security-bookmarks
Collating the best online tools, repos, guides etc for Security.
Lots of other tools listed and updated at - GitHub Starred Repositories
| Name/Link | Description | Free? | Details |
|---|---|---|---|
| Abuse IPDB | Online DB to lookup abuse history from public IP’s | ✅ | |
| APNIC Whois Database | IP Range Lookup tool, useful for Range Details, Owner, Abuse, Authoritive Registry etc | ✅ | |
| Any Run | Interactive Malware Analysis Service | ☑️ | Free and paid tiers |
| AWS Windows AMI Version History | Reference page for AWS Windwos AMI’s and the changelog. | ✅ | |
| AWS IAM Policies in a Nutshell | Good readme and description on how to write IAM Policies | ✅ | |
| AUSNOG Archives | The go to place for the inside word on anything happening with Australian ISPs | ☑️ | Free to view, account required to post. |
| AlientVault OTX | Open Threat Exchange | ✅ | |
| badsite | Reference guide and live examples of weak or misconfigured HTTP headers etc | ✅ | |
| badssl | Reference guide and live examples of misconfigured HTTPs configuration | ✅ | |
| BGP Stats | Shows AS#’s, announcements, descriptions, looking glass links etc for public IP’s and their associated ISP’s | ✅ | |
| browserling | Live, interactive, cross-browser testing | ☑️ | Limited free options. |
| Browser Sandbox | Run any browser online, including Chrome, Firefox, IE 8, IE 9, IE 10, and IE 11, and more. | ☑️ | Limited free options. |
| BrowserShots | Input a URL a see a screenshot of it on many different browsers | ✅ | |
| Code Sandbox | Online, instant IDE and prototyping tool | ✅ | |
| Cipher List | Strong Ciphers for Apache, nginx and Lighttpd | ✅ | |
| Get Credit Card #’s | Generate a credit card formatted #. Can select vendor, # to generate and format. | ✅ | |
| Secure TLS Implementations | Current, updated secure standards for implementing TLS | ✅ | |
| CentralOps Network Tools | Several different online tools - domain check, NSLookup, TraceRoute etc | ✅ | |
| CrimeFlare | Reveal the IP DNS info of a domain before it was put behind CloudFlare | ✅ | |
| CVE Details | Lookup a CVE and associated details | ✅ | |
| CVSS Calculator (v3) | CVSS v3 Calculator | ✅ | |
| Cyber Chef | A simple, intuitive web app for analysing and decoding data without having to deal with complex tools or programming languages. CyberChef encourages both technical and non-technical people to explore data formats, encryption and compression. | ✅ | |
| Online Dig | Web Based Dig | ✅ | |
| Google Online Dig | Google Web Based Dig | ✅ | |
| Calc | Calculate HEX, DEC, OCT, BIN and set or clear bits directly. | ✅ | |
| Draw.io | When you need a decent looking Network or Architecture Diagram quickly | ✅ | |
| DMARC Wizard | Setup and genereate a basic DMARC Record | ✅ | |
| DNS Dumpster | DNS recon and research, find and lookup dns records | ✅ | |
| DNS Query | Run a huge rage of DNS Queries, in browser. | ✅ | |
| AnonMailer | Send emails, good to spoof, test SPF/DMARC/DKIM effectiveness etc | ✅ | |
| AWS EC2 Reachability Tester | Verify connectivity to all AWS Regions via a connectivity check to a EC2 Instance | ✅ | |
| Extend Class | ExtendsClass provides tools directly usable in a browser. It saves you from having to install add-ons to your browser in order to add features. | ✅ | |
| FreeDNS | Free DNS Name Server for private use | ✅ | |
| FTK Imager | FTK Imager and other Forensic Tools | ✅ | |
| GWhois | Another handy WHOIS tool and also bring in associated DNS Records | ✅ | |
| Hacker Target Tools | Online Vulnerability Scanners, IP and DNS Tools etc | ✅ | |
| HIBP | Check emails/domains for results in data breaches | ✅ | |
| HoneyBuckets | Setup HoneyBuckets (S3) to assist in data breach or suspicious activity | ✅ | |
| HoneyTokens | Setup HoneyTokens to assist in data breach or suspicious activity | ✅ | |
| HybridAnalysis | Sandbox Tooling powered by Crowdstrike Falcon Sandbox | ✅ | |
| Google HTTPs Cert Transparency | Google’s open framework to check HTTPs Certificates | ✅ | |
| GreyHat Warfare | Tool to search for Open Amazon s3 Buckets and their contents | ✅ | Are also paid plans for greater access |
| GreyNoise Visulizer | GNQL to Query, IP, Domains, Tags etc… | ✅ | Free and paid plans |
| Online HTTP Editor | Online HTTP Editor and References | ✅ | |
| HTTP Status Codes | Full list of HTTP Status codes and descriptions | ✅ | |
| IP Subnet Calculator | Calculate network class, IP address, subnet mask, subnet bits, mask bits, maximum required IP subnets and maximum required hosts per subnet. | ✅ | |
| IP Lookup | Good IP Lookup Tool | ✅ | |
| IP Lookup #2 | Another IP Lookup Tool | ✅ | |
| JWT Token Tool | JWT Encoder/Decoder | ✅ | |
| Jitsi | Jitsi Meeting Room - Free, No Plugins | ✅ | |
| Email Tester | Email Scoring and Metrics | ✅ | |
| MetaPicz | Online MetaData and EXIF Viewer | ✅ | |
| Morning Star Security | All the latest Security News | ✅ | |
| What’s my Public IP | Good tool to check your public NAT etc | ✅ | |
| IP Lookup | Another good IP Lookup Tool | ✅ | |
| NetCraft Site Report | Excellent tool for Website history, setup, architecture and Security best practice analysis | ✅ | |
| Network Tools | Good free list of online Network Tools - whois, ping, trace etc | ✅ | |
| Network Tools 2 | Free online network tools | ✅ | 50 credits every 24 hours |
| Norse | Norse Attack Map | ✅ | |
| One Time Secret | Share sensitive information that’s both simple and secure | ✅ | |
| OWASP Top 10 - 2017 | Wiki Page for the 2017 OWASP Top 10 | ✅ | |
| PenTest Tools | PenTest Tools - Black Book Tools - Info Gathering and Recon | ☑️ | Credit based system, initially free then payable if required. |
| PagerDuty Incident Response | Fantastic free resource for incident response | ✅ | |
| PCI Database | Useful for looking up unknown hardware or virtualised hardware devices | ✅ | |
| % Calculator | Calculate % of A, X is what % Y, increase/decrease | ✅ | |
| Port Check | Online Telnet, useful if you need to verify if a port is open to world | ✅ | |
| privnote | Need to send something securely? Self destructs | ✅ | |
| Privacy Tools | privacytools.io provides knowledge and tools to protect your privacy against global mass surveillance. | ✅ | |
| The Register Security | Reliable Security News Site | ✅ | |
| RegEx 101 | RegEx string tester | ✅ | |
| RegExr | Another RegEx cheat-sheet, editor and tool | ✅ | |
| Robtex | Robtex uses various sources to gather public information about IP numbers, domain names, host names, Autonomous systems, routes etc. It then indexes the data in a big database and provide free access to the data. | ✅ | |
| SafeLink | Send credit card numbers, important files, private messages in seconds. | ✅ | |
| Security Headers | HTTP response header and rating tool | ✅ | |
| Secure Password Generator | Use this online tool to generate a strong and random password | ✅ | |
| LastPass Secure Password Generator | Use the online LastPass Password Generator to instantly create a secure, random password. | ✅ | |
| Shodan | Shodan is a search engine for Internet-connected devices. | ☑️ | Limited free use, sign up for unrestricted access |
| Slackmojis | An unofficial* directory of the best custom slack emojis | ✅ | |
| SPF Policy Tester | Check your SPF policy for syntax errors to discover problems prior publishing. | ✅ | |
| SSH Client | Browser based SSH client | ✅ | |
| SSL Cert Diag Tool | Useful tool to locate the problem and verify your SSL Certificate installation. | ✅ | |
| SSL Decoder | This site checks the SSL/TLS configuration of a server. In shows you the full certificate chain, including all kinds of information about every certificate, as well as connection information like ciphersuites and protocol support. Fill in either host + port or paste a CSR/Certficiate. Port defaults to 443. | ✅ | |
| SSL Labs | Free online service performs a deep analysis of the configuration of any SSL web server on the public Internet | ✅ | |
| Standard Notes | Standard Notes is free to use on every platform, and comes standard with cross-platform sync and end-to-end privacy | ☑️ | Excellent free version, pay for extensions, 2FA etc. |
| Subnet Mask Cheatsheet | IPv4 Subnet Mask Cheat Sheet | ✅ | |
| Subnet Calculator | IP Subnet Mask Calculator enables subnet network calculations using network class, IP address, subnet mask, subnet bits, mask bits, maximum required IP subnets and maximum required hosts per subnet. | ✅ | |
| Talky | Urgent meeting? Security Incident you need to talk about ASAP, Talky is a great free, video conferncing and screen sharing tool | ✅ | |
| TCP/UDP Port #’s | This is a list of TCP and UDP port numbers used by protocols of the transport layer of the Internet protocol suite for the establishment of host-to-host connectivity. | ✅ | |
| Text Mechanic | Simple, single task, browser based, text manipulation tools. | ✅ | |
| TinyEye | Search by image and find where that image appears online | ✅ | |
| TLS Bible | Useful to check exact support levels of TLS | ✅ | |
| Touch Typing Tool | Learn Touch Typing for free! | ✅ | |
| TypeForm | Free, beautiful forms with great UX/UI | ✅ | |
| URL Query | Online service for detecting and analyzing web-based malware. | ✅ | |
| Report URI | Tools to analyse and monitor website security policies like CSP and HPKP. | ✅ | |
| URL Decoder | Handy for turning encoded JavaScript URLs from complete gibberish into readable gibberish. | ✅ | |
| URL Haus | URLhaus is a project from abuse.ch with the goal of sharing malicious URLs that are being used for malware distribution. | ✅ | |
| URL Scan | Scan and preview URL’s etc… | ✅ | |
| User Agent String | Tool to analyse and break down the User Agent String | ✅ | |
| Virus Total | Upload and scan a file to determine whether or not malicious. | ✅ | |
| ViewDNS | Useful tool if looking for domain takeover and DNS change history | ✅ | |
| Whats My DNS? | Verify DNS propagation or record information from multiple countries. | ✅ | |
| You Get Signal | The open port checker is a tool you can use to check your external IP address and detect open ports on your connection. | ✅ |