🛠️ Tools & Resources

Network Discovery

• Nmap: Network discovery and security auditing
• Masscan: Internet-scale port scanner
• Nuclei: Fast vulnerability scanner
• Naabu: Fast port scanner written in Go

Web Reconnaissance

• Gobuster: Directory/file/DNS brute-forcer
• ffuf: Fast web fuzzer written in Go
• Sublist3r: Subdomain enumeration tool
• Subfinder: Subdomain discovery tool

OSINT Tools

• theHarvester: E-mail, subdomain and people names harvester
• Maltego: Link analysis and data visualization
• Shodan: Search engine for Internet-connected devices
• Recon-ng: Web reconnaissance framework

Proxy Tools

• Burp Suite: Professional web application security testing
• OWASP ZAP: Free security testing proxy
• Caido: Modern web security testing tool
• mitmproxy: Interactive TLS-capable intercepting HTTP proxy

Vulnerability Scanners

• SQLMap: Automatic SQL injection testing tool
• XSStrike: Advanced XSS detection suite
• Nikto: Web server scanner
• Commix: Command injection testing tool

API Testing

• Postman: API development and testing platform
• Insomnia: REST and GraphQL client
• Kiterunner: Contextual content discovery tool
• Arjun: HTTP parameter discovery suite

Multi-Purpose Frameworks

• Metasploit: Penetration testing framework
• CrackMapExec: Network service exploitation
• Impacket: Python classes for network protocols
• MSF Community: Open-source Metasploit

Post-Exploitation

• PowerSploit: PowerShell post-exploitation framework
• PowerShell Empire: Post-exploitation agent
• Covenant: .NET command and control framework
• Sliver: Adversary emulation framework

Privilege Escalation

• PEASS-ng: Privilege escalation tools
• LinEnum: Linux enumeration script
• PowerUp: Windows privilege escalation
• GTFOBins: Unix binaries exploitation

Enumeration Tools

• BloodHound: AD attack path analysis
• PowerView: AD enumeration and exploitation
• ADRecon: AD information gathering tool
• ldapdomaindump: LDAP enumeration tool

Attack Tools

• Rubeus: C# toolset for Kerberos interaction
• Mimikatz: Credential extraction tool
• Certify: AD Certificate Services attack tool
• Whisker: Shadow credentials tool

C# Offensive Tools

• Seatbelt: Security enumeration tool
• SharpUp: C# port of PowerUp
• SharpView: C# port of PowerView
• SharpCollection: Collection of C# tools

SIP Testing Tools

• SIPVicious: SIP vulnerability scanner suite
• SIP-Scan: SIP endpoint discovery
• SIPp: SIP protocol testing tool
• Mr.SIP: SIP-based audit and attack tool

VoIP Analysis

• Wireshark: VoIP packet analysis
• Vomit: Voice over misconfigured internet telephony
• VoIPong: VoIP call detection
• rtpbreak: RTP stream analysis

Nokia & Telecom

• Nokia TL1 Tools: TL1 interface testing utilities
• SNMP Scanners: Nokia SNMP enumeration tools
• IMS Testing Tools: IMS protocol analyzers
• Custom Scripts: RFS proprietary testing tools

Network Monitoring

• Security Onion: Network security monitoring platform
• Suricata: Network threat detection engine
• Snort: Intrusion detection system
• Zeek: Network analysis framework

Incident Response

• TheHive: Incident response platform
• MISP: Threat intelligence platform
• Volatility: Memory forensics framework
• Autopsy: Digital forensics platform

Vulnerability Management

• Nessus: Vulnerability scanner
• OpenVAS: Open-source vulnerability scanner
• Nexpose: Vulnerability management
• Qualys: Cloud security platform

Online Platforms

• TryHackMe: Hands-on cybersecurity training
• HackTheBox: Penetration testing labs
• VulnHub: Vulnerable virtual machines
• OverTheWire: Security wargames

Essential Security Tools

• NordVPN: Secure lab connectivity and privacy protection
• Wireshark: Network protocol analyzer
• Burp Suite: Web application testing
• Metasploit: Penetration testing framework

Certification Training

• INE: eLearnSecurity certification training
• Offensive Security: OSCP, OSWE, OSEP training
• Altered Security: CRTP, CRTO, CRTE training
• SANS: Professional cybersecurity training

Free Resources

• PortSwigger Academy: Free web security training
• PentesterLab: Web application security exercises
• Cybrary: Free cybersecurity training
• Coursera: University cybersecurity courses

Penetration Testing

• The Web Application Hacker's Handbook - Dafydd Stuttard, Marcus Pinto
• Penetration Testing: A Hands-On Introduction to Hacking - Georgia Weidman
• The Hacker Playbook 3 - Peter Kim
• Advanced Penetration Testing - Wil Allsopp

Red Team Operations

• Red Team Development and Operations - Joe Vest, James Tubberville
• Operator Handbook - Joshua Picolet
• Red Team Field Manual - Ben Clark
• Social Engineering: The Art of Human Hacking - Christopher Hadnagy

Technical Deep Dives

• The Shellcoder's Handbook - Chris Anley, et al.
• Windows Internals - Pavel Yosifovich, et al.
• Hacking: The Art of Exploitation - Jon Erickson
• Practical Binary Analysis - Dennis Andriesse

Online Communities

• r/netsec: Network security discussions
• InfoSec Discord: Real-time security discussions
• #InfoSec Twitter: Security news and research
• LinkedIn InfoSec: Professional networking

Professional Organizations

• OWASP: Open Web Application Security Project
• ISACA: Information systems professional association
• (ISC)²: Cybersecurity professional certification
• SANS: Information security training and certification

Conferences & Events

• DEF CON: World's largest hacker convention
• Black Hat: Information security conferences
• BSides: Community-driven security conferences
• RSA Conference: Leading security industry event