← Back to Public Area
JOHLEM
External Security Resources
297 curated security resources across 13 categories
OSINT & Intelligence
Shodan
Search engine for internet-connected devices
Shodan Search Examples
Search examples for Shodan
Shodan Trends
Insights on internet trends
Censys
Search for internet assets
Censys Support
Censys search use cases
ZoomEye
Cybersecurity search engine
BinaryEdge
Internet scanning and threat intelligence
ONYPHE
Cyber defense search engine
Intelligence X
Search engine for leaked data and archives
VirusTotal
File upload and analysis
urlscan.io
Website analysis and scanning tool
Have I Been Pwned
Check if your email is compromised
Hunter.io
Email finder for professionals
theHarvester
Email and subdomain reconnaissance tool
DNSdumpster
DNS reconnaissance tool
OSINT Framework
Comprehensive OSINT resource directory
Maltego
Visual link analysis tool
SpiderFoot
Automated OSINT collection tool
Wigle
Wireless network mapping tool
PublicWWW
Source code search engine
grep.app
Search across a half million git repos
CRT.sh
Certificate transparency log monitor
Robtex
IP/DNS lookup tool
BuiltWith
Technology lookup tool for websites
Wayback Machine
Archive of historical web content
Pipl
People search engine
Keybase
Secure messaging and file sharing platform
Pastebin
Text storage and sharing tool
PeeringDB
Database of internet exchange points
SpyOnWeb
Domain and IP intelligence
FullContact
Contact enrichment service
DeHashed
Compromised credential lookup
FoFa
Network security search engine
ThreatCrowd
Threat intelligence tool
OTX AlienVault
Open Threat Exchange
PulseDive
Threat intelligence platform
GrayHatWarfare
Search engine for open Amazon S3 buckets
GreyNoise
Internet background noise intelligence
LeakIX
Search platform for publicly indexed data
Netlas
Internet assets search engine
FullHunt
Attack surface discovery platform
SearchCode
Search tool for code repositories
SecurityTrails
DNS data and domain insights
DorkSearch
Google dorking tool
What's My Name?
Username search tool
Blackdot Solutions Videris
Investigative OSINT platform
Fivecast Onyx
OSINT analysis platform
OSINT Combine NexusXplore
OSINT investigative platform
Social Links Crimewall
Investigative OSINT tool
Skopenow
People search and analysis tool
SkyMem
Email address search tool
Talkwalker
Social media monitoring tool
DarkOwl Vision
Dark web monitoring and analysis
Intel Techniques
OSINT investigative tools
Penetration Testing Tools
Metasploit
Penetration testing framework
Burp Suite
Web vulnerability scanner and proxy tool
OWASP ZAP
Web application security scanner
Nmap
Network discovery and security auditing tool
Wireshark
Network protocol analyzer
Aircrack-ng
Wireless network security tool
Hashcat
Advanced password recovery tool
John the Ripper
Password cracking tool
Hydra
Fast network logon cracker
SQLMap
SQL injection tool
Gobuster
Directory and DNS brute-forcing tool
Dirsearch
Directory brute-forcing tool
CrackMapExec
Post-exploitation and lateral movement tool
Impacket
Collection of Python classes for network protocols
Responder
LLMNR, NBT-NS, and MDNS poisoner
Mimikatz
Credential-dumping tool for Windows
Empire
Post-exploitation framework
Cobalt Strike
Adversary simulation and red team operations
Nessus
Vulnerability assessment tool
Masscan
Fast port scanner
Nexpose
Vulnerability scanner and management tool
NetHunter
Penetration testing platform for Android
Core Impact
Penetration testing software
GoPhish
Open-source phishing framework
Wifite2
Automated wireless attack tool
Armitage
GUI for Metasploit for team collaboration
Aquatone
Subdomain reconnaissance tool
BruteX
Automated brute-force tool
CeWL
Custom wordlist generator
CMSmap
CMS scanner for known vulnerabilities
EyeWitness
Capture screenshots of websites and services
Faraday
Collaborative pen-testing IDE
LaZagne
Password recovery tool
PCredz
Capture credentials from packet captures
PowerSploit
PowerShell script-based post-exploitation framework
Recon-ng
Reconnaissance framework with web-based modules
MITMf
Man-In-The-Middle attack framework
LinEnum
Linux privilege escalation tool
pspy
Linux process snooping tool
SET Toolkit
Social engineering attack framework
RouterSploit
Exploitation framework for embedded devices
Photon
Crawler for web app reconnaissance
Nishang
PowerShell scripts for offensive security
Discover
Automated network reconnaissance tool
DNSRecon
DNS reconnaissance tool
LinkFinder
Extract endpoints from JavaScript files
Sn1per
Automated pentesting scanner
Weevely3
PHP web shell
BlackWidow
Web crawling and spidering tool
BeEF
Browser exploitation framework
The Backdoor Factory
Patch binaries with backdoors
Morpheus
Network packet manipulation tool
SecLists
Collection of lists for security assessments
Malware Analysis
VirusTotal
Multi-engine malware scanner
VirSCAN
Multi-engine malware scanner
MetaDefender
Advanced threat prevention platform
Trend Micro Site Safety
Site safety center
URLVoid
Web reputation scanner
APIVoid
URL reputation check tool
Jotti Malware Scan
Free malware scanner for files
ESET Online Scanner
Free malware removal tool
F-Secure Online Scanner
Malware detection tool
TrendMicro HouseCall
Free malware scanner
Kaspersky Security Cloud
Free antivirus suite
Bitdefender Online Scanner
Free online virus removal
Avira Free Security
Free security suite
Comodo Free Scanner
Free malware identification
McAfee GetSusp
Suspicious file identification
Panda Cloud Cleaner
Cloud-based antivirus
Norton Security Scan
Free virus scanning
Quick Heal Online Scan
Malware detection tool
Sophos Free Tools
Security and malware removal tools
FortiGuard Online Scanner
Free malware scanner
Emsisoft Emergency Kit
Portable malware detection
Zemana Online Scanner
Malware and virus scanner
PolySwarm
Malware analysis platform
Vulnerability Research
CVE
Common vulnerabilities and exposures
NVD
National vulnerability database
Exploit Database
Archive of exploits and vulnerabilities
Vulners
Vulnerability search engine with CVE database
Packet Storm Security
Latest vulnerabilities and exploits repository
CIRT.net
Default password database
LOLBAS Project
Living Off The Land Binaries and Scripts
Standards & Compliance
NIST SP 800-53
Security controls guidelines
ISO/IEC 27001
Information security management
PCI DSS
Payment card industry standards
OWASP Top Ten
Web application security risks
CIS Controls
Critical security controls
GDPR
General data protection regulation
HIPAA Security Rule
Healthcare information security
FedRAMP
Federal cloud security assessment
Training & Certification
TryHackMe
Cybersecurity learning platform
Hack The Box
Online penetration testing labs
PentesterLab
Hands-on security training
LetsDefend
Blue team training platform
MalDev Academy
Advanced malware development education
Sektor7 Institute
Malware development training platform
Immersive Labs
Cybersecurity skills platform
Pentester Academy
Cybersecurity training
Altered Security
Cybersecurity training and services
CISSP
Certified Information Systems Security Professional
CISM
Certified Information Security Manager
COBIT
Control Objectives for Information and Related Technologies
ITIL
Information Technology Infrastructure Library
SAFECode
Industry-driven approach to software assurance
Operating Systems
Kali Linux
Penetration testing Linux distribution
Windows
Microsoft desktop operating system
Ubuntu
Popular Linux distribution
CentOS
Linux distribution for servers
Debian
Popular Linux distribution
Red Hat Enterprise Linux
Enterprise Linux distribution
Fedora
Red Hat-based Linux distribution
FreeBSD
Unix-like operating system
OpenBSD
Security-focused Unix-like OS
NetBSD
Portable Unix-like operating system
macOS
Apple desktop operating system
iOS
Apple mobile operating system
Android
Mobile operating system
Qubes OS
Security-focused operating system
Tails
Privacy-focused OS
Whonix
Privacy-focused OS for Tor
Arch Linux
Lightweight Linux distribution
Manjaro
Arch-based Linux distribution
elementary OS
User-friendly Linux distribution
Zorin OS
User-friendly Linux distribution
Solaris
Enterprise Unix operating system
AIX
IBM UNIX operating system
HP-UX
Hewlett-Packard UNIX operating system
Gentoo
Highly customizable Linux distribution
Slackware
Oldest Linux distribution
Raspberry Pi OS
OS for Raspberry Pi
PureOS
Privacy-focused OS
Chromium OS
Open-source operating system
ReactOS
Windows-compatible OS
MINIX 3
Unix-like operating system
QNX
Real-time operating
Security Blogs & Resources
Krebs on Security
Security journalism
Dark Reading
Cybersecurity news
The Hacker News
Cybersecurity news
Schneier on Security
Security analysis
SANS Internet Storm Center
Threat intelligence
Metasploit Blog
Metasploit updates
PortSwigger Blog
Web security insights
Skull Security
Security research
Corelan Blog
Exploit development
DigiNinja
Security tools and research
SIEM & Security Platforms
Splunk
Data-to-everything platform
Elastic SIEM
Real-time security analytics
Azure Sentinel
Cloud-native SIEM
LogRhythm
NextGen SIEM platform
SolarWinds SEM
Security event manager
RFC Standards
RFC Editor
Publisher of technical standards for the internet
IETF RFC Pages
Repository of internet standards and protocols
RFC 791 - IP
Internet Protocol (IP) specification
RFC 793 - TCP
Transmission Control Protocol (TCP)
RFC 1321 - MD5
MD5 Message-Digest Algorithm
RFC 2104 - HMAC
HMAC: Keyed-Hash Message Authentication Code
RFC 2818 - HTTP over TLS
HTTP Over TLS
RFC 4251 - SSH
Secure Shell (SSH) Protocol Architecture
RFC 4301 - IPsec
IPsec Architecture
RFC 4949 - Security Glossary
Internet Security Glossary
RFC 5246 - TLS 1.2
Transport Layer Security (TLS) 1.2
RFC 5280 - X.509
X.509 PKI Certificate and CRL Profile
RFC 6347 - DTLS
Datagram Transport Layer Security (DTLS) 1.2
RFC 6749 - OAuth 2.0
OAuth 2.0 Authorization Framework
RFC 6979 - Deterministic DSA
Deterministic DSA and ECDSA
RFC 7519 - JWT
JSON Web Token (JWT)
RFC 7540 - HTTP/2
Hypertext Transfer Protocol Version 2 (HTTP/2)
RFC 8032 - EdDSA
Edwards-Curve Digital Signature Algorithm (EdDSA)
RFC 8446 - TLS 1.3
Transport Layer Security 1.3
RFC 8484 - DNS over HTTPS
DNS Queries over HTTPS (DoH)
RFC 6238 - TOTP
Time-Based One-Time Password (TOTP) Algorithm
RFC 4226 - HOTP
HOTP: An HMAC-Based One-Time Password Algorithm
RFC 5869 - HKDF
HMAC-based Extract-and-Expand Key Derivation Function
RFC 6797 - HSTS
HTTP Strict Transport Security (HSTS)
RFC 4648 - Base Encodings
The Base16, Base32, and Base64 Data Encodings
RFC 7858 - DNS over TLS
DNS over TLS
RFC 3174 - SHA-1
US Secure Hash Algorithm 1 (SHA-1)
RFC 7296 - IKEv2
Internet Key Exchange Protocol Version 2 (IKEv2)
RFC 8555 - ACME
Automatic Certificate Management Environment (ACME)
RFC 7525 - TLS Recommendations
Recommendations for Secure Use of TLS and DTLS
Programming Languages
Python
High-level, interpreted programming language with a focus on readability
Java
Versatile programming language widely used in enterprise applications
JavaScript
Programming language commonly used in web development
C++
Powerful programming language with object-oriented and low-level features
C
Fundamental programming language used for system and application development
Go
Open-source programming language developed by Google for efficient software development
Rust
System programming language focused on performance and safety
PowerShell
Scripting language and shell framework for task automation in Windows
PHP
Server-side scripting language for web development
Ruby
Dynamic, open-source programming language focused on simplicity
Swift
Programming language developed by Apple for iOS and macOS applications
TypeScript
Superset of JavaScript that adds static typing
Kotlin
Modern programming language fully interoperable with Java, popular for Android development
Scala
Programming language combining object-oriented and functional programming
R
Programming language used primarily for statistical computing and data analysis
Perl
Scripting language known for its text-processing capabilities
Lua
Lightweight, embedded scripting language often used in gaming
Haskell
Functional programming language known for its mathematical foundations
Dart
Programming language optimized for building web and mobile applications
Erlang
Language designed for building scalable and fault-tolerant systems
Elixir
Functional programming language built on the Erlang VM, popular for web applications
Pascal
Procedural programming language used primarily for teaching and academia
Fortran
High-performance language widely used in scientific and engineering applications
Ada
Language with strong typing, designed for mission-critical applications
Julia
High-level, high-performance programming language for technical computing
Groovy
Agile and dynamic language for the Java platform
MATLAB
Programming language and environment for numerical computing and visualization
Shell Script
Scripting language for automating tasks in Unix-based systems
Scheme
Minimalist, functional programming language from the Lisp family
.NET (C#, F#, VB.NET)
Microsofts framework for building Windows and web applications
Objective-C
Object-oriented language mainly used for macOS and iOS development
Microsoft Security & Documentation
Microsoft Docs
Technical documentation
Microsoft Security Response Center
Update guide
Windows Security
Windows security documentation
BitLocker
BitLocker Drive Encryption
Windows Firewall
Configure Windows Firewall
Windows Hello
Configure Windows Hello
Credential Guard
Configure Credential Guard
AMSI Portal
Antimalware Scan Interface (AMSI) Portal
Volume Shadow Copy Service
Volume Shadow Copy Service
SmartScreen FAQ
Microsoft SmartScreen FAQ
Windows Update FAQ
Windows Update FAQ
PowerShell Scripting
PowerShell Scripting Overview
Active Directory Security Groups
Understand Security Groups in Active Directory
Regular Expressions in .NET
Regular Expressions in .NET
Windows Registry
Windows Registry for Advanced Users
File Encryption
File Encryption
NTFS File Systems
FAT, HPFS, and NTFS File Systems
User Account Control
How User Account Control (UAC) Works
PowerShell Environment Variables
About PowerShell Environment Variables
System Configuration Utility
Troubleshooting with System Configuration Utility
Windows Event Types
Windows Event Types
EventLog Key
EventLog Key
Hardware Resources
Hardware Resources
File Explorer
Find and Open File Explorer
Advanced Search Options
Advanced Search Options
Monitoring Active Directory
Monitoring Active Directory for Signs of Compromise
Privacy Tools
DeleteMe
Personal data removal service
Incogni
Data removal service
Tor Project
Anonymous browsing
Signal
Secure messaging
ProtonMail
Encrypted email