API Tools

• Insomnia : Fantastic API testing and dev tool
• Paw : Mac only API tools

Asset Management

• OSQuery : a SQL powered operating system instrumentation, monitoring, and analytics framework.

Authentication

• Auth0 : Best in class Authentication as a service. Great value
• jwt.io : Fantastic JWT inspector
• jwt builder : Webbased tool for constucting custom JWTs. Great for learning.
• JWT Inspector : Chrome Plugin to Harvest and inspect JWT

Continuous Attack Surface Management (CASM)

• Axionius: Connects to hundreds of data sources; comprehensive inventory, uncovers gaps, and triggers automated response actions whenever devices, users, and SaaS apps deviate from policies, controls, and expectations.
• JupyterOne : A centralized view of your cyber assets; Cyber Asset Attack Surface Management, Cloud Security Posture, Security Operations, and Compliance.

Collaboration

• Miro: Amazing whiteboarding and collaboration tool
• Whimsical : Excellent graphical diagramming tool, rivals visio, insanely collaborative

Cloud

• Cartofgrpahy : Cartography is a Python tool that consolidates infrastructure assets and the relationships between them in an intuitive graph view powered by a Neo4j database.
• Cascade: Key/Value API for data manipulation in distributed memory and persistent storage. Very fast. C++
• CloudCraft : Visualize your cloud infra automatically via introspection. AWS, GCP, Azure, more
• LocalStack : Fully functional cloud stack (AWS)
• minio : A High Performance Object Storage for Cloud Storage and Kubernetes
• rclone : Clone data from Cloud Storage X to Cloud Storage Y. Supports Google GCS, AWS S3, Azure, and more!
• Cloudflare R2 : Object storage for all your data
• FluxCloud : Web3 compute and storage

Coding

Diff Tools

• Meld : Meld Diff Tool

VSCode & Extensions

• VSCode : Fantastic, portable, and fast IDE – supports most languages.
• Tab Groups : Save open tabs as a group

Coding Support

• random.org : Random strings and such.
• transform tools : Online tool to convert JSON to lots of code formats

Data Engineering

• Airbyte : Data integration platform for ELT pipelines from APIs, databases & files to warehouses & lakes. Open source and SaaS. 300+ input and output connectors
• AirFlow : Programmatically author, schedule and monitor workflows
• Beam : Open source, unified model for defining both batch and streaming data-parallel processing pipelines
• chdb : chDB is an embedded OLAP SQL Engine 🚀 powered by ClickHouse. Supports many backend and file formats.
• croc : File xfer all the things peer to peer
• cube : A powerful middleware between your data source and your data application. Handles modeling, security, cache, API
• dagster: Orchestrator that’s designed for developing and maintaining data assets, such as tables, data sets, machine learning models, and reports
• DB Fiddle : Database Fiddle and prototyping
• DataGrip : SQL + more client
• datastation : open-source data IDE for developers. Front end for dsq.
• dsq : Commandline tool for running SQL queries against JSON, CSV, Excel, Parquet, and more.
• duckdb : Exceptional in-process SQL OLAP database management system. SQL on many backends
• octosq : CLI tool which lets you query a plethora of databases and file formats using SQL through a unified interface, even do JOINs between them
• EverSQL : AI-based system to optimize database queries
• Flowable : Light-weight business process engine written in Java
• GigaSheet : Mass tables and pivots as a service
• Apache Nifi : Powerful and scalable directed graphs of data routing, transformation, and system mediation logic
• orchest : Sweet data pipeline and jupyter notebook tool
• pgAdmin : Capable, mature and free* Postgres Client
• Polarity : Fuses disparate data, tools, and knowledge into one unified view
• Steampipe : Dynamically query APIs, code and more with SQL. Zero-ETL from 140 data sources. Another SQL all the stuff.
• Spring Cloud Data Flow : A microservices-based toolkit for building streaming and batch data processing pipelines in Cloud Foundry and Kubernetes
• DeltaLake : Provides ACID transactions, scalable metadata handling, and unifies streaming and batch data processing on top of existing data lakes, such as S3, ADLS, GCS, and HDFS.
• delight : A free, amazing Spark UI from DataMechanics
• Querybuilder : Query Builder is a javascript library for building SQL
• rql: RQL is a resource query language for REST (written in go). It provides a simple and light-weight API for adding dynamic querying capabilities to web-applications that use SQL-based database
• milvus : Vector database built for scalable similarity search
• planetscale : Serveless MySQL. Generous free tier
• Sleeper : Sleeper is a serverless, cloud-native, log-structured merge tree based, scalable key-value store.
• Gaffer : Gaffer is a graph database framework
• Cribl: Cribl Stream is an observability and data streaming platform for real-time processing of logs, metrics, traces, and data

Development

• Retool : Interesting tool builder for fast custom UIs on data lakes

Documentation / Doc Management

• Pandoc : Very capable document translator

Email Tools

• AnonAndy : Anonymous email SaaS tool
• Gmail Alias Trick : Create on the fly aliases for your gmail
• Google Admin Toolbox: Google’s EMail Admin Toolbox
• SimpleLogin: Anonymous email SaaS tool

Go Tools

• Curl to Go : Convert any curl command to GO code
• JSON to Go Struct : Convert a json blob into a go struct

GPU

• Uingine beinchmark : uingine unity-based stresstest

GraphQL

• graphqlEditor : Nice graphql editor SaaS platform; good for collaboration
• graphJin : Create graphql from REST APIs
• Hasura : Phenom GraphQL GW tool with many features

Infrastructure as Code

• BrainBoard : Create Terraform from CloudAPI
• LimaCharlie : Security Infra as a Service. Handles collection, streaming analytics, and moving data
• pulumi : Build infrastructure intuitively on any cloud using familiar languages

Infrastructure as Service

• fly.io : Deploy containers anywhere in the world. K8s IaaS

Linux Essential

• Flameshot : Screenshot Software
• NoMachine : Remote Desktop

Window Essential

• CygWin: Linux like environment on Windows
• MobaXterm : Enhanced terminal for Windows with X11 server, tabbed SSH client, network tools and much more
• WSL : Windows Subsystem for Linux

Networking

• iodine : ip4 tunneling over DNS
• netcat : Networking Swiss army knife
• tailscale : Mesh netowork VPN SaaS
• wireguard : Simple, fast, secure VPN
• Twingate : Twingate secure remote network bridge. Like a VPN.

DNS Discovery

• Cloudmare : Cloudmare is a simple tool to find the origin servers of websites protected by Cloudflare, Sucuri, or Incapsula with a misconfiguration DNS.

DNS Firewall

• nextDNS : DNS proxy / firewall

DNS IP Resolvers:

• https://nip.io/ : a DNS that redirects to embedded IP address
• https://sslip.io/ : another DNS service that redirects to embedded IP address
• xip.io: The original

Proxies

• gost : Simple proxy written in go. Essential

Network Analysis

• APackets : Online pcap file analyzer
• CloudShark : Cloud-based Wireshark
  • example
  • more
• Cloud-PCAP : A cloudshark clone (github)
• kismet : Kismet is a sniffer, WIDS, and wardriving tool for Wi-Fi, Bluetooth, Zigbee, RF, and more, which runs on Linux and macOS
• PacketStreamer : Distributed tcpdump
• PacketTotal : Simple, free, high-quality PCAP analysis
• Shodan : Powerful IoC, IoT, crawler, search engine
• tcpdump : Home web site of tcpdump, a powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture.
• Teleseer : Best-in-class network visualization and analysis

Network Security

• Arkime : Large-scale, open-source, indexed packet capture and search too
• CloudFlare : Fantastic batteries-included network as-a-service. DNS, WAF, Bot Detection, Firewall and more. Massive free capabiliies.
• Malcom : Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.
• OpenSnitch : Free opensource selfhosted outbound application firewall made for Linux
• pfSense : Leading opensource firewall
• RockNSM : opensource security stack
• Selks : Turn-key Suricata-based IDS/NSM and Threat Hunting System

OSINT / Enrichment

• cyberIntelMatrix
• GreyNoise : tracks internet noise / triage false positive
• MISP : Opensource Intel Threat sharing platform
• openCTI
• Fing : Device fingerprinting
• RITA : Real Intelligence Threat Analytics
• SpiderFoot

Operating Systems

• ReactOS : open source windowsNT operating system

SEIM / Monitoring

• Armis : Network and asset visibility and monitoring
• Arkime : Large scale, open source, indexed packet capture and search syste. Verizon-created
• Devo : Cyber Platform
• ExtraHop : Security SaaS with a very nice interface
• Grafana with InfluxDB Docker : Quick stack for monitoring and testing
• Gravwell : Impressive and massivley scalable SEIM with powerful DSL
• Hive : A scalable, open source and free Security Incident Response Platform
• JupiterOne : Identify, map, analyze
• Sagan: Log Analysis Engine
• Scribl : A Splunk historical index export tool
• Splunk : Best in class SEIM
• Net Witness : Netwitness XDR ans SEIM

General

• DFIR Tool List : Extensive list of stuff
• Invidious : an open source alternative front-end to YouTube.

Simulation

• AirSim : Microsoft Drone Simulator. May soon be archived to make way for a commercial verions
• FlightSim : A cyber data generator / simulator
• Gamma Platform : GiS Aware Agent-based Simulation

Testing

• artillery.io : Cloud-scale performance testing
• k6.io : Exceptional load testing framework.

Virtualization

• ProxMox : open source server virtualization management solution based on QEMU/KVM and LXC. Nice WebUI. Batteries included
• VMWare User Group (VMUG) Advantage Products

Visualization

• d3js : Phenom js graphic and diagraming library
• gephi: Network graph visualization application
• GraphViz : Open source visualization framework in code
• yEd Live : Another fantastic diagramming tool. Online and desktop versions.

PlantUML

• goplantuml : Utility written in go for creating plantuml from go code
• PlantText : Service that renders plantuml in browser
• PlantUML VSCode: Excellent PlantUML extension for VSCode from jebbs

Web Applications and Web Application Development

• docker-http-https-echo : A nice http and https echo server. Dockerfied and ready to roll.

Workflow Automation / Management

• Airflow : Fantastic workflow/service automation orchestrator
• Argo : Workflow execution engine for Kubernetes.
• Hunchly: Automatically collects, documents, and annotates every web page you visit.
• Node-Red : A browser-based flow editor that makes it easy to wire together flows using the wide range of nodes in the palette
• ReactFlow : A highly customizable React component for building node-based editors and interactive diagrams
• WalkOff: Automatically gather data, analyze data, or visualize data customized to your requirements.
• Snakemake : Python workflow management system to create reproducible and scalable data analyses.
• Concorse : an open-source continuous thing-doer.
• control-tower : Self-healing IaaS for Concorse
• Navattic : Clone a website and build a stand alone demo. DOM in a box