Skip to content

shrv/Security_list

Β 
Β 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

3 Commits
Β 
Β 

Repository files navigation

#Security list for fun and profit

My initial idea came from this list : http://www.nothink.org/utilities.php
I wanted to update it with my sources, I will probably continue to update and reorganize it in the future.

##Awesome lists πŸ‘

Name URL
Malware analysis https://github.com/rshipp/awesome-malware-analysis/
Incident response https://github.com/meirwah/awesome-incident-response/
Honeypots https://github.com/paralax/awesome-honeypots
PCAP https://github.com/caesar0301/awesome-pcaptools
Network https://github.com/Security-Onion-Solutions/security-onion/wiki/Tools
GNU/Linux workstation https://github.com/lfit/itpol/blob/master/linux-workstation-security.md
GNU/Linux post exploitation https://github.com/mubix/post-exploitation/wiki/Linux-Post-Exploitation-Command-List
GNU/Linux containers https://github.com/Friz-zy/awesome-linux-containers#security
Android https://github.com/ashishb/android-security-awesome
Web https://github.com/infoslack/awesome-web-hacking
Security list https://github.com/sbilly/awesome-security
Lists of lists of lists https://github.com/t3chnoboy/awesome-awesome-awesome
Other lists of lists of lists https://github.com/geekan/awesome-awesome-awesome

##Cheat sheets πŸ‘

Name URL
Owasp cheat sheet series https://www.owasp.org/index.php/OWASP_Cheat_Sheet_Series
Web application cheat sheet https://www.owasp.org/index.php/Web_Application_Security_Testing_Cheat_Sheet
Pentest monkey http://pentestmonkey.net
Packet life http://packetlife.net/library/cheat-sheets/
Reverse http://r00ted.com/cheat%20sheet%20reverse%20v5.png
SANS Penetration Testing http://pen-testing.sans.org
SANS Forensic https://digital-forensics.sans.org/community/cheat-sheets
SQL injection http://websec.ca/kb/sql_injection
Zeltser's cheat sheets list https://zeltser.com/cheat-sheets/

##Penetration testing πŸ”§

Name URL
Owasp Check list https://www.owasp.org/index.php/Testing_Checklist
Owasp testing guide https://www.owasp.org/images/5/52/OWASP_Testing_Guide_v4.pdf
Owasp tools https://www.owasp.org/index.php/Category:OWASP_Tool
Services enumeration http://www.0daysecurity.com/penetration-testing/enumeration.html - Thx rawger
Informaion gathering http://www.w4rri0r.com/softwares-freeware-shareware-open-source/information-gathering.html
Footprinting http://www.0daysecurity.com/penetration-testing/network-footprinting.html
Web http://www.w4rri0r.com/softwares-freeware-shareware-open-source/web-application-analysis.html
Vulnerability http://www.w4rri0r.com/softwares-freeware-shareware-open-source/vulnerability-assessment.html
More tools https://github.com/enaqx/awesome-pentest

##Exploits and vulnerabilities πŸšͺ

Name URL
CVEdetails http://www.cvedetails.com/
CVE.mitre https://cve.mitre.org/
Full disclosure http://seclists.org/fulldisclosure/
CXSecurity https://cxsecurity.com/
Exploit-db http://www.exploit-db.com
Vulnerability-lab http://www.vulnerability-lab.com/
Inj3ct0r http://0day.today/
Rapid7 DB https://www.rapid7.com/db/modules/
Intelligent Exploit http://www.intelligentexploit.com
Exploits download http://www.exploitsdownload.com
NIST http://web.nvd.nist.gov/
Security focus http://www.securityfocus.com/vulnerabilities

##CTF 🚩

Name URL
CTFTIME https://ctftime.org/
Write-ups https://github.com/ctfs
Reddit https://www.reddit.com/r/securityctf

##Exercises πŸŽ“

Name URL
Reverse - Malware http://fumalwareanalysis.blogspot.se/p/malware-analysis-tutorials-reverse.html
Network - Malware http://www.malware-traffic-analysis.net/training-exercises.html
Network - Forensic https://www.honeynet.org/node/504
Exploits https://exploit-exercises.com/
Exploits https://thesprawl.org/research/

##Vulnerable environments πŸ”“

Name URL
Owasp list https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project/Pages/Offline
Owasp BWA https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project
DVWA http://www.dvwa.co.uk/
WebGoat http://code.google.com/p/webgoat
Metasploitable http://information.rapid7.com
VulnHub http://vulnhub.com/
LampSecurity http://sourceforge.net/projects/lampsecurity/
Dragon https://www.dragonresearchgroup.org/challenges/
Hackademic-RTB1 http://www.aldeid.com/wiki/Hackademic-RTB1
Igoat http://code.google.com/p/owasp-igoat/
Moth http://www.bonsai-sec.com
Peruggia http://sourceforge.net/projects/peruggia/
XSS play ground http://xssplayground.net23.net/

##Security challenges 🚩

Name URL
Zenk-Security https://www.zenk-security.com/
Root-Me http://www.root-me.org/
Newbiecontest https://www.newbiecontest.org/
OWASP VWAD list https://github.com/OWASP/OWASP-VWAD/blob/master/src/online.tsv
WeChall https://www.wechall.net/
Vulnhub https://www.vulnhub.com/
Hackthissite http://www.hackthissite.org/
Hack.me https://hack.me
HackThis! http://www.hackthis.co.uk/
Backdoor.Sdslabs https://backdoor.sdslabs.co/
Bright-shadows http://www.bright-shadows.net/
SmashTheStack http://smashthestack.org/
Overthewire http://overthewire.org/wargames/
Ringzer0team https://ringzer0team.com/challenges
Forensic contest http://forensicscontest.com/puzzles
More challenges http://captf.com/practice-ctf/

##Bug bounty 🍫

Name URL
BugCrowd.com https://bugcrowd.com/programs
HackerOne https://hackerone.com
BountyFactory https://bountyfactory.io
Firebounty https://firebounty.com
Bugsheet http://www.bugsheet.com/
BountySource https://www.bountysource.com/
NewsLetter about bug bounty http://bugbountyweekly.com
More bug bounty https://bugcrowd.com/list-of-bug-bounty-programs#

##Port scanners 🎯

Name URL
Masscan https://github.com/robertdavidgraham/masscan
Nmap https://nmap.org/7/
Zmap https://zmap.io/
Nscan https://github.com/OffensivePython/Nscan
Scanrand https://www.sans.org/security-resources/idfaq/scanrand.php
PFRing https://github.com/ntop/PF_RING - High-speed packet processing framework

##Search engines πŸ“‘

Name URL
ZoomEye https://zoomeye.org/
Shodan https://www.shodan.io/
Censys https://censys.io/

##Wide Scans 🌎

Name URL
Scans.io https://scans.io/
Rapid7 Sonar Labs https://sonar.labs.rapid7.com/
Similar projects https://github.com/rapid7/sonar/wiki/Similar-Projects
Defcon conference https://defcon.org/
Blackhat conference https://www.blackhat.com/

##Honeypots 🍯

Name URL
Awesome list - All of them ! https://github.com/paralax/awesome-honeypots#honeypots
Live nothink http://www.nothink.org/honeypots.php
Live sshpot http://sshpot.com/

##Malware / Botnet sources πŸ‘Ό

Name URL
Malc0de http://malc0de.com/database/
Malekal http://malwaredb.malekal.com/
Botnet.fr https://www.botnets.fr/wiki/Main_Page
Malshare http://malshare.com
Exposed Botnets http://www.exposedbotnets.com/
VX Vault http://vxvault.siri-urz.net
Open Malware http://openmalware.org/
Total hash https://totalhash.cymru.com/
Contagio http://contagiodump.blogspot.se/
VirusShare http://virusshare.com/
Virusign http://www.virusign.com/
Malware domain list http://www.malwaredomainlist.com
Malware.lu https://malware.lu/
Cybercrime tracker http://cybercrime-tracker.net/
SafeGroup http://www.malware.pl/
NovCon Minotaur http://minotauranalysis.com
Clean MX http://support.clean-mx.de/clean-mx/viruses.php
Edu malrec http://panda.gtisc.gatech.edu/malrec/
Secubox Labs http://secuboxlabs.fr/
Abuse CH https://www.abuse.ch/
Maltrieve https://github.com/technoskald/maltrieve
Malware domain blocklist http://www.malwaredomains.com
Tool Mwcrawler https://github.com/0day1day/mwcrawler
ZeuS Tracker https://zeustracker.abuse.ch
theZoo aka Malware DB https://ytisf.github.io/theZoo/

##Malware analysis - Sandbox 😷

Name URL
Zeltser's list https://zeltser.com/automated-malware-analysis/
Cuckoo Sandbox https://www.cuckoosandbox.org/
Mastiff https://github.com/KoreLogicSecurity/mastiff
Quarkslab IRMA http://irma.quarkslab.com/
Viper https://github.com/viper-framework/viper
REMnux http://zeltser.com/remnux/
Fastir https://github.com/SekoiaLab/Fastir_Collector
Zeltser analysis http://zeltser.com/reverse-malware/automated-malware-analysis.html
Dorothy2 https://github.com/m4rco-/dorothy2
F-Secure see https://github.com/F-Secure/see
Noriben https://github.com/Rurik/Noriben
Norman http://enterprise.norman.com/analysis
Malheur https://github.com/rieck/malheur
Drakvuf https://github.com/tklengyel/drakvuf
Zero Wine Tryouts http://zerowine-tryout.sourceforge.net/
CWSandbox http://www.cwsandbox.org
RFI sandbox https://monkey.org/~jose/software/rfi-sandbox/
Malwasm https://github.com/malwarelu/malwasm
Androidsandbox http://androidsandbox.net/ (temporarily out of service)

##Online malware analysis - Sandbox 😷

Name URL
Malwr https://malwr.com/submission/
Hybrid analysis https://www.hybrid-analysis.com/
Virscan http://www.virscan.org/
Virusade http://virusade.com/
VirusTotal http://www.virustotal.com/
Malwareconfig http://malwareconfig.com/
Deepviz https://sandbox.deepviz.com/
AVcaesar https://avcaesar.malware.lu/
Detux GNU/Linux sandbox http://detux.org/
Vscan http://vscan.novirusthanks.org/
Mastiff online https://mastiff-online.korelogic.com/
APK Analzyer http://www.apk-analyzer.net/
AndroTotal https://andrototal.org/
Comodo http://camas.comodo.com/cgi-bin/submit
Document Analyzer http://www.document-analyzer.net/
Malware tracker http://www.cryptam.com/
Metascan https://www.metascan-online.com/
Jotti http://virusscan.jotti.org/it
ViCheck https://www.vicheck.ca/
PDF examiner http://www.pdfexaminer.com/
Randomly changes Win32/64 PE Files https://github.com/secretsquirrel/recomposer
Virus Total Notifier https://github.com/mubix/vt-notify
Other list http://cleanbytes.net/malware-online-scanners

##Decoder/Packer/Unpacker :hurtrealbad:

Name URL
URL http://meyerweb.com/eric/tools/dencoder/
HEXdecoder http://ddecode.com/hexdecoder/
JSDetox http://www.relentless-coding.com/projects/jsdetox/
JSNice http://www.jsnice.org/
JSUnpack https://github.com/urule99/jsunpack-n
JSBeautifier http://jsbeautifier.org/
JavaScript Compressor http://dean.edwards.name/packer/
Jjencode http://utf-8.jp/public/jjencode.html
JSFuck http://www.jsfuck.com/
Jsobfuscate http://www.jsobfuscate.com/
Netteleuthe http://www.netteleuthe.de/gc/
PHPdecoder http://ddecode.com/phpdecoder/
PHP encoding http://yehg.net/encoding/

##Free shell 🐚

Name URL
FreeShells list http://www.freeshells.info/
Devio.us OpenBSD http://devio.us/
Red-pill http://shells.red-pill.eu/

##Domain reputation πŸ“‰

Name URL
Domain Analysis https://github.com/rshipp/awesome-malware-analysis/#domain-analysis
Zeltser's list https://zeltser.com/lookup-malicious-websites/
Alien Vault http://www.alienvault.com
Isithacked http://www.isithacked.com
Sucuri http://sitecheck.sucuri.net/scanner/
Trustedsource http://www.trustedsource.org/
urlQuery http://urlquery.net/search.php
URLVoid http://www.urlvoid.com/
Haveibeenpwned http://haveibeenpwned.com/
IPVoid http://www.ipvoid.com/

##Mail utilities πŸ“¬

Name URL
10 Minute Mail http://10minutemail.com
Spam DB http://www.dnsbl.info/dnsbl-database-check.php
Mxtoolbox http://www.mxtoolbox.com/
Open relay http://www.mailradar.com
Openresolver JP http://www.openresolver.jp/en/
DKIM validator http://dkimvalidator.com/

##Passwords list πŸ”‘

Name URL
Skull security list https://wiki.skullsecurity.org/Passwords
SecLists https://github.com/danielmiessler/SecLists/tree/master/Passwords
Other list http://www.openwall.com/passwords/wordlists/

##Generic utilities πŸ“ Will be reorganized

Name URL
Linux executable walkthrough https://i.imgur.com/q5nyHp7.png
Windows executable walkthrough https://i.imgur.com/pHjcI.png
Understand your commands http://explainshell.com
w4rri0r toolbox http://www.w4rri0r.com/
Code analysises https://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis
Python tools http://s3ize.blogspot.fr/2012/08/python-tools-for-penetration-testers.html
Tools http://seclist.us/
Sans http://isc.sans.edu/diary/
Hackforum http://hackforums.net/
Codepad http://codepad.org/
Browserling http://browserling.com/
GZinflate http://www.tareeinternet.com/scripts/decrypt.php
Hurl http://www.hurl.it/
Magic-net http://www.magic-net.info
MAC_Find http://www.coffer.com/mac_find/
MAC_Search http://hwaddress.com
Mibbit http://www.mibbit.com/
Skype grab http://skypegrab.net/resolver.php
Microsoft security scanner http://www.microsoft.com/security
Microsoft threat http://www.microsoft.com/security
Random data generator http://www.mockaroo.com/
Nmap-parser http://www.nmap-parser.org/
Ping.eu http://ping.eu/
Project Honeypot https://www.projecthoneypot.org/
Router-defaults http://router-defaults.com/
Sandsprite http://sandsprite.com/shellcode_2_exe.php
Uptimerobot http://uptimerobot.com/
Fake ID http://www.fakenamegenerator.com/

##Defaced websites / Data leak πŸš‘

Name URL
URL Find http://urlfind.org/
XSSposed https://www.xssposed.org/
Leakedin http://www.leakedin.com/

##Forensic - Network πŸ”

Name URL
Forensic tools http://forensicswiki.org/wiki/Tools
Windows tools list http://forensic-proof.com/tools
More forensic links http://www.amanhardikar.com/mindmaps/ForensicChallenges.html
Wireshark extentions https://www.honeynet.org/project/WiresharkExtensions
GNU/Linux monitoring https://blog.serverdensity.com/80-linux-monitoring-tools-know/
Anti forensic Windows https://www.reddit.com/r/security/
Testing Images http://dftt.sourceforge.net/

##IP List

Name URL
BGP Toolkit http://bgp.he.net/
Check-host http://check-host.net/
Nirsoft country IP http://www.nirsoft.net/countryip/
Wikiscan http://fr.wikiscan.org/plage-ip
Malicious IP https://zeltser.com/malicious-ip-blocklists/

##VPN List

Name URL
Comparaison https://docs.google.com/spreadsheets/d/1FJTvWT5RHFSYuEoFVpAeQjuQPU4BVzbOigT0xebxTOw/

##Web browser test

Name URL
Location test https://www.dnsleaktest.com/
Location test https://ipleak.net/
Fingerprint https://amiunique.org/
Fingerprint https://panopticlick.eff.org/
SSL https://www.ssllabs.com/ssltest/viewMyClient.html
User agent http://whatsmyuseragent.com/
Referer https://www.whatismyreferer.com/
Flash http://isflashinstalled.com/

##Fingerprint

Name URL
Robtex https://www.robtex.com/dns/
Netcraft http://www.netcraft.com/
TCP utils http://www.tcpiputils.com/
DNS stuff http://www.dnsstuff.com/
Into dns http://www.intodns.com/
Web archive https://web.archive.org/web/*/
Web cookies http://webcookies.org/cookies/

##SSL

Name URL
Qualys SSL Labs https://www.ssllabs.com/ssltest/
Htbridge https://www.htbridge.com/ssl/
SSLAnalyzer Comodoca https://sslanalyzer.comodoca.com/
Freak https://freakattack.com/
Heartbleed http://heartbleed.com/,https://filippo.io/Heartbleed/
Logjam https://weakdh.org/sysadmin.html
Poodle https://poodle.io/,https://www.poodlescan.com/

##Tor resources

Name URL
Tor Project https://www.torproject.org/
Know exit nodes https://check.torproject.org/exit-addresses
Tor status https://torstatus.blutmagie.de/
Torsocks https://gitweb.torproject.org/torsocks.git
Tor Hidden Services ".onion" search http://www.ahmia.fi
Onion Mail http://onionmail.info/
Tails https://blog.torproject.org/blogs/tails

About

Great security list for fun and profit

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published