ervinismu

Sec Tools

4 min read

bookmark some tools, will categorize them soon (hopefully)

  • AssetNote Wordlists - High quality wordlists for content and subdomain discovery which are automatically updated every month.
  • Corellium - Virtual security testing hardware.
  • Censys
  • CSPBypass - CSPBypass.com, a tool designed to help ethical hackers bypass restrictive Content Security Policies (CSP) and exploit XSS (Cross-Site Scripting) vulnerabilities on sites where injections are blocked by CSPs that only allow certain whitelisted domains.
  • crackstation - Free Password Hash Cracker
  • DNSDumpster - dns recon & research, find & lookup dns records.
  • dnsrecon - DNS Enumeration Script
  • DirSearch - (Directory Enumeration) Web path scanner.
  • DNSRecon - (Subdomain Enumeration) DNS Enumeration Script
  • ExifTool - ExifTool by Phil Harvey, Read, Write and Edit Meta Information!
  • ExploitDB - The Exploit Database is a CVE compliant archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers
  • Fuzz.txt
  • FuzzDB - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
  • Ffuf - (Parameter Enumeration) Fast web fuzzer written in Go
  • HackTricks
  • MISP - MISP (core software) - Open Source Threat Intelligence and Sharing Platform.
  • MalwareBazar - MalwareBazaar is a project from abuse.ch with the goal of sharing malware samples with the InfoSec community, AV vendors and threat intelligence providers.
  • Netcat: Network utility for interacting with TCP/UDP ports. It can be used for many things, its primary usage is for connecting to shells and can be used to connect to any listening port and interact with the service running on that port.
  • Nmap - (Technology Enumeration) the Network Mapper
  • openvas-scanner - This repository contains the scanner component for Greenbone Community Edition.
  • PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF.
  • PEASS-ng - PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
  • Recon-ng - Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.
  • Shodan - search engine for Internet-connected devices.
  • SSH (Secure Shell): network protocol that runs on port 22 by default and provide users such as system administrators a secure way to access a computer remotely.
  • SecLists - SecLists is the security tester’s companion. It’s a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
  • social-engineer-toolkit - The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.
  • Sublist3r - (Subdomain Enumeration) Fast subdomains enumeration tool for penetration testers.
  • SriHash - SRI is a new W3C specification that allows web developers to ensure that resources hosted on third-party servers have not been tampered with. Use of SRI is recommended as a best-practice, whenever libraries are loaded from a third-party source.
  • securityheaders - analyze the HTTP response headers.
  • TMUX: terminal multiplexers are great utilities for expanding a standard linux terminal like multiple windows within one terminal and jumping between them.
  • TheHarvester - E-mails, subdomains and names Harvester - OSINT.
  • VIM: text editor for writing code or editing text files on linux system.
  • WPScan - It’s like having your own team of WordPress security experts
  • WFuzz - (Parameter Enumeration) Web application fuzzer
  • WAZUH - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
  • webhook.site - Webhook.site is a tool for building software that not only use webhooks but other types of Internet-based communication, either by allowing developers to inspect the data that’s being sent via webhook requests, but also helps create workflows that respond to and interact with webhooks.
  • WhatWeb - (Technology Enumeration) Next generation web scanner

Date Breach

Graph View