Hacking/Opsec/OSINT/Privacy/Security Tools
------------------------------------------
* https://centralops.net/co/ - CentralOps is a feature rich tool that can do a lot of things. It can query a domain looking up the WHOIS, DNS servers, MX servers, traceroute, and port scan. It has an email lookup tool. It has Nslookup and much more all for free
* https://iplogger.org/ - IP Logger will surreptitiously log a user's IP address. It's a replacement for the once popular Grabify, which became obsolete once it started telling users that their IP was being saved. You just paste in the link you want to send them too and it will give you a list of short URLs you can use to send to the person. However, I recommend passing one of their URLs through a TinyURL (Don't use bitly) link to make it look less suspicious. It will redirect the user to the site you want them to go to and log their IP and general location in the process. A word to the wise though, a lot of malware services are catching on to this, so if they're using a good AV or DNS provider with malware protection, it won't access the link. You can also check out this link for other services that do the same thing: https://phreesite.com/grabify-alternatives/
* https://www.exploit-db.com/ - Exploit Database, a list of publicly available exploits that have been collected and stored on the site. Some are zero day. Use at your own risk.
* https://ipinfo.io/ - This will give you a ton of great info about an IP address, including it's general location, whether it's a VPN, TOR, or proxy server, and much more.
* https://www.geckoandfly.com/25928/anonymous-file-sharing-storage/ - 12 free anonymous online file hosting services. Sometimes you need to host a file somewhere to send to a friend, but it's a little sketchy, so you might not want to use one of the mainstream file hosters or send through email. Right now I am using anonfiles.com as my anonymous file hoster of choice. I haven't checked out this list in awhile, so some of the services may be dead or offline.
* https://www.privacytools.io/ - Privacytools.io has a huge collection of browser extensions and hardeners to give you the safest and most secure browsing experience you can have on the clearweb
* https://themarkup.org/blacklight - Blacklight is a web site scanner that will scan for any sort of malware or trackers or ad software you should be on the look out for. It's much more detailed than virustotal.com (which you can run a URL through incase you didn't know) and that also leads me into my next entry
* https://www.urlvoid.com/ - URLVoid is a website reputation checker. It will check the domain against all the major AV and scam/malware/databases to see if the site is safe to surf. They also make one for IPs called http://www.ipvoid.com/ but I actually haven't tried it out myself.
* https://10minutemail.com/ - Say you just got banned from a forum and need to get back immediately to finish your argument with that guy who called your mom a whore. That's where 10 minute email comes in. It is an email address that only exists for 10 minutes and is made for verification services. They also have a ton of different domain names, so you're unlikely to get caught using it. Just don't plan on using the account permanently. If you lose access to your password, you're not getting it back from this provider.
* https://privnote.com/ - Privnote is just a quick burn on read or burn on timer pastebin alternative. Say you need to send your buddy something private like your home address, but your PGP software is acting up. Just type it in here, send him the link, and once he's read it, it will be deleted. All the text on the service is fully encrypted too, so you and the receiver will be the only one who can see it. There's a few other alternatives like OneTimeSecret https://onetimesecret.com/ and https://safenote.co (which tripped my MalwareBytes detection engine but seems to be a false positive)
* https://spamty.eu/index.php & https://scr.im/ - These aren't hacking tools, but if you want to post your email address in a public place without getting flooded with spam, you can paste your email address in to either of these servies and it will give you a URL that has a CAPTCHA the person has to solve before they see your email address. Scrim is a little bit nicer and easier to use IMO.
* https://postmodernsecurity.com/2015/09/11/malware-analysis-and-incident-response-tools-for-the-frugal-and-lazy/ - "MALWARE ANALYSIS AND INCIDENT RESPONSE TOOLS FOR THE FRUGAL AND LAZY" - This site has a bajillion URLs for every sort of antivirus scanning, domain scanning, MX scanning, sandboxes, blocklists, and more. It's broken down into the following categories
- Online Network Analysis Tools
- Online Malware Sandboxes & Analysis Tools
- Online File, URL, or System Scanning Tools
- Hash Searches
- Domain & IP Reputation Lists
- Additional tools for checking URLs, files, IP address lists for the appearance on a malware, or reputation/block list of some kind.
- Email tools
- Threat Intelligence and Other Miscellaneous Tools
I can't guarantee all the links work, but it's an extremely comprehensive list of tools
* https://defensivecomputingchecklist.com/ - A Defensive Computing Checklist "This is a list of both things to be aware of and specific defensive steps that we can take in response to the common threats of 2019 [Updated for 2021]. No list like this can ever be complete, nor would anyone want it to be complete as that list would never end. I tried to limit this to the most important issues, still its long (25,000 words). This is basically an opsec/hardening guide for just about every type of hardware and software out there
* https://thispersondoesnotexist.com/ - This Person Does Not Exist - An AI generated image of a person you can use as a profile picture or whatever you might need it for. More of a curiosity than anything else.
* What's my name App: Just enter a username into the website and it will find every service that username is associated with. EXTREMELY handy. https://whatsmyname.app/
Private Search Engines
----------------------
You've probably heard of Duckduckgo and startpage.com, but these search engines promise to be even more private and secure than those by using all sorts of advanced peer routing algorithms and P2P connections. You're not going to get as good as results you would on Google, but might come in handy for some.
* https://www.mojeek.com/ - Mojeek claims to be the king of private search engines. You can read their pitch here: https://www.mojeek.com/about/
* https://www.qwant.com/ - Qwant, another private one, couldn't tell you what the difference is. All of these have no tracking features and some of them are located outside 5 eyes countries, so you'll just have to try them out and see if they're worth your time.
* https://swisscows.com/ - Swiss Cows claims to not only be private, but help out starving children and if I rememeber correctly might be the P2P one. If you're looking for a search engine that isn't private but plants a tree for searches that you make, try https://www.ecosia.org/
And that's all I've got for right now. I left out a few, but it's 5am and I've been up all night, so that's as good as you're going to get.
If you're interested in some tools and sites that only exist on the darkweb/TOR network, I could make another list for those too.
If you need to get in touch with me you can tweet me @pogue25 or you can get in touch with me via email at the following link: http://scr.im/pogue25 and my PGP key is available at https://bitbin.it/GUvMP7vW/ (please use PGP to contact me via email).
Enjoy and if you have any more links or sites you think I'd be interested in, contact me, or leave them in the Disqus comment box below!