{"id":669,"date":"2020-12-29T16:48:20","date_gmt":"2020-12-29T16:48:20","guid":{"rendered":"https:\/\/dft.wiki\/?p=669"},"modified":"2025-12-28T12:06:23","modified_gmt":"2025-12-28T17:06:23","slug":"cyber-security-sites-and-tools-you-need-to-know-about","status":"publish","type":"post","link":"https:\/\/dft.wiki\/?p=669","title":{"rendered":"Cyber Security Sites, Tools and Tips"},"content":{"rendered":"

Darknet Diaries<\/a> – An excellent bi-weekly podcast about cybersecurity, hackers, the dark web, and much more.<\/p>\n

Security Now<\/a> – A weekly technical cybersecurity podcast (by GRC<\/a>) over Video and Audio.<\/p>\n

Grumpy Old Geeks<\/a> – A weekly humor show on the cybersecurity and Internet theme. “What went wrong on the Internet and who is to blame!”<\/p>\n

The Cyber Wire<\/a> – A daily source of cyber news and IT careers.<\/p>\n

The Social-Engineer Podcast<\/a> – The title already talks for itself.<\/p>\n

Virus Total<\/a> – A website created by a cybersecurity company that has information about viruses, worms, malware, etc.<\/p>\n

Alien Vault<\/a> – Similar to Virus Total but claims to the a fully open threat intelligence community.<\/p>\n

GrayNoise<\/a> – It collects, analyzes, and labels data by IPs that scan the internet and saturate security tools with noise.<\/p>\n

AntiScan<\/a> and DynCheck<\/a> – Free online multi-antivirus scanners.<\/p>\n

GTmetrix<\/a> – Designed to test the speed of loading a website, but also gives reports of the content and the percentage of each language used in it.<\/p>\n

PageSpeed Insights<\/a> – Creates reports on the performance of a page on both mobile and desktop devices, and provides suggestions on how that page may be improved.<\/p>\n

Web.Dev<\/a> – Test your pages in a lab environment, then get tips and recommendations to improve your user experience.<\/p>\n

SEO SiteCheckup<\/a> Supercharged analysis & monitoring tool for SEO (Search Engine Optimization).<\/p>\n

IPv6 Test<\/a> – Checks your IPv6 and IPv4 connectivity and speed, but can also test if your website (DNS and Host) is “IPv6 Ready”.<\/p>\n

Security Header<\/a> – Check the security header of a website.<\/p>\n

Tor Browser<\/a> – an encryption browser that uses relays and proxies all over the world to protect the privacy of users.<\/p>\n

Tails Linux<\/a> – a Linux distribution designed to forget everything during the shutdown.<\/p>\n

Kali Linux<\/a> – a Linux distribution designed to test the security of networks and systems.<\/p>\n

Parrot OS<\/a> – A lightweight but as powerful as Kali offensive distribution. It is based on Debian 13 and uses Plasma 6 with Wayland by default.<\/p>\n

Pentest.WS<\/a> – A collaborative interface to work with NMAP scans and Inventory + Vulnerabilities. Good tool for a Team CTF.<\/p>\n

The PenTesters Framework<\/a> – No matter the distribution, PTF is a toolset to easily install and keep all the most popular pentesting applications up-to-date all the time.<\/p>\n

CrackStation<\/a> – Free web password hash cracker and passwords list file to download called RealUniq<\/strong> with over 1.4 Bi entries.<\/p>\n

TunnelsUp<\/a> – a source of cybersecurity information and tools, including a web hash analyzer [Link<\/a>].<\/p>\n

SecLists<\/a> – a collection of multiple types of lists (password lists, for example) used during security assessments, collected in one place.<\/p>\n

Project RainbowCrack<\/a> – a source of rainbow password lists. The huge list of passwords had already been cracked, and it is just a matter of cross-checking the hashes.<\/p>\n

1.4 Billion Text Credentials Analysis (NLP)<\/a> – Also available to download via Torrent.<\/p>\n

BYOB<\/a> – Framework to build and create command and control zombie bots (use only for educational purposes).<\/p>\n

Eschalot<\/a> – It is a tool to create a secure address for your service using the .onion domain in the Tor network.<\/p>\n

Onion.ly<\/a> – Tor2Web Proxy (try *****.onion.ly<\/strong>).<\/p>\n

Sn1per<\/a> – Automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Also able to run in a Docker [Link<\/a>].<\/p>\n

Nessus<\/a> – Powerful Professional Scanner.<\/p>\n

DVWA<\/a> – Damn Vulnerable Web App is a PHP\/MySQL web application that is damn vulnerable. Also available for Docker [Link<\/a>].<\/p>\n

IronWASP<\/a> – An open-source tool used for web application vulnerability testing, crawling, and more.<\/p>\n

ReconNess<\/a> – It helps to run and keep all your reconnaissance in the same place, focusing on the potentially vulnerable targets.<\/p>\n

Osmedeus<\/a> – A collection of awesome tools for reconnaissance and vulnerability scanning against the target.<\/p>\n

Netcat<\/a> – A Tool for tunneling connections (transfer files, remote shell, etc).<\/p>\n

CVE Details<\/a> – Security Vulnerability Database.<\/p>\n

Hunter<\/a> – Information Gathering Pool for OSINT.<\/p>\n

Metasploit Unleashed<\/a> – Metasploit documentation manual.<\/p>\n

Metasploitable<\/a> – intentionally vulnerable target machine for exploitation exercises.<\/p>\n

Veil-Evasion<\/a> – Pentest Framework.<\/p>\n

MSFvenom<\/a> – A combination of Msfpayload and Msfencode in one Framework.<\/p>\n

Armitage<\/a> – Free graphic interface for MSF.<\/p>\n

Cobalt Strike<\/a> – Licensed graphic interface for MSF.<\/p>\n

Empire<\/a> – A Windows and macOS post-exploitation framework that includes a pure-PowerShell2.0 Windows agent, and a pure Python 2.6\/2.7 Linux\/OS X agent.<\/p>\n

Jok3r<\/a> – It is a framework that aids penetration testers for network infrastructure and web security assessments.<\/p>\n

Exploit Database<\/a> – An archive\u00a0of public exploits and corresponding vulnerable software.<\/p>\n

HackTheBox<\/a> – An online platform allowing you to test your penetration testing skills.<\/p>\n

VulnHub<\/a> – Exercise hundreds of virtual machines with laboratory exercises already set up for vulnerability\/penetration testing.<\/p>\n

Command Challenge<\/a> – Exercise commands and learn how to solve issues in the CLI.<\/p>\n

picoCFT<\/a> – Where you can compete or exercise using picoGym: a non-competitive practice space to explore and solve challenges from previously released picoCTF competitions.<\/p>\n

DEFT Linux<\/a> – DEFT (Digital Evidence & Forensic Toolkit) is a Ubuntu-based Live distribution dedicated to incident response and computer forensics.<\/p>\n

python-cim<\/a> – Forensics for analyzing WMI (events log).<\/p>\n

Cloudflare<\/a> – It is a free CDN (Content Delivery Network) and Web App Firewall that uses a network of proxies and offers optimization features such as caching, code optimization, and more.<\/p>\n

OWASP Broken Web Application Project<\/a> – It is a collection of vulnerable web applications that is distributed on a Virtual Machine in VMware format.<\/p>\n

OWASP Web Goat<\/a> – It allows developers to test vulnerabilities commonly found in Java-based applications that use common and popular open-source components.<\/p>\n

OWASP Juice Shop<\/a> – Contains vulnerabilities from the entire OWASP Top Ten<\/a>, along with many other security flaws found in real-world applications.<\/p>\n

JSON Web Token<\/a> and JWT<\/a> – Encodes and Decodes JSON Web Tokens.<\/p>\n

Wappalyzer<\/a> – It is a technology profiler that shows you what websites are built with.<\/p>\n

Dan’s Tools<\/a> – Epoch & Unix Timestamp Conversion Tools. See also the other tools for convert, encode\/decode, format…<\/p>\n

CyberChef<\/a> – Online encryption and decryption tool.<\/p>\n

Outline VPN<\/a> – It is an open-source VPN that runs on Docker and was created by Google and other partners.<\/p>\n

Shodan<\/a> – A search engine for Internet-connected devices. Great OSINT source of available ports and what may be available in there. Also available on Kali CLI.<\/p>\n

Censys<\/a> – An Internet scanner similar to Shodan, but more focused on a specific address than random searches.<\/p>\n

Wigle<\/a> – A live map of all found wireless networks on the planet.<\/p>\n

Spyse<\/a> – Good database of port scans with fingerprints that may reveal OS and application versions.<\/p>\n

Security Trails<\/a> – One more database of port scans and domain information.<\/p>\n

IntelligenceX<\/a> – OSINT tool capable of retrieving information about data breaches, bitcoin addresses, domain information, and more.<\/p>\n

Payloads All The Things<\/a> – Huge collection of payloads of all types. Not only the list of payloads, but also a lot of instructions and exercises.<\/p>\n

SQL Injection Payload List<\/a> – Collection and instructions of exploits.<\/p>\n

XXE Injection Payloads List<\/a> – Collection and instructions of exploits.<\/p>\n

XSS Payloads<\/a> – Collection of XSS payloads.<\/p>\n

SSL Server Test<\/a> – Free web service to evaluate the SSL\/TLS configuration of your web server.<\/p>\n

Bad SSL<\/a> – This website is a collection of crafted samples of non-compliant certificates for browser and client tests.<\/p>\n

ONDMARC<\/a> – Check the configuration of SPF and DKIM of a mail server.<\/p>\n

ProtonMail<\/a> – Encrypted and anonymous email provider.<\/p>\n

Tutanota<\/a> – Encrypted and anonymous email provider.<\/p>\n

CoverYourTracks<\/a> – Browser privacy tester from EFF ().<\/p>\n

PrivacyTools.io<\/a> – Provides services, tools, and knowledge to protect your privacy against global mass surveillance.<\/p>\n

JustDeleteMe.xyz<\/a>\u00a0– A directory of direct links to delete your account from web services.<\/p>\n

BuiltWith<\/a> – Free web service to analyse what framework a website is of. Alternatively, check the browser extension called Wappalyzer [Link<\/a>].<\/p>\n

Transfer.sh<\/a> – A CLI tool for uploading and downloading files to their free file sharing.<\/p>\n

Static-Binaries<\/a> – Contains a list of single executable files for performing multiple tasks (e.g., nmap, netcat…) with no installation needed.<\/p>\n

Ollama<\/a> – A single wrap for running LLMs like Llama 3.1, Phi 3, Mistral, Gemma 2, and other models.<\/p>\n","protected":false},"excerpt":{"rendered":"

Darknet Diaries – An excellent bi-weekly podcast about cybersecurity, hackers, the dark web, and much […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[],"class_list":["post-669","post","type-post","status-publish","format-standard","hentry","category-hacking"],"_links":{"self":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts\/669","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=669"}],"version-history":[{"count":88,"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts\/669\/revisions"}],"predecessor-version":[{"id":5199,"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts\/669\/revisions\/5199"}],"wp:attachment":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=669"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=669"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=669"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}