Reconnaissance & Footprinting

• Shodan – Search engine for internet-connected devices and open ports.
• Censys – Scan and analyze internet-facing assets and services.
• SecurityTrails – View DNS, WHOIS, and infrastructure data for domains.
• crt.sh – Search public certificate transparency logs for subdomains.
• BuiltWith – Reveal what technologies a website is built with.

Threat Intelligence & IP/URL Reputation

• VirusTotal – Scan files and URLs with 70+ antivirus engines.
• AbuseIPDB – Check if an IP is reported for abuse or malicious activity.
• IPVoid – Check the reputation of IP addresses against known blacklists.
• URLVoid – Analyze the safety and reputation of websites and domains.
• AlienVault OTX – Community-powered threat intelligence and indicators of compromise (IOCs).

Web Application Security & Vulnerability Scanning

• OWASP ZAP – Open-source tool for finding vulnerabilities in web applications.
• Wapiti – Lightweight web application vulnerability scanner.
• Nikto – Web server scanner that detects known vulnerabilities and misconfigurations.
• SSL Labs – Test your site’s SSL/TLS configuration and rating.
• Security Headers – Check missing or weak HTTP response headers.

Security Awareness & Phishing Tools

• Have I Been Pwned – Check if your email or credentials were exposed in a data breach.
• Gophish – Open-source phishing simulation framework for training users.
• Phishing Tackle Free Tools – Free phishing awareness tools and simulations.

Log & Packet Analysis

• CyberChef – Powerful data transformation and analysis tool for developers and analysts.
• PacketTotal – Free online analyzer for .pcap network traffic capture files.
• Loggly (Free Tier) – Cloud-based log management and analytics platform.

Passwords & Hash Tools

• CrackStation – Offline and online password hash cracking tool and lookup database.
• Hash Analyzer – Identify the type of hash by analyzing its format.
• HIBP Passwords – Search for known compromised passwords in breaches.

Miscellaneous & Developer Security

• Headers Security Tool – Re-check security-related HTTP headers for your site.
• Payloads All The Things – Comprehensive list of payloads for testing security flaws.
• Regex101 – Web-based regex tester with explanations and debugging support.