This repository contains a list of links to different web tools useful for cybersecurity, it is organized by categories for greater accessibility.
📋Table of Contents
🛡️Blue Team
🔍URL Scanning
🔎IP Scanning
📝File Scanning
📦Sandboxing
🔐Password Scanning
🛡️Vulnerability Management Tools
🦠Malware Samples
[📧Email Protection](https://github.com/JPablo13/Cybersecurity-Web-Tools#email-protection)
🌐Web Security
🐍Red Team
🎯Web Enumeration and Reconnaissance
📚Knowledge Bases & Cheatsheets
🧩Data Analysis and Transformation Tools
🔑Token & Auth Analysis Tools
🔐Web Security Configuration
💥Exploits and Vulnerabilities
—
🛡️Blue Team
🔍URL Scanning
VirusTotal: Scans URLs and files for viruses and other threats using multiple antivirus engines.
Talos Intelligence: Offers information about online threats, including URL reputation.
URLVoid: Checks if a URL has been reported as malicious by various sources.
Urlscan.io: Analyzes websites to detect malicious content, such as malware or phishing.
Google Safe Browsing Site Status: Allows you to check if a website has been marked as unsafe by Google.
🔎IP Scanning
AbuseIPDB: Collects reports of abusive IP addresses, such as those that send spam or perform attacks.
IPVoid: Provides information about the reputation of an IP address, even if it is reported as malicious.
Hurricane Electric: Offers tools to analyze IP address routing information.
DNSlytics: Analyzes DNS records to obtain information about the infrastructure of a domain or IP address.
📝File Scanning
Triage: Analyzes files in an isolated environment (sandbox) to detect malicious behavior.
Filescan.io: Scans files for malware using multiple antivirus engines.
MetaDefender: Analyzes files with multiple antivirus engines and threat detection technologies.
Kaspersky Threat Intelligence: Offers information about threats and malware, including file analysis.
Hybrid Analysis: Analyzes files in a sandbox environment and provides detailed reports on their behavior.
TinEye: Reverse image search engine, useful for detecting unauthorized use of images.
📦Sandboxing
Any.run: Allows you to run files and analyze their behavior in an interactive virtual environment.
Joe Sandbox: Analyzes files and URLs in a sandbox environment and generates detailed reports.
🔐Password Scanning
Have I Been Pwned: Checks if a password or email address has been compromised in a data breach.
Password checker Kaspersky: Checks the strength of a password and if it has been compromised.
Dehashed: Search engine for leaked data, helps verify the exposure of sensitive information.
🛡️Vulnerability Management Tools
VulnCheck Tools: Fast CVE lookups and exploit data.
CVE Details: Comprehensive CVE database with vendor/product filters.
NVD – National Vulnerability Database: Official U.S. government source for CVEs and severity metrics.
Vulners: Aggregated vulnerability intelligence and exploit database.
🦠Malware Samples
MalwareBazaar: Repository of malware samples for analysis.
ThreatFox: Platform for sharing threat indicators, including malware samples.
📧Email Protection
10MinuteMail: Provides temporary email addresses to protect privacy.
Spamhaus: Offers spam block lists and other tools to combat unwanted email.
🌐Web Security
EFF (Electronic Frontier Foundation): Organization that defends digital rights and online privacy.
BrowserLeaks: Website that shows the information that websites can collect about your browser.
—
🐍Red Team
🎯Web Enumeration and Reconnaissance
Subdomain Finder: Enumerates the public subdomains of a target domain.
Shodan: Search engine for devices and services connected to the internet.
Censys Search: Provides detailed information on certificates, open ports, and exposed services.
BuiltWith: Discovers the technologies behind a specific website.
GTFOBins: Provides privilege escalation and binary abuse techniques on Unix/Linux systems.
📚Knowledge Bases & Cheatsheets
GTFOBins: Provides privilege escalation and binary abuse techniques on Unix/Linux systems.
LOLBAS: Catalog of legitimate Windows binaries that can be abused for offensive purposes.
HackTricks: Practical knowledge base for pentesting, privilege escalation, and CTFs.
Pentestmonkey: Tips, payloads, and cheat sheets for web exploitation and post-exploitation.
PayloadAllTheThings: Collection of payloads and techniques for web, network, and privilege escalation attacks.
🧩Data Analysis and Transformation Tools
CyberChef: Versatile web tool for data encoding, encryption, and transformation.
Regex101: It is an online tool for testing and debugging regular expressions with instant feedback.
🔑Token & Auth Analysis Tools
JWT.IO: Decodes, verifies, and generates JSON web tokens.
Token Inspector: Platform for inspecting and visualizing JWT, JWE, JWK and JWS tokens.
Base64 Decode & Encode: Simple tool to decode or encode base64.
🔐Web Security Configuration
SSL Labs Test: Comprehensive analysis of a web server’s SSL/TLS configuration.
Observatory by Mozilla: Analyzes website security configurations and provides practical recommendations.
Security Headers: Analyzes the security HTTP headers of any website.
💥Exploits and Vulnerabilities
Exploit Database: Database of exploits and security vulnerabilities.
OWASP Top 10: List of the 10 most critical web vulnerabilities.
Mitre ATT&CK: Framework describing the tactics and techniques used by attackers.
CVE: Catalog of known security vulnerabilities.
