Wireless Geographic Logging Engine
This is a massive database of geo-located wireless networks, primarily Wi-Fi, compiled by community wardriving efforts. It's a goldmine for anyone needing to survey wireless infrastructure globally.
Security entries
subfinder
I use subfinder for fast, passive subdomain enumeration. It's highly optimized for speed and focuses solely on discovering valid subdomains via online sources, which it does exceptionally well.
OSINT Tools Directory
This is an OSINT tools directory. I find it useful for quickly locating resources based on data type, like email or domain, and filtering by cost, which streamlines open-source intelligence research.
TrustShare
TrustShare is a security questionnaire automation tool combined with a dynamic trust portal. It uses AI to pre-fill responses, leveraging an organization's GRC program and documentation, which I find critical for efficient SOC2 compliance and sales enablement.
Bypass Cloudflare
This article explains how to bypass Cloudflare's anti-bot measures, which is crucial for web scraping. It details detection techniques and offers methods from fortified headless browsers to reverse engineering challenges for reliable, high-volume data extraction.
Forcing a device to disconnect from WiFi using a deauthentication attack
This article details how to perform a deauthentication attack, essentially using "go away" packages to force devices off a WiFi network. It's a common method to disconnect targets from an access point.
Am I Unique
Am I Unique reveals the parameters of your device that contribute to browser fingerprinting, quantifying your browser's uniqueness based on HTTP headers and JavaScript attributes. It effectively demonstrates how trackable your device is.
HackTheBox
Hack The Box is an excellent online platform for hands-on cybersecurity training, providing virtual machines to exploit with increasing complexity to hone offensive and defensive skills.
FotoForensics
FotoForensics is a quick online tool for submitting images for forensic analysis, primarily for inspecting metadata and identifying potential manipulations. I find it useful for fast foto metadata checks.
Subfinder
Subfinder is a fast, passive subdomain discovery tool leveraging online sources. I've learned that finding subdomains this way is often more effective than relying on DNS lookups directly, as it's hard to get them that way.
MASSCAN: Mass IP port scanner
Masscan is a high-speed port scanner that implements its own TCP/IP stack, enabling it to scan the entire internet in under 10 minutes by bypassing the host's network stack. This makes it incredibly fast for large-scale network reconnaissance.
ModSecurity Core Rule Set
I use the OWASP Core Rule Set to automatically configure my WAF with generic attack detection rules. It's an essential layer for protecting web applications against the OWASP Top Ten with minimal false positives.
mitmproxy
mitmproxy is an open-source interactive HTTPS man-in-the-middle proxy. It's my go-to for debugging and testing SSL/TLS-protected web traffic, allowing interception, inspection, modification, and replay.
theHarvester
I find theHarvester a powerful OSINT tool for collecting emails, names, subdomains, and other intelligence during recon. It's effective for mapping a domain's external threat landscape.
Regexploit
Regexploit helps identify regular expressions vulnerable to Regular Expression Denial of Service (ReDoS). It detects patterns that can lead to catastrophic backtracking and provides example malicious strings to trigger such vulnerabilities, which is crucial for preventing DoS attacks.
Virustotal url scanner
I use VirusTotal's URL scanner to quickly check websites for viruses and malicious content. It leverages multiple antivirus engines to provide a consolidated report on potential threats.
Zed Attack Proxy
ZAP is an open-source toolsuite designed for inspecting website security. I use it as the world's most widely used web application scanner to identify vulnerabilities.
Universal Radio Hacker
URH is a robust suite for wireless protocol investigation, offering deep analysis with SDRs, from demodulation to fuzzing. It's an excellent tool for understanding and attacking RF protocols.
Cyper security virtual exscape room
This virtual cybersecurity escape room provides an interactive platform for practical security awareness. It's an EU-funded resource for learning common attack vectors and defense strategies.
ZAP
ZAP is my go-to open source web application scanner. It's essential for identifying vulnerabilities and ensuring I build more secure web apps.
Tink
Tink is a Google-developed, cross-platform, open source cryptographic library designed to provide secure, easy-to-use APIs. Note that this specific GitHub repository is archived and read-only, with active development having moved to github.com/tink-crypto.
pwn.college
pwn.college is an educational platform for hands-on cybersecurity skill development. It delves into core computing concepts to teach practical hacking, supported by ASU's curriculum and offered for free globally.
Questions & Answers
- What kind of security tools are listed in this category?
- This category lists tools for offensive security, such as subdomain enumeration with Subfinder and port scanning with Masscan, alongside defensive measures like WAF rule sets from ModSecurity Core Rule Set. It also includes resources for web application security testing like ZAP and OSINT research with the OSINT Tools Directory.
- Who is this security link list for?
- This list is designed for cybersecurity professionals, penetration testers, ethical hackers, and developers seeking practical tools and educational resources. It caters to those involved in security analysis, vulnerability identification, GRC, and hands-on skill development, exemplified by platforms like HackTheBox and pwn.college.
- What are some standout tools for web application security?
- For web application security, ZAP (Zed Attack Proxy) is a prominent open-source scanner for identifying vulnerabilities. Mitmproxy allows inspection and modification of HTTPS traffic, while the ModSecurity Core Rule Set provides robust WAF protection against common web attacks.
- Are there resources for open-source intelligence (OSINT) or reconnaissance?
- Yes, several entries focus on OSINT and reconnaissance. WiGLE.net provides a massive database of geo-located wireless networks, Subfinder and theHarvester are used for subdomain and information gathering, and the OSINT Tools Directory serves as a comprehensive resource for various OSINT tasks.
- What are some educational or training resources available here?
- For hands-on cybersecurity education, HackTheBox offers virtual machines for penetration testing, and pwn.college provides free curricula for practical hacking skills. Additionally, the Cyber security virtual escape room offers an interactive way to learn about common attack vectors and defense strategies.