Rawsec's CyberSecurity Inventory

An inventory of tools and resources about CyberSecurity.

Resources

Note: Paid resources may exist in a free limited version or a demo version

Bug bounty, pentest and disclosure platforms

Name Link Description Price
AVORD [Website] UK penetration testing platform Free
AntiHACK [Website] Singapore bug bounty platform Free
Bounty Factory [Website] European bug bounty platform based on the legislation and rules in force in european countries, by YesWeHack Free
BugBounty.jp [Website] Japan bug bounty platform Free
Bugcrowd [Website] Bug bounty platform Free
CESPPA [Website] Bug bounty platform Free
Cobalt.io [Website] Crowdsourced pentest, registrant will be a cobalt.io employee (take care to obligation of loyalty if you already have a job) Free
Crowdswarn [Website] Crowdsourced pentest & bug bounty platform Free
FEDERACY [Website] Crowdsourced pentest & bug bounty platform Free
FireBounty [Website] Bug bounty program aggregator Free
HackenProof [Website] Bug bounty platform Free
HackerOne [Website] Bug bounty platform Free
HackTrophy [Website] Bug bounty platform Free
huntr [Website] A bug bounty board for securing open-source code. Free
Intigriti [Website] Bug bounty platform Free
Open Bug Bounty [Website] Non-profit bug bounty platform Free
Plugbounty [Website] Bug bounty platform for plugins, themes, extensions, libraries Free
ScanTitan [Website] Crowdsourced pentest Free
SSD Secure Disclosure [Website] Rewarded responsible disclosure service Free
SynAck Red Team [Website] Crowdsourced pentest, registrant will be a SynAck employee (take care to obligation of loyalty if you already have a job) Free
Yogosha [Website] Bug bounty platform Free
Zero Day Initiative [Website] Rewarded responsible disclosure service Free
Zerocopter [Website] Invite-only and closed bug bounty platform Free
ZeroDisclo.com [Website] Coordinated disclosure platform by YesWeHack Free

Challenges platforms

Name Link Description Price
ae27ff [Website] Challenge platform Free
Backdoor [Website] Practice area with some past CTF challenges Free
Begin.re [Website] Binary reverse guided challenges for beginners Free
CanYouHack.It [Website] Challenge platform Free
Challenge Land [Website] Challenge platform Free
Cryptopals [Website] Crypto challenges platform Free
CTFLearn [Website] Challenge platform Free
CyberDefenders [Website] Training platform focused on the defensive side of cybersecurity, aiming to provide a place for blue teams to practice Free
Electrica [Website] Programming, cryptography challenges Free
EnigmaGroup [Website] Challenge platform Free
Exploit Education [Website] Exercises and resources about vulnerability analysis, exploit development, software debugging, binary analysis, and general cyber security issues Free
Exploit Exercises [Website] VMs, documentation and challenges Free
Gekkó [Website] Challenge platform Free
Graker [Website] Binary challenges having a slow learning curve, and write-ups for each level (SSH connection) Free
Hack The Box [Website] Challenge platform Free
Hack This Site [Website] Challenge platform and community Free
HackBBS [Website] Challenge platform and community Free
HackCenter [Website] Private challenge platforms Free
Hacker Gateway [Website] Challenge platform Free
Hacker.org [Website] Challenge platform Free
Hacking Lab [Website] Challenge platform with teachers and solutions Free
HackThis!! [Website] Challenge platform Free
ImmersiveLabs [Website] Story-driven exercises and practical, gamified labs Paid
IO [Website] Binary challenges (SSH connection) Free
LOST-Chall [Website] Challenge platform Free
Mod-X [Website] Challenge platforms through a fictional game Free
Net-Force [Website] Challenge platform Free
NCP [Website] NICE Challenge Project by the NIST and the NSA (for American students only) Free
Over The Wire [Website][Source] Challenge platform Free
OWASP Juice Shop [Website][Source] Online demo instance of the OWASP Juice Shop Free
PentesterLab [Website] Pentest lab Paid
Practical Pentest Labs [Website] Pentest lab Paid
Pwnable.kr [Website] Pwn challenges Free
pwnable.tw [Website] Pwn challenges Free
PwnerRank [Website] Challenge platform Free
Rankk [Website] Programming, cryptography challenges Free
RedTigers Hackit [Website] PHP / SQL challenge platform Free
Reversing.Kr [Website] Cracking and Reverse Code Engineering challenge platform Free
Revolution Elite [Website] Math and programming challenges Free
Ringzer0Team [Website] Challenge platform Free
Root-me [Website] Challenge platform Free
RoseCode [Website] Challenge platform Free
Security Traps [Website] Challenge platform Free
SmashTheStack [Website] Mostly binary challenges Free
Solve Me [Website] Challenge platform Free
SPOJ [Website] Programming challenges Free
Stereotyped Challenges [Website] Web challenges Free
Tasteless [Website] Challenge platform Free
TheBlackSheep [Website] Challenge platform Free
ThisisLegal.com [Website] Challenge platform Free
TryHackMe [Website] Challenge platform with deployable machines; there are also tutorials and courses Free
TryThis0ne [Website] Challenge platform Free
Valhalla [Website] Challenge platform and community Free
Virtual Hacking Labs [Website] Virtual penetration testing environment with courses and VMs Paid
VulnHub [Website] VM-based challenges Free
WebHacking [Website] Web challenges Free
W3Challs [Website] Challenge platform Free
WeChall [Website] Challenge platform Free
wixxerd [Website] Challenge platform Free
WTHack [Website] Challenge platform Free
yoire [Website] Challenge platform Free
Zenk-security [Website] Challenge platform and community Free
ZSIS CTF [Website] Challenge platform Free
µContest [Website] Programming challenges Free

CVE

Name Link Description Price
Archlinux security issues [Website] CVE affecting Archlinux Free
AttackerKB [Website] Forum for the security community to share insights and views that help security professionals better understand the risk in their environment and make more informed decisions around prioritization and defense. Free
CVE Details [Website] Advanced CVE datasource Free
Debian security issues [Website] CVE affecting Debian Free
Mitre [Website] CVE datasource standard Free
NVD [Website] CVE datasource Free
Red Hat security issues [Website] CVE affecting Red Hat Free
OpenCVE [Website] Customizable CVE dashboard, track vulnerabilities that concern you (previously named Saucs) Free
SUSE security issues [Website] CVE affecting SUSE Free
Ubuntu security issues [Website] CVE affecting Ubuntu Free
VULDB [Website] Community-driven vulnerability database Free
VulnIQ [Website] Vulnerability database with CVE, OVAL, CWE, CAPEC, etc. Free

Events

Information, News, Blog

Name Language Link Description Price
hackndo French [Website] Blog about pentesting Free
KitPloit English [Website] Tools presentation and announcement Free
Latest Hacking News English [Website] Cybersecurity news, tools presentation and announcement Free
Offensive OSINT English [Website] OSINT articles from an offensive perspective Free
Pentest Blog English [Website] Blog targeting pentesters: security advisories, OS, appsec, network, tools, articles Free
Security List Network English [Website] Tools presentation and announcement Free

Knowledge and tools

Name Link Description Price
bounty-targets-data [Source] Hourly-updated data dumps of bug bounty platform scopes that are eligible for reports Free
Bug Bounty Guide [Website][Source] Launchpad for bug bounty programs and bug bounty hunters Free
Bug Bounty Reference [Source] A list of bug bounty write-up that is categorized by the bug nature Free
ctf-tools [Source] Setup scripts for security tools Free
DefaultPassword [Website] Default passwords for many devices and services Free
Forensics Wiki [Website] Forensics tips and tools Free
GHDB [Website] Google Hacking Database; Collection of google dorks Free
Guifre [Website] Security, system and network cheatsheets Free
GTFOBins [Website][Source] Curated list/cheatsheet of Unix binaries that can be exploited by an attacker to bypass local security restrictions, obtain shells, read files Free
Hack Tricks [Website] Guide and cheatsheet for pentesting: shell, linux exploitation, windows exploitation, mobile app pentesting, network pentesting, web pentesting, binary exploit, forensics, crypto, backdoor, etc. Free
HTML5 Security Cheatsheet [Website] XSS vector making use of HTML5, HTML4, CSS, DOM, UFT7, SVG, JSON, etc ... Free
LOLBAS [Website][Source] Living Off The Land Binaries and Scripts; Curated list/cheatsheet of Windows binaries that can be exploited by an attacker to bypass local security restrictions, obtain shells, read files Free
Malware Traffic Analysis [Website] Malware traffic analysis blog and pastebin posts with pcap and malware samples attached; traffic analysis exercises Free
MD5 maxmin record [Website] Collection of various extremes of MD5 hashes Free
MDN - Event reference [Website] DOM Events reference, useful for XSS Free
PayloadsAllTheThings [Source] A list of useful payloads and bypass for Web Application Security and Pentest/CTF Free
Portswigger - XSS cheat sheet [Website] XSS cheat sheet containing many vectors that can help bypassing WAFs and filters Free
Privacy Tools [Website][Source] Website that provides knowledge and tools to protect your privacy against global mass surveillance Free
PTES [Website] The penetration testing execution standard covers all steps related to a penetration test Free
Red Teaming Tactics and Techniques [Website][Source] Exploring Red Teaming tactics and techniques, some of the common offensive security techniques involving gaining code execution, lateral movement, persistence and more Free
RubyFu [Website][Source] Offensive Ruby book Free
SecLists [Source] Collection of multiple types of lists used during security assessments, collected in one place; include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, etc. Free
Security Certification Roadmap [Website] Map referencing all security certifications existing in several categories: Implementation, Architecture, Management, Analysis, Defensive Operations, Offensive Operations Free
Sploitus [Website] Exploit search engine (PacketStorm, Exploit-DB, 0day.today, etc.) and tools search engine (KitPloit) Free
NetSPI SQL Injection Wiki [Website] A wiki knowledge base focused on SQL injection for various DBMS Free
SSL Checklist for Pentesters (Explore Security) [Website] List of SSL/TLS checks that can be performed manually with OpenSSL or a web browser Free
StegOnline checklist [Website][Source] CTF Image Steganography Checklist Free
The Bug Hunter's Methodology [Source] A collection of tips, tricks, tools, analysis and notes related to web application security assessments and more specifically towards bug hunting in bug bounties Free
Vergilius [Website] A collection of Microsoft Windows kernel structures, unions and enumerations; most of them are not officially documented and cannot be found in Windows Driver Kit (WDK) headers Free
VRT [Website][Source] Bugcrowd Vulnerability Rating Taxonomy (VRT) provides a baseline vulnerability priority scale for bug hunters and organizations Free
Windows & Active Directory Exploitation Cheat Sheet and Command Reference [Website] Windows & Active Directory exploitation: enumeration, exploitation, lateral movement, privilege escalation, persistence, domain persistence, post-exploitation Free
XSS Payloads [Website] Provides advanced XSS payload, tools and documentation about XSS Free

National security agencies and services

Name Country Link Description
ANSSI France [Website] Agence Nationale de la Sécurité des Systèmes d'Information, French service responsible for computer security
ASD Australia [Website] Australian Signals Directorate, Australian service responsible for computer security
CCB Belgium [Website] Centre for Cyber Security Belgium, Belgium service responsible for computer security
CNSS United States of America [Website] Committee on National Security Systems, USA intergovernmental organization for the security of the USA security systems
CSE/CST Canada [Website] Communications Security Establishment/Centre de la sécurité des télécommunications, Canadian service responsible for computer security
ENISA [Website] European Network and Information Security Agency, European Union service responsible for computer security
NCSC Great Britain [Website] National Cyber Security Center, United Kingdom service responsible for computer security
NIST United States of America [Website] National Institute of Standards and Technology, Metrology laboratory and non-regulatory agency of the USA Department of Commerce
NSA United States of America [Website] National Security Agency, United States of America service responsible for computer security

Non english

Name Language Link Description Price
Bamboofox Chinese [Website] CTF guide Free
ctfs.me Indonesian [Website] Challenges platform, challenges are in english Free
elhacker.net Spanish [Website] Challenges platform Free
Flu-Project Spanish [Website] Challenge platform, guides and news Free
Hack Players Spanish [Website] Challenge platform, guides and news Free
Hacking-Challenges German [Website] Challenges platform Free
Happy-Security German [Website] Challenges platform Free
MIPT CTF Russian [Source] CTF guide Free
NewbieContest French [Website] Challenge platform Free
NOE Korean [Website] Challenge platform Free
SuNiNaTaS Korean [Website] Challenge platform Free
TDHack Polish [Website] Challenge platform Free
World of Wargame Spanish [Website] Challenge platform Free
XCTF Agenda Chinese [Website] World CTF agenda Free
Yashira Spanish [Website] Challenge platform Free

Trainings and courses

Name Link Description Price
Bugcrowd University [Website][Source] Modules with slides, videos and sometimes labs to learn web security, by Bugcrowd Free
Cybrary [Website] Cyber Security learning, training and certification Paid
Hacker101 [Website][Source] Class for web security targeting bug bounty hunters and security professionals, with video lessons and a CTF platform, by HackerOne Free
OWASP Vulnerable Web Applications Directory [Website][Source] Comprehensive and registry of all known vulnerable web applications currently available Free
PentestAcademy [Website] Cyber Security training with an online lab Paid
Portswigger Web Security Academy [Website] Web Security training with an online lab Free
SANS [Website] Escal Institute of Advanced Technologies provides courses, certifications and learning materials Paid

Tutorials

Name Link Description Price
CTF Field Guide [Website][Source] CTF guide Free
CTF Resources [Website][Source] CTF guide Free
Infosec Institute - What a Challenger Perceives in most CTF Categories/Challenges [Website] Questions a challenger can ask himself during a CTF, classed by category Free
ISIS Lab Wiki [Website] CTF guide Free
Endgame - How to Get Started in CTF [Website] Tutorial for CTF beginners Free
NIZKCTF tutorial [Source] Tutorial to set up NIZKCTF Free
Xapax IT-Security Notebook [Website][Source] Overview guide for all kind of pentesting Free

Writeups collections and challenges source