Rawsec's CyberSecurity Inventory

An inventory of tools and resources about CyberSecurity.

Resources

Note: Paid resources may exist in a free limited version or a demo version

Bug bounty, pentest and disclosure platforms

Name Link Description Price
AVORD [Website] UK penetration testing platform Free
AntiHACK [Website] Singapore bug bounty platform Free
Bounty Factory [Website] European bug bounty platform based on the legislation and rules in force in european countries, by YesWeHack Free
BugBounty.jp [Website] Japan bug bounty platform Free
Bugcrowd [Website] Bug bounty platform Free
CESPPA [Website] Bug bounty platform Free
Cobalt.io [Website] Pentest as a Service platform, registrant will be a cobalt.io employee (take care to obligation of loyalty if you already have a job) Free
FEDERACY [Website] Pentest as a Service & bug bounty platform Free
FireBounty [Website] Bug bounty program aggregator Free
HackenProof [Website] Bug bounty platform Free
HackerOne [Website] Bug bounty platform Free
HackTrophy [Website] Bug bounty platform Free
huntr [Website] A bug bounty board for securing open-source code. Free
Intigriti [Website] Bug bounty platform Free
Open Bug Bounty [Website] Non-profit bug bounty platform Free
Plugbounty [Website] Bug bounty platform for plugins, themes, extensions, libraries Free
SSD Secure Disclosure [Website] Rewarded responsible disclosure service Free
SynAck Red Team [Website] Pentest as a Service platform, registrant will be a SynAck employee (take care to obligation of loyalty if you already have a job) Free
Yogosha [Website] Bug bounty platform Free
Zero Day Initiative [Website] Rewarded responsible disclosure service Free
Zerocopter [Website] Invite-only and closed bug bounty platform Free
ZeroDisclo.com [Website] Coordinated disclosure platform by YesWeHack Free

Challenges platforms

Name Link Description Price
ae27ff [Website] Challenge platform Free
Backdoor [Website] Practice area with some past CTF challenges Free
Begin.re [Website] Binary reverse guided challenges for beginners Free
CanYouHack.It [Website] Challenge platform Free
Challenge Land [Website] Challenge platform Free
Cryptopals [Website] Crypto challenges platform Free
CTFLearn [Website] Challenge platform Free
Electrica [Website] Programming, cryptography challenges Free
EnigmaGroup [Website] Challenge platform Free
Exploit Education [Website] Exercises and resources about vulnerability analysis, exploit development, software debugging, binary analysis, and general cyber security issues Free
Exploit Exercises [Website] VMs, documentation and challenges Free
Gekkó [Website] Challenge platform Free
Graker [Website] Binary challenges having a slow learning curve, and write-ups for each level (SSH connection) Free
Hack The Box [Website] Challenge platform Free
Hack This Site [Website] Challenge platform and community Free
HackBBS [Website] Challenge platform and community Free
HackCenter [Website] Private challenge platforms Free
Hacker Gateway [Website] Challenge platform Free
Hacker.org [Website] Challenge platform Free
Hacking Lab [Website] Challenge platform with teachers and solutions Free
HackThis!! [Website] Challenge platform Free
ImmersiveLabs [Website] Story-driven exercises and practical, gamified labs Paid
IO [Website] Binary challenges (SSH connection) Free
LOST-Chall [Website] Challenge platform Free
Mod-X [Website] Challenge platforms through a fictional game Free
Net-Force [Website] Challenge platform Free
NCP [Website] NICE Challenge Project by the NIST and the NSA (for American students only) Free
Over The Wire [Website][Source] Challenge platform Free
OWASP Juice Shop [Website][Source] Online demo instance of the OWASP Juice Shop Free
PentesterLab [Website] Pentest lab Paid
Practical Pentest Labs [Website] Pentest lab Paid
Pwnable.kr [Website] Pwn challenges Free
pwnable.tw [Website] Pwn challenges Free
PwnerRank [Website] Challenge platform Free
Rankk [Website] Programming, cryptography challenges Free
RedTigers Hackit [Website] PHP / SQL challenge platform Free
Reversing.Kr [Website] Cracking and Reverse Code Engineering challenge platform Free
Revolution Elite [Website] Math and programming challenges Free
Ringzer0Team [Website] Challenge platform Free
Root-me [Website] Challenge platform Free
RoseCode [Website] Challenge platform Free
Security Traps [Website] Challenge platform Free
SmashTheStack [Website] Mostly binary challenges Free
Solve Me [Website] Challenge platform Free
SPOJ [Website] Programming challenges Free
Stereotyped Challenges [Website] Web challenges Free
Tasteless [Website] Challenge platform Free
TheBlackSheep [Website] Challenge platform Free
ThisisLegal.com [Website] Challenge platform Free
TryHackMe [Website] Challenge platform with deployable machines; there are also tutorials and courses Free
TryThis0ne [Website] Challenge platform Free
Valhalla [Website] Challenge platform and community Free
Virtual Hacking Labs [Website] Virtual penetration testing environment with courses and VMs Paid
VulnHub [Website] VM-based challenges Free
WebHacking [Website] Web challenges Free
W3Challs [Website] Challenge platform Free
WeChall [Website] Challenge platform Free
wixxerd [Website] Challenge platform Free
WTHack [Website] Challenge platform Free
yoire [Website] Challenge platform Free
Zenk-security [Website] Challenge platform and community Free
ZSIS CTF [Website] Challenge platform Free
µContest [Website] Programming challenges Free

CVE

Name Link Description Price
Archlinux security issues [Website] CVE affecting Archlinux Free
CVE Details [Website] Advanced CVE datasource Free
Debian security issues [Website] CVE affecting Debian Free
Mitre [Website] CVE datasource standard Free
NVD [Website] CVE datasource Free
Red Hat security issues [Website] CVE affecting Red Hat Free
Saucs [Website] Customizable CVE dashboard, track vulnerabilities that concern you Free
SUSE security issues [Website] CVE affecting SUSE Free
Ubuntu security issues [Website] CVE affecting Ubuntu Free
VULDB [Website] Community-driven vulnerability database Free
VulnIQ [Website] Vulnerability database with CVE, OVAL, CWE, CAPEC, etc. Free

Events

Information, News, Blog

Name Language Link Description Price
hackndo French [Website] Blog about pentesting Free
KitPloit English [Website] Tools presentation and announcement Free
Latest Hacking News English [Website] Cybersecurity news, tools presentation and announcement Free
Offensive OSINT English [Website] OSINT articles from an offensive perspective Free
Pentest Blog English [Website] Blog targeting pentesters: security advisories, OS, appsec, network, tools, articles Free
Security List Network English [Website] Tools presentation and announcement Free

Knowledge and tools

Name Link Description Price
bounty-targets-data [Source] Hourly-updated data dumps of bug bounty platform scopes that are eligible for reports Free
Bug Bounty Guide [Website][Source] Launchpad for bug bounty programs and bug bounty hunters Free
Bug Bounty Reference [Source] A list of bug bounty write-up that is categorized by the bug nature Free
ctf-tools [Source] Setup scripts for security tools Free
DefaultPassword [Website] Default passwords for many devices and services Free
Forensics Wiki [Website] Forensics tips and tools Free
GHDB [Website] Google Hacking Database; Collection of google dorks Free
Guifre [Website] Security, system and network cheatsheets Free
GTFOBins [Website][Source] Curated list/cheatsheet of Unix binaries that can be exploited by an attacker to bypass local security restrictions, obtain shells, read files Free
Hack Tricks [Website] Guide and cheatsheet for pentesting: shell, linux exploitation, windows exploitation, mobile app pentesting, network pentesting, web pentesting, binary exploit, forensics, crypto, backdoor, etc. Free
HTML5 Security Cheatsheet [Website] XSS vector making use of HTML5, HTML4, CSS, DOM, UFT7, SVG, JSON, etc ... Free
LOLBAS [Website][Source] Living Off The Land Binaries and Scripts; Curated list/cheatsheet of Windows binaries that can be exploited by an attacker to bypass local security restrictions, obtain shells, read files Free
Malware Traffic Analysis [Website] Malware traffic analysis blog and pastebin posts with pcap and malware samples attached; traffic analysis exercises Free
MD5 maxmin record [Website] Collection of various extremes of MD5 hashes Free
MDN - Event reference [Website] DOM Events reference, useful for XSS Free
PayloadsAllTheThings [Source] A list of useful payloads and bypass for Web Application Security and Pentest/CTF Free
Portswigger - XSS cheat sheet [Website] XSS cheat sheet containing many vectors that can help bypassing WAFs and filters Free
Privacy Tools [Website][Source] Website that provides knowledge and tools to protect your privacy against global mass surveillance Free
PTES [Website] The penetration testing execution standard covers all steps related to a penetration test Free
Red Teaming Tactics and Techniques [Website][Source] Exploring Red Teaming tactics and techniques, some of the common offensive security techniques involving gaining code execution, lateral movement, persistence and more Free
RubyFu [Website][Source] Offensive Ruby book Free
SecLists [Source] Collection of multiple types of lists used during security assessments, collected in one place; include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, etc. Free
Security Certification Roadmap [Website] Map referencing all security certifications existing in several categories: Implementation, Architecture, Management, Analysis, Defensive Operations, Offensive Operations Free
SSL Checklist for Pentesters (Explore Security) [Website] List of SSL/TLS checks that can be performed manually with OpenSSL or a web browser Free
StegOnline checklist [Website][Source] CTF Image Steganography Checklist Free
The Bug Hunter's Methodology [Source] A collection of tips, tricks, tools, analysis and notes related to web application security assessments and more specifically towards bug hunting in bug bounties Free
Vergilius [Website] A collection of Microsoft Windows kernel structures, unions and enumerations; most of them are not officially documented and cannot be found in Windows Driver Kit (WDK) headers Free
VRT [Website][Source] Bugcrowd Vulnerability Rating Taxonomy (VRT) provides a baseline vulnerability priority scale for bug hunters and organizations Free
XSS Payloads [Website] Provides advanced XSS payload, tools and documentation about XSS Free

National security agencies and services

Name Country Link Description
ANSSI France [Website] Agence Nationale de la Sécurité des Systèmes d'Information, French service responsible for computer security
ASD Australia [Website] Australian Signals Directorate, Australian service responsible for computer security
CCB Belgium [Website] Centre for Cyber Security Belgium, Belgium service responsible for computer security
CNSS United States of America [Website] Committee on National Security Systems, USA intergovernmental organization for the security of the USA security systems
CSE/CST Canada [Website] Communications Security Establishment/Centre de la sécurité des télécommunications, Canadian service responsible for computer security
ENISA [Website] European Network and Information Security Agency, European Union service responsible for computer security
NCSC Great Britain [Website] National Cyber Security Center, United Kingdom service responsible for computer security
NIST United States of America [Website] National Institute of Standards and Technology, Metrology laboratory and non-regulatory agency of the USA Department of Commerce
NSA United States of America [Website] National Security Agency, United States of America service responsible for computer security

Non english

Name Language Link Description Price
Bamboofox Chinese [Website] CTF guide Free
ctfs.me Indonesian [Website] Challenges platform, challenges are in english Free
elhacker.net Spanish [Website] Challenges platform Free
Flu-Project Spanish [Website] Challenge platform, guides and news Free
Hack Players Spanish [Website] Challenge platform, guides and news Free
Hacking-Challenges German [Website] Challenges platform Free
Happy-Security German [Website] Challenges platform Free
MIPT CTF Russian [Source] CTF guide Free
NewbieContest French [Website] Challenge platform Free
NOE Korean [Website] Challenge platform Free
SuNiNaTaS Korean [Website] Challenge platform Free
TDHack Polish [Website] Challenge platform Free
World of Wargame Spanish [Website] Challenge platform Free
XCTF Agenda Chinese [Website] World CTF agenda Free
Yashira Spanish [Website] Challenge platform Free

Trainings and courses

Name Link Description Price
Bugcrowd University [Website][Source] Modules with slides, videos and sometimes labs to learn web security, by Bugcrowd Free
Cybrary [Website] Cyber Security learning, training and certification Paid
Hacker101 [Website][Source] Class for web security targeting bug bounty hunters and security professionals, with video lessons and a CTF platform, by HackerOne Free
PentestAcademy [Website] Cyber Security training with an online lab Paid
Portswigger Web Security Academy [Website] Web Security training with an online lab Free
SANS [Website] Escal Institute of Advanced Technologies provides courses, certifications and learning materials Paid

Tutorials

Name Link Description Price
CTF Field Guide [Website][Source] CTF guide Free
CTF Resources [Website][Source] CTF guide Free
Infosec Institute - What a Challenger Perceives in most CTF Categories/Challenges [Website] Questions a challenger can ask himself during a CTF, classed by category Free
ISIS Lab Wiki [Website] CTF guide Free
Endgame - How to Get Started in CTF [Website] Tutorial for CTF beginners Free
NIZKCTF tutorial [Source] Tutorial to set up NIZKCTF Free
Xapax IT-Security Notebook [Website][Source] Overview guide for all kind of pentesting Free

Writeups collections and challenges source