Awesome Links
Useful links for tools, blogs, posts, etc...
Tools
waf-bypass.com: WEB APPLICATION FIREWALLS BYPASSES COLLECTION AND TESTING TOOLS
explainshell.com: write down a command-line to see the help text that matches each argument.
censys.io: search engine for Internet-connected devices.
shodan.io: search engine for Internet-connected devices.
grep.app: Search across a half million git repos.
intelx.io: search engine for OSINT.
osintframework.com: mentalmap for OSINT.
builtwith.com: Find out what websites are built with.
virustotal.com: Analyze suspicious files and URLs to detect types of malware, automatically share them with the security community.
backlinkwatch.com: Type URL of your website to get complete detailed information about quality and quantity of backlinks pointing to your website.
archive.org: Internet Archive is a non-profit library of millions of free books, movies, software, music, websites, and more.
pentest-tools.com: Your pentesting arsenal, ready to go.
observatory.mozilla.org: The Mozilla Observatory has helped over 240,000 websites by teaching developers, system administrators, and security professionals how to configure their sites safely and securely.
hpd.gasmi.net: Hex Packet Decoder.
onlineasciitools.com: Online ASCII tools is a collection of useful browser-based utilities for working with ASCII character set.
CyberChef: The Cyber Swiss Army Knife.
patchstack.com: Vulnerability Database.
beeceptor.com: Rest API mocking and intercepting in seconds.
spaceship-prompt.sh: Minimalistic, powerful and extremely customizable Zsh prompt.
tryeraser.com: A whiteboard that lets you focus on ideas.
osv.dev: Database for open source vulnerabilities.
Learning
Kontra: Application Security Training
PortSwigger Academy: Free, online web security training from the creators of Burp Suite
Veracode Security Labs: Security Labs Community Edition from Veracode.
Udemy:
Fundamentos de Ethical Hacking: curso prático: Como aprender a realizar um Teste de Invasão (PenTest) completo através de diversos exemplos práticos.
Microservices Security - The Complete Guide: Design secure and robust microservices systems using the most up-to-date security best practices.
DESEC: Treinamentos em segurança.
Repositories
danielmiessler/SecLists: Collection of multiple types of lists used during security assessments, collected in one place.
swisskyrepo/PayloadsAllTheThings: A list of useful payloads and bypasses for Web Application Security.
streaak/keyhacks: KeyHacks shows ways in which particular API keys found on a Bug Bounty Program can be used, to check if they are valid.
KingOfBugbounty/KingOfBugBountyTips: About Our main goal is to share tips from some well-known bughunters.
six2dez/OneListForAll: Rockyou for web fuzzing
Sites and Blogs
hackerone.com: Get direct access to the world’s top ethical hackers. Stress test systems, hunt bugs, and fix vulnerabilities before anyone else even knows they exist.
bugcrowd.com: Discover and remediate more key vulnerabilities sooner, so bad actors never have a chance.
book.hacktricks.xyz: Welcome to the page where you will find each hacking trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
highon.coffee: Penetration Testing && Security Research Blog
hackingarticles.in: Raj Chandel's Blog
labs.detectify.com: A security research blog
daily.dev: All developers news in one place
Articles
Cheat Sheets
Docs and Books
Videos
Last updated