#Security list for fun and profit

My initial idea came from this list : http://www.nothink.org/utilities.php
I wanted to update it with my sources, I will probably continue to update and reorganize it in the future.

• Awesome lists
  
• Cheat sheets
  
• Penetration testing
  
• Exploits and vulnerabilities
  
• CTF
  
• Exercises
  
• Vulnerable environments
  
• Security challenges
  
• Bug bounty
  
• Port scanners
  
• Search engines
  
• Wide Scans
  
• Honeypots
  
• Malware / Botnet sources
  
• Malware analysis - Sandbox
  
• Online malware analysis - Sandbox
  
• Decoder/Packer/Unpacker
  
• Free shell
  
• Domain reputation
  
• Mail utilities
  
• Passwords list
  
• Generic utilities
  
• Defaced websites / Data leak
  
• Forensic - Network
  
• IP List
  
• VPN List
  
• Web browser test
  
• Fingerprint
  
• SSL
  
• Tor resources
  
• Fun
  

##Awesome lists 👍

Name	URL
Malware analysis	https://github.com/rshipp/awesome-malware-analysis/
Incident response	https://github.com/meirwah/awesome-incident-response/
Honeypots	https://github.com/paralax/awesome-honeypots
PCAP	https://github.com/caesar0301/awesome-pcaptools
Network	https://github.com/Security-Onion-Solutions/security-onion/wiki/Tools
GNU/Linux workstation	https://github.com/lfit/itpol/blob/master/linux-workstation-security.md
GNU/Linux post exploitation	https://github.com/mubix/post-exploitation/wiki/Linux-Post-Exploitation-Command-List
GNU/Linux containers	https://github.com/Friz-zy/awesome-linux-containers#security
Android	https://github.com/ashishb/android-security-awesome
Web	https://github.com/infoslack/awesome-web-hacking
Security list	https://github.com/sbilly/awesome-security
Lists of lists of lists	https://github.com/t3chnoboy/awesome-awesome-awesome
Other lists of lists of lists	https://github.com/geekan/awesome-awesome-awesome

##Cheat sheets 👍

Name	URL
Owasp cheat sheet series	https://www.owasp.org/index.php/OWASP_Cheat_Sheet_Series
Web application cheat sheet	https://www.owasp.org/index.php/Web_Application_Security_Testing_Cheat_Sheet
Pentest monkey	http://pentestmonkey.net
Packet life	http://packetlife.net/library/cheat-sheets/
Reverse	http://r00ted.com/cheat%20sheet%20reverse%20v5.png
SANS Penetration Testing	http://pen-testing.sans.org
SANS Forensic	https://digital-forensics.sans.org/community/cheat-sheets
SQL injection	http://websec.ca/kb/sql_injection
Zeltser's cheat sheets list	https://zeltser.com/cheat-sheets/

##Penetration testing 🔧

Name	URL
Owasp Check list	https://www.owasp.org/index.php/Testing_Checklist
Owasp testing guide	https://www.owasp.org/images/5/52/OWASP_Testing_Guide_v4.pdf
Owasp tools	https://www.owasp.org/index.php/Category:OWASP_Tool
Services enumeration	http://www.0daysecurity.com/penetration-testing/enumeration.html - Thx rawger
Informaion gathering	http://www.w4rri0r.com/softwares-freeware-shareware-open-source/information-gathering.html
Footprinting	http://www.0daysecurity.com/penetration-testing/network-footprinting.html
Web	http://www.w4rri0r.com/softwares-freeware-shareware-open-source/web-application-analysis.html
Vulnerability	http://www.w4rri0r.com/softwares-freeware-shareware-open-source/vulnerability-assessment.html
More tools	https://github.com/enaqx/awesome-pentest

##Exploits and vulnerabilities 🚪

Name	URL
CVEdetails	http://www.cvedetails.com/
CVE.mitre	https://cve.mitre.org/
Full disclosure	http://seclists.org/fulldisclosure/
CXSecurity	https://cxsecurity.com/
Exploit-db	http://www.exploit-db.com
Vulnerability-lab	http://www.vulnerability-lab.com/
Inj3ct0r	http://0day.today/
Rapid7 DB	https://www.rapid7.com/db/modules/
Intelligent Exploit	http://www.intelligentexploit.com
Exploits download	http://www.exploitsdownload.com
NIST	http://web.nvd.nist.gov/
Security focus	http://www.securityfocus.com/vulnerabilities

##CTF 🚩

Name	URL
CTFTIME	https://ctftime.org/
Write-ups	https://github.com/ctfs
Reddit	https://www.reddit.com/r/securityctf
Tools list	https://github.com/Laxa/HackingTools
Tools list	https://github.com/zardus/ctf-tools
Tools list	https://github.com/apsdehal/awesome-ctf
Tools list	http://tools.kali.org/tools-listing

##Exercises 🎓

Name	URL
Reverse - Malware	http://fumalwareanalysis.blogspot.se/p/malware-analysis-tutorials-reverse.html
Network - Malware	http://www.malware-traffic-analysis.net/training-exercises.html
Network - Forensic	https://www.honeynet.org/node/504
Exploits	https://exploit-exercises.com/
Exploits	https://thesprawl.org/research/

##Vulnerable environments 🔓

Name	URL
Owasp list	https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project/Pages/Offline
Owasp BWA	https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project
DVWA	http://www.dvwa.co.uk/
WebGoat	http://code.google.com/p/webgoat
Metasploitable	http://information.rapid7.com
VulnHub	http://vulnhub.com/
LampSecurity	http://sourceforge.net/projects/lampsecurity/
Dragon	https://www.dragonresearchgroup.org/challenges/
Hackademic-RTB1	http://www.aldeid.com/wiki/Hackademic-RTB1
Igoat	http://code.google.com/p/owasp-igoat/
Moth	http://www.bonsai-sec.com
Peruggia	http://sourceforge.net/projects/peruggia/
XSS play ground	http://xssplayground.net23.net/

##Security challenges 🚩

Name	URL
Zenk-Security	https://www.zenk-security.com/
Root-Me	http://www.root-me.org/
Newbiecontest	https://www.newbiecontest.org/
OWASP VWAD list	https://github.com/OWASP/OWASP-VWAD/blob/master/src/online.tsv
WeChall	https://www.wechall.net/
Vulnhub	https://www.vulnhub.com/
Hackthissite	http://www.hackthissite.org/
Hack.me	https://hack.me
HackThis!	http://www.hackthis.co.uk/
Backdoor.Sdslabs	https://backdoor.sdslabs.co/
Bright-shadows	http://www.bright-shadows.net/
SmashTheStack	http://smashthestack.org/
Overthewire	http://overthewire.org/wargames/
Ringzer0team	https://ringzer0team.com/challenges
Forensic contest	http://forensicscontest.com/puzzles
More challenges	http://captf.com/practice-ctf/

##Bug bounty 🍫

Name	URL
BugCrowd.com	https://bugcrowd.com/programs
HackerOne	https://hackerone.com
BountyFactory	https://bountyfactory.io
Firebounty	https://firebounty.com
Bugsheet	http://www.bugsheet.com/
BountySource	https://www.bountysource.com/
NewsLetter about bug bounty	http://bugbountyweekly.com
More bug bounty	https://bugcrowd.com/list-of-bug-bounty-programs#

##Port scanners 🎯

Name	URL
Masscan	https://github.com/robertdavidgraham/masscan
Nmap	https://nmap.org/7/
Zmap	https://zmap.io/
Nscan	https://github.com/OffensivePython/Nscan
Scanrand	https://www.sans.org/security-resources/idfaq/scanrand.php
PFRing	https://github.com/ntop/PF_RING - High-speed packet processing framework

##Search engines 📡

Name	URL
ZoomEye	https://zoomeye.org/
Shodan	https://www.shodan.io/
Censys	https://censys.io/

##Wide Scans 🌎

Name	URL
Scans.io	https://scans.io/
Rapid7 Sonar Labs	https://sonar.labs.rapid7.com/
Similar projects	https://github.com/rapid7/sonar/wiki/Similar-Projects
Defcon conference	https://defcon.org/
Blackhat conference	https://www.blackhat.com/

##Honeypots 🍯

Name	URL
Awesome list - All of them !	https://github.com/paralax/awesome-honeypots#honeypots
Live nothink	http://www.nothink.org/honeypots.php
Live sshpot	http://sshpot.com/

##Malware / Botnet sources 👼

Name	URL
Malc0de	http://malc0de.com/database/
Malekal	http://malwaredb.malekal.com/
Botnet.fr	https://www.botnets.fr/wiki/Main_Page
Malshare	http://malshare.com
Exposed Botnets	http://www.exposedbotnets.com/
VX Vault	http://vxvault.siri-urz.net
Open Malware	http://openmalware.org/
Total hash	https://totalhash.cymru.com/
Contagio	http://contagiodump.blogspot.se/
VirusShare	http://virusshare.com/
Virusign	http://www.virusign.com/
Malware domain list	http://www.malwaredomainlist.com
Malware.lu	https://malware.lu/
Cybercrime tracker	http://cybercrime-tracker.net/
SafeGroup	http://www.malware.pl/
NovCon Minotaur	http://minotauranalysis.com
Clean MX	http://support.clean-mx.de/clean-mx/viruses.php
Edu malrec	http://panda.gtisc.gatech.edu/malrec/
Secubox Labs	http://secuboxlabs.fr/
Abuse CH	https://www.abuse.ch/
Maltrieve	https://github.com/technoskald/maltrieve
Malware domain blocklist	http://www.malwaredomains.com
Tool Mwcrawler	https://github.com/0day1day/mwcrawler
ZeuS Tracker	https://zeustracker.abuse.ch
theZoo aka Malware DB	https://ytisf.github.io/theZoo/

##Malware analysis - Sandbox 😷

Name	URL
Zeltser's list	https://zeltser.com/automated-malware-analysis/
Cuckoo Sandbox	https://www.cuckoosandbox.org/
Mastiff	https://github.com/KoreLogicSecurity/mastiff
Quarkslab IRMA	http://irma.quarkslab.com/
Viper	https://github.com/viper-framework/viper
REMnux	http://zeltser.com/remnux/
Fastir	https://github.com/SekoiaLab/Fastir_Collector
Zeltser analysis	http://zeltser.com/reverse-malware/automated-malware-analysis.html
Dorothy2	https://github.com/m4rco-/dorothy2
F-Secure see	https://github.com/F-Secure/see
Noriben	https://github.com/Rurik/Noriben
Norman	http://enterprise.norman.com/analysis
Malheur	https://github.com/rieck/malheur
Drakvuf	https://github.com/tklengyel/drakvuf
Zero Wine Tryouts	http://zerowine-tryout.sourceforge.net/
CWSandbox	http://www.cwsandbox.org
RFI sandbox	https://monkey.org/~jose/software/rfi-sandbox/
Malwasm	https://github.com/malwarelu/malwasm
Androidsandbox	http://androidsandbox.net/ (temporarily out of service)

##Online malware analysis - Sandbox 😷

Name	URL
Malwr	https://malwr.com/submission/
Hybrid analysis	https://www.hybrid-analysis.com/
Virscan	http://www.virscan.org/
Virusade	http://virusade.com/
VirusTotal	http://www.virustotal.com/
Malwareconfig	http://malwareconfig.com/
Deepviz	https://sandbox.deepviz.com/
AVcaesar	https://avcaesar.malware.lu/
Detux GNU/Linux sandbox	http://detux.org/
Vscan	http://vscan.novirusthanks.org/
Mastiff online	https://mastiff-online.korelogic.com/
APK Analzyer	http://www.apk-analyzer.net/
AndroTotal	https://andrototal.org/
Comodo	http://camas.comodo.com/cgi-bin/submit
Document Analyzer	http://www.document-analyzer.net/
Malware tracker	http://www.cryptam.com/
Metascan	https://www.metascan-online.com/
Jotti	http://virusscan.jotti.org/it
ViCheck	https://www.vicheck.ca/
PDF examiner	http://www.pdfexaminer.com/
Randomly changes Win32/64 PE Files	https://github.com/secretsquirrel/recomposer
Virus Total Notifier	https://github.com/mubix/vt-notify
Other list	http://cleanbytes.net/malware-online-scanners

##Decoder/Packer/Unpacker

Name	URL
URL	http://meyerweb.com/eric/tools/dencoder/
HEXdecoder	http://ddecode.com/hexdecoder/
JSDetox	http://www.relentless-coding.com/projects/jsdetox/
JSNice	http://www.jsnice.org/
JSUnpack	https://github.com/urule99/jsunpack-n
JSBeautifier	http://jsbeautifier.org/
JavaScript Compressor	http://dean.edwards.name/packer/
Jjencode	http://utf-8.jp/public/jjencode.html
JSFuck	http://www.jsfuck.com/
Jsobfuscate	http://www.jsobfuscate.com/
Netteleuthe	http://www.netteleuthe.de/gc/
PHPdecoder	http://ddecode.com/phpdecoder/
PHP encoding	http://yehg.net/encoding/
Hackvertor (Tag based decoder/encoder)	https://hackvertor.co.uk/public

##Free shell 🐚

Name	URL
FreeShells list	http://www.freeshells.info/
Devio.us OpenBSD	http://devio.us/
Red-pill	http://shells.red-pill.eu/

##Domain reputation 📉

Name	URL
Domain Analysis	https://github.com/rshipp/awesome-malware-analysis/#domain-analysis
Zeltser's list	https://zeltser.com/lookup-malicious-websites/
Alien Vault	http://www.alienvault.com
Isithacked	http://www.isithacked.com
Sucuri	http://sitecheck.sucuri.net/scanner/
Trustedsource	http://www.trustedsource.org/
urlQuery	http://urlquery.net/search.php
URLVoid	http://www.urlvoid.com/
Haveibeenpwned	http://haveibeenpwned.com/
IPVoid	http://www.ipvoid.com/

##Mail utilities 📬

Name	URL
10 Minute Mail	http://10minutemail.com
Spam DB	http://www.dnsbl.info/dnsbl-database-check.php
Mxtoolbox	http://www.mxtoolbox.com/
Open relay	http://www.mailradar.com
Openresolver JP	http://www.openresolver.jp/en/
DKIM validator	http://dkimvalidator.com/

##Passwords list 🔑

Name	URL
Skull security list	https://wiki.skullsecurity.org/Passwords
SecLists	https://github.com/danielmiessler/SecLists/tree/master/Passwords
Other list	http://www.openwall.com/passwords/wordlists/

##Generic utilities 📁 Will be reorganized

Name	URL
Linux executable walkthrough	https://i.imgur.com/q5nyHp7.png
Windows executable walkthrough	https://i.imgur.com/pHjcI.png
Understand your commands	http://explainshell.com
w4rri0r toolbox	http://www.w4rri0r.com/
Code analysises	https://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis
Python tools	http://s3ize.blogspot.fr/2012/08/python-tools-for-penetration-testers.html
Tools	http://seclist.us/
Sans	http://isc.sans.edu/diary/
Hackforum	http://hackforums.net/
Codepad	http://codepad.org/
Browserling	http://browserling.com/
GZinflate	http://www.tareeinternet.com/scripts/decrypt.php
Hurl	http://www.hurl.it/
Magic-net	http://www.magic-net.info
MAC_Find	http://www.coffer.com/mac_find/
MAC_Search	http://hwaddress.com
Mibbit	http://www.mibbit.com/
Skype grab	http://skypegrab.net/resolver.php
Microsoft security scanner	http://www.microsoft.com/security
Microsoft threat	http://www.microsoft.com/security
Random data generator	http://www.mockaroo.com/
Nmap-parser	http://www.nmap-parser.org/
Ping.eu	http://ping.eu/
Project Honeypot	https://www.projecthoneypot.org/
Router-defaults	http://router-defaults.com/
Sandsprite	http://sandsprite.com/shellcode_2_exe.php
Uptimerobot	http://uptimerobot.com/
Fake ID	http://www.fakenamegenerator.com/

##Defaced websites / Data leak 🚑

Name	URL
URL Find	http://urlfind.org/
XSSposed	https://www.xssposed.org/
Leakedin	http://www.leakedin.com/

##Forensic - Network 🔍

Name	URL
Forensic tools	http://forensicswiki.org/wiki/Tools
Windows tools list	http://forensic-proof.com/tools
More forensic links	http://www.amanhardikar.com/mindmaps/ForensicChallenges.html
Wireshark extentions	https://www.honeynet.org/project/WiresharkExtensions
GNU/Linux monitoring	https://blog.serverdensity.com/80-linux-monitoring-tools-know/
Anti forensic Windows	https://www.reddit.com/r/security/
Testing Images	http://dftt.sourceforge.net/

##IP List

Name	URL
BGP Toolkit	http://bgp.he.net/
Check-host	http://check-host.net/
Nirsoft country IP	http://www.nirsoft.net/countryip/
Wikiscan	http://fr.wikiscan.org/plage-ip
Malicious IP	https://zeltser.com/malicious-ip-blocklists/

##VPN List

Name	URL
Comparaison	https://docs.google.com/spreadsheets/d/1FJTvWT5RHFSYuEoFVpAeQjuQPU4BVzbOigT0xebxTOw/

##Web browser test

Name	URL
Location test	https://www.dnsleaktest.com/
Location test	https://ipleak.net/
Fingerprint	https://amiunique.org/
Fingerprint	https://panopticlick.eff.org/
SSL	https://www.ssllabs.com/ssltest/viewMyClient.html
User agent	http://whatsmyuseragent.com/
Referer	https://www.whatismyreferer.com/
Flash	http://isflashinstalled.com/

##Fingerprint

Name	URL
Robtex	https://www.robtex.com/dns/
Netcraft	http://www.netcraft.com/
TCP utils	http://www.tcpiputils.com/
DNS stuff	http://www.dnsstuff.com/
Into dns	http://www.intodns.com/
Web archive	https://web.archive.org/web/*/
Web cookies	http://webcookies.org/cookies/

##SSL

Name	URL
Qualys SSL Labs	https://www.ssllabs.com/ssltest/
Htbridge	https://www.htbridge.com/ssl/
SSLAnalyzer Comodoca	https://sslanalyzer.comodoca.com/
Freak	https://freakattack.com/
Heartbleed	http://heartbleed.com/,https://filippo.io/Heartbleed/
Logjam	https://weakdh.org/sysadmin.html
Poodle	https://poodle.io/,https://www.poodlescan.com/

##Tor resources

Name	URL
Tor Project	https://www.torproject.org/
Know exit nodes	https://check.torproject.org/exit-addresses
Tor status	https://torstatus.blutmagie.de/
Torsocks	https://gitweb.torproject.org/torsocks.git
Tor Hidden Services ".onion" search	http://www.ahmia.fi
Onion Mail	http://onionmail.info/
Tails	https://blog.torproject.org/blogs/tails

##Fun

Name	URL
Norse map	http://map.norsecorp.com/
Fire eye map	https://www.fireeye.com/cyber-map/threat-map.html
Kaspersky map	https://apt.securelist.com/
Eset map	http://www.virusradar.com/
DDoS attacks	http://www.digitalattackmap.com/
Submarine cable	http://lifewinning.com/submarine-cable-taps/
Flight radar	https://www.flightradar24.com