Hacking tools

A personal collection of bookmarks to useful tools and resources for Infosec.
This list is updated from time to time. Please note that I am no longer accepting suggestions for this list.

Organizations

DEF CON
CERT
International Information Systems Security Certification Consortium

General

CVE - Common Vulnerabilities and Exposures
OWASP - Open Web Application Security Project
Seclists.org - Security lists mailing archive
Bugtraq mailing list (discontinued)
have i been pwned - Check if you have an account that has been compromised in a data breach
DNSCrypt.eu - Free DNSSEC-enabled, non-logged, uncensored DNSCrypt service
Bobby Tables - How to write code resistant to SQL injections
SANS Infosec Reading Room
Heartbleed vulnerability check (discontinued)
List of websites where to practice pentesting skills
Hack The Box - Penetration testing lab
Hack This Site - Penetration testing lab

Software

Sectools.org - Top security tools
Metasploit - Framework for pentesting and exploits
Aircrack-ng - Complete suite of WiFi security tools (sniffers, crackers, exploits)
Qubes OS - A secure OS that provides process compartmentalization

Reconnaissance

Shodan - Search engine and remote scanner for Internet-connected devices
Netcraft's Site Report - Provides a bulk of information about a website
Google Hacking Database - Search terms (Google dorks) for exposed content
List of Google Search operators

Passwords

zxcvbn - Password strength analyzer
Plaintext Offenders - Websites that store your password in plaintext
John the Ripper - Password cracker

E-mail

Email privacy tester to test your mailclient for privacy leaks and security bugs
Open Relay check - Is your mailserver an Open Relay?
ProtonMail - End-to-end encrypted webmail provider, hosted in Switzerland
Tutanota - End-to-end encrypted webmail provider
Sendy.org - Send anonymous e-mail
10 Minute Mail - Disposable email service, providing you an email address during 10 minutes

HTTPS

SSL Certificates guide
SSL knowledge base
OpenSSL manuals
SSL test - Test several SSL parameters of a HTTPS site
Let's Encrypt - Free and automated CA as a campaign to spread the use of HTTPS
HTTP Shaming - Websites that are supposed to use HTTPS but instead use HTTP
A website that never uses HTTPS, useful for an easy redirect to Wi-Fi login pages

Antimalware

F-Secure Remove Threats - Online AV scan, sample testing, and health check
VirusTotal - File sample submission for multiple AV analysis
Symantec Security Check - Check against online threats
Google Safe Browsing - Malware diagnostics for websites
Norton Safe Web - Malware diagnostics for websites
AV-TEST - Independent IT Security institute providing AV evaluations
Spyware Warrior's Rogue/Suspect Anti-Spyware Products (obsolete)

Privacy & Anonymity

Tails - Agnostic live OS that leaves no traces on the machine
Whonix - A Debian-derived secure OS for privacy and anonymity
Tor - The Onion Router, a system for anonymous communication on the Internet
Panopticlick - A tool to analyze how well your browser protects you against online tracking
Me and my Shadow - Tactical Tech project that helps you learn and control your data traces
Electronic Frontier Foundation - Helps you in defending your rights on the digital world
Electronic Privacy Information Center
Privacy International
Chaos Computer Club - Europe's largest hacktivist group
The Winston Smith Project
The Big Brother Awards to those who have excelled in the violation of our privacy
The Invisible Internet Project
Freenet, a peer-to-peer platform for censorhip-resistant communications
We Fight Censorship - RSF project aimed at promoting the flow of information
Bugged Planet - Info about SIGINT/COMINT technology
Cryptolaw - Survey on current laws and regulations on cryptography
PixelPrivacy - A compendium of articles about digital privacy and security

Phishing

PhishTank - Database of phishing websites

Networking

Utrace - IP address geolocator
WorldIP - IP geolocation database, service, and tools
Show private IP address
IPinfo.info - IP checks
IPVOID - IP blacklist check
Whois.net - WHOIS domain tools
Domain finder
MX Toolbox - DNS lookup
Broadband speed test in HTML5, no Java or Flash browser plugins needed
Broadband speed test
Broadband speed test
MAC address vendor finder
List of TCP/UDP port numbers
TCP/UDP port numbers
IANA - Root zone TLD, IP address allocation, protocol port numbers
RFC Sourcebook
PacketLife's cheat sheets

World Wide Web

Archive.is - Webpage archiver, in both text and image format
Internet Archive's Wayback machine
URL obfuscation
DoNotLink - Link to a site without improving its search engine position (dead link)
BugMeNot - Bypass compulsory registration
Terms of Service; Didn't Read - Digest and rating of ToS from various websites
Dive Into HTML5 - HTML5 guide

Various

FreeFormatter - Base64 encoder, JSON validator, HTML formatter, and more
ExtendsClass - Converters, testers, formatters, and other free tools
Awesome Sysadmin - List of Open Source sysadmin resources
Regular Expression tester

Blogs

Bruce Schneier's Schneier on Security
F-Secure
Kaspersky's Securelist
Troy Hunt
Richard Bejtlich's TaoSecurity
Dave Lewis' Liquidmatrix
Brian Krebs' Krebs on Security
Google Online Security Blog
Didier Stevens - Code exploits
Jeff Atwood's Coding Horror - Programming and human factors
GFI Labs' TechTalk (formerly All Spammed Up)
Matteo Flora's Last Knight
Niklas Femerstrand's qnrq (out of date)
Mark Russinovich - Windows technicals and hacks (out of date)
Alan Shimel's Still Secure After All These Years (out of date)
Grugq's Hacker OPSEC (out of date)
Social Hacking - Security in social networks (out of date)
Martin McKeay (out of date)
SpywareGuide Greynets Blog / FaceTime Security Labs (out of date)
Andrea Draghetti (previously Over Security) - In Italian language
Security Bloggers Network (dead link)
Sherri Davidoff's Philosecurity (dead link)

Hacking in Switzerland

DC4131 - DEF CON group for Switzerland
BoT meetings - Informal meetings of DEF CON DC4131
CERN Micro Club
Swiss CyberSecurity
Post Tenebras Lab - Hackerspace in Geneva
SDG Solution Space - Hackerspace in Geneva
Onl'Fait FabLab - Hackerspace in Geneva
FIXME Hackerspace - Hackerspace in Lausanne
Lausanne Hackers Meetup
Insomni'hack
GULL
SwissLinux
Chaos Computer Club Switzerland




page created on 1 January 2011        page last changed on 30 November 2020