Free, self-paced curriculum that builds a base of knowledge in computers and networking. Intended to build up a student with no prior technical knowledge to be confident in their ability to learn anything and continue their security education. Full text available as a gitbook.
Metasploit A computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.
mimikatz – A little tool to play with Windows security
Ghidra – A software reverse engineering (SRE) suite of tools developed by NSA’s Research Directorate in support of the Cybersecurity mission
Decompilers
JVM-based languages
Krakatau – the best decompiler I have used. Is able to decompile apps written in Scala and Kotlin into Java code. JD-GUI and Luyten have failed to do it fully.
Spyse – Data gathering service that collects web info using OSINT. Provided info: IPv4 hosts, domains/whois, ports/banners/protocols, technologies, OS, AS, maintains huge SSL/TLS DB, and more… All the data is stored in its own database allowing get the data without scanning.
sqlmap – Automatic SQL injection and database takeover tool
NoSQLMap – Automated NoSQL database enumeration and web application exploitation tool.
VHostScan – A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
SubFinder – SubFinder is a subdomain discovery tool that discovers valid subdomains for any target using passive online sources.
Findsubdomains – A subdomains discovery tool that collects all possible subdomains from open source internet and validates them through various tools to provide accurate results.
Wifi Jammer – Free program to jam all wifi clients in range
Firesheep – Free program for HTTP session hijacking attacks.
Scapy – A Python tool and library for low level packet creation and manipulation
Amass – In-depth subdomain enumeration tool that performs scraping, recursive brute forcing, crawling of web archives, name altering and reverse DNS sweeping
Netz – Discover internet-wide misconfigurations, using zgrab2 and others.
RustScan – Extremely fast port scanner built with Rust, designed to scan all ports in a couple of seconds and utilizes nmap to perform port enumeration in a fraction of the time.
Forensic
Tools
Autopsy – A digital forensics platform and graphical interface to The Sleuth Kit and other digital forensics tools
sleuthkit – A library and collection of command-line digital forensics tools
EnCase – The shared technology within a suite of digital investigations products by Guidance Software
Movies For Hackers – A curated list of movies every hacker & cyberpunk must watch.
Roppers CTF Fundamentals Course – Free course designed to get a student crushing CTFs as quickly as possible. Teaches the mentality and skills required for crypto, forensics, and more. Full text available as a gitbook.
Roppers Security Fundamentals – Free course that teaches a beginner how security works in the real world. Learn security theory and execute defensive measures so that you are better prepared against threats online and in the physical world. Full text available as a gitbook.