From c2d303074891b1febaf12892d22d5d327c52bff7 Mon Sep 17 00:00:00 2001
From: Mark <55981308+Luci-d@users.noreply.github.com>
Date: Fri, 22 Jan 2021 15:28:03 +0200
Subject: [PATCH 01/17] Updated with new search engine
Spyse.com is in-line with shodan and censys IMO.
P.S. This is the best tools repository. Very thanks.
---
README.md | 1 +
1 file changed, 1 insertion(+)
diff --git a/README.md b/README.md
index 4046761..65925c1 100644
--- a/README.md
+++ b/README.md
@@ -592,6 +592,7 @@ performance of any of your sites from across the globe.
:small_orange_diamond: Censys - platform that helps information security practitioners discover, monitor, and analyze devices.
:small_orange_diamond: Shodan - the world's first search engine for Internet-connected devices.
:small_orange_diamond: Shodan 2000 - do you use Shodan for everyday work? This tool looks for randomly generated data from Shodan.
+ :small_orange_diamond: Spyse - Internet assets registry: networks, threats, web objects, etc.
:small_orange_diamond: GreyNoise - mass scanner such as Shodan and Censys.
:small_orange_diamond: ZoomEye - search engine for cyberspace that lets the user find specific network components.
:small_orange_diamond: netograph - tools to monitor and understand deep structure of the web.
From cda63008a25ed8825e49934b34fe373791a02b71 Mon Sep 17 00:00:00 2001
From: Jony4
:small_orange_diamond: Terminator - is based on GNOME Terminal, useful features for sysadmins and other users.
:small_orange_diamond: Kitty - is a GPU based terminal emulator that supports smooth scrolling and images.
+ :small_orange_diamond: Alacritty - is A fast, cross-platform, OpenGL terminal emulator.
:small_orange_diamond: KeePassXC - store your passwords safely and auto-type them into your everyday websites and apps.
- :small_orange_diamond: Enpass - password manager and secure wallet.
+ :small_orange_diamond: Bitwarden - open source password manager with built-in sync.
:small_orange_diamond: Censys - platform that helps information security practitioners discover, monitor, and analyze devices.
- :small_orange_diamond: Emerald Onion - is a 501(c)(3) nonprofit organization and transit internet service provider (ISP) based in Seattle.
- :small_orange_diamond: docker-bench-security - is a script that checks for dozens of common best-practices around deploying Docker.
:small_orange_diamond: Web Developer Roadmap - roadmaps, articles and resources to help you choose your path, learn and improve.
:small_orange_diamond: Varnish for PHP developers - very interesting presentation of Varnish by Mattias Geniar.
:small_orange_diamond: Sandcat Browser - a penetration-oriented browser with plenty of advanced functionality already built in.
:small_orange_diamond: #hackerspaces - hackerspace IRC channels.
:small_orange_diamond: thispersondoesnotexist - generate fake faces in one click - endless possibilities.
:small_orange_diamond: #hackerspaces - hackerspace IRC channels.
:small_orange_diamond: Shodan - the world's first search engine for Internet-connected devices.
- :small_orange_diamond: Shodan 2000 - do you use Shodan for everyday work? This tool looks for randomly generated data from Shodan.
+ :small_orange_diamond: Shodan 2000 - this tool looks for randomly generated data from Shodan.
:small_orange_diamond: GreyNoise - mass scanner such as Shodan and Censys.
:small_orange_diamond: ZoomEye - search engine for cyberspace that lets the user find specific network components.
:small_orange_diamond: netograph - tools to monitor and understand deep structure of the web.
From bca31ece702e693673626f7987c6e55f2ddab3b5 Mon Sep 17 00:00:00 2001
From: trimstray
:small_orange_diamond: CVE Mitre - list of publicly known cybersecurity vulnerabilities.
:small_orange_diamond: CVE Details - CVE security vulnerability advanced database.
:small_orange_diamond: Exploit DB - CVE compliant archive of public exploits and corresponding vulnerable software.
- :small_orange_diamond: 0day.today - exploits market provides you the possibility to buy zero-day exploits and also to sell 0day exploits.
+ :small_orange_diamond: 0day.today - exploits market provides you the possibility to buy/sell zero-day exploits.
:small_orange_diamond: sploitus - the exploit and tools database.
:small_orange_diamond: cxsecurity - free vulnerability database.
:small_orange_diamond: Vulncode-DB - is a database for vulnerabilities and their corresponding source code if available.
@@ -754,7 +754,7 @@ performance of any of your sites from across the globe.
##### :black_small_square: Security/hardening
+ :small_orange_diamond: Emerald Onion - is a 501(c)(3) nonprofit organization and transit internet service provider (ISP).
:small_orange_diamond: pi-hole - the Pi-hole® is a DNS sinkhole that protects your devices from unwanted content.
:small_orange_diamond: maltrail - malicious traffic detection system.
:small_orange_diamond: security_monkey - monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.
@@ -806,7 +806,7 @@ performance of any of your sites from across the globe.
##### :black_small_square: Security
+ :small_orange_diamond: docker-bench-security - checks for dozens of common best-practices around deploying Docker.
:small_orange_diamond: trivy - vulnerability scanner for containers, suitable for CI.
:small_orange_diamond: Harbor - cloud native registry project that stores, signs, and scans content.
:small_orange_diamond: http3-explained - a document describing the HTTP/3 and QUIC protocols.
:small_orange_diamond: HTTP/2 in Action - an excellent introduction to the new HTTP/2 standard.
:small_orange_diamond: Let's code a TCP/IP stack - great stuff to learn network and system programming at a deeper level.
- :small_orange_diamond: Nginx Admin's Handbook - describes how to improve NGINX performance, security and other important things.
+ :small_orange_diamond: Nginx Admin's Handbook - how to improve NGINX performance, security and other important things.
:small_orange_diamond: nginxconfig.io - NGINX config generator on steroids.
:small_orange_diamond: openssh guideline - is to help operational teams with the configuration of OpenSSH server and client.
:small_orange_diamond: SSH Handshake Explained - is a relatively brief description of the SSH handshake.
@@ -1034,7 +1034,7 @@ performance of any of your sites from across the globe.
:small_orange_diamond: Front-End-Checklist - the perfect Front-End Checklist for modern websites and meticulous developers.
- :small_orange_diamond: Front-End-Performance-Checklist - the only Front-End Performance Checklist that runs faster than the others.
+ :small_orange_diamond: Front-End-Performance-Checklist - Front-End Performance Checklist that runs faster than the others.
:small_orange_diamond: Python's Magic Methods - what are magic methods? They're everything in object-oriented Python.
:small_orange_diamond: wtfpython - a collection of surprising Python snippets and lesser-known features.
:small_orange_diamond: js-dev-reads - a list of books and articles for the discerning web developer to read.
@@ -1094,7 +1094,7 @@ performance of any of your sites from across the globe.
- :small_orange_diamond: A Netflix Guide to Microservices - alks about the chaotic and vibrant world of microservices at Netflix.
+ :small_orange_diamond: A Netflix Guide to Microservices - talks about the chaotic and vibrant world of microservices at Netflix.
:small_orange_diamond: Michał "lcamtuf" Zalewski - white hat hacker, computer security expert.
:small_orange_diamond: Mattias Geniar - developer, sysadmin, blogger, podcaster and public speaker.
:small_orange_diamond: Nick Craver - software developer and systems administrator for Stack Exchange.
- :small_orange_diamond: Scott Helme - security researcher, international speaker and founder of securityheaders.com and report-uri.com.
+ :small_orange_diamond: Scott Helme - security researcher, speaker and founder of securityheaders.com and report-uri.com.
:small_orange_diamond: Brian Krebs - The Washington Post and now an Independent investigative journalist.
:small_orange_diamond: Bruce Schneier - is an internationally renowned security technologist, called a "security guru".
:small_orange_diamond: Chrissy Morgan - advocate of practical learning, Chrissy also takes part in bug bounty programs.
@@ -1167,7 +1167,7 @@ Cybercrime Investigations - podcast by Geoff White about cybercrimes.
- :small_orange_diamond: rev3rse security - offensive, binary exploitation, web app security, vulnerability, hardening, red team, blue team.
+ :small_orange_diamond: rev3rse security - offensive, binary exploitation, web app security, hardening, red team, blue team.
:small_orange_diamond: LiveOverflow - a lot more advanced topics than what is typically offered in paid online courses - but for free.
:small_orange_diamond: J4vv4D - the important information regarding our internet security.
:small_orange_diamond:
@@ -1230,10 +1230,10 @@ CyberTalks - talks, interviews, and article about cybersecurity.
:small_orange_diamond: Metasploit - tool and framework for pentesting system, web and many more, contains a lot a ready to use exploit.
- :small_orange_diamond: Burp Suite - tool for testing web app security, intercepting proxy to replay, inject, scan and fuzz HTTP requests.
+ :small_orange_diamond: Burp Suite - tool for testing web app security, intercepting proxy to replay, inject, scan and fuzz.
:small_orange_diamond: OWASP Zed Attack Proxy - intercepting proxy to replay, inject, scan and fuzz HTTP requests.
:small_orange_diamond: w3af - is a Web Application Attack and Audit Framework.
- :small_orange_diamond: mitmproxy - an interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
+ :small_orange_diamond: mitmproxy - an interactive TLS-capable intercepting HTTP proxy for penetration testers.
:small_orange_diamond: Nikto2 - web server scanner which performs comprehensive tests against web servers for multiple items.
:small_orange_diamond: sqlmap - tool that automates the process of detecting and exploiting SQL injection flaws.
:small_orange_diamond: Recon-ng - is a full-featured Web Reconnaissance framework written in Python.
@@ -1319,11 +1319,11 @@ CyberTalks - talks, interviews, and article about cybersecurity.
:small_orange_diamond: OWASP Cheat Sheet Series - is a collection of high value information on specific application security topics.
:small_orange_diamond: OWASP dependency-check - is an open source solution the OWASP Top 10 2013 entry.
:small_orange_diamond: OWASP ProActive Controls - OWASP Top 10 Proactive Controls 2018.
- :small_orange_diamond: PENTESTING-BIBLE - hacking & penetration testing & red team & cyber security & computer science resources.
+ :small_orange_diamond: PENTESTING-BIBLE - hacking & penetration testing & red team & cyber security resources.
:small_orange_diamond: pentest-wiki - is a free online security knowledge library for pentesters/researchers.
:small_orange_diamond: DEF CON Media Server - great stuff from DEFCON.
:small_orange_diamond: Awesome Malware Analysis - a curated list of awesome malware analysis tools and resources.
- :small_orange_diamond: SQL Injection Cheat Sheet - detailed technical information about the many different variants of the SQL Injection.
+ :small_orange_diamond: SQL Injection Cheat Sheet - detailed technical stuff about the many different variants of the SQL Injection.
:small_orange_diamond: Entersoft Knowledge Base - great and detailed reference about vulnerabilities.
:small_orange_diamond: HTML5 Security Cheatsheet - a collection of HTML5 related XSS attack vectors.
:small_orange_diamond: XSS String Encoder - for generating XSS code to check your input validation filters against XSS.
From 859063552d0a42eaea6e2b104b29a3070ac0fa77 Mon Sep 17 00:00:00 2001
From: trimstray
:small_orange_diamond: secDevLabs - is a laboratory for learning secure web development in a practical manner.
:small_orange_diamond: CORS-vulnerable-Lab - sample vulnerable code and its exploit code.
:small_orange_diamond: RootTheBox - a Game of Hackers (CTF Scoreboard & Game Manager).
+ :small_orange_diamond: KONTRA - application security training (OWASP Top Web & Api).
:small_orange_diamond: mylg - utility which combines the functions of the different network probes in one diagnostic tool.
:small_orange_diamond: netcat - utility which reads and writes data across network connections, using the TCP/IP protocol.
+ :small_orange_diamond: socat - utility which transfers data between two objects.
:small_orange_diamond: tcpdump - is a powerful command-line packet analyzer.
:small_orange_diamond: tshark - is a tool that allows us to dump and analyze network traffic (wireshark cli).
:small_orange_diamond: Termshark - is a simple terminal user-interface for tshark.
@@ -1272,6 +1273,7 @@ CyberTalks - talks, interviews, and article about cybersecurity.
:small_orange_diamond: radare2 - framework for reverse-engineering and analyzing binaries.
:small_orange_diamond: routersploit - exploitation framework for embedded devices.
:small_orange_diamond: Ghidra - is a software reverse engineering (SRE) framework.
+ :small_orange_diamond: Cutter - is an SRE platform integrating Ghidra's decompiler.
:small_orange_diamond: Vulnreport - open-source pentesting management and automation platform by Salesforce Product Security.
:small_orange_diamond: Mentalist - is a graphical tool for custom wordlist generation.
:small_orange_diamond: archerysec - vulnerability assessment and management helps to perform scans and manage vulnerabilities.
@@ -1485,6 +1487,7 @@ AWS deployment tool.
+ :small_orange_diamond: #Libera - Free IRC network hosted by a Swiss non-profit. Used by many projects.
:small_orange_diamond: mycli - terminal client for MySQL with autocompletion and syntax highlighting.
:small_orange_diamond: litecli - SQLite CLI with autocompletion and syntax highlighting.
+ :small_orange_diamond: mssql-cli - SQL Server CLI with autocompletion and syntax highlighting.
:small_orange_diamond: OSQuery - is a SQL powered operating system instrumentation, monitoring, and analytics framework.
:small_orange_diamond: pgsync - sync data from one Postgres database to another.
:small_orange_diamond: iredis - a terminal client for redis with autocompletion and syntax highlighting.
From f911680d0cb356c4822dd01b6e5bf8bee35923fd Mon Sep 17 00:00:00 2001
From: Camilo Nova
:small_orange_diamond: AI Generated Photos - 100.000 AI generated faces.
- :small_orange_diamond: fakeface - fake faces browser.
:small_orange_diamond: fakenamegenerator - your randomly generated identity.
:small_orange_diamond: Intigriti Redirector - open redirect/SSRF payload generator.
- :small_orange_diamond: #Libera - Free IRC network hosted by a Swiss non-profit. Used by many projects.
:small_orange_diamond: mycli - terminal client for MySQL with autocompletion and syntax highlighting.
:small_orange_diamond: litecli - SQLite CLI with autocompletion and syntax highlighting.
- :small_orange_diamond: mssql-cli - SQL Server CLI with autocompletion and syntax highlighting.
+ :small_orange_diamond: mssql-cli - SQL Server CLI with autocompletion and syntax highlighting.
:small_orange_diamond: OSQuery - is a SQL powered operating system instrumentation, monitoring, and analytics framework.
:small_orange_diamond: pgsync - sync data from one Postgres database to another.
:small_orange_diamond: iredis - a terminal client for redis with autocompletion and syntax highlighting.
From dae3039b2b181ee5891f928b018960378da1fdee Mon Sep 17 00:00:00 2001
From: trimstray