Off-Sec: The domain with the offensive security scope, finding the weak points to expose and report on.
​
DNSdumpster
"DNSdumpster.com is a FREE domain research tool that can discover hosts related to a domain." 1
Non-Affiliate link: https://dnsdumpster.com/
Shodan Search Engine
"Shodan is the world's first search engine for Internet-connected devices. Discover how Internet intelligence can help you make better decisions." 1
Non-Affiliate link: https://www.shodan.io/
Wappalyzer
"Find out the technology stack of any website." 1
Non-Affiliate link: https://www.wappalyzer.com/
Base64 Decode
"Do you have to deal with Base64 format? Then this site is perfect for you! Use our super handy online tool to encode or decode your data." 1
Non-Affiliate link: https://www.base64decode.org/
0xRick's Blog/Stego
0xRick's security blog that has "A list of useful tools and resources" for steganography.1
Non-Affiliate link: https://0xrick.github.io/lists/stego/
Wappalyzer
"Find out the technology stack of any website." 1
Non-Affiliate link: https://www.wappalyzer.com/
Ettercap
"Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis." 1
Non-Affiliate link: https://www.ettercap-project.org/index.html
Bettercap
"The Swiss Army knife for WiFi, Bluetooth Low Energy, wireless HID hijacking and IPv4 and IPv6 networks reconnaissance and MITM attacks." 1
Non-Affiliate link: https://www.bettercap.org/
CrackStation
"CrackStation uses massive pre-computed lookup tables to crack password hashes." 1
Non-Affiliate link: https://crackstation.net/
Hashes.com
"Hashes.com is a hash lookup service. This allows you to input an MD5, SHA-1, Vbulletin, Invision Power Board, MyBB, Bcrypt, Wordpress, SHA-256, SHA-512, MYSQL5 etc hash and search for its corresponding plaintext ("found") in our database of already-cracked hashes." 1
Non-Affiliate link: https://hashes.com/en/decrypt/hash
Exploit Database
"The Exploit Database is maintained by OffSec, an information security training company that provides various Information Security Certifications as well as high end penetration testing services...The Exploit Database is a CVE compliant archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers." 1
Non-Affiliate link: https://www.exploit-db.com/
GTFOBins
"The project collects legitimate functions of Unix binaries that can be abused to get the f**k break out restricted shells, escalate or maintain elevated privileges, transfer files, spawn bind and reverse shells, and facilitate the other post-exploitation tasks." 1
Non-Affiliate link: https://gtfobins.github.io/
LOLBAS
"Living Off The Land Binaries, Scripts and Libraries" 1
Non-Affiliate link: https://lolbas-project.github.io/
Joe Sandbox
Gain the ability to sandbox malware in a controlled environment, with built-in deep analysis insights.
Non-Affiliate link: https://www.joesandbox.com/
sqlmap
"sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers." 1
Non-Affiliate link: https://sqlmap.org/
mimikatz
"mimikatz is a tool I've made to learn C and make somes experiments with Windows security.
It's now well known to extract plaintexts passwords, hash, PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash, pass-the-ticket or build Golden tickets." 1
Non-Affiliate link: https://github.com/gentilkiwi/mimikatz
= FREE OPT
= LOW COST
= MED COST
= HIGH COST
= CLOUD
= ON-PREM
Terms or Use