Darknet Diaries – An excellent bi-weekly podcast about cybersecurity, hackers, the dark web, and much more.

Security Now – A weekly technical cybersecurity podcast (by GRC) over Video and Audio.

Grumpy Old Geeks – A weekly humor show over the cybersecurity and Internet theme. “What went wrong on the Internet and who is to blame!”

The Cyber Wire – A daily source of cyber news and IT carrier.

The Social-Engineer Podcast – The title already talks by itself.

Virus Total – A website created by a cybersecurity company and has information about viruses, worms, malware, etc.

GrayNoise – It collects, analyzes, and labels data by IPs that scan the internet and saturate security tools with noise.

AntiScan and DynCheck – Free online multi antivirus scanners.

GTmetrix – Designed to test the speed of loading a website, but also gives reports of the content and the percentage of each language used in it.

PageSpeed Insights – Creates reports on the performance of a page on both mobile and desktop devices, and provides suggestions on how that page may be improved.

Web.Dev – Test your pages in a lab environment then get tips and recommendations to improve your user experience.

SEO SiteCheckup Supercharged analysis & monitoring tool for SEO (Search Engine Optimization).

IPv6 Test – Checks your IPv6 and IPv4 connectivity and speed but can also test if your website (DNS and Host) is “IPv6 Ready”.

Security Header – Check the security header of a website.

Tor Browser – Encryptation browser that used relays and proxies all over the world to protect the privacy of the users.

Tails Linux – Linux distribution designed to forget everything during the shutdown.

Kali Linux – Linux distribution designed to test the security of networks and systems.

Parrot OS – A lightweight but as powerful as Kali offensive distribution.

Pentest.WS – A collaborative interface to work with NMAP scans and Inventory + Vulnerabilities. Good tool for a Team CTF.

The PenTesters Framework – No matter the distribution, PTF is a toolset to easily install and keep all the most popular pentesting applications up-to-date all of the time.

CrackStation – Free web password hash cracker and passwords list file to download called RealUniq with over 1.4 Bi entries.

TunnelsUp – a source of cybersecurity information and tools, including a web hash analyzer [Link].

SecLists – a collection of multiple types of lists (passwords list for example) used during security assessments, collected in one place.

Project RainbowCrack – a source of rainbow passwords list. The huge list of passwords had already been cracked and it is just a matter of crosscheck the hashes.

1.4 Billion Text Credentials Analysis (NLP) – Also available to download via Torrent.

BYOB – Framework to build create command and control zombie bots (use only for educational purposes).

Eschalot – It is a tool to create a secure address for your service using .onion domain in Tor network.

Onion.ly – Tor2Web Proxy (try *****.onion.ly).

Sn1per – Automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Also able to run in a docker [Link].

Nessus – Powerful Professional Scanner.

DVWA – Damn Vulnerable Web App is a PHP/MySQL web application that is damn vulnerable. Also available for docker [Link].

IronWASP – An open-source tool used for web application vulnerability testing, crawling, and more.

ReconNess – It helps to run and keep all your reconnaissance in the same place focusing on the potentially vulnerable targets.

Osmedeus – A collection of awesome tools for reconnaissance and vulnerability scanning against the target.

Netcat – Tool for tunneling connection (transfer files, remote shell, etc).

CVE Details – Security Vulnerability Database.

Hunter – Information Gathering Pool for OSINT.

Metasploit Unleashed – Metasploit documentation manual.

Metasploitable – intentionally vulnerable target machine for exploiting exercises.

Veil-Evasion – Pentest Framework.

MSFvenom – A combination of Msfpayload and Msfencode in one Framework.

Armitage – Free graphic interface for MSF.

Cobalt Strike – Licenced graphic interface for MSF.

Empire – A Windows and macOS post-exploitation framework that includes a pure-PowerShell2.0 Windows agent, and a pure Python 2.6/2.7 Linux/OS X agent.

Jok3r – It is a framework that aids penetration testers for network infrastructure and web security assessments.

Exploit Database – An archive of public exploits and corresponding vulnerable software.

HackTheBox – Online platform allowing you to test your penetration testing skills.

VulnHub – Exercise hundred of virtual machines with laboratory exercised already set up for vulnerability/penetration testing.

Command Challenge – Exercise commands and learn how to solve issues in CLI.

picoCFT – Where you can compete or exercise using picoGym: a noncompetitive practice space to explore and solve challenges from previously released picoCTF competitions.

DEFT Linux – DEFT (Digital Evidence & Forensic Toolkit) is a Ubuntu-based Live distribution dedicated to incident response and computer forensics.

python-cim – Forensics to for analysing WMI (events log).

Cloudflare – It is a free CDN (Content Delivery Network) and Web App Firewall that uses a network of proxies and offers optimization features such as caching, code optimization, and more.

OWASP Broken Web Application Project – It is a collection of vulnerable web applications that is distributed on a Virtual Machine in VMware format.

OWASP Web Goat – It allows developers to test vulnerabilities commonly found in Java-based applications that use common and popular open-source components.

OWASP Juice Shop – Contains encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications.

JSON Web Token and JWT – Encodes and Decodes JSON Web Tokens.

Wappalyzer – It is a technology profiler that shows you what websites are built with.

Dan’s Tools – Epoch & Unix Timestamp Conversion Tools. See also the other tools for convert, encode/decode, format…

CyberChef – On-line encrypt decrypt tool.

Outline VPN – It is an open-source that runs on a docker and was created by Google and other partners.

Shodan – Is a search engine for Internet-connected devices. Great OSINT source of available ports and what may be available in there. Also available on Kali CLI.

Censys – Internet scanner similar to Shodan but more focused on a specific address than random searches.

Spyse – Good database of port scans with fingerprints that may reveal OS and application versions.

Security Trails – One more database of port scans and domains information.

IntelligenceX – OSINT tool capable of retrieving information about data breaches, bitcoin addresses, domain information and more.

Payloads All The Things – Huge collection of payloads of all types. Not only the list of payloads but a lot of instruction and exercises.

SQL Injection Payload List – Collection and instructions of usages.

XXE Injection Payloads List – Collection and instructions of usage.

XSS Payloads – Collection of XSS payloads.

SSL Server Test – Free web service to evaluate the SSL/TLS configuration of your webserver.

ONDMARC – Check the configuration of SPF and DKIM of a mail server.

ProtonMail – Encrypted and anonymous email provider.

Tutanota – Encrypted and anonymous email provider.

PrivacyTools.io – Provides services, tools, and knowledge to protect your privacy against global mass surveillance.

JustDeleteMe.xyz – A directory of direct links to delete your account from web services.

BuiltWith – Free web service to analyse what frame work a website is of. Alternatively, check the browser extension called Wappalyzer [Link].

Transfer.sh – A CLI tool for uploading and downloading files to their free file sharing.

Static-Binaries – Contains a list of single executable files for performing multiple tasks (e.g. nmap, netcat…) with no installation needed.