A list of cybersecurity resources from the NJIT Information and Cybersecurity Club.
HTML version, Markdown version.
Click here to return to the NICC website.
Cybersecurity competitions and resources for them.
- NCAE CyberGames - "NCAE Cyber Games is dedicated to inspiring college students to enter the exciting (and sometimes profitable!) realm of cyber competitions."
- Secure the Future - Palo Alto Network's academic cybersecurity competition.
Tools to be used for username/password cracking.
- CUPP - Common User Password Profiler
Generates password word lists based knowledge known about a user.GPL-3.0Windows/Mac/Linux - Hashcat - Password hash cracker. (Source Code)
MITWindows/Mac/Linux - Hydra - Online password brute-force tool for SSH, RDP, HTTP, etc.
AGPL-3.0Mac/Linux - John the Ripper - Password hash cracker. (Source Code)
GPL-2.0Mac/Linux
Anything related to cryptography.
- CryptoHack - Challenges and courses involving Crypto that helps you get to know ciphers and protocols.
FreemiumWeb App - CyberChef - "The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis." (Source Code)
Apache-2.0Web App - Dcode.fr - Many encode and decode tools for different ciphers.
Proprietary/FreewareWeb App - F00L.DE - Collection of miscellaneous tools such as vigenere cipher cracking, file analysis, etc.
Freeware/Source Given with No LicenseWeb App/Windows/Mac/Linux - Rapid Tables - Collection of different converter tools and calculators.
Proprietary/FreewareWeb App
Resources for finding jobs.
- cloudtango - Catalog of MSPs (managed service providers).
Proprietary/FreewareWeb App - FederalPay.org - "We are a non-governmental information portal built by federal employees, for federal employees."
Proprietary/FreewareWeb App - Hiration - Cover letter and resume builder.
Proprietary/FreewareWeb App - Zerodium - Bug bounty program.
General exploitation category for things that don't fit in other places.
- GTFOBins - "GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems." (Source Code)
GPL-3.0Web App - LOLBAS - "The goal of the LOLBAS project is to document every binary, script, and library that can be used for Living Off The Land techniques." (Source Code)
GPL-3.0Web App - Payloads All The PDFs - "A list of crafted malicious PDF files to test the security of PDF readers and tools."
Apache-2.0``
Anything related to computer forensics.
- binwalk - Binwalk is a fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.
MITMac/Linux - gpp-decrypt - Ruby script used to decrypt Microsoft Group Policy preferences strings. Included in Kali by default. (Source Code)
Freeware/Source Given with No LicenseWindows/Mac/Linux - Microsoft Security Complaince Toolkit - "Policy Analyzer is a utility for analyzing and comparing sets of Group Policy Objects (GPOs). It can highlight when a set of Group Policies has redundant settings or internal inconsistencies, and can highlight the differences between versions or sets of Group Policies."
Proprietary/FreewareWindows - oletools - Python tools to analyze Microsoft OLE2 files (used in Office, Outlook, MSI files).
BSD-2-ClauseWindows/Linux/Mac - PSBits Offline GPO Analysis - Analyze Microsoft Group Policy files offline.
UnlicenseWindows
Tools to be used for monitoring systems and networks.
- Datadog - Infrastructure monitoring tool.
10 servers free for 2 years via GitHub Education Pack.Proprietary/FreemiumWeb App/Windows/Mac/Linux
Anything related to computer networking.
- AC Hunter - Tool for network C2 monitoring.
Proprietary/FreemiumLinux - Canarytokens - "Canarytokens helps track activity and actions on your network."
"Canarytokens are like motion sensors for your networks, computers and clouds. You can put them in folders, on network devices and on your phones." (Source Code)GPL-3.0Web App - NetworkMiner - NetworkMiner is an open source network forensics tool that extracts artifacts, such as files, images, emails and passwords, from captured network traffic in PCAP files. (Source Code)
GPL-2.0Windows/Linux - Nmap - Network port scanner tool. (Source Code)
Nmap-PSLWindows/Mac/Linux - Snort - IDS/IPS that does packet monitoring and logging based on rules. (Source Code)
GPL-2.0Windows/Linux - Suricata - IDS/IPS that does packet monitoring and logging based on rules. Similar to Snort but multithreaded. (Source Code)
GPL-2.0Windows/Linux - tcpdump - CLI data network packet analyzer. Can dump to pcap files. (Source Code)
BSD-3-ClauseWindows/Mac/Linux - Wireshark - Network packet sniffer that can capture from interfaces in real time or read pcap files. (Source Code)
GPL-2.0Windows/Mac/Linux
Software that is given to us as NJIT students.
Computer operating systems.
- BlackArch Linux - "BlackArch Linux is an Arch Linux-based penetration testing distribution for penetration testers and security researchers." (Source Code)
Multiple LicensesLinux - Kali Linux - Pentesting focused OS based on Debian Linux. Many cybersecurity tools are preinstalled. (Source Code)
Multiple LicensesLinux - Parrot Linux - Another pentesting focused OS based on Kali. (Source Code)
Multiple LicensesLinux - VirtualBox - Virtual machine hypervisor. Generally used to create Kali or Parrot VMs separate from your host operating system. (Source Code)
GPL-3.0Windows/Mac/Linux
Anything related to open source intelligence.
- OSINT Framework - Guide to assist in gathering information while performing OSINT. (Source Code)
MITWeb App - OSINT Techniques Book - "Resources for Uncovering Online Information"
By Michael Bazzell. ``Book
Anything related to programming.
- Spectra Assure Community - "Spectra Assure Community monitors open source packages to identify malware, code tampering and indicators of software supply chain attacks."
Proprietary/FreemiumWeb App
Tools related to exploting binaries (common in CTFs).
- Metasploit - "The world’s most used penetration testing framework." (Source Code)
BSD-3-ClauseWindows/Mac/Linux - Pwntools - Pwntools is a python ctf library designed for rapid exploit development.
Multiple LicensesMac/Linux
Anything related to reverse engineering software.
- dnSpy - .NET / Unity decompiler.
GPL-3.0Windows - Ghidra - Suite of tools for software reverse engineering developed by the NSA. (Source Code)
Apache-2.0Windows/Mac/Linux - ILSpy - .NET / Unity decompiler.
MITWindows/Mac/Linux - Malcat - "Malcat is a feature-rich hexadecimal editor / disassembler for Windows and Linux targeted to IT-security professionals."
Proprietary/FreemiumWindows/Linux
Education scholarship programs.
- National Cyber Scholarship Foundation - "National Cyber Scholarship Foundation (NCSF) has launched a national initiative to identify and develop a new generation of Cyber Stars."
- NJIT Secure Computing Initiative - "The NJIT Secure Computing Initiative (SCI) seeks to award scholarships as part of the CyberCorps® Scholarship for Service (SFS) program."
Anything related to steganography.
- Aperisolve - Steganography analysis for multiple tools combined into one. (Source Code)
Freeware/Source Given with No LicenseWeb App - Deepsound - Hides files within audio.
Freeware/Source Given with No LicenseWindows - IronGeek Unicode Steg - Hides text within text.
Proprietary/FreewareWeb App - OpenStego - Stegonography application for data hiding and watermarking. (Source Code)
GPL-2.0Windows/Mac/Linux - OutGuess - "Outguess is a universal steganographic tool that allows the insertion of hidden information into the redundant bits of data sources."
BSD-4-ClauseLinux - QRazyBox - "QR Code Analysis and Recovery Toolkit" (Source Code)
MITWeb App - Stegdetect - Abandoned tool for detecting steganographic content in images.
BSD-4-ClauseLinux - StegOnline - Online Image Steganography Tool for Embedding and Extracting data through LSB techniques. (Source Code)
WTFPLWeb App
Anything related to systems administration.
- Awesome Selfhosted - "This is a list of Free Software network services and web applications which can be hosted on your own server(s).." (Source Code)
CC-BY-SA-3.0Web App - NetBox - Network engineer tool for IPAM, provisioning, routing, diagrams, etc. (Source Code)
Apache-2.0Linux
Training resources.
- 10 Types of Application Security Testing Tools - List of different application security testing tools and methods. ``
Web App - A Graduate Course in Applied Cryptography Book - "Throughout the book we present many case studies to survey how deployed systems operate. We describe common mistakes to avoid as well as attacks on real-world systems that illustrate the importance of rigor in cryptography."
By Dan Boneh and Victor Shoup. ``Book - Antisyphon Training - Approachable, accessible, and affordable public and private training.
Proprietary/FreemiumWeb App - Awesome CTF - "A curated list of Capture The Flag (CTF) frameworks, libraries, resources, softwares and tutorials."
CC0-1.0Web App - Backdoors & Breaches - Incident response card game. Can buy card deck or play online. ``
Web App - CISA ISC Training - Free ICS cybersecurity training from the Idaho National Labratory and the Cybersecurity and Infrastructure Security Agency (CISA).
Proprietary/FreewareWeb App - Clark - Largest platform for building and sharing free cybersecurity curriculum.
Proprietary/FreewareWeb App - CMD Challenge - "Test your shell knowledge by taking the CMD Challenge" (Source Code)
MITWeb App - Codecademy Cybersecurity - Contains multiple cybersecurity focused courses.
Proprietary/FreemiumWeb App - Competitive Programmer’s Handbook - "The purpose of this book is to give you a thorough introduction to competitive programming."
By Antti Laaksonen. ``Book - Computer Systems Security: Planning For Success - "The text, labs, and review questions in this book are designed as an introduction to the applied topic of computer security."
By Ryan Tolboom.CC-BY-NC-SA-4.0Web App/Book - Cybersecurity Guide - A collection of guides on different cybersecurity career paths and certifications. ``
Web App - ForeverCTF - CTF that is up indefinitely for practice.
Proprietary/FreewareWeb App - GCA Cybersecurity Toolkit - A toolkit to help improve your personal cyber hygiene.
Proprietary/FreewareWeb App - Google Dorking Tutorial - Tutorial on Google "dorking" which is the art of using search operators to find what you want.
Proprietary/FreewareWeb App - HackTheBox - Test your skills against a variety of hacking labs!
Proprietary/FreemiumWeb App - HackTricks - Collection of hacking tricks: e.g reverse shells, encoded text for web, etc. (Source Code)
CC-BY-NC-4.0Web App - How To Secure A Linux Server - "An evolving how-to guide for securing a Linux server."
CC-BY-SA-4.0`` - DNS Remote Code Execution - Video series exploiting WAN vulnerabilities in network devices.
- Intro to Binary Exploitation - Intro to Binary Exploitation video series.
- Kontra Application Security Training - Interactive application security training.
Proprietary/FreemiumWeb App - Kurose/Ross Networking Book - Material on understanding computer networks.
By Jim Kurose and Keith Ross.Proprietary/FreewareWeb App/Book - learnpython.org - Python references and tutorials. (Source Code)
Proprietary/FreewareWeb App - Linux auditd for Threat Detection - Blog post on configuring auditd on Linux systems. ``
Web App/Book - Metasploitable - "Metasploitable is an intentionally vulnerable Linux virtual machine." (Source Code)
Multiple LicensesLinux - CISA National Initiative for Cybersecurity Careers and Studies - "NICCS is the premier online resource for cybersecurity training, education, and career information."
Proprietary/FreewareWeb App - Nightmare Bin/Rev Guide - Nightmare is an intro to binary exploitation / reverse engineering course based around ctf challenges. (Source Code)
Freeware/Source Given with No LicenseWeb App - OverTheWire - Learn Linux basics through fun-filled games.
Proprietary/FreewareWeb App - Payloads All The Things - "A list of useful payloads and bypasses for Web Application Security." (Source Code)
MITWeb App - PentesterLab - Learn how to manually exploit web applications!
Proprietary/FreemiumWeb App - picoGym - CTF that is up indefinitely for practice. (Source Code)
Proprietary/FreewareWeb App - PortSwigger Web Security Academy - Free, online web security training from the creators of BurpSuite!
Proprietary/FreewareWeb App - Security Certification Roadmap - A roadmap of differnet cybersecurity certifications. (Source Code)
CC-BY-SA-4.0Web App - shellscript.sh - Tutorials for bash scripting.
Proprietary/FreewareWeb App - Snyk CTF 101 Workshop - "Check out this hands-on, virtual workshop to learn how to solve Capture the Flag (CTF) challenges, including pwn and web. After the workshop, you'll have the security skills and experience to compete in CTFs."
Proprietary/FreewareWeb App - Splunk Work+ Training - 1 year of free Splunk SIEM Training for NJIT students.
Courses should come up as $0. If not, send and email to education@splunk.com.Proprietary/FreemiumWeb App - TryHackMe - Hand-on cyber security training through real-world scenarios.
Proprietary/FreemiumWeb App - VulnHub - Collection of vulnerable VM images.
Multiple Licenses``
Videos.
Anything related to websites and website exploitation.
- BurpSuite - For pentesting web applications. Can replay and modify requests, fuzz request values, proxy between the browser and site, etc.
Proprietary/FreemiumWindows/Mac/Linux - Dirb - Dictionary scan of web servers.
GPL-2.0Linux - Enum_AzureSubdomains - "A Metasploit Auxiliary module for enumerating public Azure services by locating valid subdomains through various DNS queries."
Freeware/Source Given with No LicenseWindows/Mac/Linux - Evilginx - "Evilginx is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection."
BSD-3-ClauseWindows/Mac/Linux - HackThisSite - "HackThisSite.org is a free, safe and legal training ground for hackers to test and expand their ethical hacking skills with challenges, CTFs, and more."
Proprietary/FreewareWeb App - JWT.io - Tool to decode and encode JSON Web Tokens. (Source Code)
MITWeb App - OWASP Top Ten - "The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications." (Source Code)
CC-BY-SA-4.0Web App - OWASP WebGoat - "WebGoat is a deliberately insecure application that allows interested developers just like you to test vulnerabilities commonly found in Java-based applications that use common and popular open source components." (Source Code)
GPL-2.0Windows/Mac/Linux - OWASP ZAP - For pentesting web applications. Can replay and modify requests, fuzz request values, proxy between the browser and site, etc. (Source Code)
Apache-2.0Windows/Mac/Linux - Shodan - Search engine for IoT devices. Can search for publically accessible servers based on details such as header, geolocation, etc.
Proprietary/FreemiumWeb App - sig2n - Python scripts to perform JWT algorithm confusion.
Usage instructions from PortSwigger here. (Source Code)GPL-3.0Windows/Mac/Linux - WhatWeb - Scans websites to recognize what software is being used to power them. (Source Code)
GPL-2.0Windows/Mac/Linux/Web App
0BSD- BSD Zero-Clause LicenceAAL- Attribution Assurance LicenseAGPL-3.0- GNU Affero General Public License 3.0Apache-2.0- Apache, Version 2.0APSL-2.0- Apple Public Source License, Version 2.0Artistic-2.0- Artistic License Version 2.0Beerware- Beerware LicenseBSD-2-Clause- BSD 2-clause "Simplified"BSD-2-Clause-FreeBSD- BSD 2-Clause FreeBSD LicenseBSD-3-Clause- BSD 3-Clause "New" or "Revised"BSD-3-Clause-Attribution- BSD with attributionBSD-4-Clause- BSD 4-clause "Original"CC-BY-NC-4.0- Creative Commons Attribution-NonCommercial 4.0 LicenseCC-BY-NC-SA-4.0- Creative Commons Attribution-NonCommercial-ShareAlike 4.0 LicenseCC-BY-SA-3.0- Creative Commons Attribution-ShareAlike 3.0 LicenseCC-BY-SA-4.0- Creative Commons Attribution-ShareAlike 4.0 LicenseCC0-1.0- Public Domain/Creative Common Zero 1.0CDDL-1.0- Common Development and Distribution LicenseCECILL-B- CEA CNRS INRIA Logiciel LibreCPAL-1.0- Common Public Attribution License Version 1.0ECL-2.0- Educational Community License, Version 2.0EPL-1.0- Eclipse Public License, Version 1.0EPL-2.0- Eclipse Public License, Version 2.0EUPL-1.2- European Union Public License 1.2Freemium- Freemium (Free to use in some capacity but has paid upgrades)Freeware- Freeware (Free to use)GPL-1.0- GNU General Public License 1.0GPL-2.0- GNU General Public License 2.0GPL-3.0- GNU General Public License 3.0IPL-1.0- IBM Public LicenseISC- Internet Systems Consortium LicenseLGPL-2.1- Lesser General Public License 2.1LGPL-3.0- Lesser General Public License 3.0MIT- MIT LicenseMPL-1.1- Mozilla Public License Version 1.1MPL-2.0- Mozilla Public LicenseMultiple Licenses- Multiple Licenses (for entries such as Linux distros which contain many programs)Nmap-PSL- Nmap Public Source LicenseOSL-3.0- Open Software License 3.0Proprietary- Proprietary (closed source)Sendmail- Sendmail LicenseSource Given with No License- Source Given with No LicenseRuby- Ruby LicenseUnlicense- The UnlicenseWTFPL- Do What the Fuck You Want to Public LicenseZlib- Zlib/libpng LicenseZPL-2.0- Zope Public License 2.0
Contributing guidelines can be found here.
This list is under the Creative Commons Attribution-ShareAlike 3.0 Unported License.
Terms of the license are summarized here.
Markdown and HTML generating code adapted from the awesome-selfhosted community. Changes were made to page verbage and formatting.