Security Tools & Resources

A curated collection of essential cybersecurity tools, frameworks, and learning platforms for security professionals, penetration testers, and enthusiasts.

Top Security Tools & Platforms

Kali Linux

Penetration testing distribution with hundreds of preinstalled tools.

Nmap

Network discovery and security auditing for scanning hosts and services.

Metasploit

Penetration testing framework for developing and executing exploits.

MITRE ATT&CK

Knowledge base of adversary tactics and techniques for threat modeling.

HackTheBox

Practice offensive security with vulnerable machines and challenges.

Bugcrowd

Crowdsourced security platform connecting orgs with ethical hackers.

Top Security Tools & Resources

NVD (National Vulnerability Database) — Canonical CVE database with CVSS scores.
GitHub Security Advisories — Fast repo-level advisories for open-source dependencies.
OWASP ZAP — Open-source web-app scanner (CI/manual testing).
OWASP Top Ten — Concise web-app threat list and mitigations for developers.
Wireshark — Industry-standard packet analyzer for network forensics.
Zeek (formerly Bro) — Network analysis and monitoring framework.
TryHackMe — Guided hands-on labs and training.
VulnHub — Downloadable vulnerable VMs for practice and CTF prep.
Shodan — Search engine for Internet-connected devices for asset discovery.
Exploit-DB — Repository of exploits and security research documents.
CVE (Common Vulnerabilities and Exposures) — Canonical CVE registry and references.
CWE (Common Weakness Enumeration) — Classification of software/hardware weaknesses.
CAPEC — Dictionary of attack patterns and methodologies.
CCE (Common Configuration Enumeration) — Standardized identifiers for secure configurations.
Dark Reading — News and analysis on cybersecurity threats and trends.
Security Onion — Linux distribution for threat hunting and monitoring.
CISA — Known Exploited Vulnerabilities (KEV) — Government-maintained list for prioritization.