Security Tools

Learning

• Damn Vulnerable Web App, DVWA: The aim of DVWA is to practice some of the most common web vulnerabilities, with various levels of difficulty, with a simple straightforward interface.

Scanners

• Trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
• nmap - utility for network discovery and security auditing

Pentesting

• mitmproxy - An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers
• responder - a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication
• gobuster - Directory/File, DNS and VHost busting tool written in Go
• john the ripper - password security auditing and password recovery tool
• ffuf - Fast web fuzzer written in Go
• p0wny-shell - Single-file PHP shell
• Impacket - a collection of Python classes for working with network protocols
• burpsuite - An integrated platform for performing security testing of web applications
• sqlmap - Automatic SQL injection and database takeover tool
• s3scanner - Scan for open S3 buckets and dump the contents

Miscellaneous

• Snuffy - a simple command line tool to inspect SSL/TLS connections

Other Collections

• Awesome Hacking - A collection of awesome lists for hackers, pentesters & security researchers

VPN

• Wireguard