Stego
| Repository | Description |
|---|---|
| https://330k.github.io/misc_tools/unicode_steganography.html | zero width space stego |
| https://offdev.net/demos/zwsp-steg-js | zero width space stego |
| https://neatnik.net/steganographr/ | zero width space stego |
| https://www.aperisolve.com/ | online platform which performs layer analysis on image |
| https://steghide.sourceforge.net/ | steganography program that is able to hide data in various kinds of image |
| https://github.com/RickdeJager/stegseek | steghide bruteforce |
| https://georgeom.net/StegOnline/upload | A web-based, enhanced and open-source port of StegSolve |
| https://github.com/zed-0xff/zsteg | detect stegano-hidden data in PNG & BMP |
| https://github.com/lukechampine/jsteg | JPEG steganography |
Cryptography
| Repository | Description |
|---|---|
| https://github.com/RsaCtfTool/RsaCtfTool | RSA attack tool (mainly for ctf) - retrieve private key from weak public key and/or uncipher data |
| https://github.com/Ciphey/Ciphey | Automatically decrypt encryptions without knowing the key or cipher, decode encodings |
| https://gchq.github.io/CyberChef/ | The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis |
| https://www.jbowman.com/remorse/ | MORSE bruteforce if you don’t know where spacing goes |
| https://dtmf.netlify.app/ | DTMF decoder (Multitap, T9) |
| https://morsecode.world/international/decoder/audio-decoder-adaptive.html | Morse (audio) to text |
| https://www.dcode.fr/ | GOAT of ciphers |
| https://quipqiup.com/ | auto solve substitution ciphers |
Forensics
| Repository | Description |
|---|---|
| https://github.com/mlgualtieri/NTLMRawUnHide/blob/master/NTLMRawUnHide.py | Extract NTLMv2 hashes from a pcap |
| https://github.com/landoncrabtree/ctf-toolbox/blob/main/forensics/ospf.py | Extract OSPF hashes from a pcap |
| https://github.com/volatilityfoundation/volatility3 | An advanced memory forensics framework |
| https://github.com/google/magika | Detect file content types with deep learning |
| https://www.wireshark.org/ | The world’s most popular network protocol analyzer |
| https://github.com/WerWolv/ImHex | Hex Editor with patterns |
| https://github.com/sleuthkit/autopsy | digital forensics platform and graphical interface for disk images |
Web Exploitation
| Repository | Description |
|---|---|
| Arachni | Web Application Security Scanner Framework |
| burpsuite | Full web testing suite, including proxied requests |
| Caido | Like Burp but written in Rust |
| dirb | Web application directory/file fuzzer to find other pages or files worth looking at. |
| dotGit | A Firefox and Chrome extension that shows you if there is an exposed .git directory |
| feroxbuster | Web application directory/file fuzzer to find other pages or files worth looking at. Written in Rust. |
| flask-unsign | Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application |
| gobuster | Web application directory/file fuzzer to find other pages or files worth looking at. Also supports DNS busting (such as subdomains). Written in Go. |
| Nikto | Web server scanner to perform security checks on a web server. |
| nosqlmap | Like sqlmap, but for NoSQL. |
| PayloadsAllTheThings | Useful payloads for a variety of attacks such as SQLi, IDOR, XSS, etc. |
| sqlmap | Performs automated SQL injection tests on GET and POST requests. |
| w3af | Web application attack and audit framework. |
| wappalyzer | Identify what frameworks a website runs |
| wpscan | Automatic WordPress scanner to identify information about a WordPress site and possible vulnerabilities. |