Disclaimer: I am neither affiliated with any of the below programs nor assume any liability towards anyone's use of the below tools and resources.
This is simply an aggregation of tools that I have found which I find useful and have used or plan to use in the future.
- GitHound: Advanced Github searching tool.
- GoGhost: SMBGhost scanning tool.
- APKLeaks: APK scanning tool to search for secrets.
- ROADtools: Auzre AD enumeration tool.
- MacHound: Enumeration tool for relationships between AD and MacOS hosts.
- Azure AD Connect Dump: Toolkit to help extract and decrypt AD credentials.
- reconFTW: Domain enumeration tool.
- assetfinder: Tool to find related domains from a given domain.
- waybackurls: Tool which fetches all URLs of a given domain which the Wayback Machine knows about.
- findcdn: Tool to find which CDN a domain is using, created by CISA.
- Pshtt: Domain enumeration tool designed by CISA.
- mapCIDR: CIDR range enumation tool.
- Aircrack-ng: Wifi auditing tool.
- h4rpy: Automated WPA/WPA2 attack tool.
- HTTP Probe: HTTP and HTTPS probing tool.
- Malcolm: Extensive network analysis tool designed by CISA.
- DNS Dumpster: DNS reconnaissance tool.
- Firesheep: Sidejacking utility Firefox extension.
- WAFW00F: WAF detection tool.
- AutoRecon: Feature heavy enumeration tool.
- Wfuzz: Web fuzzer.
- Konan: Web directory and file brute force scanner.
- JShielder: Hardening scripts for linux servers.
- Chrome Galvinizer: Chrome hardening tool.
- Virtual Box Hardened Loader: Virtual Box detection mitigation.
- Ciphey: Encryption/hash detection and decryption tool.
- Hash Buster: Hash cracking tool.
- Name That Hash: Hash format identifying tool.
- MOSINT: Email OSINT tool.
- ProOSINT: ProtonMail account detection tool.
- linkedin2username: Linkedin OSINT tool which fetches all usernames of employees of a particular company.
- SecLists: Large collection of various lists.
- Leaky Paths: Lists of interesting URL paths and paths vulnerable to CVEs and misconfigurations.
- Payloads All The Things: Extensive list of payloads and bypasses for websec.
- CSET: Cybersec infrastructure assessment tool made by CISA which directly includes numerous infrastrcuture security standards.
- Hacks: Large collection of individual scripts.
- Ghidra: Reverse engineering program designed by the NSA.
- ImHex: Feature heavy hex editor.
- CyberChef: Very extensive web toolkit of everything from small utilities to decryption tools created by the GCHQ.
- John the Ripper: Advanced offline password cracker.
- Cursed Chrome: Chrome extension that turns the victim's browser into a web proxy.
- PHP Reverse Shell: PHP reverse shell.
- Pi-Pwner: Pentesting suite deployer for Rasbian.
- Fake Sandbox Artifacts: Sandbox/VM simulator to trick any malware that checks if it is running inside of a VM or not.
- Telnet Logger: Telnet login logger.
- Gophish: Phishing toolkit.
- CallObfuscator: Windows API obfuscating tool.