도구
보안 도구, 리소스 & 레퍼런스 큐레이션.
⚙️General
🔧Helpers
Online Compiler
Run code online in multiple languages
Quick Ref
Quick reference cheat sheets for developers
ListDiff
Compare and diff two lists online
ExplainShell
Break down complex shell commands visually
CIDR Calculator
Calculate IP address ranges and subnets
Tool VG
Multi-purpose online security toolkit
De4js
JavaScript deobfuscator and beautifier
🌐Availability
🔍Lookup
IP Info
IP geolocation and network details
BGP HE
BGP routing data from Hurricane Electric
BGP View
Explore BGP routing and ASN information
BGP Tools
Real-time BGP network monitoring
RA DB
RADB routing registry query tool
NetworksDB
Database of IP ranges and ASN data
DNSlytics
DNS, IP, and domain intelligence
ViewDNS
DNS and IP lookup toolkit
DNS Checker
Global DNS propagation checker
MX Toolbox
Email deliverability and DNS diagnostics
Netcraft
Website technology fingerprinting
Domaintools
WHOIS and domain intelligence lookup
🔐Encryption & Hashing
🔭Reconnaissance
🕵️Dorkers
🌐Attack Surface
Shodan
Search engine for Internet-connected devices
Fofa
Cyberspace search engine for assets
Zoomeye
Cyberspace mapping and search engine
Censys
Internet-wide scanning and host discovery
Fullhunt
Attack surface management platform
Binary Edge
Internet scanning and threat intelligence
DNS Dumpster
DNS recon and host discovery tool
Security Trails
DNS and domain intelligence platform
OSINTSH
All-in-one OSINT tools collection
Buckets GHW
Search exposed cloud storage buckets
Wigle
Wireless network mapping database
📜Certificates
📦Archives
🚨Threat Detection
🔴Reputation
🧠Threat Intelligence
Hunting Abuse CH
Threat hunting with abuse.ch data
Alien Vault OTX
Open threat intelligence community
IBM X-Force
IBM threat intelligence sharing platform
Cisco Talos
Cisco threat intelligence and research
GreyNoise
Understand internet background noise
ODIN
Search engine for threat intelligence
ThreatBook
Threat intelligence analysis platform
Maltiverse
IoC search and threat intelligence
OpSecFailure
OPSEC failure case studies
TrailDiscover
CloudTrail event reference
Detection.FYI
Community-driven detection rules
ThreatMiner
Threat intelligence data mining
🔬Scanners
Virus Total
Multi-engine file and URL scanner
Sucuri
Free website malware scanner
Meta Defender
Multi-scanning threat detection
Intezer
Malware analysis with code reuse detection
Filescan IO
Dynamic malware analysis platform
Polyswarm
Decentralized threat detection marketplace
Jotti
Free multi-engine online virus scanner
🪤Canaries
⚠️Vulnerability
🐛CVE
🗄️Vulnerability Databases
📋Advisories
Microsoft MSRC
Microsoft security update guide
Cisco Advisories
Cisco security advisory publications
Red Hat Security
Red Hat security errata and updates
Google Project Zero
Google zero-day vulnerability research
Trend Micro ZDI
Zero Day Initiative advisories
GitHub Advisories
GitHub security advisories database
💥Exploitation
🎯Exploits
PentestBook
Comprehensive pentesting methodology book
HackTricks
Pentesting tricks and methodology wiki
HackTricks Cloud
Cloud security pentesting wiki
Exploit DB
Public exploits and PoC archive
Packet Storm
Security tools, exploits, and advisories
Rapid7 Modules
Metasploit exploit module database
Metasploit
World's most used penetration testing framework
0day Today
Exploit and vulnerability database
Exploit Notes
Pentesting notes and cheatsheets
PwnWiki
Post-exploitation wiki and techniques
🏚️Living Off The Land
LOLBAS
Windows binaries for living-off-the-land
GTFOBins
Unix binaries for privilege escalation
LOLDrivers
Vulnerable and malicious drivers list
LOTP
Living off the pipeline techniques
LOLAD
Living off the Active Directory
LOLESXi
Living off the ESXi techniques
LOTTunnels
Living off the tunnel techniques
LoFP
Living off false positives database
💣Payloads
☣️Malware
📚Malware Information
Malpedia
Malware encyclopaedia and reference
VX-underground
Largest malware source code collection
Malware Traffic
Malware traffic analysis exercises
MalAPI
Windows API calls used by malware
HijackLibs
DLL hijacking vulnerability database
WTFBins
Suspicious and malicious binaries database
Feodo Tracker
Botnet C&C server tracker
🧪Sandboxes
🐀RATs
🌐Internet
🗺️Live Maps
📋IANA
📄RFC
📚Learning
🧪Practice Labs
CyberDefenders
Blue team CTF challenges
LetsDefend
SOC analyst training platform
Blue Team Labs
Blue team investigation challenges
Hack The Box
Hands-on cybersecurity training labs
TryHackMe
Learn cybersecurity through guided rooms
pwn.college
Learn binary exploitation from scratch
PentesterLab
Web penetration testing exercises
VulnHub
Vulnerable-by-design VM downloads
CTFtime
CTF event calendar and team rankings
OverTheWire
War games for learning security
Root-Me
Hacking and security challenges
PortSwigger Academy
Free web security training labs
Hacker101 CTF
HackerOne CTF challenges
OWASP Vuln Apps
Deliberately vulnerable web applications
📖Learning Resources
TCM Academy
Practical cybersecurity courses
Cybrary
Free cybersecurity training platform
AttackIQ Academy
MITRE ATT&CK training courses
EC-Council CodeRed
EC-Council cybersecurity courses
Open Security Training
Free security training materials
OST2
Advanced cybersecurity training
Learn X in Y
Quick language reference guides
OSCP Guide
Comprehensive OSCP preparation guide
IPPSEC Rocks
Search IppSec HTB video walkthroughs
OWASP WSTG
Web Security Testing Guide
Cert Roadmap
Security certification roadmap
🐛Bug Bounty Resources
Beginner BB Resources
Bug bounty resources for beginners
BB Forum
Bug bounty community forum
HowToHunt
Bug hunting methodology collection
All About BB
Comprehensive bug bounty reference
BB Cheat Sheet
Bug bounty hunting cheat sheet
Awesome BB Writeups
Curated bug bounty writeup collection
H1 Reports Archive
HackerOne disclosed report archive
📰News Portals
TheHackerNews
Cybersecurity news and analysis
CybersecurityNews
Latest cybersecurity news updates
GBHackers
Hacking and security news
SecurityWeek
Enterprise security news
Wired Security
Security news and investigations
DarkReading
IT security news and research
BleepingComputer
Technology and security news
Krebs on Security
Investigative security journalism
The Record
Cybersecurity news by Recorded Future
👾Bug Bounty
🏹Platforms
BBRadar
Bug bounty program aggregator
HackerOne
Leading bug bounty platform
Bugcrowd
Crowdsourced security testing
Intigriti
European bug bounty platform
YesWeHack
Global bug bounty platform
FireBounty
Bug bounty program search engine
Zero Day Initiative
Vendor-agnostic vulnerability research
Synack
Elite security testing platform
HackenProof
Web3 and crypto bug bounties
Code4rena
Smart contract audit competitions
🤖Automation
🌍Subdomain Enumeration
Sublist3r
Fast subdomain enumeration tool
Amass
OWASP network mapping and enumeration
subfinder
Fast passive subdomain discovery
massdns
High-performance DNS stub resolver
Findomain
Cross-platform subdomain enumerator
shuffledns
MassDNS wrapper for active bruteforcing
puredns
Fast and accurate DNS bruteforcing
dnsx
Fast multi-purpose DNS toolkit
assetfinder
Find domains and subdomains quickly
VHostScan
Virtual host scanner and discovery