Darknet Diaries – An excellent bi-weekly podcast about cybersecurity, hackers, the dark web, and much more.
Security Now – A weekly technical cybersecurity podcast (by GRC) over Video and Audio.
Grumpy Old Geeks – A weekly humor show on the cybersecurity and Internet theme. “What went wrong on the Internet and who is to blame!”
The Cyber Wire – A daily source of cyber news and IT careers.
The Social-Engineer Podcast – The title already talks for itself.
Virus Total – A website created by a cybersecurity company that has information about viruses, worms, malware, etc.
Alien Vault – Similar to Virus Total but claims to the a fully open threat intelligence community.
GrayNoise – It collects, analyzes, and labels data by IPs that scan the internet and saturate security tools with noise.
AntiScan and DynCheck – Free online multi-antivirus scanners.
GTmetrix – Designed to test the speed of loading a website, but also gives reports of the content and the percentage of each language used in it.
PageSpeed Insights – Creates reports on the performance of a page on both mobile and desktop devices, and provides suggestions on how that page may be improved.
Web.Dev – Test your pages in a lab environment, then get tips and recommendations to improve your user experience.
SEO SiteCheckup Supercharged analysis & monitoring tool for SEO (Search Engine Optimization).
IPv6 Test – Checks your IPv6 and IPv4 connectivity and speed, but can also test if your website (DNS and Host) is “IPv6 Ready”.
Security Header – Check the security header of a website.
Tor Browser – an encryption browser that uses relays and proxies all over the world to protect the privacy of users.
Tails Linux – a Linux distribution designed to forget everything during the shutdown.
Kali Linux – a Linux distribution designed to test the security of networks and systems.
Parrot OS – A lightweight but as powerful as Kali offensive distribution. It is based on Debian 13 and uses Plasma 6 with Wayland by default.
Pentest.WS – A collaborative interface to work with NMAP scans and Inventory + Vulnerabilities. Good tool for a Team CTF.
The PenTesters Framework – No matter the distribution, PTF is a toolset to easily install and keep all the most popular pentesting applications up-to-date all the time.
CrackStation – Free web password hash cracker and passwords list file to download called RealUniq with over 1.4 Bi entries.
TunnelsUp – a source of cybersecurity information and tools, including a web hash analyzer [Link].
SecLists – a collection of multiple types of lists (password lists, for example) used during security assessments, collected in one place.
Project RainbowCrack – a source of rainbow password lists. The huge list of passwords had already been cracked, and it is just a matter of cross-checking the hashes.
1.4 Billion Text Credentials Analysis (NLP) – Also available to download via Torrent.
BYOB – Framework to build and create command and control zombie bots (use only for educational purposes).
Eschalot – It is a tool to create a secure address for your service using the .onion domain in the Tor network.
Onion.ly – Tor2Web Proxy (try *****.onion.ly).
Sn1per – Automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Also able to run in a Docker [Link].
Nessus – Powerful Professional Scanner.
DVWA – Damn Vulnerable Web App is a PHP/MySQL web application that is damn vulnerable. Also available for Docker [Link].
IronWASP – An open-source tool used for web application vulnerability testing, crawling, and more.
ReconNess – It helps to run and keep all your reconnaissance in the same place, focusing on the potentially vulnerable targets.
Osmedeus – A collection of awesome tools for reconnaissance and vulnerability scanning against the target.
Netcat – A Tool for tunneling connections (transfer files, remote shell, etc).
CVE Details – Security Vulnerability Database.
Hunter – Information Gathering Pool for OSINT.
Metasploit Unleashed – Metasploit documentation manual.
Metasploitable – intentionally vulnerable target machine for exploitation exercises.
Veil-Evasion – Pentest Framework.
MSFvenom – A combination of Msfpayload and Msfencode in one Framework.
Armitage – Free graphic interface for MSF.
Cobalt Strike – Licensed graphic interface for MSF.
Empire – A Windows and macOS post-exploitation framework that includes a pure-PowerShell2.0 Windows agent, and a pure Python 2.6/2.7 Linux/OS X agent.
Jok3r – It is a framework that aids penetration testers for network infrastructure and web security assessments.
Exploit Database – An archive of public exploits and corresponding vulnerable software.
HackTheBox – An online platform allowing you to test your penetration testing skills.
VulnHub – Exercise hundreds of virtual machines with laboratory exercises already set up for vulnerability/penetration testing.
Command Challenge – Exercise commands and learn how to solve issues in the CLI.
picoCFT – Where you can compete or exercise using picoGym: a non-competitive practice space to explore and solve challenges from previously released picoCTF competitions.
DEFT Linux – DEFT (Digital Evidence & Forensic Toolkit) is a Ubuntu-based Live distribution dedicated to incident response and computer forensics.
python-cim – Forensics for analyzing WMI (events log).
Cloudflare – It is a free CDN (Content Delivery Network) and Web App Firewall that uses a network of proxies and offers optimization features such as caching, code optimization, and more.
OWASP Broken Web Application Project – It is a collection of vulnerable web applications that is distributed on a Virtual Machine in VMware format.
OWASP Web Goat – It allows developers to test vulnerabilities commonly found in Java-based applications that use common and popular open-source components.
OWASP Juice Shop – Contains vulnerabilities from the entire OWASP Top Ten, along with many other security flaws found in real-world applications.
JSON Web Token and JWT – Encodes and Decodes JSON Web Tokens.
Wappalyzer – It is a technology profiler that shows you what websites are built with.
Dan’s Tools – Epoch & Unix Timestamp Conversion Tools. See also the other tools for convert, encode/decode, format…
CyberChef – Online encryption and decryption tool.
Outline VPN – It is an open-source VPN that runs on Docker and was created by Google and other partners.
Shodan – A search engine for Internet-connected devices. Great OSINT source of available ports and what may be available in there. Also available on Kali CLI.
Censys – An Internet scanner similar to Shodan, but more focused on a specific address than random searches.
Wigle – A live map of all found wireless networks on the planet.
Spyse – Good database of port scans with fingerprints that may reveal OS and application versions.
Security Trails – One more database of port scans and domain information.
IntelligenceX – OSINT tool capable of retrieving information about data breaches, bitcoin addresses, domain information, and more.
Payloads All The Things – Huge collection of payloads of all types. Not only the list of payloads, but also a lot of instructions and exercises.
SQL Injection Payload List – Collection and instructions of exploits.
XXE Injection Payloads List – Collection and instructions of exploits.
XSS Payloads – Collection of XSS payloads.
SSL Server Test – Free web service to evaluate the SSL/TLS configuration of your web server.
Bad SSL – This website is a collection of crafted samples of non-compliant certificates for browser and client tests.
ONDMARC – Check the configuration of SPF and DKIM of a mail server.
ProtonMail – Encrypted and anonymous email provider.
Tutanota – Encrypted and anonymous email provider.
CoverYourTracks – Browser privacy tester from EFF ().
PrivacyTools.io – Provides services, tools, and knowledge to protect your privacy against global mass surveillance.
JustDeleteMe.xyz – A directory of direct links to delete your account from web services.
BuiltWith – Free web service to analyse what framework a website is of. Alternatively, check the browser extension called Wappalyzer [Link].
Transfer.sh – A CLI tool for uploading and downloading files to their free file sharing.
Static-Binaries – Contains a list of single executable files for performing multiple tasks (e.g., nmap, netcat…) with no installation needed.
Ollama – A single wrap for running LLMs like Llama 3.1, Phi 3, Mistral, Gemma 2, and other models.