Tools & Resources - RFS Cyber Roadmap

Overview

This comprehensive resource collection includes essential tools, references, and learning materials curated by RFS for penetration testing and red team operations. From beginner-friendly tools to expert-level specialized software, this collection covers the complete spectrum of cybersecurity tools and knowledge resources.

Resource Categories

Essential penetration testing tools organized by category
Specialized tools for unique attack vectors
Learning platforms and training resources
Books, documentation, and reference materials
Online communities and professional networks
RFS's specialized telecommunications security tools

🔍 Reconnaissance Tools

Network Discovery

Nmap: Network discovery and security auditing
Masscan: Internet-scale port scanner
Nuclei: Fast vulnerability scanner
Naabu: Fast port scanner written in Go

Web Reconnaissance

Gobuster: Directory/file/DNS brute-forcer
ffuf: Fast web fuzzer written in Go
Sublist3r: Subdomain enumeration tool
Subfinder: Subdomain discovery tool

OSINT Tools

theHarvester: E-mail, subdomain and people names harvester
Maltego: Link analysis and data visualization
Shodan: Search engine for Internet-connected devices
Recon-ng: Web reconnaissance framework

🌐 Web Application Testing

Proxy Tools

Burp Suite: Professional web application security testing
OWASP ZAP: Free security testing proxy
Caido: Modern web security testing tool
mitmproxy: Interactive TLS-capable intercepting HTTP proxy

Vulnerability Scanners

SQLMap: Automatic SQL injection testing tool
XSStrike: Advanced XSS detection suite
Nikto: Web server scanner
Commix: Command injection testing tool

API Testing

Postman: API development and testing platform
Insomnia: REST and GraphQL client
Kiterunner: Contextual content discovery tool
Arjun: HTTP parameter discovery suite

💻 Exploitation Frameworks

Multi-Purpose Frameworks

Metasploit: Penetration testing framework
CrackMapExec: Network service exploitation
Impacket: Python classes for network protocols
MSF Community: Open-source Metasploit

Post-Exploitation

PowerSploit: PowerShell post-exploitation framework
PowerShell Empire: Post-exploitation agent
Covenant: .NET command and control framework
Sliver: Adversary emulation framework

Privilege Escalation

PEASS-ng: Privilege escalation tools
LinEnum: Linux enumeration script
PowerUp: Windows privilege escalation
GTFOBins: Unix binaries exploitation

🏢 Active Directory Tools

Enumeration Tools

BloodHound: AD attack path analysis
PowerView: AD enumeration and exploitation
ADRecon: AD information gathering tool
ldapdomaindump: LDAP enumeration tool

Attack Tools

Rubeus: C# toolset for Kerberos interaction
Mimikatz: Credential extraction tool
Certify: AD Certificate Services attack tool
Whisker: Shadow credentials tool

C# Offensive Tools

Seatbelt: Security enumeration tool
SharpUp: C# port of PowerUp
SharpView: C# port of PowerView
SharpCollection: Collection of C# tools

🤖 AI Security Tools

Model Security Testing

CleverHans: Adversarial machine learning library
ART: Adversarial Robustness Toolbox
Robust ML Defense: Microsoft's defense toolkit
IBM ART: IBM's adversarial testing framework

Data Poisoning & Backdoors

Backdoor Framework: Backdoor attack implementations
Poisoning Attacks: Data poisoning research tools
Gradient Surgery: Multi-task learning attacks
Model Attacks: Various model attack techniques

AI Infrastructure Security

Grype: Container vulnerability scanner
Trivy: Security scanner for containers
Kubescape: Kubernetes security scanner
Falco: Runtime security monitoring

🌐 IoT Security Tools

Firmware Analysis

Binwalk: Firmware extraction and analysis
angr: Binary analysis framework
Firmadyne: Firmware emulation platform
Firmware Mod Kit: Firmware modification toolkit

Wireless Protocol Testing

Aircrack-ng: WiFi security testing suite
WiFiPhisher: WiFi social engineering
Btlejack: Bluetooth Low Energy attack tool
GreatSCT: Social engineering toolkit

IoT Device Discovery

Metasploit IoT Modules: IoT-specific exploits
ShodanSploit: Shodan integration tool
Redpoint: ICS/SCADA penetration testing
RouterSploit: Router exploitation framework

🦠 Malware Analysis Tools

Static Analysis

Radare2: Reverse engineering framework
Ghidra: NSA's reverse engineering tool
RetDec: Retargetable decompiler
angr: Binary analysis platform

Dynamic Analysis

Cuckoo Sandbox: Automated malware analysis
Capstone: Disassembly framework
Keystone: Multi-arch assembler
FLARE VM: Malware analysis VM

Packing & Unpacking

UPX: Executable packer/unpacker
UPX-Unpacker: UPX unpacking tools
Generic Unpacker: Generic unpacking tools
PEiD: PE file identifier

🚨 Incident Response Tools

Digital Forensics

Volatility 3: Memory forensics framework
Autopsy: Digital forensics platform
Volatility 2: Memory analysis tool
Rekall: Memory analysis framework

Threat Hunting

YARA Rules: Pattern matching for malware
YARA: Pattern matching engine
Sigma: Generic SIEM signatures
Loki: IOC scanner

IR Platforms

TheHive: Incident response platform
MISP: Threat intelligence platform
OpenCTI: Threat intelligence platform
Cortex: Observable analysis engine

📞 Unified Communications Tools (RFS Specialty)

SIP Testing Tools

SIPVicious: SIP vulnerability scanner suite
SIP-Scan: SIP endpoint discovery
SIPp: SIP protocol testing tool
Mr.SIP: SIP-based audit and attack tool

VoIP Analysis

Wireshark: VoIP packet analysis
Vomit: Voice over misconfigured internet telephony
VoIPong: VoIP call detection
rtpbreak: RTP stream analysis

Nokia & Telecom

Nokia TL1 Tools: TL1 interface testing utilities
SNMP Scanners: Nokia SNMP enumeration tools
IMS Testing Tools: IMS protocol analyzers
Custom Scripts: RFS proprietary testing tools

📱 Mobile Security Tools

Android Security Testing

OWASP MSTG: Mobile Security Testing Guide
MobSF: Mobile security framework
JADX: Android APK decompiler
dex2jar: Android APK to JAR converter

iOS Security Testing

frida-ios-dump: iOS app dump tool
ios-deploy: iOS app deployment tool
idb: iOS debugging bridge
class-dump: Objective-C class dumper

Mobile App Analysis

Frida: Dynamic instrumentation toolkit
Objection: Runtime mobile exploration
Burp Suite Mobile: Mobile app testing
SSL Kill Switch: SSL pinning bypass

☁️ Cloud Security Tools

AWS Security

ScoutSuite: Multi-cloud security auditing
Prowler: AWS security assessment tool
CloudMapper: AWS environment visualization
CloudTrail: AWS API call logging

Azure Security

Stormspotter: Azure attack path mapping
Azure AD Connect: Identity synchronization
Azurite: Azure storage emulator
Azure CLI: Command-line interface

Container Security

Trivy: Container vulnerability scanner
Grype: Container image scanner
Falco: Runtime security monitoring
Kubescape: Kubernetes security scanner

📡 SIGINT & RF Tools

Software Defined Radio

GNU Radio: SDR development framework
Inspectrum: RF signal analyzer
GQRX: SDR receiver
SDRangel: SDR application

RF Analysis Tools

Universal Radio Hacker: RF protocol analysis
RTL-SDR: RTL2832U SDR driver
HackRF: Software defined radio platform
LimeSDR: Open source SDR platform

Cellular Network Tools

OsmocomBB: GSM baseband software
YateBTS: Open source BTS
OpenBTS: Open source BTS
LTE-Cell-Scanner: LTE cell scanner

🎯 Red Team Operations Tools

Command & Control Frameworks

PowerShell Empire: Post-exploitation agent
Covenant: .NET command and control framework
Sliver: Adversary emulation framework
Cobalt Strike: Commercial penetration testing tool

Living off the Land

PSBits: PowerShell bits and pieces
LOLBAS: Living Off The Land Binaries
GTFOBins: Unix binaries exploitation
Living Off The Land: Windows binaries exploitation

AV/EDR Evasion

ScareCrow: Payload generation framework
Donut: Shellcode generation tool
SharpShooter: Payload generation framework
Covenant: .NET command and control framework

🛡️ Defensive Tools

Network Monitoring

Security Onion: Network security monitoring platform
Suricata: Network threat detection engine
Snort: Intrusion detection system
Zeek: Network analysis framework

Incident Response

TheHive: Incident response platform
MISP: Threat intelligence platform
Volatility: Memory forensics framework
Autopsy: Digital forensics platform

Vulnerability Management

Nessus: Vulnerability scanner
OpenVAS: Open-source vulnerability scanner
Nexpose: Vulnerability management
Qualys: Cloud security platform

📚 Learning Resources

Online Platforms

TryHackMe: Hands-on cybersecurity training [Supports Project]
HackTheBox: Penetration testing labs [Supports Project]
VulnHub: Vulnerable virtual machines
OverTheWire: Security wargames

Certification Training

INE: eLearnSecurity certification training [Supports Project]
Offensive Security: OSCP, OSWE, OSEP training
Altered Security: CRTP, CRTO, CRTE training
SANS: Professional cybersecurity training

Free Resources

PortSwigger Academy: Free web security training
PentesterLab: Web application security exercises
Cybrary: Free cybersecurity training
Coursera: University cybersecurity courses

📖 Essential Books

Penetration Testing

The Web Application Hacker's Handbook - Dafydd Stuttard, Marcus Pinto
Penetration Testing: A Hands-On Introduction to Hacking - Georgia Weidman
The Hacker Playbook 3 - Peter Kim
Advanced Penetration Testing - Wil Allsopp

Red Team Operations

Red Team Development and Operations - Joe Vest, James Tubberville
Operator Handbook - Joshua Picolet
Red Team Field Manual - Ben Clark
Social Engineering: The Art of Human Hacking - Christopher Hadnagy

Technical Deep Dives

The Shellcoder's Handbook - Chris Anley, et al.
Windows Internals - Pavel Yosifovich, et al.
Hacking: The Art of Exploitation - Jon Erickson
Practical Binary Analysis - Dennis Andriesse

🌐 Professional Communities

Online Communities

r/netsec: Network security discussions
InfoSec Discord: Real-time security discussions
#InfoSec Twitter: Security news and research
LinkedIn InfoSec: Professional networking

Professional Organizations

OWASP: Open Web Application Security Project
ISACA: Information systems professional association
(ISC)²: Cybersecurity professional certification
SANS: Information security training and certification

Conferences & Events

DEF CON: World's largest hacker convention
Black Hat: Information security conferences
BSides: Community-driven security conferences
RSA Conference: Leading security industry event

💚 Support the Project

🌟 Help Keep Cyber-Roadmaps.com Free

Support this project by using our affiliate links below. You get the same great services while helping us maintain and expand this free resource!

🎓 Novice to Professional

TryHackMe - Hands-on Labs

Perfect for beginners starting their cybersecurity journey

🚀 Professional to Expert

HackTheBox - Advanced Labs

Advanced penetration testing challenges

☁️ Build The Labs Free

Digital Ocean - Cloud Infrastructure

Create your own lab environments

🏆 Get Certified

INE - Professional Training

Industry-recognized certifications

📄 Career Development

VisualCV - Professional Resume Builder

Create standout resumes for cybersecurity roles

Thank you for your support! Every click helps us maintain this free cybersecurity learning platform.

🏆 RFS Recommended Resources

Expert-Curated Resources by RFS

Based on years of professional experience in penetration testing and unified communications security:

🎯 Essential Starting Point: TryHackMe → HackTheBox → Real-world practice
📚 Core Knowledge: OWASP guides, NIST frameworks, RFC documents
🔧 Tool Mastery: Burp Suite, BloodHound, Metasploit automation
📞 UC Specialization: SIP RFC 3261, IMS specifications, Nokia documentation
🎓 Certification Path: eJPT → eCPPTv2 → CRTP → Specialization
🌐 Continuous Learning: Security research blogs, vulnerability databases

Pro Tip: Focus on understanding the "why" behind each tool and technique, not just the "how."

🔗 Partner Resources

Recommended Professional Resources

🔐 pentesting.pt 🚀 poplab.agency 📚 popdocs.net

🛠️ Tools & Resources