Stuff I Look Up
Tools, repos, and resources I've found useful. Updated as I discover new things.
2024-2025
Mobile Security & Android
- RMS - Runtime Mobile Security - Runtime manipulation, method tracing, and dynamic analysis
- APK Revealer - Automated Android APK analysis and vulnerability detection
- Quark Engine - Android malware scoring system
- AndroTrack - Android tracking and analysis framework
- MobileRedux - Mobile app security testing toolkit
Scanning & Reconnaissance
- Nuclei - Configurable vulnerability scanner with template system
- httpx - Fast HTTP toolkit with probing capabilities
- Subfinder - Subdomain discovery tool
- gf - Grep wrapper for pattern matching
- gau - Fetch known URLs from AlienVault OTX, Wayback Machine, and Common Crawl
- puredns - Fast domain resolver and subdomain bruteforcer
- Findomain - Cross-platform subdomain enumerator
Secrets Detection & Credential Hunting
- TruffleHog - Find and verify credentials in git repos, filesystems, S3
- Gitleaks - SAST tool for detecting secrets in git repos
- Nosey Parker - Command-line secret finder
- BBOT - Recursive OSINT scanner
C2 & Post-Exploitation
- Havoc - Modern C2 framework with collaborative features
- Sliver - Cross-platform implant framework
- Mythic - Collaborative, multi-platform red team framework
- Empire - PowerShell and Python post-exploitation agent
- Merlin - Cross-platform HTTP/2 C2 server and agent
Active Directory
- BloodHound - AD relationship analysis and attack path mapping
- BloodHound CE - Community edition with improved UI and APIs
- Certipy - AD CS (Certificate Services) enumeration and abuse
- Impacket - Python network protocol implementations
- NetExec - Network execution tool (CrackMapExec successor)
- ROADtools - Azure AD exploration framework
Cloud Security
- Prowler - AWS/Azure/GCP security assessment tool
- CloudSploit - Cloud security configuration scanner
- ScoutSuite - Multi-cloud security auditing tool
- Pacu - AWS exploitation framework
- Stratus Red Team - Adversary emulation for cloud
- Cloudsplaining - AWS IAM security assessment
2022-2023
Web Application
- BChecks - Custom Burp Suite scan checks
- ffuf - Fast web fuzzer
- wfuzz - Web application fuzzer
- Arjun - HTTP parameter discovery
- Dalfox - Parameter analysis and XSS scanner
- JSFScan - JavaScript file scanner automation
Forensics & Malware Analysis
- Volatility 3 - Memory forensics framework
- CAPA - Detect capabilities in executables
- Detect It Easy - PE/ELF/Mach-O file analysis
- PE-bear - Portable Executable reversing tool
- YARA - Pattern matching for malware identification
Container & Kubernetes
- Trivy - Comprehensive vulnerability scanner for containers
- CDK - Container penetration toolkit
- kubeletctl - Kubelet API interaction tool
- kube-hunter - Kubernetes cluster security testing
Classics
Reverse Engineering
- Ghidra - NSA's software reverse engineering suite
- Rizin - UNIX-like reverse engineering framework (radare2 fork)
- x64dbg - Windows debugger
- Frida - Dynamic instrumentation toolkit
Network
- Nmap - Network discovery and security auditing
- Hydra - Network logon cracker
- Wireshark - Network protocol analyzer
- Impacket - Python network protocol toolkit
Exploitation
- Metasploit - Penetration testing framework
- pwntools - CTF and exploit development library
- sqlmap - Automatic SQL injection tool
Password & Hash Cracking
- Hashcat - Advanced password recovery
- John the Ripper - Password security auditing
References
- GTFOBins - Unix binaries for privilege escalation
- LOLBAS - Living Off The Land Binaries and Scripts
- HackTricks - Comprehensive hacking methodology wiki
- MITRE ATT&CK - Adversary tactics and techniques
- Exploit-DB - Public exploit archive
- CVE - Common Vulnerabilities and Exposures