š ļø Tools & Software
Security tools I reach for regularly during CTF competitions and day-to-day security work.
Burp Suite
The industry-standard web application security testing platform. Intercept, modify, and replay HTTP/S traffic with a powerful suite of tools for finding web vulnerabilities.
Web
Wireshark
The world's foremost network protocol analyzer. Capture and interactively browse traffic running on a computer network for deep inspection of network packets.
Network
CyberChef
A web-based tool for performing all manner of encoding, decoding, encryption, compression, and data analysis operations. Supports chaining multiple operations together.
General
Nmap
The essential network discovery and security auditing tool. Scan hosts for open ports, running services, OS detection, and more using a flexible scripting engine.
Network
Metasploit Framework
The world's most widely used penetration testing framework. Provides a comprehensive library of exploits, payloads, and auxiliary modules for security testing.
Exploitation
Splunk
A powerful platform for searching, monitoring, and analyzing machine-generated data. Used for SIEM operations, log analysis, threat hunting, and security dashboards.
General
š Cheat Sheets & References
References I keep bookmarked for CTF work and security research.
GTFOBins
A curated list of Unix binaries that can be used to bypass local security restrictions. Essential reference for privilege escalation and living-off-the-land techniques on Linux.
Exploitation
PayloadsAllTheThings
A comprehensive list of useful payloads and bypass techniques for web application security testing. Covers SQLi, XSS, SSRF, XXE, command injection, and much more.
Web
LOLBAS
Living Off The Land Binaries, Scripts, and Libraries ā the Windows equivalent of GTFOBins. Documents every Windows binary that can be abused for offensive security purposes.
Exploitation
RevShells
An interactive reverse shell generator supporting dozens of languages and techniques. Quickly generate reverse shell one-liners for any scenario with configurable IP and port.
Exploitation
Sherlock
Hunt down social media accounts by username across hundreds of social networks. A go-to tool for OSINT investigations and username enumeration challenges.
OSINT
Social Engineer Toolkit
An open-source penetration testing framework designed for social engineering attacks. Supports phishing, credential harvesting, and a wide range of human-focused attack vectors.
Exploitation
SecLists
The security tester's companion ā a collection of multiple types of lists used during security assessments. Includes usernames, passwords, URLs, fuzzing payloads, and much more.
General
AperiSolve
An online steganography analysis platform that runs multiple stego tools automatically on uploaded images. Quickly checks for hidden data using zsteg, steghide, binwalk, and more.
Steganography
Have a tool or resource suggestion? Feel free to reach out via GitHub or LinkedIn.