Narzędzia

Testy bezpieczeństwa

OWASP Top Ten:
https://owasp.org/Top10/

OWASP Web Security Testing Guide:
https://owasp.org/www-project-web-security-testing-guide/stable/

OWASP Application Security Verification Standard:
https://github.com/OWASP/ASVS

OWASP ZAP:
https://www.zaproxy.org/

Burp Suite Community Edition:
https://portswigger.net/burp/communitydownload/

OWASP WebGoat:
https://hub.docker.com/r/webgoat/goatandwolf

OWASP Broken Apps:
https://sourceforge.net/projects/owaspbwa/

OWASP DirBuster:
https://sourceforge.net/projects/dirbuster/

Have I Been Pwned?
https://haveibeenpwned.com/

How secure is your browser?
https://browseraudit.com/

The Internet map:
http://internet-map.net/

IP LOCATION - This free online tool allows you to see the geographical location of any IP address:
https://iplocation.com/

Cyberthreat real-time map by Kaspersky:
https://cybermap.kaspersky.com/

Digital Attack Map, niestety już nie rozwijana:
https://www.digitalattackmap.com/

PrivacyTools:
https://www.privacytools.io/

PRISM-Break:
https://prism-break.org/pl/

„Cover Your Tracks”
Test your browser to see how well you are protected from tracking and fingerprinting.
https://coveryourtracks.eff.org/

Unique machine:
http://uniquemachine.org/

GPG dla przeglądarek:
https://webpg.org/

SSL Server Test:
https://www.ssllabs.com/ssltest/

Yasni - wyszukiwarka informacji o osobach:
http://www.yasni.com/

Shodan - wyszukiwarka niezabezpieczonych urządzeń IoT:
https://www.shodan.io/

Kali Linux - „kombajn” do testów bezpieczeństwa:
https://www.kali.org/downloads/

Santoku Linux - dystrybucja do testów bezpieczeństwa mobilek, niestety już nie rozwijana:
https://santoku-linux.com/download/

Mobile Verification Toolkit:
https://docs.mvt.re/en/latest/

Apktool:
https://bitbucket.org/iBotPeaches/apktool/downloads/

Frida - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers:
https://www.frida.re/docs/installation/

Fiddler Classic:
https://www.telerik.com/download/fiddler

LOKI - darmowy skaner IoC:
https://github.com/Neo23x0/Loki/releases

VirtualBox:
https://www.virtualbox.org/wiki/Downloads

Repozytorium ciągów i zapytań, na które wrażliwe są aplikacje:
https://github.com/fuzzdb-project/fuzzdb/

Charset Encoder / String Encrypter:
http://yehg.net/encoding/

Hash Analyzer:
https://www.tunnelsup.com/hash-analyzer/

Baza exploitów dla systemów:
https://www.exploit-db.com/

Vulnerability database:
https://vuldb.com/

Common Weakness Enumeration:
https://cwe.mitre.org/

The Web Application Security Consortium
(dozwolone od 16 lat):
http://projects.webappsec.org/

„Plain text offenders”
Blog gromadzący strony, które przechowują hasła użytkowników:
https://plaintextoffenders.com/

Rekonesans w KRS:
http://www.osoby-krs.pl/
https://rejestr.io/

Find Hosting Company On Any Website / Owner on Any IP Address:
https://myip.ms/

Whois & checkhost:
https://whois.com
https://www.dns.pl/whois
https://whois.intensys.pl/
https://check-host.net/
https://hostingchecker.com/

FOCA is a tool used mainly to find metadata and hidden information in the documents it scans:
https://github.com/ElevenPaths/FOCA

Zerodium Exploit Acquisition Program:
https://zerodium.com/program.html

The ZMap Project for performing large-scale studies of the hosts and services:
https://zmap.io/

Testy aplikacji mobilnych

Biblioteki programistyczne

Kivy:
https://kivy.org/#home

Volkswagen detects when your tests are being run in a CI server, and makes them pass:
https://github.com/auchenberg/volkswagen

Biblioteka OpenCV do rozpoznawania obrazu:
https://github.com/opencv/opencv/

Biblioteka Pythona do obrabiania PDF:
https://pypi.org/project/pyPdf/

Beautiful Soup is a library that makes it easy to scrape information from web pages:
https://launchpad.net/beautifulsoup/