All about Tool


AMP-Research: Amplification ResearchAPNIC RExArxiv VanityBGPKIT monocleBGPStream (CAIDA)BGPlayBetter PagersBinDiff (zynamics)Binary Ninja CloudBinary RefineryC2RustCPP InsightsCTF Tools by CInsectsCheck Propagation of DNS RecordsCompacted-DNS (C-DNS): A Format for DNS Packet CaptureCryptii: Encoding and encryption onlineCyberChefDMAP Domain Mapper by SIDN LabsDNS Quality/Overview ToolsDNS Replay Tool (drool)DNS ToysDNSCAPDNSTOPDangerzone: Create safe PDFsDataset Search by GoogleDebin: Predicting Debug Information in Stripped BinariesDepix: Recover passwords from pixelized screenshotsDetexifyDiG GUI: DiG Web InterfaceDirectPoll: Large Polls with Audience ParticipationDistributed Randomness BeaconDogbolt Decompiler ExplorerDriftnetDublin TracerouteEasy File Sharing without AccountsEntropy/IPEvcxr: Rust Interpreter and Jupyter The World's Secure Networking Data PlaneFlamethrowerFloat ExposedFloat ToyGNU poke: The extensible editor for structured binary dataGhidraGodbolt Compiler ExplorerIDA - Interactive DisassemblerIPmap RIPEIPv4 HeatmapIPv6 Security/Network ToolsImage Metadata ViewerImmuniWeb: AI for Application SecurityInternet Society PulseJohn the RipperList of JSON to Struct ConvertersList of Malware Analysis WebsitesLists of DNS BlocklistsMetis: Atlas probe selectionMicrosoft PowerToys: Utilities to customize WindowsMini Internet ProjectMozilla ObservatoryMozilla TLS Configuration GeneratorMultilevel MDA-Lite Paris **Traceroute**Netlab 360 OpenData ProjectNetworkScan MonNextDNSOWASP AmassOne GadgetOnline Dis-AssemblerOnline DisassemblerOpen Traffic Generator (OTG)OpenPGP-Schlüssel beglaubigenOpenWPM: A web privacy measurement frameworkOver The Wire: WargamesPEERING: The BGP TestbedPacketQ: Query PCAPs using SQLParis TraceroutePathVis: Visualising TraceroutePi-hole: Network-wide Ad BlockingPlay with DockerPostgreSQL's Explain Analyze made ReadablePostgres Explain VisualizerProgramming PlaygroundsQualys SSL LabsRIPE Atlas: Probe FiltersRIPEstat: Providing open data and insights for Internet resourcesRPKI BrowsersRPKI TesterRappel: Linux Assembly REPLRegexGenerator++Resolver TestbedRetDec - Retargetable DecompilerReverse Shell GeneratorRoot ServersRouting Information Service (RIS)RsaCtfToolRun Foreign-Achitecture Docker ContainersRust Macro RailroadRust Regex Explanations and TestingRustexpSQLFluff: SQL linter and auto-formatterSSLsplit - transparent SSL/TLS interceptionSandDance: Visualize DataScrabble Word FinderSecurityheadersShapecatcherSherlock: Find usernames across social networksSnowman DecompilerSolve Crypto with Force!Table Magic: Convert between table formatsTable Magic: Convert between table formatsTables GeneratorTcpdump advanced filtersTimevault: Timelock EncryptionUnicode Text ConverterW3C Link CheckerWeb Performance TestersWebPlotDigitizerWebWormhole: WebRTC based file transferWebbkoll: Check your site!Wildcard DNS for IP AddressesYahtzee Position ScorerYarrp: Yelling at Random Routers ProgressivelyYour playground for cryptography, coding & dataZMap ProjectZiggy: the RPKI Wayback MachineZonemaster : Run domain Run domain testaddr.toolsangr: Open-Source Binary Analysis PlatformarXiv LaTeX Bahn-Preiskalenderbinwalkcaniuse.rscdecl: C gibberish ↔ Englishcolorbrewerdeps.devdnsdumpsterdnskv: DNS-based Key-Value Storagednsperf and resperfdnsteal DNS Exfiltration Toolexplainshelliodine DNS Tunneljc: JSON DNS-based Key-Value Storemess with dnsmitmproxy - an interactive HTTPS proxynPrintosquerypdfpc: PDF Presenter Consolepdoc: API Documentation for Python ProjectspreenypwntoolspyNTM: Network Traffic Testing TLS/SSL encryptiontraIXrouteunfurlurlscan.iowirediffzesplot: IPv6 Visualization

Better Pagers


There are various pagers which are more suitable or user-friendly than the basic pagers like more or less.

bat – A cat(1) clone with wings

bat is an advanced pager, supporting usability features. It comes with syntax highlighting out of the box. It also integrates with git and shows the lines added and removed for a file.

pspg – Postgres Pager

pspg is an advanced pager for usage with psql. It shows the data in table form, allows scrolling through the columns and rows. You can pin header or initial columns, such that they do not move while scrolling around. It supports many different color schemes.


C | Rust | Tool

C2Rust is a project for converting (legacy) C code into equivalent Rust code. The resulting Rust code is very low level and uses pointers and unsafe. The website offers an online demo to show the capabilities of the tool.

CPP Insights

C++ | Tool

Desugar C++ code and show how modern C++ features are implemented. This helps in understanding the details of C++ and how modern compilers implement the language standard.


CTF | Tool

The CyberChef is a website which provides many recipes and makes it easy to combine them. The recipes are small input/output steps, similar to UNIX tools, and cover a large area of topics, like data formats, encoding, encryption, networking, hashing, compression, etc. The main use case is making it easier in CTFs to chain simple operations together, like processing encoded text.

DNS Quality/Overview Tools

DNS | DNSSEC | Dataset | Network | Tool

Check My DNS

Browser-based DNS resolver quality measurement tool. Uses the browser to generate many resolver queries and tests for features they should have, such as EDNS support, IPv6, QNAME Minimization, etc.

This test is also available as a CLI tool:

DNSSEC Debugger

Analyze DNSSEC deployment for a zone and show errors in the configuration.


Gives an overview of DNSSEC delegations, response sizes, and name servers.



The website has an online test, which performs DNS lookups. These DNS lookups test if certain resource records are overwritten in the cache. The tool can then determine what DNS software is used, where the server is located, how many caches there are, etc.

EDNS Compliance Tester

Test name server of zones for correct EDNS support.

The Transitive Trust and DNS Dependency Graph Portal

Shows the trust dependencies in DNS. Given a domain name, it can show how zones delegate to each other and why. The delegation is done between IP addresses and zones.

Root Canary Project

The project used to monitor the first root KSK key rollover. Now it contains the paper "Roll, Roll, Roll your Root: A Comprehensive Analysis of the First Ever DNSSEC Root KSK Rollover" describing the experiences of the first root KSK rollover

Additionally, it includes a tester for DNSSEC algorithm support, which shows the algorithms supported by the currently used recursive resolver. It provides statistics about support for DNSSEC algorithms. It has a web-based test to test your own resolver and provides a live monitoring using the RIPE Atlas.

DNSSEC algorithms resolver test

DNS Toys

DNS | Tool

DNS Toys is an authoritative DNS server offering different unit conversion and lookup tools.

Some examples from the website include:

# Lookup time by city name
dig newyork.time

# or weather

# Return the client IP address
dig ip

# Number conversion from decimal to hex
dig 100dec-hex.base

Dangerzone: Create safe PDFs


Dangerzone is a tool for converting documents into safe PDFs. This allows converting potentially dangerous office documents, PDFs, or images into a new PDF without copying any metadata or macros. It works by converting the original documents into bitmaps and afterward turning the bitmaps into new PDFs, optionally also with OCR for searchable PDFs.

DirectPoll: Large Polls with Audience Participation


The website lets you create polls, which are intended to be used live in front of a large audience. The presenter can configure the poll, select display options, and mark correct answers.

During the presentation, the presenter has a view, which shows the live results of the poll. The audience can join the polls and vote on them live. The results are completely anonymous.

It can be a great tool for interactive PowerPoint presentations, for lectures, or generally for trivia events.

Distributed Randomness Beacon

Dataset | Tool

The distributed randomness beacon is a verifiable, unpredictable and unbiased random numbers as a service. A network of multiple entities computes the random numbers. They are a good source of true entropy. Another use is in verifiable lotteries, by using these random numbers to pick a winner at random.

Dogbolt Decompiler Explorer

CTF | Tool | x86

Dogbolt is an online interactive decompiler explorer. A binary can be uploaded and the decompiled C-like output of multiple decompilers compared. The website collects all uploaded binaries, so be wary of which files to upload. The big advantage of the website is having so many available decompilers (angr, Binary Ninja, Boomerang, Ghidra, IDA Pro, REC Studio, Reko, RetDec, Snowman). A downside is that no alterations to the decompilation are possible, for example, to provide function signatures.

Easy File Sharing without Accounts


  • allows uploading from the command line and the browser. Files can be up to 10 GB and be stored up to 14 days. It allows limiting the number of downloads.

    # Upload using cURL
    $ curl --upload-file ./hello.txt
    $ curl -H "Max-Downloads: 1" -H "Max-Days: 5" --upload-file ./hello.txt
  • share and receive files using WebTorrent.

  • allows anonymous file shares. Files can be up to 5 GB and be stored for up to 7 days.


IP | IPv6 | Tool

The Entropy/IP algorithm allows for inspecting and generating IPv6 addresses. Entropy/IP can determine the entropy of different nibbles and the relationship between different components. Based on this analysis, it can also create valid-looking IPv6 addresses. The World's Secure Networking Data Plane

Network | Tool is a very fast userspace networking library, which allows creating programs for packet processing. While DPDK allows fast read and write access to the NICs, is focussed on processing the packets. Possible use cases are a packet forwarder, implementing a NAT or a VPN.

More details also in this APNIC blog post:

Float Exposed


The Float Exposed website allows exploring IEEE floating-point numbers interactively. It shows 16, 32, and 64 variants. It allows flipping individual bit and visualizes the result. The meaning of the bits is also shown and color-coded.

Float Toy


The Float Toy website allows exploring IEEE floating-point numbers interactively. It shows 16, 32, and 64 variants. It allows flipping individual bit and visualizes the result. The meaning of the bits is also shown and color-coded.

Godbolt Compiler Explorer

CTF | Tool | x86

The Godbolt compiler explorer allows the user to compile a function and see the corresponding assembly code. It can highlight matching parts in the language and assembly, making it easy to understand how individual expressions are compiled. It supports common languages like C, C++, Go, Rust. Furthermore, it can also work with assembler and LLVM IR.

Another nice feature is, that it can show statistics about assembler code, like needed cycles, instructions, and which resources the instructions need. This uses the LLVM Machine Code Analyzer.


BGP | Dataset | Map | Network | Tool

IP geolocation services feeding itself from geolocation databases, user provided locations, and most importantly, active RTT measurements based on the RIPE Atlas system. It also provides a nice API to query the location. It provides a breakdown on where the results stem from and how much they contribute to the overall result.

IPv4 Heatmap

IP | Tool

The IPv4 heatmap tool draws an image of active IPv4 addresses. The IP addresses are mapped to pixels using a Hilbert curve or a Z-curve. The image can be extended with annotations about the address space, for example, to show which regional internet registry is assigned to the address.

Internet Society Pulse

Autonomous System | BGP | Dataset | Network | Tool

The Internet Society gathers data to show the general health and availability of the internet. They measure four categories: internet shutdowns, technology use, resilience, and concentration. Under internet shutdowns, they show which countries are performing what kind of disruption, e.g., regional or national. The technology sections lists basic statistics about HTTPS, IPv6, TLS, DNSSEC.

List of JSON to Struct Converters

JSON | Rust | Tool

These websites provide tools, which convert JSON data to structs in different programming languages.

Lists of DNS Blocklists

DNS | Dataset | IP | Network | Spam | Tool

These projects either operate DNS based Real-time Blackhole Lists (RBL) or allow checking if an IP is contained. The Multi-RBL websites are helpful in finding a large quantity of RBLs.

Metis: Atlas probe selection

Network | Tool

The website provides a tool to select a list of autonomous systems with a fairer probe distribution. Probes are not distributed equally, but rather cluster based on population. This leads to large biases towards western locations and certain autonomous systems. The website offers different distance metrics. The output is a list of autonomous system numbers for use in the RIPE Atlas API.

Mini Internet Project

BGP | IP | Network | Tool

The mini internet project is part of the curriculum by the Networked Systems Group of ETH Zurich. It teaches the students the basic steps of how to create a mini internet. It starts with the basics of intra-network routing, by setting up multiple L2 switches. Then the students have to configure L3 routers to connect multiple L2 sites together. Lastly, in a big hackathon style, the students need to connect their local network with the network of the other students, by properly configuring BGP routers and setting up routing policies.

The code and the tasks are all available in the GitHub repository.

The APNIC Blog has a nice introduction to the project too.


DNS | Tool

A free and configurable DNS resolver. It provides customizable blocking, such as for ads, trackers, or malicious websites. Additionally, statistics can be shown, such as for most blocked websites.

A similar self-hosted variant is Pi-hole.


CTF | DNS | Tool

The OWASP Amass tool suite obtains subdomain names by scraping data sources, recursive brute forcing, crawling web archives, permuting/altering names and reverse DNS sweeping. Additionally, Amass uses the IP addresses obtained during resolution to discover associated net blocks and ASNs. All the information is then used to build maps of the target networks.

OpenWPM: A web privacy measurement framework


OpenWPM is a web privacy measurement framework which makes it easy to collect data for privacy studies on a scale of thousands to millions of websites. OpenWPM is built on top of Firefox, with automation provided by Selenium. It includes several hooks for data collection. Check out the instrumentation section below for more details.

PEERING: The BGP Testbed

BGP | Network | Tool

PEERING is an environment where researchers and educators can play with BGP announcements in a real but sandboxed environment.

Description from the website:

The long-term goal of the PEERING system is to enable on-demand, safe, and controlled access to the Internet routing ecosystem for researchers and educators:

  • PEERING for researchers. Today, it is hard for researchers to conduct Internet routing experiments. To perform a routing experiment, a research institution has to obtain Internet resources (IP addresses and ASNs) and establish relations with upstream networks. PEERING eliminates these obstacles and provides researchers controlled on-demand access to the routing ecosystem.
  • PEERING for educators. Educators can use the PEERING infrastructure in teaching students the Internet routing architecture. The students access to live BGP sessions to multiple ISPs.

Pi-hole: Network-wide Ad Blocking

DNS | Tool

A free and configurable DNS stub-resolver. It provides customizable blocking, such as for ads, trackers, or malicious websites. Additionally, statistics can be shown, such as for the most blocked website.

It can also function as a DHCP server for clients on the same network.

A similar service is NextDNS.

Play with Docker

Docker | Tool

Play with Docker is a Docker playground which allows users to run Docker commands in a matter of seconds. It gives the experience of having a free Alpine Linux Virtual Machine in the browser, where you can build and run Docker containers and even create clusters in Docker Swarm Mode. Under the hood, Docker-in-Docker (DinD) is used to give the effect of multiple VMs/PCs. In addition to the playground, PWD also includes a training site composed of a large set of Docker labs and quizzes from beginner to advanced level available at

RIPE Atlas: Probe Filters

Network | Tool

The repository contains code for a better probe selection for the RIPE Atlas measurement system. Probes are not distributed equally, but rather cluster based on population. This leads to large biases towards western locations and certain autonomous systems. The goal of the repository is to find a more equal, thus fairer probe selection.

RIPEstat: Providing open data and insights for Internet resources

Autonomous System | BGP | DNS | Dataset | Network | Tool

RIPEstat is a network statistics platform by RIPE. The platform shows data for IP addresses, networks, ASNs, and DNS names. This includes information such as the registration information, abuse contacts, blocklist status, BGP information, geolocation lookups, or reverse DNS names. Additionally, the website links to many other useful tools, such as an address space hierarchy viewer, historical whois information, and routing consistency checks.

Rappel: Linux Assembly REPL

ARM | Tool | x86

Rappel is a pretty janky assembly REPL. It works by creating a shell ELF, starting it under ptrace, then continuously rewriting/running the .text section, while showing the register states. It's maybe half done right now, and supports Linux x86, amd64, armv7 (no thumb), and armv8 at the moment.


Regex | Tool

The website provides an automatic generator for regex patterns by learning from sample sentences. The website requires entering as many sample sentences with as many matching positions as possible. These datasets can also be imported and exported, such that they can be refined over time.

Resolver Testbed

DNS | Tool

This repo describes a testbed to test various DNS resolvers. The purpose of the testbed is to allow researchers to set up many resolvers and run tests on each. For example, a test might see what the resolver emits when it is priming, or when it is responding to a particular query while using DNSSEC validation.

RetDec - Retargetable Decompiler

Reverse Engineering | Tool

A standalone decompiler, built and managed by Avast. Works as a standalone program, has a trial version on the website, and there is an IDA Plugin.

Supported file formats: ELF, PE, Mach-O, COFF, AR (archive), Intel HEX, and raw machine code. Supported architectures (32b only): Intel x86, ARM, MIPS, PIC32, and PowerPC.

Reverse Shell Generator

CTF | Tool

The website provides a generator for quickly configuring a reverse shell. After entering an IP address and port number, the website shows code snippets for many languages. It also provides the option to create bind shells or use the metasploit framework.

Root Servers

DNS | Dataset | Tool

Overview page for the DNS root servers. It contains links to general news and all the supporting organizations.

The website features a map with all geographic locations. It contains information about locations, IPv4/IPv6 reachability and IP addresses.

Each root server has its own subdomain in the form of It contains access to historical performance data like:

  • Size and time of zone updates
  • RCODE volume
  • query and response sizes for UDP and TCP
  • traffic volume (packets per time)
  • Unique sources

Timevault: Timelock Encryption


Timevault is an implementation of timelock encryption. Timelock encryption encrypts a message based on a timestamp. After that time has passed, anyone can decrypt the message. This is useful for embargoed messages, which should be distributed before the reveal time, for example, vulnerability notifications.

The blog post by the drand project introduces the concept and contains further tools.

A command line version for timelock encryption is available.

Unicode Text Converter

Tool | Unicode

The tool converts an input string into different and sometimes obscure Unicode characters. It is useful to generate funny-looking text or to generate a new username if the desired one is taken.

For example, the tool supports ⓒⓘⓡⓒⓛⓔⓓ, 𝖋𝖗𝖆𝖐𝖙𝖚𝖗, 🆂🆀🆄🅰🆁🅴🅳, ꜱᴍᴀʟʟ ᴄᴀᴩꜱ, ɐup 𝕠𝕥𝕙𝕖𝕣 wɘiᴙb options.

Web Performance Testers


Allows scanning a website for different performance characteristics. There are five test kinds: 1) Site Performance, 2) Core Web Vitals, 3) Lighthouse, 4) Visual Comparison, and 5) Traceroute. It reports many web performance problems, like download times, first paints or problems with mobile devices.

Reports basic web performance data for mobile and desktop browsers.



The WebPlotDigitizer is a tool to extract data from plots and images. It guides the user through annotating the image and setting some parameters (such as axis values). This allows the tool to extract the values from the chart. The tool allows many customizations to allow better tuning of the extraction process. WebPlotDigitizer also comes in a desktop version.

Wildcard DNS for IP Addresses

DNS | IP | Network | Tool

These services allow you to create a domain name for any IP address. The IP address is encoded into the domain name. An overview of different services can be found here.

Online Services

  • provides IPv4 only

    • Supports both . and - separators.
    • resolves to
    • resolves to
    • resolves to
    • resolves to
  • provides IPv4 and IPv6

    • Supports both . and - separators.
    • Provides the ability to use the service with your own branding.
    • resolves to
    • resolves to
    • resolves to
    • – resolves to ::1
    • resolves to 2a01:4f8:c17:b8f::2
  • provides IPv4 and IPv6

    • Supports both . and - separators.
    • resolves to
    • resolves to
    • resolves to
    • resolves to 2a01:4f8:c17:b8f::2

Self-hosted Options

  • hipio is a Haskell service for IPv4.

ZMap Project

DNS | IP | Network | Tool

Different utilities for network scanning. Most importantly, the zmap component, which is a packet scanner for different protocols. It also contains other tools like ways to iterate over the IPv4 address space and denylist/allowlist management.

DNS | IP | Network | Tool

Security | Tool is a dependency analyzer for multiple language ecosystems (npm, Go modules, Maven, PyPI, Cargo). It shows basic information, such as the metadata (including license) about each package, dependencies, and reverse dependencies. It enhances this information by adding a diff viewer for the versions. Security advisories affecting a package or dependency are highlighted. The OpenSSF scorecard is also integrated, showing more insights about the project health.

The second feature of the website is an advisory viewer. It shows details about each advisory, including affected versions. It also calculates how much of the ecosystem is affected and patched.

dnskv: DNS-based Key-Value Storage

DNS | Tool

This is a custom DNS server which allows setting and retrieving text-based data. New values can be written as subdomains and retrieved via a normal TXT lookup.

  • To set a key: dig txt +short
  • To get a key: dig txt +short

The service provides many extra options like setting an expiry time or the TTL.


Cheatsheet | Shell | Tool

explainshell does what the name suggests: it explains shell commands. It allows writing a shell command, and it explains what the program is doing, the meaning of the command line flags, and how the piping between different programs works.

jc: JSON Convert


jc JSONifies the output of many CLI tools, file-types, and common strings for easier parsing in scripts, e.g., dig | jc --dig. It can parse the output of many basic Unix tools and system management tools. This list shows the supported parsers. jc is available via pip and Linux repositories. DNS-based Key-Value Store

DNS | Tool

This is a custom DNS server which allows setting and retrieving text-based data. New values can be written as subdomains and retrieved via a normal TXT lookup.

  • To set a key: dig txt +short
  • To get a key: dig txt +short
  • To delete a key: dig txt +short

mess with dns

DNS | Tool

"mess with dns" is a tool which allows you to experiment with DNS. The website allows creation of resource records of many types. They are all within a custom 3rd level domain. The website also shows the DNS requests the authoritative DNS server received.


Network | Tool

The nPrint project is a collection of open-source software and benchmarks for network traffic analysis that aim to replace the built-to-task approach currently taken when examining traffic analysis tasks.



osquery exposes an operating system as a high-performance relational database. This allows you to write SQL-based queries to explore operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes.

pdfpc: PDF Presenter Console

LaTeX | Tool

pdfpc is a tool enabling a presenter mode for presenting PDF files. The presenter mode contains the usual features known from PowerPoint/LibreOffice:

  • Slide previews
  • Notes
  • Timer

pdfpc is especially adapted to present LaTeX presentations, which otherwise do not have a presenter mode.

pdoc: API Documentation for Python Projects

Python | Tool

pdoc is a Python API documentation generation, which turns doc-strings and type annotations into a simple and elegant documentation.

pdoc auto-generates API documentation that follows your project's Python module hierarchy. It requires no configuration, has first-class support for type annotations, cross-links between identifiers, comes with an integrated live-reloading web server, uses customizable HTML templates, understands numpydoc and Google-style docstrings, and is permissively licensed.


CTF | Tool

preeny helps pwning binaries by disabling many annoying functions, such as random or alarm. It does so by providing different LDPRELOAD-able libraries for those library functions.


CTF | Tool

pwntools is one of THE Python tools needed during a CTF. It is useful for both jeopardy and attack-defense CTFs. It provides common abstractions, like connecting to a local or remote program, and simplifying I/O. Additionally, it provides helpers for many exploitation techniques, such as ROP, shellcode, and leaking memory.


Cheatsheet | Regex | Tool

regex101 helps in understanding and writing regular expressions (regex). It takes a regex and explains the different parts of it. It also shows how the regex applies to a sample text.

Additionally, it contains a regex reference as well as a user supplied library of different regexes.


Cheatsheet | Regex | Tool

regexr helps in understanding and writing regular expressions (regex). It takes a regex and explains the different parts of it. It also shows how the regex applies to a sample text.

Additionally, it contains a regex reference as well as a user supplied library of different regexes.



The website allows inspecting encoded information in URLs, by parsing the URL with generic or specialized extractors. For example, it can decode the query parameters of Google searches and display what the different parameters mean.

Malware | Tool is a sandbox for URLs. The website generates a report for a URL to get a basic understanding about the network connections involved. The report includes a screenshot, the list of IP addresses and domains the website uses, and detected scripts.