Miscellaneous Community Cybersecurity Tools and Resources

Tools

offsec.tools
offsec.tools is a vast collection of security tools for bug bounty, pentest and red teaming

Privacy Tools
Encryption and tools to protect against global mass surveillance

Hurricane Electric BGP Toolkit
This suite of network tools implements most of the network diagnostics that you need as a Network Engineer or System Administrator.

Chris Lovett / MCNC Free Tools
A list of various free tools, compiled by Chris Lovett from MCNC

The Cyber Swiss Army Knife
CyberChef is a simple, intuitive web app for carrying out all manner of “cyber” operations within a web browser. These operations include simple encoding like XOR and Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression and decompression of data, calculating hashes and checksums, IPv6 and X.509 parsing, changing character encodings, and much more.

OSINT Framework
Use it for when you are worried about online security and need alternatives to popular tools or would like to remove your user data from websites, create aliases for testing, and strengthen your OPSEC capabilities. Also provides tools for when you need to reverse search known emails, usernames (or names) and anything else internet-related such as IP addresses. This website also helps you learn about what threats are out in the open for cyber threats and cyber terrorism.

VirusTotal
Analyze suspicious files, domains, IPs and URLs to detect malware and other breaches, and automatically share them with the security community.

Wireshark
Helpful networking and troubleshooting tool that has various capabilities and features

Nmap / Zenmap
Nmap is a command-line networking tool, and Zenmap is the GUI of Nmap

DenCode
DenCode is a web application for encoding and decoding values. e.g. HTML Escape / URL Encoding / Base64 / MD5 / SHA-1 / CRC32 / and many other String, Number, DateTime, Color, Cipher, Hash formats

One-Time Secret
One-Time Secret as a way to share sensitive information that’s both simple and secure.

IPinfo.io
IPinfo is an IP address data provider. It provides multiple APIs that help users programmatically access the details on any IP address on the Web.  With an IP address, you can get Geolocation, ASN, Abuse, Privacy Detection, Carrier, Company, Hosted Domains, and IP range details.

Host.io
Host.io is a Domain Data provider. It provides multiple APIs that help users programmatically access the details on any domain name on the Web.

nslookup.io
Online nslookup is a web-based DNS client that queries DNS records for a given domain name. It allows you to view all the DNS records for a website. It provides the same information as command line tools like dig and nslookup, from the convenience of your web browser.

urlscan.io
urlscan.io is a free service to scan and analyze websites. When a URL is submitted to urlscan.io, an automated process will browse to the URL like a regular user and record the activity that this page navigation creates.

MXToolbox
All of your MX record, DNS, blacklist and SMTP diagnostics in one integrated tool.

ARIN CIDR Calculator
Convert an IP address range to CIDR notation or convert CIDR (start IP and prefix length) to an IP address range.

MTR
My Traceroute (MTR) is a tool that combines traceroute and ping, which is another common method for testing network connectivity and speed. In addition to the hops along the network path, MTR shows constantly updating information about the latency and packet loss along the route to the destination. This helps in troubleshooting network issues by allowing you to see what’s happening along the path in real time.

Shodan InternetDB (CLI API Call)
The InternetDB API provides a fast way to see the open ports for an IP address. It gives a quick, at-a-glance view of the type of device that is running behind an IP address to help you make decisions based on the open ports. The vulnerability information is based on the metadata of a service.

Cacti
Cacti is a robust performance and fault management framework and a frontend to RRDTool – a Time Series Database (TSDB). It stores all of the necessary information to create performance management Graphs in either MariaDB or MySQL, and then leverages its various Data Collectors to populate RRDTool-based TSDB with that performance data.

PingoInfoView v3.00
PingInfoView is a small utility that allows you to easily ping multiple host names and IP addresses, and watch the result in one table. It automatically ping to all hosts every number of seconds that you specify, and displays the number of successful and failed pings, as well as the average ping time. You can also save the ping result into text/html/xml file, or copy it to the clipboard.

PortQuiz
This server listens to all TCP ports, allowing you to test any outbound TCP Ports

SmokePing
SmokePing is a deluxe latency measurement tool. It can measure, store and display latency, latency distribution and packet loss. SmokePing uses RRDtool to maintain a long-term data store and to draw pretty graphs, giving up-to-the-minute information on the state of each network connection.

IFConfig
Shows basic information about your current IP address. Provides a short script to help cURL information from [primarily] a Linux machine.

Ninite
Used to bypass adware/ads on default download sites (only Windows based). MacApps is the MAC alternative

Terminus
Manage your servers with ease with cross-platform sync and serial support. Supports 2FA, team management and remembers your SSH keys and SSH passwords. Works for Windows, MacOS and Linux.

Training Resources

Cybersecurity in K-12 Schools Facilitated Fall 2023 Online Course What can the information technology professional do to secure school systems’ information infrastructure? CoSN has designed an online course focusing on enterprise security issues for school technology staff. Learn the fundamentals of IT security and provide advanced persistent protection for your students’ information. The course takes place from Oct 11 – Dec 13

Free and Low Cost Online Cybersecurity Learning Content
In this unprecedented time, people are seeking ways to enhance their knowledge, skills, and career prospects. For those interested in cybersecurity careers, numerous online education providers offer a variety of courses. These courses can be found at local community colleges, four-year universities, and prestigious Centers of Academic Excellence programs. Below are links to free and low-cost online educational content covering topics like information technology and cybersecurity. While not all of these resources may contribute to professional learning objectives or lead to industry certifications and online degrees, they provide valuable opportunities for self-improvement. Please note that the site will be regularly updated to ensure clarity and accuracy of the information provided.

The K-12 Cybersecurity Resource Center
A non-profit dedicated to protecting K-12 organizations through offering security training, access to virtual CISO services, and more.

Information Resources

K12 Six Cybersecurity Resources for K-12 Schools and School Districts
A cybersecurity infographic that highlights information on the K-12 cyber threat landscape and strategies and resources school personnel can use to prevent and protect against cyberattacks and digital threats. Includes strategies, guides, trainings, webinars, websites, and more!

Cyberseek
To help close the cybersecurity skills gap, CyberSeek provides detailed, actionable data about supply and demand in the cybersecurity job market.

Common Criteria for Information Technology Security Evaluation
Common Criteria is a framework in which computer system users can specify their security functional and assurance requirements (SFRs and SARs respectively) in a Security Target (ST), and may be taken from Protection Profiles (PPs).  CC originated out of three standards:  ITSEC, CTCPEC, and TCSEC.  It is an international standard (ISO/IEC 15408) for computer security certification and currently in Version 3.1 Revision 5.

NIST SP 800-63-3 (NIST SP-800-63-4-DRAFT)
The NIST Special Publication (SP) 800-63 suite provides technical requirements for federal agencies implementing digital identity services. The publication includes: an overview of identity frameworks; using authenticators, credentials, and assertions in a digital system; and a risk-based process to select assurance levels. Organizations have the flexibility to choose the appropriate assurance level for their needs.

NIST Cybersecurity Framework
The Framework integrates industry standards and best practices to help organizations manage their cybersecurity risks. It provides a common language that allows staff at all levels within an organization—and at all points in a supply chain—to develop a shared understanding of their cybersecurity risks.  Related:  ISO 27001.   There are efforts underway for 2.0 version of the framework.  Status and details can be found here:  https://www.nist.gov/cyberframework/updating-nist-cybersecurity-framework-journey-csf-20

NIST Computer Security Resource Center (CSRC)
Computer Security Resource Center (CSRC) has provided access to NIST’s cybersecurity- and information security-related projects, publications, news and events. CSRC supports stakeholders in government, industry and academia—both in the U.S. and internationally.

Open Source Security Index
The Open Source Security Index is designed to make finding open source security projects easier for everyone. We use the Github API to pull projects based on popular security topics (# tags) and manually add projects without labelled topics. 

SANS Security Policy Templates
In collaboration with information security subject-matter experts and leaders who volunteered their security policy know-how and time, SANS has developed and posted here a set of security policy templates for your use.

K-12 Digital Infrastructure Brief: Defensible & Resilient
Published by the U.S. Department of Education Office of Educational Technology to highlight the key considerations facing educational leaders as they work to build and sustain core digital infrastructure for learning.