Helpful stuff

Меню:

DC20e6 Tools & etc

Разворачиваение коротких ссылок и получние аналитической информации
Reverse Shell Generator поможет сгенерировать Reverse Shell без поиска IP и PORT в этих однострочниках. Да, решили просто унифицировать и добавить JS ;)

Git Magic - это лучший, по моему мнению, учебник по контролю версий git
GitLab - бесплатный и хороший сервис контроля версий с pages, pipeline, CI, wiki и прочими ништяками
dvcs-ripper Rip web accessible (distributed) version control systems: SVN, GIT, Mercurial/hg, bzr, …
Gitleaks provides a way for you to find unencrypted secrets and other unwanted data types in git source code repositories.

KeyHacks shows ways in which particular API keys found on a Bug Bounty Program can be used, to check if they are valid.
Sn1per - is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities
WPScan WordPress Vulnerability Scanner
JoomScan OWASP Joomla Vulnerability Scanner Project

The Exploit Database - Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, Security Articles, Tutorials and more.
0day.today is the ultimate database of exploits and vulnerabilities and a great resource for vulnerability researchers and security professionals

Vulners - это очень большая и непрерывно обновляемая база данных ИБ-контента. Сайт позволяет искать уязвимости, эксплоиты, патчи, результаты bug bounty так же, как обычный поисковик ищет сайты. тут тоже очень круто про него написано
Shodan is the world’s first search engine for Internet-connected devices.
Censys is a search engine that allows computer scientists to ask questions about the devices and networks that compose the Internet.
GrayHatWarfare. Public buckets.
GreyNoise Visualizer

Metasplot World’s most used penetration testing software
Metasploitable is an intentionally vulnerable Linux virtual machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques.
Metasploit Unleashed by Offensive Security The ultimate guide to the Metasploit Framework

Burp Suite, the leading toolkit for web application security testing
OWASP Zed Attack Proxy(ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing.

OSINT tools list. On this page you’ll find tools which you can help do your OSINT reseach.
search.buzz.im — поиск в публичных каналах, группах. Покажет публичные сообщения пользователя
lyzem.com — поисковик аналогичный buzzim
Telegago — поиск в приватных и публичных каналов, группах, а так же в Telegraph статьях
HowToFind Bot Бот помощник по поиску в сфере OSINT. Подскажет техники и ресурсы.

Various Online Password Crackers Just a list of online (mostly) md5 crackers but some with do others.
HashKiller’s purpose is to serve as a meeting place for computer hobbyists, security researchers and penetration testers. It serves as a central location to promote greater security on the internet by demonstrating the weakness of using hash based storage / authentication.
GPUHASH.me - online WPA/WPA2 hash cracker.
xsrc.ru - Восстановление паролей от Wi-Fi из хендшейка
Wordlists sorted by probability originally created for password generation and testing

bettercap is the Swiss army knife for network attacks and monitoring.
Mitmproxy an interactive console program that allows traffic flows to be intercepted, inspected, modified and replayed. Написана на пятоне и, соответвенно, хорошо, что позволяет вертеть ее как угодно :)

Find Security Bugs for security audits of Java web applications.
Drozer Comprehensive security and attack framework for Android.
Inspeckage is a tool developed to offer dynamic analysis of Android applications. By applying hooks to functions of the Android API, Inspeckage will help you understand what an Android application is doing at runtime.

PayloadsAllTheThings A list of useful payloads and bypass for Web Application Security and Pentest/CTF
The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.
XSS payload for steal some data

Kali Linux представляет из себя дистрибутив, содержащий множество утилит для проведения тестирования на проникновение: от анализа уязвимостей веб-приложений, до взлома сетей и сервисов и закрепления в системе.
BackBox is more than an operating system, it is a Free Open Source Community project with the aim to promote the culture of security in IT environment and give its contribute to make it better and safer. All this using exclusively Free Open Source Software by demonstrating the potential and power of the community.
PentestBox не похож на другие security-дистрибутивы, которые работают на виртуальных машинах. Это архив с программами под Windows. Качаем, распаковывем и работаем.

Hakshop the premiere store of Hak5. Home to exclusive hacking equipment, award winning media and immersive information security training.
Great Scott Gadgets open source hardware for innovative people