All about Tool


AMP-Research: Amplification ResearchArxiv VanityBGPStream (CAIDA)BGPlayBetter PagersBinDiff (zynamics)Binary Ninja CloudBinary RefineryCPP InsightsCTF Tools by CInsectsCheck Propagation of DNS RecordsCompacted-DNS (C-DNS): A Format for DNS Packet CaptureCyberChefDMAP Domain Mapper by SIDN LabsDNS Quality/Overview ToolsDNS Replay Tool (drool)DNS ToysDNSCAPDNSTOPDangerzone: Create safe PDFsDataset Search by GoogleDebin: Predicting Debug Information in Stripped BinariesDepix: Recover passwords from pixelized screenshotsDetexifyDirectPoll: Large Polls with Audience ParticipationDogbolt Decompiler ExplorerDriftnetDublin TracerouteEasy File Sharing without AccountsEntropy/IPEvcxr: Rust Interpreter and Jupyter The World's Secure Networking Data PlaneFlamethrowerFloat ToyGNU poke: The extensible editor for structured binary dataGhidraGodbolt Compiler ExplorerIDA - Interative DisassemblerIPmap RIPEIPv4 HeatmapIPv6 Security/Network ToolsImage Metadata ViewerJohn the RipperList of JSON to Struct ConvertersList of Malware Analysis WebsitesLists of DNS BlacklistsMetis: Atlas probe selectionMini Internet ProjectMozilla ObservatoryMozilla TLS Configuration GeneratorMultilevel MDA-Lite Paris **Traceroute**Netlab 360 OpenData ProjectNetworkScan MonNextDNSOWASP AmassOne GadgetOnline Dis-AssemblerOnline DisassemblerOpenWPM: A web privacy measurement frameworkOver The Wire: WargamesPEERING: The BGP TestbedPacketQ: Query PCAPs using SQLParis TraceroutePi-holePlay with DockerPostgreSQL's Explain Analyze made ReadablePostgres Explain VisualizerProgramming PlaygroundsQualys SSL LabsRIPE Atlas: Probe FiltersRIPEstat: Providing open data and insights for Internet resourcesRPKI BrowsersRPKI TesterRappel: Linux Assembly REPLRegexGenerator++Resolver TestbedRetDec - Retargetable DecompilerReverse Shell GeneratorRoot ServersRouting Information Service (RIS)RsaCtfToolRun Foreign-Achitecture Docker ContainersRust Macro RailroadRust Regex Explanations and TestingRustexpSSLsplit - transparent SSL/TLS interceptionSandDance: Visualize DataScrabble Word FinderSecurityheadersShapecatcherSherlock: Find usernames across social networksSnowman DecompilerSolve Crypto with Force!Table Magic: Convert between table formatsTables GeneratorTcpdump advanced filtersUnicode Text ConverterW3C Link CheckerWAND Active Measurement ProjectWebPlotDigitizerWildcard DNS for IP AddressesYahtzee Position ScorerYarrp: Yelling at Random Routers ProgressivelyZMap ProjectZiggy: the RPKI Wayback MachineangrarXiv LaTeX Bahn-Preiskalenderbinwalkcaniuse.rscdecl: C gibberish ↔ Englishcolorbrewerdeps.devdnsdumpsterdnskv: DNS-based Key-Value Storagednsperf and resperfdnsteal DNS Exfiltration Toolexplainshelliodine DNS DNS-based Key-Value Storemess with dnsmitmproxy - an interactive HTTPS proxynPrintosquerypdfpc: PDF Presenter Consolepdoc: API Documentation for Python ProjectspreenypwntoolspyNTM: Network Traffic ModelerregexrrespdiffshelldocsnidumptraIXrouteunfurlurlscan.iovizASwirediffzesplot: IPv6 Visualisation

Better Pagers


There are various pagers which are more suitable or user friendly than the basic pagers like more or less.

bat – A cat(1) clone with wings

bat is an advanced pager, supporting usability features. It comes with syntax highlighting out of the box. It also integrates with git and shows the lines added and removed for a file.

pspg – Postgres Pager

pspg is an advanced pager for usage with psql. It shows the data in table form, allows scrolling through the columns and rows. You can pin header or initial columns, such that they do not move while scrolling around. It supports many different color schemes.

CPP Insights

C++ | Tool

Desugar C++ code and show how modern C++ features are implemented. This helps in understanding the details of C++ and how modern compilers implement the language standard.


CTF | Tool

The CyberChef is a website which provides many recipes and makes it easy to combine them. The recipes are small input/output steps, similar to UNIX tools, and cover a large area of topics, like data formats, encoding, encryption, networking, hashing, compression, etc. The main use case is making it easier in CTFs to chain simple operations together like processing encoded text.

DNS Quality/Overview Tools

DNS | DNSSEC | Dataset | Network | Tool

Check My DNS

Browser-based DNS resolver quality measurement tool. Uses the browser to generate many resolver queries and tests for features they should have, such as EDNS support, IPv6, QNAME Minimisation, etc.

This test is also available as a CLI tool:

DNSSEC Debugger

Analyze DNSSEC deployment for a zone and show errors in the configuration.


Gives an overview over DNSSEC delegations, response sizes, and name servers.



The website has an online test, which performs DNS lookups. These DNS lookups test if certain resource records are overwritten in the cache. The tool can then determine what DNS software is used, where the server is located, how many caches there are, etc.

EDNS Compliance Tester

Test name server of zones for correct EDNS support.

The Transitive Trust and DNS Dependency Graph Portal

Shows the trust dependencies in DNS. Given a domain name it can show how zones delegate to each other and why. The delegation is done between IP addresses and zones.

Root Canary Project

The project used to monitor the first root KSK key rollover. Now it contains the paper "Roll, Roll, Roll your Root: A Comprehensive Analysis of the FirstEver DNSSEC Root KSK Rollover" describing the experiences of the first root KSK rollover

Additionally, it includes a tester for DNSSEC algorithm support, which shows the algorithms supported by the currently used recursive resolver. It provides statistics about support for DNSSEC algorithms. It has a web based test to test your own resolver and provides a live monitoring using the RIPA Atlas.

DNSSEC algorithms resolver test

DNS Toys

DNS | Tool

DNS Toys is an authoritative DNS server offering different unit conversion and lookup tools.

Some examples from the website include:

# Lookup time by city name
dig newyork.time

# or weather

# Return the client IP address
dig ip

# Number conversion from decimal to hex
dig 100dec-hex.base

Dangerzone: Create safe PDFs


Dangerzone is a tool for converting documents into safe PDFs. This allows converting potentially dangerous office documents, PDFs, or images into a new PDFs without copying any metadata or macros. It works by converting the original documents into bitmaps and afterwards turning the bitmaps into new PDFs, optionally also with OCR for searchable PDFs.

DirectPoll: Large Polls with Audience Participation


The website lets you create polls, which are intended to be used live in front of a large audience. The presenter can configure the poll, select display options, and mark correct answers.

During the presentation, the presenter has a view, which shows the live results of the poll. The audience can join the polls and vote on them live. The results are completly anonymous.

It can be a great tool for interactive PowerPoint presentations, for lectures, or generally for trivia events.

Dogbolt Decompiler Explorer

CTF | Tool | x86

Dogbolt is an online interactive decompiler explorer. A binary can be uploaded and the decompiled C-like output of multiple decompilers compared. The website collects all uploaded binaries, so be wary of which files to upload. The big advantage of the website is having so many available decompilers (angr, Binary Ninja, Boomerang, Ghidra, IDA Pro, REC Studio, Reko, RetDec, Snowman). A downside is that no alterations to the decompilation are possible, for example to provide function signatures.

Easy File Sharing without Accounts


  • allows uploading from the command line and the browser. Files can be up to 10 GB and be stored up to 14 days. It allows limiting the number of downloads.

    # Upload using cURL
    $ curl --upload-file ./hello.txt
    $ curl -H "Max-Downloads: 1" -H "Max-Days: 5" --upload-file ./hello.txt
  • share and receive files using WebTorrent.

  • allows anonymous file shares. Files can up up to 5 GB and be stored for up to 7 days.


IP | IPv6 | Tool

The Entropy/IP algorithm allows for inspecting and generating IPv6 addresses. Entropy/IP can determine the entropy of different nibbles and relationship between different components. Based on this analysis it can also create valid-looking IPv6 addresses. The World's Secure Networking Data Plane

Network | Tool is a very fast userspace networking library, which allows to create programs for packet processing. While DPDK allows fast read and write access to the NICs, is foccussed on processing the packets. Possible use cases are a packet forwarder, implementing a NAT, or a VPN.

More details also in this APNIC blogpost:

Float Toy


The Float Toy website allows to interactively explore IEEE floating-point numbers. It shows 16, 32, and 64 variants. It allows flipping individual bit and visualizes the result. The meaning of the bits is also shown and color-coded.

Godbolt Compiler Explorer

CTF | Tool | x86

The Godbolt compiler explorer allows the user to compile a function and see the corresponding assembly code. It can highlight matching parts in the language and assembly, making it easy to understand how individual expressions are compiled. It supports common languages like C, C++, Go, Rust. It can also work with assembler and LLVM IR.

Another nice feature is, that it can show statistics about assembler code, like needed cycles, instructions, and which resources the instructions need. This uses the LLVM Machine Code Analyzer.


BGP | Dataset | Map | Network | Tool

IP geolocation services feeding itself from geolocation databases, user provided locations, and most importantly active RTT measurements based on the RIPE Atlas system. It also provides a nice API to query the location. It provides a breakdown on where the results stem from and how much they contribute to the overall result.

IPv4 Heatmap

IP | Tool

The IPv4 heatmap tool draws an image of active IPv4 addresses. The IP addresses are mapped to pixels useing a Hilbert curve or a Z-curve. The image can be extended with annotations about the address space, for example to show which regional internet registry is assigned to the address.

List of JSON to Struct Converters

JSON | Rust | Tool

These websites provide tools, which convert JSON data to structs in different programming languages.

Lists of DNS Blacklists

DNS | Dataset | IP | Network | Spam | Tool

These projects either operate DNS based Real-time Blackhole Lists (RBL) or allow checking if an IP is contained. The Multi-RBL websites are helpful in finding a large quantity of RBLs.

Metis: Atlas probe selection

Network | Tool

The website provides a tool to select a list of autonomous systems with a fairer probe distribution. Probes are not distributed equally, but rather cluster based on population. This leads to large biases towards western locations and certain autonomous systems. The website offers different distance metrics. The output is a list of autonomous system numbers for use in the RIPE Atlas API.

Mini Internet Project

BGP | IP | Network | Tool

The mini internet project is part of the curiculum by the Networked Systems Group of ETH Zurich. It teaches the students the basic steps how to create a mini internet. It starts with the basics of intra-network routing, by setting up multiple L2 switches. Then the students have to configure L3 routers to connect multiple L2 sites together. Lastly, in a big hackathon style, the students need to connect their local network with the network of the other students, by properly configuring BGP routers and setting up routing policies.

The code and the tasks are all available in the GitHub repository.

The APNIC Blog has a nice introduction to the project too.


DNS | Tool

A free and configurable DNS resolver. It provides customizable blocking, such as for ads, trackers, or malicious websites. Additionally, statistics can be shown, such as for most blocked website.

A similar self-hosted variant is Pi-hole.


CTF | DNS | Tool

The OWASP Amass tool suite obtains subdomain names by scraping data sources, recursive brute forcing, crawling web archives, permuting/altering names and reverse DNS sweeping. Additionally, Amass uses the IP addresses obtained during resolution to discover associated netblocks and ASNs. All the information is then used to build maps of the target networks.

OpenWPM: A web privacy measurement framework


OpenWPM is a web privacy measurement framework which makes it easy to collect data for privacy studies on a scale of thousands to millions of websites. OpenWPM is built on top of Firefox, with automation provided by Selenium. It includes several hooks for data collection. Check out the instrumentation section below for more details.

PEERING: The BGP Testbed

BGP | Network | Tool

PEERING is an environment where researchers and educators can play with BGP announcements in a real but sandboxed environment.

Description from the website:

The long-term goal of the PEERING system is to enable on-demand, safe, and controlled access to the Internet routing ecosystem for researchers and educators:

  • PEERING for researchers. Today, it is hard for researchers to conduct Internet routing experiments. To perform a routing experiment, a research institution has to obtain Internet resources (IP addresses and ASNs) and establish relations with upstream networks. PEERING eliminates these obstacles and provides researchers controlled on-demand access to the routing ecosystem.
  • PEERING for educators. Educators can use the PEERING infrastructure in teaching students the Internet routing architecture. The students access to live BGP sessions to multiple ISPs.


DNS | Tool

A free and configurable DNS stub-resolver. It provides customizable blocking, such as for ads, trackers, or malicious websites. Additionally, statistics can be shown, such as for most blocked website.

It can also function as a DHCP server for clients on the same network.

A similar service is NextDNS.

Play with Docker

Docker | Tool

Play with Docker is a Docker playground which allows users to run Docker commands in a matter of seconds. It gives the experience of having a free Alpine Linux Virtual Machine in browser, where you can build and run Docker containers and even create clusters in Docker Swarm Mode. Under the hood Docker-in-Docker (DinD) is used to give the effect of multiple VMs/PCs. In addition to the playground, PWD also includes a training site composed of a large set of Docker labs and quizzes from beginner to advanced level available at

RIPE Atlas: Probe Filters

Network | Tool

The repository contains code for a better probe selection for the RIPE Atlas measurement system. Probes are not distributed equally, but rather cluster based on population. This leads to large biases towards western locations and certain autonomous systems. The goal of the repository is to find a more equal, thus fairer probe selection.

RIPEstat: Providing open data and insights for Internet resources

Autonomous System | BGP | DNS | Dataset | Network | Tool

RIPEstat is a network statistics platform by RIPE. The platform shows data for IP addresses, networks, ASNs, and DNS names. This includes information such as the registration information, abuse contacts, blocklist status, BGP information, geolocation lookups, or reverse DNS names. Additionally, the website links to many other useful tools, such as an address space hierarchy viewer, historical whois information, and routing consistency checks.

Rappel: Linux Assembly REPL

ARM | Tool | x86

Rappel is a pretty janky assembly REPL. It works by creating a shell ELF, starting it under ptrace, then continiously rewriting/running the .text section, while showing the register states. It's maybe half done right now, and supports Linux x86, amd64, armv7 (no thumb), and armv8 at the moment.


Regex | Tool

The website provides an automatic generator for regex patterns by learning from sample sentences. The website requires entering as many sample sentences with as many matching positions as possible. These datasets can also be imported and exported, such that they can be refined over time.

Resolver Testbed

DNS | Tool

This repo describes a testbed to test various DNS resolvers. The purpose of the testbed is to allow researchers to set up many resolvers and run tests on each. For example, a test might see what the resolver emits when it is priming, or when it is responding to a particular query while using DNSSEC validation.

RetDec - Retargetable Decompiler

Reverse Engineering | Tool

A standalone decompiler build and managed by Avast. Works as a standalone program, has a trial version on the website, and there is an IDA Plugin.

Supported file formats: ELF, PE, Mach-O, COFF, AR (archive), Intel HEX, and raw machine code. Supported architectures (32b only): Intel x86, ARM, MIPS, PIC32, and PowerPC.

Reverse Shell Generator

CTF | Tool

The website provides a generator for quickly configuring a reverse shell. After entering an IP address and port number, the website shows code snippets for many languages. It also provides the option to create bind shells or use the metasploit framework.

Root Servers

DNS | Dataset | Tool

Overview page for the DNS root servers. It contains links to general news and all the supporting organizations.

The website features a map with all geographic locations. It contains information about locations, IPv4/IPv6 reachability and IP addresses.

Each root server has its own subdomain in the form of It contains access to historical performance data like:

  • Size and time of zone updates
  • RCODE volume
  • query and response sizes for UDP and TCP
  • traffic volume (packets per time)
  • Unique sources

Rust Regex Explanations and Testing

Regex | Rust | Tool

The Academic Phrasebank is a general resource for academic writers. It aims to provide you with examples of some of the phraseological ‘nuts and bolts’ of writing organised according to the main sections of a research paper or dissertation.

The data bank contains the categories “Introducing Work”, “Referring to Sources”, “Describing Methods”, “Reporting Results”, “Discussing Findings”, and “Writing Conclusions”.

This is esentially regexr for Rust.

Unicode Text Converter

Tool | Unicode

The tool converts an input string into different and sometimes obscure Unicode characters. It is usefull to generate funny looking text or to generate a new username, if the desired on is taken.

For example, the tool supports ⓒⓘⓡⓒⓛⓔⓓ, 𝖋𝖗𝖆𝖐𝖙𝖚𝖗, 🆂🆀🆄🅰🆁🅴🅳, ꜱᴍᴀʟʟ ᴄᴀᴩꜱ, ɐup 𝕠𝕥𝕙𝕖𝕣 wɘiᴙb options.

WAND Active Measurement Project

Autonomous System | DNS | Dataset | Network | Tool | Traceroute

AMP is a system designed to continuously perform active network measurements between a mesh of specialist monitor machines, as well as to other targets of interest. These measurements are used to provide both a view of long-term network performance as well as to detect notable network events when they happen.

The project is run with a custom client and server software. The measurement results can be viewed on the website. It includes traceroutes, latencies (DNS, HTTP, ICMP, TCP), HTTP page sizes, and packet loss. The software is available as open source.



The WebPlotDigitizer is a tool to extract data from plots and images. It guides the user through annotating the image and setting some parameters (such as axis values). This allows the tool to extract the values from the chart. The tools allows many customizations to allow better tuning of the extraction process. WebPlotDigitizer also comes in a desktop version.

Wildcard DNS for IP Addresses

DNS | IP | Network | Tool

These services allow you to create a domain name for any IP address. The IP address is encoded into the domain name. An overview over different services can be found here.

Online Services

  • provides IPv4 only

    • Supports both . and - separators.
    • resolves to
    • resolves to
    • resolves to
    • resolves to
  • provides IPv4 and IPv6

    • Supports both . and - separators.
    • Provides the ability to use the service with your own branding.
    • resolves to
    • resolves to
    • resolves to
    • – resolves to ::1
    • resolves to 2a01:4f8:c17:b8f::2

Self-hosted Options

  • hipio is a Haskell service for IPv4.

ZMap Project

DNS | IP | Network | Tool

Different utilities for network scanning. Most imporantly the zmap component, which is a packet scanner for different protocols. It also contains other tools like ways to iterate over the IPv4 address space and blacklist/whitelist management.

Security | Tool is a dependency analyzer for multiple language ecosystems (npm, Go modules, Maven, PyPI, Cargo). It shows basic information, such as the metadata (including license) about each package, dependencies, and reverse dependencies. It enhances these information by adding a diff viewer for the versions. Security advisories affecting a package or dependency are highlighted. The OpenSSF scorecard is also integrated, showing more insights about the project health.

The second feature of the website is an advisory viewer. It shows details about each advisory, including affected versions. It also calculates how much of the ecosystem is affected and patched.

dnskv: DNS-based Key-Value Storage

DNS | Tool

This is a custom DNS server which allows setting and retrieving text based data. New values can be written as subdomains and retrieved via a normal TXT lookup.

  • To set a key: dig txt +short
  • To get a key: dig txt +short

The service provides many extra options like setting an expiry time or the TTL.


Cheatsheet | Shell | Tool

explainshell does what the name suggest: it explains shell commands. It allows to write a shell command and it expains what the program is doing, the meaning of the command line flags, and how the pipeing between different programs works. DNS-based Key-Value Store

DNS | Tool

This is a custom DNS server which allows setting and retrieving text based data. New values can be written as subdomains and retrieved via a normal TXT lookup.

  • To set a key: dig txt +short
  • To get a key: dig txt +short
  • To delete a key: dig txt +short

mess with dns

DNS | Tool

"mess with dns" is a tool which allows you to experiment with DNS. The website allows creation of resource records of many types. They are all within a custom 3rd level domain. The website also shows the DNS requests the authoritative DNS server received.


Network | Tool

The nPrint project is a collection of open source software and benchmarks for network traffic analysis that aim to replace the built-to-task approach currently taken when examining traffic analysis tasks.



osquery exposes an operating system as a high-performance relational database. This allows you to write SQL-based queries to explore operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes.

pdfpc: PDF Presenter Console

LaTeX | Tool

pdfpc is a tool enabling a presenter mode for presenting PDF files. The presenter mode contains the usual features known from Powerpoint/Libreoffice:

  • Slide previews
  • Notes
  • Timer

pdfpc is especially adapted to present LaTeX presentations, which otherwise do not have a presenter mode.

pdoc: API Documentation for Python Projects

Python | Tool

pdoc is a Python API documentation generation, which turns doc-strings and type annotations into a simple and elegant documentation.

pdoc auto-generates API documentation that follows your project's Python module hierarchy. It requires no configuration, has first-class support for type annotations, cross-links between identifiers, comes with an integrated live-reloading web server, uses customizable HTML templates, understands numpydoc and Google-style docstrings, and is permissively licensed.


CTF | Tool

preeny helps pwning binaries by disabling many annoying functions such as random or alarm. It does so by providing different LDPRELOAD-able libraries for those library functions.


CTF | Tool

pwntools is one of THE Python tools needed during a CTF. It is useful for both jeopardy and attack-defense CTFs. It provides common abstractions, like connecting to a local or remote program and simplifying I/O. Addtionally, it provides helpers for many exploitation techniques, such as ROP, shellcode, and leaking memory.


Cheatsheet | Regex | Tool

regexr helps in understanding and writing regular expressions (RegEx). It takes a RegEx and explains the different parts of it. It also shows how the RegEx applies to a sample text.

Additionally, it contains a RegEx reference as well as a user supplied library of different RegExs.



The website allows to inspect encoded information in URLs, by parsing the URL with generic or specialized extractors. For example, it can decode the query parameters of Google searches and display what the different parameters mean.

Malware | Tool is a sandbox for URLs. The website generates a report for a URL to get a basic understanding about the network connections involved. The report includes a screenshot, the list of IP addresses and domains the website uses, and detected scripts.