CISA Adds Critical Hikvision and Rockwell Automation Flaws to KEVView Threat
Microsoft February Zero-Day Vulnerabilities Under Active AttackView Threat
Kimwolf IoT Botnet Infects 2 Million DevicesView Threat
Desktop Window Manager Information DisclosureView Threat
Is it time to switch from Chrome to a Different Browser?Find Out Now!
The Ultimate Free Tool To Debloat And Supercharge Windows 10 & 11Know This Now!
Log InSign Up
Index
Categories Tags Featured Resource Hub TechWalrus Tools Archives
Platforms
Windows Linux Apple & iOS Android Lite OS
Browsers
All Browsers Chrome Firefox Extensions
Hub
Hub Home AI Tools Extensions Downloads Customization Wallpapers Free Games Domain Tools Learning & Courses Privacy & Security Lite OS Apple & iOS Android Retro Gaming Smart Home
Tools
All Tools SVG Cleaner Line Sorter Password Generator Encoder / Decoder JSON Formatter Word Counter Port Checker AI Detector
Security
Latest Threats
Community
Our Team Forum Newsletter About Us Contact
Browse All Topics

Search

Cybersecurity & Pentesting

AI Tools & Resources Browser Extensions Downloads Desktop Customization Lite OS & Custom Builds Wallpapers Free & Cheap Games Domain Tools & Resources Learning & Courses Privacy & Security Apple & iOS Android & Custom ROMs Retro Gaming & Emulation Smart Home Self-Hosting & Homelab Developer Tools & Environments Ultimate Privacy & De-Google CLI & Terminal Tools Cybersecurity & Pentesting

Security distros, reconnaissance tools, exploit frameworks, CTF platforms, OSINT, certifications, and everything for offensive and defensive security.

Security Distributions
(8)

Kali Linux

Visit
The industry-standard penetration testing distro from Offensive Security — 600+ pre-installed tools, Debian-based, ARM support

Parrot OS

Visit
Lightweight security distro with pentesting, forensics, and privacy editions — ships with anonymity tools and Tor pre-configured

BlackArch Linux

Visit
Arch-based distro with 2,800+ security tools — use as a standalone OS or add the BlackArch repo to existing Arch installs

Tails

Visit
Portable live OS that routes everything through Tor — leaves no trace on the host machine, used by journalists and activists

Whonix

Visit
Desktop OS designed for advanced security and privacy — runs in two VMs to isolate the workstation from the network layer

REMnux

Visit
Linux toolkit for reverse-engineering and analyzing malware — curated collection of malware analysis tools from SANS

CAINE

Visit
Computer Aided Investigative Environment — Ubuntu-based forensics distro with a complete forensic analysis toolkit

Qubes OS

Visit
Security-oriented OS using Xen virtualization to isolate apps in separate VMs — endorsed by Edward Snowden

Reconnaissance & Scanning

(11)

Nmap

Visit
The gold standard network scanner — port scanning, service detection, OS fingerprinting, NSE scripting engine

Masscan

Visit
Internet-scale port scanner — can scan the entire IPv4 address space in under 6 minutes using asynchronous SYN scanning

RustScan

Visit
Modern port scanner that scans all 65K ports in 3 seconds, then pipes results to Nmap for service detection

Amass

Visit
OWASP project for network mapping and external asset discovery using OSINT and active recon techniques

Subfinder

Visit
Fast passive subdomain discovery tool using dozens of data sources — designed for minimal false positives

Nuclei

Visit
Fast vulnerability scanner with template-based scanning — 8,000+ community templates for CVEs, misconfigs, and exposures

httpx

Visit
Fast and multi-purpose HTTP toolkit for running probes — tech detection, status codes, content length, CDN detection

Recon-ng

Visit
Full-featured web reconnaissance framework written in Python — modular design with a Metasploit-like interface

theHarvester

Visit
Gather emails, subdomains, hosts, employee names, open ports from different public sources for OSINT

Gobuster

Visit
Directory/file, DNS, and vhost brute-forcing tool written in Go — fast, clean, no recursive nonsense

feroxbuster

Visit
Fast, simple, recursive content discovery tool written in Rust — like gobuster but with recursion, filters, and resume support

Web Application Security

(10)

Burp Suite

Visit
The standard web application security testing platform — intercepting proxy, scanner, repeater, intruder, and extensions

OWASP ZAP

Visit
Free and open-source web app security scanner — intercepting proxy, active/passive scanning, fuzzing, and scripting

Caido

Visit
Modern lightweight web security auditing toolkit built in Rust — fast proxy, replay, automate, and HTTPQL query language

SQLMap

Visit
Automatic SQL injection detection and exploitation tool — supports all major DBMS, blind injection, and OS shell access

Nikto

Visit
Web server scanner that checks for 7,000+ dangerous files/programs, outdated versions, and server misconfigurations

WPScan

Visit
WordPress security scanner — enumerate plugins, themes, users, and check for known vulnerabilities with the WPScan database

ffuf

Visit
Fast web fuzzer written in Go — directory discovery, parameter fuzzing, virtual host discovery with filtering and recursion

XSStrike

Visit
Advanced XSS detection suite with crawling, fuzzing, and context analysis — identifies reflected, stored, and DOM XSS

PortSwigger Web Security Academy

Visit
Free interactive labs covering all OWASP Top 10 — SQL injection, XSS, SSRF, CSRF, and more with hands-on practice

OWASP Top 10

Visit
The definitive awareness document for web application security — 10 most critical security risks updated periodically

Exploit Frameworks & Post-Exploitation

(9)

Metasploit Framework

Visit
The world's most used penetration testing framework — exploit modules, payloads, post-exploitation, and auxiliary scanners

Sliver

Visit
Modern open-source C2 framework — cross-platform implants, encrypted comms, multiplayer mode, designed for red teams

Havoc

Visit
Modern C2 framework with a sleek UI — BOF support, sleep obfuscation, custom agents, built for post-exploitation

Impacket

Visit
Python classes for working with network protocols — essential for Active Directory attacks, SMB, DCOM, WMI exploitation

BloodHound

Visit
Uses graph theory to reveal hidden attack paths in Active Directory — map domain trusts, GPO abuse, Kerberos delegation

CrackMapExec

Visit
Swiss army knife for pentesting Windows/AD environments — spray credentials, execute commands, dump secrets across the network

Evil-WinRM

Visit
Ultimate Windows Remote Management shell — upload/download files, load PowerShell scripts, pass the hash, log bypasses

Chisel

Visit
Fast TCP/UDP tunnel transported over HTTP and secured via SSH — essential for pivoting through networks during pentests

Ligolo-ng

Visit
Advanced tunneling/pivoting tool using a TUN interface — set up reverse tunnels without SOCKS, route traffic natively

OSINT & Intelligence Gathering

(10)

Shodan

Visit
Search engine for internet-connected devices — find exposed servers, webcams, databases, industrial control systems worldwide

Censys

Visit
Internet-wide scanning platform — discover and monitor attack surfaces, exposed services, TLS certificates across the internet

Maltego

Visit
Visual link analysis tool for OSINT — map relationships between people, companies, domains, IPs, and social media

SpiderFoot

Visit
Automated OSINT collection tool with 200+ modules — scans IPs, domains, emails, names, and correlates findings

Sherlock

Visit
Hunt down social media accounts by username across 400+ platforms — fast, simple, and incredibly effective for profiling

Holehe

Visit
Check if an email is attached to accounts on 120+ sites — LinkedIn, Twitter, Instagram, and more without sending any alerts

Have I Been Pwned

Visit
Check if your email or password has been exposed in data breaches — free API, domain monitoring, breach notifications

BuiltWith

Visit
Technology lookup tool — discover what technologies any website is using from CMS to analytics to CDN to hosting

OSINT Framework

Visit
Comprehensive collection of OSINT tools organized by category — the go-to starting point for any intelligence gathering

IntelTechniques

Visit
Michael Bazzell's OSINT tools and training — custom search tools, books, podcast, and professional investigation resources

Network Security & Packet Analysis

(8)

Wireshark

Visit
The world's foremost network protocol analyzer — deep inspection of hundreds of protocols, live capture, and offline analysis

Snort

Visit
Open-source intrusion detection and prevention system — real-time packet analysis, protocol analysis, content matching rules

Suricata

Visit
High-performance IDS/IPS and network security monitoring engine — multi-threaded, Lua scripting, JA3 fingerprinting

Zeek

Visit
Powerful network analysis framework that creates detailed logs of network activity — DNS, HTTP, SSL, SMB, and more

tcpdump

Visit
Classic command-line packet analyzer — capture and display network traffic with powerful BPF filtering on any Unix system

Responder

Visit
LLMNR, NBT-NS, and MDNS poisoner — captures NTLMv1/v2 hashes on local networks, essential for AD pentesting

Bettercap

Visit
Swiss army knife for network attacks and monitoring — ARP spoofing, DNS spoofing, WiFi deauth, BLE, and HTTP proxying

NetworkMiner

Visit
Network forensic analysis tool — extract files, images, and credentials from packet captures without deep protocol knowledge

Password & Credential Tools

(7)

Hashcat

Visit
World's fastest password recovery tool — GPU-accelerated, supports 300+ hash types, rule-based attacks, and combinator mode

John the Ripper

Visit
Classic password cracker supporting hundreds of hash and cipher types — CPU-based, jumbo community edition adds even more

Hydra

Visit
Fast and flexible online password brute-forcer — supports 50+ protocols including SSH, FTP, HTTP, SMB, RDP, and databases

Mimikatz

Visit
Windows credential extraction tool — dump passwords, hashes, PINs, and Kerberos tickets from memory. The tool that changed AD security forever

SecLists

Visit
Collection of multiple types of lists used during security assessments — usernames, passwords, URLs, fuzzing payloads, web shells

CeWL

Visit
Custom word list generator that spiders a target website to create password lists based on the content it finds

Kerbrute

Visit
Tool to brute-force and enumerate valid Active Directory accounts through Kerberos pre-authentication

Wireless Security

(6)

Aircrack-ng

Visit
Complete suite for WiFi security assessment — packet capture, WEP/WPA cracking, replay attacks, and deauthentication

Kismet

Visit
Wireless network and device detector, sniffer, wardriving tool, and WIDS — WiFi, Bluetooth, Zigbee, and more

Wifite

Visit
Automated wireless attack tool — scans for targets, captures handshakes, runs attacks, and cracks passwords unattended

Fluxion

Visit
Social engineering WiFi attack tool — creates evil twin access points to capture WPA credentials through fake captive portals

WiFi Pineapple

Visit
Hak5's portable wireless auditing platform — rogue AP, MITM, recon, and reporting in a pocket-sized device

Hcxdumptool

Visit
Tool to capture PMKID and handshakes from WiFi networks for offline cracking — works without deauth attacks on modern WPA

Vulnerability Scanners

(7)

Nessus

Visit
Industry-leading vulnerability scanner from Tenable — 200K+ plugins, compliance checks, and configuration auditing

OpenVAS

Visit
Full-featured open-source vulnerability scanner — 100K+ NVTs, network and web scanning, reporting and remediation tracking

Trivy

Visit
All-in-one security scanner — find vulnerabilities, misconfigurations, and secrets in containers, filesystems, repos, and cloud

Qualys Community Edition

Visit
Cloud-based vulnerability management with up to 16 IPs free — asset discovery, prioritization, and compliance checks

Grype

Visit
Vulnerability scanner for container images and filesystems — finds CVEs in OS packages and language dependencies

Wazuh

Visit
Open-source security platform — SIEM, intrusion detection, vulnerability detection, compliance monitoring, and incident response

Vuls

Visit
Agentless vulnerability scanner for Linux, FreeBSD, and containers — uses CVE databases and package manager info

Digital Forensics & Incident Response

(8)

Autopsy

Visit
Open-source digital forensics platform — timeline analysis, keyword search, hash filtering, web artifact extraction, registry analysis

Volatility 3

Visit
The gold standard for memory forensics — extract running processes, network connections, loaded DLLs, and artifacts from RAM dumps

YARA

Visit
Pattern matching swiss knife for malware researchers — create rules to identify and classify malware families based on binary patterns

Ghidra

Visit
NSA's open-source reverse engineering framework — disassembler, decompiler, scripting, and collaboration for binary analysis

Velociraptor

Visit
Advanced endpoint visibility and forensics — hunt across thousands of endpoints, collect artifacts, live response at scale

TheHive

Visit
Open-source incident response platform — case management, alert triage, observable analysis, and team collaboration

Cuckoo Sandbox

Visit
Automated malware analysis system — submit suspicious files and get detailed reports on behavior, API calls, and network traffic

CyberChef

Visit
GCHQ's web app for encoding, decoding, encrypting, analyzing data — drag-and-drop recipe builder for any data transformation

CTF Platforms & Practice Labs

(10)

Hack The Box

Visit
Gamified cybersecurity platform with vulnerable machines, challenges, and pro labs — the proving ground for pentesting skills

TryHackMe

Visit
Beginner-friendly cybersecurity training with guided rooms, learning paths, and browser-based attack machines — no setup required

PicoCTF

Visit
Free CTF platform by Carnegie Mellon — beginner-friendly challenges in forensics, crypto, web, binary exploitation, and reverse engineering

OverTheWire

Visit
War games to learn security concepts through SSH challenges — Bandit (Linux basics) to Vortex (advanced exploitation)

VulnHub

Visit
Downloadable vulnerable VMs for offline practice — hundreds of boot2root challenges with varying difficulty levels

CTFtime

Visit
Calendar and scoreboard for CTF competitions worldwide — find upcoming events, team rankings, and writeup archives

HackTheBox Academy

Visit
Structured cybersecurity courses with hands-on labs — from fundamentals to advanced AD attacks, CPTS certification path

Damn Vulnerable Web App

Visit
Intentionally vulnerable PHP/MySQL web app for security testing practice — SQL injection, XSS, CSRF, file inclusion, and more

OWASP Juice Shop

Visit
Intentionally insecure web app covering the entire OWASP Top 10 — hacking challenges with a scoreboard and tutorials

Pwnable.kr

Visit
System exploitation war game — binary exploitation challenges from toddler's bottle to advanced kernel exploits

Certifications & Training

(8)

OSCP (OffSec)

Visit
Offensive Security Certified Professional — the most respected hands-on pentesting certification with a 24-hour practical exam

CompTIA Security+

Visit
Industry baseline certification for cybersecurity — covers network security, threats, cryptography, identity management, and compliance

PNPT (TCM Security)

Visit
Practical Network Penetration Tester — 5-day practical exam covering OSINT, external/internal pentesting, AD attacks, and reporting

TCM Security Academy

Visit
Affordable hands-on hacking courses by Heath Adams — ethical hacking, AD pentesting, OSINT, web app pentesting, and more

eJPT (INE Security)

Visit
Entry-level penetration testing certification — practical exam covering networking, web app, and host-based pentesting

SANS / GIAC

Visit
Premium cybersecurity training and certifications — GCIH, GPEN, GCIA, GSEC, and dozens more for every security domain

Professor Messer

Visit
Free CompTIA certification training videos — Security+, Network+, A+ courses with study groups and practice exams

Cybrary

Visit
Cybersecurity and IT career development platform with free and premium courses, virtual labs, and certification prep

Bug Bounty & Responsible Disclosure

(6)

HackerOne

Visit
World's largest hacker-powered security platform — bug bounty programs from the US DoD, Uber, GitHub, PayPal, and thousands more

Bugcrowd

Visit
Crowdsourced security platform connecting researchers with organizations — managed bug bounties, vulnerability disclosure, and pentesting

Intigriti

Visit
European bug bounty platform with a strong researcher community — hybrid programs combining automated and manual testing

YesWeHack

Visit
European bug bounty and vulnerability disclosure platform — programs from major enterprises and government agencies

Bug Bounty Hunter

Visit
Methodology-focused training platform — learn recon, exploitation, and reporting specifically for bug bounty hunting

Immunefi

Visit
Bug bounty platform for Web3 and blockchain security — the biggest bounties in the industry, millions paid to researchers

Hacking Hardware & Gadgets

(5)

Flipper Zero

Visit
Portable multi-tool for pentesters — RFID, NFC, Sub-GHz, IR, GPIO, BadUSB, and iButton all in a Tamagotchi-sized device

Hak5

Visit
Makers of pentesting gear — USB Rubber Ducky, Bash Bunny, WiFi Pineapple, Packet Squirrel, and more offensive tools

Proxmark3

Visit
RFID research tool — read, write, clone, and emulate HID, MIFARE, EM, and other proximity cards for access control testing

HackRF One

Visit
Open-source software-defined radio platform — transmit and receive 1 MHz to 6 GHz for wireless protocol analysis and replay

O.MG Cable

Visit
Cable that looks normal but hides a WiFi-enabled implant — keystroke injection, payload deployment, and geofencing for red teams

Communities & News

(10)

r/netsec

Visit
Reddit's information security community — technical security research, CVE discussions, tool releases, and exploit writeups

r/hacking

Visit
Reddit community for hacking and cybersecurity — CTF writeups, tool recommendations, career advice, and news

The Hacker News

Visit
Leading cybersecurity news publication — zero-days, data breaches, vulnerability disclosures, and malware analysis

Krebs on Security

Visit
Brian Krebs' investigative cybersecurity journalism — in-depth reporting on cybercrime, data breaches, and threat actors

Darknet Diaries

Visit
Podcast telling true stories from the dark side of the internet — pentesting stories, hackers, cybercrime, and social engineering

Awesome Hacking

Visit
Curated collection of hacking tools, resources, and references — one of the most comprehensive security resource lists on GitHub

MITRE ATT&CK

Visit
Knowledge base of adversary tactics and techniques based on real-world observations — the language of threat intelligence

Exploit Database

Visit
Archive of public exploits and vulnerable software — maintained by OffSec, searchable by CVE, platform, type, and author

IppSec

Visit
YouTube channel with detailed HackTheBox walkthroughs — learn real pentesting methodology from retired machine solutions

John Hammond

Visit
Cybersecurity YouTuber with CTF walkthroughs, malware analysis, hacking tutorials, and tool demonstrations
No items found matching your filters.