Below my personal collection of useful tools to help with the analysis of cyber and intelligence cases (alphabet order by category).
Clearly, you wont’t find some famous tools like Google Map, Metasploit, Yandex Image Search or Hashcat. They are already included in other public collections.
Last udpate: April 01, 2022
Chrome and Firefox Extensions
Cookie-Editor lets you efficiently create, edit and delete a cookie for the current tab.
- Fake Profile Detector
A Google Chrome extension capable of detecting artificially generated profile pictures.
- Instant Data Scraper
Instant Data Scraper extracts data from web pages and exports it as Excel or CSV files.
- User-Agent Switcher
Spoof your browser “user-agent” string to a custom designation, making it impossible for websites to know specific details about your browsing arrangement.
Cyber Threat and Darkweb Intelligence
- Cisco Talos Intelligence
Talos defends against known and emerging threats, discovers new vulnerabilities in common software, and interdicts threats in the wild before they can further harm the internet at large.
- Cyber Feeds (by ENISA)
A list of several feeds about malwares, botnets, phishing, spam.
The uncensored internet: a collection of darknet sites.
Massive list of onion service links.
DarkTracer is design to monitor and trace malicious activities in Darkweb and Deepweb.
Collection of Cyber Threat Intelligence sources from the Deep and Dark Web.
- Intelligence X
It searches in places such as the darknet, document sharing platforms, whois data, public data leaks and others.
Scrape urls on different “.onion” search engines.
Onyphe is a cyber defense search engine for open-source and cyber threat intelligence data collected by crawling various sources available on the Internet or by listening to Internet background noise.
- Ransomware Groups
A list of ransomware groups including their official channels.
TorBot is an open source intelligence tool developed in python. Its main objective is to collect open data from the deep web.
- VX Underground
The largest collection of malware source code, samples, and papers on the internet.
DNS and other Domain tools
Certificate Search (with history).
A DNS log platform, mainly used for the log4j vulnerability testing. Previously https://log.xn--9tr.com.
A free domain research tool that can discover hosts related to a domain.
The anti-phishing domain name search engine and DNS monitoring service
FinalRecon is an automatic web reconnaissance tool written in python. It provides an overview of the target in a short amount of time while maintaining the accuracy of results.
All of your MX record, DNS, blacklist and SMTP diagnostics in one integrated tool.
- Newly Registered Domains (by WhoisDS)
Daily list of newly registered domains. DomainAlerting is an automated tool capable of alerting when a new domain name is registered and contains your keywords.
Subfinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources.
Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT.
TorWhois Onion Search.
Scan Google (or other) search results for vulnerabilities.
- Google Hacking (by Pentest tools)
Use advanced search operators (Google Dorks) to find juicy information about target websites.
- Katana Dork Scanner
Katana-ds (ds for dork_scanner) is a simple python tool that automates Google Hacking/Dorking and supports Tor.
Encoding, Encryption, Hashing
A all-in-one web app for analyzing and decoding data without having to deal with complex tools or programming languages.
- Morse Code
With respect to other Morse coders, this one has several Morse versions, including the Russian one.
- Punycoder (or IDN converter)
A tool for Punycode to Text/Unicode.
- Bleeping Computer
Accurate and relevant information about the latest cybsecurity threats and technology advances.
Finding and exploiting vulnerable Malware.
A site providing news about real security issues.
IPs, Hostnames and Services
Searching and proactively monitoring your digital footprint.
- Check Host
Checking availability of hosts, DNS records, IP addresses.
A platform to see how a site appears to the rest of the world.
- MAC Vendors
Find the vendor / manufacturer of a device by its MAC Address.
Hosting info, websites and IPs database.
LeakIX goes around the Internet and finds services to index them.
Shodan is a search engine for Internet-connected devices. If a device is directly hooked up to the Internet then Shodan queries it for various publicly-available information.
- OSINT Framework
A collection of OSINT tools.
- OSINT link
Open Source Intelligence Tools & Resources.
- OSINT tools collection
A very large collection of OSINT tools by @cyb_detective
Set of tools for security testing of Internet of Things devices using protocols: AMQP, CoAP, DTLS, HTCPCP, HTTP, HTTP/2, gRPC, KNX, mDNS, MQTT, MQTT-SN, QUIC, RTSP, SSDP.
A high-performance load testing tool, written in Golang.
- Excel 4 Macro Generator
A python script that takes x86 and x64 beacon raw shellcode and generates XLM macro.
EXCELntDonut is a XLM (Excel 4.0) macro generator. Start with C# source code (EXE) and end with a XLM (Excel 4.0) macro that will execute your code in memory.
Fsociety is a penetration testing system comprises of all penetration testing tools that a hacker needs.
HackingTool is a all in one hacking tool for hackers.
Hping3 is a network tool able to send custom TCP/IP packets and to display target replies like ping do with ICMP replies.
- Lazy script
A script automating many procedures about wifi penetration and hacking.
Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat and John the Ripper.
Extract plaintexts passwords, hash, PIN code and kerberos tickets from memory.
Packet Sender is an open source utility to allow sending and receiving TCP, UDP, and SSL (encrypted TCP) packets as well as HTTP/HTTPS requests and panel generation.
- Ping Castle
Ping Castle is a tool designed to assess quickly the Active Directory security level with a methodology based on risk assessment and a maturity framework.
The goal of this project is to provide a way for teams to simulate and test detection of common ransomware operation, in a controlled manner, against a set of company assets and network endpoints.
- Reverse Shell Generator
An online reverse shell generator that allows anyone to configure their IP addresses, ports, and shell of choice for your favorite reverse shell payloads.
Spraykatz is a tool able to retrieve credentials on Windows machines and large Active Directory environments.
Vulnx is an intelligent bot auto shell injector that detects vulnerabilities in multiple types of CMS.
- Webshells collection
A collection of webshells for ASP, ASPX, CFM, JSP, Perl, and PHP servers by BlackArch Team.
- Codice Fiscale Inverso
Inverse trasformation of the Italian Fiscal Code, similar to a Social Security Number (SSN) in the United States.
A “dark” pastebin containing doxxing contents.
- Face Generator
Unique real-time face generator.
- Have i been pwned
Check if your email or phone is in a data breach.
Find professional email addresses in seconds.
Find existing email addresses by nickname.
- Random Face Generator
Generate random human face in 1-click and download it.
It searches code from over a half million public repositories on GitHub.
Localtunnel allows you to easily share a web service on your local development machine without messing with DNS and firewall settings.
- HTML tester
A web page to test HTML code
A web page to test the Markdown markup language
A very complete regular expressions tester.
Search 75 billion lines of code from 40 million projects.
Finds bugs in your shell scripts.
- Text manipulation
A web page of useful string tools.
Radio and Streaming
- Tula Web SDR
A Web SDR from Tula region, Russia.
- Browser in the Browser (BITB) Attack
Browser templates for Browser In The Browser (BITB) attack.
- Canary Tokens
Canary tokens are a free, quick, painless way to help defenders discover they’ve been breached (by having attackers announce themselves.)
Evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection.
Grabify IP logger will help you find and track the IP address of any person.
Gophish is a powerful, open-source phishing framework that makes it easy to test your organization’s exposure to phishing.
Trape is an OSINT analysis and research tool, which allows people to track and execute intelligent social engineering attacks in real time.
Social Media Analysis
BirdHunt is a free OSINT tool to find tweets based on a location.
Check if a phone number is used on different sites like snapchat, instagram.
Instahunt is a free OSINT tool to find Instagram posts based on a location.
Instaloader is a tool to download pictures (or videos) along with their captions and other metadata from Instagram.
- Map of Reddit
A massive interactive map of subreddits.
Nitter allows you to view Twitter content without logging in.
Osintgram is a OSINT tool on Instagram to collect, analyze, and run reconnaissance.
- Reddit Comment Search
Search through comments of a particular reddit user.
- Reddit Search
Search through both deleted posts and deleted comments on Reddit.
- Reddit User Analyser
A tool that helps analyze a Reddit user’s account.
Reveal reddit’s removed content. Search by username, subreddit, link or domain.
Hunt down social media accounts by username across social networks.
OSINT tool to automate LinkedIn searches, scraping profiles to compile relevant information about users and filtering profiles by searching for keywords in them.
The most complete open-source tool for Twitter intelligence analysis.
Traffic, Tracking, Geolocation and WWW Analysis
- Archive Wayback Machine
A digital library of Internet sites and other cultural artifacts in digital form.
- Archive Today
A time capsule for web pages.
Flightradar24 is a global flight tracking service that provides you with real-time information about thousands of aircraft around the world.
GreyNoise is a cybersecurity platform that collects and analyzes Internet-wide scan and attack traffic.
Httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads.
Find any alphanumeric snippet, signature or keyword in the web pages HTML, JS and CSS code.
- Search All Junk
Search multiple classifieds sites at once. Covers Craigslist, Recycler, Penny Saver, Oodle and Facebook Marketplace
Analysing the website for safety and letting you see it before you decide whether to proceed.
A sandbox for the web.
Consolidate location and information of wireless networks world-wide to a central database.