Security tools - PSJoshi/Notes GitHub Wiki
- Static analysis tool from Facebook for C/C++/Java code - http://fbinfer.com/
- Certificate monitoring - https://certificatemonitor.org/
- Secure server configuation - https://cipherli.st/
- Test your SSL setup - https://ssldecoder.org/
- Certificate transparency log update stream - https://certstream.calidog.io/
- Scanlogd - TCP port scan detection tool - http://www.openwall.com/scanlogd/
- Useful SANS tools - https://isc.sans.edu/tools/
Domain information
- domain details - https://spyse.com
Certificate transparency reports
- https://crt.sh/
- https://censys.io/
- https://developers.facebook.com/tools/ct/
- https://google.com/transparencyreport/https/ct/
Certificate monitors
- SSLMate - https://sslmate.com/certspotter/
- Facebook certificate transparency monitoring - https://developers.facebook.com/tools/ct/
ASN information
- Team Cymru - https://asn.cymru.com/cgi-bin/whois.cgi
- Hurricane Electric Internet Services - https://bgp.he.net/
Google public DNS
DNS records
- https://dnsrecords.io
- https://www.ultratools.com
- https://mxtoolbox.com/
- http://viewdns.info/
- https://passivedns.mnemonic.no/search
- https://www.farsightsecurity.com
- https://www.passivetotal.org
SSL checks
- crt.sh - An open source public viewer for Certificate Transparency logs. - https://crt.sh/
- certspotter - An open source tool for monitoring issuance of certificates that appear in Certificate Transparency logs. - https://github.com/SSLMate/certspotter
- certlint - An open source tool that reviews x.509 certificates for compliance with CA/Browser Forum requirements and various RFCs. - https://github.com/awslabs/certlint
- ssllabs-scan - Command line tool for the API for SSL Labs, a universally referenced HTTPS evaluation and grading tool for public-facing websites - https://github.com/ssllabs/ssllabs-scan
- site-inspector - Scan a domain for various web/HTTP-related properties, including HTTPS support - https://github.com/benbalter/site-inspector
- mixed-content-scan - Command line tool for walking over a website and scanning for the use of insecure resources - https://github.com/bramus/mixed-content-scan
Site reputation checks
- Siteadvisor - http://www.siteadvisor.com/sites/twitter.com
- Google - http://www.google.com/safebrowsing/diagnostic?site=twitter.com
- Sucuri - http://sitecheck.sucuri.net/results/twitter.com
- Norton - http://safeweb.norton.com/report/show?url=twitter.com
- Browser defender - http://www.browserdefender.com/site/twitter.com
- Trendmicro - https://global.sitesafety.trendmicro.com/
- BrightCloud - https://www.brightcloud.com/tools/url-ip-lookup.php
- Urlvoid - http://www.urlvoid.com/
- CISCO reputation center - https://www.talosintelligence.com/reputation_center
- Zscalar check - https://zulu.zscaler.com/
Whois details
- DomainTools - http://whois.domaintools.com
- APNIC Whois JSON service - http://wq.apnic.net/whois-search/query?searchtext=59.185.237.33
- ARIN Whois UI - http://whois.arin.net/ui/
Cyberspace search engines:
- Shodan - https://www.shodan.io/
- Zoomeye - https://www.zoomeye.org/
- Censys.io - https://censys.io/
Free Vulnerability scanners
- OpenVAS - http://www.openvas.org/
- Retina CS community - http://go.beyondtrust.com/cscommunity
- Microsoft baseline security analyzer - http://www.microsoft.com/en-us/download/details.aspx?id=7558
- Nexpose - http://www.rapid7.com/products/nexpose/
- Tripwire Securecheq - http://www.tripwire.com/securecheq/
- Qualys freescan - https://www.qualys.com/forms/freescan/
Router security check
- Check security at router level - https://routersecurity.org/testrouter.php
Online Malware analysis services
Misc
- Screen shot machine - http://screenshotmachine.com/
- Get link information - http://getlinkinfo.com
Subdomain enumeration
- Wolframalpha - http://www.wolframalpha.com
- Pentest-tools - https://pentest-tools.com/
- Netcraft - https://searchdns.netcraft.com/
- Pkey - https://www.pkey.in
- Cloudpiercer - https://cloudpiercer.org/
- Virustotal - https://virustotal.com/
- Comodo CRT.SH - https://crt.sh/
- Censys - https://censys.io/
- DNSdumpster - https://dnsdumpster.com/
- Other github projects:
HTTPS testing
- SSL Shopper - https://www.sslshopper.com/ssl-checker.html
- Decoder.link - https://decoder.link/sslchecker
- SSL server security - https://www.htbridge.com/ssl/
- Comodo SSL analyzer - https://sslanalyzer.comodoca.com/
- Digicert SSL checker - https://www.digicert.com/help/
- Certlogic - https://certlogik.com/ssl-checker/
- Qualys SSL checker - https://www.ssllabs.com/ssltest/
- SSL checker - https://www.sslchecker.com/sslchecker
- Symantec SSL checker - https://cryptoreport.websecurity.symantec.com/checker/
- Wormly monitoring service - https://www.wormly.com/test_ssl
- google transparency reporter - https://transparencyreport.google.com/https/certificates
Forensic analysis of image
- Image forensics - http://fotoforensics.com/
Test e-mail infrastructure
- Test email deliverability - https://blog.mailtrap.io/test-email-deliverability/
- SMTP diagnostics - https://mxtoolbox.com/diagnostic.aspx
- Wormly SMTP tests - https://www.wormly.com/test-smtp-server
- swaks utility - https://www.jetmore.org/john/code/swaks/
- scan domain for trustworthy email best practices - https://github.com/cisagov/trustymail
List of security tools
- List of open source security tools - https://techblog.bozho.net/list-of-open-source-security-tools/
- Cybersecurity inventory - https://inventory.raw.pm/tools.html
- open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework - https://github.com/mikeprivette/NIST-to-Tech
Domain Categorization
-
Check Domain Categorization - https://github.com/l0gan/domainCat
-
Chameleon: A tool for evading Proxy categorisation - https://github.com/mdsecactivebreach/Chameleon
-
Command and Control(C2) Matrix - https://howto.thec2matrix.com/
Youtube videos
- Using Adversary Emulation to Improve Physical Security (Purple Teaming / Red Teaming) - https://www.youtube.com/watch?v=11ghqUvDbJo