Tools
Offensive & Defensive Tools
General Tools
- CyberChef: All-in-one data processing “Swiss Army Knife” for cyber pros.
- Carbon: Beautiful code snippet image generator.
- Netcraft Site Report: Website info, technologies, and security headers.
- CSP Evaluator: Analyse and improve Content Security Policy headers.
- WebCheck: Security header checker and quick web analysis.
- Interact sh: OOB (out-of-band) service for finding vulnerabilities.
- Subdomain Finder: Quick subdomain enumeration.
- Crackstation: Password hash cracking.
- ShellCheck Online: Analyze and lint your shell scripts in the browser.
- xssnow.in Serves as an educational guide and documentation platform for understanding and testing Cross-Site Scripting (XSS) security vulnerabilities.
Red Team & Post-Exploitation
- RevShells: Generate reverse shell commands for multiple languages.
- Art Toolkit: Useful red team resource.
- Exploit Notes: Quick exploit & payload references.
- JWT Auditor: Test JWT tokens for common security issues.
- adsecurity.org: is a cybersecurity blog focused on securing Active Directory and Azure AD/Entra ID, detailing attack methods, defenses, and practical security tips.
- BloodHound Queries For All: BloodHound Query Library
Obfuscation, Evasion, & Bypass
- AMSI Bypass Generator: Auto-generate AMSI bypass payloads for Windows.
- AMSI Bypass Generator: AMSI Bypass Generator.
- Argfuscator: Argument obfuscation for command line payloads.
- PowerShellForHackers: Handy online tool to generate reverse shell when doing red teaming.
- Pwnbase: Offensive Security Platform for Pentesters
Security Maps
- Red Team Map: Red Team Operations Architecture Map
- Active Directory Attack Map: AD Map
- Web Security Attack Surface Map: Web Security Map
Bug bounty related
- BugHunt Toolkit: BugHunt Toolkit
- HackByte: Generate personalized security reconnaissance commands for your target domains
- Fast Endpoint Buster: Uncover potential endpoints
- Bug bounty hunting: Bug Bounty Hunting Search Engine
Windows privesc
- Ghostpack-docs: Ghostpack - alwaysinstallelevated docs
- Windows-privesc: Windows privilege escalation
Linux privesc
- Linux-privesc: Linux privilege escalation
NXC
- NXC: NetExec
POC’s
- WatchStack.io: PoC Search Engine
- Sploitus : Exploit & Hacktool Search Engine
- exploit-db : Exploit database
Dork search
- All in one dorks!: Recon engine
- Google dorks for bug bounty: TakSec google dorks
- Recon Engine : Recone engine
- Search engine for bug bounty hunters : Search engine for bug bounty hunters
- Investigator Investigator - A recon tool
- Dork_Search: Dork Search
Knowledge Bases, Cheatsheets & Guides
General References
- OWASP: Security community, standards, and tools.
- OWASP Cheat Sheet Series: Practical advice for security testers.
- Payloads All The Things: Ultimate payload collection.
- Internal All The Things: Focus on internal network/pivoting.
- 0day today - Security Archive: Underground security archive featuring latest exploits.
- lolol.farm: Central index of LOTL related security projects. These projects document how everyday system components can be misused by adversaries and how defenders can detect or mitigate that misuse.
- lolAD: Living Off The Land and Exploitation Active Directory
- Pentestcheatsheet: Pentestcheatsheet
Writeups, Labs & Practical Guides
- PortSwigger Web Security Labs: Interactive hands-on web security labs.
- IppSec Rocks: Searchable index of IppSec’s HTB videos.
- HTB Resolved Machines: Solutions for Hack The Box retired machines.
- Vulnlabs: Security labs and learning content.
- Hacktricks: Tricks, tactics, and how-tos for pentesters.
- Red Team Notes 2.0: Red team knowledge base.
- Red Team Guide - Report Template: Professional reporting template.
- Embracethered: Red teaming blogs.
- Pentestbook (six2dez): Penetration testing wiki.
- Practical CTF (Jorian Woltjer): CTF tactics and walkthroughs.
- Pentesting Notes (Remco van der meer): Pentest field notes.
- 0xdf hacks stuff: Writeups and notes.
- The Hacker Recipes: Practical offensive and post-exploitation recipes.
- seriotonctf: CTF-focused resources.
AI, Red/Purple Teaming & Prompt Security
- Red Teaming - ChatGPT: ChatGPT GPT for red teaming.
- Purple Teaming: Cyber Defense and Offensive AI - ChatGPT: ChatGPT GPT for purple teaming.
- Azure PyRIT: Adversarial AI red teaming tool by Microsoft.
- Awesome LLM: Curated list of LLM (large language model) resources.
- Gandalf Game: Gamified prompt injection challenge.
- PromptAirlines: Prompt injection playground and awareness.
- GPT Prompt Attack: Test your prompt injection skills.
- GTP Game: LLM security challenge.
- TensorTrust AI: Prompt injection attack/defense simulation game.