A curated collection of web browser bookmarks containing useful Cyber Security tools and services.
N.B. This is a work-in-progress and exists mostly for my personal use. If this is useful to you, please feel free to use it.
To extract a list naming each entry in the bookmarks.html file, you can download the file and use one of the following commands:
Bash:
grep -Eo '<A [^>]*>([^<]+)</A>|<DT><H3 [^>]*>([^<]+)</H3>' bookmarks.html | sed -E 's/.*>([^<]+)<\/?A?>/\1/; s/.*>([^<]+)<\/H3>/\n\1\n/'PowerShell:
Get-Content bookmarks.html | Select-String -Pattern '<A [^>]*>([^<]+)</A>|<DT><H3 [^>]*>([^<]+)</H3>' | ForEach-Object { if ($_ -match '<A [^>]*>([^<]+)</A>') { $matches[1] } elseif ($_ -match '<DT><H3 [^>]*>([^<]+)</H3>') { "`n$($matches[1])`n" } }This will print a list as shown below:
REMnux: A Linux Toolkit for Malware Analysts
MalwareBazaar | Malware sample exchange
MalShare
VirusTotal - Home
ssdeep - Fuzzy hashing program
Interactive Online Malware Analysis Sandbox - ANY.RUN
Eric Zimmerman's tools
CVE Website
MalAPI.io
SIFT Workstation | SANS Institute
UnpacMe Live Feed
Retrohunt (VirusTotal)
Talos File Reputation Lookup || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence
Free Automated Malware Analysis Service - powered by Falcon Sandbox
PhishTool
Triage | Triage
Free MSG EML Viewer | Free Online Email Viewer
NVD - Search and Statistics
MetaDefender Cloud | Advanced threat prevention and detection
ATT&CK® Navigator
Exploit Database - Exploits for Penetration Testers, Researchers, and Ethical Hackers
ZAP
CVE security vulnerability database. Security vulnerabilities, exploits, references and more
D3FEND Matrix | MITRE D3FEND™
Matrix | MITRE Engage™
Valhalla YARA Rules - Valhalla
capa Explorer Web
THOR Lite: Free Multi-Platform IOC and YARA Scanner - Nextron Systems
Analyse your HTTP response headers
Censys Search
SOCRadar LABS
IBM X-Force Exchange
abuse.ch | Fighting malware and botnets
ThreatFox | Browse IOCs
Introduction to STIX
Introduction to TAXII
Analytics (by technique) | MITRE Cyber Analytics Repository
InQuest Labs - InQuest.net
Threat Encyclopedia | Trend Micro (US)
Email and Spam Data || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence
Kaspersky Cyberthreat Live Map
OSINT Framework
Google Dorks – We will always be OSINTCurio.us
Yandex Images: search for images
Autonomous System Numbers (ASN) & IP Lookup
Have I Been Pwned: Check if your email has been compromised in a data breach
WHOIS Search, Domain Name, Website, and IP Tools - Who.is
Shodan Search Engine
Shodan Query Examples
Search for a list of UA-251372-24 websites - NerdyData
laramies/theHarvester: E-mails, subdomains and names Harvester - OSINT
Tips and Tricks on Reverse Image Searches – We will always be OSINTCurio.us
Bing Image Inspiration Feed
OSINT VM
https://cirw.in/gpg-decoder/
Email Finder: Free email search by name • Hunter
Internet Archive: Wayback Machine
crt.sh | Certificate Search
Entrust Certificate Search - Entrust, Inc.
URL and website scanner - urlscan.io
Trusted IP Data Provider, from IPv6 to IPv4 - IPinfo.io
Wannabrowser
Browserling – Online cross-browser testing
Personal Data Leak Checker: Your Email & Data - Breached? | CyberNews
Data Leak Checker | Trend Micro ID Protection
TinEye - Reverse Image Search and Recognition
Browserleaks - Check your browser for privacy leaks
Base64 Decode and Encode - Online
Binaryfuck Language - Online Decoder, Encoder, Translator
Online Brainfuck Decoder
Base64 Encoder / Decoder Online - AppDevTools
CyberChef
Hash decoder and calculator
Hex Calculator
CrackStation - Online Password Hash Cracking - MD5, SHA1, Linux, Rainbow Tables, etc.
Hashkiller.io - List Manager
URL Decode and Encode - Online
DES Encryption / Decryption Tool
Encrypt and Decrypt your MD5 hashes online
MD5 Online | Free MD5 Decryption, MD5 Hash Decoder
hashcat - advanced password recovery
quipqiup - cryptoquip and cryptogram solver
Decrypt MD5, SHA1, MySQL, NTLM, SHA256, MD5 Email, SHA256 Email, SHA512, Wordpress, Bcrypt hashes for free online
Obfuscator.io Deobfuscator
Files · kali/master · Kali Linux / Packages / hash-identifier · GitLab
Splunk Password Hashing - sha512crypt ($6$) SHA512 (Unix)
Find out what websites are built with - Wappalyzer
BuiltWith Technology Lookup
People Finder - People Search, Background Checks & Phone Number Lookup
IP and Domain Intelligence Center || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence
MX Lookup Tool - Check your DNS MX Records online - MxToolbox
Shodan Developer
WiGLE: Wireless Network Mapping
ViewDNS.info - Your one source for DNS related tools!
IP Address Tools, Network Tools, DNS Tools | IPVoid
SPF Surveyor - dmarcian
Pricing | Proton VPN
Real-Time DDoS Attack Map | NETSCOUT Cyber Threat Horizon
Requesting IP Addresses or ASNs - American Registry for Internet Numbers
Gophish - Open Source Phishing Framework
TrustedSec | The Social Engineering Toolkit (SET)
TrustedSec | Intro to Macros and VBA for Script Kiddies
Defang Tool
LOLBAS
Certutil | LOLBAS
GTFOBins
Useful Linux Commands | HackTricks
PayloadsAllTheThings/Methodology and Resources/Windows - Persistence.md at master · swisskyrepo/PayloadsAllTheThings · GitHub
Persistence using RunOnceEx – Hidden from Autoruns.exe – Oddvar Moe's Blog
Establishing Registry Persistence via SQL Server with PowerUpSQL
webshell/fuzzdb-webshell/asp/cmdasp.aspx at master · tennc/webshell · GitHub
Autopsy - Download
FTK Imager - Forensic Data Imaging and Preview Solution | Exterro
Kroll Artifact Parser And Extractor (KAPE) | Cyber Risk | Kroll
Steganography Online
Remix - Ethereum IDE
Etherscan
Windows Reverse Shells Cheatsheet | by Rich | Medium
Windows Reverse Shells Cheatsheet
Bash scripting cheatsheet
Password Storage - OWASP Cheat Sheet Series
pwntools — pwntools 4.12.0 documentation
Nmap Cheat Sheet 2024: All the Commands & Flags
Vim Cheat Sheet
Writing YARA rules — yara 4.4.0 documentation
Windows | Frida • A world-class dynamic instrumentation toolkit
Reverse Shell Cheat Sheet | pentestmonkey
oledump.py | Didier Stevens
Spawning a TTY Shell | SecWiki
pinvoke.net: the interop wiki!
GeoGuessr - Let's explore the world!
Image Resizer
RegExr: Learn, Build, & Test RegEx
live.sysinternals.com - /
GDB online Debugger | Compiler - Code, Compile, Run, Debug online C, C++
Features | VECTR
Scapy
Cheat Engine
Ngrok Download
Open Source Cloud Computing Infrastructure - OpenStack
SRI Hash Generator
php-reverse-shell.php
FFmpeg
draw.io
Extract URLs
Crontab.guru - The cron schedule expression generator
Crontab Generator - Generate crontab syntax
JavaScript Obfuscator Online: JS Code Obfuscator
User Agents
GitHub - rebootuser/LinEnum: Scripted Local Linux Enumeration & Privilege Escalation Checks
GitHub - The-Z-Labs/linux-exploit-suggester: Linux privilege escalation auditing tool
GitHub - diego-treitos/linux-smart-enumeration: Linux enumeration tool for pentesting and CTFs with verbosity levels
GitHub - linted/linuxprivchecker: linuxprivchecker.py -- a Linux Privilege Escalation Check Script
GitHub - aboul3la/Sublist3r: Fast subdomains enumeration tool for penetration testers
GitHub - mandatoryprogrammer/xsshunter-express: An easy-to-setup version of XSS Hunter. Sets up in five minutes and requires no maintenance!
GitHub - payloadbox/command-injection-payload-list: 🎯 Command Injection Payload List
GitHub - gtworek/Priv2Admin: Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.
GitHub - itm4n/PrivescCheck: Privilege Escalation Enumeration Script for Windows
GitHub - bitsadmin/wesng: Windows Exploit Suggester - Next Generation
PEASS-ng/linPEAS at master · peass-ng/PEASS-ng · GitHub
GitHub - jamf/PPPC-Utility: Privacy Preferences Policy Control (PPPC) Utility
GitHub - lgandx/Responder: Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
GitHub - GhostPack/Seatbelt: Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.
klsecservices/rpivot: socks4 reverse proxy for penetration testing
jpillora/chisel: A fast TCP/UDP tunnel over HTTP
Releases · NationalSecurityAgency/ghidra
PowerSploit/Exfiltration/Get-GPPPassword.ps1 at master · PowerShellMafia/PowerSploit
SnaffCon/Snaffler: a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 (Twitter: @/mikeloss and @/sh3r4_hax)
GitHub - danielmiessler/SecLists: SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
fortra/impacket: Impacket is a collection of Python classes for working with network protocols.
leoloobeek/LAPSToolkit: Tool to audit and attack LAPS environments
radareorg/radare2: UNIX-like reverse engineering framework and command-line toolset
nishang/Gather at master · samratashok/nishang
sshuttle
GitHub - icsharpcode/ILSpy: .NET Decompiler with support for PDB generation, ReadyToRun, Metadata (&more) - cross-platform!
mandiant/flare-vm: A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.
mandiant/capa: The FLARE team's open-source tool to identify capabilities in executable files.
cuckoosandbox/cuckoo: Cuckoo Sandbox is an automated dynamic malware analysis system
InQuest/awesome-yara: A curated list of awesome YARA rules, tools, and people.
Neo23x0/Loki: Loki - Simple IOC and YARA Scanner
Neo23x0/Fenrir: Simple Bash IOC Scanner
Neo23x0/yarGen: yarGen is a generator for YARA rules
Plans and pricing | For teams of all sizes | Snyk
Aikido — AppSec Platform For Code & Cloud Security