploitation tool
	Gopherus	GitHub	(SSRF): This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
	SSRFire	GitHub	(SSRF): An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to find XSS and open redirects
	httprebind	GitHub	(SSRF): Automatic tool for DNS rebinding-based SSRF attacks
	ssrf-sheriff	GitHub	(SSRF): A simple SSRF-testing sheriff written in Go
	B-XSSRF	GitHub	(SSRF): Toolkit to detect and keep track on Blind XSS, XXE & SSRF
	extended-ssrf-search	GitHub	(SSRF): Smart SSRF scanner using different methods like parameter brute forcing in POST and GET
	gaussrf	GitHub	(SSRF): Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl and filter URLs with OpenRedirection or SSRF Parameters
	lorsrf	GitHub	(SSRF): Bruteforcing on hidden parameters to find SSRF vulnerability using GET and POST methods
	Singularity	GitHub	(SSRF): A DNS rebinding attack framework
	whonow	GitHub	(SSRF): A "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind.network:53)
	dns-rebind-toolkit	GitHub	(SSRF): A front-end JavaScript toolkit for creating DNS rebinding attacks
	dref	GitHub	(SSRF): DNS Rebinding Exploitation Framework
	rbndr	GitHub	(SSRF): Simple DNS Rebinding Service
	httprebind	GitHub	(SSRF): Automatic tool for DNS rebinding-based SSRF attacks
	dnsFookup	GitHub	(SSRF): DNS rebinding toolkit
	surf	GitHub	(SSRF): Escalate your SSRF vulnerabilities on modern cloud environments. `surf` allows you to filter a list of hosts, returning a list of viable SSRF candidates
	NoSQLMap	GitHub	(SQL Injection): Automated NoSQL database enumeration and web application exploitation tool.
	SQLiScanner	GitHub	(SQL Injection): Automatic SQL injection with Charles and sqlmap api
	SleuthQL	GitHub	(SQL Injection): Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap.
	mssqlproxy	GitHub	(SQL Injection): Toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse
	sqli-hunter	GitHub	(SQL Injection): Simple HTTP / HTTPS proxy server and a SQLMAP API wrapper that makes digging SQLi easy.
	ESC	GitHub	(SQL Injection): Evil SQL Client (ESC) is an interactive .NET SQL console client with enhanced SQL Server discovery, access, and data exfiltration features.
	mssqli-duet	GitHub	(SQL Injection): script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing
	sqliv	GitHub	(SQL Injection): Massive SQL injection vulnerability scanner
	nosqli	GitHub	(SQL Injection): NoSql Injection CLI tool, for finding vulnerable websites using MongoDB.
	ghauri	GitHub	(SQL Injection): An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws
	XSStrike	GitHub	(XSS Injection): Most advanced XSS scanner.
	xssor2	GitHub	(XSS Injection): XSS'OR - Hack with JavaScript.
	ezXSS	GitHub	(XSS Injection): ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
	xsshunter	GitHub	(XSS Injection): The XSS Hunter service - a portable version of XSSHunter.com
	dalfox	GitHub	(XSS Injection): DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang
	xsser	GitHub	(XSS Injection): Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.
	XSpear	GitHub	(XSS Injection): Powerful XSS Scanning and Parameter analysis tool&gem
	weaponised-XSS-payloads	GitHub	(XSS Injection): XSS payloads designed to turn alert(1) into P1
	tracy	GitHub	(XSS Injection): A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.
	ground-control	GitHub	(XSS Injection): A collection of scripts that run on my web server. Mainly for debugging SSRF, blind XSS, and XXE vulnerabilities.
	JSShell	GitHub	(XSS Injection): An interactive multi-user web JS shell
	bXSS	GitHub	(XSS Injection): bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.
	docem	GitHub	(XSS Injection): Utility to embed XXE and XSS payloads in docx, odt, pptx, etc (OXML_XEE on steroids)
	XSS-Radar	GitHub	(XSS Injection): XSS Radar is a tool that detects parameters and fuzzes them for cross-site scripting vulnerabilities.
	findom-xss	GitHub	(XSS Injection): A fast DOM based XSS vulnerability scanner with simplicity.
	domdig	GitHub	(XSS Injection): DOM XSS scanner for Single Page Applications
	femida	GitHub	(XSS Injection): Automated blind-xss search for Burp Suite
	B-XSSRF	GitHub	(XSS Injection): Toolkit to detect and keep track on Blind XSS, XXE & SSRF
	xssmap	GitHub	(XSS Injection): XSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具
	XSSCon	GitHub	(XSS Injection): Simple XSS Scanner tool
	BitBlinder	GitHub	(XSS Injection):BurpSuite extension to inject custom cross-site scripting payloads on every form/request submitted to detect blind XSS vulnerabilities
	shadow-workers	GitHub	(XSS Injection): Shadow Workers is a free and open source C2 and proxy designed for penetration testers to help in the exploitation of XSS and malicious Service Workers (SW)
	dtd-finder	GitHub	(XXE Injection): List DTDs and generate XXE payloads using those local DTDs.
	xxeserv	GitHub	(XXE Injection): A mini webserver with FTP support for XXE payloads
	xxexploiter	GitHub	(XXE Injection): Tool to help exploit XXE vulnerabilities
	XXEinjector	GitHub	(XXE Injection): Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.
	oxml_xxe	GitHub	(XXE Injection): A tool for embedding XXE/XML exploits into different filetypes
	tplmap	GitHub	(SSTI): Server-Side Template Injection and Code Injection Detection and Exploitation Tool
	SSTImap	GitHub	(SSTI): Automatic SSTI detection tool with interactive interface
	SprayingToolkit	Github	(Password): Scripts to make password spraying attacks against Lync/S4B, OWA & O365 quicker, less painful, and more efficient.
	o365recon	Github	(Cloud/AD): retrieve information via O365 and AzureAD with a valid cred
	CredMaster	Github	(Password): Refactored & improved CredKing password spraying tool. Uses FireProx APIs to rotate IP addresses, stay anonymous, and beat throttling.
	LFImap	Github	(LFI): Local File Inclusion discovery and exploitation tool

🔝 Back to top

IMAGE	NAME	LINKS	DESCRIPTION
	FullHunt.io	Website	Attack surface database of the entire Internet
	BinaryEdge	Website	We scan the web and gather data for you
	Censys ASM	Website	Attack Surface Management Solutions
	RedHunt Labs	Website	Discover your Attack Surface, Continuously
	SecurityTrails	Website	The Total Internet Inventory
	Overcast Security	Website	We make tracking your external attack surface easy
	IPInfo	Website	The trusted source for IP address data
	IPData	Website	IP Geolocation and Threat Intelligence API
	NetworksDB	Website	Information about the public IPv4 and IPv6 addresses, networks, and domains owned by companies and organizations across the world
	ASNlookup	Website	Quickly lookup updated information about specific Autonomous System Number (ASN), Organization, CIDR, or registered IP addresses (IPv4 and IPv6) among other relevant data
	BGPtools	Website	Browse the Internet ecosystem
	BGPview	Website	Debug and investigate information about IP addresses, ASN, IXs, BGP, ISPs, Prefixes, and Domain names
	BigDataCloud	Website	The API provides comprehensive location and network data
	RADb	Website	The world's largest public routing registry
	Deepinfo	Website	Empower your security with the most comprehensive Internet data
	Detectify	Website	Complete External Attack Surface Management

🔝 Back to top

IMAGE	NAME	LINKS	DESCRIPTION
	GitHub Code Search	Website	Search globally across all of GitHub, or scope your search to a particular repository or organization
	GitLab Code Search	Website	Advanced search for faster, more efficient search across the entire GitLab instance
	Sourceforge	Website	Complete Open-Source and Business Software Platform
	Grep.app	Website	Search across a half million git repos
	Publicwww.com	Website	Find any alphanumeric snippet, signature or keyword in the web pages HTML, JS and CSS code
	SearchCode	Website	Search 75 billion lines of code from 40 million projects
	NerdyData	Website	Find companies based on their website's tech stack or code
	RepoSearch	Website	Source code search engine that helps you find implementation details, example usages or just analyze code
	SourceGraph	Website	Understand and search across your entire codebase
	HotExamples	Website	Search code examples from over 1 million projects
	WP Directory	Website	Lightning fast regex searching of code in the WordPress Plugin and Theme Directories
	Github gist	Website	Instantly share code, notes, and snippets
	CodeBerg	Website	Collaboration platform and Git hosting for free and open source software, content and projects
	Fedora Pagure	Website	Open Source software code hosting system
	LaunchPad	Website	Software collaboration platform that provides: Bug tracking, Code hosting, Code reviews, Ubuntu package building and hosting, Translations...
	Repo.or.cz	Website	Public Git hosting site
	Gitorious.org	Website	Read-only mirror of the former gitorious.org code hosting website
	Sourcehut	Website	Collection of tools useful for software development
	Android.googlesource.com	Website	Git repositories on android
	Deps.dev	Website	Service developed and hosted by Google to help developers better understand the structure, construction, and security of open source software packages
	WebFinery	Website	Search the source code of the web
	Google Code Archive	Website	Data found on the Google Code Project Hosting Service, which was turned down in early 2016
	Snipplr	Website	Code snippet search engine that allows users to search and share code snippets across various programming languages and frameworks

🔝 Back to top

IMAGE	NAME	LINKS	DESCRIPTION
	DomainTyper	PH only Website	The list of Top Websites in the World is based on the Traffic data for the Top 1,000,000 sites globally. In the top 1 million sites there are 590 [lastview: 07-15-24] sites ending with .PH Domain.
	PhoneBook	Website	Lists all domains, email addresses, or URLs for the given input domain
	IntelligenceX	Website	Search engine and data archive
	Omnisint	Website	Subdomain enumeration
	RobTex	Website	Various kinds of research of IP numbers, Domain names, etc
	CentralOps - DomainDossier	Website	Investigate domains and IP addresses
	DomainIQ	Website	Comprehensive Domain Intelligence
	Whois.domaintools.com	Website	Industry’s fastest domain discovery engine and broadest, most accurate data
	Grayhatwarfare.com - domains	Website	How to search URLs exposed by Shortener services
	Whoisology.com	Website	Deep Connections Between Domain Names & Their Owners
	Who.is	Website	WHOIS Search, Domain Name, Website, and IP Tools
	Pentest Tools	Website	Find the subdomains of an internet domain and determine the attack surface of an organization.
	BuiltWith	Website	Find out what websites are Built With
	MoonSearch	Website	Backlinks checker & SEO Report
	Sitereport.netcraft.com	Website	Find out the infrastructure and technologies used by any site
	SynapsInt	Website	The unified OSINT research tool
	Statscrop.com	Website	Millions of amazing websites across the web are being analyzed with StatsCrop
	Securityheaders.com	Website	Scan your site now
	Visualsitemapper.com	Website	Create a visual map of your site
	Similarweb.com	Website	The easiest and fastest tool to find out what's really going on online
	Buckets.grayhatwarfare.com	Website	Public buckets
	C99.nl	Website	Over 57 quality API's and growing!
	Wannabe1337.xyz	Website	Online Tools
	Subdomainfinder.c99.nl	Website	Scanner that scans an entire domain to find as many subdomains as possible
	AnubisDB	Website	Subdomain enumeration and information gathering tool
	WhoisXMLAPI	Website	Domain & IP Data Intelligence for Greater Enterprise Security
	HypeStat	Website	Free statistics and analytics service, where you can find information about every website
	Private Key Project	Website	Information security tools from Private Key Project
	SiteDossier	Website	Profiles for millions of sites on the web
	SpyOnWeb	Website	Quick and convenient search for the websites that probably belong to the same owner

🔝 Back to top

IMAGE	NAME	LINKS	DESCRIPTION
	DNSDumpster	Website	DNS recon & research, find & lookup DNS records
	Chaos	Website	Enhance research and analyze changes around DNS for better insights
	RapidDNS	Website	DNS query tool which makes querying subdomains or sites of the same IP easy
	DNSdb	Website	Passive DNS historical database
	Omnisint	Website	Reverse DNS lookup
	HackerTarget	Website	Collect information about IP Addresses, Networks, Web Pages, and DNS records
	Passivedns.mnemonic.no	Website	Web interface for querying passive DNS data collected in our malware lab
	Ptrarchive.com	Website	Over 230 billion reverse DNS entries from 2008 to the present
	Dnshistory.org	Website	Domain Name System Historical Record Archive
	DNSTwister	Website	The anti-phishing domain name search engine and DNS monitoring service
	DNSviz	Website	Tool for visualizing the status of a DNS zone
	DNSlytics	Website	Find out everything about a domain name, IP address, or provider
	Dnsrepo.noc.org	Website	DNS Database Repository Search
	DNSSpy	Website	Monitor, validate, and verify your DNS configurations
	ZETAlytics	Website	We offer unrivaled geographic diversity and exclusive global network visibility in searchable datasets for use by cybersecurity analysts
	AskDNS	Website	Lookup Connected Domain Names and IP Addresses
	MXtoolbox	Website	All of your MX record, DNS, blacklist, and SMTP diagnostics in one integrated tool
	NSLookup.io	Website	Find all DNS records for a domain name using this online tool
	Robtex DNS Lookup	Website	Get detailed information on the nameservers associated with a domain name

🔝 Back to top

IMAGE	NAME	LINKS	DESCRIPTION
	Crt.sh	Website	Certificate Search
	CTSearch	Website	Certificate Transparency Search Tool
	Tls.bufferover.run	Website	Quickly find certificates in IPv4 space
	CertSpotter	Website	Monitors your domains for expiring, unauthorized, and invalid SSL certificates
	Censys Search - Certificates	Website	Certificates Search
	Certificatedetails	Website	Online certificate viewer. Inspect and download certificates from your browser
	FacebookCT	Website	Search for certificates issued for a given domain and subscribe to notifications from Facebook regarding new certificates
	ciphersuite	Website	ciphersuite by using IANA, OpenSSL, or GnuTLS name format
	certificatedetails.com	Website	Online certificate viewer. Inspect and download certificates from your browser
	certs.io	Website	Search TLS certificates across the internet

🔝 Back to top

IMAGE	NAMES	LINKS	DESCRIPTIONS
	Wigle.net	Website	Maps and database of 802.11 wireless networks with statistics
	wifimap.io	Website	Connect to all Free WiFi Hotspots using WiFi Map App all over the World!
	wificafespots.com	Website	Free WiFi Cafe Spots
	wifispc.com	Website	Free map of Wi-Fi passwords anywhere you go!
	openwifimap.net	Website	HTML5 map with OpenWiFiMap data
	mylnikov.org	Website	Public API implementation of Wi-Fi Geo-Location database

🔝 Back to top

IMAGE	NAMES	LINKS	DESCRIPTIONS
	MACVendorLookup.com	Website	Look up the vendor for a specific MAC Address
	macvendors.com	Website	Find MAC Address Vendors
	macaddress.io	Website	MAC address vendor lookup
	maclookup.app	Website	Find the vendor name of a device by entering an OUI or a MAC address
	macvendors.co	Website	Get vendor name of your network device using its MAC address

🔝 Back to top

IMAGE	NAMES	LINKS	DESCRIPTIONS
	Weakpass: wordlist - dicassassin	Website	weakpass unleash the power of them all at once
	Have I Been Pwned	Website	Check if your email or phone is in a data breach
	Dehashed	Website	Free deep-web scans and protection against credential leaks
	LeakCheck.io	Website	Make sure your credentials haven't been compromised
	crackstation.net	Website	Massive pre-computed lookup tables to crack password hashes
	HashKiller	Website	Pre-cracked Hashes, easily searchable
	LeakedPassword	Website	Search across multiple data breaches to see if your password has been compromised
	BugMeNot	Website	Find and share logins
	LeakSearch	Github	A tool search and parse plain text passwords using ProxyNova COMB (Combination Of Many Breaches) over the Internet.

🔝 Back to top

IMAGE	NAMES	LINKS	DESCRIPTIONS
	WikiLeaks	Website	News leaks and classified media provided by anonymous sources
	BreachForums	Onion Website	Breaches, Data leaks, databases, and more
	Snusbase	Website	Stay on top of the latest database breaches
	breachdirectory.org	Website	Check if your information was exposed in a data breach
	Leak-Lookup	Website	Search across thousands of data breaches

🔝 Back to top

IMAGE	NAMES	LINKS	DESCRIPTIONS
	MITRE ATT&CK	Website	Globally-accessible knowledge base of adversary tactics and techniques
	PulseDive	Website	Threat intelligence made easy
	ThreatCrowd	Website	A Search Engine for Threats
	ThreatMiner	Website	Data Mining for Threat Intelligence
	VirusTotal	Website	Analyze suspicious files, domains, IPs and URLs to detect malware and other breaches
	vx-underground.org	Website	The largest collection of malware source code, samples, and papers on the internet
	bazaar.abuse.ch	Website	Malware sample database
	feodotracker.abuse.ch	Website	List of botnet Command&Control servers
	Valhalla YARA Rules	Website	Valhalla is a Malware Detection tools based on YARA rules.
	sslbl.abuse.ch	Website	All malicious SSL certificates
	urlhaus.abuse.ch	Website	Propose new malware urls
	threatfox.abuse.ch	Website	Indicator Of Compromise (IOC) database
	yaraify.abuse.ch	Website	Scan suspicious files such as malware samples or process dumps against a large repository of YARA rules
	Rescure	Website	Curated cyber threat intelligence for everyone
	otx.alienvault	Website	The World's First Truly Open Threat Intelligence Community
	urlquery.net	Website	Service for detecting and analyzing web-based malware
	socradar.io	Website	Extension to your SOC team
	VirusShare	Website	System currently contains 48 million malware samples
	PassiveTotal	Website	Security intelligence that scales security operations and response
	malapi.io	Website	Windows APIs used for malicious purposes
	filesec.io	Website	Latest file extensions being used by attackers
	leakix.net	Website	Search engine indexing public information and an open reporting platform linked to the results
	tria.ge	Website	Fully automated solution for high-volume malware analysis using advanced sandboxing technology
	Polyswarm	Website	Launchpad for new technologies and innovative threat detection methods
	Cisco Talos	Website	The threat intelligence organization at the center of the Cisco Security portfolio
	scamsearch.io	Website	Find your scammer online & report them
	CyberCampaigns	Website	Threat Actor information and Write-Ups
	ORKL	Website	The Community Driven Cyber Threat Intelligence Library
	Maltiverse	Website	Data from more than 100 different Threat Intelligence sources
	Inquest Labs	Website	Threat intelligence from hundreds of public, private, and internal sources to develop new FDR signatures and rules
	PhishTank	Website	Collaborative clearing house for data and information about phishing on the Internet
	IntelOwl	GitHub	Open Source Intelligence, or OSINT solution to get threat intelligence data about a specific file, an IP or a domain from a single API at scale
	Lupovis	Website	Analyze and collect data on Internet-wide scans and attacks in real-time. We use this data to identify and classify malicious actors
	AbuseIPDB	Website	Check the report history of any IP address to see if anyone else has reported malicious activities
	Sucuri SiteCheck	Website	Check websites for known malware, viruses, blacklisting status, website errors, out-of-date software, and malicious code
	Spamhaus	Website	Protect and investigate using IP and domain reputation data
	ThreatBook	Website	One step ahead of your adversary with high-fidelity, efficient and actionable cyber threat intelligence
	ShadowServer	Website	Nonprofit security organization working altruistically behind the scenes to make the Internet more secure for everyone
	Team Cymru	Website	Global leader in cyber threat intelligence and attack surface management
	BeVigil	Website	Search engine for mobile application security testing
	CIRCL	Website	The Computer Incident Response Center Luxembourg is a government-driven initiative designed to gather, review, report and respond to computer security threats and incidents
	MetaDefender Cloud	Website	Advanced threat detection and prevention platform
	Cybersixgill	Website	Threat intelligence platform that provides access to a wide range of cybersecurity information, including dark web monitoring and threat actor analysis
	Hybrid Analysis	Website	Free malware analysis service for the community that detects and analyzes unknown threats using a unique Hybrid Analysis technology
	IBM X-Force Exchange	Website	Threat intelligence sharing platform enabling research on security threats, aggregation of intelligence, and collaboration with peers
	C2-Trackers	Github	Free to use IOC feed for various tools/malware. It started out for just C2 tools but has morphed into tracking infostealers and botnets as well.
	RansomLook	Website	(Adversaries Monitoring): RansomLook is an open-source project aimed at assisting users in tracking ransomware-group related posts and activities across various sites
	Ransomwhere	Website	(Adversaries Monitoring): Ransomwhere Monitoring Cryptocurrencies, a crowdsourced ransomware payment tracker.
	yara	Github	(Yara rules): YARA is a tool aimed helping malware researchers to identify and classify malware samples.

🔝 Back to top

IMAGE	NAMES	LINKS	DESCRIPTIONS
	rep+	chrome extension	rep+ is a Burp-style HTTP Repeater for Chrome DevTools with built‑in AI to explain requests and suggest attacks
	Shodan	Firefox Chrome	The Shodan plugin tells you where the website is hosted (country, city), who owns the IP and what other services/ ports are open.
	Link Gopher	Firefox Chrome	Extracts all links from web page, sorts them, removes duplicates, and displays them in a new tab for inspection or copy and paste into other systems
	Wappalyzer	Firefox Chrome	Identify technologies on websites
	Foxyproxy	Firefox Chrome	FoxyProxy is an open-source, advanced proxy management tool that completely replaces Firefox's limited proxying capabilities.
	Wayback Machine	Firefox Chrome	The Official Wayback Machine Extension - by the Internet Archive.
	Temp-mail	Firefox Chrome	Temporary disposable email address. Protect your email from spam, bots and phishing with Temp-Mail.
	Hunter	Firefox Chrome	Find email addresses from anywhere on the web, with just one click.
	Hacktools	Firefox Chrome	Hacktools, is a web extension facilitating your web application penetration tests, it includes cheat sheets as well as reverse shells to test your web application.
	CookieManager	Firefox Chrome	Edit cookies related to the current page and all its sub-frames right from a popup
	Open-Multiple URLs	Firefox Chrome	Opens a list of URLs
	Darkreader	Firefox Chrome	Dark mode for every website. Take care of your eyes, use dark theme for night and daily browsing.
	Grammar and Spell Checker	Firefox Chrome	With this extension you can check text with the free style and grammar checker LanguageTool.
	Grammarly	Firefox Chrome	Improve your writing with Grammarly's assistance. Get spell check, grammar check, and punctuation check in one tool.
	User-Agent Switcher and Manager	Firefox Chrome	Spoof websites trying to gather information about your web navigation—like your browser type and operating system—to deliver distinct content you may not want.
	PwnFox	Firefox	PwnFox is a Firefox/Burp extension that provide usefull tools for your security audit
	HackBar v2	Firefox	A HackBar for google chrome/firefox browser. Small tool for pentesting websercurity.Load, split, execute url from address bar and etc.
	Modify Header Value	Firefox Chrome	Modify Header Value can add, modify or remove an HTTP-request-header for all requests on a desired website or URL.
	Retire.js	Firefox Chrome	Scan a web app for use of vulnerable JavaScript libraries. The goal of Retire.js is to help you detect use of version with known vulnerabilities.
	Broken Link Checker	Firefox	A SEO tool to find broken (404) and redirected (301, 307, 308) links in all frames. Easy way to get some bounties by taking over broken social media handles.
	APK Downloader	Firefox	If you are into Android pentest or want find some quick bugs with apk static analysis, APK Downloader will make your day.
	Altair GraphQL Client	Firefox	A beautiful feature-rich GraphQL Client for all platforms.
	Trufflehog	Firefox Chrome	Sniffing out credentials
	Disable WebRTC	Firefox	WebRTC leaks your actual IP addresses from behind your VPN, by default.
	.Git	Firefox Chrome	An extension to check if .git is exposed in visited websites.
	uBlock Origin	Firefox Chrome	Finally, an efficient wide-spectrum content blocker. Easy on CPU and memory.
	Code Beautifer/Minifier	Firefox Firefox	This extension For beautify js and css and html. HTML & CSS & JavaScript Beautifier/Minifier

🔝 Back to top