The Ultimate Windows Utility
- https://christitus.com/windows-tool/
Privacy Settings for windows
**************************************************************************************
Finding Information everywhere:-
Public resources - Websites, directories, email, job sites, Social
websites.
Google Hacking database:
https://www.exploit-db.com/google-hacking-database
HTTrack Website Copier
https://www.httrack.com/
Montastic is free for open source software
https://www.montastic.com/
StatusOK
Monitor your Website and APIs from your computer. Get notified
through Slack or E-mail when your server is down or response time
is more than expected.
https://github.com/sanathp/statusok
https://www.shodan.io/
Shodan is the world's first search engine for Internet-connected
devices.
Email Header look up
https://mxtoolbox.com/
Metagoofil is an information gathering tool designed for
extracting metadata of public documents
https://www.kali.org/tools/metagoofil/
FOCA (Fingerprinting Organizations with Collected Archives)
https://github.com/ElevenPaths/FOCA
theHarvester : Use it for open source intelligence (OSINT)
gathering to help determine a company's external threat landscape
on the internet.
https://github.com/laramies/theHarvester
https://www.kali.org/tools/theharvester/
DMARC, which stands for “Domain-based Message Authentication,
Reporting & Conformance”, is an email authentication, policy,
and reporting protocol.
https://dmarc.org/
The Anti Hacker Alliance™ fights against Hackers
https://anti-hacker-alliance.com/
tracert google.com
pathping google.com
Network Tools: The Trusted Free Online
https://network-tools.com/
dig Command in Linux
https://www.geeksforgeeks.org/dig-command-in-linux-with-examples/
https://toolbox.googleapps.com/apps/main/
https://dnsdumpster.com/
https://who.is/
ip logger : can track geo location using ip logger URL
https://iplogger.org/
SSDP: Simple Service Discovery Protocol
https://www.spiceworks.com/free-network-monitoring-management-software/
NetworkMiner is an open source Network Forensic Analysis Tool
(NFAT) for Windows (but also works in Linux / Mac OS X /
FreeBSD).
https://www.netresec.com/?page=NetworkMiner
FING App : https://www.fing.com/products/fing-app
Nikto :
Nikto is a free software command-line vulnerability scanner that
scans webservers for dangerous files/CGIs, outdated server
software and other problems.
https://www.kali.org/tools/nikto/
TOR flow network
https://torflow.uncharted.software/
SSH tunnels:
https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
https://www.putty.org/
https://www.mitec.cz/netscan.html
https://www.softperfect.com/products/networkscanner/
https://www.ireasoning.com/mibbrowser.shtml
zaproxy
https://www.kali.org/tools/zaproxy/
gobuster
https://www.kali.org/tools/gobuster/
NetScanTools Basic Edition
https://www.netscantools.com/nstbasicmain.html
LDAP
https://sourceforge.net/projects/ldapadmin/
NIST SP 800-30, Page 78
https://www.nist.gov/privacy-framework/nist-sp-800-30
NIST: Common Vulnerability Scoring System Calculator [CVSS]
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator
Learn Vulnerability scan from Web
https://www.hacker101.com/start-here
https://ctf.hacker101.com/auth/login
https://www.hackerone.com/
Commando VM:
https://www.mandiant.com/resources/commando-vm-windows-offensive-distribution
Github link:-
https://github.com/mandiant/commando-vm
Yersinia attack Tool:
https://www.kali.org/tools/yersinia/
Use with Wireshark
https://dev.maxmind.com/geoip/geolite2-free-geolocation-data?lang=en
https://www.nagios.org/
https://www.tenable.com/products/nessus
https://www.gfi.com/
https://sectools.org/
Password cracking Tools:
L0phtCrack 7.2.0 has been released as an open source project
https://gitlab.com/l0phtcrack/l0phtcrack/-/releases
Ophcrack is a free Windows password cracker based on rainbow
tables.
https://ophcrack.sourceforge.io/
John the Ripper
Cain and Abel
Secure Hash Algorithms used for hashing the passwords
Rainbow crack:-
http://project-rainbowcrack.com/
Create the Hash format for password
https://www.fileformat.info/tool/hash.htm
Online Reverse Hash Lookup
http://reverse-hash-lookup.online-domain-tools.com/
http://www.md5.cz/
Password Resetting Tool:
https://trinityhome.org/
https://www.password-changer.com/index.html
simda bot free ip scanner
https://checkip.kaspersky.com/
Reference: Transcriptase–Light: A Polymorphic Virus Construction
Kit
https://scholarworks.sjsu.edu/cgi/viewcontent.cgi?article=1513&context=etd_projects
OASIS OPEN:
https://www.oasis-open.org/
Some enterprise products as examples
https://www.sonicwall.com/products/firewalls/
Reverse Engineering Malware
https://zeltser.com/mastering-4-stages-of-malware-analysis/
https://cuckoosandbox.org/
malware-traffic-analysis
A source for packet capture (pcap) files and malware samples
https://www.malware-traffic-analysis.net/
Sniffing Tool and TEchniques
Tools
Android Software - tPacketCapture
https://www.taosoftware.co.jp/en/android/packetcapture/
Linux Tools
Tcpdump
Ettercap
Dsniff
Windows - WhoFi
https://whofi.com/agents/windows/
The Social-Engineer Toolkit (SET)
The Social-Engineer Toolkit (SET) - TrustedSec
https://www.trustedsec.com/
Spamhaus
https://www.spamhaus.org/statistics/spammers/
Digital Attack Map
https://www.digitalattackmap.com/
Project Shield
Project Shield, created by Google Cloud and Jigsaw and powered
by Google Cloud Armor, provides free unlimited protection
against DDoS attacks, a type of digital attack used to censor
information by taking websites offline
https://projectshield.withgoogle.com/landing
Repose
is an open-source, RESTful, middleware platform that
transparently integrates with your existing infrastructure.
Repose provides highly scalable and extensible solutions to API
processing tasks such as authentication, rate limiting, API
validation, HTTP request logging, and much more.
https://repose.atlassian.net/wiki/spaces/REPOSE/overview
Websocketd
http://websocketd.com/
https://github.com/joewalnes/websocketd
Cookie hijacking
Tampermonkey:-
https://www.tampermonkey.net/
https://chrome.google.com/webstore/detail/tampermonkey/dhdgffkkebhmkfjojejmpbldmpobfkfo?hl=en
Subterfuge-Framework /Framework for Man-In-The-Middle
attacks
https://github.com/Subterfuge-Framework/Subterfuge
Acrylic Wi-Fi Home – WiFi Scanner
https://www.acrylicwifi.com/en/wlan-wifi-wireless-network-software-tools/wlan-scanner-acrylic-wifi-free/
Windows DNS Log Analyser
https://support.moonpoint.com/reviews/software/windows/network/dns/WDLA/
Networking using GN3
GNS3 : https://www.gns3.com/
Suricata
Suricata is the leading independent open source threat detection
engine. By combining intrusion detection (IDS), intrusion
prevention (IPS), network security monitoring (NSM) and PCAP
processing, Suricata can quickly identify, stop, and assess even
the most sophisticated attacks.
https://suricata.io/
Security Onion
Security Onion Solutions, LLC is the creator and maintainer of
Security Onion, a free and open platform for threat hunting,
network security monitoring, and log management. Security Onion
includes best-of-breed free and open tools including Suricata,
Zeek, Wazuh, the Elastic Stack and many others.
https://securityonionsolutions.com/
Tools
http://websocketd.com/
Google QUIC
burpsuite | Kali Linux Tools
https://www.kali.org/tools/burpsuite/
Testing vulnerable website
http://zero.webappsecurity.com/
OWASP WebGoat - Learn the hack - Stop the attack
https://owasp.org/www-project-webgoat/
Fingerprinting
whatweb
Web Security Dojo
A free open-source self-contained training environment for Web
Application Security penetration testing. Tools + Targets = Dojo
https://www.mavensecurity.com/resources/web-security-dojo
How to scrape sitemap: Site map
-
https://chromewebstore.google.com/detail/sitemap-explorer/jamphegminpokpnalkjiecfoobdnlmfb?pli=1
- https://www.seowl.co/sitemap-extractor/
- https://robhammond.uk/tools/xml-extract
- https://www.xml-sitemaps.com/
-
https://www.mariolambertucci.com/how-to-extract-urls-from-sitemaps/
Comments
Post a Comment