Cybersecurity Tools Index

Disclaimer: I am neither affiliated with any of the below programs nor assume any liability towards anyone's use of the below tools and resources.

This is simply an aggregation of tools that I have found which I find useful and have used or plan to use in the future.

Searching/Scanning Tools:

• GitHound: Advanced Github searching tool.
• GoGhost: SMBGhost scanning tool.
• APKLeaks: APK scanning tool to search for secrets.

Active Directory Tools:

• ROADtools: Auzre AD enumeration tool.
• MacHound: Enumeration tool for relationships between AD and MacOS hosts.
• Azure AD Connect Dump: Toolkit to help extract and decrypt AD credentials.

Domain Enumeration Tools:

• reconFTW: Domain enumeration tool.
• assetfinder: Tool to find related domains from a given domain.
• waybackurls: Tool which fetches all URLs of a given domain which the Wayback Machine knows about.
• findcdn: Tool to find which CDN a domain is using, created by CISA.
• Pshtt: Domain enumeration tool designed by CISA.

Network/Web Tools:

• mapCIDR: CIDR range enumation tool.
• Aircrack-ng: Wifi auditing tool.
• h4rpy: Automated WPA/WPA2 attack tool.
• HTTP Probe: HTTP and HTTPS probing tool.
• Malcolm: Extensive network analysis tool designed by CISA.
• DNS Dumpster: DNS reconnaissance tool.
• Firesheep: Sidejacking utility Firefox extension.

Miscallaneous Enumeration Tools:

• WAFW00F: WAF detection tool.
• AutoRecon: Feature heavy enumeration tool.
• Wfuzz: Web fuzzer.
• Konan: Web directory and file brute force scanner.

Hardening Tools:

• JShielder: Hardening scripts for linux servers.
• Chrome Galvinizer: Chrome hardening tool.
• Virtual Box Hardened Loader: Virtual Box detection mitigation.

Hash Tools:

• Ciphey: Encryption/hash detection and decryption tool.
• Hash Buster: Hash cracking tool.
• Name That Hash: Hash format identifying tool.

OSINT Tools:

• MOSINT: Email OSINT tool.
• ProOSINT: ProtonMail account detection tool.
• linkedin2username: Linkedin OSINT tool which fetches all usernames of employees of a particular company.

List Collections:

• SecLists: Large collection of various lists.
• Leaky Paths: Lists of interesting URL paths and paths vulnerable to CVEs and misconfigurations.
• Payloads All The Things: Extensive list of payloads and bypasses for websec.

Miscallaenous:

• CSET: Cybersec infrastructure assessment tool made by CISA which directly includes numerous infrastrcuture security standards.
• Hacks: Large collection of individual scripts.
• Ghidra: Reverse engineering program designed by the NSA.
• ImHex: Feature heavy hex editor.
• CyberChef: Very extensive web toolkit of everything from small utilities to decryption tools created by the GCHQ.
• John the Ripper: Advanced offline password cracker.
• Cursed Chrome: Chrome extension that turns the victim's browser into a web proxy.
• PHP Reverse Shell: PHP reverse shell.
• Pi-Pwner: Pentesting suite deployer for Rasbian.
• Fake Sandbox Artifacts: Sandbox/VM simulator to trick any malware that checks if it is running inside of a VM or not.
• Telnet Logger: Telnet login logger.
• Gophish: Phishing toolkit.
• CallObfuscator: Windows API obfuscating tool.