Traffic Noise Generator


Traffic Noise Generator


The author does not hold any responsibility for the bad use of this tool, remember that attacking targets without prior consent it’s illegal and punished by law.


GitHub .:

A simple python script that generates random HTTP/DNS traffic noise in the background while you go about your regular web browsing, to make your web traffic data less valuable for selling and for extra obscurity.

Tested on MacOS High Sierra, Ubuntu 16.04 and Raspbian Stretch and is compatible with both Python 2.7 and 3.6



GitHub .:

A quick and dirty HTTP/S “organic” traffic generator.

Just a simple (poorly written) Python script that aimlessly “browses” the internet by starting at pre-defined rootURLs and randomly “clicking” links on pages until the pre-defined clickDepth is met.


Official website:

Noise-as-a-service that attacks the wholesale surveillance of US citizens


Squawk: Data Retention Edition

Official website:

Creating noise-as-a-service, as an act of civil disobedience, that attacks the wholesale surveillance of Australian citizens under the data retention program.



GitHub .:

A simple program to generate views for your website

WVG, or Will’s View Generator, is a simple tool created to help you generate realistic views for your website. It uses many different user agents, referers, and proxies within the TOR network to accomplish this task. Moreover, unlike other common view generators, this program doesn’t flood the server with requests but does it at a slower pace and at random intervals to make the traffic seem more realistic. Do not use this program on websites if it violates your region’s laws or your host’s rules.



GitHub .:
Official website .:

Ostinato – Packet/Traffic Generator and Analyzer

Ostinato is a packet crafter, network traffic generator and analyzer with a friendly GUI. Also a powerful Python API for network test automation. Craft and send packets of several streams with different protocols at different rates. Think of it as “Wireshark in Reverse”.


KalEl Toolkit

GitHub .:

Kal El is a neat tool for Network Stress Testing and Penetration Testing.

Traffic Generator is a tool used to generate fake web traffic that can be used to fake page views and visitor stats. If used with TOR VPN module you will have the option to enable auto switching where it will get a new IP for each request resulting in unique visitor stats as well as page views.



GitHub .:

Traffic generator and sniffer



GitHub .:

A Simple Traffic Generator for Network Experiments

The server listens for incoming requests, and replies with a flow with the requested size (using the requested DSCP value & sending at the requested rate) for each request.

The client establishes persistent TCP connections to a list of servers and randomly generates requests over TCP connections according to the client configuration file. If no available TCP connection, the client will establish a new one. Currently, we provide two types of clients: client and incast-client for dynamic flow experiments. For client, each request only consists of one flow (fanout = 1). For incast-client, each request can consist of several synchronized incast-like flows. A request is completed only when all its flows are completed.

In the client configuration file, the user can specify the list of destination servers, the request size distribution, the Differentiated Services Code Point (DSCP) value distribution, the sending rate distribution and the request fanout distribution, .


WAN Killer

Official website .:

Perform network stress tests with WAN Killer




Official website .:

GitHub .:

Send anonymous traffic to your links by automatically loading existing proxies from the web. Multiple working sets of proxies are retrieved.


Modbus Traffic Generator

GitHub .:

This tool Generates Modbus traffic to trigger alerts in Snort Intrusion detection System. It reads Snort rules from “scada.rules” input file,parses the rules and generateS proper packet(s) that would trigger the coresponding rule alerts in the intrusion detection system.

Proxies & MITM Tools


Proxies and MITM Tools


The author does not hold any responsibility for the bad use of this tool, remember that attacking targets without prior consent it’s illegal and punished by law.

Charles proxy

Official website:

Charles is an HTTP proxy / HTTP monitor / Reverse Proxy that enables a developer to view all of the HTTP and SSL / HTTPS traffic between their machine and the Internet. This includes requests, responses and the HTTP headers (which contain the cookies and caching information).



Official website:

bettercap is the Swiss army knife for network attacks and monitoring.

$ go get


Official website:

Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis.




HTTP/HTTPS proxy over SSH




HoneyProxy is a lightweight man-in-the-middle proxy that helps you analyze HTTP(S) traffic flows. It is tailored to the needs of security researchers and allows both real-time and log analysis. Being compatible with mitmproxy, it focuses on features that are useful in a forensic context and allows extended visualization capabilites.
(note: HoneyProxy is now part of mitmproxy)


GitHub :

Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates. It comes with pre-made binaries (agents), a working default configuration for fast pentests, and has it’s own WebServer and DNSServer modules. Easy to set up new settings, and has an autoconfiguration when new binary agents are set.


Telerik Fiddler

Official website:

Free web debugging proxy for any browser, system or platform

  • web session manipulation
  • security testing
  • performance testing
  • HTTP/HTTPS traffic recording
  • customizable free tool
  • web debugging



Official website:


DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka “Fake DNS”) is a tool used for application network traffic analysis among other uses. For example, a DNS proxy can be used to fake requests for “” to point to a local machine for termination or interception instead of a real host somewhere on the Internet.



Morpheus it’s a Man-In-The-Middle (mitm) suite that allows users to manipulate tcp/udp data using ettercap, urlsnarf, msgsnarf and tcpkill as backend applications. but this tool main objective its not to provide an easy way to exploit/sniff targets, but ratter a call of attemption to tcp/udp manipulations technics (etter filters).




SSH man-in-the-middle tool

This penetration testing tool allows an auditor to intercept SSH connections. A patch applied to the OpenSSH v7.5p1 source code causes it to act as a proxy between the victim and their intended SSH server; all plaintext passwords and sessions are logged to disk.



Official website:
GitHub :

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.


OWASP Zed Attack Proxy (ZAP)


The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing.




A Java based HTTP/HTTPS proxy for assessing web application vulnerability. It supports editing/viewing HTTP messages on-the-fly. Other featuers include spiders, client certificate, proxy-chaining, intelligent scanning for XSS and SQL injections etc.

Hex Editors software for ITSEC


Hex Editors

Online Editing

Hex Editor online – Official website:

Hex-works – Official website:

Online Hexeditor – Official website:



Official website:

UltraEdit is a commercial text editor for Microsoft Windows, Linux and OS X created in 1994 by the founder of IDM Computer Solutions Inc., Ian D. Mead. The editor contains tools for programmers, including macros, configurable syntax highlighting, code folding, file type conversions, project management, regular expressions for search-and-replace, a column-edit mode, remote editing of files via FTP, interfaces for APIs or command lines of choice, and more. Files can be browsed and edited in tabs, and it also supports Unicode and hex editing mode.

Key features:

  • Facilitates the opening and editing of large files, up to 4GB and greater in size
  • Native 64-bit architecture
  • Multi-caret editing and multi-select
  • Document map navigation
  • Column (block) mode editing
  • Regular expression find and replace
  • Find/Replace in Files
  • Extensible code highlighting, with ‘wordfiles’ already available for many languages
  • Code folding and hierarchical function listing
  • Beautify and reformat source code
  • XML editing features, such as XML tree view, reformatting and validation
  • Auto-closing XML and HTML tags
  • Smart templates for code completion
  • Editor themes
  • Integrated FTP, SSH, telnet
  • Hex editing
  • Log file polling
  • File/data sorting
  • File encryption and decryption
  • Project management
  • Bookmarking
  • Automation via macros and scripts
  • Integrated file compare


Hackman Suite

Official website:

Hackman Suite is a multi-module all purpose debugging tool. It includes a hex editor, a disassembler, a template editor, a hex calculator and other everyday useful tools to assist programmers and code testers with the most common tasks.


HxD – Freeware Hex Editor and Disk Editor

Official website:

HxD is a carefully designed and fast hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size.

The easy to use interface offers features such as searching and replacing, exporting, checksums/digests, insertion of byte patterns, a file shredder, concatenation or splitting of files, statistics and much more.

Editing works like in a text editor with a focus on a simple and task-oriented operation, as such functions were streamlined to hide differences that are purely technical.
For example, drives and memory are presented similar to a file and are shown as a whole, in contrast to a sector/region-limited view that cuts off data which potentially belong together. Drives and memory can be edited the same way as a regular file including support for undo. In addition, memory-sections define a foldable region and inaccessible sections are hidden by default.

Hxd Hex editor


Free Hex Editor Neo

Official website:

Free Hex Editor Neo is the fastest large files optimized binary file editor for Windows platform developed by HHD Software Ltd. It’s distributed under “Freemium” model and provides you with all basic editing features for free.

Free Hex Editor



Official website:

ZTreeWin is a fast and flexible text-mode file/directory manager for all versions of Windows.  It has been developed as the successor to the legendary DOS file-manager XTreeGold.  Anyone who has used that remarkable program would be aware of its superior capabilities as a text-mode, tree-structured file-manager – but would also likely be aware that its limited memory support, and lack of long filename support are today a major issue.
ZTreeWin is a native Windows program (both 32-bit and 64-bit) that has been developed to provide all the powerful functionality of the past (and much more!), while avoiding all the limitations of the old DOS-based program.



Hex Fiend

Official website:

A fast and clever open source hex editor
for Mac OS X.





Synalyze It!

Official website:

Reverse Engineering and Binary File Analysis



Official website:

professional Hex Edito.

  • edit files of unlimited size.
  • compare files, compute checksums, decode numbers or display a histogram of binary file.
  • create a grammar for your file formats and decode them automatically.
  • Advanced search lets you find text, numbers or masks.
  • automate routine work with Python scripts
  • many grammars for various file formats can be downloaded for free.




Cygnus Hex Editor FREE EDITION

Official website:

Key features:

  • Fast, simple operation; delete and insert data as easily as with any word processor
  • Blazingly fast search quickly searches or replaces any combination of text and binary data
  • Multi-level undo and redo
  • Extensive drag and drop support
  • MDI (Multiple Document Interface) design allows side-by-side editing; supports multiple views of the same file
  • Dockable and moveable toolbars; state and position of main window and toolbars saved between sessions
  • Easily print all or any portion of a file; Print Preview command
  • Edit files up to available virtual memory (up to 2GB)
  • Reload command re-opens the current file from disk
  • Extensive, context-sensitive, on-line help
  • And lots more!





Official website:

0xED is a native OS X hex editor based on the Cocoa framework.

Key features:

Fast editing of large files.
Unlimited file size (limited by what the actual file system supports).
Small memory footprint.
Instant opening of files of any size.
Remains responsive with 1 million+ edits.
Supports all normal text editor keyboard shortcuts.
HFS+ compatible.
Resource fork editing.
Full hex/text search/replace.
Binary/text Cut/copy/paste support.
Main window is sizable.
Plug-in system to display your custom data types.
Requires Mac OS X 10.6 or newer.
Intel 32/64 bit binary.
Localizations available: Italian, Finnish, French, German, Simplified Chinese.
Free of charge.


Pentest with Docker


Docker container for Penetration Testing


The author does not hold any responsibility for the bad use of this tool, remember that attacking targets without prior consent it’s illegal and punished by law.

docker for pentest



Note: The docker pull command serves for downloading Docker images from a registry (default pulls images from Docker Hub)


Official Kali Linux for Docker

Short Description: This Kali Linux Docker image provides a minimal base install of the latest version of the Kali Linux Rolling

Docker Pull Command:

docker pull kalilinux/kali-linux-docker



Metasploit for Docker

Short Description: Metasploit image with steroids (nmap, tor and postgress)

docker pull strm/metasploit


Metasploit Framework for Docker

Short Description: An image of the famous Metasploit-Framework tool for pentesting.

docker pull phocean/msf



Metasploitable2 for Docker

Metasploitable2 – pristine condition

docker pull meknisa/metasploitable-base




Social Engineer Toolkit (SET) for Docker

Short Description: Dockerfile for building a Social Engineer Toolkit (SET) container



OWASP Zed Attack Proxy for Docker

Short Description: Current stable OWASP Zed Attack Proxy release in embedded docker container

docker pull owasp/zap2docker-stable


WPSCAN for Docker

Short Description: WPScan is a black box WordPress vulnerability scanner

docker pull wpscanteam/wpscan



Damn Vulnerable Web Application (DVWA) for Docker

Short Description: Ubuntu container with v1.9 of Damn Vulnerable Web App (

docker pull originalsix/docker-dvwa



Vulnerable WordPress for Docker

Short Description: Vulnerable WordPress container

docker pull wpscanteam/vulnerablewordpress



Dockerfile for BeEF (the Browser Exploitation Framework)

for Docker

Short Description: This Dockerfile allows to build a Docker image for the BeEF framework for XSS browser exploitation

docker pull janes/beef



OWASP Mutillidae II Web Pen-Test Practice Application

Short Description: Docker container for OWASP Mutillidae II Web Pen-Test Practice Application

docker pull citizenstig/nowasp



OWASP Juice Shop for Docker

Short Description: OWASP Juice Shop – An intentionally insecure Javascript Web Application

docker pull bkimminich/juice-shop



The Docker Bench for Security checks

Short Description: The Docker Bench for Security checks for all the automatable tests in the CIS Docker 1.6 Benchmark.

docker pull diogomonica/docker-bench-security



OpenDNS Security Ninjas AppSec Training for Docker

Short Description: Security Ninjas: An Open Source Application Security Training Program.

docker pull opendns/security-ninjas



OWASP WebGoat Project for Docker

Short Description: OWASP WebGoat Project docker image

docker pull danmx/docker-owasp-webgoat



The OWASP Security Shepherd project for Docker

Short Description: The OWASP Security Shepherd project is a web and mobile application security training platform.

The OWASP Security Shepherd Project is a web and mobile application security training platform. Security Shepherd has been designed to foster and improve security awareness among a varied skill-set demographic. The aim of this project is to take AppSec novices or experienced engineers and sharpen their penetration testing skill set to security expert status.

docker pull ismisepaul/securityshepherd



The OWASP NodeGoat project for Docker

Short Description: The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.



Shellshock (Vulnerability as a service) for Docker

Short Description: Vulnerability as a service: showcasing CVS-2014-6271, a.k.a. Shellshock.

This docker container is based on Debian Wheezy and has been modified to use a vulernable version of Bash (bash_4.2:2b:dfsg-0.1).

docker pull hmlio/vaas-cve-2014-6271



Heartbleed (Vulnerability as a service) for Docker

Short Description: Vulnerability as a service: showcasing CVS-2014-0160, a.k.a. Heartbleed

A Debian (Wheezy) Linux system with a vulnerable version of libssl and openssl and a web server to showcase CVS-2014-0160, a.k.a. Heartbleed.

docker pull hmlio/vaas-cve-2014-0160



SambaCry (Vulnerability as a service) for Docker

Short Description: SambaCry remote vulnerable environment with Samba 4.5.9

Samba in 4.5.9 version and before that is vulnerable to a remote code execution vulnerability named SambaCry. CVE-2017-7494 allows remote authenticated users to upload a shared library to a writable shared folder, and perform code execution attacks to take control of servers that host vulnerable Samba services.

docker pull vulnerables/cve-2017-7494


WackoPicko for Docker

Short Description: WackoPicko is a vulnerable web application used to test web application vulnerability scanners. (infos from github)

docker pull adamdoupe/wackopicko


Max size for attachments by provider (Outlook, Facebook, snapchat, Gmail and more)


Max attachments size limits list by provider

Alibaba: 10Mb
Aol Mail: 25Mb
Domino 9.0.1: 10Mb
Facebook: 25Mb
FastMail: 50mb
Gandi: 25Mb
Gmail: 25Mb (50Mb only for incoming mails)
Gmx: 50Mb
GoDaddy: 20Mb 25mb
Lycos Mail: 35Mb 50Mb 20Mb
MailGun: 25Mb (message including attachments)
Mailfence: 10Mb
Microsoft outlook: 20Mb
Mozilla Thunderbird: 20Mb
Office 365: default 25Mb customizable max: 150Mb
Outlook 2010: 20Mb
Outlook 2013: 20Mb 10Mb
Ovh: 20Mo (webmail) / 100Mb Desktop client
ProtonMail: 25Mb
SnapChat: video 31Mb / image 5Mb
Tutanota: 25mb
WhatsApps: 100Mb
Yahoo Mail: 25 Mb
Yandex Mail: 10Mb
Zoho Mail: 20Mb
Fastdomain: 35Mb
ICloud: 20Mb 35Mb 25Mb 20Mb


Colasoft Ping Tool


Colasoft Ping Tool


Colasoft Ping Tool supports ping multiple IP addresses simultaneously and list the comparative responding times in a graphic chart, which makes it outstanding other ping tools. Our users can not only view historical charts by saving them to *.bmp files, but also ping the IP addresses of captured packets in network analyzer (e.g. Colasoft Capsa Network Analyzer) conveniently, including the resource IP addresses and destination IP addresses.

Requirements: Windows 2000/XP/2003/Vista/7/8/10

Editor website:



Regex ressources


Interactive regex calculator

  • – RegExr is an online tool to learnbuild, & test Regular Expressions (RegEx / RegExp).
  • – Online regex tester and debugger: PHP, PCRE, Python, Golang and JavaScript
  • – Test your regex by visualizing it with a live editor. JavaScript, Python, and PCRE.
  • Regex tester – This online tool allows you to test regular expression in JavaScript.

CVE / Security Bulletins / Vulnerabilities


 CVE / Security Bulletins / Vulnerabilities

metasploit / twitter: @CVEnew / RSS-Newsletters: Newsletter / API: no / country: US

CVE® is a list of entries—each containing an identification number, a description, and at least one public reference—for publicly known cybersecurity vulnerabilities. CVE Entries are used in numerous cybersecurity products and services from around the world, including the U.S. National Vulnerability Database (NVD). / twitter: none / RSS-Newsletters: none / API: no / country: US provides an easy to use web interface to CVE vulnerability data. You can browse for vendors, products and versions and view cve entries, vulnerabilities, related to them. You can view statistics about vendors, products and versions of products. / twitter:@vuldb / RSS-Newsletters: none / API: yes / country: US

Number 1 vulnerability database worldwide with more than 112000 entries available. Our specialists work with the crowd-based community to document the latest vulnerabilities on a daily basis since 1970. Besides technical details there are additional threat intelligence information like current risk levels and exploit price forecasts provided. / twitter:@usnistgov / RSS-Newsletters:yes / API: no / country: US

The Information Technology Laboratory (ITL), one of seven research laboratories within the National Institute of Standards and Technology (NIST), is a measurement and testing laboratory encompassing a wide range of areas of computer science, mathematics, statistics, and systems engineering. ITL collaborates with other NIST laboratories, the Department of Commerce, government agencies, the private sector, standards development organizations, and other national and international stakeholders to develop and implement standards, tests, and metrics. The standards and metrics developed help make information systems more secure, usable, interoperable, and reliable. The resulting measurement and standards infrastructure accelerates innovation in IT and IT-related measurement science, which drive progress across scientific, technology, and commercial applications. / twitter:@nmap / RSS-Newsletters:yes / API: no / country: US

Any hacker will tell you that the latest news and exploits are not found on any web site—not even Insecure.Org. No, the cutting edge in security research is and will continue to be the full disclosure mailing lists such as Bugtraq. Here we provide web archives and RSS feeds (now including message extracts), updated in real-time, for many of our favorite lists. / twitter: / RSS-Newsletters: / API: no / country: US

This wiki provides information on a variety of open source security resources and “best practices” information.

Vulnerability & Exploit Database / twitter:@rapid7/ RSS-Newsletters: / API: no / country: US

Vulnerability Notes Database – Advisory and mitigation information about software vulnerabilities. / twitter:@skyboxsecurity/ RSS-Newsletters: rss/ API: no / country: US

The Vulnerability Canter provides access to the Skybox Vulnerability Database, culling intelligence from 25+ sources, focusing on 1000+ products used in enterprise-scale networks.





ec / twitter: @DarkReading

Dark encompasses ten communities, each of which drills deeper into the enterprise security challenge: Attacks & Breaches, Application Security, Cloud Security, Data Leaks & Insider Threats, Endpoint Security & Privacy, Mobile Security, Network & Perimeter Security, Risk Management & Compliance, Security Management & Analytics, and Vulnerabilities and Threats. Each community is led by editors and subject matter experts who collaborate with security researchers, technology specialists, industry analysts and other Dark Reading members to provide timely, accurate and informative articles that lead to spirited discussions. / twitter: @securityaffairs

Pierluigi Paganini, the founder, ENISA ETL Group, Cyber G7 Group Italy Summit, Ethical Hacker, Researcher, Security Evangelist, Security Analyst. / twitter: @humanhacker

The Social-Engineer Podcast is a monthly discussion hosted by a panel of security experts that make up the SEORG Crew. We include guests from diverse backgrounds to discuss human behavior and its implications for information security. / twitter: @theFifthDomain

Fifth Domain fills that role as a central hub for news, information and collaboration, whether you’re a cyber pro or just getting started. / twitter: @SecurityMag

Fifth Domain fills that role as a central hub for news, information and collaboration, whether you’re a cyber pro or just getting started. / twitter: @threatpost

Threatpost is an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide. / twitter: @zataz

L’actu grand public: #zataz #cybersecurite (french website) – cybersecurity / twitter: none

BBC News provides trusted World and UK news as well as local and regional perspectives / twitter: @SecurityWeek

IT Security News and Information Security News, Cyber Security, Network Security, Enterprise Security Threats, Cybercrime News and more. Information Security Industry Expert insights and analysis from IT security experts around the world. / twitter: @SCMagaziner

Breaking news on cybersecurity, cybercrime, industry insight and security product reviews at SC Media. – cybersecurity / twitter: @CNBC

Latest news on cybersecurity including online standards, hacking awareness, and increasing digital defense.


hackingarticles / twitter: @rajchandel

Hacking articles (Blog) / Raj Chandel’s Blog / twitter: @pentestit

Your source for all things Information Security (India) / twitter: @the_yellow_fall

Security Training Share / twitter: @sucurisecurity

Learn about website security, emerging vulnerabilities, and web malware infections from our team of website security researchers. / twitter: @THEdarknet

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing. / twitter: @PenTestMag

PenTest Magazine is a monthly downloadable IT security magazine, devoted exclusively to penetration testing. It features articles by penetration testing specialists and enthusiasts, experts in vulnerability assessment and management. We cover all aspects of pen testing, from theory to practice, from methodologies and standards to tools and real-life solutions. Each magazine features a cover focus, and articles from our regular contributors, covering IT security news and up-to-date topics. / twitter: @the_yellow_fall

Security Training Share /twitter:@sucurisecurity

Learn about website security, emerging vulnerabilities, and web malware infections from our team of website security researchers. twitter: @THEdarknet

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pentesting. /twitter: @PenTestMag

PenTest Magazine is a monthly downloadable IT security magazine, devoted exclusively to penetration testing. It features articles by penetration testing specialists and enthusiasts, experts in vulnerability assessment and management. We cover all aspects of pen testing, from theory to practice, from methodologies and standards to tools and real-life solutions. Each magazine features a cover focus, and articles from our regular contributors, covering IT security news and up-to-date topics.









Feel free to add others sources in comments, so i can add it on this page 😉