Note: The headings in part 1 of this guide align with domains of the National Cyber League's CTF competition. Additionally, I acknowledge that there are many excellent paid tools and resources in the categories below. This list is intended to provide FOSS resources related to cybersecurity and ethical hacking, so for the most part, paid tools have been excluded.
-
OSINT Framework
An interactive chart linking various OSINT tools and resources. -
Ohshint Blog
A comprehensive OSINT blog covering tools and techniques. -
OSINT4ALL
A categorized collection of OSINT tools, search engines, and databases. -
Cipher387 on GitHub
A well-curated collection of OSINT tools and resources.
-
SpiderFoot
Automates OSINT for mapping attack surfaces and gathering intelligence. -
Metagoofil
Scrapes public documents from a domain to extract metadata. -
Recon-ng
A CLI-driven OSINT framework for information gathering. -
Google Dorking Database
A large collection of Google search queries (dorks) used to uncover hidden information. -
Google Reverse Image Search
Find visually similar images and track image origins. -
Google Advanced Search
Perform advanced search queries with refined filters. -
Google Advanced Image Search
Search for images using advanced filtering options.
-
Napalm FTP Indexer
Search engine indexing publicly accessible FTP servers. -
Freewareweb FTP Keyword Search
Searches thousands of public FTP servers by keyword. -
Mamont FTP Search Engine
One of the largest FTP search engines available. -
Global File Search
Tool for searching files across multiple FTP servers.
-
Netcraft Recon Tools
Suite of tools for website reconnaissance and threat analysis. -
Netcraft Website Recon
Provides detailed information on website hosting and infrastructure. -
DNSDumpster
DNS research tool for discovering hosts and subdomains. -
Domain Tools Whois Lookup
A tool for looking up domain information, including ownership and registration details. -
Pentest-Tools
Collection of tools for website reconnaissance. -
MXToolbox
Tools for domain lookup and reverse DNS checking. -
SecurityTrails
Advanced DNS enumeration tool with network mapping capabilities. -
Fierce
A CLI tool for DNS reconnaissance and subdomain discovery. -
DNSRecon
CLI tool for reverse DNS lookups and comprehensive DNS enumeration.
-
Spokeo
People search engine aggregating publicly available data. -
The Harvester
CLI tool to gather emails, subdomains, and hostnames from public sources. -
Sherlock
CLI tool to search for usernames across multiple social networks. -
Social Searcher
Track a target user across various social media platforms.
-
Shodan
Searches for internet-connected devices and IoT endpoints. -
Censys
Indexes devices and networks for cybersecurity research. -
ZoomEye
A search engine for discovering IoT and SCADA devices.
-
NetScanTools
A suite of network diagnostic tools including traceroute. -
PingPlotter
Graphical traceroute and network performance monitoring tool. -
EmailTrackerPro
Extracts email header information to trace email origins.
-
Maltego
Automated tool to map relationships between people, organizations, and digital infrastructure. -
Recon Dog
An all-in-one tool for basic information gathering using APIs. -
Kloth NSLookup
Online utility for performing DNS lookups. -
EXIF Tool
Online tool for extracting photo metadata (EXIF data). -
Reverse Shell Generator
Docker-based web tool for generating reverse shell payloads. -
Online Barcode Reader
A tool to scan and decode barcodes from images or webcam input.
-
Hybrid Analysis
Online malware analysis sandbox for dynamic file analysis. -
Any.Run
Interactive malware analysis platform for real-time investigation. -
Valkyrie Sandbox
Cloud-based sandbox for analyzing suspicious files. -
Joe Sandbox Cloud
Advanced malware behavior analysis with automated tools. -
Jotti
Free malware scanning using multiple antivirus engines.
-
Nmap Cheat Sheet
Handy reference guide for effective Nmap usage. -
Temp Mail
Disposable email service for temporary anonymity.
-
Heath Adams OSINT Course
A 4.5-hour masterclass in OSINT techniques by The Cyber Mentor. -
ITSEC OSINT Guide
A beginner-friendly guide covering OSINT fundamentals.
-
dCode.fr
A huge collection of cryptography tools, including a cipher identifier. -
Cryptography Toolbox
A collection of cryptographic tools for performing various cryptographic functions like hashing and encryption. -
DevGlan Cryptography
Online tools for encryption, decryption, and key generation. -
Hashes.com - Hash Identifier
A tool for identifying hash algorithms used for hashing passwords or files. -
TunnelsUp - Hash Analyzer
Another online tool to analyze and identify hash values and their algorithms. -
Openpgp.org
A public keyserver for managing and searching OpenPGP keys, useful for email encryption. -
Ubuntu Public Keyserver
A keyserver maintained by Ubuntu for managing PGP keys, often used in open-source software distributions. -
AperiSolve
A tool to decode hidden information within image files using steganography techniques.
-
CryptoTool Online
A hands-on cryptography simulator with interactive lessons. -
Cipher Machines
A resource for learning about historical cipher machines, encryption methods, and cryptographic history.
-
SecLists GitHub
A comprehensive collection of password lists and other wordlists used in security testing and cracking. -
Crackstation
An online hash-cracking tool using massive rainbow tables. -
Hashcat Example Table
A reference for identifying hash types. -
HashID
A Linux command-line tool for identifying hash types. -
Ophcrack SourceForge
A project providing rainbow tables for cracking NTLM hashes used for password recovery.
-
Autopsy
A digital forensics tool for disk and file system analysis. -
Volatility
A powerful memory forensics framework used in incident response. -
Metadata2Go - View File Metadata
A tool for viewing metadata embedded in files, such as EXIF data in images or document properties. -
List of File Signatures - Wikipedia
A detailed list of file signatures used in forensics to identify file types through magic bytes. -
Hexed.it
A free online tool for performing hexdumps and editing binary files, often used for file analysis and forensics.
-
DFIR Training
A training hub for digital forensics and incident response. -
Epoch Converter
A tool for converting Unix timestamps (epoch times), useful for analyzing file metadata and system logs.
(Section to be filled)
(Section to be filled)
(Section to be filled)
-
Burp Suite
A leading web vulnerability scanner and penetration testing tool. -
SiriHash
Validates security hashes for online libraries like jQuery. -
Pentest Tools
A suite of web application penetration testing tools for security audits, vulnerability scanning, and exploitation.
- OWASP Top 10
A crucial guide to web application vulnerabilities.
(Section to be filled)
(Section to be filled)
-
π Kali Linux
A powerful Linux distro for penetration testing and ethical hacking. -
π¦ ParrotOS
A privacy-focused OS for penetration testing and forensic analysis. -
π₯ BlackArch
A customizable Arch Linux-based security OS with thousands of tools.
