Curated intelligence, tooling, and learning references.

Browse historical snapshots of websites. Invaluable for OSINT, investigating past configurations, and finding removed content.

Guided, gamified cybersecurity training with browser-based labs. Great for beginners through intermediate practitioners.

Advanced penetration testing labs and challenges. Retired machines have community walkthroughs.

Structured cybersecurity courses from Hack The Box covering everything from networking fundamentals to advanced exploitation.

Free, comprehensive web security training from the makers of Burp Suite. Covers OWASP Top 10 and beyond with interactive labs.

Hands-on web penetration testing exercises progressing from basic to advanced topics.

Free beginner-friendly CTF platform by Carnegie Mellon. Excellent for learning binary exploitation, crypto, forensics, and web.

Classic wargames for learning security concepts through SSH-based challenges. Start with Bandit for Linux basics.

Downloadable vulnerable virtual machines for offline penetration testing practice.

Binary exploitation wargame with high-quality pwn challenges ranging from easy to very hard.

Intentionally insecure web app for security training. Covers the entire OWASP Top 10 and more.

CTF platform with challenges, competitions, and cybersecurity talent recruitment.

Comprehensive pentesting methodology wiki. Covers enumeration, exploitation, and privilege escalation across platforms.

In-depth red team and offensive security notes covering Windows internals, persistence, evasion, and more.

Industry-standard offensive security certifications including OSCP, OSWE, and OSED.

Advanced malware development training for red teamers and security researchers.

Knowledge base of adversary tactics and techniques based on real-world observations. The industry standard for threat modeling.

Community-driven cybersecurity learning roadmap covering fundamentals to advanced topics.

Leading bug bounty and vulnerability disclosure platform. Browse public programs and disclosed reports to learn.

Massive collection of payloads and bypasses for web application security testing. Covers XSS, SQLi, SSRF, SSTI, and more.

Curated list of Unix binaries that can be used to bypass local security restrictions for privilege escalation.

Online reverse shell generator supporting Bash, PowerShell, Python, PHP, and many more languages.

Fast, customizable vulnerability scanner driven by YAML templates. Thousands of community templates available.

Fast passive subdomain enumeration tool by ProjectDiscovery. Essential for recon.

Fast multi-purpose HTTP toolkit for probing live hosts, grabbing titles, status codes, and tech stacks.

In-depth attack surface mapping and asset discovery using OSINT and active recon techniques.

Collection of wordlists for fuzzing, passwords, usernames, URLs, and payloads used during security assessments.

Online penetration testing and vulnerability assessment toolkit with scanners, recon, and exploitation tools.

Search engine for internet-connected devices. Find exposed services, open ports, and vulnerable systems.

Internet-wide scanning platform for discovering hosts, certificates, and services across IPv4 and IPv6.

Certificate Transparency log search. Find subdomains by querying SSL/TLS certificate issuance.

Find and verify professional email addresses associated with a domain. Useful for phishing assessments.

Search engine for exposed data, misconfigured services, and leaked information on the internet.

Free online tools for IP/AS lookup, DNS recon, port scanning, and vulnerability scanning.

Site reports, hosting history, and technology detection for any website.

Analyze suspicious files, URLs, domains, and IPs against 70+ antivirus engines and sandboxes.

Interactive online malware sandbox. Watch malware execute in real-time and analyze network/file behavior.

Blog with pcap files and exercises for analyzing malware network traffic. Excellent for DFIR practice.

Community-driven threat intelligence on malware, botnets, and C2 infrastructure. Hosts MalwareBazaar and URLhaus.

NSA's open-source software reverse engineering framework. Supports decompilation across many architectures.

The world's most popular network protocol analyzer. Capture and inspect traffic in real-time.

World's fastest and most advanced password recovery utility. Supports 350+ hash types with GPU acceleration.

CVE-compliant archive of public exploits and vulnerable software. Maintained by OffSec.

U.S. government repository of vulnerability data with CVSS scores, CPE matching, and CWE classification.

The authoritative source for CVE identifiers. Reference point for vulnerability tracking worldwide.

Open-source threat intelligence sharing platform. Create, store, and share structured threat data (IoCs, TTPs).

Free domain research tool for DNS recon and discovering host records. Visualizes DNS data for attack surface mapping.

Scan and analyze URLs for phishing, malware, and suspicious content. See DOM, requests, and screenshots.

Community-driven IP abuse reporting database. Check and report malicious IPs involved in attacks.

Historical DNS data, WHOIS records, and domain intelligence. Trace infrastructure changes over time.

Check if your email or phone has been compromised in a data breach. Essential awareness tool by Troy Hunt.

Free tripwire tokens that alert you when triggered. Deploy as URLs, DNS, documents, or AWS keys to detect intrusions.

Analyze images for hidden data, ELA, metadata, and digital tampering. Useful for OSINT and forensics.

Encode and Decode

[submitted via public form]