A curated collection of web browser bookmarks containing useful Cyber Security tools and services.
N.B. This is a work-in-progress and exists mostly for my personal use. If this is useful to you, please feel free to use it.
To extract a list naming each entry in the bookmarks.html file, you can download the file and use the following grep command:
grep -Eo '<A [^>]*>([^<]+)</A>|<DT><H3 [^>]*>([^<]+)</H3>' bookmarks.html | sed -E 's/.*>([^<]+)<\/?A?>/\1/; s/.*>([^<]+)<\/H3>/\n\1\n/'This will print a list as shown below:
REMnux: A Linux Toolkit for Malware Analysts
MalwareBazaar | Malware sample exchange
MalShare
VirusTotal - Home
ssdeep - Fuzzy hashing program
Interactive Online Malware Analysis Sandbox - ANY.RUN
Eric Zimmerman's tools
CVE Website
MalAPI.io
SIFT Workstation | SANS Institute
UnpacMe Live Feed
Retrohunt (VirusTotal)
Talos File Reputation Lookup || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence
NVD - Search and Statistics
MetaDefender Cloud | Advanced threat prevention and detection
Email and Spam Data || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence
Threat Encyclopedia | Trend Micro (US)
ATT&CK® Navigator
InQuest Labs - InQuest.net
Analytics (by technique) | MITRE Cyber Analytics Repository
Introduction to STIX
Introduction to TAXII
Exploit Database - Exploits for Penetration Testers, Researchers, and Ethical Hackers
ZAP
ThreatFox | Browse IOCs
OSINT Framework
SOCRadar LABS
Google Dorks – We will always be OSINTCurio.us
Yandex Images: search for images
Autonomous System Numbers (ASN) & IP Lookup
Have I Been Pwned: Check if your email has been compromised in a data breach
WHOIS Search, Domain Name, Website, and IP Tools - Who.is
Shodan Search Engine
Shodan Query Examples
Censys Search
Search for a list of UA-251372-24 websites - NerdyData
laramies/theHarvester: E-mails, subdomains and names Harvester - OSINT
Tips and Tricks on Reverse Image Searches – We will always be OSINTCurio.us
Bing Image Inspiration Feed
OSINT VM
https://cirw.in/gpg-decoder/
Email Finder: Free email search by name • Hunter
Internet Archive: Wayback Machine
crt.sh | Certificate Search
Entrust Certificate Search - Entrust, Inc.
URL and website scanner - urlscan.io
Trusted IP Data Provider, from IPv6 to IPv4 - IPinfo.io
Wannabrowser
Browserling – Online cross-browser testing
Requesting IP Addresses or ASNs - American Registry for Internet Numbers
Base64 Decode and Encode - Online
Binaryfuck Language - Online Decoder, Encoder, Translator
Online Brainfuck Decoder
Base64 Encoder / Decoder Online - AppDevTools
CyberChef
Hash decoder and calculator
Hex Calculator
CrackStation - Online Password Hash Cracking - MD5, SHA1, Linux, Rainbow Tables, etc.
Hashkiller.io - List Manager
URL Decode and Encode - Online
DES Encryption / Decryption Tool
Encrypt and Decrypt your MD5 hashes online
MD5 Online | Free MD5 Decryption, MD5 Hash Decoder
hashcat - advanced password recovery
quipqiup - cryptoquip and cryptogram solver
Find out what websites are built with - Wappalyzer
BuiltWith Technology Lookup
People Finder - People Search, Background Checks & Phone Number Lookup
IP and Domain Intelligence Center || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence
Analyse your HTTP response headers
Real-Time DDoS Attack Map | NETSCOUT Cyber Threat Horizon
Kaspersky Cyberthreat Live Map
MX Lookup Tool - Check your DNS MX Records online - MxToolbox
Shodan Developer
Nmap Cheat Sheet 2024: All the Commands & Flags
WiGLE: Wireless Network Mapping
ViewDNS.info - Your one source for DNS related tools!
Gophish - Open Source Phishing Framework
TrustedSec | The Social Engineering Toolkit (SET)
TrustedSec | Intro to Macros and VBA for Script Kiddies
Defang Tool
LOLBAS
Certutil | LOLBAS
GTFOBins
Useful Linux Commands | HackTricks
GitHub - rebootuser/LinEnum: Scripted Local Linux Enumeration & Privilege Escalation Checks
GitHub - The-Z-Labs/linux-exploit-suggester: Linux privilege escalation auditing tool
GitHub - diego-treitos/linux-smart-enumeration: Linux enumeration tool for pentesting and CTFs with verbosity levels
GitHub - linted/linuxprivchecker: linuxprivchecker.py -- a Linux Privilege Escalation Check Script
GitHub - aboul3la/Sublist3r: Fast subdomains enumeration tool for penetration testers
GitHub - mandatoryprogrammer/xsshunter-express: An easy-to-setup version of XSS Hunter. Sets up in five minutes and requires no maintenance!
GitHub - payloadbox/command-injection-payload-list: 🎯 Command Injection Payload List
GitHub - gtworek/Priv2Admin: Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.
GitHub - itm4n/PrivescCheck: Privilege Escalation Enumeration Script for Windows
GitHub - bitsadmin/wesng: Windows Exploit Suggester - Next Generation
PEASS-ng/linPEAS at master · peass-ng/PEASS-ng · GitHub
GitHub - jamf/PPPC-Utility: Privacy Preferences Policy Control (PPPC) Utility
GitHub - lgandx/Responder: Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
GitHub - GhostPack/Seatbelt: Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.
klsecservices/rpivot: socks4 reverse proxy for penetration testing
jpillora/chisel: A fast TCP/UDP tunnel over HTTP
Releases · NationalSecurityAgency/ghidra
PowerSploit/Exfiltration/Get-GPPPassword.ps1 at master · PowerShellMafia/PowerSploit
SnaffCon/Snaffler: a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 (Twitter: @/mikeloss and @/sh3r4_hax)
GitHub - danielmiessler/SecLists: SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
fortra/impacket: Impacket is a collection of Python classes for working with network protocols.
leoloobeek/LAPSToolkit: Tool to audit and attack LAPS environments
radareorg/radare2: UNIX-like reverse engineering framework and command-line toolset
nishang/Gather at master · samratashok/nishang
sshuttle
PayloadsAllTheThings/Methodology and Resources/Windows - Persistence.md at master · swisskyrepo/PayloadsAllTheThings · GitHub
Persistence using RunOnceEx – Hidden from Autoruns.exe – Oddvar Moe's Blog
Establishing Registry Persistence via SQL Server with PowerUpSQL
webshell/fuzzdb-webshell/asp/cmdasp.aspx at master · tennc/webshell · GitHub
Windows Reverse Shells Cheatsheet | by Rich | Medium
Windows Reverse Shells Cheatsheet
Bash scripting cheatsheet
Password Storage - OWASP Cheat Sheet Series
pwntools — pwntools 4.12.0 documentation
GeoGuessr - Let's explore the world!
Image Resizer
RegExr: Learn, Build, & Test RegEx
live.sysinternals.com - /
GDB online Debugger | Compiler - Code, Compile, Run, Debug online C, C++
Features | VECTR
Scapy
Cheat Engine
Ngrok Download
Open Source Cloud Computing Infrastructure - OpenStack
SRI Hash Generator
php-reverse-shell.php
FFmpeg
Remix - Ethereum IDE
Etherscan
Splunk Password Hashing - sha512crypt ($6$) SHA512 (Unix)
Reverse Shell Cheat Sheet | pentestmonkey
User Agents
Spawning a TTY Shell | SecWiki
Free MSG EML Viewer | Free Online Email Viewer
pinvoke.net: the interop wiki!
Plans and pricing | For teams of all sizes | Snyk
Aikido — AppSec Platform For Code & Cloud Security
oledump.py | Didier Stevens