A list of information security tools I use for assessments, investigations and other cybersecurity tasks.

Also worth checking out is CISA’s list of free cybersecurity services and tools.

Jump to Section

• OSINT / Reconnaissance
  • Network Tools
  • Breaches, Incidents & Leaks
  • FININT
  • GEOINT
  • HUMINT
  • IMINT
  • MASINT
  • SOCMINT
  • Email
  • Code Search
• Scanning / Enumeration / Attack Surface
• Offensive Security
  • Exploits
  • Red Team
• Vulnerability Catalogs & Tools
• Blue Team
  • CTI & IoCs
  • Static / File Analysis
  • Dynamic / Malware Analysis
  • Forensics
  • Phishing / Email Security
• Assembly / Reverse Engineering
• OS / Scripting / Programming
• Password
• Assorted
  • OpSec
  • Jobs
  • Conferences/Meetups
  • Research & Blogs
  • Funny
  • Walls of Shame
  • Other

---

OSINT / Reconnaissance

• Common Crawl - Open repository of web crawl data
• Cylect.io - Ultimate AI OSINT searching tool
• DarkwebDaily.Live
• Dehashed - Data-mining and deep web asset search engine
• Dork King - Bug Bounty Dorks
• DorkGenius - Generate custom dorks for Google, Bing, DuckDuckGo, & more
• DorkSearch.com - Faster Google Dorking
• FOFA - Search engine for global cyberspace mapping
• Google Advanced Search Operators - A resource for doing advanced Google searches
• Have I Been Squatted? - Check if your domain has been squatted.
• Hunter.how - Internet search engines for security researchers
• IntelligenceX - Search Tor, I2P, data leaks, domains, and emails
• Lopseg - OSINT tools
• MetaOSINT - Aggregation of “top” tools & resources intended to help jumpstart OSINT investigations
• OSINT Framework - Helping people find free OSINT resources
• OSINT Industries - Gateway to email-based research
• SEC eFilings (EDGAR) - Electronic Data Gathering, Analysis and Retrieval system
• SpyOnWeb - Find related websites
• Wayback Machine - The archive for the Internet and a time machine for the web
• Well-Known Resource Index - Search /.well-known/ resources served by sites across the web
• Worldwide OSINT tools map - Phonebooks, cadastral maps, vehicle numbers databases, business registries, passengers lists, court records and much more
• ZoomEye - Target information search

Network Tools (IP, DNS, WHOIS)

• AbuseIPDB - Check IP address, domain name or subnet
• American Registry for Internet Numbers (ARIN) - Administers IP addresses & ASNs
• Better Whois - The whois domain search that works with all registrars
• DomainTools - Whois lookup, domain availability and IP search tools
• DNSCheck - DNS tool
• DNSDumpster - DNS recon & research, find & lookup dns records
• DNSViz - Tool for visualizing the status of a DNS zone
• dnsqueries.com - Collection of online network tools
• Hurricane Electric BGP Toolkit - A variety of Internet services and network tools
• Internet Namespace Security Observatory - DNSSEC statistics and insights into the global adoption of secure internet namespaces
• IPSpy.net - IP Lookup, WHOIS, DNS, Utilities
• IPVoid - Discover details about IP addresses
• ManageEngine Site24x7 - Free Tools for Network, DevOps and Site Reliability Engineers (SRE)
• Netcraft - Collection of internet security services
• Network Solutions - Whois lookup for domain registration information
• NetworkScan - IP Lookups for Open Ports
• NsLookup - Online tool for querying DNS servers
• Online Whois Tool - WHOIS
• Radar | Cloudflare - Search for locations, AS, reports, domains and IP info
• RIPE Network Coordination Centre - Organization that allocates and registers blocks of Internet number resources to ISPs and other organizations
• Subdomain Center - Subdomain discovery
• who.is - Whois search, domain name, website and IP tools
• ZoneDiff - Monitor new and expired domains with daily TXT dumps

Breaches, Incidents & Leaks

• Breach HQ - Open database of security incidents
• CSIDB - Cyber Security Incident Database
• Cybersecurity Incident Tracker | Board Cybersecurity - Tracker for cybersecurity incidents reported in an entity’s 8-K
• DataBreaches.net - Information on corporate security breaches
• DefiLlama Hacks - Cryptocurrency hack tracker
• escape.tech API Data breaches - Database for API data breaches
• Firefox Monitor - Find out if your personal information has been compromised
• GDPR Enforcement Tracker - Overview of fines and penalties which data protection authorities within the EU have imposed under the EU GDPR.
• Leak-Lookup - Data Breach Search Engine
• LeakPeek - Data breach search engine
• Northrecon - Incident database
• PrivacyRights.org Data Breaches - Info on publicly available reported breaches
• Public Cloud Security Breaches - Security incidents and breaches from customers in major cloud providers
• Ransomfeed
• RansomLook - Tracking ransomware posts and activities
• Ransomware.live - Ransomware leak monitoring tool and observatory
• Ransomwatch - Ransomware page crawler
• Ransomwhere - Open, crowdsourced ransomware payment tracker
• search.0t.rocks
• SnusBase - Data breach search engine
• White Intel - Dark-Web Scan

FININT (Financial Intelligence)

• GSA eLibrary - Source for the latest GSA contract award information

GEOINT (Geographical Intelligence)

• Homemetry
• MoonCalc - Calculate moon phase
• PeakFinder - Mountains/coordinates
• PowerOutage.us - Track, record and aggregate power outages in the US
• SunCalc - Sun path computation, solar data & geo data

HUMINT (Human & Corporate Intelligence)

• No-Nonsense Intel - List of keywords which you can use to screen for adverse media, military links, political connections, sources of wealth, asset tracing etc
• CheckUser - Check desired usernames across social network sites
• CorporationWiki - Find and explore relationships between people and companies
• Crunchbase - Discover innovative companies and the people behind them
• Find Email - Find email addresses from any company
• Info Sniper - Search property owners, deeds & more
• Library of Leaks - Search documents, companies and people
• LittleSis - Who-knows-who at the heights of business and government
• NAMINT - Shows possible name and login search patterns
• OpenCorporates - Legal-entity database
• That’s Them - Find addresses, phones, emails and much more
• TruePeopleSearch - People search service
• WhatsMyName - Enumerate usernames across many websites
• Whitepages - Find people, contact info & background checks

IMINT (Imagery/Maps Intelligence)

• Exposing.ai
• Insecam - Live cameras directory
• Map IPs - Paste up to 500,000 IPs below to see where they’re located on a map
• Map of worldwide ransomware attacks
• Photo OSINT - A lot of OSINT tools
• World Imagery Wayback - Digital archive, providing users with access to the different versions of World Imagery created over time
• WorldCam - Webcams from around the world

MASINT (Measurement and Signature Intelligence)

• Wigle.net - Database of wireless networks

SOCMINT (Social Media Intelligence)

• Discord Servers - Discord server search
• Find a Discord - Discord server search
• Lyzem - Telegram search engine
• Spy.pet - Explore Discord’s data
• TGStat - Telegram search channel

Email

• DMARC Checker - Check DMARC, DKIM, and SPF Settings
• EmailFormat.com - Find the email address formats in use at thousands of companies
• Hunter - Search for professional email addresses
• merox.io - DNS security and DMARC
• MX Lookup Tool - Check your DNS MX records online
• MX Toolbox - List MX records for a domain in priority order

Code Search

• grep.app - Search across a half million git repos
• PublicWWW - Find any alphanumeric snippet, signature or keyword in the web pages HTML, JS and CSS code
• searchcode - Search 75 billion lines of code from 40 million projects

---

Scanning / Enumeration / Attack Surface

• Awseye
• badkeys.info - Checking cryptographic public keys for known vulnerabilities
• Browser History Analyzer - Processes your browser history
• Built With - Find out what websites are built with
• Censys Search - Search IP address, name, protocol or field
• CensysGPT Beta - CensysGPT beta simplifies building queries and empowers users to conduct efficient and effective reconnaissance operations
• Cert Central
• CertDB - A searcheable database of the internet’s SSL/TLS certificate names
• CriminalIP - Search for information about assets connected to the public Internet
• crt.sh - Certificate search
• CRXcavator - Chrome extension scanning
• FullHunt - Attack Surface Enumerator
• Grayhat Warfare - Public Bucket Finder
• GreyNoise - Internet-connected devices
• HTTP Observatory - Analyzing compliance with best security practices
• ꓘamerka and ꓘamerka lite - Public ICS identification
• LeakIX - Search publicly indexed information to find security misconfigurations
• Netlas - Search and monitor internet connected assets.
• Onyphe - Cyber defense search engine
• OSINT.SH Public Buckets - Public Bucket Finder
• S3 Bucket Scanner | purpleleaf - Checks S3 bucket-level permissions that may allow data exposure
• Security Headers | Probely - Analyze HTTP headers
• SecurityTrails - Attack surface scanning
• Shodan - Search engine for internet-connected devices
• Shodan | InternetDB - Fast way to see the open ports for an IP address
• Shodan-Dork
• Should I click? - Tells you if it’s safe to click on a link
• SSL Checker - SSL certificate verification
• SSL Server Test - Tool from Qualys to perform deep analysis of the configuration of an SSL web server
• urlscan.io - Scan and analyze websites
• Wappalyzer - Identify technologies on websites

---

Offensive Security

Exploits

• Bug Bounty Hunting Search Engine - Search for writeups, payloads, bug bounty tips, and more…
• BugBounty.zip - Your all-in-one solution for domain operations
• CP-R Evasion Techniques
• CVExploits - Comprehensive database for CVE exploits
• DROPS - Dynamic CheatSheet/Command Generator
• Exploit Notes - Hacking techniques and tools for penetration testings, bug bounty, CTFs
• ExploitDB - Huge repository of exploits from Offensive Security
• files.ninja - Upload any file and find similar files
• Google Hacking Database (GHDB) - A list of Google search queries used in the OSINT phase of penetration testing
• GTFOArgs - Curated list of Unix binaries that can be manipulated for argument injection
• GTFOBins - Curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
• Hijack Libs - Curated list of DLL Hijacking candidates
• Living Off the Living Off the Land - A great collection of resources to thrive off the land
• Living Off the Pipeline - CI/CD lolbin
• Living Off Trusted Sites (LOTS) Project - Repository of popular, legitimate domains that can be used to conduct phishing, C², exfiltration & tool downloading while evading detection
• LOFLCAB - Living off the Foreign Land Cmdlets and Binaries
• LoFP - Living off the False Positive
• LOLBAS - Curated list of Windows binaries that can be used to bypass local security restrictions in misconfigured systems
• LOLC2 - Collection of C2 frameworks that leverage legitimate services to evade detection
• LOLESXi - Living Off The Land ESXi
• LOLOL - A great collection of resources to thrive off the land
• LOLRMM - Remote Monitoring and Management (RMM) tools that could potentially be abused by threat actors
• LOOBins - Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in macOS binaries and how they can be used by threat actors for malicious purposes
• LOTTunnels - Living Off The Tunnels
• Microsoft Patch Tuesday Countdown
• offsec.tools - A vast collection of security tools
• Shodan Exploits
• SPLOITUS - Exploit search database
• VulnCheck XDB - An index of exploit proof of concept code in git repositories
• XSSed - Information on and an archive of Cross-Site-Scripting (XSS) attacks

Red Team

• ArgFuscator - Generates obfuscated command lines for common system tools
• ARTToolkit - Interactive cheat sheet, containing a useful list of offensive security tools and their respective commands/payloads, to be used in red teaming exercises
• Atomic Red Team - A library of simple, focused tests mapped to the MITRE ATT&CK matrix
• C2 Matrix - Select the best C2 framework for your needs based on your adversary emulation plan and the target environment
• ExpiredDomains.net - Expired domain name search engine
• Living Off The Land Drivers - Curated list of Windows drivers used by adversaries to bypass security controls and carry out attacks
• Unprotect Project - Search Evasion Techniques
• WADComs - Curated list of offensive security tools and their respective commands, to be used against Windows/AD environments

Web Security

• Invisible JavaScript - Execute invisible JavaScript by abusing Hangul filler characters
• INVISIBLE.js - A super compact (116-byte) bootstrap that hides JavaScript using a Proxy trap to run code

---

Security Advisories

• CISA Alerts - Providing information on current security issues, vulnerabilities and exploits
• ICS Advisory Project - DHS CISA ICS Advisories data visualized as a Dashboard and in Comma Separated Value (CSV) format to support vulnerability analysis for the OT/ICS community

Attack Libraries

A more comprehensive list of Attack Libraries can be found here.

• ATLAS - Adversarial Threat Landscape for Artificial-Intelligence Systems is a knowledge base of adversary tactics and techniques based on real-world attack observations and realistic demonstrations from AI red teams and security groups
• ATT&CK
• Risk Explorer for Software Supply Chains - A taxonomy of known attacks and techniques to inject malicious code into open-source software projects.

Vulnerability Catalogs & Tools

• !CVE - Vulnerabilities that don’t have CVEs
• CloudVulnDB - List all known cloud vulnerabilities and CSP security issues
• CPR-Zero - Check Point Research Vulnerability Repository
• CVE - CVE.org
• CVE - Common Vulnerabilities and Exposures (CVE) - CVE respository from MITRE
• CVE Crowd - CVEs being discussed on Mastodon
• CVE Trends - crowdsourced CVE intel
• CVEDEB API | Shodan - Check information about vulnerabilities in a service
• CVEdetails.com - Provides CPE information for most CVEs, even if they are not provided by NVD
• CVEShield - CVEs being discussed on Twitter
• CVESky - Bluesky CVE Leaderboard
• CVE Tracker | CyberAlerts - Monitor the number of CVEs added to the CVE database
• CWE - A community-developed list of software & hardware weaknesses that can become vulnerabilities
• Designer Vulnerabilities | Shellsharks - Named vulnerabilities
• ENISA - European Union Vulnerability Database
• Exploit Observer - Aggregates & interprets exploit/vulnerability data from all over the Internet.
• fedisecfeeds - CVE information from the Fediverse
• GCVE.eu - Global CVE Allocation System
• Go Vulnerability Management
• Intel | Intruder
• inTheWild - A database of actively exploited vulnerabilities
• KEV Catalog Dashboard
• KEVIntel - Known exploited vulnerabilities (KEVs) that have been cataloged from over 50 public sources
• Known Exploited Vulnerabilities (KEV) Catalog - Authoritative source of vulnerabilities that have been exploited in the wild
• Linux Kernel CVEs
• LVE Repository - Document and track vulnerabilities and exposures of large language models (LVEs)
• National Vulnerability Database | NVD - National Vulnerability Database
• Nessus Plugin Search - A search tool for Nessus plugins
• OpenCVE - Opensource Vulnerability Management Platform
• OSV | Open Source Vulnerabilities - Vulnerability database for open source projects
• RUSTSEC - A vulnerability database for the Rust ecosystem
• Snyk Vulnerability Database - Database for open source vulnerabilities and cloud misconfigurations
• ThreatINT - Information on publicly disclosed Cybersecurity vulnerabilities
• V.E.D.A.S. - Vulnerability & Exploit Data Aggregation System
• VulDB - Curating and documenting all security vulnerabilities that got published in electronic products
• VulnCheck Advisories - Third party vulnerabilities that have been reported by VulnCheck
• VulnCheck KEV - Community resource that enables security teams to manage vulnerabilities and risk with additional context and evidence-based validation
• Vulnerability-Lookup & Vulnerability-Lookup.org - Facilitates quick correlation of vulnerabilities from various sources, independent of vulnerability IDs, and streamlines the management of Coordinated Vulnerability Disclosure (CVD)
• Vulners - Search engine for security intelligence
• Wordfence Intelligence - Threat intelligence data platform which currently consists of an incredibly comprehensive database of WordPress vulnerabilities
• Zero-Day Tracking Project - Raise awareness for zero-day vulnerabilities

Risk Assessment Models

A more comprehensive list of Risk Assessment Models and tools can be found here.

• CVSS Version 2 Calculator - Calculate CVSS risk scores
• CVSS v4.0
• VISS Calculator - Vulnerability Impact Scoring System

---

Blue Team

• AttackRuleMap - Mapping of open-source detection rules and atomic tests.
• Detection Studio
• EDR Telemetry - List of telemetry features from EDR products and other endpoint agents
• EDR Telemetry Project - Comprehensive resource for comparing Endpoint Detection and Response (EDR) telemetry capabilities across multiple platforms
• ETDA Threat Group Cards: A Threat Actor Encyclopedia - Full profiles of all threat groups worldwide that have been identified
• Honest Security
• malpedia - Resource for rapid identification and actionable context when investigating malware
• Microsoft Sentinel Analytic Rules - Beautified catalog of the official Microsoft Sentinel GitHub repository
• Rulehound - Detection rules
• SaaS Event Maturity Matrix - Comprehensive framework that provides clarity regarding the capabilities and nuances of SaaS audit logging
• YARA Toolkit - Write your own Yara rules or copy paste one to edit it
• YARA Validator - Compile your rules on all yara versions online to detect compatibility issues!
• YaraDbg - Web-based Yara debugger to help security analysts to write hunting or detection rules

CTI & IoCs

• Alien Vault OTX - Open threat intelligence community
• BAD GUIDs EXPLORER
• Binary Edge - Real-time threat intelligence streams
• Cloud Threat Landscape - A comprehensive threat intelligence database of cloud security incidents, actors, tools and techniques. Powered by Wiz Research
• CTI AI Toolbox - AI-assisted CTI tooling
• CTI.fyi - Content shamelessly scraped from ransomwatch
• CyberOwl - Stay informed on the latest cyber threats
• Dangerous Domains - Curated list of malicious domains
• HudsonRock Threat Intelligence Tools - Cybercrime intelligence tools
• InQuest Labs - Indicator Lookup
• IOCParser - Extract Indicators of Compromise (IOCs) from different data sources
• Malpuse - Scan, Track, Secure: Proactive C&C Infrastructure Monitoring Across the Web
• ORKL - Library of collective past achievements in the realm of CTI reporting.
• Pivot Atlas - Educational pivoting handbook for cyber threat intelligence analysts
• Pulsedive - Threat intelligence
• ThreatBook TI - Search for IP address, domain
• threatfeeds.io - Free and open-source threat intelligence feeds
• ThreatMiner - Data mining for threat intelligence
• TrailDiscover - Repository of CloudTrail events with detailed descriptions, MITRE ATT&CK insights, real-world incidents references, other research references and security implications
• URLAbuse - Open URL abuse blacklist feed
• urlquery.net - Free URL scanner that performs analysis for web-based malware

URL Analysis

• BrightCloud - View threat, content and reputation analysis
• CyberGordon - Threat and risk information about observables
• defang.me - IOC Defanging Tool
• Desenmascara - Is this a fraudulent website?
• Google Safe Browsing - Scan for unsafe websites
• IP Lookup / Quality Score - Detect high risk IP addresses and check IP fraud scores
• Is It Hacked? - Checks URL for spammy links, funny redirects, or if it is hacked
• MalwareURL Site Reputation Lookup - URL, domain & IP reputation search
• McAfee Single URL Check - Check if a site is categorized
• Norton Safe Web - Discover ratings for any site
• Palo Alto Test A Site - View details about its current URL categories
• Quttera - Scan website
• ScamAdviser - Check if website is a scam
• SUCURi - Check a website for known malware, viruses, blacklisting status, website errors, out-of-date software, and malicious code
• Symantec WebPulse Site Review Request - Check and dispute the current WebPulse categorization for any URL
• Talos Intelligence Center Search - Search by IP, URL, domain, network owner or file SHA256
• Threat STOP Check IoC - Lookup IP addresses and domains against extensive database of malware-related IOCs
• Trend Micro Is it safe? - URL checker
• URL Defanger - URL Defanger
• urlScore - Is this URL safe to visit?
• URLVoid - Detect potentially malicious websites
• Web Filter Lookup | Fortiguard - See URL category and history
• Zulu URL Risk Analyzer - Dynamic risk scoring engine for web based content
• zveloLIVE - Check a URL for its category and safety status

Static / File Analysis

• badfiles - Enumerate bad, malicious, or potentially dangerous file extensions
• CyberChef - The cyber swiss army knife
• DocGuard - Static scanner and has brought a unique perspective to static analysis, structural analysis
• dogbolt.org - Decompiler Explorer
• EchoTrail - Threat hunting resource used to search for a Windows filename or hash
• filescan.io - File and URL scanning to identify IOCs
• filesec.io - Latest file extensions being used by attackers
• Kaspersky TIP
• Manalyzer - Static analysis on PE executables to detect undesirable behavior
• PolySwarm - Scan Files or URLs for threats
• VirusTotal - Analyze suspicious files and URLs to detect malware

Dynamic / Malware Analysis

• JoeSandbox Cloud - Deep malware analysis
• MalAPI.io - MalAPI.io maps Windows APIs to common techniques used by malware
• Malware Bazaar - Sharing malware samples with the infosec community, AV vendors and threat intelligence providers
• Malware.rip - Open documents from untrustworthy websites or users
• Malware-Traffic-Analysis.net - A source for pcap files and malware samples
• SarlackLab C2 Tracking - Kicking ACKs and taking domain names
• WTFBINS - Catalog benign applications that exhibit suspicious behavior

Forensics

• DFIQ - Digital Forensics Investigative Questions and the approaches to answering them

Phishing / Email Security

• CheckPhish - Can suspicious URLs and monitor for typosquats
• dnstwist - Phishing domain scanner
• EML Analyzer - Run custom detection rules on live email flow in Microsoft 365 and Google Workspace environments
• EML analyzer - Heroku-ified, online instance of EML analyzer
• Is It Phishing - Test for phishing
• phish.ly - Analyze suspicious emails with Tines & urlscan
• PhishTank - Submit and track suspected phish sites
• Simple Email Reputation - Checks reputation for emails

---

Assembly / Reverse Engineering

• Compiler Explorer - Emulated compilation environment for a variety of assembly languages
• Decimal/Two’s Complement Converter
• Disasm.pro
• Graph Permissions - Microsoft Graph Permission Explorer
• Hex.Dance - client-side binary/file analysis, hex dump viewer & editor
• IEEE 754 Converter - Convert between decimal representation and binary format used by modern CPUs
• IEEE-754 Floating-Point Conversion - Convert from decimal floating-point to 32-bit and 64-bit hex representations along with their binary equivalents
• Linux kernel syscall tables
• MIPS Converter - Convert from MIPS instructions to hex and back again
• SymbolExchange
• Terminus Project - Automatically generated diff of Windows structures
• VERGILIUS - Take a look into the depths of Windows kernels and reveal more than 60000 undocumented structures
• WinDiff - Exported symbols, debug symbols, modules, types, syscalls

---

OS / Scripting / Programming

• carbon - Create and share beautiful images of source code
• Command line reference - Command line references for Linux, macOS, CMD, PowerShell, Databases, VB Script, ASCII, etc…
• command-not-found.com - How to install different commands and utilities on various OS’s
• explainshell.com - write down a command-line to see the help text that matches each argument
• Linux Command Library
• LIVEDOM.NG - Enter HTML markup below and compare how it is parsed by various parsers and sanitizers
• Microsoft MIB Database - A database of SNMP MIBs
• W3 Validator - Check HTML to see if it is W3 compliant

Regex

• RegExr
• regex101

---

Password

• Diceware Password Generator - Generate high-entropy passwords the easy way!
• Have I been pwned? - Check if you have an account that has been compromised in a data breach
• LeakedPassword - Has your password been leaked?
• ntlm.pw - Input NT/LM hashes in hex format, one per line
• Passkeys.directory - Websites, apps and services using passkeys for authentication
• Passkeys.io - See which major websites and apps already offer passkey support or are currently working on integration
• Passwordhaus - Pseudorandom Passphrase Generator
• Secrets.tools - Scan a login page to find secrets, emails, API keys, and embedded URLs
• Ultra High Security Password Generator - Generate long, high-quality, random passwords
• WEAKPASS - Bruteforce wordlists

---

AI

• OWASP AI Exchange - Comprehensive guidance and alignment on how to protect AI against security threats

---

Assorted

• App Defense Alliance - Improving app quality across the ecosystem
• Assetnote Wordlists | Commonspeak2 - Assorted automatically generated wordlists
• AWS API Changes - Changes to AWS API
• AWS Security Changes
• bbradar.io - Latest Bug Bounty Programs
• Browserleaks - Displays web browser SSL/TLS capabilities
• browserling - Online cross-browser testing
• Bug Bounty List - A compiled list of companies which accept responsible disclosure
• ChangeWindows - Changes to Windows builds
• Cheat.sh - Unified access to the best community driven documentation repositories
• Control Validation Compass - Threat modeling aide & purple team content repository
• CyberSec Research - Browse, search and filter the latest cybersecurity research papers from arXiv
• The DDoS Report
• DevSec Hardening Framework - DevSec Hardening Framework Baselines
• endoflife.date - documents EOL dates and support lifecycles for various products
• Expired.systems - All news regarding expired systems, so you can show your colleagues why it matters to monitor certificates
• hackerstoolkit - CTF Assistant
• Illustrated TLS 1.3 Connection
• Infosec House - Comprehensive range of tools and resources for both offensive and defensive strategies
• Is it quantum safe? - Is the browser or connection quantum resistant?
• ISMS Mappings - Compliance mappings
• LexisNexis Academic & Library Solutions - Search tool for academic documents
• Microsoft Patch-A-Palooza
• MVSP
• No Trace Project - Tools to help anarchists and other rebels
• Open Source Security Index - The Most Popular & Fastest Growing Open Source Security Projects on GitHub
• Packet Storm - Global security resource
• Pastebin
• policymaker | disclose.io - Policy generator for anyone launching a vulnerability disclosure program (VDP)
• Proxynova - Provide free proxy services as well as the information about using proxies for various purposes
• Public Cloud Services Comparison
• Rawsec’s CyberSecurity Inventory - An inventory of tools and resources about CyberSecurity
• Rebujito.xyz - Hacking tools and resources
• SecTemplates - Open source templates you can use to boostrap your security programs
• Segfault - Disposable root servers
• Shodan 2000
• SRI Hash Generator - SRI is a new W3C specification that allows web developers to ensure that resources hosted on third-party servers have not been tampered with
• State Cybercrime Laws : Definitions and Defenses | Sheets
• The Firewall - Open source cybersecurity project designed to provide powerful, enterprise-grade security tools that are easy to deploy, easy to use, and accessible to businesses of all sizes and budgets
• Upcoming EoL - When software goes EoL
• URL Cleaner - Removes tracking parameters from URLs
• Webhook.site - Generates a free, unique URL and e-mail address and lets you see everything that’s sent there instantly
• What The Format - Look up numbers, identifiers, and formats
• yProbe - Kubernetes YAML Manifest Sanity Checker

OpSec / Privacy

• Awesome Privacy - Find and compare privacy-respecting alternatives to popular software and services
• Device Info - A web browser security testing, privacy testing, and troubleshooting tool
• Digital Defense (Security List) - Your guide to securing your digital life and protecting your privacy
• DNS Leak Test
• EFF | Tools from EFF’s Tech Team - Solutions to the problems of sneaky tracking, inconsistent encryption, and more
• Privacy Guides - Non-profit, socially motivated website that provides information for protecting your data security and privacy
• Privacy.Sexy - Privacy related configurations, scripts, improvements for your device
• PrivacyTests.org - Open-source tests of web browser privacy
• switching.software - Ethical, easy-to-use and privacy-conscious alternatives to well-known software
• What’s My IP Address? - A number of interesting tools including port scanners, traceroute, ping, whois, DNS, IP identification and more
• WHOER - Get your IP

Jobs

• infosec-jobs - Find awesome jobs and talents in InfoSec / Cybersecurity

Conferences / Meetups

• CFPtime - Call For Papers for Security Conferences
• InfoCon Hacking Conference Archive - Community supported, non-commercial archive of all the past hacking related convention material
• InfoSecMap - Mapping out the best InfoSec events and groups!

Infosec / Cybersecurity Research & Blogs

• bug.directory - Collection of vuln research, exploit development, and reverse engineering resources
• CTF Writeups Search
• Check out this huge list of infosec blogs
• intel.taggartinstitute.org - RSS feed of infosec intel
• Talkback - Smart infosec resource aggregator, designed to help security enthusiasts, practitioners and researchers be more productive
• writeups.xyz - Collection of Information Security and Bug Bounty writeups

Funny

• -10x Engineer - How to be a -10x Engineer
• 1x Engineer - Qualities that make up a 1x engineer
• Are We Hacked? - Yeah, We Probably Are
• CrowStrike - We stop Crow attacks
• Cyber Threat Name Generator
• Engineering Festivus - The only thing 2020 needed is Seinfeld making a career change and getting into tech
• Hacker Typer - 1337 H4X
• HowFuckedIsMyDatabase
• HowFuckedIsMyDistro
• HTTP Cats - HTTP return codes, as cats!
• Insult passphrase generator - Passphrases that are insults
• Kenny Log-ins - Generate a secure password from the lyrics of America’s greatest singer songwriter
• Kubernetes Failure Stories - A compiled list of links to public failure stories related to Kubernetes
• Legal Lullabies - Lull yourself to sleep with soothing white noise of tech giant ToS
• Lumon Password Generator
• MoanMyIP
• Security Master Plan - The master plan.
• ShittySecrets.dev - Real stories from real developers that are dealing with hardcoded secrets in source code
• Should I use SMBv1? - No.
• Social Minefield - “High-stakes Minesweeper” & Clickjacking checker
• Stop Silly Security Awards - End the practice of security awards run by marketing companies
• The Password Game
• YOLO Security

Walls of Shame

• Audit Logs Wall of Shame - A list of vendors that don’t prioritize high-quality, widely-available audit logs for security and operations teams
• Dumb Password Rules - A compilation of sites with dumb password rules
• The SSO Wall of Shame - A list of vendors that treat single sign-on as a luxury feature, not a core security requirement
• ssotax.org - A list of vendors that have SSO locked up in an subscription tier that is more than 10% more expensive than the standard price
• Why No IPv6? - Wall of shame for IPv6 support

Other

• Awesome Pastebins - List of pastebin services
• Backdoors & Breaches - An online information security game
• CMMC Awesomeness
• Cybersecurity is full!
• Hacker Strategies - Inspiration for when you’re stuck.
• Hacking Is Not A Crime
• Movies For Hackers - Every aspiring hacker & cyberpunk must watch these movies
• Nmap in the Movies - Movies that feature the Nmap tool
• Wi is Fi - Understanding Wi-Fi 4/5/6/6E/7 (802.11 n/ac/ax/be)
• xCyclopedia - The Encyclopedia of Executables