Metasploit – The world’s most used penetration testing framework. Find security issues, verify vulnerability mitigations & manage security assessments.
Nessus – vulnerability scanner.
Kali Linux – an industry standard penetration testing distribution & framework. It’s fully customizable and utilizes LUKS full-disk encryption.
Parrot OS – a full portable laboratory for all kinds of cyber security operations.
Kali Linux Nethunter – Open Source Android penetration testing platform.
OpenVAS – Open Vulnerability Assessment Scanner.
REMnux – is a Linux toolkit for reverse-engineering and analyzing malicious software.
Port scanners
Port scanners are essentials tolls for maintaining and testing server security.
Nmap – Network Mapper is a free and open source utility for network discovery and security auditing.
Unicornscan -offers asynchronous TCP and UDP scanning capabilities and non-common network discovery patterns.
Angry IP Scanner – super fast, scans local networks as well as Internet.
Intrusion detection systems (IDS/IPS)
Intrusion detection / prevention systems provide valuable information about potential attack vectors, which is essential when proactively identifying threats, setting up defenses and responding to incidents.
Snort – uses rules that help define malicious network activity.
OSSEC – world’s most popular free and open source host-based intrusion detection system.
Suricata – free and open source, mature, fast and robust network threat detection engine.
Cowrie – SSH and Telnet honeypot designed to log brute force attacks and the shell interaction.
Logwatch – not IDS, but absolutely useful for the purpose. It parses through system’s logs and creates a report.
Fail2ban – scans log files and bans IPs that show the malicious signs such as too many password failures, seeking for exploits etc.
Exploit databases
Google Hacking Database – exploit database by Offensive Security.
Build your lab
Vulnhub.com – virtual machines for security lab.
AutoRecon – multi-threaded network reconnaissance tool .
GOWAPT – Web Application Penetration Test.
Train your pen skills
Nets.ec – Information about shellcode, countermeasures, administration, exploitation and programming.
OpenSecurityTraining.info – training material for computer security classes.
Metasploit unleashed – the most complete and in-depth Metasploit guide available.
Pentest-standard.org – the penetration testing execution standard.
SWEET – secure web development teaching.
Securitytube – over the shoulder security training videos.
Hack.me – build, host and share vulnerable web application code for educational and research purposes.
Falconspy.medium.com – valuable reading you are preparing for OSCP.
Test your hacking skills
Virtualhackinglabs.com – commercial online penetration testing lab.
Hackthebox.eu – test your penetration testing skills.
For rainy days
Cmdchallenge.com – test your command line skills.
Root-me.org – train your hacking skills.
Defendtheweb.net – community and articles.
ChaosVPN – VPN to connect Hackers and Hackerspaces.
PenTestIt – Cyberattack world map.
Dangerous websites lists / feeds / databases
https://bitbucket.org/threatshub/th-dfbase/raw/master/data/malware/ThreatsHub_Malicious_DataFeed
zonefiles.io/compromised-domain-list/
github.com/firehol/blocklist-ipsets
https://github.com/stamparm/ipsum
Pen testing news feed
[ccpw id=”511″]