Description
Links to things i find interesting and where I've sourced my knowledge from
Guides / Blogs
- HackTricks - Common Hacking Methods
- six2dez - Common Hacking Methods
- Rez0 - A blog where he rants about anything Hacking or technical
- Hackers-Rest - Common Hacking Methods and Tips!
- OhShint - Common OSINT Methods Guide
- PasswordVillage - Password Cracking Guide!
- Sushant747 - OSCP related stuff (was 401 Unauthorized so may need Archive) Saw it also on github.io
- ShahJerry33 - Github Recon Tutorial
- OWASP CheatSheetSeries - Know-More for WebApp Pentesting Knowledge!
- ScriptKiddy - Not too useful, usually scans but useful tools and links!
- BugBountyHunting - A collection of hundreds of Whitepapers!
- Hacktivity - Keep up to date with IRL bug bounty hacks!
- GameHacking - Guide into how to hack actual games
- App Security Cheat Sheet - As it sounds like
Labs
- Portswigger - Free, very detailed web application focused labs
- Hack The Box - Free, but more with payed. Web applications and other hacking themes
- Try Hack Me - Free, but more with payed. Web applications and other hacking themes
- Flaws.Cloud - Free, Cloud Pentesting e.g S3 buckets/AWS
- APISEC - Free API Pentesting Labs
Youtubers
- PwnFunction - Hacking Guides
- John Hammond - Hacking Guides
- The Hated One - Hardcore Privacy / Off The Grid
- STÖK - Everything hacking related
- Jim Browning - Gray hat hacking scammers
- LiveOverflow - A developer into hacking. Giving very detailed explanation to why certain hacks work
- NetworkChuck - Sparking interest in different areas for beginners
- zSecurity - Hacking Guides
- Surveillance Report - News about recent privacy related news and other large or interesting hacks
- Naomi Brockwell - Privacy and Anonymity
- Seytonic - News about recently occurred hacks
- Mental Outlaw - Hobbyist talking about hacking news
- NahamSec - Explaining hacks and knowledge sharing!
Twitter (or "X")
- p3n73st3r - Recent hacking news regarding PoC's and good tips-n-tricks!
Wordlists
- BugBounty
- CyList - My personal Wordlist collection
- SecLists
- PayloadAllTheThings
- AssetNotes - Technology specific wordlists e.g SwaggerAPI or Apache etc
Cyber Forums -> USE TOR
Some of these may have been taken down by the three-letter-agencies (It is highly recommended to use TOR on these sites, do not link your personal identity to these sites or any burner accounts you create!)
- Breached Forums ONION - Lots of leaked data
- Nulled - Lots of leaked data
- Dread Forums ONION - Basically Reddit but for DeepWeb. Good to find new onion links
- Pitch ONION - DeepWeb's Twitter | I recommend
@doingfedtime - OnniForums - Lots of leaked data
- XSS.is - Lots of leked data
Data Brokers
Passwords
See Finding Leaked Credentials for manual password searching
- LeakCheck - Payed (Lifetime) - Clear text passwords
- SnusBase - Payed (Lifetime) - Clear text passwords, IP, Phone, Full Name etc
- DeHashed - Payed (Monthly) - Clear text passwords, IP, Phone, Full Name etc
- 0t.rocks - Free - Clear text passwords, IP, Phone, Full Name etc
DEPRECATED - BreachDirectory - Free - Good for password hints. Tailor MaskAttack in HashCat
- ProxyNova - Free - Somewhat good in finding passwords from "COMB" collection leak
- DeepSearch ONION - Free - Not tested yet
Email Input
- Epieos - Free - Search for identifiable information by email
- HoleHe - Great tool to test for existing accounts on multiple applications
Username Input
- WhatsMyName - Search for usernames used on multiple applications
Search Engines
- Shodan - Free, but recommend payed. There's a
lifetime subscription! They scan the whole internet and all ports, and giving you the information on their website. SUPER useful for passive information gathering - LeakIX - Free, Similar to Shodan
- CenSys - Very Similar to Shodan
Online Hash Decryptors
- CrackStation - Free - Easy way to see if a hash have been cracked!
- Hashes - Free - Claims to crack hashes for free!
Proxy Tools
- Burp Suite - WEB analysis
- Caido - WEB analysis
- ZAP - WEB analysis
- WireShark - PACKET inspection
Others
- Acunetix - Grabbing inspiration for attacks
- Bash Guide - Special characters for Bash Scripting
- ZoomEye - Searchable database, Not tested myself!
- HaveIBeenPwned - Breach search repository. Shows No Clear-Text Passwords
- CyberChef - Amazing tool to mess around with data. Recommend their GitHub for privacy
- HackerOne - A good spot to get inspiration of disclosed hacks
- ExploitDB - A database of all kinds of exploits and OSINT syntaxes
- ExploitAlert - A database revealing Proof Of Concepts and explanations
- DarkNet Diaries - Vlog about hacker stories from White-hats to Black-hats
- ChatGPT - This is supposed to bypass the restrictions!
- Perplexity - ChatGPT, But
no account required - Venice - AI focused on not stealing your data for AI learning and
no account required - h0tak88r - Methodology in webapplication pentesting
- BSCP Prep - Preparations and tips for BSCP
- DDOS ONION - Latest leaks of hacks made
- Ransomware Sites ONION - A collection of well known ransomware onion links
- IntelTechniques - A legend who's into Privacy and Anonymity (Buy his books!)
- HashKiller - Loads of leaked hashes to be played with!
- FREE Collaborator - Free collaborator that can be useful in desperate times
- WAF Pentesting - Pentesting Web Application Firewalls
- TOR Taxi - Excellent first footstep into Deepweb
- Reverse Shell Genertor - Generates Reverse Shells for you!
- Default Credential Search - A quick way to search for defult credentials. eg Drupal CMS
- Defcon Material
- MindMap Creator