https://stats.sidnlabs.nl/en/DNS | DNSSEC | Dataset | IP | Network
Historic datasets (from 2014 onwards) for the .nl TLD. Datasets are available in JSON format.
Datasets cover information about:
- Domain Names
- Query Type
- Response Codes
- IPv6 Support
- Number of IP addresses
- Validating Resolvers
- Popular Networks
- Port Randomness
- Validating Queries
- Used Algorithms
https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/htmlview0day | Dataset
Google Project Zero tracks a list of zero-day exploits discovered in the wild. They track public resources to find uses of zero days and collect them in this spreadsheet. The spreadsheet contains data since 2014. Their blog provides an introduction and explanation of the spreadsheet.
https://github.com/Phenomite/AMP-ResearchAmplification | DDoS | Dataset | Network | Tool
The AMP-Research project collects information about amplification vectors in protocols including reproduction possibilities. For each vector, the port and protocol are listed, as well as, the amplification factor. A scanning script or payload for scanning with zmap is included too.
https://stats.labs.apnic.net/Autonomous System | BGP | DNS | DNSSEC | Dataset | IP
APNIC gathers many statistics and offers them on their website. However, they provide way more data than it might initially look like, since many of the datasets are not linked from their main page.
https://rex.apnic.net/overviewAutonomous System | BGP | Dataset | Network | Tool
APNIC REx shows general information about IPv4 and IPv6 usage and delegations. It features on overview of all AS connections. This is the replacement of the earlier vizAS tool.
https://ww1.microchip.com/downloads/en/devicedoc/atmel-0856-avr-instruction-set-manual.pdfCTF | Cheatsheet | Dataset
This website provides reference documentation of the AVR instruction set, which is used for Arduino boards. More information is contained in the AVR Assembler documentation.
Daily scans of the Alexa 1 million list. The website contains some high-level statistics. Every six months a more detailed crawl report is collected. Full raw data used to be available via
https://www.bgplookingglass.com/Autonomous System | BGP | Dataset
The website contains a list of hundreds of looking glasses for various autonomous systems. All looking glasses are publicly accessible.
https://puck.nether.net/bgp/leakinfo.cgiAutonomous System | BGP | Dataset
The website analyses RIB and BGP UPDATE information to find routing leaks. They determine a leak with the valley-free assumption, namely, if two major networks appear in the same AS_PATH. The leaks are timestamped and the faulty AS is shown.
https://bgpstream.caida.org/Autonomous System | BGP | Dataset | Network | Tool
An open-source software framework for live and historical BGP data analysis, supporting scientific research, operational monitoring, and post-event analysis.
BGP streams are freely accessible and provided by Route View, RIPE, and BGPmon.
https://bgpstream.crosswork.cisco.com/Autonomous System | BGP | Dataset | Network
BGP Stream is a free resource for receiving alerts about hijacks, leaks, and outages in the Border Gateway Protocol.
BGP Steam provides real-time information about BGP events. It includes information about affected IPs, ASNs, and even a replay feature how the BGP announcements changed.
https://stat.ripe.net/special/bgplayBGP | Dataset | Network | Tool
BGPlay shows a graph of the observed BGP routes. It allows replaying historical BGP announcements and displays route changes.
Detailed analysis on a 10 year dataset of IoT binaries and their security features. The Cyber ITL focussed on which compiler and toolchain hardenings the vendors use.
CITL identified a number of important takeaways from this study:
- On average, updates were more likely to remove hardening features than add them.
- Within our 15 year data set, there have been no positive trends from any one vendor.
- MIPS is both the most common CPU architecture and least hardened on average.
- There are a large number of duplicate binaries across multiple vendors, indicating a common build system or toolchain.
The Bitcoin monitoring project by the Karlsruher Institute for Technology measures the activity in the Bitcoin network. They report about the origin of peers (ASN, country), the software version used, and report about block and transaction propagation delay.
https://dev.hicube.caida.org/feeds/hijacks/eventsBGP | Dataset | Network
The BGP hijacking observatory lists potential BGP hijacks. It can observe different kinds of hijacks, e.g., shorter path or more specific prefix. It lists the hijacking time, potential victims and attackers, and the affected prefix.
More details about the different hijacking methods are in the AIMS-KISMET presentation.
https://www.caida.org/catalog/datasets/overview/Autonomous System | BGP | Dataset | IP | Network
Overview of datasets, monitors, and reports produced and organized by CAIDA. Also contains links to other datasets.
https://hashlookup.circl.lu/Dataset | Malware
Lookup files by their md5 or sha1 hashes. The response contains information such as the filename, size or where the file was found, like a Linux package. On the website you have the API documentation which can be used directly from the browser.
https://github.com/sajjadium/ctf-archivesCTF | Dataset
The repository contains an archive of many CTF challenges of the last years. This is a good resource when trying to find old challenges or learn exploit techniques based on writeups.
https://stats.nic.cz/dashboard/en/index.htmlDNS | Dataset
The website contains information about the
cz. TLD operated by CZ.NIC. It contains information about the query volume, query type, round-trip time (RTT) and geographic location of the traffic sources. It also has information about the registry functions, such as registrar information, domain transfers or whois requests. Lastly, information about the mojeID accounts, a login provider operated by CZ.NIC are also available.
https://data.censoredplanet.org/rawCensorship | Dataset
Censored Planet is a censorship measurement platform that collects data using multiple remote measurement techniques in more than 200 countries.
The website provides access to many recent scans. The scans are performed using different techniques to find different censors.
https://censys.io/Certificate | DNS | Dataset | IP | Network
Censys performs regular scans for common protocols (e.g., DNS, HTTP(S), SSH). Provides a search for TLS certificates.
Access is free, but requires registration. The website no longer provides free bulk access. Bulk access requires a commercial or a research license. The free access is limited to 1000 API calls per day.
https://crt.sh/Certificate | Dataset
Certificate search engine. crt.sh is based on the certificate transparency logs and provide wildcard search for domains.
https://github.com/citizenlab/test-listsCensorship | Dataset
The GitHub repository contains multiple lists for finding website censorship. The lists are organized by country and contain URLs specific for each of them. The URLs are also categoried and cover four broad themes:
- Political, e.g., governmental views or human rights
- Social, e.g., sexuality or gambling
- Conflicts, e.g., armed conflicts or border displutes
- Internet tools, e.g., hosting providers or circumvention methods.
https://radar.cloudflare.com/BGP | DDoS | DNS | Dataset | IP | Network
Cloudflare Radar is Cloudflares reporting website about internet trends and general traffic statistics. The website shows information about observed attacks and attack types and links to the DDoS report. General traffic statistics are reported, such as the used browser, fraction of human traffic, IP, HTTP, and TLS version.
The website also provides more detailed information on domains and IP addresses. Domains have information about age, popularity, and visitors. IP addresses have ASN and geolocation information.
More information about Cloudflare Radar is available in the introduction blogpost.
The Radar data is also available via API, for example the attack data: https://developers.cloudflare.com/api/operations/radar_get_AttacksLayer3Summary
https://github.com/DNS-OARC/bad-packetsDNS | Dataset | IP | Network | PCAP
Collection of "bad" packets in PCAPs that can be used for testing software.
https://commoncrawl.org/Dataset | Network
The Common Crawl project builds an openly accessible database of crawled websites. They index can be searched.
https://people.engr.tamu.edu/guofei/sec_conf_stat.htmDataset | Paper Writing | Security
This website offers a ranking of many computer security conferences. The ranking is accompanied by a yearly acceptance ratio statistic.
Robert Koch-Institut Official German dashboard.
Robert Koch-Institut Lagebericht Daily situational report about the state in Germany. Contains additional information about the situation in Germany and additional statistics.
COVID Trends Germany Daily updated dashboard with many graphs for Germany.
Berliner Morgenpost Shows sub-country numbers for Europe and worldwide.
WHO European Region Country level information for Europe.
WHO European Region Subnational Explorer Subnation information for Europe with incidence rates over the last 7/14 days.
Johns Hopkins University Contains worldwide information.
ECDC COVID-19 Country Overviews Very detailed breakdown for countries worldwide.
ECDC Europe Weekly updated incidence and test positivity rates within Europe.
ECDC Worldwide Daily updated worldwide numbers with by-region breakdowns.
Reuters Provides per country and regionally aggregated information.
Corona Situation in Saarland
Corona Situation in Saarbrücken
Vacine Status Germany Information about the amount of people vaccinated and information about what vacines.
Zeit Vacine Status Germany More detailed vacine status for Germany and some international information.
Bloomberg Covid Vacine Vacination status with US focus and worldwide information.
https://archive.ooo/CTF | Dataset
The website provides a playable archive of old DEFCON challenges. The challenges are tagged by category and by original CTF.
The files are available on GitHub.
https://dmap.sidnlabs.nl/DNS | Dataset | Network | Tool
DMAP is a scalable web scanning suit which supports DNS, HTTPS, TLS, and SMTP. It works based on domain names and crawls the domain for all supported protocols. The advantage over other tools is the unified SQL data model with 166 features and the easy scalability over many crawling machines.
https://www.knot-dns.cz/benchmark/DNS | DNSSEC | Dataset
The website is an ongoing project by Knot DNS to measure the performance of various DNS servers. Four open-source servers are tested, namely BIND, Knot DNS, NSD, and PowerDNS. The benchmark includes different zone configurations matching to root zones, TLD zones, or hosting zones as well as different DNSSEC configurations.
https://dnscensus2013.neocities.org/DNS | Dataset | IP | Network
The DNS Census 2013 consists of about 2.5 billion DNS records collected in 2012/2013. The data is gathered from some available zone files and passive or active DNS collecting. The DNS records are written into CSV files containing one DNS record per line.
https://dns.coffee/DNS | Dataset | IP | Network | Search
DNS Coffee collects and archives stats from DNS Zone files in order to provide insights into the growth and changes in DNS over time.
The website includes information such as the size of different zones. It tracks over 1200 zone files.
It provides searching through the zones files based on domain names, name servers, or IP addresses. It can also visualize the relationship between a domain, the parent zones and the name server in what they call a "Trust Tree".
https://observatory.research.icann.org/dns-core-censusDNS | Dataset | IP | Network
The DNS Core Census is an ICANN project to gather information about top-level-domains (TLDs). This covers ccTLDs, gTLDs, effective TLDs (like
co.uk), and entries in
arpa. The census contains information about the zone, like metadata and contractual information, about the name servers, about addresses of the name servers, and the route origins. The data is kept for a 35-day rolling window.
Further information about the project can be found in this presentation and OCTO-019 from ICANNs Chief Technology Officer
https://dnsprivacy.org/DNS | DNSSEC | Dataset | TLS
The DNS Privacy Project aims to improve privacy for users on the Internet.
The project is split into different groups working on DNS privacy:
The project focuses mostly on DNS over TLS. They provide overviews for the implementation status, configuration for test servers, and ongoing server monitoring which features they provide.
DNS | DNSSEC | Dataset | Network | Tool
Browser-based DNS resolver quality measurement tool. Uses the browser to generate many resolver queries and tests for features they should have, such as EDNS support, IPv6, QNAME Minimisation, etc.
This test is also available as a CLI tool: https://github.com/DNS-OARC/cmdns-cli
Analyze DNSSEC deployment for a zone and show errors in the configuration.
Gives an overview of DNSSEC delegations, response sizes, and name servers.
The website has an online test, which performs DNS lookups. These DNS lookups test if certain resource records are overwritten in the cache. The tool can then determine what DNS software is used, where the server is located, how many caches there are, etc.
Test name server of zones for correct EDNS support.
Shows the trust dependencies in DNS. Given a domain name it can show how zones delegate to each other and why. The delegation is done between IP addresses and zones.
The project used to monitor the first root KSK key rollover. Now it contains the paper "Roll, Roll, Roll your Root: A Comprehensive Analysis of the FirstEver DNSSEC Root KSK Rollover" describing the experiences of the first root KSK rollover
Additionally, it includes a tester for DNSSEC algorithm support, which shows the algorithms supported by the currently used recursive resolver. It provides statistics about support for DNSSEC algorithms. It has a web based test to test your own resolver and provides a live monitoring using the RIPA Atlas.
DNSSEC algorithms resolver test
https://data.4tu.nl/articles/dataset/DNS_Queries_to_Authoritative_DNS_Server_at_SURFnet_by_Google_s_Public_DNS_Resolver/12682040DNS | Dataset | Network
This dataset covers approximately 3.5 billion DNS queries that were received at one of SURFnet's authoritative DNS servers from Google's Public DNS Resolver. The queries were collected during 2.5 years. The dataset contains only those queries that contained an EDNS Client Subnet.
The dataset covers data from 2015-06 through 2018-01.
https://jpmens.net/2021/05/18/dns-open-zone-data/DNS | Dataset | Network
The website hosts the zone data for a couple of DNS zones, mainly some ccTLDs. This provides a good starting point for zone file analysis together with other sources.
https://scout.dnsdb.info/DNS | Dataset | Network
Historical DNS database. Contains information recorded at recursive resolver about domain names, first/last seen, current bailiwick. Allows to see the lifetime of resource records and can be used as a large database.
https://atlas.ripe.net/dnsmon/DNS | Dataset | Network
Historical information about the reachability of root and some TLD name servers.
https://www.internetsociety.org/deploy360/dnssec/maps/DNS | DNSSEC | Dataset | Network
The Internet Society published maps showing the distribution of IPv6 support worldwide. The maps are available also with historic data, but are only updated sporadically. More current maps and CSV files are available on the mailing list.
https://rick.eng.br/dnssecstat/DNS | DNSSEC | Dataset | Network
Regularly updated reports about current DNSSEC deployment. Contains information per TLD and global distribution.
https://www.dnssek.info/DNS | DNSSEC | Dataset
The website keeps track of all DNSSEC keys in the top level domains (TLDs) and informs when the signatures are about to expire. The time before some RRSIGs expire is color coded. It also shows error which happened during validation.
https://www.deutschlandatlas.bund.de/DE/Service/Kartensuche/kartensuche_node.htmlDataset | Map
These 50 maps show the difference between regions in Germany. They show which regions are set up well and which are lacking behind. The maps show population, work, health care, infrastructure, and more.
https://drand.love/Dataset | Tool
The distributed randomness beacon is a verifiable, unpredictable and unbiased random numbers as a service. A network of multiple entities computes the random numbers. They are a good source of true entropy. Another use is in verifiable lotteries, by using these random numbers to pick a winner at random.
DNS | Dataset
Domain popularity lists provide a starting point for crawling domains with the most users. The most commonly used list for security research is the Alexa list.
The list is updated daily and contains one million websites. The ranking is based on page views, but very volatile.
- CISCO Umbrella
The list is updated daily and contains one million websites. The ranking is based on traffic seen on the OpenDNS resolvers.
The list is updated daily and contains one million websites. The ranking is based on backlinks from other websites.
A Research-Oriented Top Sites Ranking Hardened Against Manipulation
The Tranco list aims to provide a better list for security research. The authors explain on their website and their paper what the flaws in the existing lists
The list is updated daily and contains around 500,000 websites. It is based on users visiting the site within the previous month and highly US focussed.
- Cloudflare Radar Cloudflare uses their 18.104.22.168 DNS resolver to create a top 1 million list. The lists are also available on a per country level, e.g., https://radar.cloudflare.com/domains/de. More details are available in their announcement blogpost.
- CrUX Chrome Google Chrome collects the top 1 millon visited website and published them as part of the Chrome UX Report. The repository captures the monthly data and provides access to older versions. In an Internet Measurement Conference (IMC) paper this list was shown to best correlate with the HTTP requests as seen by Cloudflare.
https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtmlDNS | Dataset | IANA
Internet Assigned Numbers Authority (IANA) tracks the assignment of all DNS related constants. This includes available classes, resource records types, OpCodes, RCODEs, and various other values. Each assigned number is linked to the corresponding RFC describing its function. This is a great overview to see which values are available.
https://github.com/duckduckgo/tracker-radarDataset | Network
Tracker Radar collects common third party domains and rich metadata about them. The data is collected from the DuckDuckGo crawler. More details are in this blogpost.
https://app.electricitymaps.com/zone/DEDataset | Map
The map shows countries with their electricity zones. For each zone, information about the power sources, consumption, exports, and imports are available. The data is provided live and historic.
The repository contains explanations of many file formats. The graphics usually consist of a hex view on the left side and a file structure on the right side. The values are color matched. The file structure explains the meaning of value, how they are decoded, and the relationship between different values. The explanations exist for many compression, executable, and image formats.
https://opendata.rapid7.com/sonar.fdns_v2/DNS | Dataset | IP | Network
This dataset contains the responses to DNS requests for all forward DNS names known by Rapid7's Project Sonar. Until early November 2017, all of these were for the 'ANY' record with a fallback A and AAAA request if necessary. After that, the ANY study represents only the responses to ANY requests, and dedicated studies were created for the A, AAAA, CNAME and TXT record lookups with appropriately named files.
The data is updated every month. Historic data can be downloaded after creating a free account.
https://github.com/github/advisory-databaseCVE | Dataset | Security | Vulnerability
GitHub's Advisory Database tracks CVEs and all GitHub advisories. Contributions to GitHub advisories are possible.
https://github.com/cloudsecurityalliance/gsd-database/CVE | Dataset | Security | Vulnerability
Global Security Database (GSD) is a project run by the Cloud Security Alliance to collect and track vulnerabilities. Conceptually it is similar to CVEs but with an open collaborative contribution process. Data from other vulnerability databases is imported and managed together.
https://transparencyreport.google.com/Certificate | Dataset
Google's Transparency Report contains various information. It provides information about email encryption, HTTPS encryption, information about potentially harmful applications in Android, and live reports of traffic disruptions, such as censorship.
It provides a certificate search based on the certificate transparency logs, similar to crt.sh: https://transparencyreport.google.com/https/certificates
The website contains a list of HTTP status codes. Each code has an explanation and a reference to official documentation.
For example, https://httpstatuses.io/404.
https://he.net/3d-map/Dataset | Map | Network
3D map showing submarine cables and the backbone network of Hurricane Electric.
https://hyperspecifics.io/BGP | Dataset
The common wisdom is that BGP serves /24 prefixes for IPv4 and /48 prefixes for IPv6. However, this is more of a convention, than a hard rule. Larger prefixes are observed in BGP routing tables.
This website summarizes a paper about hyper specific BGP prefixes. It shows how common hyper specifics are over time for IPv4 and v6.
https://ithi.research.icann.org/metrics.htmlDNS | DNSSEC | Dataset | Network
ICANN tracks the general health of the DNS ecosystem and related ecosystems. The data is updated irregularly, but historic data is available. The collected data covers eight major topics:
- M1: inaccuracy of Whois Data
- M2: Domain Name Abuse
- M3: DNS Root Traffic Analysis
- M4: DNS Recursive Server Analysis
- M5: Recursive Resolver Integrity
- M6: IANA registries for DNS parameters
- M7: DNSSEC Deployment.
- M8: DNS Authoritative Servers Analysis
Each topic has too many sub categories to list here.
https://stats.dns.icann.org/DNS | Dataset
The Grafana dashboard shows live statistics about query volume, query type, and geographic locations. The data is collected for ICANN Managed Root Servers (IMRS) which are the L-root servers.
https://iclab.gitlab.io/post/iclab_data/Censorship | Dataset
The ICLab data provides longitudinal access for cesorship data. The data is collected from 2016 onwards. The analysis encompases differend censorship techniques such as DNS manipulation or packet injection.
Dataset | Paper Writing | TeX
The IETF provides official BibTeXs to download. They work for RFCs, BCPs, and drafts.
The BibTeXs for BCPs work, but only, if the BCP consists of a single RFC. If the BCP consists of multiple RFCs, the BibTeX will only show the first one.
For drafts, the draft version number, the last two digits, have to be removed from the URL.
Available entries can be found in the RFC Index and the BCP Index.
Dataset | IP | Network
These websites have lists of abusive IP addresses. They can be checked with a web from or some websites also provide a feed.
https://www.iana.org/assignments/ipfix/ipfix.xhtmlDNS | Dataset | IANA
Internet Assigned Numbers Authority (IANA) tracks the assignment of all NetFlow/IPFIX related constants. The website lists all available fields and describes their meaning. Each assigned number is linked to the corresponding RFC describing its function. This is a great overview to see which values are available.
https://www.circl.lu/services/ip-asn-history/Autonomous System | Dataset | IP | Network
Historical dataset about IP to ASN mappings.
https://www.team-cymru.com/ip-asn-mappingAutonomous System | Dataset | IP | Network
Historical dataset about IP to ASN mappings.
https://ipmap.ripe.net/BGP | Dataset | Map | Network | Tool
IP geolocation services feeding itself from geolocation databases, user provided locations, and most importantly, active RTT measurements based on the RIPE Atlas system. It also provides a nice API to query the location. It provides a breakdown on where the results stem from and how much they contribute to the overall result.
Dataset | IP | Network
Per continent, region, or country measurements of IPv6 deployment and preference. Allows to access historical data.
Per continent, region, or country measurements of IPv6 deployment and preference.
Dataset | IP | Network
A curated list of IPv6 hosts, gathered by crawling different lists. Includes:
- Alexa domains
- Cisco Umbrella
- CAIDA DNS names
- Rapis7 DNS ANY and rDNS
- Various zone files
Access to the full list requires registration by email.
Based on the paper "Scanning the IPv6 Internet: Towards a Comprehensive Hitlist".
The website contains the additional material of the IMC paper Clusters in the Expanse: Understanding and Unbiasing IPv6 Hitlists. The IPv6 addresses can be downloaded from the website. The website has three lists, responsive IPv6 addresses, aliased prefixes, and non-aliased prefixes. Additionally, the website also has a list of tools used during the data creation.
https://ripeness.ripe.net/Dataset | IPv6 | Network
RIPE gathers data about the IPv6 deployments worldwide and publishes the information on their IPv6 RIPEness website. The deployments are judged on four points:
- Having an IPv6 address space allocation or assignment from the RIPE NCC
- Visibility in the Routing Information Service (RIS)
- Having a route6 object in the RIPE Database
- Having a reverse DNS delegation set up
https://peering.exposed/BGP | Dataset | Network
Contains a list of pricing information of different IXP.
https://inthewild.io/feedCVE | Dataset | Security | Vulnerability
The website offers a feed showing which CVEs are exploited in the wild. The entries contain a date and link to the original source. It also contains a feed for available exploits.
The document lists and describes a large part of the Intel Management Engine Partitions. This is useful as a general resource to learn about the features of Intel ME.
https://ihr.iijlab.net/ihr/en-us/global_reportDataset | Network
The Internet Health Report reports on significant disruption events between networks. They use BGP and traceroutes as their data sources. The report contains information about the connectives of ASes, such as the most common upstream networks and RPKI status of announcements. Link quality information is included, like historic network delay, forwarding anomalies, or network disconnects.
https://atlas.ripe.net/results/maps/DNS | Dataset | Map | Network
Maps of measurements done with the RIPE Atlas.
https://pulse.internetsociety.org/Autonomous System | BGP | Dataset | Network | Tool
The Internet Society gathers data to show the general health and availability of the internet. They measure four categories: internet shutdowns, technology use, resilience, and concentration. Under internet shutdowns, they show which countries are performing what kind of disruption, e.g., regional or national. The technology sections lists basic statistics about HTTPS, IPv6, TLS, DNSSEC.
https://isbgpsafeyet.com/BGP | Dataset | Network | RPKI
"Is BGP safe yet?" is an effort by Cloudflare to track the deployment of RPKI filtering across different ISPs. They provide a tester on the website with which each user can test if the current ISP is filtering RPKI invalid announcements. The website includes a list of networks and if and how they use RPKI (signing and/or filtering).
More details for this project can be found in Cloudflare's blog or on the GitHub project.
https://www.cisa.gov/known-exploited-vulnerabilities-catalogCVE | Dataset | Security | Vulnerability
The Known Exploited Vulnerabilities Catalog is a project by the Cybersecurity & Infrastructure Security Agency (CISA) tracking actively exploited vulnerabilities. The data includes the vulnerability, the affected product, a short description of the vulnerability, and remediation actions. The data is available in machine-readable format.
CTF | Cheatsheet | Dataset | x86
These websites provided an overview of the Linux systemcall interface by listing the syscall numbers, their meanings, and their arguments.
https://www.cisa.gov/uscert/ncas/alerts/TA14-017AAmplification | DDoS | Dataset | Network
Contains a list of UDP-based protocols, which can be used for amplification attacks.
BGP | Dataset | Network
The Packet Clearing House (PCH) publishes BGP data collected at more than 100 internet exchange points (IXP). The snapshot dataset contains the state of the routing tables in daily intervals.
PCH also provides raw routing data in MRT format. These contain all the update information in sorted by time.
The RIS is the main resource from RIPE featuring all kinds of datasets about AS assignments and connectivity.
Routeviews is a project by the University of Oregon to provide live and historical BGP routing data.
https://peter.sh/experiments/chromium-command-line-switches/Cheatsheet | Dataset
Most command line switches of Google Chrome are totally undocumented in the offical documentations. This website offers a list of all known switches with a single sentence description of what they are doing.
https://default-password.info/CTF | Dataset | Password
The website features a large list of default passwords found in routers and IoT devices. The data is sorted by manufacturer and can be searched.
http://www.traceroute.org/#Looking%20GlassDataset | Network | Traceroute
The websites shows links to different looking glasses which provide either traceroute information or are usable as route servers.
Autonomous System | BGP | Dataset
DNS | Dataset | IP | Network | Spam | Tool
These projects either operate DNS based Real-time Blackhole Lists (RBL) or allow checking if an IP is contained. The Multi-RBL websites are helpful in finding a large quantity of RBLs.
https://observatory.manrs.org/BGP | Dataset | Network
Mutually Agreed Norms for Routing Security (MANRS) is an initiative to improve the state of routing security. The observatory shows what kind of incidents occurred and how prepared networks are, e.g., with filtering and coordination efforts. The data is available globally and comparisons between regions are available. Historic data is accessible on the website.
https://ianix.com/pub/dnssec-outages.htmlDNS | DNSSEC | Dataset
The website collects major outages caused by broken DNSSEC deployments in the wild. It tracks root and TLD errors and some selected websites. Each outage is timestamped and has some description about the problem. The entries contain information from the Verisign DNSSEC debugger and DNSViz.
https://bazaar.abuse.ch/Dataset | Malware
The Malware Bazaar is a project by abuse.ch to create an open repository with malware samples. The repository is small, but it can be freely downloaded and contributed by everyone. It only contains malicious files, which contrasts with common malware feeds like Virustotal.
https://www.phrasebank.manchester.ac.uk/Dataset | Paper Writing
The Academic Phrasebank is a general resource for academic writers. It aims to provide you with examples of some of the phraseological ‘nuts and bolts’ of writing organized according to the main sections of a research paper or dissertation.
The data bank contains the categories “Introducing Work”, “Referring to Sources”, “Describing Methods”, “Reporting Results”, “Discussing Findings”, and “Writing Conclusions”.
http://dns.measurement-factory.com/surveys/openresolvers.htmlDNS | Dataset | Network
The Measurement Factory performed a study of open DNS resolvers between 2006 and 2017. The website has an archive of daily reports, which each list the number of open resolver per ASN.
https://mptcp.io/Dataset | Network | TCP
The website presents the ongoing work of measuring the MPTCP deployment. Aggregated statistics for IPv4 and IPv6 are shown. Access to raw data is available, after a free email registration.
https://rpki-monitor.antd.nist.gov/BGP | Dataset | RPKI
The NIST RPKI Monitor shows different statistics about RPKI adoption and about the validation status. It shows the number of validating prefixes, their history, the autonomous systems with the most VALID and INVALID prefixes and how validation changes over time.
https://data.netlab.360.com/Amplification | Dataset | Network | Tool
The Netlab of 360.com provides some open data streams.
One dataset concerns the number of abused reflectors per protocol.
https://scan.netlab.360.com/Amplification | Dataset | Network | Tool
Overview of IP addresses scanning the internet and which ports are scanned.
CTF | Dataset | Hash | Password
These websites have access to large rainbow tables and allow quick access to known weak hashes.
https://www.openintel.nl/DNS | Dataset | IP | Network
Open INTEL is an active DNS database. It gathers information from public zone files, domain lists (Alexa, Umbrella), and reverse DNS entries. Once every 24 hours data is collected about a bunch of DNS RRsets (
CDNSKEY). The data is openly avaible as AVRO files and dates back until 2016.
The data can be freely downloaded. There is documentation on the layout of the AVRO files.
The project is similar to Active DNS but seems to be larger in scope.
https://ooni.org/Censorship | Dataset
Open Observatory of Network Interference (OONI) is an active measurement platform for censorship measurements. Many different measurements are run, such as blocking of messengers, Tor and VPN blocking, or middleboxes.
https://osv.dev/CVE | Dataset | Security | Vulnerability
osv.dev is a vulnerability database or open-source projects. It mainly acts as an aggregator for multiple other databases. For example, data from Google's OSS-Fuzz project and various language-specific vulnerability databases is combined.
https://overthewire.org/wargames/CTF | Dataset | Tool
Over The Wire provides with the wargames many different challenges, to learn exploitations of different things. There are different wargames based on skill and required tooling. In each level, the user has to retrieve a flag to procede to the next level.
https://www.circl.lu/services/passive-dns/DNS | Dataset | IP | Network
Passive DNS dataset from circl.lu.
https://www.circl.lu/services/passive-ssl/Certificate | Dataset
Historical certificate dataset. Allows querying based on IP address or certificate.
https://www.peeringdb.com/Autonomous System | BGP | Dataset | IXP | Network
Contains information for some networks about peering information. This includes peering partners, transfer speeds, peering requirements and similar.
https://github.com/Ignitetechnologies/Privilege-EscalationCTF | Dataset
The repo contains a curated list of various ways to perform privilege escalation. It is sorted by different attack vectors.
https://www.publicdns.xyz/DNS | Dataset
The website provides a currated list of various public DNS resolver operators and the IP addresses of the DNS servers.
https://publicsuffix.org/DNS | Dataset | Network
The public suffix list gives a way to easily determine the effective second level domain, i.e., the domain which a domain owner registered and which can be under different owners.
https://deployment.rdap.org/Dataset | Network
The website tracts the deployment of Registration Data Access Protocol (RDAP) for all TLDs. RDAP is the successor to whois and offers structured and machine-readable data.
https://atlas.ripe.net/Certificate | DNS | Dataset | IP | Network
RIPE operates a set of probes, which can be used to send pings or similar measurements. The probes are mainly placed in Europe but some are also in other continents.
All the collected measurements can be found in the RIPE Atlas Daily Archives. The blog post gives some more details.
https://stat.ripe.net/Autonomous System | BGP | DNS | Dataset | Network | Tool
RIPEstat is a network statistics platform by RIPE. The platform shows data for IP addresses, networks, ASNs, and DNS names. This includes information such as the registration information, abuse contacts, blocklist status, BGP information, geolocation lookups, or reverse DNS names. Additionally, the website links to many other useful tools, such as an address space hierarchy viewer, historical whois information, and routing consistency checks.
https://rov.rpki.net/BGP | Dataset | Network | RPKI
The Route Origin Validation (ROV) Deployment Monitor measures how many AS have deployed ROV. It uses PEERING for BGP announcements and uses BGP monitors to see in which ASs the wrong announcements are filtered. A blogpost at APNIC describes it in more detail.
Dataset | Network | RPKI | Tool
These websites allow you to browser the valid RPKI announcements. They show which address ranges are covered by RPKI and who the issuing authority is.
https://www.dns.icann.org/rssac/rssac002/DNS | Dataset
RSSAC002 describes measurements for DNS root servers. It collects data, such as the load time, rcode volumes, traffic volume, and unique sources. The data is collected daily and goes back to 2013.
The data is also available in a git repository, which is not always up-to-date. https://github.com/rssac-caucus/RSSAC002-data
Dataset | Network | Regex
These two papers focus on how to extract information from the hostname of routers. These hostnames occur when performing traceroutes. The Regexs can be used to extract identifiers and AS numbers. The generated datasets of the papers are openly accessible.
https://root-servers.orgDNS | Dataset | Tool
Overview page for the DNS root servers. It contains links to general news and all the supporting organizations.
The website features a map with all geographic locations. It contains information about locations, IPv4/IPv6 reachability and IP addresses.
Each root server has its own subdomain in the form of https://a.root-servers.org. It contains access to historical performance data like:
- Size and time of zone updates
- query and response sizes for UDP and TCP
- traffic volume (packets per time)
- Unique sources
https://www.ripe.net/analyse/internet-measurements/routing-information-service-risBGP | DNS | Dataset | Network | Tool
Different information regarding reachability and connectiveness of ASs.
https://dashboard.shadowserver.org/DNS | Dataset | Malware | Network
The Shadowserver Scanning projects performs regular Internet wide scans for many protocols. The dashboard shows the gathered data about botnet sinkholes, Internet scans, honeypots, DDoS, and IoT data. This includes information about the size of botnets, the number of IP addresses with open ports like MySQL, the botnets as seen by honeypots, or the used protocols for DDoS attacks.
The blog post provides an introduction to the new dashboard.
https://scan.shadowserver.org/DNS | Dataset | Malware | Network
The Shadowserver Scanning projects performs regular Internet wide scans for many protocols. They scan for four main types of protocols:
- Amplification protocols, e.g., DNS or NTP
- Botnet protocols, e.g., Gameover Zeus or Sality
- Protocols that should not be exposed, e.g., Elastic Search, LDAP, or RDP
- Vulnerable Protocols, e.g., SSLv3
The website is a great resource to get general statistics about the protocols, like the number of hosts speaking the protocol, their geographic distribution, associated ASNs, and the historic information.
https://www.shodan.io/Certificate | DNS | Dataset | IP | Network
Shodan performs regular scan on common ports.
Access is free, but requires registration. More results can be gained with a paid account.
https://s3.eurecom.fr/~balzarot/security-circus/Dataset | Paper Writing | Security
The System Security Circus by Davide Balzarotti presents many statistics about the Top-4 security conferences, such as authors and affiliations.
https://observatory.research.icann.org/tld-apex-history/DNS | DNSSEC | Dataset | IP | Network
The TLD Apex History is an ICANN project to gather DNSSEC related records for all TLDs.
Further information about the project can be found in this presentation.
Dataset | IXP | Map | Network
TeleGeography provides different maps of the Internet. They contain information about submarine cables, global traffic volume, latency, internet exchange points. The data for the Submarine Map and the Internet Exchange Map can also be found on GitHub in text format.
https://transient.fail/Dataset | Security
The website lists all known speculation side channel attacks. Each attack contains information about the attacked buffer, the affected vendors, and working state. They are sorted into a hierarchy. Each attack is also linked to proof-of-concepts and the academic papers.
https://github.com/trickest/cveCTF | CVE | Dataset
The GitHub repository collects CVEs and proof-of-concept (PoC) exploits for them. It is a good resource to play around with sample exploits.
https://vulnerablecontainers.org/CTF | Dataset | Docker
The website lists docker containers from Docker Hub with known vulnerabilities in it. The top 1000 docker containers from Docker Hub are regularly scanned with Trivy and the results reported here.
A similar tool to scan for vulnerable containers is Clair scanner.
Many different metadata about countries, such as name, country code, languages. It also has a geojson of the country outline and the flags.
W³Techs crawls a large part of the web with over 10 million sites (Alexa). It focuses on the technologies used to implement the websites. The website offers a variety of statistics, such as the most used languages, frameworks, web servers, and hosting information.
https://zonefiles.io/detailed-domain-lists/DNS | Dataset | Network
The website provides download access to domains in many TLDs. Most lists are updated daily. However, not all of the lists seem complete. For example, DENIC reports that they manage over 17 million domains, whereas zonefiles.io only reports over 6 million domains.
https://caniuse.rs/Dataset | Rust | Tool
caniuse.rs shows which library functions were stabilized in which Rust version.
https://dnsdumpster.com/DNS | Dataset | Tool
dnsdumpster.com fetches a lot of DNS information belonging to one domain. It checks the authorative name servers, which records exist, and where the servers are located.
https://dnsthought.nlnetlabs.nl/DNS | DNSSEC | Dataset | Network
Dnsthought list many statistics about the resolvers visible to the .nl-authoritative name servers. The data is gathered from the RIPE Atlas probes. There is a dashboard which only works partially.
Raw data access is also available.
Dataset | Git
These websites provide templates for good
https://ioda.inetintel.cc.gatech.edu/Dataset | Network
IODA is a project by CAIDA to use different data sources to detect macroscopic internet outages in realtime. It measures the internet activity using BGP, darknets, and active probing. The website provides a realtime feed and a historical view of outages.
CTF | Dataset | Reverse Engineering
Online interface to find a libc database by function offsets. They are powered by the libc-database repository.
CTF | Cheatsheet | Dataset | x86
These websites provide reference documentation of the x86 instruction set: