Favorites

🌐 Websites (unsorted)

Pentesting & Security Learning

Pwn Guide – A comprehensive guide covering binary exploitation, reverse engineering, and CTF techniques.
Hacksplaining - Cybersecurity Learning – Interactive cybersecurity training that teaches common web vulnerabilities through hands-on lessons.
Hacksplaining - OWASP – A detailed overview of OWASP Top 10 security vulnerabilities with interactive examples.
Hack The Box Academy – A structured platform for learning penetration testing skills through real-world scenarios.
ZSecurity Udemy Courses – Online courses on ethical hacking, penetration testing, and cybersecurity fundamentals.
TCM Security - Practical Junior Penetration Tester (PJPT) Certification – A practical certification designed for junior penetration testers to validate their skills.
CCNAX - Free Software & Tools – A collection of cybersecurity tools and software for ethical hacking and network security.
Cyberclopaedia – A knowledge base containing cybersecurity concepts, tools, and best practices.
HackTricks - Ethical Hacking & Pentesting Guide – A comprehensive security knowledge base covering various attack techniques and defenses.
TryHackMe – A gamified cybersecurity training platform with hands-on labs and learning paths.
PentesterLab – A platform offering practical exercises to learn penetration testing and web security.
PortSwigger Web Security Academy – Free online training for web application security and Burp Suite usage.
Offensive Security Training – Advanced security training, including OSCP and other hands-on certifications.
SANS Cyber Aces – Free online courses covering cybersecurity fundamentals.
Red Team Academy – A learning platform focused on adversarial security and red teaming.
Cybrary – Free and paid courses covering various cybersecurity topics.
Exploit Exercises – A collection of challenges for learning binary exploitation and reverse engineering.
SecurityTube – A video archive of cybersecurity lectures, demos, and hacking tutorials.
Practical Ethical Hacking - TCM Security – An affordable, hands-on ethical hacking course covering penetration testing methodologies.

Vulnerability & Threat Intelligence

Exploit Database – A vast collection of publicly available exploits, maintained by Offensive Security.
OWASP Official Website – The Open Web Application Security Project, providing best practices, tools, and research on web security.
CVE Details - Vulnerability Database – A searchable database of CVEs (Common Vulnerabilities and Exposures) with detailed metadata.
NIST National Vulnerability Database – The U.S. government’s official database for CVEs, vulnerability severity scoring, and remediation information.
MITRE ATT&CK Framework – A structured knowledge base of tactics, techniques, and procedures (TTPs) used by cyber adversaries.
Threat Intelligence - AlienVault OTX – A collaborative threat intelligence platform that shares IoCs (Indicators of Compromise) from cybersecurity researchers worldwide.
Troy Hunt’s Blog - Security Insights – Security analysis, data breach insights, and research from the creator of “Have I Been Pwned”.
Security Headers Scanner – A tool for scanning and analyzing website security headers to detect misconfigurations.
Have I Been Pwned - Data Breach Lookup – A database of known data breaches, allowing users to check if their credentials have been exposed.
Zero Day Initiative (ZDI) – A program that rewards researchers for finding vulnerabilities and shares responsible disclosures.
Cisco Talos Intelligence – A threat intelligence group analyzing emerging cyber threats and providing real-time updates.
FireEye Threat Intelligence – A deep-dive research hub tracking advanced persistent threats (APTs).
Recorded Future – A predictive threat intelligence platform using AI-driven analytics.
Shadowserver – A nonprofit that collects and shares cybersecurity threat intelligence with governments and enterprises.
Censys – A search engine for security research, allowing discovery of exposed services and misconfigurations.
Shodan – A search engine for internet-connected devices, used for security analysis and vulnerability assessment.

Privacy & Online Security

PrivacyTools - Online Privacy Protection – A detailed guide on protecting digital privacy through secure tools and practices.
Surveillance Self-Defense (EFF) – A collection of tips, tools, and guides to defend against digital surveillance.
Firefox Profilemaker – A tool to generate hardened Firefox profiles for improved security and privacy.
FSF - Respects Your Freedom – A list of hardware and software that meet Free Software Foundation privacy standards.
uBlock Origin Wiki – Documentation for one of the most effective open-source content blockers.
IntelTechniques - Privacy Workbook – A comprehensive guide for digital privacy techniques and OSINT defense.
sizeof.cat Security Links – A curated list of privacy and security-related resources.
Stallman on Facebook – Richard Stallman’s critique of Facebook’s privacy violations.
Chromium Woolyss Builds – A selection of de-Googled Chromium builds for enhanced privacy.
PRISM Break – A collection of open-source privacy-focused alternatives to mainstream services.
Techlore – A privacy-focused community offering educational content and tool recommendations.
Privacy Guides – A successor to PrivacyTools.io, providing recommendations for secure software.
The Paranoid’s Bible – A collection of digital security and privacy guides.
Spyware Watchdog – A site listing applications with invasive privacy policies.
Portmaster – A privacy firewall that controls and monitors outbound internet connections.
RethinkDNS – A privacy-focused DNS resolver and firewall for mobile devices.
Decentraleyes – A browser extension that loads common libraries locally to avoid external tracking.
NoScript – A Firefox extension that blocks JavaScript and other potentially malicious scripts.
Little Snitch – A macOS application firewall for monitoring and controlling outbound connections.

OS & Device Security

Heads Threat Model – A deep dive into the security architecture and threat model of the Heads firmware.
Good Software Can Go Bad – A report on how legitimate software can be exploited for malicious purposes.
How To Secure A Linux Server – A step-by-step guide to hardening and securing a Linux server.
SMS Phishing is Way Too Easy – An analysis of SMS phishing techniques and their risks.
SS7 Attacks: Intercepting SMS and Calls – A breakdown of how SS7 vulnerabilities can be exploited for surveillance.
The Six Dumbest Ideas in Computer Security – A critical look at common misconceptions in cybersecurity.
Awesome Security – A curated list of security-related resources, tools, and best practices.
Linux Security Hardening & Other Tweaks – A collection of Linux security configurations and best practices.
Linux Hardening Checklist – A checklist for securing Linux systems against common threats.
GnuPG – The official website of GnuPG, a free implementation of the OpenPGP encryption standard.
Hardening macOS – A guide to securing macOS with system tweaks and privacy enhancements.
Simple SSH Security – Basic steps to harden SSH configurations against attacks.
The Paranoid Security Guide – A collection of tips and techniques for advanced system security.
Security Is Not an Absolute – A discussion on why security must be balanced with usability and practicality.
Anarcho-Tech NYC Wiki – A knowledge base on privacy, security, and digital autonomy.
Security in a Box – A practical guide to digital security tools for activists and journalists.
Windows 10 Security Guide – A comprehensive guide to securing Windows 10 against cyber threats.
ArchWiki: Security – The Arch Linux security wiki, covering hardening techniques and security configurations.
Kali Linux Hardening Guide – Official guidance for securing a Kali Linux installation.
Lynis – An automated security auditing tool for Unix-based systems.
AppArmor – A Linux kernel security module that restricts program capabilities.
SELinux – A mandatory access control mechanism for Linux security.
OSSEC – An open-source host-based intrusion detection system (HIDS).
Windows Hardening Guide – CIS security benchmarks for strengthening Windows operating systems.
Tails OS – A live Linux distribution focused on privacy and anonymity.
Qubes OS – A security-focused operating system that isolates applications in virtualized compartments.

OSINT & Network Security

Resources for open-source intelligence (OSINT) gathering, network security, and reconnaissance techniques.

IP Information Lookup – A tool for retrieving geolocation and network details of an IP address.
Censys - Search for Exposed Devices – A search engine for finding internet-exposed services, certificates, and devices.
Ransom Chat Tracker – A tool for monitoring ransomware groups and their activities.
Ransomware.live - Tracking Ransomware Attacks – A real-time tracker of ransomware incidents worldwide.
Flare.io - Threat Intelligence – A cyber threat intelligence platform for monitoring digital risks.
GCHQ CyberChef - Data Analysis Tool – A powerful open-source tool for encoding, decoding, and analyzing data.
theHarvester – An OSINT tool for gathering emails, domains, and subdomains.
SpiderFoot – An automated OSINT tool for footprinting and reconnaissance.
Maltego – A visual link analysis tool for intelligence gathering and investigations.
Recon-ng – A powerful web reconnaissance framework similar to Metasploit.
Netcraft – A service for analyzing websites, detecting phishing, and tracking server details.
Amass – A subdomain enumeration tool for OSINT and network mapping.
Mitaka – A browser extension for searching multiple threat intelligence services.
URLScan.io – A tool for analyzing and scanning URLs for malicious content.
Pulsedive – A threat intelligence platform providing real-time risk analysis.
FOCA – A tool for metadata analysis and document fingerprinting.
ExifTool – A command-line utility for extracting metadata from images and documents.
DNSTwist – A tool for detecting phishing, typosquatting, and domain name permutations.
Photon – A fast web crawler designed for OSINT and passive reconnaissance.
Trape – A tool for tracking users and analyzing their online behavior in real-time.

Scam Detection & Anti-Fraud

Resources for identifying, tracking, and preventing scams, fraud, and phishing attacks.

Scammer.info - Community Against Scams – A forum dedicated to reporting and discussing online scams and frauds.
PopupDB Scam Generator – A tool that generates fake popups commonly used in scam websites.
Neeps Scambaiting - Finding Scammer Numbers – A resource for scambaiters looking to expose and track down scam phone numbers.
FraudWatch International – A global anti-phishing and anti-fraud service monitoring cyber threats.
PhishTank – A community-driven database of reported phishing links.
Scamwatch – An Australian government initiative tracking and reporting scams.
Stop Scammers – A database of reported online romance and financial scams.
419 Eater – A community focused on exposing and baiting advance-fee fraud (Nigerian 419 scams).
Scam Survivors – A platform that educates users on scams and provides scam victim support.
CyberBunker Fraud Database – A collection of known fraudulent websites and scam operations.
Ripoff Report – A public platform where users can report scams, fraud, and business malpractices.
Scamalytics – A fraud prevention tool that identifies scammer IPs and fake profiles.
ScamBusters – A long-running site that educates users on the latest scams and fraud prevention methods.
FTC Scam Alerts – The Federal Trade Commission’s scam alerts and fraud prevention tips.
ScamAdviser – A tool that analyzes websites to determine if they are fraudulent or risky.
EmailFraud – A service that helps detect fraudulent and phishing emails.

Malware Analysis & Reverse Engineering

Resources and tools for analyzing malware, reverse engineering software, and studying digital threats.

Any.run - Interactive Malware Sandbox – A real-time malware analysis platform that provides an interactive sandbox environment.
Tria.ge - Malware Analysis – A cloud-based malware analysis platform for dynamic and static examination.
VirusTotal – A multi-engine virus scanning service that checks files and URLs for malware.
Hybrid Analysis – A sandbox-based malware analysis tool for detecting malicious behaviors.
CAPE Sandbox – A malware analysis framework specialized in unpacking and analyzing droppers.
FireEye FLARE VM – A Windows-based malware analysis and reverse engineering environment.
REMnux – A Linux distribution with tools for malware reverse engineering.
Cuckoo Sandbox – An open-source automated malware analysis system.
YARA – A tool for identifying and classifying malware samples using custom rules.
Ghidra – A reverse engineering framework developed by the NSA.
Radare2 – A powerful open-source reverse engineering framework for binary analysis.
Binary Ninja – A commercial reverse engineering tool designed for binary analysis and disassembly.
IDA Pro – A widely used disassembler and debugger for reverse engineering.
dnSpy – A .NET debugger and assembly editor used for reverse engineering managed applications.
PEStudio – A tool for inspecting PE (Portable Executable) files to detect malware.
OllyDbg – A classic user-mode debugger for analyzing Windows applications.
x64dbg – A modern open-source x86/x64 debugger for Windows applications.
Rekall – A memory forensics framework used for analyzing live memory dumps.
Volatility – A powerful memory forensics framework for analyzing RAM dumps.
Strings – A simple tool from Sysinternals for extracting readable text from binary files.

Cryptography & Encryption

Resources for learning, implementing, and analyzing cryptographic techniques and encryption tools.

zuluCrypt - Disk Encryption – A simple and easy-to-use Linux-based disk encryption tool.
Picocrypt - Lightweight File Encryption – A lightweight, secure file encryption tool designed for simplicity and speed.
Applied Crypto Hardening – A comprehensive guide to configuring cryptographic tools securely.
GnuPG (GPG) – A free implementation of the OpenPGP encryption standard for securing communications.
OpenSSL – A widely used cryptographic library for implementing TLS/SSL encryption.
Libsodium – A modern cryptographic library designed for usability, security, and performance.
Age – A simple and secure command-line encryption tool.
VeraCrypt – A popular open-source disk encryption tool based on TrueCrypt.
BitLocker – Microsoft’s full-disk encryption solution for Windows.
LUKS (Linux Unified Key Setup) – A standard for Linux disk encryption.
Tails – A live operating system designed for privacy and anonymity, using strong cryptography.
Keybase – A cryptographic identity verification and secure messaging platform.
Cryptomator – A zero-knowledge cloud encryption tool for securing files before upload.
KeePassXC – A free, open-source password manager with strong encryption.
RNP – A modern OpenPGP library supporting encryption, signing, and key management.
SOPS (Secrets OPerationS) – A tool for managing encrypted secrets in files using GPG, AWS KMS, or other backends.
Minisign – A lightweight cryptographic signing tool for verifying file integrity.
Signal – A privacy-focused messaging app with end-to-end encryption.
Wire – A secure collaboration and messaging platform with strong encryption.
OMEMO – A cryptographic protocol for secure, end-to-end encrypted messaging in XMPP.

Miscellaneous & Unsorted

A collection of diverse cybersecurity, privacy, and technology-related resources.

How to Exit the Matrix – A guide to digital privacy, decentralization, and online independence.
Tor Known Exit Nodes – A list of known Tor exit nodes for network analysis and security monitoring.
Blackhat Archives – An archive of presentations and research papers from BlackHat security conferences.
Brave Browser Hardening Guide – A guide to enhancing security and privacy settings in the Brave browser.
DeHashed - Credential Breach Search – A search engine for leaked credentials and data breaches.
Certificate Transparency Search – A tool for searching publicly logged SSL/TLS certificates.
Objection - Mobile Exploitation Framework – A tool for performing runtime mobile security assessments.
LeakCheck - Data Breach Detection – A platform for detecting compromised credentials in data leaks.
EldritchData - Digital Privacy – A privacy-focused website with information on securing online identities.
Detecting Unauthorized Physical Access with Beans & Rice – A unique approach to tamper detection for physical security.
How to Tamper-Protect a Laptop – Techniques for securing a laptop against unauthorized physical access.
Haven: Keep Watch - Phone Surveillance App – An app that turns an Android phone into a motion, sound, and vibration security sensor.
Cybersecurity Handbook – A structured guide for understanding cybersecurity principles and best practices.
Bruteforcing Wordlists – A repository of password wordlists for penetration testing and password auditing.
PwnedKeys – A database of known compromised cryptographic keys.
Digital Security & Privacy Guide – A comprehensive guide for individuals and organizations to enhance security.
Privacy Enhancing Technologies – A collection of tools for improving digital privacy.
EFAIL Attacks – A research site documenting vulnerabilities in email encryption protocols.
Malware Unicorn – A blog covering malware analysis, reverse engineering, and exploit development.
GreyNoise – A cybersecurity intelligence platform for filtering out internet background noise from malicious scans.
Hardwear.io – A conference and resource hub focused on hardware security.
RouterSploit – A penetration testing framework targeting routers and IoT devices.
SecLists – A collection of security-related wordlists for pentesting and reconnaissance.
UptimeRobot – A monitoring tool for tracking the uptime and performance of websites and services.
ffuf – A fast web fuzzer for discovering directories, subdomains, and API endpoints.

Tools

A collection of cybersecurity, OSINT, and web security tools for various applications.

Transparent Textures – A tool for generating and using transparent background textures for web design.
Gradient Generator – A visual gradient tool for designing smooth CSS gradients.
Burp Suite – A powerful web vulnerability scanner and penetration testing tool.
SQLmap – An automated tool for detecting and exploiting SQL injection vulnerabilities.
Nikto – A web server scanner for detecting security vulnerabilities.
Metasploit Framework – A widely used penetration testing and exploit development framework.
John the Ripper – A password cracking tool for security auditing and penetration testing.
Hydra – A login cracker that supports numerous attack protocols.
Hashcat – A high-performance password recovery and brute-force attack tool.
Responder – A tool for capturing and relaying NTLM authentication data.
Aircrack-ng – A wireless security auditing tool for cracking Wi-Fi passwords.
ReNgine – An automated reconnaissance framework for OSINT and penetration testing.
Sn1per – An automated reconnaissance and penetration testing scanner.
Gobuster – A tool for brute-forcing directories and subdomains.
Photon – A fast and efficient web crawler designed for OSINT and information gathering.
Amass – A powerful subdomain enumeration and external asset discovery tool.
Dirbuster – A multi-threaded directory and file brute-force scanner.
Sublist3r – A tool for subdomain enumeration using multiple search engines.
Shodan – A search engine for discovering internet-connected devices.
Censys – A tool for discovering exposed services and security vulnerabilities across the internet.
XSStrike – A powerful XSS vulnerability scanner.
Ffuf – A fast and customizable web fuzzer for reconnaissance.
Wfuzz – A tool for brute-forcing web application parameters and discovering hidden files.
Dnsrecon – A DNS enumeration tool for mapping domain infrastructure.
Security Headers – A tool for analyzing and improving HTTP security headers.
TheHarvester – An OSINT tool for gathering email addresses, subdomains, and IPs.
Sherlock – A username enumeration tool for discovering online profiles across social networks.
Holehe – A tool for checking if an email is associated with social media accounts.
PyPhisher – An advanced phishing framework for capturing credentials and bypassing 2FA.
Social-Engineer Toolkit (SET) – A toolkit for social engineering attacks and phishing simulations.
OSINT Framework – A categorized collection of OSINT tools and resources.

Webrings

Collections of interconnected websites dedicated to niche topics, communities, and personal projects.

Webring History – A historical overview of the evolution of webrings and their significance.
Webring List – A directory of existing and defunct webrings from the early internet.
Webring Technology – An analysis of how webrings function and their technical implementation.
Homebrew Computers Web-Ring – A webring dedicated to DIY computing and homebrew hardware projects.
Funky Webring – A collective of independent and creative websites with a retro aesthetic.
Lainring – A webring inspired by Serial Experiments Lain, featuring cyberpunk and technology-focused sites.
Yesterweb Webring – A webring focused on preserving the old-school web aesthetic and user-generated content.
Neocities Webring – A collection of personal and indie websites hosted on Neocities.
Indie Webring – A decentralized network of independent web creators and bloggers.
Gemini Webring – A directory of websites using the minimalist Gemini protocol.
The 512KB Club – A webring showcasing lightweight, fast-loading websites under 512KB.
The 1MB Club – A directory of websites optimized to stay under 1MB in size.
Bring Back Blogging – A movement advocating for independent blogging and personal websites.
Gossip’s Web – A web directory celebrating non-commercial, personal, and quirky sites.

Communities

Online forums, message boards, and social spaces focused on cybersecurity, hacking, privacy, and technology.

Basement Community – A forum for discussing hacking, cybersecurity, and underground tech culture.
MelonLand Forum – A creative space for discussing personal websites, old web aesthetics, and digital nostalgia.
My Digital Life – A technology-focused community covering software modifications, licensing, and security topics.
Malleable Systems Collective – A group dedicated to discussing flexible computing and open-source technology.
Wirechan – An anonymous imageboard with a focus on technology, hacking, and privacy discussions.
Tilde.club – A UNIX-based community providing shell access for members to host their own personal pages.
Tildeverse – A collection of tilde servers fostering small-scale, community-driven computing.
Envs.net – A minimalist community offering free shell accounts for personal web hosting.
Ctrl-C Club – A community-driven UNIX shell provider that encourages creative computing.
Indie Hackers – A forum for entrepreneurs and developers building online projects and businesses.
Littr.me – A decentralized microblogging platform for privacy-conscious users.
4chan – A widely known anonymous imageboard with various boards for discussions, including technology and hacking.
Dataswamp – A tech-focused community with a strong emphasis on free software and privacy.
Chans List – A directory of anonymous imageboards and alternative discussion platforms.
Heyuri – A small-scale imageboard community with a nostalgic old-internet feel.
KiwiFarms – A controversial discussion forum known for archiving and tracking internet subcultures.
ImageBoards.net – A directory of active imageboards across the internet.
HackTheBox Community – A forum for ethical hackers and cybersecurity enthusiasts.
Exploit.in – A cybersecurity and hacking forum with discussions on vulnerabilities and exploits.
Reddit r/Netsec – A subreddit focused on cybersecurity news, research, and tools.
NullByte – A hacking community offering tutorials and discussions on penetration testing.
Open Source Security Mailing List – A mailing list for discussing vulnerabilities and security research.
Skidbin – A repository of scripts and tools, primarily focused on cybersecurity.
Evilzone – A hacking and security-focused forum for discussing ethical hacking and malware analysis.

Feeds

A collection of RSS resources, feed readers, and aggregation tools for staying updated on cybersecurity, privacy, and technology news.

General

RSS – An introduction to RSS (Really Simple Syndication) and its uses.
Introduction to Atom – A guide to the Atom feed format and its structure.
Atom Syndication Spec – The official specification for Atom feeds.
h-feed Microformat – A lightweight format for structuring web content feeds.
JSON Feed – An alternative feed format using JSON instead of XML.
OPML Spec – A format for outlining and sharing collections of feeds.
twtxt – A minimal, decentralized microblogging format based on plaintext files.

Readers

Newsboat – A fast and lightweight terminal-based RSS/Atom feed reader.
Sfeed – A simple feed parser designed for UNIX environments.
Tiny Tiny RSS – A self-hosted web-based feed reader with extensive customization.
spaRSS – An Android RSS reader focused on privacy and offline reading.
selfoss – A web-based, self-hosted RSS reader and aggregator.
FeedReader – A GTK-based feed reader for Linux desktops.
Aperture – A microsub server for collecting and managing feeds.
Monocle – A web-based microsub client for interacting with feed aggregators.
Thunderbird – A powerful email client with built-in RSS feed support.
NetNewsWire – A free and open-source RSS reader for macOS and iOS.

Generators

feedparser – A Python library for parsing RSS and Atom feeds.
SimplePie – A PHP-based RSS and Atom feed parser.

Static Site Generators

A collection of tools for generating fast, secure, and lightweight static websites.

Jekyll – A Ruby-based static site generator commonly used for GitHub Pages.
Hugo – A fast and flexible Go-based static site generator.
Eleventy – A simple yet powerful JavaScript-based static site generator.
Gatsby – A modern React-based framework for building static sites.
Grav – A file-based CMS that generates static pages without a database.
Zola – A Rust-based static site generator with built-in themes and markdown support.
Soupault – A highly customizable HTML-based static site generator with automation features.
Pelican – A Python-powered static site generator with multilingual support.
Middleman – A flexible static site generator using Ruby.
Nikola – A static site generator designed for blogging, written in Python.
MkDocs – A simple, documentation-focused static site generator using Markdown.
Hexo – A fast and efficient Node.js-powered static site generator.
Docusaurus – A React-based static site generator optimized for documentation.
Statiq – A .NET-based static site generator with extensive automation capabilities.
Harp – A static site generator that compiles assets on the fly, built with Node.js.
Metalsmith – A pluggable static site generator that processes Markdown and templates.

Web directories

Web Directories

Collections of curated websites, personal blogs, and independent web resources.

Website Discovery – A guide to exploring and discovering independent and obscure websites.
Terra – A web directory focusing on unique and personal websites.
The Whimsical Web – A collection of creative, artistic, and quirky websites.
PersonalSit.es – A directory showcasing personal and independent websites.
ooh.directory – A curated list of interesting personal and niche websites.
Ye Olde Blogroll – A blogroll-style directory featuring independent blogs and personal sites.
Search My Site – A search engine for discovering personal blogs and small websites.
Peelopaalu – A hand-picked collection of unique and obscure websites.
Neocities – A modern revival of the old Geocities web community.
Marginalia – A search engine designed to surface lesser-known, non-commercial websites.
The Big List of Personal Websites – A large index of personal websites and blogs.
The Geocities Gallery – An archive preserving old Geocities pages.
uses.tech – A directory of developers sharing their personal setups and tools.
nownownow – A collection of personal “now” pages, where people share what they’re currently focused on.
512KB Club – A directory of websites optimized to be under 512KB in size.
1MB Club – A collection of websites that are under 1MB in total size.
Bring Back Blogging – A project encouraging the revival of personal blogging.
Gossip’s Web – A curated list of independent and unusual websites.
Indie Web Directory – A decentralized web directory featuring indie and self-hosted sites.
LinkLane.net – A growing collection of independent websites and resources.
Curlie – The modern continuation of the once-popular Open Directory Project (DMOZ).
Privacy-Friendly Frontends – A list of alternative frontends for popular websites that enhance privacy.
The Anarchist Library – A collection of anarchist literature, essays, and philosophy.
DarknetLive – A news site covering darknet markets, privacy issues, and cybercrime.
Dataplex – A search engine for rare and obscure files, datasets, and documents.
The Useless Web – A site that takes users to a random, humorous, or strange website.
Gemini Search – A search engine for Gemini protocol-based websites.
Internet Archive - Wayback Machine – A digital archive of web pages for historical reference.
Lainchan Webring – A decentralized web directory inspired by cyberpunk themes.
Open Directories – A collection of publicly accessible file directories.
Strange Websites – A directory of unusual, weird, and esoteric websites.
Text-Only Websites – A showcase of minimal, text-based websites for fast browsing.
The Secret Web – A collection of lesser-known and hidden web communities.
The Web Revival – A modern movement celebrating independent, non-corporate web spaces.
World Wide Web Size – A tool estimating the number of indexed web pages.
Obscure Internet – A collection of odd, rare, and forgotten internet relics.
The Personal Web – A curated directory of personal websites, blogs, and portfolios.
Cyberculture Directory – A list of digital communities, forums, and niche web hubs.
IndieWebCamp – A movement advocating for independent web publishing.
Small Web – A project promoting non-corporate, community-driven web spaces.
Self-hosted Web Directory – A collection of self-hosted, privacy-conscious online services.
Weird Web – A collection of internet oddities, lost web pages, and experimental sites.
Web3 Discovery – A directory of decentralized and blockchain-based websites.
Xxiivv – A personal knowledge base and web directory of experimental internet projects.
The Yesterweb – A nostalgic community celebrating the independent and DIY web.
Retro Web Directory – A catalog of vintage internet sites and projects.
Surreal Sites – A directory of bizarre, artistic, and dreamlike websites.
FreakNet – An underground directory of alternative web resources and hacktivist projects.
Hidden Wiki – A dark web wiki listing various Tor hidden services.
Deep Web Sites – A catalog of onion sites and decentralized web services.
Internet Gems – A collection of creative, weird, and overlooked web pages.
Personal Directory – A place for individuals to share personal sites and projects.
Digital Fossils – A directory of forgotten, archived, and discontinued websites.

🛠 GitHub Repositories

Awesome Hacking - Hack with GitHub - A collection of hacking resources
PayloadsAllTheThings – A collection of useful payloads and bypass techniques for security testing.
Awesome Pentest – A curated list of penetration testing resources, tools, and techniques.
Bug Bounty Tips – A collection of tips and resources for bug bounty hunters.
Red Teaming Toolkit – A list of security tools used by red teamers and ethical hackers.
nmap – The official repository of Nmap, a powerful network scanner.
Metasploit Framework – The most popular penetration testing framework.
SecLists – A collection of security-related wordlists for testing and discovery.
Osmedeus – An automated offensive security framework.
Sn1per – An automated reconnaissance and vulnerability scanning tool.
OWASP ZAP – The official repository of the OWASP ZAP security scanner.
Nikto – A web server vulnerability scanner.
PopupDB-Data – A collection of data for generating fake popups and scam baiting.
awesome-censys-queries – A curated list of useful queries for searching Censys data.
awesome-search-queries – A list of powerful search queries for various search engines and tools.

Awesome Lists <3

Awesome Cybersecurity – A curated list of cybersecurity resources, including pentesting, CTFs, and cryptography.
Awesome Infosec – A well-maintained list of infosec resources, covering a wide range of security topics.
Awesome OSINT – A collection of open-source intelligence (OSINT) tools and techniques.
Awesome Threat Intelligence – A curated list of threat intelligence tools, sources, and methodologies.
Awesome Malware Analysis – A repository of malware analysis tools, blogs, and resources.
Awesome Incident Response – A list of tools and resources for handling cybersecurity incidents.
Awesome Privacy – A collection of privacy-enhancing tools, guides, and research.
Awesome Network Security – A comprehensive list of network security resources and learning materials.
Awesome Red Teaming – A resource list for red team operations, penetration testing, and adversarial simulations.
Awesome Cyber Threat Intelligence – A collection of threat intelligence platforms, feeds, and analysis techniques.
Awesome Exploits – A curated list of exploit development tools, research, and methodologies.
Awesome Forensics – A compilation of digital forensics tools and forensic investigation techniques.
Awesome Cryptography – A list of cryptographic libraries, resources, and research.
Awesome Bug Bounty – A repository for bug bounty resources, write-ups, and methodologies.
Awesome Reverse Engineering – A collection of reverse engineering tools, books, and resources.
Awesome Security Hardening – A guide to security hardening for various operating systems and applications.
Awesome Dark Web – A list of resources related to the dark web, including anonymity tools and research.
Awesome Linux Security – A collection of Linux security hardening techniques and tools.
Awesome Anonymity – A repository of tools and guides for online anonymity.
Awesome Car Hacking – A list of resources for automotive cybersecurity and hacking.
Awesome IoT Security – A curated list of IoT security resources, tools, and research papers.
Awesome Cloud Security – A collection of cloud security tools, methodologies, and best practices.
Awesome DevSecOps – A guide to integrating security practices into DevOps workflows.
Awesome AI Security – A list of research papers, tools, and resources on AI security and adversarial machine learning.
Awesome Threat Modeling – A compilation of threat modeling methodologies and frameworks.
Awesome Adversarial Machine Learning – A resource list covering security vulnerabilities in machine learning models.
Awesome Supply Chain Security – A collection of tools and techniques for securing software supply chains.
Awesome SIEM – A list of Security Information and Event Management (SIEM) tools and resources.
Awesome ICS Security – A compilation of security tools and resources for Industrial Control Systems (ICS).
Awesome CTF – A comprehensive list of Capture The Flag (CTF) resources, challenges, and platforms.
Awesome Social Engineering – A collection of social engineering tools, research, and training resources.
Awesome Honeypots – A list of honeypot projects, research, and deployment guides.
Awesome Web Security – A repository of web security tools, vulnerabilities, and research.
Awesome Memory Forensics – A collection of memory forensics tools and analysis guides.
Awesome Privacy Policies – A collection of privacy policy templates, compliance guides, and legal resources.
Awesome Offensive Security – A resource list focused on offensive security tactics and red teaming.
Awesome Network Forensics – A collection of network forensics tools, case studies, and methodologies.
Awesome Active Directory Security – A list of tools and techniques for securing and attacking Active Directory environments.
Awesome Web Scraping – A list of web scraping tools, techniques, and resources.
Awesome Zero Trust Security – A guide to implementing Zero Trust security frameworks.
Awesome OPSEC – A list of operational security (OPSEC) best practices and tools.
Awesome Threat Detection – A curated list of threat detection strategies and incident response frameworks.
Awesome Smart Contract Security – A resource list for blockchain and smart contract security.
Awesome Insider Threat – A list of tools and research on detecting and mitigating insider threats.

📖 Blogs

Cybersecurity & Hacking Blogs

A collection of blogs covering penetration testing, cybersecurity research, vulnerabilities, and hacking techniques.

TCM Security Blog – Cybersecurity insights, pentesting methodologies, and ethical hacking guides.
Ethical Hacking Blog – Tutorials and guides on ethical hacking techniques, tools, and methodologies.
EC-Council’s Ethical Hacking Blog – Articles on ethical hacking, penetration testing, and cybersecurity careers.
Ethiack Blog – Insights into cybersecurity trends, tools, and penetration testing techniques.
Global Institute of Cyber Security & Ethical Hacking Blog – Discussions on cybersecurity news, ethical hacking, and best practices.
Medium’s Ethical Hacking Articles – A collection of articles and write-ups from cybersecurity professionals.
Orange Cyberdefense’s Ethical Hacking Blog – Research and case studies in ethical hacking and digital security.
Dark Reading – Cybersecurity news, research, and insights into digital threats.
Krebs on Security – Investigative journalism on cybercrime, hacking, and security breaches.
Troy Hunt’s Blog – Security insights, data breaches, and web security discussions.
The Hacker News – A cybersecurity news platform covering the latest threats and vulnerabilities.
PortSwigger Blog – Research, write-ups, and guides on web application security.
Google Project Zero Blog – Research on zero-day vulnerabilities and security flaws.
Cisco Talos Intelligence Blog – Threat intelligence, malware research, and attack analysis.
FireEye Threat Research – Cyber threat analysis, malware investigations, and security research.
Mandiant Blog – Cybersecurity incidents, APT tracking, and threat intelligence.
Palo Alto Unit 42 Blog – Advanced threat research, malware analysis, and security insights.
CrowdStrike Blog – Endpoint security, threat intelligence, and adversary tracking.
Checkpoint Research – Cyber attack research, vulnerability reports, and malware trends.
Sophos Naked Security – Cybersecurity news, best practices, and security awareness tips.
Malwarebytes Labs – Malware analysis, cyber threats, and security industry updates.
SANS Internet Storm Center – Real-time threat analysis, security advisories, and vulnerability tracking.
System Overlord – Exploit development, binary exploitation, and security research.
0x00sec – Ethical hacking, cybersecurity tutorials, and malware analysis.
HackerOne Blog – Bug bounty write-ups, vulnerability disclosures, and security insights.
Bugcrowd Blog – Bug bounty industry trends, hacking methodologies, and security research.
Red Team Notes – Red teaming methodologies, attack simulation, and post-exploitation techniques.
SecLists.org – A collection of cybersecurity mailing lists and vulnerability disclosures.
Infosec Writeups – Hacking write-ups, vulnerability reports, and security tips.
HackerSploit Blog – Penetration testing guides, security tools, and hacking tutorials.
We Live Security – Cyber threat news, digital security, and malware analysis.
Exploit Database Blog – Public exploit write-ups and security advisories.
Daniel Miessler’s Blog – Cybersecurity news, technology insights, and privacy discussions.
NCC Group Blog – Security research, penetration testing, and vulnerability analysis.
ReversingLabs Blog – Threat intelligence, malware research, and software supply chain security.
Trail of Bits Blog – Security engineering, cryptography, and vulnerability research.
The DFIR Report – Incident response case studies, malware investigations, and digital forensics.
Cybereason Blog – Threat research, ransomware analysis, and security strategy.
Securelist – Kaspersky’s cybersecurity blog covering APTs, malware, and cyber threats.
Intel 471 Blog – Cybercrime intelligence, dark web analysis, and security reports.
Deep Dot Web – Research on darknet marketplaces, cybercriminal activity, and anonymous web.
Zero Day Initiative – Zero-day vulnerability research, exploit development, and security advisories.

Hacking Forums

A collection of online communities, forums, and underground platforms focused on cybersecurity, ethical hacking, penetration testing, and exploit research.

Nodo313.net – A Spanish-language hacking and cybersecurity forum.
CyberArsenal – A community for ethical hackers, penetration testers, and security professionals.
XSS.is – A well-known forum discussing web application security, exploits, and vulnerabilities.
OnniForums – A hacking-focused community covering exploits, pentesting, and coding.
BHF.IM – A Russian-language cybersecurity and hacking forum.
Leak Zone – A community focused on data leaks, breaches, and cyber investigations.
IN4Bz – A private hacking and cybersecurity forum.
Exposed – A discussion platform for OSINT, hacking, and underground research.
Exploit.in – A long-standing forum for vulnerability research, exploits, and cybercrime discussions.
Hack The Box Forums – The official community forum for Hack The Box users.
Torum – A darknet-focused discussion forum for cybersecurity and anonymous browsing.
OpenSC Forum – A forum for smart card security, authentication, and cryptographic discussions.
Root Me Forums – A cybersecurity training platform with an active community forum.
Reddit r/HowToHack – A hacking-focused subreddit discussing pentesting, tools, and methodologies.
Reddit r/NetSec – A cybersecurity community focused on vulnerabilities, news, and research.
0x00sec – A hacking forum for ethical hackers and cybersecurity researchers.
Exploit Database Community – A discussion hub for exploit developers and security researchers.
Hack Forums – One of the largest and longest-running hacking forums, covering various cybersecurity topics.
Nulled – A forum focused on cracking, cybersecurity, and underground discussions.
Sinister.ly – A hacking and technology forum with a mix of ethical and unethical discussions.
Raid Forums – A now-defunct forum known for leaked databases and underground hacking discussions.
Cracked.to – A community focusing on cracked software, hacking tools, and cybersecurity discussions.
BreachForums – A successor to RaidForums, focused on leaked databases and security discussions.
WeAreDevs – A hacking and development forum focused on exploits, software security, and game hacking.
Torum Dark Web Forum – A dark web hacking and cybersecurity discussion board.
Dark0de – A forum for ethical and black-hat hacking discussions.
Malware Analysis Forums – A forum for discussing malware research, reverse engineering, and threat analysis.
Dread – A darknet discussion forum covering cybersecurity and anonymity topics.
Blackhat World – A forum focused on hacking, SEO, and cyber-related business strategies.
The Real Deal – A forum known for cybercrime discussions and underground marketplaces.
EvilZone – A hacking forum focused on ethical and technical hacking topics.

🎥 YouTubers

Hackersploit – Ethical hacking tutorials, penetration testing techniques, and security courses.
David Bombal – Networking, cybersecurity, ethical hacking, and CCNA/CCNP training.
NetworkChuck – Cybersecurity, hacking, and IT certification training.
The Cyber Mentor – Ethical hacking, penetration testing, and bug bounty guides.
John Hammond – Cybersecurity challenges, malware analysis, and hacking tutorials.
LiveOverflow – In-depth cybersecurity and reverse engineering content.
IppSec – Hack The Box walkthroughs, penetration testing guides, and cybersecurity challenges.
Null Byte – Ethical hacking, cybersecurity techniques, and CTF walkthroughs.
HackerOne – Bug bounty discussions, hacker interviews, and vulnerability research.
Seytonic – Security news, hacking methods, and cybersecurity insights.
STÖK – Bug bounty hunting, web application security, and hacking methodologies.
CryptoCat – Reverse engineering, exploit development, and hacking techniques.
Bugcrowd – Bug bounty insights, hacking tutorials, and vulnerability reports.
PwnFunction – Ethical hacking tutorials, cybersecurity concepts, and red teaming techniques.
Professor Messer – Free CompTIA Security+ and networking certification training.
HackerSploit – Penetration testing, ethical hacking, and cybersecurity training.
ZSecurity – Hacking tutorials, penetration testing tools, and security awareness.
Hacker Shack – Cybersecurity, ethical hacking, and hardware security projects.
ThioJoe – Tech security tips, hacking tools, and cybersecurity awareness.
Practical Networking – Cybersecurity fundamentals, networking, and security best practices.
Grant Collins – Cybersecurity careers, ethical hacking, and penetration testing.
Joseph Delgadillo – Cybersecurity and ethical hacking full courses.
NahamSec – Bug bounty hunting, live hacking, and security research.
Georgi Guninski – Web security vulnerabilities, exploit development, and ethical hacking.
CyberInsight – Cybersecurity certifications, networking, and pentesting.
Alexis Ahmed – Cybersecurity tutorials, ethical hacking, and penetration testing courses.
Pentester Academy TV – Ethical hacking, red teaming, and security challenges.
Hacker101 – A free web security training course by HackerOne.
HackRight – Cybersecurity and ethical hacking training for beginners.

📺 YouTube Videos

2025 Ethical Hacker Roadmap - David Bombal – A guide to becoming an ethical hacker in 2025.
InfoStealer Malware Analysis – A deep dive into InfoStealer malware and its impact.
How Hackers Can Hack Your WiFi – An exploration of WiFi hacking techniques and countermeasures.
How to Hack Any Website - Ethical Hacking – A web penetration testing tutorial covering common vulnerabilities.
How to Become an Ethical Hacker – A step-by-step guide to entering the ethical hacking industry.
Social Engineering: How Hackers Trick You – An in-depth look at social engineering tactics used by attackers.
Real-World Bug Bounty Hunting – A guide to finding and reporting vulnerabilities in bug bounty programs.
Metasploit for Beginners – A tutorial on using the Metasploit framework for penetration testing.
Buffer Overflow Exploits Explained – A beginner-friendly explanation of buffer overflow attacks.
How to Hack Facebook Accounts (Ethically) – A demonstration of security vulnerabilities and how to protect accounts.
Wireshark Basics for Network Analysis – A practical guide to using Wireshark for packet analysis and network security.
Privilege Escalation in Windows – A tutorial on Windows privilege escalation techniques for penetration testing.
Reverse Engineering Malware – A beginner’s guide to analyzing and reversing malware.
Red Teaming vs. Blue Teaming – A discussion on offensive vs. defensive cybersecurity strategies.
How to Use Burp Suite for Web Hacking – A comprehensive tutorial on using Burp Suite for web security testing.
Linux Privilege Escalation Techniques – A guide to exploiting misconfigurations and vulnerabilities in Linux systems.
Top 10 Web Vulnerabilities - OWASP – An overview of the OWASP Top 10 security risks in web applications.
The Dark Web Explained – A deep dive into the dark web, anonymity tools, and hidden services.
How to Anonymize Yourself Online – A practical guide to online privacy and anonymity.
Steganography: Hiding Data in Images – A demonstration of how attackers hide data using steganography techniques.
AI in Cybersecurity: Friend or Foe? – A discussion on the impact of AI in cybersecurity and hacking.
Top 5 Hacking Tools Every Hacker Should Know – A breakdown of essential tools used by ethical hackers.
How to Secure Your Digital Life – Cybersecurity best practices to protect against cyber threats.

📚 Online Courses

Cybersecurity Courses

Introduction to Cybersecurity - Cisco NetAcad – A beginner-friendly introduction to cybersecurity concepts.
Cybersecurity Essentials - Cisco NetAcad – A course covering the basics of securing networks and systems.
SANS Cybersecurity Training – Professional cybersecurity training covering various security topics.
InfoSec Institute – A cybersecurity learning platform with courses on ethical hacking, SOC analysis, and threat intelligence.
Practical Ethical Hacking - TCM Security – A hands-on ethical hacking course covering real-world scenarios.
Offensive Security Training (OSCP) – Advanced penetration testing courses, including OSCP certification training.
Cybrary – Free and paid cybersecurity courses, including ethical hacking and network defense.
MIT OpenCourseWare - Computer Systems Security – A high-level cybersecurity course from MIT.
Harvard’s Cybersecurity Course – Harvard’s introduction to cybersecurity concepts and security strategies.
Google Cybersecurity Certificate – A beginner-friendly cybersecurity certification offered by Google.
CISA Cybersecurity Training – Free cybersecurity training from the U.S. Cybersecurity and Infrastructure Security Agency.

General Tech & Programming

Google’s Python Class – A free course covering Python programming fundamentals.
Machine Learning Basics - Coursera – An introduction to machine learning from Stanford University.
Harvard CS50 - Introduction to Computer Science – A comprehensive introduction to computer science and programming.
Udacity Security Analyst Nanodegree – A course covering security operations and network defense.
Microsoft Learn - Security, Compliance, and Identity – Microsoft’s training for securing Windows environments.

Bug Bounty & Web Security

Web Security Academy - PortSwigger – A free, hands-on web application security training platform.
Hacker101 – Free cybersecurity training from HackerOne, focused on bug bounty techniques.
Burp Suite Academy – A detailed guide to web security testing using Burp Suite.
Bugcrowd University – Free bug bounty hunting lessons and methodologies.
OWASP Academy – Open-source web security training based on OWASP standards.
PentesterLab – Hands-on penetration testing challenges and security training.

Red Teaming & Ethical Hacking

Practical Red Teaming - TCM Security – A guide to red team operations, adversary simulations, and post-exploitation tactics.
TryHackMe – An interactive cybersecurity learning platform with real-world hacking scenarios.
Hack The Box Academy – A structured platform for learning penetration testing and cybersecurity skills.
Zero to Hero Ethical Hacking Course – A comprehensive Udemy course on ethical hacking.
Practical Malware Analysis & Triage - Udemy – A course covering malware analysis techniques.
eLearnSecurity Certified Professional Penetration Tester (eCPPT) – A red teaming and penetration testing certification course.

Blue Teaming & Incident Response

Blue Team Academy – Cyber defense training for SOC analysts, security engineers, and forensic analysts.
Splunk Security Training – A course on SIEM and security analytics.
Security Onion Training – A guide to using Security Onion for threat detection and network monitoring.
SANS Cyber Defense Training – Blue team-focused cybersecurity training.
Incident Response & Digital Forensics - Cybrary – A course on handling security incidents and conducting digital forensics.

Cryptography & Reverse Engineering

Applied Cryptography Course - Coursera – A course on modern cryptographic techniques.
Modern Binary Exploitation - RPISEC – A free course covering binary exploitation and reverse engineering.
Reverse Engineering for Beginners – A free eBook and course on reverse engineering techniques.
Radare2 & Ghidra Reverse Engineering Training – A guide to reverse engineering using Radare2 and Ghidra.

🔥 Notable People in Cybersecurity

Notable People in Cybersecurity

A list of influential figures in cybersecurity, ethical hacking, cryptography, and digital privacy.

Sparc Flow – Author of Red Teaming and expert in offensive security.
Kevin Mitnick – Former hacker turned security consultant and author of The Art of Deception.
Bruce Schneier – Cryptographer and security expert, author of Applied Cryptography and Secrets and Lies.
Dan Kaminsky – Known for discovering critical DNS vulnerabilities and cybersecurity advocacy.
Mikko Hyppönen – Cybersecurity researcher, malware analyst, and public speaker on cyber threats.
Katie Moussouris – Creator of Microsoft’s bug bounty program and advocate for ethical hacking.
Charlie Miller – Famous for hacking Apple devices and automotive cybersecurity research.
Chris Nickerson – Red teamer, penetration tester, and founder of Lares Security.
Tavis Ormandy – Security researcher at Google Project Zero, known for vulnerability research.
Marcus Hutchins – The security researcher who stopped the WannaCry ransomware attack.
Jon Erickson – Author of Hacking: The Art of Exploitation, expert in exploit development.
Runa Sandvik – Privacy and security expert, contributor to Tor network security.
Jayson E. Street – Social engineering and physical penetration testing expert.
Haroon Meer – Founder of Thinkst, creator of the Canary honeypot system.
Peiter “Mudge” Zatko – Former L0pht hacker, worked in DARPA and Twitter security leadership.
Robert Morris Sr. – Cryptographer, NSA official, and co-creator of the Unix password system.
Gene Spafford – Security researcher and professor, known for early malware research.
Ross Anderson – Security engineering expert and author of Security Engineering: A Guide to Building Dependable Distributed Systems.
Phil Zimmermann – Creator of PGP (Pretty Good Privacy) encryption software.
Whitfield Diffie – Co-creator of public-key cryptography and Diffie-Hellman key exchange.
Ralph Merkle – Pioneer in cryptography, co-inventor of Merkle trees and public-key cryptography.
Adam Back – Creator of Hashcash, a proof-of-work system used in Bitcoin.
Hal Finney – Cryptographer, developer of PGP, and early Bitcoin adopter.
Richard Stallman – Founder of the GNU Project and Free Software Foundation, advocate for software freedom.
Edward Snowden – Former NSA contractor who exposed global surveillance programs.
Jacob Appelbaum – Tor advocate and cybersecurity researcher.
Joanna Rutkowska – Founder of Qubes OS, known for hardware-level security research.
Alex Stamos – Former Facebook security chief and cybersecurity consultant.
Brian Krebs – Investigative journalist focused on cybercrime and digital security.
Bruce Perens – Open-source advocate and co-creator of the Open Source Definition.
Matt Blaze – Cryptography and security expert, discovered weaknesses in phone security systems.
Steve Gibson – Creator of ShieldsUP!, cybersecurity researcher, and host of Security Now! podcast.
Peter Gutmann – Cryptographer known for the Gutmann method of data erasure.
The Grugq – Cybersecurity expert specializing in OPSEC, threat intelligence, and cyber warfare.
Michael Ossmann – Hardware hacker, creator of the HackRF software-defined radio.
Dan Boneh – Stanford professor specializing in cryptography and security research.
Elonka Dunin – Cryptographer and code-breaker known for solving cryptographic challenges.
Niels Ferguson – Cryptographer known for research in applied cryptography.
Paul Vixie – DNS security expert, creator of the first anti-spam DNSBL.
Meredith L. Patterson – Security researcher focusing on language-theoretic security.
Joey Hess – Debian developer and security researcher focused on privacy tools.
Dan Bernstein – Cryptographer, creator of djbdns and Curve25519.
Bruce Potter – Security researcher and advocate for secure network architecture.
Moxie Marlinspike – Creator of Signal, cryptographer, and security researcher.

🎓 Cybersecurity Certifications

Cybersecurity Certifications

A list of industry-recognized cybersecurity certifications covering ethical hacking, penetration testing, network defense, and digital forensics.

Entry-Level Certifications

CompTIA Security+ (Sec+) – Covers cybersecurity fundamentals, network security, and risk management.
Certified Ethical Hacker (CEH) – Focuses on ethical hacking techniques, penetration testing, and vulnerabilities.
GIAC Security Essentials (GSEC) – Entry-level cybersecurity certification covering network security, cryptography, and risk management.
Cisco Certified CyberOps Associate – Focuses on security operations, incident response, and monitoring.
Microsoft Security, Compliance, and Identity Fundamentals (SC-900) – Introduces security concepts for Microsoft cloud environments.

Penetration Testing & Red Teaming

Offensive Security Certified Professional (OSCP) – One of the most respected penetration testing certifications. Requires hands-on hacking of a simulated network.
Offensive Security Certified Expert (OSCE) – Advanced penetration testing certification covering exploit development and red teaming.
Certified Red Team Professional (CRTP) – Focuses on Active Directory security and red teaming techniques.
Certified Red Team Expert (CRTE) – Advanced red team tactics, lateral movement, and privilege escalation.
eLearnSecurity Certified Professional Penetration Tester (eCPPT) – Practical penetration testing certification covering web and network security.
Certified Penetration Tester (CPT) – Focuses on vulnerability assessment and exploit development.
SANS GIAC Penetration Tester (GPEN) – Covers penetration testing methodologies and tools.
Certified Exploit Developer (CED) – Exploit development and advanced vulnerability research certification.
Red Team Operator (RTO) – Advanced red teaming certification focused on adversary emulation.
Pentest+ (CompTIA) – Intermediate-level penetration testing certification covering ethical hacking.

Defensive Security & Blue Teaming

GIAC Certified Incident Handler (GCIH) – Incident response, malware handling, and threat intelligence.
GIAC Security Operations Certified (GSOC) – Security operations center (SOC) monitoring and threat detection.
Certified SOC Analyst (CSA) – Security operations and log analysis for incident response.
GIAC Cyber Threat Intelligence (GCTI) – Covers threat intelligence gathering and analysis.
Blue Team Level 1 (BTL1) – Entry-level blue team certification focusing on SOC analysis and incident detection.
Certified Threat Intelligence Analyst (CTIA) – Threat intelligence gathering and cyber threat hunting.
Certified Cyber Threat Intelligence (CCTIA) – Advanced cyber threat intelligence certification.
Certified Incident Response Manager (CIRM) – Covers handling cyber incidents, digital forensics, and SOC management.
Certified Detection & Response Analyst (CDRA) – Focuses on blue team operations and threat detection techniques.

Forensics & Malware Analysis

GIAC Certified Forensic Analyst (GCFA) – Digital forensics certification for cyber incident investigations.
GIAC Reverse Engineering Malware (GREM) – Focuses on analyzing and reversing malware threats.
Certified Computer Examiner (CCE) – A digital forensics certification focused on evidence collection and analysis.
Certified Hacking Forensic Investigator (CHFI) – Covers forensic analysis, incident response, and cyber investigations.
X-Ways Certified Forensic Examiner (X-Ways CFE) – Certification for using X-Ways forensic tools in digital investigations.
Certified Digital Forensics Examiner (CDFE) – Covers forensic evidence gathering, data recovery, and chain of custody.

Cloud & Application Security

GIAC Cloud Security Essentials (GCLD) – Covers securing cloud environments and mitigating threats.
Certified Cloud Security Professional (CCSP) – Focuses on cloud security architecture, compliance, and risk management.
AWS Certified Security – Specialty – Security best practices and compliance in AWS environments.
Microsoft Certified: Azure Security Engineer Associate – Security principles and compliance for Azure.
Certified Kubernetes Security Specialist (CKS) – Focuses on securing Kubernetes-based cloud environments.
GIAC Web Application Penetration Tester (GWAPT) – Web application security and penetration testing.
Certified Secure Software Lifecycle Professional (CSSLP) – Secure software development lifecycle and secure coding practices.

Management & Compliance

Certified Information Systems Security Professional (CISSP) – Advanced security management certification covering risk assessment and compliance.
Certified Information Security Manager (CISM) – Security governance, risk management, and compliance.
Certified Information Systems Auditor (CISA) – Auditing and assessing IT security policies and risk controls.
Certified Risk and Information Systems Control (CRISC) – Enterprise risk management and IT governance certification.
ISO 27001 Lead Auditor – Compliance with ISO 27001 security standards.

🎙 Cybersecurity Podcasts

Cybersecurity Podcasts
A selection of cybersecurity-focused podcasts covering hacking, threat intelligence, digital forensics, and privacy.

Darknet Diaries – True stories from the world of hacking, cybersecurity, and cybercrime.
CyberWire – Daily cybersecurity news and expert analysis.
Malicious Life – Deep dives into the history of cybercrime, hackers, and malware.
Getting Into Infosec – Interviews and career advice for aspiring cybersecurity professionals.
StormCast by SANS Internet Storm Center – Daily updates on the latest cybersecurity threats.
Security Now! – A long-running podcast on privacy, encryption, and cybersecurity news.
Hacked – Stories of cybercrime, hacking, and cybersecurity investigations.
Unsupervised Learning – Analysis of security trends, AI, and cybersecurity strategies.
Paul’s Security Weekly – Discussion on penetration testing, cybersecurity tools, and hacking techniques.
Smashing Security – A lighthearted podcast about cybercrime, hacking, and security.
Risky Business – Weekly updates on cybersecurity threats, policy changes, and data breaches.
Cyber Rants – Offensive security strategies, ethical hacking, and penetration testing insights.
The Privacy, Security, & OSINT Show – Privacy-focused discussions, OSINT techniques, and security tools.
The Social-Engineer Podcast – A deep dive into social engineering tactics and defenses.
The Cybersecurity Defenders Podcast – Cybersecurity professionals discussing defense strategies and risk management.
Hackable? – Investigating real-world hacks and how to prevent them.
Smashing Security – Cybercrime, hacking, and privacy discussions with a humorous twist.
The Shared Security Show – Cybersecurity best practices, digital privacy, and personal security tips.
Breaking Into Cybersecurity – Career advice for cybersecurity beginners.
The Cybersecurity Podcast by Duo Security – Conversations with cybersecurity leaders and experts.
Cyber Risk Management Podcast – Risk assessment, compliance, and security management.
Decipher Security Podcast – Cybersecurity analysis and industry trends.
Down the Security Rabbithole – Enterprise security and hacking trends.
Off the Hook – Hosted by 2600 Magazine, covering hacking culture and privacy issues.
The Unsupervised Learning Podcast – Weekly analysis of cybersecurity, AI, and technology news.
Click Here – Cybersecurity stories, espionage, and digital warfare.
IoT Security Podcast – Internet of Things (IoT) security discussions and challenges.
Hackers and Heroes – Stories of famous hackers, security experts, and cybersecurity pioneers.

🛠 Tools

OSINT

A collection of tools, frameworks, and learning resources for Open Source Intelligence gathering and analysis.

OSINT Frameworks & Guides

OSINT Framework – A comprehensive collection of OSINT tools and resources.
My OSINT Tools Collection – A categorized list of OSINT tools and methodologies.
OSINT Essentials – A beginner’s guide to OSINT techniques and methodologies.
Awesome OSINT – A curated list of OSINT tools and learning resources.
OSINT Link Collection – A massive collection of OSINT resources.
OSINT Techniques – Tutorials and tools for digital investigations.
IntelTechniques OSINT Guide – A book on OSINT and digital privacy.
Bellingcat’s Digital Investigation Toolkit – OSINT tools and techniques used by investigative journalists.

OSINT Search Engines

Google Hacking Database – A collection of Google dorks for security research.
Shodan – Search engine for internet-connected devices and exposed services.
Censys – An alternative to Shodan for searching exposed systems.
ZoomEye – A cybersecurity search engine for finding vulnerable internet-facing systems.
Onyphe – A cyber defense search engine for OSINT and threat intelligence.
FullHunt – Search for security vulnerabilities across public infrastructure.

Sherlock – Find usernames across multiple social networks.
SocialScan – Check for username availability across platforms.
GHunt – Investigate Google accounts based on email addresses.
Maigret – Find information on people using just a username.
Holehe – Discover registered accounts using an email address.
Twint – Advanced Twitter OSINT tool for gathering tweets and user data.

OSINT Email & Domain Investigation

Email2Phonenumber – Retrieve phone numbers linked to email accounts.
Hunter.io – Find professional email addresses linked to domains.
Have I Been Pwned – Check if an email or username has been exposed in data breaches.
DeHashed – Search for leaked email credentials and breached data.
CertSpotter – Monitor SSL/TLS certificates for domain investigation.
SpyOnWeb – Find associated domains linked to IP addresses and Google Analytics IDs.

IP & Geolocation OSINT

IPinfo.io – Find geolocation, ASN, and ISP details of an IP address.
IP WHOIS Lookup – Perform WHOIS lookups for IP addresses and domains.
Censys IP Search – Find exposed services running on IP addresses.
WiGLE – Search for geolocated wireless networks.
OpenCelliD – Find cell tower locations based on mobile network data.
GeoGuessr OSINT – Use geographic clues to locate places based on images.

Data Breach & Dark Web OSINT

LeakCheck – Search for compromised credentials from data breaches.
BreachDirectory – Find leaked credentials from hacked databases.
DarkSearch.io – A dark web search engine for OSINT investigations.
OnionSearch – Search the Tor network for dark web content.
Ahmia – A privacy-friendly search engine for onion sites.

Metadata & File Analysis

ExifTool – Extract metadata from images, documents, and other files.
Metadata2Go – Online tool to analyze file metadata.
Hachoir – Extract metadata from binary files and images.
StegExpose – Detect steganography in images.
Virustotal – Scan files and URLs for malware and security threats.

Miscellaneous OSINT Tools

Pulsedive – Threat intelligence platform for tracking cyber threats.
GreyNoise – Analyze and classify internet-wide scanning activity.
The Harvester – Collect emails, subdomains, and employee names from OSINT sources.
Amass – Advanced network mapping and subdomain enumeration tool.
Recon-ng – OSINT framework for gathering intelligence on domains and individuals.
My collection of OSINT tools
OSINT resources
Free IP search & identifications of IoC and IoA
OSINT Framework
Cyber Defense Search Engine
OSINT Essentials
Awesome OSINT
Netlas
Epieos
List of OSINT links
Sherloq
socialscan
GHunt
Fullhunt
Identify public data leaks
email2phonenumber
Phonerator
Search for internet-connected devices
Map wireless access points wordwide
Multi-service image search
Sherlock
Tribler
Grep Github repos
h8mail
dedigger
Search public S3 buckets
Most popular Google Hacking Techniques - Top Google Dorks and Hacks
Google Hacking Database
Fake details online generator
Fake profile generator
Social Media Simulators
Holehe - email to registered accounts
Infosec Resources
Hacking gear and media - Hak5
Verif Tools
Wigle.net

Networking & Infrastructure Security Resources

A list of tools, frameworks, and learning resources focused on networking, infrastructure security, and network penetration testing.

Network Scanning & Analysis

Nmap – A powerful network scanning tool for discovering hosts, services, and vulnerabilities.
Masscan – An internet-wide port scanner capable of scanning entire networks.
Angry IP Scanner – A simple and fast network scanner for identifying live hosts.
ZMap – A high-speed scanner for network enumeration and large-scale analysis.
Fing – A network scanner for detecting devices and monitoring network security.
LanSpy – A Windows-based network scanner with detailed information retrieval.

Intrusion Detection & Prevention

Snort – An open-source network intrusion detection and prevention system (IDS/IPS).
Suricata – A high-performance IDS/IPS and network security monitoring tool.
Zeek (Bro) – A network security monitoring tool that provides in-depth traffic analysis.
Security Onion – A Linux-based security monitoring platform for threat detection.
OSSEC – A host-based intrusion detection system (HIDS) for real-time security monitoring.

Packet Capture & Traffic Analysis

Wireshark – A powerful network protocol analyzer for traffic inspection.
tcpdump – A command-line packet analyzer for monitoring network traffic.
NetworkMiner – A forensic tool for analyzing network traffic and extracting data.
Ettercap – A tool for performing man-in-the-middle (MITM) attacks and sniffing network traffic.
Bettercap – A powerful network monitoring and MITM attack tool.

Wireless Security & WiFi Hacking

Aircrack-ng – A suite of tools for assessing WiFi network security.
Kismet – A wireless network detector and packet sniffer.
Wifite – An automated wireless network auditor.
Fern WiFi Cracker – A graphical WiFi penetration testing tool.
Reaver – A tool for brute-forcing WPA/WPA2 protected networks using WPS vulnerabilities.

Network Forensics & Traffic Investigation

Arkime – A large-scale network traffic capture and analysis tool.
NetFlow Analyzer – A tool for monitoring network traffic patterns.
Argus – A real-time network activity monitoring tool.
Brim – A cross-platform network forensic analysis tool.
CapLoader – A tool for sorting and analyzing large PCAP files.

Firewall & Network Hardening

pfSense – A free and open-source firewall solution.
IPFire – A hardened Linux-based firewall and intrusion prevention system.
OPNsense – An open-source firewall with advanced security features.
Firewalld – A Linux-based dynamic firewall solution.
CrowdSec – A collaborative and behavior-based intrusion prevention system.

DDoS Mitigation & Network Security

Cloudflare – A web security platform providing DDoS protection and network hardening.
Imperva – A DDoS mitigation and web security provider.
DDoS-Guard – A service offering DDoS protection for websites and networks.
Prolexic – An enterprise-level DDoS protection service.
Fail2Ban – An intrusion prevention system that bans malicious IPs.
IPBan – A tool for blocking abusive login attempts on Windows and Linux servers.

Cloud & Virtual Network Security

AWS Security Hub – Security monitoring and compliance management for AWS.
Azure Security Center – Microsoft Azure’s security monitoring and hardening tool.
Google Security Command Center – Google Cloud’s security monitoring and threat detection platform.
WireGuard – A modern and efficient VPN protocol for secure network access.
OpenVPN – A widely used open-source VPN for secure network communications.

Network & Infrastructure Penetration Testing

Metasploit Framework – A comprehensive penetration testing tool for finding and exploiting vulnerabilities.
Cobalt Strike – A red teaming tool for advanced network penetration testing.
Responder – A tool for attacking network authentication protocols.
CrackMapExec – A tool for automating Active Directory penetration testing.
BloodHound – A tool for mapping out Active Directory vulnerabilities.
Impacket – A set of Python tools for working with network protocols.

DNS & Web Infrastructure OSINT

DNSDumpster – A domain and subdomain enumeration tool.
CertStream – Real-time monitoring of newly issued SSL certificates.
Sublist3r – A tool for discovering subdomains of a domain.
Amass – An advanced network mapping tool for OSINT.
theHarvester – A tool for gathering email addresses, subdomains, and other domain-related information.
Crt.sh – A certificate transparency log search tool for domain investigation.
Fierce – A DNS enumeration tool for discovering hidden network infrastructure.
Recon-ng – An OSINT framework for domain and network reconnaissance.

Routing & Network Mapping

Traceroute – A tool for mapping the path of network packets.
MTR – A network diagnostic tool combining traceroute and ping.
Netcat – A networking utility for reading and writing network connections.
hping3 – A tool for network security auditing and firewall testing.
Scapy – A packet manipulation tool for testing and analyzing network traffic.

Scam Detection & Anti-Fraud Resources

A collection of tools, communities, and resources for identifying, reporting, and preventing scams, fraud, and phishing attacks.

Scam Reporting & Investigation

Scammer.info – A community dedicated to exposing scams and sharing information on scammers.
Scamwatch (Australia) – Government-backed platform for reporting scams and fraud cases.
Fraud.org – A platform for reporting fraud and scams to consumer protection agencies.
Federal Trade Commission (FTC) Report Fraud – The official U.S. government site for reporting fraud.
Action Fraud (UK) – The UK’s national fraud and cybercrime reporting center.
Consumer Financial Protection Bureau – U.S. government platform for reporting financial scams.
Internet Crime Complaint Center (IC3) – FBI-run site for reporting cybercrime and online fraud.
Anti-Phishing Working Group (APWG) – A global organization working to fight phishing and cyber fraud.
BBB Scam Tracker – A tool for reporting and tracking scams across North America.
EConsumer.gov – A cross-border fraud reporting system for international scams.

Scam & Phishing Detection Tools

PopupDB Scam Generator – A tool for identifying fake tech support scam popups.
Scam Search – A search engine to check if an entity is associated with scams.
PhishTank – A community-driven database of known phishing websites.
URLScan.io – A tool to scan and analyze URLs for malicious activity.
CheckPhish – AI-powered phishing detection and domain reputation analysis.
Scamadviser – A website reputation checker for identifying potentially fraudulent sites.
FraudGuard – A fraud prevention service for checking suspicious IP addresses and domains.
StopBadware – A database of known malware-infected and fraudulent sites.

Email & Identity Verification

Have I Been Pwned – Check if your email or phone number has been leaked in a data breach.
EmailRep – Analyze the reputation of an email address for fraud detection.
Scam Email Checker – A tool to verify if an email is associated with known scams.
DeHashed – A tool for searching exposed credentials in data breaches.
Epieos – OSINT tool for email reconnaissance and social media linkages.

Phone Number & Caller ID Verification

WhoCallsMe – A database for checking unknown phone numbers and potential scams.
TrueCaller – Caller ID service for detecting spam calls and fraudulent numbers.
Scam Numbers – A searchable database of reported scam phone numbers.
PhoneValidator – A tool for checking phone number validity and carrier information.
CallerSmart – A community-based phone number lookup tool.

Ransomware & Cyber Extortion Monitoring

Ransom Chat Tracker – Tracks ransomware negotiations and live chat communications.
Ransomware.live – A real-time dashboard for monitoring global ransomware attacks.
Flare.io – A threat intelligence platform for monitoring ransomware threats.
No More Ransom – A collaborative project providing free ransomware decryption tools.
ID Ransomware – A tool to identify the type of ransomware affecting a system.

Investment & Financial Scam Prevention

SEC Investor.gov – The U.S. Securities and Exchange Commission’s site for detecting investment fraud.
CFTC Fraud Advisory – A guide to spotting commodity trading and investment scams.
FINRA Scam Alerts – Financial Industry Regulatory Authority’s scam and fraud alerts.
Better Business Bureau – A business reputation and fraud prevention database.
CryptoscamDB – A database tracking cryptocurrency-related scams and fraudulent exchanges.

Online Marketplace & Job Scam Detection

Scam Detector – A tool to verify online job offers, marketplaces, and business legitimacy.
JobScam.org – A platform for reporting and identifying fraudulent job postings.
FTC Online Shopping Scams – A guide to avoiding online shopping fraud.
FakeStore – A tool to identify fraudulent e-commerce websites.

RomanceScams.org – A resource for identifying and reporting romance scams.
Scam Survivors – A community for victims of scams and social engineering.
SocialCatfish – Reverse search tool to verify identities on dating apps and social media.
Pig Butchering Scam Tracker – A tool to track cryptocurrency romance scams.

Deepfake & AI-Generated Fraud Detection

Deepware Scanner – A tool to detect AI-generated deepfake videos.
Sensity AI – A deepfake detection tool for identifying manipulated media.
Fake Profile Detector – A service to identify fraudulent social media accounts.

Miscellaneous Anti-Fraud Tools

Stop Forum Spam – A database of known forum spammers and scammers.
Scamalytics – A tool for detecting fake online dating profiles.
RiskIQ Community – A threat intelligence platform for tracking scam websites.
ThreatCrowd – A search engine for threat intelligence and scam domains.
Bad Packets Report – A cyber threat intelligence feed on emerging fraud schemes.

CLI Tools

Command-line tools for network security, penetration testing, OSINT, intrusion detection, and password cracking.

Intrusion Detection & Prevention

SNORT – Open-source network intrusion detection and prevention system (IDS/IPS).
Suricata – Multi-threaded IDS/IPS for deep packet inspection.
Zeek (Bro) – Network security monitoring and anomaly detection tool.

Network Scanning & Analysis

Nmap – Network scanner for host discovery, port scanning, and OS detection.
Wireshark – Packet analyzer for network traffic analysis.
Masscan – High-speed internet-wide port scanner.
ZMap – Fast network scanning tool for large-scale surveys.
Netcat – Versatile networking tool for debugging and exploration.
hping3 – Packet generator for TCP/IP security testing.

Penetration Testing

Metasploit Framework – Exploitation framework for penetration testing.
Burp Suite – Web security testing toolkit.
SQLmap – Automated SQL injection tool.
CrackMapExec – Post-exploitation tool for Active Directory attacks.
Responder – LLMNR, NBT-NS, and MDNS poisoning tool.
Impacket – Collection of Python tools for network exploitation.
BloodHound – Graph-based tool for Active Directory privilege escalation.

OSINT (Open Source Intelligence)

Shodan – Search engine for internet-connected devices.
Maltego – OSINT and link analysis tool.
theHarvester – Collects email addresses, domains, and names from public sources.
Sublist3r – Subdomain enumeration tool.
Amass – Advanced OSINT tool for mapping attack surfaces.
Holehe – Checks where an email address is registered.
Sherlock – Finds social media accounts by username.

Password Cracking & Hash Analysis

John the Ripper – Fast password cracker supporting various hash types.
Hashcat – GPU-accelerated password cracking tool.
Hydra – Fast online password cracking tool.
Mimikatz – Credential dumping tool for extracting plaintext passwords.
Cewl – Custom wordlist generator based on website content.
Rcracki – Rainbow table-based hash cracking tool.

Wireless Security & WiFi Hacking

Aircrack-ng – WiFi security assessment tool.
Wifite – Automated WiFi auditing script.
Reaver – WPA/WPA2 password brute-forcing tool.
Kismet – Wireless network detector and sniffer.
Fern WiFi Cracker – GUI-based WiFi penetration testing tool.

Network Traffic Manipulation

Ettercap – Man-in-the-middle attack tool.
Bettercap – Advanced network attack toolkit.
Scapy – Packet manipulation tool for testing network protocols.
Mitmproxy – Intercepts and manipulates HTTP(S) traffic.

Web Security & Exploitation

Nikto – Web server vulnerability scanner.
XSStrike – XSS scanner and attack automation tool.
Wfuzz – Web application fuzzing tool.
Gobuster – Directory and file brute-forcing tool.
Dirsearch – Web path enumeration tool.

Cloud Security & Enumeration

CloudBrute – Cloud asset enumeration tool.
AWSBucketDump – Finds open S3 buckets.
Pacu – AWS penetration testing toolkit.
AzureHound – Azure privilege escalation tool.

Malware Analysis & Reverse Engineering

YARA – Tool for identifying and classifying malware.
Cuckoo Sandbox – Automated malware analysis system.
Volatility – Memory forensics framework.
Radare2 – Reverse engineering and binary analysis tool.
Ghidra – NSA’s open-source reverse engineering toolkit.

Forensics & Data Recovery

Autopsy – Digital forensics platform.
The Sleuth Kit – Command-line forensic toolkit.
ExifTool – Extracts metadata from files and images.
Foremost – File carving tool for data recovery.

Gophish – Open-source phishing simulation framework.
Evilginx2 – Phishing attack framework for bypassing 2FA.
Social Engineer Toolkit (SET) – Automated social engineering attack tool.
PhishingKitHunter – Detects phishing kits on compromised sites.

Enumeration & Privilege Escalation

LinPEAS – Linux privilege escalation script.
WinPEAS – Windows privilege escalation script.
PowerUp – PowerShell script for Windows privilege escalation.
Enum4Linux – SMB enumeration tool for Linux.
Lazagne – Extract stored credentials from various applications.

Malware Analysis & Reverse Engineering

Tools and resources for analyzing, dissecting, and reversing malware samples.

Static Malware Analysis

Ghidra – Open-source reverse engineering framework developed by the NSA.
IDA Pro – Industry-standard disassembler and debugger for malware analysis.
Radare2 – Open-source reverse engineering framework for binary analysis.
Binary Ninja – A reverse engineering platform with a powerful decompiler.
Capstone – Disassembly framework for analyzing machine code.
Hopper – Disassembler and decompiler for macOS and Linux.

Dynamic Malware Analysis

Cuckoo Sandbox – Automated malware analysis sandbox.
Tria.ge – Cloud-based malware analysis and sandboxing platform.
Any.run – Interactive malware sandbox for real-time analysis.
Joe Sandbox – Advanced dynamic analysis for detecting and analyzing malware behavior.
Hybrid Analysis – Free malware analysis tool for scanning suspicious files.
Valkyrie Comodo – Cloud-based malware detection and analysis service.

Memory Forensics & Live Analysis

Volatility – Open-source memory forensics framework.
Rekall – Memory forensics and incident response tool.
Memoryze – Memory analysis and live forensics tool by FireEye.
DumpIt – A simple tool for capturing RAM memory dumps.
WinDbg – Windows Debugger for analyzing memory dumps.

Malware Detection & Threat Intelligence

VirusTotal – Multi-engine malware scanning and threat intelligence service.
YARA – Pattern-matching tool for malware classification.
MalwareBazaar – Community-driven malware sample repository.
URLhaus – Database of malicious URLs for threat hunting.
ThreatCrowd – Open-source threat intelligence platform.
IntelOwl – Malware analysis and threat intelligence framework.

Deobfuscation & Code Unpacking

Uncompyle6 – Python bytecode decompiler.
de4dot – .NET deobfuscator for reversing obfuscated binaries.
JSDetox – JavaScript malware analysis tool.
PE-bear – Portable Executable (PE) file editor and analyzer.
Exeinfo PE – PE file identifier and packer detector.
die – Detects packers, obfuscators, and cryptors in binaries.

Network-Based Malware Analysis

Wireshark – Packet analysis tool for detecting malicious network traffic.
Netcat – TCP/IP debugging tool for capturing suspicious connections.
Fakenet-NG – Simulates a network environment for analyzing malware behavior.
Snort – Network intrusion detection system for catching malware-based attacks.
Suricata – High-performance intrusion detection and prevention system.

Ransomware Analysis & Decryption

No More Ransom – Free decryption tools for known ransomware families.
ID Ransomware – Identifies ransomware strains based on encrypted file samples.
Crypto Sheriff – Helps users identify ransomware and possible decryption solutions.
Ransomware.live – Real-time ransomware tracking and monitoring platform.
Ransomware Tracker – List of known ransomware command-and-control servers.

Reverse Engineering & Debugging

OllyDbg – A 32-bit assembler-level debugger for Windows binaries.
x64dbg – Open-source debugger for analyzing 64-bit Windows applications.
WinDbg – Microsoft’s official debugging tool.
Cutter – GUI-based reverse engineering tool built on Radare2.
Rizin – Fork of Radare2 focused on usability and extensibility.

Android & Mobile Malware Analysis

MobSF – Mobile security framework for analyzing Android and iOS applications.
APKiD – Identifies obfuscators and packers in APK files.
Androguard – Reverse engineering tool for Android applications.
Drozer – Security assessment framework for Android applications.
Frida – Dynamic instrumentation toolkit for Android and iOS reverse engineering.
Dex2Jar – Converts Android DEX files to Java JAR format.

Cloud & AI-Based Malware Analysis

FireEye FLARE – Malware analysis toolkit for Windows.
Cylance AI – AI-powered malware detection and analysis.
CrowdStrike Falcon Sandbox – Cloud-based malware analysis and threat intelligence.
Palo Alto AutoFocus – Threat intelligence platform for malware analysis.
Hybrid Analysis – Cloud-based sandbox for analyzing suspicious files.

Email & Phishing Malware Detection

Gophish – Open-source phishing simulation framework.
Evilginx2 – Phishing attack framework to bypass 2FA.
CheckPhish – AI-powered phishing detection service.
PhishTank – Community-driven phishing URL database.
URLScan.io – Scans URLs for phishing and malware threats.

Web Security & Exploitation

Tools and resources for web application security, vulnerability assessment, and exploitation.

Web Application Security Testing

Burp Suite – Web security testing platform for discovering and exploiting vulnerabilities.
OWASP ZAP – Open-source web application security scanner.
Nikto – Web server vulnerability scanner.
Wapiti – Web vulnerability scanner that audits security weaknesses.
Arachni – Web application security scanner with automated and manual testing capabilities.
Vega – Open-source web vulnerability scanner.

Directory & File Enumeration

Gobuster – Brute-force directory and subdomain discovery tool.
Dirsearch – Web path enumeration tool.
Ffuf – Fast web fuzzing tool for discovering directories, subdomains, and vulnerabilities.
Wfuzz – Web application fuzzing tool.
Sublist3r – Subdomain enumeration tool.

SQL Injection & Database Exploitation

SQLmap – Automated SQL injection and database takeover tool.
Havij – Automated SQL injection tool with database extraction capabilities.
NoSQLMap – Automated NoSQL database injection tool.
BBQSQL – Blind SQL injection exploitation tool.

Cross-Site Scripting (XSS)

XSStrike – Advanced XSS scanner and attack automation tool.
XSSHunter – Automated XSS discovery and payload execution platform.
Dalfox – Fast and automated XSS scanning tool.
Blind XSS Framework – Framework for automating blind XSS attacks.

Cross-Site Request Forgery (CSRF)

XSRFProbe – CSRF vulnerability detection and exploitation tool.
Burp CSRF Generator – CSRF attack payload generator.

Server-Side Request Forgery (SSRF)

SSRFmap – Exploits SSRF vulnerabilities and maps internal networks.
Gopherus – SSRF tool for crafting malicious payloads.

Web Shells & Reverse Shells

Weevely – PHP web shell for post-exploitation.
WSO Web Shell – Popular web shell for maintaining remote access.
China Chopper – Lightweight web shell used by attackers.
revshells.com – Online generator for reverse shell payloads.

Authentication & Session Exploitation

JWT-Tool – JWT security testing and exploitation tool.
jwt-cracker – Cracks weak JWT signatures.
Burp Cookie Editor – Manipulates web session cookies.

Subdomain Takeover & DNS Exploitation

Subjack – Subdomain takeover vulnerability detection tool.
Takeover – Identifies subdomains vulnerable to takeover.
Aquatone – Domain reconnaissance tool for visualizing subdomains.

Cloud Security & API Exploitation

CloudBrute – Cloud asset enumeration tool.
S3Scanner – Finds open Amazon S3 buckets.
AWSBucketDump – Searches for publicly accessible AWS S3 buckets.
GraphQLmap – Exploits GraphQL API vulnerabilities.

Exploitation Frameworks

Metasploit Framework – Comprehensive framework for discovering and exploiting vulnerabilities.
Commix – Automated command injection exploitation tool.
Shellter – Injects shellcode into Windows applications.
BeEF – Browser exploitation framework for leveraging XSS vulnerabilities.
Empire – Post-exploitation framework for advanced attacks.

Network & Web Proxy Exploitation

Bettercap – Network attack toolkit for MITM and credential harvesting.
mitmproxy – Interactive HTTP/HTTPS proxy for analyzing web traffic.
Sslstrip – Downgrades HTTPS connections to HTTP to capture credentials.

Website Defacement & Attack Simulations

HTTrack – Offline website mirroring tool.
SET (Social-Engineer Toolkit) – Phishing and social engineering attack simulation.
XAttacker – Automated website vulnerability scanner and exploit tool.

WordPress & CMS Exploitation

WPScan – WordPress security scanner.
CMSeek – CMS detection and vulnerability scanning tool.
Droopescan – Scanner for Drupal, Joomla, and other CMS vulnerabilities.

Web Application Exploit Databases

Exploit Database – Repository of known web application exploits.
0day.today – Zero-day exploit marketplace and database.
Packet Storm Security – Security advisories and exploit repository.
CXSecurity – Archive of disclosed vulnerabilities and exploits.

Malicious Code & JavaScript Analysis

JSBeautifier – Beautifies and formats obfuscated JavaScript.
JSDetox – Analyzes malicious JavaScript.
DOM XSS Scanner – Detects DOM-based XSS vulnerabilities.

Browser Tests

Tools to analyze browser security, privacy leaks, fingerprinting resistance, and tracking vulnerabilities.

Fingerprinting & Tracking Tests

Cover Your Tracks – Tests how well your browser prevents tracking and fingerprinting.
Am I Unique? – Assesses the uniqueness of your browser fingerprint to determine tracking susceptibility.
CreepJS – Analyzes JavaScript-based fingerprinting techniques.
Device Info – Displays detailed information about your device, OS, and browser settings.
FingerprintJS – Shows how fingerprinting techniques identify browsers uniquely.

Privacy & Security Testing

PrivacyTests – Compares privacy features across different browsers.
BrowserLeaks – Checks for WebRTC, canvas, audio, and other fingerprinting leaks.
IPLeak – Tests IP, DNS, WebRTC, and browser leaks when using a VPN or proxy.
Whoer.net – Examines VPN detection, IP leaks, and anonymity status.
WebRTC Leak Test – Checks if your real IP address is exposed via WebRTC.
DNS Leak Test – Determines if DNS requests are leaking to third-party servers.

JavaScript & Media Leaks

Canvas Fingerprinting Test – Detects browser susceptibility to canvas fingerprinting.
WebGL Fingerprinting – Tests WebGL-based tracking techniques.
AudioContext Fingerprinting – Checks if your browser is vulnerable to audio fingerprinting.
Battery API Test – Determines if websites can track battery status for identification.

Performance & Speed Tests

Speed Test – Measures internet speed, latency, and jitter.
LibreSpeed – Open-source speed test without ads or tracking.
Fast.com – Netflix’s minimalistic internet speed test.

Security & Vulnerability Checks

Security Headers Scanner – Analyzes HTTP security headers for vulnerabilities.
SSL Labs – Tests SSL/TLS configurations for security weaknesses.
HSTS Preload List – Checks if a domain is preloaded for strict HTTPS enforcement.
Mozilla Observatory – Scans websites for security and privacy best practices.

Miscellaneous Browser Tests

JavaScript Speed Test – Benchmarks JavaScript execution performance.
Do Not Track Test – Verifies if a browser respects Do Not Track settings.
HTML5 Test – Checks browser compatibility with HTML5 features.
Time.gov – Displays accurate government time for time sync testing.

DNS Resolvers

Privacy-focused, secure, and alternative DNS services to protect against tracking, censorship, and cyber threats.

Privacy-Focused DNS Resolvers

AdGuard DNS – Blocks ads, trackers, and malicious sites with DNS filtering.
NextDNS – Customizable, cloud-based DNS with ad-blocking, tracking protection, and parental controls.
Quad9 – Security-focused DNS that blocks malicious domains using threat intelligence.
LibreDNS – Censorship-resistant and privacy-first DNS resolver with DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT).
UncensoredDNS – Privacy-respecting DNS operated in Denmark, free from logging and tracking.

Encrypted DNS Resolvers

Cloudflare 1.1.1.1 – Privacy-first DNS resolver with DoH, DoT, and Warp VPN integration.
Google Public DNS – Free DNS service with security features but logs anonymized query data.
ControlD – Customizable DNS resolver offering security, ad-blocking, and content filtering.
Tenta DNS – Free encrypted DNS service with malware and tracker blocking.
Mullvad DNS – Secure, no-logging DNS resolver supporting encrypted queries.

Self-Hosted & Custom DNS Resolvers

Pi-hole – Network-wide ad-blocking and tracking protection via a self-hosted DNS server.
Dnscrypt-proxy – Secure DNS proxy that encrypts queries and blocks unwanted domains.
Stubby – Local DNS resolver supporting DNS-over-TLS.
PowerDNS – Open-source, high-performance DNS server with built-in security features.
BIND – Widely used DNS server software supporting DNSSEC and advanced configurations.

Decentralized & Alternative DNS Resolvers

OpenNIC – Decentralized alternative to ICANN’s DNS, providing uncensored domain resolution.
HandShake – Blockchain-based DNS alternative focusing on censorship resistance.
Namecoin – Decentralized DNS system preventing domain hijacking and censorship.
Yggdrasil DNS – Peer-to-peer, encrypted DNS system for secure communication.

Malware & Threat Intelligence DNS

Comodo Secure DNS – Blocks phishing sites and malicious domains.
Neustar UltraDNS – Enterprise-level DNS with threat intelligence filtering.
CleanBrowsing – Family-safe DNS that filters adult content and malicious websites.
OpenDNS – Security-focused DNS with phishing and botnet protection.

🖥️Hardware

Computers

Privacy-focused, open-source, and security-hardened computers, motherboards, and DIY computing platforms.

Privacy & Security-Focused Computers

Purism Librem – Linux-based laptops designed for security, privacy, and hardware kill switches.
System76 – Open hardware Linux computers with Coreboot firmware support.
Framework Laptop – Modular, repairable laptop with open-source firmware options.
MNT Reform – Fully open-source and repairable Linux laptop with RISC-V and ARM support.
Raptor Computing Systems Talos II – POWER9-based workstation with open firmware and no binary blobs.
NitroPad – Security-hardened laptop with Coreboot, Heads firmware, and a tamper-evident boot process.
Novena – Open-source laptop designed for hardware hacking and research.
Edelweiss – Privacy-oriented, open-source computing hardware.
Blackbird Secure Workstation – Secure, open-hardware workstation using POWER9 architecture.

Single-Board Computers (SBCs)

Raspberry Pi – Affordable, ARM-based single-board computer for DIY projects.
BeagleBone Black – Open-source hardware SBC for embedded and industrial applications.
Pine64 – Open-source ARM-based SBCs for Linux and Android development.
Libre Computer – SBCs with open-source software and hardware support.
RockPro64 – High-performance ARM SBC for open-source computing.
Odroid – Linux-based SBCs with high-performance ARM and x86 CPUs.
Orange Pi – Affordable SBCs with various configurations for Linux and Android.

RISC-V & Open-Source Computing

SiFive HiFive – RISC-V-based development boards for open-source computing.
lowRISC – Open-source RISC-V architecture for secure computing.
Milk-V – High-performance RISC-V computing platforms.
LicheePi – Compact, low-power RISC-V development boards.
BeagleV – RISC-V-based SBC designed for open-source software.
RISC-V Unmatched – High-performance RISC-V development board.

DIY & Retro Computing

Arduino – Open-source electronics platform for prototyping and DIY projects.
ESP32 – Low-power microcontroller with WiFi and Bluetooth support.
Gigatron – 8-bit TTL microcomputer built from discrete logic components.
Commander X16 – Modern 8-bit home computer inspired by the Commodore 64.
RC2014 – DIY Z80-based retro computing platform.

Open-Source & Secure Motherboards

Libre-SOC – Open-source, privacy-focused processor and motherboard project.
OpenPOWER – Open-source POWER architecture motherboards and CPUs.
Coreboot-Compatible Motherboards – List of motherboards supporting Coreboot firmware for improved security and transparency.
MNT Reform Mainboard – Open-source ARM motherboard for DIY computing.
Loongson – Chinese-designed open-source CPU and motherboard architecture.

Secure CPU Architectures

POWER9 – Open-source CPU architecture used in high-security workstations.
Loongson – China-developed CPU with open-source support.
Elbrus CPU – Russian-developed secure computing processor.
Tachyum Prodigy – High-performance, open-source processor for secure computing.

RISC-V Hardware & Development

Open-source, privacy-focused, and alternative RISC-V computing platforms.

RISC-V Single-Board Computers (SBCs)

SiFive HiFive Unmatched – High-performance RISC-V SBC designed for developers.
SiFive HiFive1 – Entry-level RISC-V development board for embedded applications.
Milk-V Pioneer – High-performance RISC-V motherboard with PCIe and NVMe support.
Lichee RV – Compact RISC-V-based development board for IoT and embedded systems.
BeagleV – Open-source RISC-V SBC aimed at Linux development.
Pine64 Star64 – RISC-V-based alternative to Raspberry Pi with open-source firmware support.
Sipeed LicheeRV – Tiny RISC-V development board with an open-source toolchain.

RISC-V Laptops & Workstations

SpacemiT Laptop – RISC-V-based laptop with open-source firmware.
Milk-V Mars – Open-source RISC-V-powered computing platform for desktop use.
Alibaba Xuantie – RISC-V development platform by Alibaba for cloud and AI applications.

RISC-V Processors & Development Platforms

SiFive U74 Core – High-performance RISC-V CPU core for embedded and desktop use.
Allwinner D1 – First mass-produced RISC-V SoC for SBCs.
SOPHGO SG2000 – High-performance AI-capable RISC-V processor.
WCH CH32V307 – Low-power RISC-V microcontroller for embedded applications.

RISC-V Software & Operating Systems

Fedora RISC-V – Fedora Linux distribution ported to RISC-V architecture.
Debian RISC-V – Official Debian support for RISC-V hardware.
OpenSBI – Open-source RISC-V Supervisor Binary Interface.
QEMU RISC-V – Full-system emulation for RISC-V architecture.

RISC-V Simulation & Development Tools

Spike RISC-V Simulator – Official RISC-V ISA simulator.
Dromajo – RISC-V reference model for software validation.
RISC-V GNU Compiler Toolchain – GCC-based toolchain for compiling RISC-V applications.
RISC-V LLVM – LLVM backend for RISC-V compiler development.

RISC-V Networking & IoT

Bouffalo Lab BL602 – Low-power RISC-V SoC for WiFi and Bluetooth applications.
Espressif ESP32-C3 – RISC-V-based IoT microcontroller with WiFi support.
GigaDevice GD32VF103 – RISC-V-based microcontroller for embedded applications.

RISC-V Organizations & Communities

RISC-V International – Global organization promoting open RISC-V standards.
LowRISC – Open-source RISC-V-based system-on-chip (SoC) developer.
RVspace – RISC-V development community and resource hub.
Chisel (RISC-V HDL) – Hardware design language for building RISC-V processors.

📱 Mobile Devices & Operating Systems

Privacy & Security-Focused Smartphones

Purism Librem 5 – Linux-based privacy-first smartphone with hardware kill switches.
PinePhone – Open-source Linux smartphone designed for mobile privacy.
Fairphone – Modular, repairable smartphone with ethical supply chain practices.
Murena One – De-Googled smartphone running /e/OS for privacy protection.
GrapheneOS Pixel – Hardened Android security-focused OS for Google Pixel devices.
CalyxOS – Privacy-focused Android-based OS with built-in Tor and microG support.
BoringPhone – Minimalist, distraction-free phone designed for privacy.
F(x)tec Pro1 X – Linux-compatible smartphone with a physical keyboard.

Linux-Based Mobile Operating Systems

postmarketOS – Alpine Linux-based mobile OS focused on long-term support.
Ubuntu Touch – Linux-based mobile OS maintained by UBports Foundation.
Sailfish OS – Linux-based alternative mobile OS with a focus on security and usability.
Tizen – Linux-based mobile OS developed by Samsung for smart devices.
LuneOS – Open-source successor to webOS for mobile devices.

De-Googled Android & Custom ROMs

LineageOS – Open-source Android-based operating system with no Google services.
/e/OS – De-Googled Android ROM focused on privacy and data security.
DivestOS – Hardened, privacy-focused fork of LineageOS with security patches.
ProtonAOSP – AOSP-based ROM with privacy and security enhancements.
CopperheadOS – Secure Android OS with hardened kernel and cryptography.
CalyxOS – Privacy-enhanced Android-based OS with encrypted backups.
Replicant – Fully free and open-source Android fork with a focus on user freedom.

Feature Phones & Alternative Mobile Devices

Light Phone – Minimalist phone designed for essential communication only.
Mudita Pure – E-Ink feature phone with an emphasis on digital wellbeing.
Punkt MP02 – Secure, minimalist phone with encrypted messaging.
Sunbeam F1 – Feature phone designed for simple, distraction-free use.
KaiOS Phones – Lightweight mobile OS for feature phones supporting basic apps.

Mobile Security & Privacy Tools

NetGuard – Firewall app for Android that blocks internet access per app.
Blokada – Open-source ad blocker for Android and iOS.
RethinkDNS – Advanced firewall and DNS-based privacy protection for Android.
Aurora Store – Anonymous Google Play Store client for downloading apps without tracking.
F-Droid – Open-source app store for Android focusing on privacy-friendly applications.
Shelter – Android app that isolates apps into a work profile for sandboxing.
Orbot – Tor proxy app for secure browsing and encrypted communication.
Molly – Hardened Signal messenger client for privacy-conscious users.

Mobile Pentesting & Forensics

Magisk – Systemless root for Android with advanced security features.
AndroGuard – Reverse engineering and malware analysis tool for Android apps.
MobSF – Security analysis tool for mobile applications.
Drozer – Android security assessment framework.
Frida – Dynamic instrumentation toolkit for reverse engineering and pentesting mobile apps.
APKTool – Tool for decompiling and recompiling Android APK files.

Mobile Devices & Operating Systems

Privacy-focused, open-source, and alternative mobile devices and operating systems.

General

Linux Phones in 2022 – Overview of Linux-powered smartphones and their ecosystems.
Fairphone – Ethically produced, repairable smartphone with modular components.
Purism Librem 5 – Linux-based, privacy-first smartphone with hardware kill switches.
PinePhone – Open-source Linux smartphone designed for privacy and customizability.
Jolla – Developer of Sailfish OS, offering alternative mobile devices.
F(x)tec Pro¹ X – Linux-compatible smartphone with a physical keyboard.
Cosmo Communicator – Productivity-focused Linux smartphone with a clamshell design.
Neo900 – Security-focused, open-source smartphone project.

Privacy & Security-Focused Smartphones

Murena One – De-Googled smartphone running /e/OS for privacy protection.
GrapheneOS Pixel – Hardened Android security-focused OS for Google Pixel devices.
CalyxOS – Privacy-focused Android-based OS with built-in Tor and microG support.
BoringPhone – Minimalist, distraction-free phone designed for privacy.

Linux-Based Mobile Operating Systems

postmarketOS – Alpine Linux-based mobile OS focused on long-term support.
Ubuntu Touch – Linux-based mobile OS maintained by UBports Foundation.
Sailfish OS – Linux-based alternative mobile OS with a focus on security and usability.
Tizen – Linux-based mobile OS developed by Samsung for smart devices.
LuneOS – Open-source successor to webOS for mobile devices.

De-Googled Android & Custom ROMs

LineageOS – Open-source Android-based operating system with no Google services.
/e/OS – De-Googled Android ROM focused on privacy and data security.
DivestOS – Hardened, privacy-focused fork of LineageOS with security patches.
ProtonAOSP – AOSP-based ROM with privacy and security enhancements.
CopperheadOS – Secure Android OS with hardened kernel and cryptography.
CalyxOS – Privacy-enhanced Android-based OS with encrypted backups.
Replicant – Fully free and open-source Android fork with a focus on user freedom.

Feature Phones & Alternative Mobile Devices

Light Phone – Minimalist phone designed for essential communication only.
Mudita Pure – E-Ink feature phone with an emphasis on digital wellbeing.
Punkt MP02 – Secure, minimalist phone with encrypted messaging.
Sunbeam F1 – Feature phone designed for simple, distraction-free use.
KaiOS Phones – Lightweight mobile OS for feature phones supporting basic apps.

Mobile Security & Privacy Tools

NetGuard – Firewall app for Android that blocks internet access per app.
Blokada – Open-source ad blocker for Android and iOS.
RethinkDNS – Advanced firewall and DNS-based privacy protection for Android.
Aurora Store – Anonymous Google Play Store client for downloading apps without tracking.
F-Droid – Open-source app store for Android focusing on privacy-friendly applications.
Shelter – Android app that isolates apps into a work profile for sandboxing.
Orbot – Tor proxy app for secure browsing and encrypted communication.
Molly – Hardened Signal messenger client for privacy-conscious users.

Mobile Devices & Operating Systems

Privacy-focused, open-source, and alternative mobile devices and operating systems.

General

Linux Phones in 2022 – Overview of Linux-powered smartphones and their ecosystems.
Fairphone – Ethically produced, repairable smartphone with modular components.
Purism Librem 5 – Linux-based, privacy-first smartphone with hardware kill switches.
PinePhone – Open-source Linux smartphone designed for privacy and customizability.
Jolla – Developer of Sailfish OS, offering alternative mobile devices.
F(x)tec Pro¹ X – Linux-compatible smartphone with a physical keyboard.
Cosmo Communicator – Productivity-focused Linux smartphone with a clamshell design.
Neo900 – Security-focused, open-source smartphone project.

Privacy & Security-Focused Smartphones

Murena One – De-Googled smartphone running /e/OS for privacy protection.
GrapheneOS Pixel – Hardened Android security-focused OS for Google Pixel devices.
CalyxOS – Privacy-focused Android-based OS with built-in Tor and microG support.
BoringPhone – Minimalist, distraction-free phone designed for privacy.

Linux-Based Mobile Operating Systems

postmarketOS – Alpine Linux-based mobile OS focused on long-term support.
Ubuntu Touch – Linux-based mobile OS maintained by UBports Foundation.
Sailfish OS – Linux-based alternative mobile OS with a focus on security and usability.
Tizen – Linux-based mobile OS developed by Samsung for smart devices.
LuneOS – Open-source successor to webOS for mobile devices.

De-Googled Android & Custom ROMs

LineageOS – Open-source Android-based operating system with no Google services.
/e/OS – De-Googled Android ROM focused on privacy and data security.
DivestOS – Hardened, privacy-focused fork of LineageOS with security patches.
ProtonAOSP – AOSP-based ROM with privacy and security enhancements.
CopperheadOS – Secure Android OS with hardened kernel and cryptography.
CalyxOS – Privacy-enhanced Android-based OS with encrypted backups.
Replicant – Fully free and open-source Android fork with a focus on user freedom.

Feature Phones & Alternative Mobile Devices

Light Phone – Minimalist phone designed for essential communication only.
Mudita Pure – E-Ink feature phone with an emphasis on digital wellbeing.
Punkt MP02 – Secure, minimalist phone with encrypted messaging.
Sunbeam F1 – Feature phone designed for simple, distraction-free use.
KaiOS Phones – Lightweight mobile OS for feature phones supporting basic apps.

Mobile Security & Privacy Tools

NetGuard – Firewall app for Android that blocks internet access per app.
Blokada – Open-source ad blocker for Android and iOS.
RethinkDNS – Advanced firewall and DNS-based privacy protection for Android.
Aurora Store – Anonymous Google Play Store client for downloading apps without tracking.
F-Droid – Open-source app store for Android focusing on privacy-friendly applications.
Shelter – Android app that isolates apps into a work profile for sandboxing.
Orbot – Tor proxy app for secure browsing and encrypted communication.
Molly – Hardened Signal messenger client for privacy-conscious users.

Mobile Pentesting & Forensics

Magisk – Systemless root for Android with advanced security features.
AndroGuard – Reverse engineering and malware analysis tool for Android apps.
MobSF – Security analysis tool for mobile applications.
Drozer – Android security assessment framework.
Frida – Dynamic instrumentation toolkit for reverse engineering and pentesting mobile apps.
APKTool – Tool for decompiling and recompiling Android APK files.

Firmware

Open-Source BIOS & Boot Firmware

Coreboot – Open-source BIOS replacement focused on speed and security.
Libreboot – Fully free and deblobbed version of Coreboot for privacy-conscious users.
Heads – Security-focused firmware with tamper detection and remote attestation.
SeaBIOS – Open-source legacy BIOS implementation for x86 systems.
U-Boot – Open-source bootloader for embedded devices and SBCs.

Custom & Hardened Firmware

OpenWrt – Open-source router firmware with extensive customization options.
DD-WRT – Linux-based firmware for routers with advanced networking features.
pfSense – Open-source firewall and router software based on FreeBSD.
OPNsense – Security-focused firewall and VPN appliance firmware.
FreshTomato – Open-source firmware for Broadcom-based routers.

Security-Focused Firmware

Qubes OS Anti Evil Maid (AEM) – Boot tamper detection system for Qubes OS.
Nerf – Open-source replacement for Intel ME firmware.
Me_cleaner – Tool for disabling Intel Management Engine (ME).
1vyrain – BIOS unlocking and Coreboot installation for Lenovo ThinkPads.
Dasharo – Open-source Coreboot-based firmware for secure workstations.

Alternative Firmware for Embedded Devices

ESPHome – Open-source firmware for ESP8266/ESP32 smart home devices.
Tasmota – Open-source firmware alternative for IoT devices and smart home automation.
Kea – Open-source DHCP server for network infrastructure.
LEDE – Linux-based firmware for routers, a fork of OpenWrt.

BIOS & Boot Security Tools

TianoCore EDK II – Open-source implementation of UEFI firmware.
Chkboot – Tool for detecting changes in boot partitions to prevent rootkits.
Flashrom – Open-source tool for reading, writing, and verifying BIOS/firmware.
Mokutil – Utility for managing UEFI Secure Boot keys.

🛠️Development

OS Development

Resources, tools, and documentation for developing operating systems from scratch.

General OS Development Resources

Try It Online – Online compiler and execution environment for various programming languages.
OSDev.org – Comprehensive wiki for operating system development.
James Molloy’s OS Development Tutorials – Step-by-step guide to writing an OS.
ArchiveOS – Collection of discontinued and obscure operating systems.
Operating Systems: Timeline and Family Tree – Visual history of operating systems and their evolution.
Intel Developer Manuals – Official Intel CPU architecture documentation.
AMD Developer Guides – Technical documents for AMD processors.
ARM Architecture Reference Manual – Official documentation for ARM-based systems.
RISC-V Instruction Set Manual – Open documentation for RISC-V CPU architecture.

Technical Documentation & Architecture Manuals

Intel Manuals – Official Intel CPU architecture documentation.
AMD Manuals – Technical documents for AMD processors.
ARM Manuals – Official documentation for ARM-based systems.
Mediatek Manuals – SoC documentation for MediaTek processors.
RISC-V Instruction Set Manual – Open documentation for RISC-V CPU architecture.
RVspace – RISC-V development community and documentation.
RISC-V Bytes – Articles and guides on RISC-V architecture.
The PowerPC Compiler Writer’s Guide – Guide to compiler optimization for PowerPC architecture.
MIPS Assembly – Open guide to programming in MIPS assembly language.
Motorola M68000 Family Programmer’s Reference Manual – Technical reference for Motorola 68k processors.
Qualcomm Manuals – Documentation on Qualcomm processors.

Bootloaders & Initial System Setup

GNU GRUB – Popular bootloader for Linux and other operating systems.
Syslinux – Lightweight bootloader for BIOS and EFI systems.
Limine – Modern bootloader designed for OS development.
Using the Initial RAM Disk (initrd) – Overview of Linux initrd and boot process.
Writing My Own Boot Loader – Guide on building a custom bootloader.
Using the Initial RAM Disk (initrd) – Overview of Linux initrd and boot process.
Linux Initial RAM Disk (initrd) Overview – IBM’s guide on initrd and system booting.

Kernel Development & Low-Level Programming

Writing My Own VGA Driver – Low-level graphics programming tutorial.
Writing My Own Keyboard Driver – Guide to implementing keyboard input in an OS.
Writing My Own Shell – Building a simple command-line shell.
Writing My Own Dynamic Memory Management – Creating a memory management system.

Filesystems & Device Drivers

The PCI ID Repository – Database of PCI device IDs for driver development.
PCI Lookup – Tool to identify PCI hardware.
USB 2.0 Specification – Official USB protocol documentation.

Filesystem Development

ext4 Filesystem Documentation – Technical details of the ext4 filesystem.
FAT Filesystem Specification – Implementation details of FAT16/FAT32 file systems.
Implementing a Virtual File System – Guide to developing a custom virtual file system.

OS Development Toolchains & Simulators

QEMU – Emulator and virtual machine for OS development testing.
Bochs – x86 PC emulator for debugging custom OS kernels.
SeaBIOS – Open-source BIOS implementation for booting OSes.
GDB Remote Debugging – Debugging OS kernels with GNU Debugger.
NASM – Popular x86 assembler for low-level programming.
GCC Cross Compiler – Guide to setting up a GCC toolchain for OS development.

OS Research & Experimental Systems

Project Oberon – Experimental OS and programming environment.
Guidebook GUI Gallery – Collection of graphical user interfaces from various operating systems.
Chips and Cheese – Technical analysis of CPUs and system architecture.
microkerneldude – Research on microkernel-based operating systems.
BeOS - The Ultimate Collection – Archive of BeOS, an influential alternative OS.

Microkernels & Alternative OS Architectures

Genode OS Framework – A modular microkernel-based OS framework.
HelenOS – Research operating system based on a microkernel.
L4 Microkernel – Secure microkernel architecture used in embedded systems.
Minix – Microkernel-based OS that inspired Linux development.

Kernel Development & Low-Level Programming

Linux Kernel Documentation – Official Linux kernel development guide.
Writing a Simple Kernel – Guide to creating a basic OS kernel.
OSDev x86 Paging – Overview of memory paging for x86 systems.
Writing a VGA Driver – Low-level graphics programming tutorial.
Writing a Keyboard Driver – Guide to implementing keyboard input in an OS.

Simulation & Debugging

Bochs – x86 PC emulator for debugging custom OS kernels.

Service Management & System Administration

Solaris Service Management Facility: Modern System Startup and Administration – Study of Solaris OS service management.

OS Development Tutorials

Roll Your Own Toy UNIX-Clone OS – Guide to developing a small operating system.

Networking & Device Drivers

Beej’s Guide to Network Programming – Introduction to socket programming for networking.
Linux Device Drivers – In-depth guide to writing device drivers for Linux.
USB 2.0 Specification – Official USB protocol documentation.
PCI ID Repository – Database of PCI device IDs for driver development.

Legacy & Influential Hobby OS Projects

BeOS - The Ultimate Collection – Archive of BeOS, a fast and multimedia-focused operating system.
Plan 9 – Distributed operating system from Bell Labs, designed to replace Unix.
Inferno – Lightweight, distributed OS derived from Plan 9.

Minimalist & Experimental Operating Systems

Collapse OS – OS designed to run on minimal hardware in a post-apocalyptic world.
Sortix – Small, modern Unix-like OS built from scratch.
TempleOS – Lightweight operating system created by Terry A. Davis with unique design principles.
HelenOS – Research microkernel-based OS with a modular architecture.
Jehanne – Plan 9-inspired experimental operating system.
SerenityOS – Modern, Unix-like OS designed for fun and learning, with a handcrafted GUI.
MonaOS – Microkernel-based OS with a small and efficient design.
Visopsys – Lightweight operating system with a custom GUI and disk partitioning tools.

Unique Alternative Operating Systems

Hoshi – Experimental OS with a focus on simplicity.
SymbOS – Graphical multitasking OS for Z80-based computers.
Phantom OS – Persistent object-oriented OS with unconventional design.

Security & Research-Oriented OS

Tanenbaum’s MINIX – Microkernel OS known for inspiring Linux development.
Collapse OS – Designed for self-sufficiency and long-term survival computing.

Retro & Emulation-Based OS Projects

RC2014 – Z80-based retro computing OS.
Gigatron – Minimalist TTL-based microcomputer with its own OS.

Educational & DIY OS Projects

Writing My Own Boot Loader – Guide on creating a bootloader for a custom OS.
Roll Your Own Toy UNIX-Clone OS – Hands-on guide to developing a UNIX-like operating system.

Game dev

Web Development

Eloquent JavaScript – A modern introduction to JavaScript programming.
Learn web development – A comprehensive guide to web development from Mozilla.
PHP - The Right Way – A best-practices guide for modern PHP development.
PHP Tutorial – A structured PHP learning resource covering core concepts.
JSFiddle – An online playground for testing and sharing JavaScript, HTML, and CSS snippets.
DevDocs – A fast, offline-friendly API documentation aggregator for web technologies.
Frontend Mentor – Hands-on coding challenges for frontend developers.
CSS-Tricks – A resource full of CSS techniques and best practices.
JavaScript.info – A comprehensive JavaScript tutorial covering basic to advanced topics.
MDN Web Docs – A detailed reference for HTML, CSS, JavaScript, and web APIs.
CodePen – A social development environment for frontend designers and developers.
Glitch – A collaborative web development platform with instant hosting.
W3Schools – A beginner-friendly web development learning platform.
The Odin Project – A free full-stack web development curriculum.
freeCodeCamp – A self-paced web development course with hands-on projects.
You Don’t Know JS – An in-depth JavaScript book series.
HTMHell – A collection of bad HTML practices and how to avoid them.
Smashing Magazine – A web development and design magazine with best practices and tutorials.
Web.dev – Google’s resource for building modern, fast, and accessible web experiences.
Vue Mastery – A learning platform dedicated to Vue.js.
React Docs – The official documentation for React.js.
Next.js Docs – The official documentation for Next.js, a React-based framework.
Svelte Docs – The official documentation for the Svelte frontend framework.
Django Docs – The official documentation for Django, a Python web framework.
Flask Documentation – The official guide for Flask, a lightweight Python web framework.
Express.js Guide – The official documentation for Express.js, a Node.js web framework.
Ruby on Rails Guides – A structured guide to learning Ruby on Rails.
WebAssembly.org – Official WebAssembly documentation for running high-performance code in browsers.

🕶️Privacy

General

Privacy General

Privacy and security baseline for personal Windows 10 and Windows 11 – A comprehensive guide to securing Windows 10 & 11.
Security List – A curated list of security tools and resources.
Teaching Privacy – Educational resources on digital privacy.
USASOC Identity Management – Official identity protection guides from the U.S. Army.
security in-a-box – A toolkit for digital security and online privacy.
undergroundwires/privacy.sexy – A tool for automating Windows privacy settings.
pluja/awesome-privacy – A massive collection of privacy tools and guides.
Digital Defense – A privacy and security resource hub.
Awesome Privacy – A collection of privacy-related software and best practices.
Debian privacy issues – A wiki documenting privacy concerns in Debian.
Privacy is Sexy – A website promoting digital privacy awareness.
Windows 11 Debloat / Privacy Guide – A guide to removing bloatware and improving privacy on Windows 11.
Reclaim Your Face – A campaign against biometric surveillance in the EU.
Email self-defense – A guide by the FSF on securing email communications.
GPG Tutorial – A simple introduction to GPG encryption.
PGP Tool – An online tool for generating and managing PGP keys.
The GNU Privacy Handbook – A guide to using GnuPG for secure communications.
Using YubiKey as a SmartCard for GPG and SSH – A guide for setting up YubiKey for secure authentication.
Deflect – A DDoS protection service for human rights organizations.
The Paranoid’s Bible – A collection of privacy and security resources.
Biometric and Behavioural Mass Surveillance in EU Member States – A report on biometric surveillance in Europe.
Magic Wormhole – A tool for securely sending files.
DigDeeper – A website dedicated to privacy research and security tools.
5SIM – A service providing temporary virtual phone numbers for privacy.
JustWhatsTheData – A project analyzing privacy policies and data collection practices.
PGP keysheet – A website for quickly generating PGP keypairs.
Canoeboot – A fork of Libreboot for select hardware.
1vyrain – A project enabling BIOS unlocking and Coreboot installation on Lenovo ThinkPads.
PrivacyGuides – A resource offering recommendations for privacy-focused software.
Surveillance Self-Defense – A guide by the EFF on protecting yourself from digital surveillance.
Techlore – A community and resource hub for digital privacy.
Counter Surveillance Techniques – A guide for advanced privacy and security practices.
OSINT Framework – A collection of open-source intelligence tools for research and investigations.
Spyware Watchdog – A site tracking apps and software with invasive privacy policies.
GrapheneOS – A security-hardened, privacy-focused Android-based operating system.
DivestOS – A privacy-enhanced fork of Android focusing on security and de-Googling.
CalyxOS – A privacy-first mobile OS with encrypted backups and security features.
NitroPhone – A secure smartphone using GrapheneOS for privacy protection.
Murena – A de-Googled smartphone ecosystem powered by /e/OS.
Pi-hole – A network-wide ad blocker that enhances privacy by filtering DNS requests.
Portmaster – A free and open-source privacy firewall for controlling network connections.
Little Snitch – A macOS network monitoring tool for privacy and security.
Lockdown Privacy – A firewall and tracker blocker for iOS.
RethinkDNS – A privacy-friendly DNS and firewall app for Android.
Privacy Badger – A browser extension that blocks trackers and enhances privacy.
NoScript – A Firefox extension that prevents the execution of JavaScript for better security.
Decentraleyes – A browser extension that serves local copies of content delivery network (CDN) resources for privacy.
Better – A tracker blocker for Safari focusing on ethical ad blocking.
Unbound – A privacy-focused DNS resolver.
pfSense – An open-source firewall and router software for securing networks.
OPNsense – A firewall and security platform based on FreeBSD.
HardenedBSD – A security-enhanced fork of FreeBSD.
Subgraph OS – A security-focused Linux distribution designed for privacy.
Kodachi Linux – A privacy-focused operating system with built-in security tools.
Discreete Linux – A security-focused OS designed for air-gapped computers.

Steganography

imgconceal – A web-based tool for hiding text inside images.
Stegano – A Python library for embedding hidden messages in images.
OpenPuff – A powerful steganography tool supporting multiple file types.
StegHide – A command-line tool for hiding and extracting data in images and audio files.
SilentEye – A cross-platform steganography application with a user-friendly GUI.
OutGuess – A steganography tool designed for JPEG and PNM images.
Steghide UI – A graphical frontend for StegHide to simplify steganographic tasks.
DeepSteg – A neural network-based steganography tool for deep learning enthusiasts.
Pixelknot – An Android app for hiding encrypted messages in images.
Hide & Reveal – A Java-based steganography tool for encoding and decoding messages.
F5 Steganography – A steganography tool implementing the F5 algorithm for JPEGs.
StegoShare – A tool for embedding files inside images for hidden file sharing.
Camouflage – A steganography tool that hides files inside other files.
SSuite Picsel – A simple and lightweight steganography application for Windows.

Alternative Frontends

Invidious – A privacy-friendly YouTube frontend without ads or tracking.
Teddit – A privacy-respecting alternative frontend for Reddit.
Lingva – A privacy-focused frontend for Google Translate.
Whoogle – A self-hosted, tracker-free frontend for Google Search.
nitter – A lightweight, ad-free Twitter frontend that protects user privacy.
imgin – A private frontend for Imgur, removing tracking and ads.
Bibliogram – A privacy-respecting frontend for Instagram (discontinued but available via mirrors).
Piped – A fast and privacy-friendly alternative to YouTube.
Scribe – A clean, ad-free frontend for Medium articles.
Libreddit – A privacy-friendly, tracker-free frontend for Reddit.
Rimgo – A privacy-friendly alternative frontend for Imgur.
Farside – A gateway that redirects users to alternative frontends for various services.
ProxiTok – A lightweight, ad-free frontend for TikTok.
SimplyTranslate – A self-hosted alternative frontend for translation services.
Yewtu.be – A public instance of Invidious, providing a cleaner YouTube experience.
Odysee Frontend – An alternative frontend for Odysee/LBRY videos.
Stormcloud – A lightweight, no-JS Twitter frontend.
Jackett – A proxy API that aggregates torrent indexers into a unified search interface.

Decentralization

Monero – A privacy-focused cryptocurrency with untraceable transactions.
Nostr – A decentralized social network protocol resistant to censorship.
Ethereum Name Service – A decentralized domain name system built on Ethereum.
Namecoin – A blockchain-based domain name and identity system.
Pest – A peer-to-peer, decentralized messaging protocol with strong privacy.
Lokinet – A privacy-focused onion routing network similar to Tor.
Hypercore Protocol – A peer-to-peer data sharing protocol with cryptographic verification.
Handshake – A decentralized domain naming system built to replace ICANN’s control.
ZeroNet – A peer-to-peer web hosting system with Bitcoin cryptography.
IPFS – A distributed file system that aims to replace HTTP with decentralized storage.
dat Foundation – A protocol for decentralized data sharing and version control.
I2P – An anonymity network designed for secure, censorship-resistant communication.
Project Gemini – A lightweight, decentralized alternative to the modern web.
Scuttlebutt – A decentralized social network protocol that works offline.
LibreMesh – A community-driven mesh networking system for decentralized internet access.
cjdns – A decentralized, end-to-end encrypted networking protocol.
cjdns on OpenWRT – A guide to running cjdns on OpenWRT for decentralized networking.
Mastodon – A decentralized, open-source social media platform.
Peertube – A federated, peer-to-peer video hosting alternative to YouTube.
LBRY/Odysee – A blockchain-based decentralized video-sharing platform.
Freenet – A peer-to-peer network for censorship-resistant communication.
MaidSafe / Safe Network – A decentralized data storage and communication network.
Syncthing – A peer-to-peer file synchronization tool with no central servers.
GNU Jami – A decentralized and encrypted messaging and calling app.
YaCy – A peer-to-peer search engine that runs on distributed nodes.
OpenBazaar – A decentralized marketplace for buying and selling goods without intermediaries.
RetroShare – A decentralized social network with secure messaging and file sharing.
Matrix – A decentralized protocol for secure and federated real-time communication.

DNS services

Sarek – A privacy-focused hosting provider based in Finland, offering secure infrastructure.
DDoS Guard – A service providing DDoS protection and secure hosting solutions.
1984 – An Icelandic hosting provider committed to privacy and free speech.
Njalla Domains – A privacy-first domain registration service by the creators of The Pirate Bay.
NextDNS – A customizable, privacy-focused DNS resolver with advanced filtering options.
Quad9 – A secure DNS service that blocks malicious domains and protects user privacy.
DNSLog – A tool for monitoring DNS queries and debugging network security issues.
OrangeWebsite – An Iceland-based hosting provider focused on privacy and free speech.
FlokiNET – An offshore hosting provider offering privacy-respecting web services.
PRIVEX – A no-logs hosting provider accepting cryptocurrency payments.
Njalla VPN – A privacy-focused VPN service operated by Njalla.
OpenNIC – A decentralized, alternative DNS provider offering non-ICANN-controlled domains.
UncensoredDNS – A privacy-respecting, no-logging DNS service based in Denmark.
Cloudflare 1.1.1.1 – A fast, privacy-first DNS resolver with encrypted DNS support.
ControlD – A customizable DNS service with privacy, security, and content filtering options.
DNSCrypt – A protocol for encrypting DNS traffic to prevent eavesdropping and spoofing.
AdGuard DNS – A DNS resolver that blocks ads, trackers, and malicious websites.
LibreDNS – A privacy-friendly DNS service with no logging and encryption support.
Tenta DNS – A DNS service with encrypted DNS-over-HTTPS and DNS-over-TLS options.

Email

Mail-in-a-Box – A self-hosted email server solution that simplifies mail system management.
DIY Mail – An article discussing the challenges and setup of running your own email server.
MX Lookup – A tool for checking mail server DNS records and diagnosing email-related issues.
Postfix – A widely used open-source mail transfer agent (MTA) for self-hosted email.
Dovecot – A secure IMAP and POP3 server for managing self-hosted email.
Mailcow – A modern, self-hosted email server with web-based management.
Modoboa – A web-based mail hosting solution with built-in administration tools.
iRedMail – A fully open-source mail server package for Linux.
Haraka – A high-performance, open-source SMTP server for modern mail processing.
Postal – A self-hosted mail server designed for bulk email delivery.
Maddy – A lightweight, all-in-one email server built for modern security needs.
RainLoop – A web-based email client for self-hosted mail servers.
Roundcube – A feature-rich, self-hosted webmail interface.
Zimbra – A collaboration suite with email, calendar, and cloud storage.
Zoho Mail – A privacy-friendly email hosting service with business features.
Proton Mail – An end-to-end encrypted email provider for privacy-conscious users.
Tutanota – A secure and privacy-focused email service with open-source encryption.
Disroot – A free, privacy-respecting email and online services provider.
Migadu – A minimalist, pay-what-you-use email hosting service.
Fastmail – A premium, privacy-focused email hosting provider.
MXRoute – A budget-friendly email hosting service with a focus on deliverability.
Hardenize – A security and email server configuration analysis tool.
CheckTLS – A tool for testing and verifying mail server TLS configurations.

Disposable emails

LuxusMail – A temporary email service for quick, disposable inboxes.
myTrashMail – A simple temporary email provider for anonymous messaging.
Guerrilla Mail – A well-known disposable email service with a built-in inbox.
TempMails – A temporary email generator with quick access.
Fake Email – A service offering instantly generated fake email addresses.
Maildrop – A lightweight, anonymous email inbox for temporary use.
10 Minute Mail – A self-destructing email that expires after 10 minutes.
EmailOnDeck – A fast, disposable email service with privacy in mind.
YOPmail – A well-established free temporary email service with public inboxes.
Mailinator – A public inbox service for temporary email usage.
AnonAddy – A privacy-focused email aliasing service.
Nada – A sleek and simple temporary email provider.
ThrowAwayMail – A one-time use email address service.
Temp Mail – A popular temporary email provider with mobile apps.
Burner Mail – A service for generating email aliases for privacy.
Mail.tm – A privacy-focused disposable email service.
MohMal – A temporary email provider with inbox options.
Spamex – A disposable email service for filtering spam.
Dispostable – A simple, free temporary email service.
Inbox.LV – A Latvian-based free email provider with temporary email options.
Instant Email – A fast and free disposable email generator.
GishPuppy – A free email alias service for avoiding spam.

Phone numbers & SMS

crypton – A privacy-focused communication and payment platform.
VirtualSIM – A service offering virtual phone numbers for calls and SMS.
Textverified – A platform providing temporary phone numbers for SMS verification.
7SIM – A free service for receiving SMS online with temporary numbers.
SMS-Receive.net – A website offering free disposable phone numbers for SMS verification.
Receive SMS Online – A free service to receive SMS online without registration.
Groovl – A virtual phone number provider for SMS verification and online services.
Sellaite – A free SMS receiving service with Estonian numbers.
Proovl – A paid service offering virtual phone numbers for SMS and calls.
FreeReceiveSMSOnline.com – A free service for receiving SMS anonymously.
SMSget – A website providing free and premium temporary numbers for SMS.
Free Online Phone – A platform offering free disposable numbers for SMS verification.
Receive-SMS.com – A free SMS receiving service with worldwide numbers.
Hushed – A privacy-focused app for disposable phone numbers.
Burner – A temporary phone number app for calls and texts.
Twilio – A developer-friendly API for virtual phone numbers and SMS services.
TextNow – A service offering free phone numbers for calls and texts.

Gift cards

Bitrefill – A platform that allows purchasing gift cards and mobile refills with cryptocurrencies.
Digital Goods – A privacy-friendly marketplace for digital products and services.
Coincards – A service that lets users buy gift cards using Bitcoin and other cryptocurrencies.
Keys4Coins – A store selling software keys and gift cards for crypto payments.
Purse – A platform that enables users to buy Amazon products at a discount using Bitcoin.
CryptoRefills – A website for purchasing gift cards and mobile top-ups with crypto.
G2A – A marketplace for digital game keys, software, and subscriptions.
Kinguin – A digital marketplace for video game keys, software, and more.
Steam Gift Cards via Crypto – A way to buy Steam gift cards using cryptocurrencies.
Ezzocard – A provider of prepaid virtual credit cards that can be bought with crypto.

Communication

Telegram – A cloud-based messaging app with optional end-to-end encryption and extensive features.
XMPP – An open, decentralized messaging protocol supporting encryption and various extensions.
OTR – “Off-the-Record” messaging protocol providing end-to-end encryption and perfect forward secrecy.
Briar – A peer-to-peer messaging app that works without servers, using Tor and Bluetooth for privacy.
Ricochet Refresh – A decentralized messenger using the Tor network to provide anonymous and secure communication.
On the security of WhatsApp and Telegram – An analysis comparing the security aspects of WhatsApp and Telegram.
Session – A decentralized, privacy-focused messenger with no phone number requirement.
Tox – A peer-to-peer encrypted messaging and calling protocol with no central servers.
SimpleX Chat – A secure and anonymous messenger with no user IDs or metadata collection.
Delta Chat – A messaging app using standard email as a decentralized backend.
Jami – A fully decentralized, peer-to-peer messenger with end-to-end encryption.
Element – A secure messaging client for the Matrix network with encryption and federation.
Threema – A Swiss-based secure messenger focusing on privacy and anonymity.

VPN stuff

Safing – A privacy-focused network security company offering tools like Portmaster for traffic monitoring and control.
Azire – A no-logs VPN provider supporting WireGuard and OpenVPN with strong privacy policies.
WireGuard – A modern, fast, and secure VPN protocol designed for simplicity and performance.
Mullvad – A highly privacy-focused VPN that does not require an email or personal data to sign up.
Njalla – A VPN service from Njalla, prioritizing anonymity and free speech.
Algo – A self-hosted VPN solution designed for ease of use and security.
OpenVPN – A widely-used open-source VPN protocol offering strong encryption and flexibility.
Tunnelblick – A free, open-source OpenVPN client for macOS.
Proton VPN – A privacy-first VPN developed by the creators of ProtonMail.
IVPN – A no-logs VPN provider with a strong stance on privacy and anonymity.
AirVPN – A privacy-conscious VPN run by activists and security enthusiasts.
OVPN – A Swedish VPN provider focused on security and anonymity.
VPN.ac – A security-focused VPN with strong encryption and stealth modes.
Cryptostorm – A token-based, no-logs VPN with a strong privacy focus.
CalyxVPN – A free VPN service provided by the non-profit Calyx Institute.

🏠Hosting

Website

Bahnhof – A Swedish ISP known for strong privacy policies and hosting WikiLeaks servers.
PRQ – A Swedish hosting provider famous for its free speech and privacy-oriented services.
Shinjiru – An offshore web hosting provider focused on anonymity and freedom of speech.
Njalla – A privacy-focused domain registration and hosting service run by The Pirate Bay co-founder.
beget – A Russian hosting provider offering domain registration and VPS solutions.
KolymaNET – A privacy-conscious hosting provider with an emphasis on free speech.
NiceVPS – A hosting and VPS provider with offshore privacy protections.
FlokiNET – An offshore hosting provider based in Iceland, Romania, and Finland, focused on free speech and privacy.
Svea – A Swedish hosting service with privacy-oriented solutions.
PRIVEX – A privacy-focused VPS and dedicated server provider accepting cryptocurrency payments.
BuyVM – A budget-friendly hosting provider offering VPS and dedicated servers with privacy in mind.

Files

Anonymous File Upload – A service for uploading and sharing files anonymously.
file.haus – A simple and private file-sharing platform.
GoFile – A free and fast file-sharing service with no registration required.
Buzzheavier – A privacy-focused file-sharing site.
Easyupload.io – A temporary file storage service with expiration options.
NiHao Cloud – A cloud-based file storage and sharing service.
DropMeFiles – A temporary file-sharing platform with password protection.
File Dropper – A minimalist file-sharing service with large upload limits.
Uguu – A temporary file upload service with auto-deletion.

Self

FreedomBox – A personal server for privacy-respecting self-hosted services.
Homelab OS – A self-hosting solution that simplifies deploying services on a home server.
LibreServer – A decentralized, open-source server for privacy-focused web hosting.
YunoHost – A self-hosting platform that simplifies managing web services.
Jami – A decentralized, end-to-end encrypted messaging and calling platform.
Retroshare – A peer-to-peer communication platform for messaging, file sharing, and forums.
mailcow – A self-hosted email server with modern features and security.
Dovecot IMAP & POP3 – A widely used, open-source IMAP/POP3 server.
InspIRCd – A modular, lightweight IRC server.
friendica – A decentralized social network compatible with the Fediverse.
Hubzilla – A social network with integrated cloud storage and identity management.
Jitsi Meet – A secure, open-source video conferencing platform.
ejabberd – A scalable XMPP messaging server for real-time communication.
NewsBlur – A personal RSS feed reader with intelligence filtering.
ownCloud – A self-hosted cloud storage and file-sharing solution.
Syncthing – A decentralized file synchronization tool.
SOGo – A groupware solution for email, calendar, and contacts.
Bitwarden – An open-source password manager with self-hosting options.
yacy – A decentralized, peer-to-peer search engine.
DokuWiki – A simple and lightweight wiki platform for documentation.

💻Operating systems

Whonix – A security-focused OS designed to run inside VMs, using Tor for anonymity.
Qubes OS – A highly secure OS that isolates applications into virtual machines for compartmentalization.
Tails – A portable, privacy-focused OS that runs from a USB stick and routes traffic through Tor.
Debian – A stable and widely used Linux distribution known for its open-source philosophy.
Devuan – A fork of Debian without systemd, catering to users who prefer alternative init systems.
ALT Linux – A Russian-developed Linux distribution based on Mandrake/Mandriva.
Astra Linux – A Russian Linux distro designed for security and military applications.
deepin – A Chinese Linux distro with a visually polished desktop environment.
China UOS – A proprietary Chinese OS based on Linux, designed for domestic use.
Ubuntu Kylin – A Chinese version of Ubuntu optimized for local users.
Runtu – A Russian Ubuntu-based distribution with localized support.
ROSA Linux – A Russian distro derived from Mandriva, featuring a custom desktop environment.

🌐Web Browsers

Tor Browser – A privacy-focused browser that routes traffic through the Tor network for anonymity.
Brave – A privacy-centric browser with built-in ad blocking, tracker prevention, and Tor integration.
Vivaldi (closed source) – A customizable browser with unique UI features, but proprietary code.
Firefox – An open-source browser with strong privacy settings and extensive extension support.
unGoogled Chromium – A de-Googled version of Chromium, removing all Google services for better privacy.
LibreWolf – A hardened, privacy-focused fork of Firefox with telemetry removed.
Mull – A privacy-enhanced Firefox fork for Android.
Pale Moon – A Firefox-based browser with a classic UI and independent development.
Floorp – A privacy-first Firefox fork developed in Japan with extra customization options.
Waterfox – A Firefox fork with improved speed and removed telemetry.

🧪Browser Tests

Device Info – Displays detailed information about your device, OS, and browser.
BrowserLeaks – A set of tools to test various browser fingerprinting and privacy leaks.
IPleak – Checks for IP, DNS, WebRTC, and other leaks that could expose your real location.
DNS leak test – Tests whether your DNS queries are leaking outside your VPN or proxy.
Ad Blocker test – A tool to check how well your ad blocker is performing.
CreepJS – A browser fingerprinting test that evaluates how unique your setup is.
“Disabling JavaScript Won’t Save You from Fingerprinting” – An article explaining why disabling JavaScript isn’t enough to prevent tracking.
CSS Fingerprint – Demonstrates how CSS alone can be used for browser fingerprinting.
Exploring the privacy threats of browser extension fingerprinting – A research paper analyzing how browser extensions can be used for fingerprinting.
Web browser telemetry – A blog post examining the data that browsers collect through telemetry.

🔍Search engines

Same Energy – A visual similarity search engine that finds images with a similar “feel” or aesthetic.
Yandex – A Russian search engine with powerful reverse image search capabilities, often compared to Google.
Kagi – A privacy-focused, ad-free search engine that offers premium features for a better search experience.
Brave Search – A private search engine from Brave that prioritizes user privacy and avoids tracking.
metaGer – A German meta-search engine that aggregates results from multiple sources while keeping searches anonymous.
Wiby – A nostalgic search engine designed to surface small, independent, and old-school websites.
Marginalia – A search engine that focuses on indexing the “weird” and less commercialized corners of the internet.

🪴 Þorri Líndal

Explorer

🔥 Hacking

Favorites

🌐 Websites (unsorted)

Pentesting & Security Learning

Vulnerability & Threat Intelligence

Privacy & Online Security

OS & Device Security

OSINT & Network Security

OSINT & Network Security

Scam Detection & Anti-Fraud

Malware Analysis & Reverse Engineering

Cryptography & Encryption

Miscellaneous & Unsorted

Tools

Webrings

Communities

Feeds

General

Readers

Generators

Static Site Generators

Web directories

Web Directories

🛠 GitHub Repositories

Awesome Lists <3

📖 Blogs

Cybersecurity & Hacking Blogs

Hacking Forums

🎥 YouTubers

📺 YouTube Videos

📚 Online Courses

Cybersecurity Courses

General Tech & Programming

Bug Bounty & Web Security

Red Teaming & Ethical Hacking

Blue Teaming & Incident Response

Cryptography & Reverse Engineering

🔥 Notable People in Cybersecurity

Notable People in Cybersecurity

🎓 Cybersecurity Certifications

Cybersecurity Certifications

Entry-Level Certifications

Penetration Testing & Red Teaming

Defensive Security & Blue Teaming

Forensics & Malware Analysis

Cloud & Application Security

Management & Compliance

🎙 Cybersecurity Podcasts

🛠 Tools

OSINT

OSINT Frameworks & Guides

OSINT Search Engines

OSINT Social Media Investigation

OSINT Email & Domain Investigation

IP & Geolocation OSINT

Data Breach & Dark Web OSINT

Metadata & File Analysis

Miscellaneous OSINT Tools

Networking & Infrastructure Security Resources

Network Scanning & Analysis

Intrusion Detection & Prevention

Packet Capture & Traffic Analysis

Wireless Security & WiFi Hacking

Network Forensics & Traffic Investigation

Firewall & Network Hardening

DDoS Mitigation & Network Security

Cloud & Virtual Network Security

Network & Infrastructure Penetration Testing

DNS & Web Infrastructure OSINT

Routing & Network Mapping

Scam Detection & Anti-Fraud Resources

Scam Reporting & Investigation

Scam & Phishing Detection Tools

Email & Identity Verification

Phone Number & Caller ID Verification

Ransomware & Cyber Extortion Monitoring

Investment & Financial Scam Prevention

Online Marketplace & Job Scam Detection

Malware Analysis & Reverse Engineering