Security / Tools

Scanners

w3af	Open Source Web Application Security Scanner
Scanning for OWASP Top 10 Vulnerabilities with Metasploit for the web(w3af)

Web Proxy

BURP Suite	An integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.
OWASP ZAP	One of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing.
Charles Proxy	HTTP proxy / HTTP monitor / Reverse Proxy that enables a developer to view all of the HTTP and SSL / HTTPS traffic between their machine and the Internet. This includes requests, responses and the HTTP headers (which contain the cookies and caching information).
Fiddler	The free web debugging proxy for any browser, system or platform

Network

Nmap Cheat Sheet

Network exploration tool and security / port scanner.

Reversing

Linux Commands/Tools

strings
hexdump -C
readelf -a
file
lsof -i
strace
ltrace
radare2

Websites

Compiler Explorer is an interactive tool that lets you type code in one window and see the results of its compilation in another window. You can “translate” C code to assembler in real time.
Reverse engineering for malware analysis cheatsheet

SSL

openssl s_client -connect www.feistyduck.com:443 – Connect via SSL/TLS
(Useful parameters: -quiet, -ign_eof)
^{Reference: Debug SSL/TLS}

Pentesting Suite

Metasploit by Rapid7

The Metasploit Project host the world’s largest public database of quality-assured exploits.

Dictionaries

A Powerful and Useful Hacker Dictionary Builder for a Brute-Force Attack

Tags: