Rawsec's CyberSecurity Inventory

An inventory of tools and resources about CyberSecurity.


Note: Paid resources may exist in a free limited version or a demo version

Bug bounty and disclosure platforms

Name Link Description Price
AntiHACK [Website] Singapore bug bounty platform Free
Bounty Factory [Website] European bug bounty platform based on the legislation and rules in force in european countries, by YesWeHack Free
BugBounty.jp [Website] Japan bug bounty platform Free
Bugcrowd [Website] Bug bounty platform Free
Cobalt.io [Website] Pentest as a Service platform, registrant will be a cobalt.io employee (take care to obligation of loyalty if you already have a job) Free
FireBounty [Website] Bug bounty program aggregator Free
HackenProof [Website] Bug bounty platform Free
HackerOne [Website] Bug bounty platform Free
HackTrophy [Website] Bug bounty platform Free
Intigriti [Website] Bug bounty platform Free
Open Bug Bounty [Website] Non-profit bug bounty platform Free
Plugbounty [Website] Bug bounty platform for plugins, themes, extensions, libraries Free
SSD Secure Disclosure [Website] Rewarded responsible disclosure service Free
SynAck Red Team [Website] Pentest as a Service platform, registrant will be a SynAck employee (take care to obligation of loyalty if you already have a job) Free
Yogosha [Website] Bug bounty platform Free
Zero Day Initiative [Website] Rewarded responsible disclosure service Free
Zerocopter [Website] Invite-only and closed bug bounty platform Free
ZeroDisclo.com [Website] Coordinated disclosure platform by YesWeHack Free

Challenges platforms

Name Link Description Price
ae27ff [Website] Challenge platform Free
Backdoor [Website] Practice area with some past CTF challenges Free
Begin.re [Website] Binary reverse guided challenges for beginners Free
CanYouHack.It [Website] Challenge platform Free
Challenge Land [Website] Challenge platform Free
Cryptopals [Website] Crypto challenges platform Free
CTFLearn [Website] Challenge platform Free
Electrica [Website] Programming, cryptography challenges Free
EnigmaGroup [Website] Challenge platform Free
Exploit Education [Website] Exercises and resources about vulnerability analysis, exploit development, software debugging, binary analysis, and general cyber security issues Free
Exploit Exercises [Website] VMs, documentation and challenges Free
Gekkó [Website] Challenge platform Free
Graker [Website] Binary challenges having a slow learning curve, and write-ups for each level (SSH connection) Free
Hack The Box [Website] Challenge platform Free
Hack This Site [Website] Challenge platform and community Free
HackBBS [Website] Challenge platform and community Free
HackCenter [Website] Private challenge platforms Free
Hacker Gateway [Website] Challenge platform Free
Hacker.org [Website] Challenge platform Free
Hacking Lab [Website] Challenge platform with teachers and solutions Free
HackThis!! [Website] Challenge platform Free
IO [Website] Binary challenges (SSH connection) Free
LOST-Chall [Website] Challenge platform Free
Mod-X [Website] Challenge platforms through a fictional game Free
Net-Force [Website] Challenge platform Free
NCP [Website] NICE Challenge Project by the NIST and the NSA (for American students only) Free
Over The Wire [Website][Source] Challenge platform Free
OWASP Juice Shop [Website][Source] Online demo instance of the OWASP Juice Shop Free
PentesterLab [Website] Pentest lab Paid
Practical Pentest Labs [Website] Pentest lab Paid
Pwnable.kr [Website] Pwn challenges Free
pwnable.tw [Website] Pwn challenges Free
PwnerRank [Website] Challenge platform Free
Rankk [Website] Programming, cryptography challenges Free
RedTigers Hackit [Website] PHP / SQL challenge platform Free
Reversing.Kr [Website] Cracking and Reverse Code Engineering challenge platform Free
Revolution Elite [Website] Math and programming challenges Free
Ringzer0Team [Website] Challenge platform Free
Root-me [Website] Challenge platform Free
RoseCode [Website] Challenge platform Free
Security Traps [Website] Challenge platform Free
SmashTheStack [Website] Mostly binary challenges Free
Solve Me [Website] Challenge platform Free
SPOJ [Website] Programming challenges Free
Stereotyped Challenges [Website] Web challenges Free
Tasteless [Website] Challenge platform Free
TheBlackSheep [Website] Challenge platform Free
ThisisLegal.com [Website] Challenge platform Free
TryThis0ne [Website] Challenge platform Free
Valhalla [Website] Challenge platform and community Free
VulnHub [Website] VM-based challenges Free
WebHacking [Website] Web challenges Free
W3Challs [Website] Challenge platform Free
WeChall [Website] Challenge platform Free
wixxerd [Website] Challenge platform Free
WTHack [Website] Challenge platform Free
yoire [Website] Challenge platform Free
Zenk-security [Website] Challenge platform and community Free
ZSIS CTF [Website] Challenge platform Free
µContest [Website] Programming challenges Free


Name Link Description Price
Archlinux security issues [Website] CVE affecting Archlinux Free
CVE Details [Website] Advanced CVE datasource Free
Debian security issues [Website] CVE affecting Debian Free
Mitre [Website] CVE datasource standard Free
NVD [Website] CVE datasource Free
Red Hat security issues [Website] CVE affecting Red Hat Free
Saucs [Website] Customizable CVE dashboard, track vulnerabilities that concern you Free
SUSE security issues [Website] CVE affecting SUSE Free
Ubuntu security issues [Website] CVE affecting Ubuntu Free


Name Link Description Price
CFP TIME [Website] World Call For Papers (CFP) agenda for security conferences Free
CTF TIME [Website] World CTF agenda and scoreboard Free
InfoSec Conferences [Website] World cybersecurity conferences agenda Free
pwnhead [Website] World cybersecurity conferences scoreboard; people, company, country and conference directory Free
SecurityCTF (reddit) [Website] Community for security CTF announcements and writeups Free

Information, News, Blog

Name Language Link Description Price
KitPloit English [Website] Tools presentation and announcement Free
Latest Hacking News English [Website] Cybersecurity news, tools presentation and announcement Free
Pentest Blog English [Website] Blog targeting pentesters: security advisories, OS, appsec, network, tools, articles Free
Security List Network English [Website] Tools presentation and announcement Free

Knowledge and tools

Name Link Description Price
Breach Level Index [Website] Data breach database, statistics, information Free
Bug Bounty Guide [Website][Source] Launchpad for bug bounty programs and bug bounty hunters Free
ctf-tools [Source] Setup scripts for security tools Free
DefaultPassword [Website] Default passwords for many devices and services Free
Forensics Wiki [Website] Forensics tips and tools Free
GHDB [Website] Google Hacking Database; Collection of google dorks Free
Guifre [Website] Security, system and network cheatsheets Free
GTFOBins [Website][Source] Curated list/cheatsheet of Unix binaries that can be exploited by an attacker to bypass local security restrictions, obtain shells, read files Free
HTML5 Security Cheatsheet [Website] XSS vector making use of HTML5, HTML4, CSS, DOM, UFT7, SVG, JSON, etc ... Free
LOLBAS [Website][Source] Living Off The Land Binaries and Scripts; Curated list/cheatsheet of Windows binaries that can be exploited by an attacker to bypass local security restrictions, obtain shells, read files Free
Malware Traffic Analysis [Website] Malware traffic analysis blog and pastebin posts with pcap and malware samples attached; traffic analysis exercises Free
MD5 maxmin record [Website] Collection of various extremes of MD5 hashes Free
Privacy Tools [Website][Source] Website that provides knowledge and tools to protect your privacy against global mass surveillance Free
PTES [Website] The penetration testing execution standard covers all steps related to a penetration test Free
SSL Checklist for Pentesters (Explore Security) [Website] List of SSL/TLS checks that can be performed manually with OpenSSL or a web browser Free
VRT [Website][Source] Bugcrowd Vulnerability Rating Taxonomy (VRT) provides a baseline vulnerability priority scale for bug hunters and organizations Free

National security agencies and services

Name Country Link Description
ANSSI France [Website] Agence Nationale de la Sécurité des Systèmes d'Information, French service responsible for computer security
ASD Australia [Website] Australian Signals Directorate, Australian service responsible for computer security
CCB Belgium [Website] Centre for Cyber Security Belgium, Belgium service responsible for computer security
CNSS United States of America [Website] Committee on National Security Systems, USA intergovernmental organization for the security of the USA security systems
CSE/CST Canada [Website] Communications Security Establishment/Centre de la sécurité des télécommunications, Canadian service responsible for computer security
ENISA [Website] European Network and Information Security Agency, European Union service responsible for computer security
NCSC Great Britain [Website] National Cyber Security Center, United Kingdom service responsible for computer security
NIST United States of America [Website] National Institute of Standards and Technology, Metrology laboratory and non-regulatory agency of the USA Department of Commerce
NSA United States of America [Website] National Security Agency, United States of America service responsible for computer security

Non english

Name Language Link Description Price
Bamboofox Chinese [Website] CTF guide Free
ctfs.me Indonesian [Website] Challenges platform, challenges are in english Free
elhacker.net Spanish [Website] Challenges platform Free
Hacking-Challenges German [Website] Challenges platform Free
Happy-Security German [Website] Challenges platform Free
MIPT CTF Russian [Source] CTF guide Free
NewbieContest French [Website] Challenge platform Free
NOE Korean [Website] Challenge platform Free
SuNiNaTaS Korean [Website] Challenge platform Free
TDHack Polish [Website] Challenge platform Free
World of Wargame Spanish [Website] Challenge platform Free
XCTF Agenda Chinese [Website] World CTF agenda Free
Yashira Spanish [Website] Challenge platform Free

Trainings and courses

Name Link Description Price
Bugcrowd University [Website][Source] Modules with slides, videos and sometimes labs to learn web security, by Bugcrowd Free
Cybrary [Website] Cyber Security learning, training and certification Paid
Hacker101 [Website][Source] Class for web security targeting bug bounty hunters and security professionals, with video lessons and a CTF platform, by HackerOne Free
PentestAcademy [Website] Cyber Security training with an online lab Paid
Portswigger Web Security Academy [Website] Web Security training with an online lab Free
SANS [Website] Escal Institute of Advanced Technologies provides courses, certifications and learning materials Paid


Name Link Description Price
CTF Field Guide [Website][Source] CTF guide Free
CTF Resources [Website][Source] CTF guide Free
Infosec Institute - What a Challenger Perceives in most CTF Categories/Challenges [Website] Questions a challenger can ask himself during a CTF, classed by category Free
ISIS Lab Wiki [Website] CTF guide Free
Endgame - How to Get Started in CTF [Website] Tutorial for CTF beginners Free
NIZKCTF tutorial [Source] Tutorial to set up NIZKCTF Free
Xapax IT-Security Notebook [Website][Source] Overview guide for all kind of pentesting Free

Writeups collections and challenges source

Name Link Description Price
Captf [Website] Dumped CTF challenges Free
CTFs write-ups [Source] Write-ups archive Free
Pwning OWASP Juice Shop [Website][Source] Official companion guide to the OWASP Juice Shop Free
pwntools writeups [Source] Write-ups using pwntools archive Free