Below you’ll find a list of information security tools I use for assessments, investigations and other cybersecurity tasks. Also worth checking out is CISA’s list of free cybersecurity services and tools.

OSINT / Reconnaissance

Scanning / Enumeration

Phishing

Exploits

  • Bug Bounty Hunting Search Engine - Search for writeups, payloads, bug bounty tips, and more…
  • CP-R Evasion Techniques
  • DROPS - Dynamic CheatSheet/Command Generator
  • ExploitDB - Huge repository of exploits from Offensive Security.
  • files.ninja - Upload any file and find similar files.
  • Google Hacking Database (GHDB) - A list of Google search queries used in the OSINT phase of penetration testing.
  • GTFOArgs - Curated list of Unix binaries that can be manipulated for argument injection.
  • GTFOBins - Curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems.
  • Hijack Libs - Curated list of DLL Hijacking candidates.
  • Living Off Trusted Sites (LOTS) Project - Repository of popular, legitimate domains that can be used to conduct phishing, C2, exfiltration & tool downloading while evading detection.
  • LOLBAS - Curated list of Windows binaries that can be used to bypass local security restrictions in misconfigured systems.
  • LOOBins - Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in macOS binaries and how they can be used by threat actors for malicious purposes.
  • SPLOITUS - Exploit search database.
  • XSSed - Information on and an archive of Cross-Site-Scripting (XSS) attacks.

Password

Vulnerability Catalogs & Tools

Red Team

Malware Analysis / Investigation / Intelligence / Forensics

Cloud

OS / Scripting

Regex

Sec Blogs

Check out this huge list of infosec blogs.

Programming

  • carbon - Create and share beautiful images of source code.
  • W3 Validator - Check HTML to see if it is W3 compliant.

Assembly / Reverse Engineering

Other