-
Notifications
You must be signed in to change notification settings - Fork 6
Tools and Resources
Carter Perez edited this page Dec 9, 2025
·
1 revision
Curated collection of cybersecurity tools, learning platforms, and resources.
| Tool | Description | Link |
|---|---|---|
| Nmap | Network mapper and port scanner | nmap.org |
| Nessus | Vulnerability scanner | tenable.com |
| Amass | Subdomain enumeration | GitHub |
| theHarvester | Information gathering | GitHub |
| Shodan | Internet search engine | shodan.io |
| Recon-ng | Web reconnaissance framework | GitHub |
| Tool | Description | Link |
|---|---|---|
| Burp Suite | Web vulnerability scanner | portswigger.net |
| OWASP ZAP | Web app security scanner | zaproxy.org |
| SQLmap | SQL injection testing | sqlmap.org |
| Gobuster | Directory/DNS brute forcing | GitHub |
| Nuclei | Template-based scanning | GitHub |
| Nikto | Web server scanner | GitHub |
| Tool | Description | Link |
|---|---|---|
| Wireshark | Network protocol analyzer | wireshark.org |
| Bettercap | Network attack framework | GitHub |
| Aircrack-ng | Wireless network auditing | aircrack-ng.org |
| Responder | LLMNR/NBT-NS poisoner | GitHub |
| mitmproxy | HTTP/HTTPS proxy | GitHub |
| Tool | Description | Link |
|---|---|---|
| Metasploit | Penetration testing framework | metasploit.com |
| Hydra | Password cracking | GitHub |
| CrackMapExec | Post-exploitation framework | GitHub |
| Mimikatz | Credential extraction | GitHub |
| Empire | PowerShell post-exploitation | GitHub |
| BloodHound | Active Directory analysis | GitHub |
| Tool | Description | Link |
|---|---|---|
| John the Ripper | Password cracker | openwall.com |
| Hashcat | GPU-accelerated hash cracking | hashcat.net |
| Ghidra | Reverse engineering | ghidra-sre.org |
| Radare2 | Binary analysis framework | GitHub |
| Tool | Description | Link |
|---|---|---|
| Volatility | Memory forensics | volatilityfoundation.org |
| Cuckoo Sandbox | Malware analysis sandbox | cuckoosandbox.org |
| YARA | Pattern matching for malware | GitHub |
| Tool | Description | Link |
|---|---|---|
| Suricata | Network IDS/IPS | suricata.io |
| OSSEC | Host-based IDS | ossec.net |
| Snyk | Dependency vulnerability scanner | snyk.io |
| Semgrep | Static analysis | semgrep.dev |
| Platform | Focus | Cost |
|---|---|---|
| TryHackMe | Beginner-friendly challenges | Free + Premium |
| Hack The Box | Penetration testing labs | Free + Premium |
| HackTheBox Academy | Structured learning paths | Paid |
| PentesterLab | Web security | Paid |
| VulnHub | Vulnerable VMs | Free |
| Platform | Focus | Cost |
|---|---|---|
| Cybrary | General cybersecurity | Free + Premium |
| INE | Security specialization | Paid |
| Pluralsight | Tech skill development | Paid |
| CBT Nuggets | Certification prep | Paid |
| Udemy | Various instructors | Paid (sales) |
| Resource | Description |
|---|---|
| Professor Messer | CompTIA video courses |
| SANS Cyber Aces | Free tutorials |
| freeCodeCamp | Comprehensive courses |
| Coursera | University courses (audit free) |
| Channel | Focus |
|---|---|
| Professor Messer | CompTIA certification prep |
| NetworkChuck | Networking & security |
| John Hammond | Hacking & CTFs |
| The Cyber Mentor | Ethical hacking |
| LiveOverflow | CTF & binary exploitation |
| David Bombal | Cisco & networking |
| HackerSploit | Ethical hacking tutorials |
| IppSec | HTB walkthroughs |
| Channel | Content |
|---|---|
| DEFCONConference | DEFCON talks |
| BlackHat | BlackHat presentations |
| SecurityWeekly | Security news & updates |
| Framework | Purpose |
|---|---|
| Cybersecurity Framework | Risk management |
| 800-53 | Security controls |
| 800-61 | Incident handling |
| 800-207 | Zero Trust |
| Framework | Focus |
|---|---|
| MITRE ATT&CK | Adversary tactics & techniques |
| OWASP Top 10 | Web application risks |
| CIS Controls | Critical security controls |
| ISO 27001 | Information security management |
| Standard | Industry |
|---|---|
| PCI-DSS | Payment cards |
| HIPAA | Healthcare |
| GDPR | EU data protection |
| SOC 2 | Service organizations |
| Subreddit | Focus |
|---|---|
| r/cybersecurity | General discussion |
| r/netsec | Network security news |
| r/AskNetsec | Q&A |
| r/CompTIA | Certification discussion |
| r/oscp | OSCP preparation |
| r/BlueTeamSec | Defensive security |
| r/RedTeam | Offensive security |
| r/malware | Malware analysis |
| Source | Type |
|---|---|
| Krebs on Security | Investigative journalism |
| Dark Reading | Industry news |
| The Hacker News | Breaking news |
| Bleeping Computer | News & tutorials |
| Schneier on Security | Expert analysis |
| SANS ISC | Threat intelligence |
| Resource | Content |
|---|---|
| Exploit-DB | Exploits & vulnerabilities |
| CVE | Vulnerability identifiers |
| NVD | Vulnerability database |
| VirusTotal | File/URL analysis |
| AbuseIPDB | IP reputation |
| AlienVault OTX | Threat intelligence |
See the main README for complete resource lists.
©AngelaMos | CertGames.com | CarterPerez-dev | 2025
Progress: 3/60