🐧
Jackmeister
  • Welcome
  • Misc
    • Resources
    • Cybersecurity Terms You MUST KNOW
  • PG Play
    • Amaterasu
  • Hack The Box
    • Linux
      • Bashed
      • Beep
      • Sau
      • Trick
      • Knife
      • Love
      • Spectra
      • TheNotebook
      • Previse
      • Ophiuchi
      • Shocker
      • Bank
      • Keeper
      • Help
      • Cronos
      • Lame
    • Active Directory
      • Active
      • Forest
      • Timelapse
      • Sauna
    • HTB Register Form
  • TryHackMe
    • Red
    • Year of the Jellyfish
    • S1mple0nly b2r
    • Hermoso
    • This is so easy
    • Altair Network
    • road.thm
  • Platforms
    • Websites and Platforms
  • Tools
    • Hacking Tools
  • B2R template
Powered by GitBook
On this page
  • Ethical Hacking Resources
  • API Security Testing Resources
  • Python Resources
  • Cybersec YouTube channels
  • Cybersec Newsletters
  • Cybersec News
  • Cybersec Podcasts
  • Search Engines
  • 50 Cybersecurity Titles
  • Education
  • How To Guides & Tutorials
  • Videos
  • Reading
  • Podcasts
  • Bug Bounty Programs
  • Law
  • OSINT
  • Scanning
  • Cracking
  • Google Dorks
  • SQLi
  • Useful Github Resources
  • Organizations
  • Operating Systems
  • RSS Feeds
  1. Misc

Resources

Ethical Hacking Resources

  1. Root Me — Challenges.

  2. Stök's YouTube — Videos.

  3. Hacker101 Videos — Videos.

  4. InsiderPhD YouTube — Videos.

  5. EchoCTF — Interactive Learning.

  6. Vuln Machines — Videos and Labs.

  7. Try2Hack — Interactive Learning.

  8. Pentester Land — Written Content.

  9. Checkmarx — Interactive Learning.

  10. Cybrary — Written Content and Labs.

  11. RangeForce — Interactive Exercises.

  12. Vuln Hub — Written Content and Labs.

  13. TCM Security — Interactive Learning.

  14. HackXpert — Written Content and Labs.

  15. Try Hack Me — Written Content and Labs.

  16. OverTheWire — Written Content and Labs.

  17. Hack The Box — Written Content and Labs.

  18. CyberSecLabs — Written Content and Labs.

  19. Pentester Academy — Written Content and Labs.

  20. Bug Bounty Reports Explained YouTube — Videos.

  21. Web Security Academy — Written Content and Labs.

  22. Securibee's Infosec Resources — Written Content.

  23. Jhaddix Bug Bounty Repository — Written Content.

  24. Zseano's Free Bug Bounty Methodology — Free Ebook.

  25. Awesome AppSec GitHub Repository — Written Content.

  26. NahamSec's Bug Bounty Beginner Repository — Written Content.

  27. Kontra Application Security Training — Interactive Learning.

API Security Testing Resources

  • Video: Traceable AI, API Hacking 101.

  • Video: Katie Paxton-Fear, API Hacking.

  • Video: Bugcrowd, Bad API, hAPI Hackers.

  • Video: OWASP API Security Top 10 Webinar.

  • Blog: Detectify, How To Hack API's in 2021.

  • Blog: HackXpert, Let's build an API to hack.

  • Video: Bugcrowd, API Security 101 by Sadako.

  • Video: David Bombal, Free API Hacking Course.

  • Blog: Wallarm, How To Hack API In 60 Minutes.

  • Website: APIsecurity IO, API Security Articles.

  • Blog: Curity, The API Security Maturity Model.

  • Blog: Expedited Security, API Security MegaGuide.

  • Video: Grant Ongers, API Security Testing Workshop.

  • Videos: The XSS Rat, API Testing And Securing Guide.

  • Blog: APIsec OWASP API Security Top 10: A Deep Dive.

  • Podcast: We Hack Purple, API Security Best Practices.

  • Blog: Kontra Application Security, Owasp Top 10 for API.

  • Blog: Secure Delivery, OWASP API Top 10 CTF Walk-through.

  • Blog: SmartBear, How To Hack An API And Get Away With It.

  • Blog: Ping Identity, API Security: The Complete Guide 2022.

  • Video: SANS Offensive Operations, Analyzing OWASP API Security.

  • Blog: Bend Theory, Exploiting Unintended Functionality in API's.

  • Blog: Bright Security, Complete Guide to Threats, Methods & Tools.

Python Resources

  1. Think Python — Free Ebook

  2. Think Python 2e — Free Ebook

  3. A Byte of Python — Free Ebook

  4. Real Python — Online Platform

  5. Full Stack Python — Free Ebook

  6. freeCodeCamp — Online Platform

  7. Dive Into Python 3 — Free Ebook

  8. Practice Python — Online Platform

  9. The Python Guru — Online Platform

  10. The Coder's Apprentice — Free Ebook

  11. Python Principles — Online Platform

  12. Harvard's CS50 Python Video — Video

  13. Cracking Codes With Python — Free Ebook

  14. Learn Python, Break Python — Free Ebook

  15. Google's Python Class — Online Platform

  16. Python Like You Mean It — Online Platform

  17. Beyond the Basic Stuff with Python — Free Ebook

  18. Automate the Boring Stuff with Python — Free Ebook

  19. The Big Book of Small Python Projects — Free Ebook

  20. Python Tutorial for Beginners, Telusko — Free Videos

  21. Learn Python 3 From Scratch — Free Interactive Course

  22. Python Tutorial For Beginners, Edureka — Online Platform

  23. Microsoft's Introduction to Python Course — Online Platform

  24. Beginner's Guide to Python, Official Wiki — Online Platform

  25. Python for Everybody Specialization, Coursera — Online Platform

Cybersec YouTube channels

  1. Infosec Institute — Cybersecurity awareness.

  2. Black Hat — Technical cybersecurity conferences.

  3. Bugcrowd — Bug bounty methodology and interviews.

  4. InfoSec Live — Everything from tutorials to interviews.

  5. David Bombal — Everything cybersecurity related.

  6. Nahamsec — Educational hacking and bug bounty videos.

  7. Computerphile — Covers basic concepts and techniques.

  8. InsiderPHD — How to get started with bug bounty hunting.

  9. Security Weekly — Interviews with cybersecurity figures.

  10. John Hammond — Malware analysis, programming, and careers.

  11. Peter Yaworski — Web-application hacking tips and interviews.

  12. IppSec — Labs and capture-the-flag tutorials, HackTheBox etc.

  13. 13Cubed — Videos on tools, forensics, and incident response.

  14. HackerSploit — Penetration testing, web-application hacking.

  15. STÖK — Videos on tools, vulnerability analysis, and methodology.

  16. Security Now — Cybercrime news, hacking and web-application security.

  17. LiveOverflow — Involves hacking, write-up videos, and capture-the-flags.

  18. The Cyber Mentor — Ethical hacking, web-application hacking, and tools.

  19. Joe Collins — Everything Linux related, including tutorials and guides.

  20. Null Byte — Cybersecurity for ethical hackers, and computer scientists.

  21. The PC Security Channel — Windows security, malware news, and tutorials.

  22. Simply Cyber — Helps people with cybersecurity career development.

  23. Network Chuck — Everything cybersecurity related.

  24. BlackPerl — Malware analysis, forensics and incident response.

  25. Professor Messer — Guides covering certifications.

  26. Hak5 — General cybersecurity coverage.

Cybersec Newsletters

AdvisoryWeek — Security advisory roundups by major vendors.

We Live Security — Award-winning news, views and insights.

CSO Online — News, analysis and research on security and risk management.

tl;dr sec Newsletter — Tools, blog posts, conference talks and research.

Shift Security Left — Application security, architecture, and incidents.

Unsupervised Learning Community — Important cybersecurity stories.

Threatpost — Exploits, vulnerabilities, malware and cybersecurity.

Blockchain Threat Intelligence — Tools, events, threats.

Gov Info Security — Domestic and international governmental cybersecurity news.

AWS Security Digest — AWS security updates.

The Hacker News — Cybersecurity news.

Krebs On Security — Investigative cybersecurity journalism that's interesting.

This Week in 4n6 — DFIR updates.SecPro — Analysis of threats, attacks and tutorials.

Naked Security — How to protect yourself from attacks etc.

API Security Newsletter — API security news and vulnerabilities.

CyberSecNewsWeekly — Collection of news, articles and tools.

Zero Day — Stories about hackers, spies and cybercrime.

Schneier on Security —Cybersecurity news and opinions.

Hive Five Newsletter — Curated cybersecurity news.Graham Cluley — Cybersecurity news and opinions.

TripWire’s State of Security — Corporate cybersecurity news.

RTCSec — News around VOIP and WebRTC security.

Risky Biz — Analysis of big cyber stories.

Cybersec News

  1. IT Security Guru

  2. Security Weekly

  3. The Hacker News

  4. Infosecurity Magazine

  5. CSO Online

  6. The State of Security - Tripwire

  7. The Last Watchdog

  8. Naked Security

  9. Graham Cluley

  10. Cyber Magazine

  11. WeLiveSecurity

  12. Dark Reading

  13. Threatpost

  14. Krebs on Security

  15. Help Net Security

  16. HackRead

  17. SearchSecurity

  18. TechWorm

  19. GBHackers On Security

  20. The CyberWire

  21. Cyber Defense Magazine

  22. Hacker Combat

  23. Cybers Guards

  24. Cybersecurity Insiders

  25. Information Security Buzz

  26. The Security Ledger

  27. Security Gladiators

  28. Infosec Land

  29. Cyber Security Review

  30. Comodo News

  31. Internet Storm Center | SANS

  32. Daniel Miessler

  33. TaoSecurity

  34. Reddit

  35. All InfoSec News

  36. CVE Trends

  37. Securibee

  38. Twitter

  39. threatABLE

Cybersec Podcasts

  1. Cyber Work

  2. Click Here

  3. Defrag This

  4. Security Now

  5. InfoSec Real

  6. InfoSec Live

  7. Simply Cyber

  8. OWASP Podcast

  9. We Talk Cyber

  10. Risky Business

  11. Malicious Life

  12. Hacking Humans

  13. What The Shell

  14. Life of a CISO

  15. H4unt3d Hacker

  16. 2 Cyber Chicks

  17. The Hacker Mind

  18. Security Weekly

  19. Cyberside Chats

  20. Darknet Diaries

  21. CyberWire Daily

  22. Absolute AppSec

  23. Security in Five

  24. Smashing Security

  25. 401 Access Denied

  26. 7 Minute Security

  27. 8th Layer Insights

  28. Adopting Zero Trust

  29. Cyber Security Sauna

  30. The Cyberlaw Podcast

  31. Unsupervised Learning

  32. Naked Security Podcast

  33. Identity at the Center

  34. Breaking Down Security

  35. The Shellsharks Podcast

  36. The Virtual CISO Moment

  37. The Cyber Tap (cyberTAP)

  38. The Shared Security Show

  39. The Social-Engineer Podcast

  40. The 443 Security Simplified

  41. Adventures of Alice and Bob

  42. Cybersecurity Today by ITWC

  43. Crypto-Gram Security Podcast

  44. Open Source Security Podcast

  45. Hacker Valley Studio Podcast

  46. The Hacker Chronicles Podcast

  47. Task Force 7 Cyber Security Radio

  48. The Privacy, Security, & OSINT Show

  49. Cyber Security Headlines by the CISO Series

  50. SANS Internet Stormcenter Daily Cyber Podcast (Stormcast)

Search Engines

  1. Shodan—Search for devices connected to the internet.

  2. Wigle—Database of wireless networks, with statistics.

  3. Grep App—Search across a half million git repos.

  4. Binary Edge—Scans the internet for threat intelligence.

  5. ONYPHE—Collects cyber-threat intelligence data.

  6. GreyNoise—Search for devices connected to the internet.

  7. Censys—Assessing attack surface for internet connected devices.

  8. Hunter—Search for email addresses belonging to a website.

  9. Fofa—Search for various threat intelligence.

  10. ZoomEye—Gather information about targets.

  11. LeakIX—Search publicly indexed information.

  12. IntelligenceX—Search Tor, I2P, data leaks, domains, and emails.

  13. Netlas—Search and monitor internet connected assets.

  14. URL Scan—Free service to scan and analyse websites.

  15. PublicWWW—Marketing and affiliate marketing research.

  16. FullHunt—Search and discovery attack surfaces.

  17. CRT sh—Search for certs that have been logged by CT.

  18. Vulners—Search vulnerabilities in a large database. 19 Pulsedive—Search for threat intelligence.

  19. Packet Storm Security—Browse latest vulnerabilities and exploits.

  20. GrayHatWarefare—Search public S3 buckets.

50 Cybersecurity Titles

1. Application Security Administrator – Keep software / apps safe and secure.

2. Artificial Intelligence Security Specialist – Use AI to combat cybercrime.

3. Automotive Security Engineer – Protect cars from cyber intrusions.

4. Blockchain Developer / Engineer – Code the future of secure transactions.

5. Blue Team Member – Design defensive measures / harden operating systems.

6. Bug Bounty Hunter – Freelance hackers find defects and exploits in code.

7. Cybersecurity Scrum Master – Watch over and protect all data.

8. Chief Information Security Officer (CISO) – Head honcho of cybersecurity.

9. Chief Security Officer (CSO) – Head up all physical/info/cyber security.

10. Cloud Security Architect – Secure apps and data in the cloud.

11. Counterespionage analyst – Thwart cyber spies from hostile nation states.

12. Cryptanalyst – Decipher coded messages without a cryptographic key.

13. Cryptographer – Develop systems to encrypt sensitive information.

14. Cyber Insurance Policy Specialist – Consult on cyber risk and liability protection.

15. Cyber Intelligence Specialist – Analyze cyber threats and defend against them.

16. Cyber Operations Specialist – Conduct offensive cyberspace operations.

17. Cybercrime Investigator – Solve crimes conducted in cyberspace.

18. Cybersecurity Hardware Engineer – Develop security for computer hardware.

19. Cybersecurity Lawyer – Attorney focused on info/cyber security and cybercrime.

20. Cybersecurity Software Developer / Engineer – Bake security into applications.

21. Data Privacy Officer – Ensure legal compliance related to data protection.

22. Data Recovery Specialist – Recover hacked data from digital devices.

23. Data Security Analyst – Protect information on computers and networks.

24. Digital Forensics Analyst – Examine data containing evidence of cybercrimes.

25. Disaster Recovery Specialist – Plan for and respond to data and system catastrophes.

26. Ethical / White Hat Hacker – Perform lawful security testing and evaluation.

27. Governance Compliance & Risk (GRC) Manager – Oversee risk management.

28. IIoT (Industrial Internet of Things) Security Specialist – Protect industrial control systems.

29. Incident Responder – First response to cyber intrusions and data breaches.

30. Information Assurance Analyst – Identify risks to information systems.

31. Information Security Analyst – Plan and carry out infosecurity measures.

32. Information Security Manager / Director – Oversee an IT security team(s).

33. Intrusion Detection Analyst – Use security tools to find targeted attacks.

34. IoT (Internet of Things) Security Specialist – Protect network connected devices.

35. IT Security Architect – Implement network and computer security.

36. Malware Analyst – Detect and remediate malicious software.

37. Mobile Security Engineer – Implement security for mobile phones and devices.

38. Network Security Administrator – Secure networks from internal and external threats.

39. Penetration Tester (Pen-Tester) – Perform authorized and simulated cyberattacks.

40. PKI (Public Key Infrastructure) Analyst – Manage secure transfer of digital information.

41. Red Team Member – Participate in real-world cyberattack simulations.

42. SCADA (Supervisory control and data acquisition) Security Analyst – Secure critical infrastructures.

43. Security Auditor – Conduct audits on an organization’s information systems.

44. Security Awareness Training Specialist – Train employees on cyber threats.

45. Security Operations Center (SOC) Analyst – Coordinate and report on cyber incidents.

46. Security Operations Center (SOC) Manager – Oversee all SOC personnel.

47. Source Code Auditor – Analyze software code to find bugs, defects, and breaches.

48. Threat Hunter – Search networks to detect and isolate advanced threats.

49. Virus Technician – Detect and remediate computer viruses and malware.

50. Vulnerability Assessor – Find exploits in systems and applications.

Education

Classes (Free and Paid)

Certification Help

Professor Messer Videos

How To Guides & Tutorials

  • More coming soon

Videos

Reading

Podcasts

Bug Bounty Programs

Get paid to discover vulnerabilities and security issues.

Law

OSINT

Scanning

Cracking

Beginner Tutorial YouTube Videos

Cracking PASSWORD HASHES

ZIP & RAR files

Hashes

Passwords

Password & Wordlists (HTTP/HTTPS) - working as of 3/2022

WPA/WPA2

hashcat

Google Dorks

SQLi

  • SQLi Dumper

Useful Github Resources

Awesome Lists

Cracking & Bruteforce & Scanning

WordPress

Remote Administration & Payloads

Red Team

Maldocs

Phishing

Routers

Wifi

Shells

Internet of Things

Ransomware

Misc.

Organizations

Operating Systems

Privacy

Pentesting

Hosting

Android

Misc.

RSS Feeds

Technical Blogs

Less Technical Blogs

Social

News

Research

PreviousWelcomeNextCybersecurity Terms You MUST KNOW

Last updated 2 years ago

- Darknet Diaries produces audio stories specifically intended to capture, preserve, and explain the culture around hacking and cyber security in order to educate and entertain both technical and non-technical audiences.

- Join Dave Bittner and Joe Carrigan each week as they look behind the social engineering scams, phishing schemes, and criminal exploits that are making headlines and taking a heavy toll on organizations around the world.

- TechTV's Leo Laporte and I spend somewhat shy of two hours each week to discuss important issues of personal computer security. Sometimes we'll discuss something that just happened. Sometimes we'll talk about long-standing problems, concerns, or solutions. Either way, every week we endeavor to produce something interesting and important for every personal computer user.

- Modem Mischief is a true cybercrime podcast. Created, produced and hosted by Keith Korneluk.

- is a United States cybersecurity bill that was enacted in 1986 as an amendment to existing computer fraud law (18 U.S.C. § 1030), which had been included in the Comprehensive Crime Control Act of 1984. The law prohibits accessing a computer without authorization, or in excess of authorization. This is what the FBI is gunna use to bust your ass (or a conspiracy or wire fraud charge) if you fuck around and get caught. Read up about it. If you are busted, the FBI may pressure you into becoming a Confidential Human Source aka a snitch. Do not do it. Lawyer up!

- 1990 is a key piece of legislation that criminalizes the act of accessing or modifying data stored on a computer system without appropriate consent or permission.

- Extremely useful for finding alternative names and co-ordinates of places.

- A search engine for Facebook, built by Henk Van Ess.

- An advanced search for Twitter, which also allows you to search by date.

- Much better than normal Google Maps, make sure to check out the .

- Multi-source OSINT automation tool with a Web UI and report visualizations.

- Proprietary software for open source intelligence and forensics, from Paterva.

- chatter is a proof of concept osint monitoring telegram bot for windows (server, ideally) that monitors tweet content, reddit submission titles and 4chan post content for specific keywords - as well as phrases in quotation marks. it feeds content that is discovered to your telegram group in near real-time depending on your configuration. this is an early beta release with limited features.

- Hunt down social media accounts by username across social networks

- OpenDoor OWASP is console multifunctional web sites scanner. This application find all possible ways to login, index of/ directories, web shells, restricted access points, subdomains, hidden data and large backups.

- A high performance offensive security tool for reconnaissance and vulnerability scanning

- An advanced web directory & file scanning tool that will be more powerful than DirBuster, Dirsearch, cansina, and Yu Jian.一个高级web目录、文件扫描工具,功能将会强于DirBuster、Dirsearch、cansina、御剑。

- Dirhunt is a web crawler optimize for search and analyze directories. This tool can find interesting things if the server has the "index of" mode enabled. Dirhunt is also useful if the directory listing is not enabled. It detects directories with false 404 errors, directories where an empty index file has been created to hide things and much more.

Need help cracking a password hash? Try posting the hash to for help.

- HAT (Hashcat Automation Tool) - An Automated Hashcat Tool for common wordlists and rules to speed up the process of cracking hashes during engagements. Created for Linux based systems

- Version 2 is live! Wordlists sorted by probability originally created for password generation and testing - make sure your passwords aren't popular!

- These are REAL passwords.

- Files including dictionaries, encyclopedic lists and miscellaneous. Wordlists in this folder were not necessarily associated with the "password" label.

- Some routers have this naming scheme. 4.1G

- A long list of passwords from breaches with email pairs stripped. 1.3G.

- WPA wifi wordlist. 4.3G.

more lists from the above source @

(~14,300,000 words)

(~466,000 words)

(1.4GB)

(1.37GB - Compressed)

(4.2 GB)

(2.7 GB - Compressed)

(8.8 GB)

(48.4 GB)

(166.17 GB)

- Aircrack-ng is a complete suite of tools to assess WiFi network security.

- If you are planning to create a cracking rig for research purposes check out GPU hashcat benchmark table below.

- Automatic SQL injection and database takeover tool

- A curated list of amazingly awesome OSINT

- A curated list of awesome malware analysis tools and resources.

- A curated list of Capture The Flag (CTF) frameworks, libraries, resources, softwares and tutorials. This list aims to help starters as well as seasoned CTF players to find everything related to CTFs at one place.

- A curated list of awesome Hacking.

- A curated list of awesome honeypots, plus related components and much more, divided into categories such as Web, services, and others, with a focus on free and open source projects.

- A curated list of tools and resources for security incident response, aimed to help security analysts and DFIR teams.

- curated list of awesome resources, books, hardware, software, applications, people to follow, and more cool stuff about vehicle security, car hacking, and tinkering with the functionality of your car.

- Curated list of Web Security materials and resources.

- A curated list of awesome guides, tools, and other resources relating to the security and compromise of locks, safes, and keys.

- A collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.

- A curated list of resources for learning about application security. Contains books, websites, blog posts, and self-assessment quizzes.

- A collection of awesome software, libraries, documents, books, resources and cool stuff about security.

- A collection of awesome penetration testing resources, tools and other shiny things

- a subdomain brute forcing tool for windows

- Multi-threaded Instagram Brute Forcer without password limit

- a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use.

- WPScan is a free, for non-commercial use, black box WordPress Vulnerability Scanner written for security professionals and blog maintainers to test the security of their WordPress websites. Can be used to discover usernames and bruteforce logins.

- WPXF. A Ruby framework designed to aid in the penetration testing of WordPress systems.

- CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and over 180 other CMSs

- Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

- BYOB is an open-source project that provides a framework for security researchers and developers to build and operate a basic botnet to deepen their understanding of the sophisticated malware that infects millions of devices every year and spawns modern botnets, in order to improve their ability to develop counter-measures against these threats.

- Free, Open-Source Remote Administration Tool for Windows

- A Cross Platform multifunctional (Windows/Linux/Mac) RAT.

- TheFatRat is an exploiting tool which compiles a malware with famous payload, and then the compiled maware can be executed on Linux , Windows , Mac and Android. TheFatRat Provides An Easy way to create Backdoors and Payload which can bypass most anti-virus.

- This RAT will help someone during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends the information to an attacker as an e-mail attachment.

- Various Antivirus evasion tools

- Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.

- framework to rapidly implement custom droppers for all three major operating systems

- This is a tool developed in Python which uses the native Slack APIs to extract 'interesting' information from a Slack workspace given an access token.

- Empire 3.0 is a PowerShell and Python 3.x post-exploitation framework.

- Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.

- Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself.

- Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. Sliver's implants support C2 over Mutual TLS (mTLS), WireGuard, HTTP(S), and DNS and are dynamically compiled with per-binary asymmetric encryption keys.

- is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. It also handles various shortcuts formats. This tool can be used for red teaming, pentests, demos, and social engineering assessments. MacroPack will simplify antimalware solutions bypass and automatize the process from vb source to final Office document or other payload type.

- Open-Source Phishing Toolkit

- Educational Phishing Tool & Information Collector

- Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

- Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow, which allows to transparently proxy multi-domain destination traffic, both TLS and non-TLS, over a single domain, without a requirement of installing any additional certificate on the client. What does this exactly mean? In short, it simply has a lot of potential, that can be used in many use case scenarios.

- Super lightweight with many features and blazing fast speeds.

- The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly.

- Muraena is an almost-transparent reverse proxy aimed at automating phishing and post-phishing activities.

- The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices.

- MITM WPA attack toolset

- Count the number of people around you 👨‍👨‍👦 by monitoring wifi signals 📡

- The Rogue Access Point Framework

- Rewrite of the popular wireless network auditor, "wifite"

- Continuously jam all wifi clients and access points within range. The effectiveness of this script is constrained by your wireless card. Alfa cards seem to effectively jam within about a block radius with heavy access point saturation. Granularity is given in the options for more effective targeting.

- Capture handshakes of nearby WiFi networks automatically

- Pwnagotchi is an A2C-based “AI” powered by bettercap and running on a Raspberry Pi Zero W that learns from its surrounding WiFi environment in order to maximize the crackable WPA key material it captures (either through passive sniffing or by performing deauthentication and association attacks). This material is collected on disk as PCAP files containing any form of handshake supported by hashcat, including full and half WPA handshakes as well as PMKIDs.

- The Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM attacks.

- wifipumpkin3 is powerful framework for rogue access point attack, written in Python, that allow and offer to security researchers, red teamers and reverse engineers to mount a wireless network to conduct a man-in-the-middle attack.

- Common PHP shells is a collection of PHP webshells that you may need for your penetration testing (PT) cases or in a CTF challenge.

- This is a webshell collection project. This project covers various common scripts such as: asp, aspx, php, jsp, pl, py

- A tool for generating reverse shell payloads on the fly

- Set of tools for security testing of Internet of Things devices using protocols: AMQP, CoAP, DTLS, HTCPCP, mDNS, MQTT, MQTT-SN, QUIC, RTSP, SSDP.

- Ransomware, made for a demo on ransomware awareness and how easy it is to do. Encrypt every file in your Home and send the key to a remote server.

- The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext, APIs, custom algorithms, databases, etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software

- A framework for identifying and launching exploits against internal network hosts. Works via WebRTC IP enumeration, WebSocket host scanning, and external resource fingerprinting.

- is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems.

- The Amnesic Incognito Live System. Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship almost anywhere you go and on any computer but leaving no trace unless you ask it to explicitly.

- A High Security Method of Surfing the Internet. Whonix is a desktop operating system designed for advanced security and privacy.

- Qubes is a security-oriented, free and open-source operating system for personal computers that allows you to securely compartmentalize your digital life.

- - a Debian-derived Linux distribution designed for digital forensics and penetration testing.

- - a Linux distribution based on Debian with a focus on computer security. It is designed for penetration testing, vulnerability assessment and mitigation, computer forensics and anonymous web browsing.

- an Arch Linux-based penetration testing distribution for penetration testers and security researchers.

- The Universal Operating System

- FreeBSD is an operating system used to power modern servers, desktops, and embedded platforms.

- Ubuntu is an open source software operating system that runs from the desktop, to the cloud, to all your internet connected things.

- Fedora creates an innovative, free, and open source platform for hardware, clouds, and containers that enables software developers and community members to build tailored solutions for their users.

- a Linux distribution that provides a free, enterprise-class, community-supported computing platform functionally compatible with its upstream source, Red Hat Enterprise Linux (RHEL).

- - A free and open-source operating system for various devices, based on the Android mobile platform.

- - GrapheneOS is a privacy and security focused mobile OS with Android app compatibility.

- Linux Mint is an elegant, easy to use, up to date and comfortable GNU/Linux desktop distribution.

- Raspbian is a free operating system based on Debian optimized for the Raspberry Pi hardware.

Credit to

nedwill’s security blog - ()

Realmode Labs - Medium - ()

Hanno's blog - ()

Active Directory Security - ()

Mogozobo - ()

Jump ESP, jump! - ()

Carnal0wnage & Attack Research Blog - ()

gynvael.coldwind//vx.log (pl) - ()

Raelize - ()

DigiNinja - ()

enigma0x3 - ()

Randy Westergren - ()

ZeroSec - Adventures In Information Security - ()

Max Justicz - ()

Blog of Osanda - ()

ADD / XOR / ROL - ()

Intercept the planet! - ()

The Exploit Laboratory - ()

Linux Audit - ()

markitzeroday.com - ()

The Human Machine Interface - ()

Trail of Bits Blog - ()

F-Secure Labs - ()

Exodus Intelligence - ()

Diary of a reverse-engineer - ()

Sean Heelan's Blog - ()

Alex Chapman's Blog - ()

MKSB(en) - ()

pi3 blog - ()

Mozilla Attack & Defense - ()

Doyensec's Blog - ()

TRIOX - ()

secret club - ()

Va_start's Vulnerability Research - ()

Revers.engineering - ()

phoenhex team - ()

Rhino Security Labs - ()

Zero Day Initiative - Blog - ()

BlackArrow - ()

PortSwigger Research - ()

Praetorian Security Blog - ()

research.securitum.com - ()

Project Zero - ()

Corelan Team - ()

NCC Group Research - ()

Zeta-Two.com - ()

Grsecurity Blog RSS Feed - ()

Positive Technologies - learn and secure - ()

Alexander Popov - ()

Windows Internals Blog - ()

Tyranid's Lair (James Foreshaw) - ()

anti-virus rants - ()

Secureworks Blog - ()

Microsoft Security Response Center - ()

ColbaltStrike Blog - ()

CERT Blogs - ()

xorl %eax, %eax - ()

TRUESEC Blog - ()

The Daily Swig - ()

(IN)SECURE Magazine Notifications RSS - ()

Unit42 - ()

r2c website - ()

BREAKDEV - ()

Deeplinks - ()

SANS Internet Storm Center, InfoCON: green - ()

NotSoSecure - ()

TrustedSec - ()

Microsoft Security - ()

Zimperium Mobile Security Blog - ()

Bugcrowd - ()

codeblog - ()

Google Online Security Blog - ()

Mozilla Security Blog - ()

HackerOne - ()

Rendition Infosec - ()

Check Point Research - ()

Offensive Security - ()

Rapid7 Blog - ()

newest submissions : ExploitDev - ()

disclose.io - Latest topics - ()

newest submissions : netsec - ()

newest submissions : websecurityresearch - ()

newest submissions : ReverseEngineering - ()

newest submissions : lowlevel - ()

Wired - Security Latest - ()

News ≈ Packet Storm - ()

Naked Security - ()

The Hacker News - ()

ZDNet - Security - ()

Ars Technica - ()

Threatpost | The first stop for security news - ()

Krebs on Security - ()

Dark Reading: - ()

BleepingComputer - ()

arXiv Crypto and Security Papers -

IACR Transactions on Cryptographic Hardware and Embedded Systems - ()

Full Disclosure - ()

Files ≈ Packet Storm - ()

Udemy - Ethical Hacking
Udemy - Cyber Security
Udemy - Penetration Testing
Udemy - Kali Linux
Udemy - Metasploit
Cybrary - Free Hacking Training
Cybrary - ISC2 CISSP
Cybrary - WiFi Security: WEP, WPA, and WPA2
Cybrary - Ethical Hacking
HackerOne - Start Hacking
CompTIA Security+ Study Groups
CompTIA A+ Study Groups
CompTIA Network+ Study Groups
Tutorial: Is My Wireless Card Compatible?
Defeating a Laptop's BIOS Password
I'll Let Myself In: Tactics of Physical Pen Testers
You’re Probably Not Red Teaming... And Usually I’m Not, Either - SANS ICS 2018
BREAKING in BAD (I’m the one who doesn’t knock) - Jayson Street
DEFCON - The Full Documentary
DEF CON 17 - That Awesome Time I Was Sued For Two Billion Dollars
DEF CON 18 - Zoz - Pwned By The Owner: What Happens When You Steal A Hacker's Computer
DEF CON 18 - Chris Paget - Practical Cellphone Spying
DEF CON 19 - Deviant Ollam - Safe to Armed in Seconds
DEF CON 21 - ZOZ - Hacking Driverless Vehicles
DEF CON 22 - Metacortex and Grifter - Touring the Darkside of the Internet. An Introduction to Tor
DEF CON 22 - Deviant Ollam & Howard Payne - Elevator Hacking - From the Pit to the Penthouse
DEF CON 22 - Zoz - Don't Fuck It Up!
DEF CON 23 - Robinson and Mitchell - Knocking my neighbors kids cruddy drone offline
DEF CON 23 - Van Albert and Banks - Looping Surveillance Cameras through Live Editing
DEF CON 23 - Chris Rock - I Will Kill You
DEF CON 24 - Chris Rock - How to Overthrow a Government
DEF CON 24 - Weston Hecker - Hacking Hotel Keys and Point of Sale Systems
DEF CON 24 - int0x80 - Anti Forensics AF
DEF CON 25 - Roger Dingledine - Next Generation Tor Onion Services
DEF CON 26 - smea - Jailbreaking the 3DS Through 7 Years of Hardening
2600
Phrack
Darknet Diaries
Hacking Humans
Security Now
Modem Mischief Podcast
Bugcrowd
HackerOne
Zerodium
Facebook
Github
Google
Intel
Microsoft
HP
Mozilla
Computer Fraud and Abuse Act (CFAA) - US
Computer Misuse Act 1990 - UK
Bellingcat’s OSINT Toolkit
Geonames
Who Posted What
Twitter Advanced Search
Google Earth Pro
historic imagery function
Guide To Using Reverse Image Search For Investigations
A Beginner’s Guide To Flight Tracking
How To Tell Stories: A Beginner’s Guide For Open Source Researchers
How To Use Google Earth’s Three Dimensional View: Feat. Syria, Yemen, Sudan
Spiderfoot
Maltego
chatter
Sherlock
OpenDoor
Raccoon
dirmap
dirhunt
/r/crackthis
Hashcat Beginner's guide to cracking MD5 hashes with the Rockyou wordlist
How to use Hashcat on Windows 10
How To Crack ZIP & RAR Files With Hashcat
Password Hacking | Cracking RAR & ZIP Files with Hashcat
Hash Killer
Crackstation
OnlineHashCrack
GPUHash.me
Hashes.com
hashcat
HAT
John The Ripper
SentryMBA
Open Bullet
SNIPR
Probable Wordlists - Version 2.0
Real Passwords
Dictionary-Style Lists
NetgearKiller.dict - my Netgear WPA dict
https://download.g0tmi1k.com/wordlists/wifi/
https://github.com/soxrok2212/PSKracker/tree/master/dicts
https://github.com/kennyn510/wpa2-wordlists
https://github.com/danielmiessler/SecLists/tree/master/Passwords
adjective_noun_3_digits_router.lst.gz
breachcompletion_no_emails.lst.gz
super_wpa.lst.gz
https://oxagast.org/wordlists/
https://wiki.skullsecurity.org/Passwords
https://github.com/xajkep/wordlists
https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt
https://github.com/dwyl/english-words/blob/master/words.txt
http://storage.aircrack-ng.org/users/PsycO/PsycOPacKv2.rar
http://www.mediafire.com/file/9tf3n2d45tgktq1/Rocktastic12a.7z/file
https://crackstation.net/files/crackstation-human-only.txt.gz
https://crackstation.net/crackstation-wordlist-password-cracking-dictionary.htm
https://download.g0tmi1k.com/wordlists/large/
https://download.g0tmi1k.com/wordlists/large/sp00ks_merged_file_uniq.7z
https://download.g0tmi1k.com/wordlists/large/10-million-combos.zip
https://download.g0tmi1k.com/wordlists/large/36.4GB-18_in_1.lst.7z
http://download1568.mediafire.com/yuh4jmehecwg/8oazhwqzexid771/WordlistBySheez_v8.7z
Aircrack-ng
Cracking my first WPA2 password!
Cracking WPA/WPA2 with hashcat
Practical WPA2 Attacks on NETGEAR Routers
Hashcat GPU benchmarking table for Nvidia & AMD (WPA2 hashes)
Hashcat Cheatsheet for OSCP
hashcat - Howtos, Videos, Papers, Articles, etc. in the wild
Google Hacking Database
sqlmap
Awesome OSINT
Awesome Malware Analysis
Awesome CTF
Awesome Hacking
Awesome Honeypots
Awesome Incident Response
Awesome Vehicle Security
Awesome Web Security
Awesome Lockpicking
Awesome Cybersecurity Blue Team
Awesome AppSec
Awesome Security
Awesome Pentest
Subdomain bruteforce
Instashell
Nuclei
WPScan
WordPress Exploit Framework
CMSeeK
pupy
BYOB (Build Your Own Botnet)
QuasarRAT
SillyRAT
TheFatRat
Powershell RAT
Antivirus Evasion
UACMe
Genesis Scripting Engine (gscript)
SlackPirate
Empire
https://github.com/RoseSecurity/Red-Teaming-TTPs
seatbelt
Impacket
Sliver
MacroPock
Gophish
SocialFish
Evilginx2
Modlishka
BlackPhish
The Social Engineer Toolkit (SET)
Muraena
RouterSploit
Fluxion
howmanypeoplearearound
Wifiphisher
wifite2
wifijammer
hashcatch
pwnagotchi
bettercap
Wifipumpkin3
ShellPop
Reverse Shell Cheat Sheet
PHP Webshells
Webshells
Lazypariah
Cotopaxi
Demonware
LaZagne
Lazy script
Sonar.js
GTFOBins
The Tor Project
Electronic Frontier Foundation
TOOOL - The Open Organisation Of Lockpickers
Tails
Whonix
QubesOS
Kali Linux
/r/KaliLinux
Parrot OS
/r/ParrotOS
BlackArch
Debian
FreeBSD
Ubuntu
Fedora
CentOS
Windows Server 2019
LineageOS
/r/lineageos
GrapheneOS
/r/GrapheneOS
Mint
Rasberrian
u/PM_ME_YOUR_SHELLCODE
https://nedwill.github.io/blog/feed.xml
https://nedwill.github.io/blog/
https://medium.com/feed/realmodelabs
https://medium.com/realmodelabs
https://blog.hboeck.de/feeds/index.rss2
https://blog.hboeck.de/
https://adsecurity.org/?feed=rss2
https://adsecurity.org
https://www.mogozobo.com/?feed=rss2
https://www.mogozobo.com
https://jumpespjump.blogspot.com/feeds/posts/default
https://jumpespjump.blogspot.com/
http://carnal0wnage.attackresearch.com/feeds/posts/default
http://carnal0wnage.attackresearch.com/
http://feeds.feedburner.com/GynvaelColdwindPL
https://gynvael.coldwind.pl/
https://raelize.com/posts/index.xml
https://raelize.com/posts/
https://digi.ninja/rss.xml
https://digi.ninja/rss.xml
https://enigma0x3.net/feed/
https://enigma0x3.net
https://randywestergren.com/feed/
https://randywestergren.com
https://blog.zsec.uk/rss/
https://blog.zsec.uk/
https://justi.cz/feed.xml
https://justi.cz
https://osandamalith.com/feed/
https://osandamalith.com
http://addxorrol.blogspot.com/feeds/posts/default
http://addxorrol.blogspot.com/
https://intercepter-ng.blogspot.com/feeds/posts/default
https://intercepter-ng.blogspot.com/
https://blog.exploitlab.net/feeds/posts/default
https://blog.exploitlab.net/
https://linux-audit.com/feed/
https://linux-audit.com
https://markitzeroday.com/feed.xml
https://markitzeroday.com/
https://h0mbre.github.io/feed.xml
https://h0mbre.github.io/
https://blog.trailofbits.com/feed/
https://blog.trailofbits.com
https://labs.f-secure.com/blog/rss.xml
https://labs.f-secure.com/blog/
https://blog.exodusintel.com/feed/
https://blog.exodusintel.com
https://doar-e.github.io/feeds/rss.xml
https://doar-e.github.io/
https://sean.heelan.io/feed/
https://sean.heelan.io
https://ajxchapman.github.io/feed.xml
https://ajxchapman.github.io/
https://mksben.l0.cm/feeds/posts/default?alt=rss
https://mksben.l0.cm/
http://blog.pi3.com.pl/?feed=rss2
http://blog.pi3.com.pl
https://blog.mozilla.org/attack-and-defense/feed/
https://blog.mozilla.org/attack-and-defense
https://blog.doyensec.com/atom.xml
https://blog.doyensec.com//
https://trioxsecurity.com/feed/
https://trioxsecurity.com
https://secret.club/feed.xml
https://secret.club/
https://blog.vastart.dev/feeds/posts/default
https://blog.whtaguy.com/
https://revers.engineering/feed/
https://revers.engineering
https://phoenhex.re/feed.xml
https://phoenhex.re/
https://rhinosecuritylabs.com/feed/
https://rhinosecuritylabs.com
https://www.zerodayinitiative.com/blog?format=rss
https://www.thezdi.com/blog/
https://www.blackarrow.net/feed/
https://www.blackarrow.net
https://portswigger.net/research/rss
https://portswigger.net/research
https://www.praetorian.com/blog/rss.xml
https://www.praetorian.com
https://research.securitum.com/feed/
https://research.securitum.com
http://googleprojectzero.blogspot.com/feeds/posts/default
https://googleprojectzero.blogspot.com/
https://www.corelan.be/index.php/feed/
https://www.corelan.be
https://research.nccgroup.com/feed/
https://research.nccgroup.com
https://zeta-two.com/feed.xml
https://zeta-two.com/
https://grsecurity.net/blog.rss
https://www.grsecurity.net/blog.rss
http://feeds.feedburner.com/positiveTechnologiesResearchLab
http://blog.ptsecurity.com/
https://a13xp0p0v.github.io/feed.xml
https://a13xp0p0v.github.io/
https://windows-internals.com/feed/
https://windows-internals.com
https://www.tiraniddo.dev/feeds/posts/default
https://www.tiraniddo.dev/
http://feeds.feedburner.com/Anti-virusRants
http://anti-virus-rants.blogspot.com/
https://www.secureworks.com/rss?feed=blog
https://www.secureworks.com/blog
https://msrc-blog.microsoft.com/feed/
https://msrc-blog.microsoft.com
https://blog.cobaltstrike.com/feed/
https://blog.cobaltstrike.com
https://insights.sei.cmu.edu/cert/atom.xml
https://insights.sei.cmu.edu/cert/
https://xorl.wordpress.com/feed/
https://xorl.wordpress.com
https://blog.truesec.com/feed/
https://blog.truesec.com
https://portswigger.net/daily-swig/rss
https://portswigger.net/daily-swig
http://feeds.feedburner.com/insecuremagazine
http://www.insecuremag.com
http://feeds.feedburner.com/Unit42
https://unit42.paloaltonetworks.com
https://r2c.dev/rss.xml
https://r2c.dev
https://feeds.feedburner.com/breakdev
https://breakdev.org/
https://www.eff.org/rss/updates.xml
https://www.eff.org/rss/updates.xml
https://isc.sans.edu/rssfeed_full.xml
https://isc.sans.edu
https://notsosecure.com/feed/
https://notsosecure.com
https://www.trustedsec.com/feed/
https://www.trustedsec.com
https://www.microsoft.com/security/blog/feed/
https://www.microsoft.com/security/blog
https://blog.zimperium.com/feed/
https://blog.zimperium.com
https://www.bugcrowd.com/feed/
https://www.bugcrowd.com
https://outflux.net/blog/feed/
https://outflux.net/blog
https://security.googleblog.com/feeds/posts/default
http://security.googleblog.com/
https://blog.mozilla.org/security/feed/
https://blog.mozilla.org/security
https://www.hackerone.com/blog.rss
https://www.hackerone.com/
https://blog.renditioninfosec.com/feed/
https://blog.renditioninfosec.com
https://research.checkpoint.com/feed/
https://research.checkpoint.com
https://www.offensive-security.com/feed/
https://www.offensive-security.com
https://blog.rapid7.com/rss/
https://blog.rapid7.com/
https://www.reddit.com/r/exploitdev/new.rss
https://www.reddit.com/r/exploitdev/new
https://community.disclose.io/latest.rss
https://community.disclose.io/latest
https://www.reddit.com/r/netsec/new.rss
https://www.reddit.com/r/netsec/new
https://www.reddit.com/r/websecurityresearch/new.rss
https://www.reddit.com/r/websecurityresearch/new
https://www.reddit.com/r/ReverseEngineering/new.rss
https://www.reddit.com/r/ReverseEngineering/new
https://www.reddit.com/r/lowlevel/new.rss
https://www.reddit.com/r/lowlevel/new
https://www.wired.com/feed/category/security/latest/rss
https://www.wired.com/category/security/latest
https://rss.packetstormsecurity.com/news/
https://packetstormsecurity.com/
https://nakedsecurity.sophos.com/feed
https://nakedsecurity.sophos.com
http://www.thehackernews.com/feeds/posts/default
https://thehackernews.com/
http://www.zdnet.com/topic/security/rss.xml
https://www.zdnet.com/
http://feeds.arstechnica.com/arstechnica/index/
https://arstechnica.com
http://threatpost.com/feed/
https://threatpost.com
http://krebsonsecurity.com/feed/atom/
https://krebsonsecurity.com
http://www.darkreading.com/rss_simple.asp
https://www.darkreading.com
http://www.bleepingcomputer.com/feed/
https://www.bleepingcomputer.com/
http://export.arxiv.org/api/query?search_query=cat:cs.CR&sortBy=submittedDate&sortOrder=descending&max_results=50
https://tches.iacr.org/index.php/TCHES/gateway/plugin/WebFeedGatewayPlugin/atom
https://tches.iacr.org/index.php/TCHES
http://seclists.org/rss/fulldisclosure.rss
http://seclists.org/#fulldisclosure
https://rss.packetstormsecurity.com/files/
https://packetstormsecurity.com/