Awesome Security List For Fun And Profit | Massive Collection & Resources ⭐

Awesome Security List For Fun And Profit | Massive Collection & Resources :star:

Great security list for fun and profit for almost anything! :man_shrugging:

Table of Contents

  • Awesome lists
  • Books
  • Bug bounty
  • Cheat sheets
  • CTF
  • Decoder/Converter/Beautifier
  • Domain name Research / Analysis / Reputation
  • Exploits and vulnerabilities
  • Forensic
  • Free shell
  • Fun
  • Generic utilities
  • GNU/Linux
  • Honeypots
  • IP Research / Analysis / Investigation
  • Leak / Defaced
  • Learning / Exercises
  • Lock picking
  • Mail utilities
  • Malicious traffic detection
  • Malware / Botnet sources
  • Malware analysis - Sandbox
  • Malware analysis - Sandbox - Online
  • Mobile
  • Network
  • OSINT
  • OS X
  • Passwords
  • Penetration testing
  • Port scanners / Wide scans
  • Search engines
  • Security challenges / WarGames
  • Skimmer
  • SSH
  • SSL
  • TOR
  • VOIP
  • VPN
  • Vulnerable environments
  • Web browser
  • Windows
  • Wireless / Radio

Awesome lists :+1:

Books :books:

Name URL
Free programming books https://github.com/EbookFoundation/free-programming-books
Recommended Reading http://dfir.org/?q=node/8

Bug bounty :chocolate_bar:

Cheat sheets :+1:

CTF :triangular_flag_on_post:

Decoder/Converter/Beautifier :hurtrealbad:

Domain name Research / Analysis / Reputation :chart_with_downwards_trend:

Name URL
Archive https://archive.is/
Archive https://web.archive.org/ :star:
BGP Toolkit http://bgp.he.net/ :star:
Biggest DNS history https://securitytrails.com/list/ip/$IP :star:
Cache page http://www.cachedpages.com/
Cache view http://cachedview.com/
Checking multiple blocklists http://rbls.org/ :star:
DGA intro https://en.wikipedia.org/wiki/Domain_generation_algorithm
DNS Blacklists https://raw.githubusercontent.com/zbetcheckin/DNSBLs/master/active_dnsbls.txt
DNS dumpster https://dnsdumpster.com/
DNS Propagation Checker https://www.whatsmydns.net/
DNS stuff http://www.dnsstuff.com/
Domain analysis list https://github.com/rshipp/awesome-malware-analysis/#domain-analysis
Domain hijacking intro https://en.wikipedia.org/wiki/Domain_hijacking
Expired domain https://www.expireddomains.net/backorder-expired-domains/
Google https://www.google.com/transparencyreport/safebrowsing/diagnostic/
Into dns http://www.intodns.com/
Multi RBL http://multirbl.valli.org/lookup/ :star:
MXToolBox https://mxtoolbox.com/SuperTool.aspx#
Netcraft http://www.netcraft.com/
Reverse Whois https://reversewhois.domaintools.com/
Robtex https://www.robtex.com/dns/
Sucuri http://sitecheck.sucuri.net/scanner/
TCP utils http://www.tcpiputils.com/
Threat log http://www.threatlog.com/
Threat miner https://www.threatminer.org/
Top-Level Domains list https://data.iana.org/TLD/tlds-alpha-by-domain.txt :star:
Trusted source http://www.trustedsource.org/
URL Query http://urlquery.net/ :star:
URL scan https://urlscan.io/ :star:
URL shorter list https://mirror1.malwaredomains.com/files/url_shorteners.txt
URL Void http://www.urlvoid.com/
Virus total https://www.virustotal.com/#url
Whois - ARIN https://whois.arin.net/
Whois - LACNIC http://lacnic.net/cgi-bin/lacnic/whois
Whois - RIPE NCC https://apps.db.ripe.net/search/query.html
Whois - AFRINIC http://www.afrinic.net/fr/services/whois-query
Whois - APNIC http://wq.apnic.net/apnic-bin/whois.pl
Whois by registrant name http://viewdns.info/reversewhois/
Zeltser’s list https://zeltser.com/lookup-malicious-websites/

Exploits and vulnerabilities :door:

Forensic :mag:

Free shell :shell:

Name URL
FreeShells list http://www.freeshells.info/
Red-pill http://shells.red-pill.eu/

Fun :trollface:

Generic utilities :file_folder:

Will be reorganized

GNU/Linux

Honeypots :honey_pot:

IP Research / Analysis / Investigation

Leak / Defaced :ambulance:

Learning / Exercises :mortar_board:

Lock picking :closed_lock_with_key:

Mail utilities :mailbox_with_mail:

Malicious traffic detection :vertical_traffic_light:

Malware / Botnet sources :angel:

Name URL
0btemoslab tracker http://tracker.0btemoslab.com/
Abuse CH https://www.abuse.ch/
Benkow.cc tracker http://benkow.cc/
Botnet.fr https://www.botnets.fr/wiki/Main_Page
Clean MX http://support.clean-mx.de/clean-mx/viruses.php
Contagio http://contagiodump.blogspot.se/
Custom Google search engine https://cse.google.com/cse/home?cx=011750002002865445766%3Apc60zx1rliu (from Corey Harrell)
Cybercrime tracker http://cybercrime-tracker.net/
Dont need coffee http://malware.dontneedcoffee.com/
Exposed Botnets http://www.exposedbotnets.com/
H3X tracker http://tracker.h3x.eu/
Malc0de http://malc0de.com/database/
No more ransom https://www.nomoreransom.org/
Kernel mode http://www.kernelmode.info
Malware domain list http://www.malwaredomainlist.com
Malware domain blocklist http://www.malwaredomains.com
Malware museum https://archive.org/details/malwaremuseum
Malware src https://malwares.github.io/
Malware.lu https://malware.lu/
Mirai tracker https://mirai.security.gives/
MISP https://github.com/MISP/MISP
Ransomware overview https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml#
Ransomware simulator https://shinolocker.com/
Ransomware tracker https://ransomwaretracker.abuse.ch/tracker/
SafeGroup http://www.malware.pl/ - https://www.scumware.org/
Structured Threat Information eXpression https://stixproject.github.io/
The Zoo aka Malware DB https://ytisf.github.io/theZoo/
Total hash https://totalhash.cymru.com/
VirusBay https://beta.virusbay.io/
VirusShare https://virusshare.com/
VX Vault http://vxvault.net/
Yararules https://github.com/Yara-Rules/rules
ZeuS Tracker https://zeustracker.abuse.ch

Malware analysis - Sandbox :mask:

Malware analysis - Sandbox - Online :mask:

Mobile :iphone:

Network

OSINT

Name URL
Osint list https://github.com/jivoi/awesome-osint :star:
List of social network https://en.wikipedia.org/wiki/List_of_social_networking_websites :star:
Reddit https://www.reddit.com/r/SocialEngineering/
Maltego https://www.paterva.com/
Hunter https://hunter.io/
Pipl https://pipl.com/
Peek you http://www.peekyou.com/
Lullar http://com.lullar.com/
Lakako http://www.lakako.com/
Yasni http://www.yasni.com/
User search https://usersearch.org/
Google https://www.google.com/advanced_search
Google dorks intext:lastName firstName
Google dorks insubject:lastName firstName
Google dorks `intext:lastName firstName filetype:pdf
Google Scraper https://github.com/NikolaiT/GoogleScraper
Bing https://www.bing.com/
Bing dorks lastName firstName (filetype:doc OR filetype:ppt OR filetype:pps OR filetype:xls OR filetype:docx OR filetype:pptx OR filetype:ppsx OR filetype:xlsx OR filetype:sxw OR filetype:sxc OR filetype:sxi OR filetype:odt OR filetype:ods OR filetype:odg OR filetype:odp OR filetype:pdf OR filetype:wpd OR filetype:svg OR filetype:svgz OR filetype:indd OR filetype:rdp OR filetype:ica)
Yahoo https://search.yahoo.com/
Duck duck go https://duckduckgo.com/
Yandex https://www.yandex.com/
Exa lead http://www.exalead.com
Osint stalker https://github.com/milo2012/osintstalker
Speed phish framework https://github.com/tatanus/SPF
Browser exploitation framework https://github.com/beefproject/beef
The harvester https://github.com/laramies/theHarvester
Meta goofil https://github.com/laramies/metagoofil

OS X

Name URL
Awesome OSX & IOS sec list https://github.com/ashishb/osx-and-ios-security-awesome
OSX auditor https://github.com/jipegit/OSXAuditor
OWASP iGoat Project https://www.owasp.org/index.php/OWASP_iGoat_Project
Security and privacy guide https://github.com/drduh/OS-X-Security-and-Privacy-Guide
stronghold - Easily configure MacOS security settings from the terminal. https://github.com/alichtman/stronghold

Passwords :key:

Name URL
CrackStation https://crackstation.net/buy-crackstation-wordlist-password-cracking-dictionary.htm
Default password https://default-password.info/
Default password https://cirt.net/passwords
Default password http://www.defaultpassword.com/
Default password http://www.defaultpassword.us/
Default cameras password https://github.com/jeanphorn/wordlist/blob/master/README.md
Default password thc-hydra https://github.com/vanhauser-thc/thc-hydra/blob/master/dpl4hydra_full.csv
Dafault router password http://www.cleancss.com/router-default/
Default router password https://github.com/jeanphorn/wordlist/blob/master/router_default_password.md
Default VoIP password https://github.com/netbiosX/Default-Credentials/blob/master/VoIP-Default-Password-List.mdown
Fun secure password checker https://password.kaspersky.com/
Hashcat WIKI https://hashcat.net/wiki/
Multiple dictionary https://github.com/danielmiessler/SecLists/tree/master/Passwords
Multiple dictionary https://github.com/duyetdev/bruteforce-database
Online CrackStation https://crackstation.net
Online Hask Killer https://hashkiller.co.uk
Online Hash crack http://www.onlinehashcrack.com/
Online MD5 and SHA1 db http://hashtoolkit.com/
OpenWall http://www.openwall.com/passwords/wordlists/ or ftp://ftp.openwall.com/pub/wordlists/
Outpost9 http://www.outpost9.com/files/WordLists.html
Packets storm https://packetstormsecurity.com/Crackers/wordlists/
Password research http://www.passwordresearch.com/
Programming - Secure Password Storage https://paragonie.com/blog/2016/02/how-safely-store-password-in-2016
SecLists https://github.com/danielmiessler/SecLists/tree/master/Passwords
Skull security https://wiki.skullsecurity.org/Passwords
SSH dictionary https://github.com/droope/pwlist

Penetration testing :wrench:

Name URL
Awesome pentest https://github.com/enaqx/awesome-pentest
Awesome WAF https://github.com/0xInfection/Awesome-WAF
Footprinting - Procedure & tools http://www.0daysecurity.com/penetration-testing/network-footprinting.html
GNU/Linux privilege escalation https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/ :star:
Informaion gathering - Tools http://www.w4rri0r.com/hacking-tools-windows-os-x-linux-android-solaris-unixware/information-gathering.html
IppSec channel https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA
Organization of the Standard http://www.pentest-standard.org/index.php/Main_Page :star:
Owasp - Check list https://www.owasp.org/index.php/Testing_Checklist
Owasp testing guide https://www.owasp.org/images/1/19/OTGv4.pdf :star::star:
Owasp - tools https://www.owasp.org/index.php/Category:OWASP_Tool
Public pentest reports https://github.com/juliocesarfort/public-pentesting-reports :star:
Python tools for pentest https://github.com/dloss/python-pentest-tools
Report sample https://www.offensive-security.com/reports/sample-penetration-testing-report.pdf
Reverse engineering http://wiki.yobi.be/wiki/Reverse-Engineering
SANS Penetration Testing http://pen-testing.sans.org
Services enumeration http://www.0daysecurity.com/penetration-testing/enumeration.html :star:
Tools - BlackArch list https://blackarch.org/tools.html
Tools - Great list http://wiki.yobi.be/wiki/Table_of_contents#Security
Tools - Kali list http://tools.kali.org/tools-listing
Web http://www.w4rri0r.com/hacking-tools-windows-os-x-linux-android-solaris-unixware/web-application-analysis.html
Web vulnerabilities http://www.w4rri0r.com/hacking-tools-windows-os-x-linux-android-solaris-unixware/vulnerability-assessment.html
Webshell list https://github.com/tennc/webshell

Port scanners :dart: && Wide Scans :statue_of_liberty:

Search engines :satellite:

Security challenges / WarGames :triangular_flag_on_post:

Skimmer :black_joker:

SSH

SSL

TOR

VOIP :phone:

VPN

Vulnerable environments :unlock:

Web browser

Windows

Wireless / Radio :signal_strength:

Inspired by nothink.org

ENJOY & HAPPY LEARNING! :heart:

Appreciate the share & feedback! don’t be cheap!

33 Likes

Great collection of these list, appreciate :+1:

2 Likes

Amazing list and helpful list like always Sam, thank you much!

3 Likes

Amazing! Thank you!

2 Likes

Brilliant, Thanks :100:

2 Likes

SICKBOY SAYS WHAT A HOOTER..MANY THANKS :speak_no_evil: :hear_no_evil:

1 Like

Thanks Gotta dig for a while

4 Likes

Awesome list indeed!

Just perfect my man! Thanks!