AMP-Research: Amplification Research

https://github.com/Phenomite/AMP-Research

The AMP-Research project collects information about amplification vectors in protocols including reproduction possibilities. For each vector, the port and protocol are listed, as well as, the amplification factor. A scanning script or payload for scanning with zmap is included too.

APNIC REx

https://rex.apnic.net/overview

APNIC REx shows general information about IPv4 and IPv6 usage and delegations. It features on overview of all AS connections. This is the replacement of the earlier vizAS tool.

Arxiv Vanity

https://www.arxiv-vanity.com/

Watch Arxiv-papers on as a website.

BGPStream (CAIDA)

https://bgpstream.caida.org/

An open-source software framework for live and historical BGP data analysis, supporting scientific research, operational monitoring, and post-event analysis.

BGP streams are freely accessible and provided by Route View, RIPE, and BGPmon.

BGPlay

https://stat.ripe.net/special/bgplay

BGPlay shows a graph of the observed BGP routes. It allows replaying historical BGP announcements and displays route changes.

Documentation
GitHub

Better Pagers

There are various pagers which are more suitable or user friendly than the basic pagers like more or less.

bat – A cat(1) clone with wings

bat is an advanced pager, supporting usability features. It comes with syntax highlighting out of the box. It also integrates with git and shows the lines added and removed for a file.

pspg – Postgres Pager

pspg is an advanced pager for usage with psql. It shows the data in table form, allows scrolling through the columns and rows. You can pin header or initial columns, such that they do not move while scrolling around. It supports many different color schemes.

BinDiff (zynamics)

https://zynamics.com/software.html

IDA plugin for comparing binaries. Allows to label unknown binaries with annotations from a different IDA database.

Binary Ninja Cloud

https://cloud.binary.ninja/

The cloud version of binary ninja allows free reversing in the cloud. It has a real-time collaboration feature.

Binary Refinery

https://github.com/binref/refinery

Binary Refinery is a collection of Python scripts for transforming data. It is similar in concept to CyberChef but runs locally. For example, Binary Refinery supports base64 or hex transformations, hash data, or packing values into binary.

C2Rust

https://c2rust.com/

C2Rust is a project for converting (legacy) C code into equivalent Rust code. The resulting Rust code is very low level and uses pointers and unsafe. The website offers an online demo to show the capabilities of the tool.

CPP Insights

https://cppinsights.io/

Desugar C++ code and show how modern C++ features are implemented. This helps in understanding the details of C++ and how modern compilers implement the language standard.

CTF Tools by CInsects

https://cinsects.de/category/resources.html

CInsects is a German CTF team. They collect resources of tool, tutorials, and documentation around CTF tools and exploitation.

Check Propagation of DNS Records

https://dnschecker.org/

The website allows to execute DNS queries from various locations worldwide to check the returned values.

Compacted-DNS (C-DNS): A Format for DNS Packet Capture

https://www.rfc-editor.org/rfc/rfc8618

C-DNS is a space efficient file format for storing DNS traffic. It is based on CBOR with a fixed schema as defined in RFC 8618.

Some tools exists to work with C-DNS files. The dns-stats compactor can convert pcap-to-cdns and vice versa. It can be configured flexibly to only record those fields of the DNS message which are of interest, thus saving space in the compacted format.

Cryptii: Encoding and encryption online

https://cryptii.com/

The website offers an interactive tool to encode and encrypt data. It presents a visual pipeline through which the data travels, being transformed in each step. It is conceptually similar to CyberChef, but with a focus on encryption.

CyberChef

https://gchq.github.io/CyberChef/

The CyberChef is a website which provides many recipes and makes it easy to combine them. The recipes are small input/output steps, similar to UNIX tools, and cover a large area of topics, like data formats, encoding, encryption, networking, hashing, compression, etc. The main use case is making it easier in CTFs to chain simple operations together, like processing encoded text.

DMAP Domain Mapper by SIDN Labs

https://dmap.sidnlabs.nl/

DMAP is a scalable web scanning suit which supports DNS, HTTPS, TLS, and SMTP. It works based on domain names and crawls the domain for all supported protocols. The advantage over other tools is the unified SQL data model with 166 features and the easy scalability over many crawling machines.

DNS Quality/Overview Tools

Check My DNS

Browser-based DNS resolver quality measurement tool. Uses the browser to generate many resolver queries and tests for features they should have, such as EDNS support, IPv6, QNAME Minimisation, etc.

This test is also available as a CLI tool: https://github.com/DNS-OARC/cmdns-cli

DNSSEC Debugger

Analyze DNSSEC deployment for a zone and show errors in the configuration.

DNSViz

Gives an overview of DNSSEC delegations, response sizes, and name servers.

GitHub: https://github.com/dnsviz/dnsviz

DNS X-Ray

The website has an online test, which performs DNS lookups. These DNS lookups test if certain resource records are overwritten in the cache. The tool can then determine what DNS software is used, where the server is located, how many caches there are, etc.

EDNS Compliance Tester

Test name server of zones for correct EDNS support.

The Transitive Trust and DNS Dependency Graph Portal

Shows the trust dependencies in DNS. Given a domain name it can show how zones delegate to each other and why. The delegation is done between IP addresses and zones.

Root Canary Project

The project used to monitor the first root KSK key rollover. Now it contains the paper "Roll, Roll, Roll your Root: A Comprehensive Analysis of the FirstEver DNSSEC Root KSK Rollover" describing the experiences of the first root KSK rollover

Additionally, it includes a tester for DNSSEC algorithm support, which shows the algorithms supported by the currently used recursive resolver. It provides statistics about support for DNSSEC algorithms. It has a web based test to test your own resolver and provides a live monitoring using the RIPA Atlas.

DNSSEC algorithms resolver test

DNS Replay Tool (drool)

https://www.dns-oarc.net/tools/drool

Tool to replay DNS queries captured in a pcap file with accurate timing between queries. Allows modifying the replay, like changing IP addresses, speeding up or slowing down the queries.

DNS Toys

https://www.dns.toys/

DNS Toys is an authoritative DNS server offering different unit conversion and lookup tools.

Some examples from the website include:

# Lookup time by city name
dig newyork.time @dns.toys

# or weather
dig newyork.weather @dns.toys

# Return the client IP address
dig ip @dns.toys

# Number conversion from decimal to hex
dig 100dec-hex.base @dns.toys

DNSCAP

https://www.dns-oarc.net/tools/dnscap

DNS network capture utility. Similar in concept to tcpdump, but with specialized options for DNS.

DNSTOP

http://dns.measurement-factory.com/tools/dnstop/

Top-like utility showing information about captured DNS requests. It shows information about the domains queries, the types, and responses.

Dangerzone: Create safe PDFs

https://dangerzone.rocks/about.html

Dangerzone is a tool for converting documents into safe PDFs. This allows converting potentially dangerous office documents, PDFs, or images into a new PDFs without copying any metadata or macros. It works by converting the original documents into bitmaps and afterwards turning the bitmaps into new PDFs, optionally also with OCR for searchable PDFs.

Dataset Search by Google

https://datasetsearch.research.google.com/

The Dataset Search by Google is a search engine explicitly for datasets. Supported datasets need to be tagged with a special markup, which allows the search to provide more useful results. This also limits the search engine, since not all datasets will be appropiatly marked.

Debin: Predicting Debug Information in Stripped Binaries

https://debin.ai

Debin is a tool to predict the debug information of stripped binaries. It only works reliable with C programs, as this is the only dataset it was trained on. It might be useful to use the website for jeopardy CTFs.

Depix: Recover passwords from pixelized screenshots

https://github.com/beurtschipper/Depix

Depix allows reverting pixelization and recover the original text. It works for pixelated images created using linear box filters. The recovery process is not always perfect, but good enough to produce readable text.

Detexify

https://detexify.kirelabs.org/classify.html

Detexify helps in writing complex LaTeX symbols, similar to Shapecatcher for Unicode. It searches for the correct LaTeX macros based on a drawing of the shape the users wants. It is a better way to search for symbols instead of going through the symbols-a4.pdf manually.

DiG GUI: DiG Web Interface

https://www.diggui.com/

The website provides a simple interface for dig. You can specify the various CLI arguments of dig with a web-based form.

DirectPoll: Large Polls with Audience Participation

https://directpoll.com/

The website lets you create polls, which are intended to be used live in front of a large audience. The presenter can configure the poll, select display options, and mark correct answers.

During the presentation, the presenter has a view, which shows the live results of the poll. The audience can join the polls and vote on them live. The results are completly anonymous.

It can be a great tool for interactive PowerPoint presentations, for lectures, or generally for trivia events.

Distributed Randomness Beacon

https://drand.love/

The distributed randomness beacon is a verifiable, unpredictable and unbiased random numbers as a service. A network of multiple entities computes the random numbers. They are a good source of true entropy. Another use is in verifiable lotteries, by using these random numbers to pick a winner at random.

Dogbolt Decompiler Explorer

https://dogbolt.org/

Dogbolt is an online interactive decompiler explorer. A binary can be uploaded and the decompiled C-like output of multiple decompilers compared. The website collects all uploaded binaries, so be wary of which files to upload. The big advantage of the website is having so many available decompilers (angr, Binary Ninja, Boomerang, Ghidra, IDA Pro, REC Studio, Reko, RetDec, Snowman). A downside is that no alterations to the decompilation are possible, for example, to provide function signatures.

Driftnet

https://github.com/deiv/driftnet

Driftnet watches network traffic, and picks out and displays JPEG and GIF images for display.

Dublin Traceroute

https://dublin-traceroute.net/README.md

This is an improvement on Paris traceroute and the classical traceroute. It can detect changing routes and detect NATs along the path.

Easy File Sharing without Accounts

• https://transfer.sh/ allows uploading from the command line and the browser. Files can be up to 10 GB and be stored up to 14 days. It allows limiting the number of downloads.

  # Upload using cURL
  $ curl --upload-file ./hello.txt https://transfer.sh/hello.txt
  https://transfer.sh/66nb8/hello.txt
  
  $ curl -H "Max-Downloads: 1" -H "Max-Days: 5" --upload-file ./hello.txt https://transfer.sh/hello.txt
  https://transfer.sh/66nb8/hello.txt
  

• https://instant.io/ share and receive files using WebTorrent.

• https://send.tresorit.com/ allows anonymous file shares. Files can up up to 5 GB and be stored for up to 7 days.

Entropy/IP

https://github.com/akamai/entropy-ip

The Entropy/IP algorithm allows for inspecting and generating IPv6 addresses. Entropy/IP can determine the entropy of different nibbles and the relationship between different components. Based on this analysis, it can also create valid-looking IPv6 addresses.

Evcxr: Rust Interpreter and Jupyter Kernel

https://github.com/evcxr/evcxr

Evcxr is a Rust interpreter and also provides a Jupyter kernel. This is a helpful addition to the online playground as it allows installing and using any crate.

FD.io: The World's Secure Networking Data Plane

https://fd.io/

FD.io is a very fast userspace networking library, which allows to create programs for packet processing. While DPDK allows fast read and write access to the NICs, FD.io is foccussed on processing the packets. Possible use cases are a packet forwarder, implementing a NAT, or a VPN.

More details also in this APNIC blogpost: https://blog.apnic.net/2020/04/17/kernel-bypass-networking-with-fd-io-and-vpp/

Flamethrower

https://github.com/DNS-OARC/flamethrower

Flamethrower is a small, fast, configurable tool for functional testing, benchmarking, and stress testing DNS servers and networks. It supports IPv4, IPv6, UDP, TCP, DoT, and DoH and has a modular system for generating queries used in the tests.

Float Exposed

https://float.exposed/

The Float Exposed website allows exploring IEEE floating-point numbers interactively. It shows 16, 32, and 64 variants. It allows flipping individual bit and visualizes the result. The meaning of the bits is also shown and color-coded.

Float Toy

https://evanw.github.io/float-toy/

The Float Toy website allows exploring IEEE floating-point numbers interactively. It shows 16, 32, and 64 variants. It allows flipping individual bit and visualizes the result. The meaning of the bits is also shown and color-coded.

GNU poke: The extensible editor for structured binary data

https://www.jemarch.net/poke.html

GNU poke is an interactive, extensible editor for binary data. Not limited to editing basic entities such as bits and bytes, it provides a full-fledged procedural, interactive programming language designed to describe data structures and to operate on them.

poke comes which a online manual and also has a quick start guide.

Ghidra

https://ghidra-sre.org/

Ghidra software reverse engineering (SRE) framework and IDA Pro alternative.

Godbolt Compiler Explorer

https://godbolt.org/

The Godbolt compiler explorer allows the user to compile a function and see the corresponding assembly code. It can highlight matching parts in the language and assembly, making it easy to understand how individual expressions are compiled. It supports common languages like C, C++, Go, Rust. It can also work with assembler and LLVM IR.

Another nice feature is, that it can show statistics about assembler code, like needed cycles, instructions, and which resources the instructions need. This uses the LLVM Machine Code Analyzer.

IDA - Interactive Disassembler

https://hex-rays.com/ida-free/

THE reverse engineering tool.

IPmap RIPE

https://ipmap.ripe.net/

IP geolocation services feeding itself from geolocation databases, user provided locations, and most importantly, active RTT measurements based on the RIPE Atlas system. It also provides a nice API to query the location. It provides a breakdown on where the results stem from and how much they contribute to the overall result.

IPv4 Heatmap

https://github.com/measurement-factory/ipv4-heatmap

The IPv4 heatmap tool draws an image of active IPv4 addresses. The IP addresses are mapped to pixels using a Hilbert curve or a Z-curve. The image can be extended with annotations about the address space, for example, to show which regional internet registry is assigned to the address.

IPv6 Security/Network Tools

• THC IPv6 Attack Toolkit
  Different small tools to test different network conditions.
• SI6 Networks' Toolkit
  Different utilities for understanding and debugging IPv6 traffic.

Image Metadata Viewer

http://exif.regex.info/exif.cgi

The online Image Metadata Viewer shows the EXIF information from uploaded files or files by URL. It supports a wide range of metadata, such as XMP, EXIF, IPTC, and MakerNotes.

Internet Society Pulse

https://pulse.internetsociety.org/

The Internet Society gathers data to show the general health and availability of the internet. They measure four categories: internet shutdowns, technology use, resilience, and concentration. Under internet shutdowns, they show which countries are performing what kind of disruption, e.g., regional or national. The technology sections lists basic statistics about HTTPS, IPv6, TLS, DNSSEC.

John the Ripper

https://github.com/openwall/john

John the Ripper is THE tool to brute force passwords and password hashes. It is very fast in calculating hashes with support of GPU acceleration and supports a wide range of different hash formats.

List of JSON to Struct Converters

These websites provide tools, which convert JSON data to structs in different programming languages.

• https://transform.tools/json-to-rust-serde
  The website supports data type generation for a large set of languages. It also supports SVG, HTML, CSS, and GraphQL as input to convert.
• https://typegen.vestera.as/
• https://app.quicktype.io/
  The website supports data type generation for a large set of languages.
• https://schema-analysis.com/ Support JSON, YAML, CBOR, TOML, and XML as input. Multiple output formats are supported too.

List of Malware Analysis Websites

These websites provide different features to analyze binaries and especially malware. They provide searching by file hashes or by uploading the binary.

Some services provide more detailed analyzes, such as which files were accessed or snapshots of any windows opened.

• ANY.RUN
• Hybrid Analysis
• Virustotal

Lists of DNS Blacklists

These projects either operate DNS based Real-time Blackhole Lists (RBL) or allow checking if an IP is contained. The Multi-RBL websites are helpful in finding a large quantity of RBLs.

• https://multirbl.valli.org/
  • Contains hundreds of RBLs, including descriptions of them and their return values.
• http://www.anti-abuse.org/multi-rbl-check/
• https://dnsbllookup.com
• https://www.dnsbl.info
• https://www.spamhaus.org/
  • Operates different RBLs such as for spam, exploits, domains with bad reputation, do-no-route ("drop-all-traffic"), and known spam operators.

Metis: Atlas probe selection

https://ihr.iijlab.net/ihr/en-us/metis/selection

The website provides a tool to select a list of autonomous systems with a fairer probe distribution. Probes are not distributed equally, but rather cluster based on population. This leads to large biases towards western locations and certain autonomous systems. The website offers different distance metrics. The output is a list of autonomous system numbers for use in the RIPE Atlas API.

Microsoft Powertoys

https://learn.microsoft.com/en-us/windows/powertoys/

Microsoft PowerToys has many tools for advanced Windows usage. It supports better window tiling with more zones, batch file renaming, and a host file editor, as well as a bunch more features.

Mini Internet Project

https://github.com/nsg-ethz/mini_internet_project

The mini internet project is part of the curriculum by the Networked Systems Group of ETH Zurich. It teaches the students the basic steps how to create a mini internet. It starts with the basics of intra-network routing, by setting up multiple L2 switches. Then the students have to configure L3 routers to connect multiple L2 sites together. Lastly, in a big hackathon style, the students need to connect their local network with the network of the other students, by properly configuring BGP routers and setting up routing policies.

The code and the tasks are all available in the GitHub repository.

The APNIC Blog has a nice introduction to the project too.

Mozilla Observatory

https://observatory.mozilla.org/

Website quality measurement tool. The website measures the quality of HTTP headers which improve security. Additionally, it provides inspections for the TLS certificate and SSH servers. It also includes many third party tools.

Mozilla TLS Configuration Generator

https://ssl-config.mozilla.org/

Create variable TLS configurations for all major webservers. It is specialized for each webserver and server version. The configurations supports different TLS configurations, depending on the needed support for old clients.

Multilevel MDA-Lite Paris **Traceroute**

https://gitlab.planet-lab.eu/cartography/

Multi-level MDA-Lite Paris Traceroute is a traceroute tool, which understands and learns more complex network topologies. Often times the network is not just a line, but multiple paths are possible and chosen at random.

A good description of the tool can be found in the RIPE Labs post or in the IMC 2018 paper.

Netlab 360 OpenData Project

https://data.netlab.360.com/

The Netlab of 360.com provides some open data streams.

One dataset concerns the number of abused reflectors per protocol.

NetworkScan Mon

https://scan.netlab.360.com/

Overview of IP addresses scanning the internet and which ports are scanned.

NextDNS

https://nextdns.io/

A free and configurable DNS resolver. It provides customizable blocking, such as for ads, trackers, or malicious websites. Additionally, statistics can be shown, such as for most blocked website.

A similar self-hosted variant is Pi-hole.

OWASP Amass

https://github.com/owasp-amass/amass

The OWASP Amass tool suite obtains subdomain names by scraping data sources, recursive brute forcing, crawling web archives, permuting/altering names and reverse DNS sweeping. Additionally, Amass uses the IP addresses obtained during resolution to discover associated netblocks and ASNs. All the information is then used to build maps of the target networks.

One Gadget

https://github.com/david942j/one_gadget

A tool to find the one gadget in libc. It list all gadgets leading to execve('/bin/sh', NULL, NULL) including their preconditions.

Online Dis-Assembler

https://defuse.ca/online-x86-assembler.htm

Website allowing assembly and disassembly of x86 and x64 code.

Online Disassembler

https://onlinedisassembler.com/odaweb/

The online disassembler can disassemble a wide range of binary formats and platforms. It can disassemble freestanding bytes too. It provides a disassembly view, a graph view, a symbols and a function viewer.

Open Traffic Generator (OTG)

https://otg.dev/

Open Traffic Generator (OTG) is an open standard, specifying a declarative and vendor neutral API for testing Layer 2-7 network devices and applications (at any scale).

OpenPGP-Schlüssel beglaubigen

https://pgp.governikus.de/

PGP relies on a web of trust to authenticate the created PGP keys. Governikus will sign PGP keys after authenticating with a German eID. This provides a simpler way to get a trusted signature on your PGP key.

OpenWPM: A web privacy measurement framework

https://github.com/openwpm/OpenWPM

OpenWPM is a web privacy measurement framework which makes it easy to collect data for privacy studies on a scale of thousands to millions of websites. OpenWPM is built on top of Firefox, with automation provided by Selenium. It includes several hooks for data collection. Check out the instrumentation section below for more details.

Over The Wire: Wargames

https://overthewire.org/wargames/

Over The Wire provides with the wargames many different challenges, to learn exploitations of different things. There are different wargames based on skill and required tooling. In each level, the user has to retrieve a flag to procede to the next level.

PEERING: The BGP Testbed

https://peering.ee.columbia.edu/

PEERING is an environment where researchers and educators can play with BGP announcements in a real but sandboxed environment.

Description from the website:

The long-term goal of the PEERING system is to enable on-demand, safe, and controlled access to the Internet routing ecosystem for researchers and educators:

• PEERING for researchers. Today, it is hard for researchers to conduct Internet routing experiments. To perform a routing experiment, a research institution has to obtain Internet resources (IP addresses and ASNs) and establish relations with upstream networks. PEERING eliminates these obstacles and provides researchers controlled on-demand access to the routing ecosystem.
• PEERING for educators. Educators can use the PEERING infrastructure in teaching students the Internet routing architecture. The students access to live BGP sessions to multiple ISPs.

PacketQ: Query PCAPs using SQL

https://github.com/DNS-OARC/PacketQ

packetq is a command line tool to run SQL queries directly on PCAP files, the results can be outputted as JSON (default), formatted/compact CSV and XML. It also contains a very simplistic web-server in order to inspect PCAP files remotely,

Paris Traceroute

https://paris-traceroute.net/

This is an improvement on the traditional traceroute program. It is able to detect multiple distinct routes and display them accordingly. The classical traceroute would produce weird results on changing network routes.

Another similar program is Dublin traceroute.

PathVis: Visualising Traceroute

https://github.com/SIDN/pathvis

Traceroutes can be hard to understand. PathVis visualizes the network connections of your computer. It creates a tree of network nodes, with the root being the PathVis computer. The tree shows the paths to the other endpoints the computer is talking too.

The blog post introduces PathVis and explains the motivation behind it.

Pi-hole

https://pi-hole.net/

A free and configurable DNS stub-resolver. It provides customizable blocking, such as for ads, trackers, or malicious websites. Additionally, statistics can be shown, such as for most blocked website.

It can also function as a DHCP server for clients on the same network.

A similar service is NextDNS.

Play with Docker

https://labs.play-with-docker.com/

Play with Docker is a Docker playground which allows users to run Docker commands in a matter of seconds. It gives the experience of having a free Alpine Linux Virtual Machine in browser, where you can build and run Docker containers and even create clusters in Docker Swarm Mode. Under the hood Docker-in-Docker (DinD) is used to give the effect of multiple VMs/PCs. In addition to the playground, PWD also includes a training site composed of a large set of Docker labs and quizzes from beginner to advanced level available at training.play-with-docker.com.

PostgreSQL's Explain Analyze made Readable

https://explain.depesz.com/s/w1Wko

The website takes a Postgres Explain output and displays it more readable and highlights the important parts.

Postgres Explain Visualizer

https://tatiyants.com/pev/#/plans/new

The website takes a Postgres Explain output and displays it as a more readable graph.

Programming Playgrounds

• https://play.rust-lang.org/
  • The Rust playground.
• https://www.rustexplorer.com/
  • Rust playground with the top 10k crates.
• https://repl.it/languages
  • REPLs for many languages.
• https://www.tutorialspoint.com/codingground.htm
  • Programming playgrounds for a wide variety of languages.
• https://jvns.ca/blog/2023/04/17/a-list-of-programming-playgrounds
  • Curated list of programming playgrounds.

Qualys SSL Labs

https://www.ssllabs.com/

Test the quality of a server's or a client's SSL/TLS stack. Very useful to test a server. Provides a A-F rating scheme and shows vulnerabilities and weak protocols/cipher suites.

RIPE Atlas: Probe Filters

https://github.com/nicholaskernan/probe-filters

The repository contains code for a better probe selection for the RIPE Atlas measurement system. Probes are not distributed equally, but rather cluster based on population. This leads to large biases towards western locations and certain autonomous systems. The goal of the repository is to find a more equal, thus fairer probe selection.

RIPEstat: Providing open data and insights for Internet resources

https://stat.ripe.net/

RIPEstat is a network statistics platform by RIPE. The platform shows data for IP addresses, networks, ASNs, and DNS names. This includes information such as the registration information, abuse contacts, blocklist status, BGP information, geolocation lookups, or reverse DNS names. Additionally, the website links to many other useful tools, such as an address space hierarchy viewer, historical whois information, and routing consistency checks.

RPKI Browsers

These websites allow you to browser the valid RPKI announcements. They show which address ranges are covered by RPKI and who the issuing authority is.

• https://rpki.cloudflare.com/
• https://rpki-validator.ripe.net/
• https://rpkiviz.zdns.cn/

RPKI Tester

https://www.ripe.net/s/rpki-test

Website, which tests, if your provider filters invalid announcements using RPKI.

Rappel: Linux Assembly REPL

https://github.com/yrp604/rappel

Rappel is a pretty janky assembly REPL. It works by creating a shell ELF, starting it under ptrace, then continiously rewriting/running the .text section, while showing the register states. It's maybe half done right now, and supports Linux x86, amd64, armv7 (no thumb), and armv8 at the moment.

RegexGenerator++

http://regex.inginf.units.it/

The website provides an automatic generator for regex patterns by learning from sample sentences. The website requires entering as many sample sentences with as many matching positions as possible. These datasets can also be imported and exported, such that they can be refined over time.

Resolver Testbed

https://github.com/icann/resolver-testbed

This repo describes a testbed to test various DNS resolvers. The purpose of the testbed is to allow researchers to set up many resolvers and run tests on each. For example, a test might see what the resolver emits when it is priming, or when it is responding to a particular query while using DNSSEC validation.

RetDec - Retargetable Decompiler

https://retdec.com/

A standalone decompiler build and managed by Avast. Works as a standalone program, has a trial version on the website, and there is an IDA Plugin.

Supported file formats: ELF, PE, Mach-O, COFF, AR (archive), Intel HEX, and raw machine code. Supported architectures (32b only): Intel x86, ARM, MIPS, PIC32, and PowerPC.

Reverse Shell Generator

https://www.revshells.com/

The website provides a generator for quickly configuring a reverse shell. After entering an IP address and port number, the website shows code snippets for many languages. It also provides the option to create bind shells or use the metasploit framework.

Root Servers

https://root-servers.org

Overview page for the DNS root servers. It contains links to general news and all the supporting organizations.

The website features a map with all geographic locations. It contains information about locations, IPv4/IPv6 reachability and IP addresses.

Each root server has its own subdomain in the form of https://a.root-servers.org. It contains access to historical performance data like:

• Size and time of zone updates
• RCODE volume
• query and response sizes for UDP and TCP
• traffic volume (packets per time)
• Unique sources

Routing Information Service (RIS)

https://www.ripe.net/analyse/internet-measurements/routing-information-service-ris

Different information regarding reachability and connectiveness of ASs.

RsaCtfTool

https://github.com/RsaCtfTool/RsaCtfTool

The RsaCtfTool is a tool supporting working with RSA keys. The main focus lies in a wide range of known attacks which are implemented and easy to use with it. This makes it suitable for CTFs, especially Jeopardies.

Run Foreign-Achitecture Docker Containers

https://npmccallum.gitlab.io/post/foreign-architecture-docker/

Sometimes it is necessary to run Docker containers for a different CPU architecture. This Docker container makes it possible to run other Docker containers with a different architecture. It works by using binfmt_misc, a Linux kernel feature to run files with interpreters, and installs QEMU binaries for different architectures.

Rust Macro Railroad

https://lukaslueg.github.io/macro_railroad_wasm_demo/

Helps in understanding macro_rules macros by automatically generating syntax diagrams for them.

Rust Regex Explanations and Testing

https://bestia.dev/rust_regex_explanation_pwa/

This is essentially regexr for Rust. It helps in understanding and writing regular expressions (RegEx). It takes a RegEx and explains the different parts of it. It also shows how the RegEx applies to a sample text.

Rustexp

https://rustexp.lpil.uk/

Rust regular expression editor and tester.

SSLsplit - transparent SSL/TLS interception

https://www.roe.ch/SSLsplit

Simple TLS proxy.

SandDance: Visualize Data

https://microsoft.github.io/SandDance/

SandDance is a tool to quickly visualize and explore data. It comes with a VS Code extension. SandDance provides a few toggles and visualization styles which makes experimentation easy.

Scrabble Word Finder

https://www.crosswordsolver.com/scrabble-word-finder

The website allows to search for valid scrabble word which can be made from the letters. It supports different dictionaries. The website is only for English scrabble.

Securityheaders

https://securityheaders.com/

Scan a website for the HTTP headers returned and how good the security related headers are.

Shapecatcher

https://shapecatcher.com/

Shapecatcher looks up Unicode symbols based on a drawing of the symbol. It is conceptually similar to Detexify, but returns Unicode symbols instead of macros.

Sherlock: Find usernames across social networks

https://github.com/sherlock-project/sherlock

This tool searches through many services if they have a user with a given username. This can either be used to find usernames, which are still available on the important websites or to check for conflicting accounts.

Snowman Decompiler

https://github.com/yegord/snowman

A standalone C decompiler. Also has an IDA plugin.

Supports ARM, x86, and x86-64 architectures. Reads ELF, Mach-O, and PE file formats.

Solve Crypto with Force!

https://github.com/DaWouw/SCWF

The website offers a large variety of crypto implementations which can be tested. It is helpful to solve unknown crypto challenges during CTFs. It is similar in concept to the CyberChef, but only for crypto.

Table Magic: Convert between table formats

https://stevecat.net/table-magic/

The website can convert between different table formats. It supports CSV, Markdown, SQL, HTML. It is useful when embedding CSV data into Markdown or similar.

Table Magic: Convert between table formats

https://tableconvert.com/

The website can convert between different table formats. It supports dozens of formats like Excel, CSV, HTML tables, Markdown, arrays in many languages, or LaTeX.

Tables Generator

https://www.tablesgenerator.com/

The website lets you create very customizable tables. It supports splitting and merging cells, customized lines around each cell, and coloring. The website supports LaTeX, HTML, and Markdown output.

Tcpdump advanced filters

https://blog.wains.be/2007/2007-10-01-tcpdump-advanced-filters/

The website contains different tcpdump filters. It starts with basic filters and then builds up ever more complex ones. This is a good source for looking up complicated filters, if one does not want to write them themself.

Timevault: Timelock Encryption

https://timevault.drand.love/

Timevault is an implementation of timelock encryption. Timelock encryption encrypts a message based on a timestamp. After that time has passed, anyone can decrypt the message. This is useful for embargoed messages, which should be distributed before the reveal time, for example, vulnerability notifications.

The blog post by the drand project introduces the concept and contains further tools.

A command line version for timelock encryption is available.

Unicode Text Converter

https://qaz.wtf/u/convert.cgi

The tool converts an input string into different and sometimes obscure Unicode characters. It is useful to generate funny looking text or to generate a new username, if the desired on is taken.

For example, the tool supports ⓒⓘⓡⓒⓛⓔⓓ, 𝖋𝖗𝖆𝖐𝖙𝖚𝖗, 🆂🆀🆄🅰🆁🅴🅳, ꜱᴍᴀʟʟ ᴄᴀᴩꜱ, ɐup 𝕠𝕥𝕙𝕖𝕣 wɘiᴙb options.

W3C Link Checker

https://validator.w3.org/checklink

The W3C Link Checker crawls your website and reports broken or outdated links. The tool reports on broken links (e.g., 404), broken or missing websites, and links which should be updated to a new location.

Many more W3C checkers exist, for example HTML, CSS, or RSS validation. https://w3c.github.io/developers/tools/ provides an overview.

Web Performance Testers

https://www.webpagetest.org/

Allows scanning a website for different performance characteristics. There are five test kinds: 1) Site Performance, 2) Core Web Vitals, 3) Lighthouse, 4) Visual Comparison, and 5) Traceroute. It reports many web performance problems, like download times, first paints or problems with mobile devices.

https://pagespeed.web.dev/

Reports basic web performance data for mobile and desktop browsers.

WebPlotDigitizer

https://automeris.io/WebPlotDigitizer/

The WebPlotDigitizer is a tool to extract data from plots and images. It guides the user through annotating the image and setting some parameters (such as axis values). This allows the tool to extract the values from the chart. The tools allows many customizations to allow better tuning of the extraction process. WebPlotDigitizer also comes in a desktop version.

WebWormhole: WebRTC based file transfer

https://webwormhole.io/

WebWormhole is a website based file transfer service. You can create a new wormhole and have others join it too. Then each side can provide and download files. The connection is done with WebRTC, such that it works without central server.

Webbkoll: Check your site!

https://webbkoll.dataskydd.net/

The website scans a URL and gives recommendations for better security and privacy settings. This includes checking basics like TLS encryption, security headers that can be enabled (CSP, SRI), and privacy recommendations (like referrers).

Wildcard DNS for IP Addresses

These services allow you to create a domain name for any IP address. The IP address is encoded into the domain name. An overview of different services can be found here.

Online Services

• https://nip.io/ provides IPv4 only

  • Supports both . and - separators.
  • 10.0.0.1.nip.io resolves to 10.0.0.1
  • 192-168-1-250.nip.io resolves to 192.168.1.250
  • customer1.app.10.0.0.1.nip.io resolves to 10.0.0.1
  • magic-127-0-0-1.nip.io resolves to 127.0.0.1

• https://sslip.io/ provides IPv4 and IPv6

  • Supports both . and - separators.
  • Provides the ability to use the service with your own branding.
  • 192.168.0.1.sslip.io resolves to 192.168.0.1
  • 192-168-1-250.sslip.io resolves to 192.168.1.250
  • www.192-168-0-1.sslip.io resolves to 192.168.0.1
  • –1.sslip.io resolves to ::1
  • 2a01-4f8-c17-b8f--2.sslip.io resolves to 2a01:4f8:c17:b8f::2

Self-hosted Options

• hipio is a Haskell service for IPv4.

Yahtzee Position Scorer

http://www-set.win.tue.nl/~wstomv/misc/yahtzee/osyp.php

The Yahtzee position scorer takes the currently filled out values and dice roll and suggests the likely outcome of different game moves.

Yarrp: Yelling at Random Routers Progressively

https://www.cmand.org/yarrp/

Yarrp is a active network topology discovery tool. It's goal is to identify router interfaces and interconnections on internet scale. Conceptually this is similar to running many traceroutes and stiching them together into one view. However, traceroutes are designed to understand the connection between two hosts and do not scale easily.

Your playground for cryptography, coding & data

https://ciphereditor.com/

The website offers an interactive tool to encode and encrypt data. It is based around blocks performing individual operations. These block can then pull or push their input/outputs from variables. This allows chaining them together to achieve more complex operations It is conceptually similar to CyberChef, but with a focus on encryption.

ZMap Project

https://zmap.io/

Different utilities for network scanning. Most imporantly the zmap component, which is a packet scanner for different protocols. It also contains other tools like ways to iterate over the IPv4 address space and blacklist/whitelist management.

Ziggy: the RPKI Wayback Machine

https://github.com/NLnetLabs/ziggy

Ziggy is a tool to inspect the RPKI ecosystem at arbitrary points in the past. It is developed by NLnet Labs. More details about the ziggy tool can be found in the announcement blogpost.

angr

https://angr.io/

angr is a python framework for analyzing binaries. It combines both static and dynamic symbolic ("concolic") analysis, making it applicable to a variety of tasks.

arXiv LaTeX Cleaner

https://github.com/google-research/arxiv-latex-cleaner

This tool allows you to easily clean the LaTeX code of your paper to submit to arXiv. For example, it removes comments and optimizes images.

badssl

https://badssl.com/

Test the quality of a client's SSL/TLS stack. The website shows sites which should fail or pass. Sites which fail but do not on the browser viewing are a risiko.

bahn.guru Bahn-Preiskalender

https://bahn.guru/

The website lets you search for the cheapest train connection between two cities. It shows the cheapest trip per day and shows the different prices during a single day.

binwalk

https://github.com/ReFirmLabs/binwalk

Binwalk is a binary file analysis tool. It works by traversing a file and looking for potentially embedded files. These embedded files can also be extraced.

caniuse.rs

https://caniuse.rs/

caniuse.rs shows which library functions were stabilized in which Rust version.

cdecl: C gibberish ↔ English

https://cdecl.org/

Convert the gibberish of C declarations into English and back. The website uses the Clockwise/Spiral Rule to convert between them.

colorbrewer

https://colorbrewer2.org/

The website helps in selecting a colorscheme for a map. It provides different presets and shows live how they would look on different maps.

deps.dev

https://deps.dev/

deps.dev is a dependency analyzer for multiple language ecosystems (npm, Go modules, Maven, PyPI, Cargo). It shows basic information, such as the metadata (including license) about each package, dependencies, and reverse dependencies. It enhances this information by adding a diff viewer for the versions. Security advisories affecting a package or dependency are highlighted. The OpenSSF scorecard is also integrated, showing more insights about the project health.

The second feature of the website is an advisory viewer. It shows details about each advisory, including affected versions. It also calculates how much of the ecosystem is affected and patched.

dnsdumpster

https://dnsdumpster.com/

dnsdumpster.com fetches a lot of DNS information belonging to one domain. It checks the authorative name servers, which records exist, and where the servers are located.

dnskv: DNS-based Key-Value Storage

https://dnskv.com/

This is a custom DNS server which allows setting and retrieving text based data. New values can be written as subdomains and retrieved via a normal TXT lookup.

• To set a key: dig my-value.my-key.dnskv.com txt +short
• To get a key: dig my-key.dnskv.com txt +short

The service provides many extra options like setting an expiry time or the TTL.

dnsperf and resperf

https://www.dns-oarc.net/tools/dnsperf

DNS performance measurement tools.

dnsteal DNS Exfiltration Tool

https://github.com/m57/dnsteal

dnsteal provides a fake DNS server and encodes a file into a series of DNS requests. The fake DNS server then reassembles the file. This can be used to hide the file exfiltration as DNS traffic, however, since it doesn't use the default DNS server it is quite noisy.

explainshell

https://explainshell.com/

explainshell does what the name suggests: it explains shell commands. It allows writing a shell command, and it explains what the program is doing, the meaning of the command line flags, and how the piping between different programs works.

iodine DNS Tunnel

https://code.kryo.se/iodine/

iodine allows to tunnel IPv4 traffic through a DNS server. This can be used if network access is restricted, but DNS is unfiltered, for example in when a captive portal is deployed.

jc: JSON Convert

https://github.com/kellyjonbrazil/jc

jc JSONifies the output of many CLI tools, file-types, and common strings for easier parsing in scripts, e.g., dig example.com | jc --dig. It can parse the output of many basic Unix tools and system management tools. This list shows the supported parsers. jc is available via pip and Linux repositories.

k-v.io: DNS-based Key-Value Store

https://k-v.io/

This is a custom DNS server which allows setting and retrieving text based data. New values can be written as subdomains and retrieved via a normal TXT lookup.

• To set a key: dig @ns.sslip.io put.my-value.my-key.k-v.io txt +short
• To get a key: dig @ns.sslip.io my-key.k-v.io txt +short
• To delete a key: dig @ns.sslip.io delete.my-key.k-v.io txt +short

mess with dns

https://messwithdns.net/

"mess with dns" is a tool which allows you to experiment with DNS. The website allows creation of resource records of many types. They are all within a custom 3rd level domain. The website also shows the DNS requests the authoritative DNS server received.

mitmproxy - an interactive HTTPS proxy

https://mitmproxy.org/

Proxy framework for performing MitM attacks/transformations. Provides a Python API for scriptability

nPrint

https://nprint.github.io/

The nPrint project is a collection of open-source software and benchmarks for network traffic analysis that aim to replace the built-to-task approach currently taken when examining traffic analysis tasks.

osquery

https://github.com/osquery/osquery

osquery exposes an operating system as a high-performance relational database. This allows you to write SQL-based queries to explore operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes.

pdfpc: PDF Presenter Console

https://github.com/pdfpc/pdfpc

pdfpc is a tool enabling a presenter mode for presenting PDF files. The presenter mode contains the usual features known from PowerPoint/LibreOffice:

• Slide previews
• Notes
• Timer

pdfpc is especially adapted to present LaTeX presentations, which otherwise do not have a presenter mode.

pdoc: API Documentation for Python Projects

https://pdoc.dev/

pdoc is a Python API documentation generation, which turns doc-strings and type annotations into a simple and elegant documentation.

pdoc auto-generates API documentation that follows your project's Python module hierarchy. It requires no configuration, has first-class support for type annotations, cross-links between identifiers, comes with an integrated live-reloading web server, uses customizable HTML templates, understands numpydoc and Google-style docstrings, and is permissively licensed.

preeny

https://github.com/zardus/preeny

preeny helps pwning binaries by disabling many annoying functions such as random or alarm. It does so by providing different LDPRELOAD-able libraries for those library functions.

pwntools

https://pwntools.readthedocs.io/en/stable/

pwntools is one of THE Python tools needed during a CTF. It is useful for both jeopardy and attack-defense CTFs. It provides common abstractions, like connecting to a local or remote program and simplifying I/O. Addtionally, it provides helpers for many exploitation techniques, such as ROP, shellcode, and leaking memory.

pyNTM: Network Traffic Modeler

https://github.com/tim-fiola/network_traffic_modeler_py3

pyNTM allows to create a network with circuits between layer 3 nodes. This model then allows to simulate and evaluate how traffic will traverse the topology. This can be used to test different network topologies and fail over scenarios.

regexr

https://regexr.com/

regexr helps in understanding and writing regular expressions (RegEx). It takes a RegEx and explains the different parts of it. It also shows how the RegEx applies to a sample text.

Additionally, it contains a RegEx reference as well as a user supplied library of different RegExs.

respdiff

https://gitlab.labs.nic.cz/knot/respdiff

DNS responses gathering and differences analysis toolchain.

shelldoc

https://github.com/endocode/shelldoc

Execute code blocks in Markdown files and test if they produce the expected outcome. This is similar to checking doctests using rustdoc.

snidump

https://github.com/kontaxis/snidump

This is a tcpdump-like program for printing TLS SNI and HTTP/1.1 Host fields in live or captured traffic.

traIXroute

http://www.inspire.edu.gr/traIXroute/

A traceroute like tool, that detects where a path crosses an IXP.

unfurl

https://dfir.blog/unfurl/

The website allows to inspect encoded information in URLs, by parsing the URL with generic or specialized extractors. For example, it can decode the query parameters of Google searches and display what the different parameters mean.

urlscan.io

https://urlscan.io/

urlscan.io is a sandbox for URLs. The website generates a report for a URL to get a basic understanding about the network connections involved. The report includes a screenshot, the list of IP addresses and domains the website uses, and detected scripts.

wirediff

https://github.com/aaptel/qtwirediff

WireDiff is a debugging tool to diff network traffic leveraging Wireshark.

Wirediff lets you open 2 network traces packets side-by-side. You can select a packet from each trace and diff their content at the protocol level you want.

A more thorough introduction is available in the APNIC blog: https://blog.apnic.net/2020/07/01/wirediff-a-new-tool-to-diff-network-captures/.

zesplot: IPv6 Visualization

https://github.com/zesplot/zesplot

zesplot is an IPv6 visualization tool. It turns a list of IP addresses into a picture, for example as a heatmap representation. It works based on squarified treemaps, since the IPv4 way of space-filling curves works poorly for such a sparse space.