Tools & Resources
26 essential security tools
A curated reference of essential cybersecurity tools organized by category. Each tool is used in our learning modules and practice environments.
26
Tools
7
Categories
15
Resources
53
Tags
Nmap
Network scanner for port scanning, service detection, and OS fingerprinting.
Amass
In-depth DNS enumeration and attack surface mapping.
Shodan
Search engine for internet-connected devices and exposed services.
theHarvester
Gather emails, names, subdomains, IPs from public sources.
Recon-ng
Full-featured web reconnaissance framework.
Burp Suite
The industry standard for web application security testing.
SQLMap
Automatic SQL injection detection and exploitation tool.
Gobuster
Directory and file brute-forcing for web servers.
Nikto
Web server scanner for dangerous files, outdated software, and misconfigurations.
XSSStrike
Advanced XSS detection and exploitation framework.
Metasploit
The world's most used penetration testing framework.
SearchSploit
Command-line search tool for Exploit-DB.
Msfvenom
Payload generation and encoding tool.
pwntools
CTF framework and exploit development library for Python.
John the Ripper
Fast password cracker supporting many hash types.
Hashcat
Advanced GPU-based password recovery tool.
Hydra
Network login brute-forcer supporting many protocols.
Aircrack-ng
Suite of tools for WiFi network security assessment.
Bettercap
Network attack and monitoring framework.
Volatility
Memory forensics framework for incident response.
Autopsy
Digital forensics platform for hard drive investigation.
Wireshark
Network protocol analyzer for deep packet inspection.
YARA
Pattern matching tool for malware identification.
Ghidra
NSA's open-source software reverse engineering suite.
radare2
Open-source reverse engineering framework.
Frida
Dynamic instrumentation toolkit for hooking into running processes.
Learning Resources
15 curated resources
OWASP Top 10
websiteThe definitive guide to the most critical web application security risks.
HackTheBox
platformOnline platform for practicing penetration testing and cybersecurity skills.
TryHackMe
platformGamified learning platform with guided rooms for beginners to advanced users.
OverTheWire: Bandit
platformWargame that teaches Linux command line and basic security concepts.
PortSwigger Web Academy
courseFree interactive labs covering all major web vulnerability classes.
CyberDefenders
platformBlue team CTF platform focused on DFIR and threat hunting exercises.
Pentester Lab
platformHands-on exercises to understand and exploit web vulnerabilities.
The Web Application Hacker's Handbook
bookComprehensive guide to finding and exploiting web application security flaws.
Hacking: The Art of Exploitation
bookIn-depth exploration of hacking techniques including C programming and exploitation.
Red Team Field Manual (RTFM)
bookQuick-reference guide for penetration testers with essential commands and tools.
Blue Team Field Manual (BTFM)
bookDefensive security reference for incident responders and SOC analysts.
MITRE ATT&CK Framework
websiteKnowledge base of adversary tactics and techniques based on real-world observations.
Exploit Education
platformVulnerable VMs and challenges for learning binary exploitation and reverse engineering.
SANS Reading Room
websiteThousands of research papers on information security topics.
CTFtime
websiteCTF event tracker and team rankings — find upcoming competitions.