Skip to the content.




Collating the best online tools, repos, guides etc for Security.

Lots of other tools listed and updated at - GitHub Starred Repositories

Name/Link Description Free? Details
Abuse IPDB Online DB to lookup abuse history from public IP’s  
APNIC Whois Database IP Range Lookup tool, useful for Range Details, Owner, Abuse, Authoritive Registry etc  
Any Run Interactive Malware Analysis Service ☑️ Free and paid tiers
AWS Windows AMI Version History Reference page for AWS Windwos AMI’s and the changelog.  
AWS IAM Policies in a Nutshell Good readme and description on how to write IAM Policies  
AUSNOG Archives The go to place for the inside word on anything happening with Australian ISPs ☑️ Free to view, account required to post.
AlientVault OTX Open Threat Exchange  
badsite Reference guide and live examples of weak or misconfigured HTTP headers etc  
badssl Reference guide and live examples of misconfigured HTTPs configuration  
BGP Stats Shows AS#’s, announcements, descriptions, looking glass links etc for public IP’s and their associated ISP’s  
browserling Live, interactive, cross-browser testing ☑️ Limited free options.
Browser Sandbox Run any browser online, including Chrome, Firefox, IE 8, IE 9, IE 10, and IE 11, and more. ☑️ Limited free options.
BrowserShots Input a URL a see a screenshot of it on many different browsers  
Code Sandbox Online, instant IDE and prototyping tool  
Cipher List Strong Ciphers for Apache, nginx and Lighttpd  
Get Credit Card #’s Generate a credit card formatted #. Can select vendor, # to generate and format.  
Secure TLS Implementations Current, updated secure standards for implementing TLS  
CentralOps Network Tools Several different online tools - domain check, NSLookup, TraceRoute etc  
CrimeFlare Reveal the IP DNS info of a domain before it was put behind CloudFlare  
CVE Details Lookup a CVE and associated details  
CVSS Calculator (v3) CVSS v3 Calculator  
Cyber Chef A simple, intuitive web app for analysing and decoding data without having to deal with complex tools or programming languages. CyberChef encourages both technical and non-technical people to explore data formats, encryption and compression.  
Online Dig Web Based Dig  
Google Online Dig Google Web Based Dig  
Calc Calculate HEX, DEC, OCT, BIN and set or clear bits directly. When you need a decent looking Network or Architecture Diagram quickly  
DMARC Wizard Setup and genereate a basic DMARC Record  
DNS Dumpster DNS recon and research, find and lookup dns records  
DNS Query Run a huge rage of DNS Queries, in browser.  
AnonMailer Send emails, good to spoof, test SPF/DMARC/DKIM effectiveness etc  
AWS EC2 Reachability Tester Verify connectivity to all AWS Regions via a connectivity check to a EC2 Instance  
Extend Class ExtendsClass provides tools directly usable in a browser. It saves you from having to install add-ons to your browser in order to add features.  
FreeDNS Free DNS Name Server for private use  
FTK Imager FTK Imager and other Forensic Tools  
GWhois Another handy WHOIS tool and also bring in associated DNS Records  
Hacker Target Tools Online Vulnerability Scanners, IP and DNS Tools etc  
HIBP Check emails/domains for results in data breaches  
HoneyBuckets Setup HoneyBuckets (S3) to assist in data breach or suspicious activity  
HoneyTokens Setup HoneyTokens to assist in data breach or suspicious activity  
HybridAnalysis Sandbox Tooling powered by Crowdstrike Falcon Sandbox  
Google HTTPs Cert Transparency Google’s open framework to check HTTPs Certificates  
GreyHat Warfare Tool to search for Open Amazon s3 Buckets and their contents Are also paid plans for greater access
GreyNoise Visulizer GNQL to Query, IP, Domains, Tags etc… Free and paid plans
Online HTTP Editor Online HTTP Editor and References  
HTTP Status Codes Full list of HTTP Status codes and descriptions  
IP Subnet Calculator Calculate network class, IP address, subnet mask, subnet bits, mask bits, maximum required IP subnets and maximum required hosts per subnet.  
IP Lookup Good IP Lookup Tool  
IP Lookup #2 Another IP Lookup Tool  
JWT Token Tool JWT Encoder/Decoder  
Jitsi Jitsi Meeting Room - Free, No Plugins  
Email Tester Email Scoring and Metrics  
MetaPicz Online MetaData and EXIF Viewer  
Morning Star Security All the latest Security News  
What’s my Public IP Good tool to check your public NAT etc  
IP Lookup Another good IP Lookup Tool  
NetCraft Site Report Excellent tool for Website history, setup, architecture and Security best practice analysis  
Network Tools Good free list of online Network Tools - whois, ping, trace etc  
Network Tools 2 Free online network tools 50 credits every 24 hours
Norse Norse Attack Map  
One Time Secret Share sensitive information that’s both simple and secure  
OWASP Top 10 - 2017 Wiki Page for the 2017 OWASP Top 10  
PenTest Tools PenTest Tools - Black Book Tools - Info Gathering and Recon ☑️ Credit based system, initially free then payable if required.
PagerDuty Incident Response Fantastic free resource for incident response  
PCI Database Useful for looking up unknown hardware or virtualised hardware devices  
% Calculator Calculate % of A, X is what % Y, increase/decrease  
Port Check Online Telnet, useful if you need to verify if a port is open to world  
privnote Need to send something securely? Self destructs  
Privacy Tools provides knowledge and tools to protect your privacy against global mass surveillance.  
The Register Security Reliable Security News Site  
RegEx 101 RegEx string tester  
RegExr Another RegEx cheat-sheet, editor and tool  
Robtex Robtex uses various sources to gather public information about IP numbers, domain names, host names, Autonomous systems, routes etc. It then indexes the data in a big database and provide free access to the data.  
SafeLink Send credit card numbers, important files, private messages in seconds.  
Security Headers HTTP response header and rating tool  
Secure Password Generator Use this online tool to generate a strong and random password  
LastPass Secure Password Generator Use the online LastPass Password Generator to instantly create a secure, random password.  
Shodan Shodan is a search engine for Internet-connected devices. ☑️ Limited free use, sign up for unrestricted access
Slackmojis An unofficial* directory of the best custom slack emojis  
SPF Policy Tester Check your SPF policy for syntax errors to discover problems prior publishing.  
SSH Client Browser based SSH client  
SSL Cert Diag Tool Useful tool to locate the problem and verify your SSL Certificate installation.  
SSL Decoder This site checks the SSL/TLS configuration of a server. In shows you the full certificate chain, including all kinds of information about every certificate, as well as connection information like ciphersuites and protocol support. Fill in either host + port or paste a CSR/Certficiate. Port defaults to 443.  
SSL Labs Free online service performs a deep analysis of the configuration of any SSL web server on the public Internet  
Standard Notes Standard Notes is free to use on every platform, and comes standard with cross-platform sync and end-to-end privacy ☑️ Excellent free version, pay for extensions, 2FA etc.
Subnet Mask Cheatsheet IPv4 Subnet Mask Cheat Sheet  
Subnet Calculator IP Subnet Mask Calculator enables subnet network calculations using network class, IP address, subnet mask, subnet bits, mask bits, maximum required IP subnets and maximum required hosts per subnet.  
Talky Urgent meeting? Security Incident you need to talk about ASAP, Talky is a great free, video conferncing and screen sharing tool  
TCP/UDP Port #’s This is a list of TCP and UDP port numbers used by protocols of the transport layer of the Internet protocol suite for the establishment of host-to-host connectivity.  
Text Mechanic Simple, single task, browser based, text manipulation tools.  
TinyEye Search by image and find where that image appears online  
TLS Bible Useful to check exact support levels of TLS  
Touch Typing Tool Learn Touch Typing for free!  
TypeForm Free, beautiful forms with great UX/UI  
URL Query Online service for detecting and analyzing web-based malware.  
Report URI Tools to analyse and monitor website security policies like CSP and HPKP.  
URL Decoder Handy for turning encoded JavaScript URLs from complete gibberish into readable gibberish.  
URL Haus URLhaus is a project from with the goal of sharing malicious URLs that are being used for malware distribution.  
URL Scan Scan and preview URL’s etc…  
User Agent String Tool to analyse and break down the User Agent String  
Virus Total Upload and scan a file to determine whether or not malicious.  
ViewDNS Useful tool if looking for domain takeover and DNS change history  
Whats My DNS? Verify DNS propagation or record information from multiple countries.  
You Get Signal The open port checker is a tool you can use to check your external IP address and detect open ports on your connection.