Pular para o conteúdo
1337skills 1337skills - Folhas de Dicas

Tools Directory

Este conteúdo não está disponível em sua língua ainda.

Comprehensive directory of development tools, software, and resources for developers

Welcome to the ultimate tools directory for developers! This comprehensive collection includes everything from code editors and IDEs to deployment platforms and productivity tools. Each tool includes a description, key features, and installation instructions.

🚀 Most Popular Tools

Section titled “🚀 Most Popular Tools”

Code Editors & IDEs

Section titled “Code Editors & IDEs”

Visual Studio Code

Section titled “Visual Studio Code”

Free, extensible code editor by Microsoft

Visual Studio Code is a lightweight but powerful source code editor that runs on Windows, macOS, and Linux. It comes with built-in support for JavaScript, TypeScript, and Node.js and has a rich ecosystem of extensions.

Key Features:

  • IntelliSense code completion
  • Built-in Git integration
  • Extensive extension marketplace
  • Integrated terminal
  • Debugging support
  • Live Share collaboration

Installation:

IntelliJ IDEA

Section titled “IntelliJ IDEA”

Powerful Java IDE with multi-language support

IntelliJ IDEA is a Java integrated development environment (IDE) for developing computer software. It’s developed by JetBrains and is available as an Apache 2 Licensed community edition and a commercial edition.

Key Features:

  • Smart code completion
  • Built-in version control
  • Database tools
  • Application server integration
  • Maven and Gradle support
  • Refactoring tools

Installation:

Android Studio

Section titled “Android Studio”

Official IDE for Android app development

Android Studio is the official integrated development environment for Google’s Android operating system, built on JetBrains’ IntelliJ IDEA software and designed specifically for Android development.

Key Features:

  • Android-specific code completion
  • Visual layout editor
  • APK analyzer
  • Built-in emulator
  • Gradle build system
  • Gemini AI assistance

Installation:

PyCharm

Section titled “PyCharm”

The only Python IDE you need

PyCharm is an integrated development environment used for programming in Python. It provides code analysis, a graphical debugger, an integrated unit tester, integration with version control systems, and supports web development with Django.

Key Features:

  • Intelligent Python assistance
  • Web development frameworks
  • Scientific tools integration
  • Cross-technology development
  • Remote development capabilities
  • Database tools

Installation:

CLion

Section titled “CLion”

Cross-platform IDE for C and C++

CLion is a cross-platform IDE for C and C++ development that includes modern C++ support, libc++ and Boost, and supports CMake, Google Test, Catch, and other tools.

Key Features:

  • Smart C/C++ editor
  • Embedded terminal
  • CMake support
  • Debugger and dynamic analysis tools
  • Unit testing integration
  • VCS integration

Installation:

WebStorm

Section titled “WebStorm”

The smartest JavaScript IDE

WebStorm is an integrated development environment for JavaScript and related technologies. Like other JetBrains IDEs, it makes your development experience more enjoyable, automating routine work and helping you handle complex tasks with ease.

Key Features:

  • Intelligent coding assistance
  • Built-in developer tools
  • Debugging and testing
  • Seamless tool integration
  • VCS integration
  • Local history

Installation:

Xcode

Section titled “Xcode”

Apple’s IDE for macOS and iOS development

Xcode is Apple’s integrated development environment for macOS, used to develop software for macOS, iOS, iPadOS, watchOS, and tvOS.

Key Features:

  • Interface Builder
  • iOS Simulator
  • Instruments performance analysis
  • Source control integration
  • Asset catalog
  • Swift and Objective-C support

Installation:

Cursor

Section titled “Cursor”

The AI Code Editor

Cursor is an AI-powered code editor that lets you write code using instructions. It’s designed to make you extraordinarily productive with AI assistance built into every aspect of coding.

Key Features:

  • AI-powered code completion
  • Natural language code generation
  • Intelligent refactoring
  • Context-aware suggestions
  • Multi-language support
  • VS Code compatibility

Installation:

Zed

Section titled “Zed”

Code at the speed of thought

Zed is a next-generation code editor designed for high-performance collaboration with humans and AI. Built by the creators of Atom and Tree-sitter.

Key Features:

  • High-performance editing
  • Multiplayer collaboration
  • AI integration
  • Language server protocol
  • Git integration
  • Extensible architecture

Installation:

Visual Studio

Section titled “Visual Studio”

Microsoft’s flagship IDE

Visual Studio is an integrated development environment from Microsoft. It is used to develop computer programs, as well as websites, web apps, web services and mobile apps.

Key Features:

  • IntelliSense code completion
  • Debugging and diagnostics
  • Testing tools
  • Version control integration
  • Azure integration
  • Extensions marketplace

Installation:

DataGrip

Section titled “DataGrip”

Database IDE by JetBrains

DataGrip is a database IDE that is tailored to suit the specific needs of professional SQL developers and provides a productive environment for database development.

Key Features:

  • Intelligent query console
  • Efficient schema navigation
  • Explain plan visualization
  • Smart code completion
  • Version control integration
  • Data export/import

Installation:

PhpStorm

Section titled “PhpStorm”

PHP IDE by JetBrains

PhpStorm is a commercial, cross-platform IDE for PHP built by JetBrains. It provides an editor for PHP, HTML and JavaScript with on-the-fly code analysis, error prevention and automated refactorings.

Key Features:

  • Smart PHP code editor
  • Frontend technologies support
  • Built-in developer tools
  • Debugging and testing
  • Database tools
  • Framework support

Installation:

Rider

Section titled “Rider”

.NET IDE by JetBrains

Rider is a cross-platform .NET IDE based on the IntelliJ platform and ReSharper. It supports .NET Framework, .NET Core, and Mono-based projects.

Key Features:

  • Rich code editor
  • Powerful debugger
  • Built-in version control
  • Unit testing support
  • Database tools
  • Decompiler integration

Installation:

RubyMine

Section titled “RubyMine”

Ruby and Rails IDE by JetBrains

RubyMine is an integrated development environment that helps you be more productive in every aspect of Ruby development – from writing and debugging code to testing and deploying a completed application.

Key Features:

  • Smart code editor
  • Ruby and Rails support
  • Web development tools
  • Testing framework integration
  • Version control integration
  • Database tools

Installation:

GoLand

Section titled “GoLand”

Go IDE by JetBrains

GoLand is a cross-platform IDE built specifically for the Go programming language. It provides all the essential features for Go development and integrates with the Go toolchain.

Key Features:

  • Smart code completion
  • Built-in debugger
  • Testing framework integration
  • Version control integration
  • Database tools
  • Go modules support

Installation:

Windsurf

Section titled “Windsurf”

Modern code editor

Windsurf is a modern, fast, and extensible code editor designed for contemporary development workflows with built-in collaboration features.

Key Features:

  • Modern interface design
  • Fast performance
  • Extensible architecture
  • Collaboration tools
  • Multi-language support
  • Integrated terminal

Installation:

  • GitHub Repository: Available through official channels
  • Platform Support: Windows, macOS, Linux
  • Documentation: View Windsurf Cheatsheet

Sublime Text

Section titled “Sublime Text”

Sophisticated text editor for code, markup and prose

Sublime Text is a proprietary cross-platform source code editor with a Python application programming interface. It natively supports many programming languages and markup languages.

Key Features:

  • Multiple selections
  • Command palette
  • Powerful API
  • Package ecosystem
  • Cross platform
  • Goto anything

Installation:

Web Development Tools

Section titled “Web Development Tools”

Vite

Section titled “Vite”

Next Generation Frontend Tooling

Vite is a build tool that aims to provide a faster and leaner development experience for modern web projects. It consists of two major parts: a dev server and a build command.

Key Features:

  • Lightning fast HMR
  • Rich features out of the box
  • Optimized build with Rollup
  • Universal plugin interface
  • Fully typed APIs
  • Framework agnostic

Installation:

Next.js

Section titled “Next.js”

The React Framework for Production

Next.js is a React framework that gives you building blocks to create web applications with server-side rendering, static site generation, and many other features.

Key Features:

  • Server-side rendering
  • Static site generation
  • API routes
  • File-system routing
  • Built-in CSS support
  • Image optimization

Installation:

Nuxt.js

Section titled “Nuxt.js”

The Intuitive Vue Framework

Nuxt.js is a free and open source framework providing a powerful way to create full-stack web applications and websites with Vue.js.

Key Features:

  • Server-side rendering
  • Static site generation
  • Auto-routing
  • Code splitting
  • SEO optimization
  • TypeScript support

Installation:

Astro

Section titled “Astro”

The Web Framework for Content-Driven Websites

Astro is a modern static site generator that delivers lightning-fast performance with a modern developer experience.

Key Features:

  • Islands architecture
  • Zero JavaScript by default
  • Framework agnostic
  • Built-in optimizations
  • Content collections
  • TypeScript support

Installation:

Svelte

Section titled “Svelte”

Cybernetically Enhanced Web Apps

Svelte is a radical new approach to building user interfaces. Whereas traditional frameworks do the bulk of their work in the browser, Svelte shifts that work into a compile step.

Key Features:

  • No virtual DOM
  • Truly reactive
  • Small bundle sizes
  • Built-in state management
  • CSS-in-JS
  • TypeScript support

Installation:

Tailwind CSS

Section titled “Tailwind CSS”

Utility-First CSS Framework

Tailwind CSS is a utility-first CSS framework packed with classes that can be composed to build any design, directly in your markup.

Key Features:

  • Utility-first approach
  • Responsive design
  • Dark mode support
  • Component-friendly
  • Customizable
  • JIT compiler

Installation:

Webpack

Section titled “Webpack”

Static Module Bundler

Webpack is a static module bundler for modern JavaScript applications. It builds a dependency graph and bundles modules into one or more bundles.

Key Features:

  • Module bundling
  • Code splitting
  • Asset management
  • Plugin system
  • Development server
  • Hot module replacement

Installation:

Parcel

Section titled “Parcel”

The Zero Configuration Build Tool

Parcel is a web application bundler, differentiated by its developer experience. It offers blazing fast performance utilizing multicore processing.

Key Features:

  • Zero configuration
  • Fast bundle times
  • Built-in transformations
  • Code splitting
  • Hot module replacement
  • Tree shaking

Installation:

Rollup

Section titled “Rollup”

Next-generation ES Module Bundler

Rollup is a module bundler for JavaScript which compiles small pieces of code into something larger and more complex, such as a library or application.

Key Features:

  • ES module support
  • Tree shaking
  • Multiple output formats
  • Plugin system
  • Code splitting
  • Small bundles

Installation:

ESBuild

Section titled “ESBuild”

An Extremely Fast JavaScript Bundler

ESBuild is an extremely fast JavaScript bundler and minifier written in Go. It’s designed to be fast and efficient.

Key Features:

  • Extreme speed
  • ES6 and CommonJS modules
  • Tree shaking
  • TypeScript support
  • JSX support
  • Source maps

Installation:

VitePress

Section titled “VitePress”

Vite & Vue Powered Static Site Generator

VitePress is a static site generator designed to be simple, performant, and flexible. It takes Markdown-centered content and generates a beautiful documentation site.

Key Features:

  • Vue.js powered
  • Vite under the hood
  • Markdown extensions
  • Built-in search
  • Internationalization
  • Custom themes

Installation:

MkDocs

Section titled “MkDocs”

Project Documentation with Markdown

MkDocs is a fast, simple and downright gorgeous static site generator that’s geared towards building project documentation.

Key Features:

  • Markdown source files
  • Beautiful themes
  • Live preview server
  • Plugin system
  • Search functionality
  • GitHub Pages deployment

Installation:

Snowpack

Section titled “Snowpack”

The Faster Frontend Build Tool

Snowpack is a lightning-fast frontend build tool, designed for the modern web. It leverages JavaScript’s native module system to avoid unnecessary work.

Key Features:

  • Unbundled development
  • Instant startup
  • Built-in optimizations
  • Plugin ecosystem
  • Framework agnostic
  • Hot module replacement

Installation:

Turbopack

Section titled “Turbopack”

The Incremental Bundler

Turbopack is an incremental bundler optimized for JavaScript and TypeScript, written in Rust by the creators of Webpack and Next.js.

Key Features:

  • Incremental computation
  • Rust-powered performance
  • Next.js integration
  • Hot module replacement
  • TypeScript support
  • Asset optimization

Installation:

Gulp

Section titled “Gulp”

The Streaming Build System

Gulp is a toolkit for automating painful or time-consuming tasks in your development workflow, so you can stop messing around and build something.

Key Features:

  • Code over configuration
  • Streaming builds
  • Plugin ecosystem
  • Simple API
  • Efficient builds
  • Easy to learn

Installation:

Grunt

Section titled “Grunt”

The JavaScript Task Runner

Grunt is a JavaScript task runner that automates repetitive tasks like minification, compilation, unit testing, and linting.

Key Features:

  • Huge ecosystem
  • Configuration over code
  • Built-in tasks
  • Plugin system
  • File watching
  • Multi-target tasks

Installation:

Browserify

Section titled “Browserify”

Browser-side require() the Node.js Way

Browserify lets you require(‘modules’) in the browser by bundling up all of your dependencies.

Key Features:

  • Node.js style modules
  • NPM ecosystem
  • Transform system
  • Source maps
  • Plugin system
  • Bundle analysis

Installation:

Playwright

Section titled “Playwright”

Modern Web Testing & Automation

Playwright is a framework for Web Testing and Automation. It allows testing Chromium, Firefox and WebKit with a single API.

Key Features:

  • Cross-browser testing
  • Auto-wait capabilities
  • Network interception
  • Mobile emulation
  • Visual comparisons
  • Parallel execution

Installation:

Bower

Section titled “Bower”

Package Manager for the Web

Bower is a package manager for the web. It offers a generic, unopinionated solution to the problem of front-end package management.

Key Features:

  • Flat dependency tree
  • Generic package manager
  • Unopinionated
  • Git-based
  • Registry support
  • Version management

Installation:

Yeoman

Section titled “Yeoman”

The Web’s Scaffolding Tool

Yeoman helps you to kickstart new projects, prescribing best practices and tools to help you stay productive.

Key Features:

  • Project scaffolding
  • Generator ecosystem
  • Best practices
  • Tool integration
  • Workflow automation
  • Community generators

Installation:

Storybook

Section titled “Storybook”

Build UIs in Isolation

Storybook is a tool for building UI components and pages in isolation. It streamlines UI development, testing, and documentation.

Key Features:

  • Component isolation
  • Interactive development
  • Visual testing
  • Documentation
  • Addon ecosystem
  • Framework support

Installation:

Jest

Section titled “Jest”

Delightful JavaScript Testing

Jest is a JavaScript testing framework designed to ensure correctness of any JavaScript codebase. It works out of the box for most JavaScript projects.

Key Features:

  • Zero configuration
  • Snapshot testing
  • Mocking capabilities
  • Code coverage
  • Parallel testing
  • Watch mode

Installation:

Cypress

Section titled “Cypress”

End-to-End Testing Made Easy

Cypress is a next generation front end testing tool built for the modern web. It addresses the key pain points developers face when testing modern applications.

Key Features:

  • Real browser testing
  • Time travel debugging
  • Network traffic control
  • Automatic waiting
  • Screenshots and videos
  • Cross-browser testing

Installation:

Mocha

Section titled “Mocha”

Simple, Flexible, Fun JavaScript Testing

Mocha is a feature-rich JavaScript test framework running on Node.js and in the browser, making asynchronous testing simple and fun.

Key Features:

  • Browser and Node.js support
  • Flexible test organization
  • Multiple assertion libraries
  • Async testing support
  • Custom reporters
  • Plugin ecosystem

Installation:

Mobile Development Tools

Section titled “Mobile Development Tools”

React Native

Section titled “React Native”

Learn Once, Write Anywhere

React Native combines the best parts of native development with React, a best-in-class JavaScript library for building user interfaces.

Key Features:

  • Cross-platform development
  • Native performance
  • Hot reloading
  • Large ecosystem
  • Code sharing
  • Native module access

Installation:

Flutter

Section titled “Flutter”

Build Apps for Any Screen

Flutter is Google’s UI toolkit for building beautiful, natively compiled applications for mobile, web, and desktop from a single codebase.

Key Features:

  • Single codebase
  • Native performance
  • Hot reload
  • Rich widgets
  • Dart language
  • Platform integration

Installation:

Ionic

Section titled “Ionic”

One Codebase. Any Platform.

Ionic is the app development platform for web developers. Build amazing cross platform mobile, web, and desktop apps all with one shared code base.

Key Features:

  • Web technologies
  • Cross-platform
  • Native functionality
  • UI components
  • CLI tools
  • Cloud services

Installation:

Xamarin

Section titled “Xamarin”

Mobile App Development Platform

Xamarin is a Microsoft-owned San Francisco-based software company that provides commercial software development tools for mobile app development.

Key Features:

  • Native performance
  • Shared business logic
  • Platform-specific UI
  • Cloud integration
  • Testing tools
  • Enterprise support

Installation:

Swift

Section titled “Swift”

Powerful and Intuitive Programming Language

Swift is a powerful and intuitive programming language for iOS, iPadOS, macOS, tvOS, and watchOS. Writing Swift code is interactive and fun.

Key Features:

  • Modern syntax
  • Memory safety
  • Performance
  • Interoperability
  • Open source
  • Playgrounds

Installation:

Kotlin

Section titled “Kotlin”

Modern Programming Language

Kotlin is a cross-platform, statically typed, general-purpose programming language with type inference, designed to interoperate fully with Java.

Key Features:

  • Java interoperability
  • Null safety
  • Coroutines
  • Multiplatform
  • Concise syntax
  • Tool-friendly

Installation:

Expo

Section titled “Expo”

Platform for Universal React Applications

Expo is a platform for making universal native apps for Android, iOS, and the web with JavaScript and React.

Key Features:

  • Managed workflow
  • Over-the-air updates
  • Push notifications
  • Development tools
  • Cloud services
  • Web support

Installation:

Cordova

Section titled “Cordova”

Mobile Apps with HTML, CSS & JS

Apache Cordova is a mobile application development framework that enables software programmers to build hybrid web applications for mobile devices.

Key Features:

  • Web technologies
  • Plugin ecosystem
  • Cross-platform
  • Native device access
  • Command line tools
  • Platform support

Installation:

NativeScript

Section titled “NativeScript”

Open Source Framework for Building Native Mobile Apps

NativeScript empowers you to access native APIs from JavaScript directly. The framework currently provides iOS and Android runtimes.

Key Features:

  • Native performance
  • Direct API access
  • Code sharing
  • Angular/Vue support
  • TypeScript support
  • Hot module replacement

Installation:

Unity

Section titled “Unity”

Create and Operate Real-Time 3D Content

Unity is a cross-platform game engine developed by Unity Technologies, first announced and released in June 2005 at Apple Inc.’s Worldwide Developers Conference.

Key Features:

  • Cross-platform deployment
  • Visual scripting
  • Asset store
  • Analytics
  • Cloud build
  • Multiplayer networking

Installation:

Database Tools

Section titled “Database Tools”

MySQL

Section titled “MySQL”

The World’s Most Popular Open Source Database

MySQL is an open-source relational database management system. Its name is a combination of “My”, the name of co-founder Michael Widenius’s daughter, and “SQL”.

Key Features:

  • ACID compliance
  • Replication support
  • Partitioning
  • Stored procedures
  • Triggers
  • Views

Installation:

PostgreSQL

Section titled “PostgreSQL”

The World’s Most Advanced Open Source Database

PostgreSQL is a powerful, open source object-relational database system with over 30 years of active development.

Key Features:

  • ACID compliance
  • JSON support
  • Full-text search
  • Extensions
  • Custom data types
  • Advanced indexing

Installation:

MongoDB

Section titled “MongoDB”

The Developer Data Platform

MongoDB is a source-available cross-platform document-oriented database program. Classified as a NoSQL database program.

Key Features:

  • Document storage
  • Horizontal scaling
  • Rich queries
  • Secondary indexes
  • Real-time aggregation
  • Multi-document transactions

Installation:

Redis

Section titled “Redis”

The Open Source In-Memory Data Store

Redis is an open source, in-memory data structure store, used as a database, cache, and message broker.

Key Features:

  • In-memory storage
  • Data structures
  • Persistence options
  • Clustering
  • Pub/Sub messaging
  • Lua scripting

Installation:

SQLite

Section titled “SQLite”

Small. Fast. Reliable. Choose Any Three.

SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine.

Key Features:

  • Serverless
  • Zero-configuration
  • Transactional
  • Small footprint
  • Cross-platform
  • Public domain

Installation:

MariaDB

Section titled “MariaDB”

Open Source Database for Modern Analytics

MariaDB is a community-developed, commercially supported fork of the MySQL relational database management system.

Key Features:

  • MySQL compatibility
  • Storage engines
  • Galera clustering
  • Columnar storage
  • Temporal tables
  • JSON support

Installation:

Oracle Database

Section titled “Oracle Database”

Converged Database for Any Workload

Oracle Database is a multi-model database management system produced and marketed by Oracle Corporation.

Key Features:

  • Multi-model support
  • In-memory processing
  • Advanced security
  • High availability
  • Scalability
  • Cloud integration

Installation:

Microsoft SQL Server

Section titled “Microsoft SQL Server”

Database Platform for Mission-Critical Applications

Microsoft SQL Server is a relational database management system developed by Microsoft.

Key Features:

  • T-SQL support
  • Integration services
  • Reporting services
  • Analysis services
  • Always On availability
  • In-memory OLTP

Installation:

Cassandra

Section titled “Cassandra”

Manage Massive Amounts of Data

Apache Cassandra is a free and open-source, distributed, wide column store, NoSQL database management system.

Key Features:

  • Distributed architecture
  • Linear scalability
  • Fault tolerance
  • Tunable consistency
  • CQL query language
  • Multi-datacenter support

Installation:

CouchDB

Section titled “CouchDB”

Seamless Multi-Master Sync

Apache CouchDB is an open-source document-oriented NoSQL database, implemented in Erlang.

Key Features:

  • Document storage
  • HTTP/JSON API
  • Multi-master replication
  • ACID semantics
  • Map-reduce views
  • Conflict resolution

Installation:

Neo4j

Section titled “Neo4j”

Graph Database Platform

Neo4j is a graph database management system developed by Neo4j, Inc. It is an ACID-compliant transactional database with native graph storage and processing.

Key Features:

  • Native graph storage
  • Cypher query language
  • ACID transactions
  • High performance
  • Clustering support
  • Graph algorithms

Installation:

InfluxDB

Section titled “InfluxDB”

Time Series Database

InfluxDB is an open-source time series database developed by the company InfluxData. It is written in the Go programming language.

Key Features:

  • Time series optimization
  • SQL-like query language
  • Built-in HTTP API
  • Retention policies
  • Continuous queries
  • Clustering support

Installation:

phpMyAdmin

Section titled “phpMyAdmin”

Web-based MySQL Administration

phpMyAdmin is a free software tool written in PHP, intended to handle the administration of MySQL over the Web.

Key Features:

  • Web interface
  • Database management
  • SQL execution
  • Import/export
  • User management
  • Multi-server support

Installation:

pgAdmin

Section titled “pgAdmin”

PostgreSQL Administration and Development Platform

pgAdmin is the most popular and feature rich Open Source administration and development platform for PostgreSQL.

Key Features:

  • Web-based interface
  • Query tool
  • Schema browser
  • Backup/restore
  • Server monitoring
  • User management

Installation:

MongoDB Compass

Section titled “MongoDB Compass”

The GUI for MongoDB

MongoDB Compass is the GUI for MongoDB. Compass allows you to analyze and understand your MongoDB data without formal knowledge of MongoDB query syntax.

Key Features:

  • Visual query builder
  • Schema analysis
  • Performance insights
  • Index management
  • Document editing
  • Aggregation pipeline builder

Installation:

DBeaver

Section titled “DBeaver”

Universal Database Tool

DBeaver is a SQL client software application and a database administration tool. For relational databases it uses the JDBC application programming interface.

Key Features:

  • Multi-platform support
  • Multiple database support
  • SQL editor
  • Data visualization
  • ER diagrams
  • Data export/import

Installation:

Adminer

Section titled “Adminer”

Database Management Tool

Adminer is a tool for managing content in databases. It natively supports MySQL, MariaDB, PostgreSQL, SQLite, MS SQL, Oracle, Elasticsearch, MongoDB and others.

Key Features:

  • Single PHP file
  • Multiple database support
  • User-friendly interface
  • Security features
  • Plugin system
  • Export/import

Installation:

Version Control

Section titled “Version Control”

Git

Section titled “Git”

Distributed version control system

Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency.

Key Features:

  • Distributed development
  • Branching and merging
  • Lightweight and fast
  • Data integrity
  • Staging area
  • Free and open source

Installation:

GitHub Desktop

Section titled “GitHub Desktop”

GUI application for Git and GitHub

GitHub Desktop is a seamless way to contribute to projects on GitHub and GitHub Enterprise. It provides an intuitive interface for Git operations.

Key Features:

  • Visual diff tools
  • Branch management
  • Commit history visualization
  • Pull request integration
  • Conflict resolution
  • Repository cloning

Installation:

  • Windows/macOS: Download from desktop.github.com
  • Package Managers:
    • Windows: winget install GitHub.GitHubDesktop
    • macOS: brew install --cask github

Terminals & Shells

Section titled “Terminals & Shells”

Windows Terminal

Section titled “Windows Terminal”

Modern terminal application for Windows

Windows Terminal is a modern, fast, efficient, powerful, and productive terminal application for users of command-line tools and shells like Command Prompt, PowerShell, and WSL.

Key Features:

  • Multiple tabs and panes
  • GPU accelerated text rendering
  • Rich text and emoji support
  • Custom themes and styling
  • Configurable actions and key bindings
  • Unicode and UTF-8 character support

Installation:

iTerm2

Section titled “iTerm2”

Terminal emulator for macOS

iTerm2 is a replacement for Terminal and the successor to iTerm. It works on Macs with macOS 10.14 or newer and brings the terminal into the modern age with features you never knew you always wanted.

Key Features:

  • Split panes
  • Hotkey window
  • Search functionality
  • Autocomplete
  • Paste history
  • Instant replay

Installation:

Alacritty

Section titled “Alacritty”

GPU-accelerated terminal emulator

Alacritty is a modern terminal emulator that comes with sensible defaults, but allows for extensive configuration. By integrating with other applications, rather than reimplementing their functionality, it manages to provide a flexible set of features with high performance.

Key Features:

  • GPU acceleration
  • Cross-platform support
  • Vi mode
  • Configurable
  • Fast scrolling
  • Minimal resource usage

Installation:

GNOME Terminal

Section titled “GNOME Terminal”

Default terminal emulator for GNOME

GNOME Terminal is a terminal emulator for the GNOME desktop environment written by Havoc Pennington and others. It supports multiple tabs and profiles.

Key Features:

  • Multiple tabs
  • Profile management
  • Transparency support
  • Custom color schemes
  • Keyboard shortcuts
  • Search functionality

Installation:

Ghostty

Section titled “Ghostty”

Modern terminal emulator

Ghostty is a fast, feature-rich terminal emulator that uses platform-native UI and GPU acceleration. It’s designed to be both powerful and easy to use.

Key Features:

  • GPU acceleration
  • Platform-native UI
  • Fast performance
  • Modern features
  • Cross-platform support
  • Configurable interface

Installation:

Xterm

Section titled “Xterm”

Standard terminal emulator for X Window System

Xterm is the standard terminal emulator for the X Window System. It provides DEC VT102 and Tektronix 4014 compatible terminals for programs that cannot use the window system directly.

Key Features:

  • VT102 compatibility
  • Tektronix 4014 support
  • Configurable
  • Lightweight
  • Standard compliance
  • Long history and stability

Installation:

  • Package Managers:
    • Ubuntu/Debian: sudo apt install xterm
    • Fedora: sudo dnf install xterm
    • Arch: sudo pacman -S xterm
  • Platform Support: Linux/Unix with X11
  • Documentation: View Xterm Cheatsheet

Mac Terminal

Section titled “Mac Terminal”

Default terminal application for macOS

Terminal is the default terminal emulator included with macOS. It provides a command-line interface to the Unix shell and allows users to interact with the operating system through text commands.

Key Features:

  • Multiple tabs and windows
  • Profile customization
  • AppleScript support
  • Secure keyboard entry
  • Full-screen mode
  • Search functionality

Installation:

  • Built-in: Pre-installed with macOS
  • Location: Applications > Utilities > Terminal
  • Platform Support: macOS only
  • Documentation: View Mac Terminal Cheatsheet

Bash

Section titled “Bash”

Bourne Again Shell

Bash is a Unix shell and command language written by Brian Fox for the GNU Project as a free software replacement for the Bourne shell. It has been used as the default login shell for most Linux distributions.

Key Features:

  • Command-line editing
  • Job control
  • Shell functions and aliases
  • Command history
  • Filename completion
  • Variable arrays

Installation:

Zsh

Section titled “Zsh”

Z Shell

Zsh is a shell designed for interactive use, although it is also a powerful scripting language. Many of the useful features of bash, ksh, and tcsh were incorporated into zsh; many original features were added.

Key Features:

  • Advanced tab completion
  • Spelling correction
  • Theme and plugin support
  • Powerful globbing
  • Shared command history
  • Programmable completion

Installation:

  • Official Website: https://www.zsh.org/
  • Package Managers:
    • Ubuntu/Debian: sudo apt install zsh
    • macOS: brew install zsh (pre-installed on newer versions)
    • Fedora: sudo dnf install zsh
  • Documentation: View Zsh Cheatsheet

Fish

Section titled “Fish”

Friendly Interactive Shell

Fish is a smart and user-friendly command line shell for Linux, macOS, and the rest of the family. Fish includes features like syntax highlighting, autosuggestions, and tab completions that just work.

Key Features:

  • Syntax highlighting
  • Autosuggestions
  • Tab completions
  • Web-based configuration
  • Scripting language
  • No configuration required

Installation:

C Shell (csh)

Section titled “C Shell (csh)”

C-like shell

The C shell is a Unix shell created by Bill Joy while he was a graduate student at University of California, Berkeley in the late 1970s. It has been widely distributed, beginning with the 2BSD release of the Berkeley Software Distribution.

Key Features:

  • C-like syntax
  • Command history
  • Job control
  • Aliases
  • Variable substitution
  • Expression evaluation

Installation:

  • Package Managers:
    • Ubuntu/Debian: sudo apt install csh
    • Fedora: sudo dnf install tcsh (enhanced C shell)
    • macOS: Usually pre-installed
  • Documentation: View C Shell Cheatsheet

Korn Shell (ksh)

Section titled “Korn Shell (ksh)”

Korn Shell

The Korn shell is a Unix shell which was developed by David Korn at Bell Labs in the early 1980s and announced at USENIX on July 14, 1983. It is backward-compatible with the Bourne shell and includes many features of the C shell.

Key Features:

  • Bourne shell compatibility
  • Command-line editing
  • Job control
  • Arrays
  • Functions
  • Arithmetic expressions

Installation:

  • Package Managers:
    • Ubuntu/Debian: sudo apt install ksh
    • Fedora: sudo dnf install ksh
    • macOS: brew install ksh
  • Documentation: View Korn Shell Cheatsheet

POSIX Shell (sh)

Section titled “POSIX Shell (sh)”

POSIX-compliant shell

The POSIX shell is a command-line interpreter that follows the POSIX standard. It provides a standardized interface for Unix-like operating systems and ensures portability across different systems.

Key Features:

  • POSIX compliance
  • Portability
  • Basic scripting capabilities
  • Standard command set
  • Minimal resource usage
  • Universal availability

Installation:

  • Built-in: Available on all Unix-like systems
  • Location: Usually /bin/sh
  • Platform Support: All Unix-like systems
  • Documentation: View POSIX Shell Cheatsheet

💻 Development Tools

Section titled “💻 Development Tools”

API Development & Testing

Section titled “API Development & Testing”

Postman

Section titled “Postman”

API development and testing platform

Postman is a collaboration platform for API development. It simplifies each step of building an API and streamlines collaboration so you can create better APIs faster.

Key Features:

  • Request building and testing
  • Collection organization
  • Environment variables
  • Automated testing
  • Mock servers
  • API documentation

Installation:

  • All Platforms: Download from postman.com
  • Package Managers:
    • Windows: winget install Postman.Postman
    • macOS: brew install --cask postman
    • Linux: sudo snap install postman

Insomnia

Section titled “Insomnia”

REST and GraphQL API client

Insomnia is a powerful REST API client with cookie management, environment variables, code generation, and authentication for Mac, Windows, and Linux.

Key Features:

  • GraphQL support
  • Environment management
  • Code generation
  • Plugin system
  • Team collaboration
  • Request chaining

Installation:

  • All Platforms: Download from insomnia.rest
  • Package Managers:
    • Windows: winget install Insomnia.Insomnia
    • macOS: brew install --cask insomnia
    • Linux: sudo snap install insomnia

AI Development Tools

Section titled “AI Development Tools”

Amazon Q

Section titled “Amazon Q”

AWS’s AI-powered coding assistant

Amazon Q is AWS’s AI-powered coding assistant that provides intelligent code suggestions, security scanning, and application modernization capabilities. It integrates with popular IDEs and AWS services to enhance developer productivity.

Key Features:

  • Context-aware code generation
  • Security vulnerability detection
  • Application modernization
  • Multi-language support
  • AWS service integration
  • Real-time code analysis

Installation:

  • VS Code: Install Amazon Q extension from marketplace
  • JetBrains IDEs: Install via plugin repository
  • AWS CLI: Integrated with AWS CLI v2
  • Documentation: View Amazon Q Cheatsheet

Claude

Section titled “Claude”

Anthropic’s AI assistant for code and technical writing

Claude is Anthropic’s AI assistant designed to be helpful, harmless, and honest. It excels at code generation, analysis, debugging, and technical writing with support for multiple programming languages.

Key Features:

  • Advanced code generation
  • Code analysis and review
  • Debugging assistance
  • Technical documentation
  • Multi-turn conversations
  • Large context window

Installation:

  • Web Interface: Access at claude.ai
  • API Integration: Install Anthropic SDK
  • IDE Extensions: Cline for VS Code
  • Documentation: View Claude Cheatsheet

CodeWhisperer

Section titled “CodeWhisperer”

Amazon’s AI code completion service

Amazon CodeWhisperer is AWS’s AI-powered code completion service that provides intelligent code suggestions in real-time. It analyzes your code and comments to generate contextually relevant recommendations.

Key Features:

  • Real-time code completion
  • Comment-to-code generation
  • Security vulnerability scanning
  • Multi-language support
  • IDE integration
  • Free tier available

Installation:

  • VS Code: Install AWS Toolkit extension
  • JetBrains IDEs: Install AWS Toolkit plugin
  • Command Line: Install CodeWhisperer CLI
  • Documentation: View CodeWhisperer Cheatsheet

Code Search & Navigation

Section titled “Code Search & Navigation”

Sourcegraph

Section titled “Sourcegraph”

Universal code search and navigation platform

Sourcegraph is a universal code search and navigation platform that helps developers understand, fix, and automate changes across their entire codebase with semantic code search and cross-repository navigation.

Key Features:

  • Universal code search
  • Cross-repository navigation
  • Code intelligence
  • Batch changes
  • Code monitoring
  • Multi-language support

Installation:

  • Cloud Service: Access at sourcegraph.com
  • Self-hosted: Docker or Kubernetes deployment
  • Browser Extension: Chrome/Firefox extensions
  • Documentation: View Sourcegraph Cheatsheet

Development Environments

Section titled “Development Environments”

CodeSandbox

Section titled “CodeSandbox”

Cloud-based development environment

CodeSandbox is a cloud-based development environment that enables instant web development in the browser with support for modern frameworks, real-time collaboration, and seamless deployment capabilities.

Key Features:

  • Browser-based IDE
  • Real-time collaboration
  • Framework templates
  • Live preview
  • GitHub integration
  • Instant deployment

Installation:

  • Web Interface: Access at codesandbox.io
  • No download required: Works entirely in browser
  • GitHub Integration: Import repositories directly
  • Documentation: View CodeSandbox Cheatsheet

Retool

Section titled “Retool”

Low-code platform for building internal tools

Retool is a low-code platform for building internal tools quickly by connecting to databases, APIs, and services through a drag-and-drop interface combined with JavaScript code.

Key Features:

  • Drag-and-drop interface builder
  • Database and API integrations
  • Custom JavaScript code
  • Component library
  • Team collaboration
  • Version control

Installation:

  • Cloud Service: Access at retool.com
  • Self-hosted: Docker deployment available
  • Enterprise: On-premises installation
  • Documentation: View Retool Cheatsheet

Documentation & Reference

Section titled “Documentation & Reference”

DevDocs

Section titled “DevDocs”

Fast, offline-capable API documentation browser

DevDocs is a fast, offline-capable API documentation browser that combines multiple developer references into a single, searchable interface with powerful search capabilities.

Key Features:

  • Offline documentation access
  • Multiple language support
  • Fast search functionality
  • Clean, unified interface
  • Keyboard shortcuts
  • Open source

Installation:

  • Web Interface: Access at devdocs.io
  • Desktop Apps: Unofficial apps available
  • Self-hosted: Clone from GitHub
  • Documentation: View DevDocs Cheatsheet

Design & Diagramming

Section titled “Design & Diagramming”

Excalidraw

Section titled “Excalidraw”

Virtual collaborative whiteboard tool

Excalidraw is a virtual collaborative whiteboard tool that lets you easily sketch diagrams with a hand-drawn feel, perfect for wireframing, brainstorming, and system design.

Key Features:

  • Hand-drawn style diagrams
  • Real-time collaboration
  • No account required
  • Export capabilities
  • Library of shapes
  • Open source

Installation:

  • Web Interface: Access at excalidraw.com
  • VS Code Extension: Install from marketplace
  • Self-hosted: Deploy from GitHub
  • Documentation: View Excalidraw Cheatsheet

Containerization

Section titled “Containerization”

Docker

Section titled “Docker”

Container platform for building, sharing, and running applications

Docker is a set of platform as a service products that use OS-level virtualization to deliver software in packages called containers.

Key Features:

  • Application containerization
  • Image management
  • Container orchestration
  • Multi-platform support
  • Registry integration
  • Development environment consistency

Installation:

Docker Desktop

Section titled “Docker Desktop”

GUI application for Docker

Docker Desktop is an easy-to-install application that enables you to build and share containerized applications and microservices.

Key Features:

  • Visual container management
  • Kubernetes integration
  • Volume management
  • Network configuration
  • Extension marketplace
  • Resource monitoring

Installation:

Programming Languages & Compilers

Section titled “Programming Languages & Compilers”

Python

Section titled “Python”

High-level programming language

Python is an interpreted, high-level and general-purpose programming language. Python’s design philosophy emphasizes code readability with its notable use of significant whitespace.

Key Features:

  • Easy to learn and use
  • Extensive standard library
  • Cross-platform compatibility
  • Large ecosystem of packages
  • Multiple programming paradigms
  • Strong community support

Installation:

JavaScript

Section titled “JavaScript”

Programming language of the web

JavaScript is a programming language that conforms to the ECMAScript specification. JavaScript is high-level, often just-in-time compiled, and multi-paradigm.

Key Features:

  • Dynamic typing
  • First-class functions
  • Prototype-based object-orientation
  • Event-driven programming
  • Asynchronous programming
  • Extensive ecosystem (npm)

Installation:

GCC

Section titled “GCC”

GNU Compiler Collection

GCC is a compiler system produced by the GNU Project supporting various programming languages. GCC is a key component of the GNU toolchain and the standard compiler for most projects related to GNU and Linux.

Key Features:

  • Multiple language support (C, C++, Fortran, etc.)
  • Cross-platform compilation
  • Optimization capabilities
  • Standards compliance
  • Extensive target architecture support
  • Free and open source

Installation:

  • Official Website: https://gcc.gnu.org/
  • Package Managers:
    • Ubuntu/Debian: sudo apt install gcc
    • Fedora: sudo dnf install gcc
    • macOS: brew install gcc
    • Windows: Available via MinGW or WSL
  • Documentation: View GCC Cheatsheet

Clang

Section titled “Clang”

C language family frontend for LLVM

Clang is a compiler front end for the C, C++, Objective-C, and Objective-C++ programming languages, as well as the OpenMP, OpenCL, RenderScript, CUDA, and HIP frameworks.

Key Features:

  • Fast compilation
  • Excellent diagnostics
  • Static analysis
  • Cross-platform support
  • LLVM backend
  • Standards compliance

Installation:

ARM Assembly

Section titled “ARM Assembly”

Assembly language for ARM processors

ARM assembly language is a low-level programming language for ARM processors. It provides direct control over the processor and is used for system programming, embedded development, and performance-critical applications.

Key Features:

  • Direct hardware control
  • Minimal overhead
  • Precise timing control
  • Embedded systems programming
  • Performance optimization
  • Hardware-specific instructions

Installation:

  • Assembler: Part of ARM development tools
  • Cross-compilation: Available via GCC ARM toolchain
  • Simulators: QEMU, ARM Development Studio
  • Documentation: View ARM Assembly Cheatsheet

AArch64 Assembly

Section titled “AArch64 Assembly”

Assembly language for 64-bit ARM processors

AArch64 is the 64-bit execution state of the ARM architecture. AArch64 assembly provides access to the full 64-bit instruction set and register file of modern ARM processors.

Key Features:

  • 64-bit instruction set
  • Large register file
  • Advanced SIMD instructions
  • Cryptographic extensions
  • Virtualization support
  • Performance optimization

Installation:

  • Toolchain: ARM64 GCC toolchain
  • Cross-compilation: Available via standard distributions
  • Simulators: QEMU, ARM Fast Models
  • Documentation: View AArch64 Assembly Cheatsheet

MIPS Assembly

Section titled “MIPS Assembly”

Assembly language for MIPS processors

MIPS assembly language is used to program MIPS processors, which are commonly used in embedded systems, routers, and educational settings for teaching computer architecture.

Key Features:

  • RISC architecture
  • Load/store operations
  • Pipeline-friendly design
  • Educational value
  • Embedded systems use
  • Simple instruction set

Installation:

  • Toolchain: MIPS GCC cross-compiler
  • Simulators: SPIM, MARS, QtSpim
  • Package Managers:
    • Ubuntu/Debian: sudo apt install gcc-mips-linux-gnu
  • Documentation: View MIPS Assembly Cheatsheet

RISC-V Assembly

Section titled “RISC-V Assembly”

Assembly language for RISC-V processors

RISC-V is an open standard instruction set architecture based on established reduced instruction set computer principles. RISC-V assembly provides access to this modern, extensible architecture.

Key Features:

  • Open source ISA
  • Modular design
  • Extensible architecture
  • Academic and commercial use
  • Multiple privilege levels
  • Vector extensions

Installation:

  • Toolchain: RISC-V GNU toolchain
  • Simulators: Spike, QEMU
  • Package Managers:
    • Ubuntu/Debian: sudo apt install gcc-riscv64-linux-gnu
  • Documentation: View RISC-V Assembly Cheatsheet

x86 Assembly

Section titled “x86 Assembly”

Assembly language for x86 processors

x86 assembly language is used to program x86 processors. It provides direct access to the processor’s instruction set and is used for system programming, reverse engineering, and performance optimization.

Key Features:

  • Complex instruction set
  • Variable-length instructions
  • Multiple addressing modes
  • Backward compatibility
  • Extensive instruction set
  • Wide platform support

Installation:

  • Assemblers: NASM, MASM, GAS
  • Package Managers:
    • Ubuntu/Debian: sudo apt install nasm
    • Windows: MASM (Visual Studio)
    • macOS: brew install nasm
  • Documentation: View x86 Assembly Cheatsheet

x86-64 Assembly

Section titled “x86-64 Assembly”

Assembly language for 64-bit x86 processors

x86-64 assembly language extends x86 assembly to 64-bit processors, providing access to additional registers, addressing modes, and instructions available in 64-bit mode.

Key Features:

  • 64-bit addressing
  • Additional registers
  • RIP-relative addressing
  • System call interface
  • Performance optimization
  • Modern instruction extensions

Installation:

  • Assemblers: NASM, GAS, YASM
  • Package Managers:
    • Ubuntu/Debian: sudo apt install nasm
    • Windows: MASM64 (Visual Studio)
    • macOS: brew install nasm
  • Documentation: View x86-64 Assembly Cheatsheet

🎨 Design & UI/UX Tools

Section titled “🎨 Design & UI/UX Tools”

Design Platforms

Section titled “Design Platforms”

Figma

Section titled “Figma”

Collaborative design platform

Figma is a vector graphics editor and prototyping tool which is primarily web-based, with additional offline features enabled by desktop applications.

Key Features:

  • Real-time collaboration
  • Vector editing tools
  • Prototyping capabilities
  • Component systems
  • Design systems
  • Developer handoff

Installation:

  • Web: Access at figma.com
  • Desktop Apps:
    • Windows/macOS: Download from figma.com/downloads
    • Package Managers:
      • Windows: winget install Figma.Figma
      • macOS: brew install --cask figma

Sketch

Section titled “Sketch”

macOS design tool for digital products

Sketch is a vector graphics editor for macOS developed by the Dutch company Bohemian Coding. It was first released in 2010 and won an Apple Design Award in 2012.

Key Features:

  • Vector editing
  • Symbol libraries
  • Artboard management
  • Plugin ecosystem
  • Prototyping
  • Design handoff

Installation:

  • macOS Only: Download from sketch.com
  • Package Manager: brew install --cask sketch
  • Note: Requires macOS 10.15 or later

Image Editing

Section titled “Image Editing”

GIMP

Section titled “GIMP”

Free and open-source image editor

GIMP (GNU Image Manipulation Program) is a free and open-source raster graphics editor used for image manipulation and image editing, free-form drawing, transcoding between different image file formats, and more specialized tasks.

Key Features:

  • Photo retouching
  • Hardware support
  • File format support
  • Customizable interface
  • Plugin system
  • Scripting capabilities

Installation:

  • All Platforms: Download from gimp.org
  • Package Managers:
    • Windows: winget install GIMP.GIMP
    • macOS: brew install --cask gimp
    • Linux: sudo apt install gimp (Ubuntu/Debian)

📊 Project Management

Section titled “📊 Project Management”

Task Management

Section titled “Task Management”

Jira

Section titled “Jira”

Issue tracking and project management

Jira is a proprietary issue tracking product developed by Atlassian that allows bug tracking and agile project management.

Key Features:

  • Issue tracking
  • Agile boards (Scrum/Kanban)
  • Custom workflows
  • Reporting and analytics
  • Integration ecosystem
  • Team collaboration

Installation:

  • Cloud: Sign up at atlassian.com/software/jira
  • Server: Download from Atlassian (requires license)
  • Mobile Apps: Available on iOS and Android app stores

ClickUp

Section titled “ClickUp”

All-in-one productivity platform

ClickUp is an all-in-one productivity platform that combines project management, task tracking, time management, and team collaboration tools with customizable workflows and multiple project views.

Key Features:

  • Multiple project views (List, Board, Calendar, Gantt)
  • Task management and automation
  • Time tracking and reporting
  • Custom fields and workflows
  • Team collaboration tools
  • Goal tracking and OKRs

Installation:

Linear

Section titled “Linear”

Modern issue tracking and project management

Linear is a modern issue tracking and project management tool designed for high-performance teams, focusing on speed, simplicity, and powerful workflows for engineering teams.

Key Features:

  • Fast issue tracking
  • Keyboard-first interface
  • Git integration
  • Roadmap planning
  • Team cycles and sprints
  • API and automation

Installation:

Trello

Section titled “Trello”

Kanban-style project boards

Trello is a web-based, Kanban-style, list-making application and is a subsidiary of Atlassian. Users can create their task boards with different columns and move the tasks between them.

Key Features:

  • Kanban boards
  • Card-based organization
  • Team collaboration
  • Power-ups and integrations
  • Mobile apps
  • Template library

Installation:

  • Web: Access at trello.com
  • Desktop Apps:
    • Windows: Available in Microsoft Store
    • macOS: Available in Mac App Store
  • Mobile: Available on iOS and Android

Documentation

Section titled “Documentation”

Notion

Section titled “Notion”

All-in-one workspace for notes, tasks, wikis, and databases

Notion is a freemium productivity and note-taking web application developed by Notion Labs Inc. It offers organizational tools including task management, project tracking, to-do lists, bookmarking, and more.

Key Features:

  • Block-based editor
  • Database functionality
  • Template gallery
  • Team collaboration
  • API integration
  • Cross-platform sync

Installation:

  • Web: Access at notion.so
  • Desktop Apps:
    • Windows/macOS: Download from notion.so/desktop
    • Package Managers:
      • Windows: winget install Notion.Notion
      • macOS: brew install --cask notion
  • Mobile: Available on iOS and Android

🔧 Command Line Tools

Section titled “🔧 Command Line Tools”

Databases

Section titled “Databases”

MySQL

Section titled “MySQL”

Open-source relational database management system

MySQL is an open-source relational database management system. Its name is a combination of “My”, the name of co-founder Michael Widenius’s daughter, and “SQL”, the abbreviation for Structured Query Language.

Key Features:

  • ACID compliance
  • Multi-version concurrency control
  • Wide platform support
  • Replication and clustering
  • Full-text indexing
  • Stored procedures and triggers

Installation:

PostgreSQL

Section titled “PostgreSQL”

Advanced open-source relational database

PostgreSQL is a free and open-source relational database management system emphasizing extensibility and SQL compliance. It was originally named POSTGRES, referring to its origins as a successor to the Ingres database.

Key Features:

  • ACID compliance
  • Multi-version concurrency control
  • Extensible type system
  • Advanced indexing
  • Full-text search
  • JSON support

Installation:

MongoDB

Section titled “MongoDB”

Document-oriented NoSQL database

MongoDB is a source-available cross-platform document-oriented database program. Classified as a NoSQL database program, MongoDB uses JSON-like documents with optional schemas.

Key Features:

  • Document-based storage
  • Horizontal scaling
  • Flexible schema
  • Rich query language
  • Aggregation framework
  • GridFS for large files

Installation:

Redis

Section titled “Redis”

In-memory data structure store

Redis is an in-memory data structure store, used as a distributed, in-memory key–value database, cache and message broker, with optional durability.

Key Features:

  • In-memory storage
  • Multiple data structures
  • Pub/Sub messaging
  • Lua scripting
  • Clustering support
  • Persistence options

Installation:

SQLite

Section titled “SQLite”

Self-contained SQL database engine

SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine. SQLite is the most used database engine in the world.

Key Features:

  • Serverless architecture
  • Zero-configuration
  • Cross-platform
  • ACID compliance
  • Small footprint
  • Public domain license

Installation:

System Tools & Utilities

Section titled “System Tools & Utilities”

cURL

Section titled “cURL”

Command-line tool for transferring data

cURL is a computer software project providing a library and command-line tool for transferring data using various network protocols. The name stands for “Client URL”.

Key Features:

  • Multiple protocol support
  • SSL/TLS support
  • HTTP authentication
  • Cookie support
  • Proxy support
  • Cross-platform

Installation:

SSH

Section titled “SSH”

Secure Shell protocol

SSH (Secure Shell) is a cryptographic network protocol for operating network services securely over an unsecured network. Typical applications include remote command-line, login, and remote command execution.

Key Features:

  • Encrypted communication
  • Authentication methods
  • Port forwarding
  • File transfer capabilities
  • Key-based authentication
  • Cross-platform support

Installation:

APT

Section titled “APT”

Advanced Package Tool

APT (Advanced Package Tool) is a free-software user interface that works with core libraries to handle the installation and removal of software on Debian, and Debian-based Linux distributions.

Key Features:

  • Package management
  • Dependency resolution
  • Repository management
  • Security updates
  • Package searching
  • System upgrades

Installation:

DNF/YUM

Section titled “DNF/YUM”

Package managers for Red Hat-based distributions

DNF (Dandified YUM) is the next-generation version of the Yellowdog Updater Modified (YUM), a package manager for RPM-compatible Linux distributions.

Key Features:

  • Package management
  • Dependency resolution
  • Repository management
  • Plugin system
  • Transaction history
  • Performance improvements

Installation:

Pacman

Section titled “Pacman”

Package manager for Arch Linux

Pacman is a package manager for the Arch Linux distribution. It combines a simple binary package format with an easy-to-use build system.

Key Features:

  • Binary package management
  • Build system integration
  • Dependency tracking
  • Package signing
  • Delta compression
  • Simple configuration

Installation:

Homebrew

Section titled “Homebrew”

Package manager for macOS and Linux

Homebrew is a free and open-source software package management system that simplifies the installation of software on Apple’s operating system, macOS, as well as Linux.

Key Features:

  • Simple installation
  • Formula-based packages
  • Cask support for GUI apps
  • Tap system for third-party repositories
  • Automatic dependency management
  • Cross-platform support

Installation:

npm

Section titled “npm”

Node.js package manager

npm is a package manager for the JavaScript programming language maintained by npm, Inc. npm is the default package manager for the JavaScript runtime environment Node.js.

Key Features:

  • Package installation and management
  • Dependency resolution
  • Script running
  • Version management
  • Registry access
  • Security auditing

Installation:

Dig

Section titled “Dig”

DNS lookup tool

Dig (Domain Information Groper) is a network administration command-line tool for querying the Domain Name System (DNS). It is useful for network troubleshooting and for educational purposes.

Key Features:

  • DNS record querying
  • Multiple record type support
  • Batch mode operation
  • Reverse DNS lookups
  • DNSSEC validation
  • Flexible output formats

Installation:

  • Package Managers:
    • Ubuntu/Debian: sudo apt install dnsutils
    • macOS: brew install bind
    • Fedora: sudo dnf install bind-utils
  • Documentation: View Dig Cheatsheet

Ping

Section titled “Ping”

Network connectivity test tool

Ping is a computer network administration software utility used to test the reachability of a host on an Internet Protocol (IP) network.

Key Features:

  • Network connectivity testing
  • Round-trip time measurement
  • Packet loss detection
  • IPv4 and IPv6 support
  • Continuous monitoring
  • Statistics reporting

Installation:

  • Built-in: Pre-installed on most operating systems
  • Platform Support: Windows, macOS, Linux, Unix
  • Documentation: View Ping Cheatsheet

Traceroute

Section titled “Traceroute”

Network path tracing tool

Traceroute is a computer network diagnostic tool for displaying possible routes (paths) and measuring transit delays of packets across an Internet Protocol (IP) network.

Key Features:

  • Network path discovery
  • Hop-by-hop analysis
  • Round-trip time measurement
  • Multiple protocol support
  • Geographic path mapping
  • Network troubleshooting

Installation:

  • Package Managers:
    • Ubuntu/Debian: sudo apt install traceroute
    • macOS: Pre-installed
    • Windows: tracert command built-in
  • Documentation: View Traceroute Cheatsheet

Netstat

Section titled “Netstat”

Network statistics tool

Netstat (network statistics) is a command-line network utility that displays network connections for Transmission Control Protocol, routing tables, and a number of network interface and network protocol statistics.

Key Features:

  • Network connection listing
  • Routing table display
  • Interface statistics
  • Protocol statistics
  • Process identification
  • Port monitoring

Installation:

  • Built-in: Pre-installed on most operating systems
  • Package Managers:
    • Ubuntu/Debian: sudo apt install net-tools
    • Platform Support:** Windows, macOS, Linux, Unix
  • Documentation: View Netstat Cheatsheet

GDB

Section titled “GDB”

GNU Debugger

GDB, the GNU Project debugger, allows you to see what is going on ‘inside’ another program while it executes — or what another program was doing at the moment it crashed.

Key Features:

  • Program debugging
  • Core dump analysis
  • Remote debugging
  • Multi-language support
  • Scripting capabilities
  • Memory analysis

Installation:

Regular Expressions

Section titled “Regular Expressions”

Pattern matching language

Regular expressions (regex) are sequences of characters that define a search pattern. They are commonly used for string matching, validation, and text processing across many programming languages and tools.

Key Features:

  • Pattern matching
  • Text validation
  • Search and replace
  • Data extraction
  • Cross-language support
  • Powerful syntax

Installation:

Cloud Platforms & CLI Tools

Section titled “Cloud Platforms & CLI Tools”

AWS CLI

Section titled “AWS CLI”

Amazon Web Services Command Line Interface

The AWS Command Line Interface (CLI) is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts.

Key Features:

  • Unified AWS service management
  • Scripting and automation
  • Multiple output formats
  • Profile management
  • Cross-platform support
  • IAM integration

Installation:

Azure CLI

Section titled “Azure CLI”

Microsoft Azure Command Line Interface

The Azure CLI is a cross-platform command-line tool to connect to Azure and execute administrative commands on Azure resources. It allows the execution of commands through a terminal using interactive command-line prompts or a script.

Key Features:

  • Cross-platform support
  • Interactive and scripting modes
  • Azure Resource Manager integration
  • Extension support
  • Cloud Shell integration
  • JSON output format

Installation:

Google Cloud CLI

Section titled “Google Cloud CLI”

Google Cloud Platform Command Line Interface

The Google Cloud CLI is a set of tools to create and manage Google Cloud resources. You can use these tools to perform many common platform tasks from the command line or through scripts and other automation.

Key Features:

  • Comprehensive GCP management
  • Authentication integration
  • Configuration management
  • Scripting support
  • Interactive mode
  • Multiple output formats

Installation:

DigitalOcean CLI

Section titled “DigitalOcean CLI”

DigitalOcean Command Line Interface

doctl is the official DigitalOcean command line interface (CLI). Use doctl to interact with the DigitalOcean API via the command line.

Key Features:

  • Complete DigitalOcean API access
  • Resource management
  • Automation support
  • JSON output
  • Configuration profiles
  • Kubernetes integration

Installation:

Heroku CLI

Section titled “Heroku CLI”

Heroku Command Line Interface

The Heroku CLI is used to manage and scale your applications, provision add-ons, view your application logs, and run your application locally.

Key Features:

  • Application management
  • Deployment automation
  • Add-on provisioning
  • Log streaming
  • Local development
  • Pipeline management

Installation:

Firebase CLI

Section titled “Firebase CLI”

Firebase Command Line Interface

The Firebase CLI provides a variety of tools for managing, viewing, and deploying to Firebase projects. It’s the primary tool for local Firebase development and deployment.

Key Features:

  • Project management
  • Local development server
  • Deployment automation
  • Database management
  • Authentication setup
  • Hosting configuration

Installation:

HashiCorp Terraform

Section titled “HashiCorp Terraform”

Infrastructure as Code tool

Terraform is an open-source infrastructure as code software tool created by HashiCorp. Users define and provide data center infrastructure using a declarative configuration language.

Key Features:

  • Infrastructure as Code
  • Multi-cloud support
  • State management
  • Plan and apply workflow
  • Module system
  • Provider ecosystem

Installation:

HashiCorp Vault

Section titled “HashiCorp Vault”

Secrets management tool

Vault is a tool for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, or certificates.

Key Features:

  • Secret storage
  • Dynamic secrets
  • Data encryption
  • Leasing and renewal
  • Revocation
  • Audit logging

Installation:

HashiCorp Consul

Section titled “HashiCorp Consul”

Service discovery and configuration

Consul is a service networking solution to automate network configurations, discover services, and enable secure connectivity across any cloud or runtime.

Key Features:

  • Service discovery
  • Health checking
  • KV store
  • Multi-datacenter
  • Service mesh
  • Network automation

Installation:

HashiCorp Nomad

Section titled “HashiCorp Nomad”

Workload orchestrator

Nomad is a flexible workload orchestrator that enables organizations to deploy and manage any containerized or legacy application using a single, unified workflow.

Key Features:

  • Multi-workload support
  • Multi-region federation
  • Flexible scheduling
  • Device plugins
  • Service discovery integration
  • Web UI

Installation:

HashiCorp Packer

Section titled “HashiCorp Packer”

Machine image builder

Packer is a free and open source tool for creating identical machine images for multiple platforms from a single source configuration.

Key Features:

  • Multi-platform builds
  • Template-based configuration
  • Provisioner support
  • Post-processor plugins
  • Parallel builds
  • Cloud integration

Installation:

HashiCorp Vagrant

Section titled “HashiCorp Vagrant”

Development environment manager

Vagrant is a tool for building and managing virtual machine environments in a single workflow. With an easy-to-use workflow and focus on automation, Vagrant lowers development environment setup time.

Key Features:

  • Virtual machine management
  • Provider support
  • Provisioning automation
  • Networking configuration
  • Synced folders
  • Plugin ecosystem

Installation:

HashiCorp Waypoint

Section titled “HashiCorp Waypoint”

Application deployment platform

Waypoint provides a modern workflow to build, deploy, and release across platforms. Waypoint uses a single configuration file and common workflow to manage deployments across different platforms.

Key Features:

  • Unified workflow
  • Multi-platform deployment
  • GitOps integration
  • URL generation
  • Logs and exec
  • Plugin system

Installation:

Terminal Emulators

Section titled “Terminal Emulators”

iTerm2

Section titled “iTerm2”

macOS terminal replacement

iTerm2 is a replacement for Terminal and the successor to iTerm. It works on Macs with macOS 10.14 or newer. iTerm2 brings the terminal into the modern age with features you never knew you always wanted.

Key Features:

  • Split panes
  • Hotkey window
  • Search functionality
  • Autocomplete
  • Paste history
  • Instant replay

Installation:

Windows Terminal

Section titled “Windows Terminal”

Modern terminal application for Windows

Windows Terminal is a modern, fast, efficient, powerful, and productive terminal application for users of command-line tools and shells like Command Prompt, PowerShell, and WSL.

Key Features:

  • Multiple tabs and panes
  • GPU accelerated text rendering
  • Custom themes and styling
  • Unicode and UTF-8 support
  • Custom key bindings
  • Profile management

Installation:

Shell Enhancement

Section titled “Shell Enhancement”

Oh My Zsh

Section titled “Oh My Zsh”

Framework for managing Zsh configuration

Oh My Zsh is an open source, community-driven framework for managing your Zsh configuration. It comes bundled with thousands of helpful functions, helpers, plugins, themes, and a few things that make you shout.

Key Features:

  • 300+ plugins
  • 140+ themes
  • Auto-update functionality
  • Plugin management
  • Custom configurations
  • Community support

Installation:

Oh My Posh

Section titled “Oh My Posh”

Cross-shell prompt theme engine

Oh My Posh is a custom prompt engine for any shell that has the ability to adjust the prompt string with a function or variable. It provides beautiful and informative prompts across different shells and platforms.

Key Features:

  • Cross-shell support
  • Customizable segments
  • Git integration
  • Performance monitoring
  • Icon support
  • Theme gallery

Installation:

Powerlevel10k

Section titled “Powerlevel10k”

Fast Zsh theme with instant prompt

Powerlevel10k is a theme for Zsh. It emphasizes speed, flexibility and out-of-the-box experience. It’s the most feature-rich and fastest theme available.

Key Features:

  • Instant prompt
  • Extensive customization
  • Git status integration
  • Performance optimized
  • Configuration wizard
  • Icon support

Installation:

Starship

Section titled “Starship”

Cross-shell prompt

Starship is the minimal, blazing-fast, and infinitely customizable prompt for any shell. It shows the information you need, while staying sleek and minimal.

Key Features:

  • Cross-shell compatibility
  • Fast performance
  • Highly customizable
  • Git integration
  • Language detection
  • Minimal configuration

Installation:

Pure

Section titled “Pure”

Minimal and fast Zsh prompt

Pure is a pretty, minimal and fast ZSH prompt. It shows git branch and whether it’s dirty, execution time of the last command if it exceeds the threshold, and an optional timestamp.

Key Features:

  • Minimal design
  • Git integration
  • Execution time display
  • Async updates
  • No dependencies
  • Fast performance

Installation:

AI Tools & Prompting Guides

Section titled “AI Tools & Prompting Guides”

ChatGPT Prompting

Section titled “ChatGPT Prompting”

OpenAI ChatGPT prompting techniques

ChatGPT is a conversational AI model developed by OpenAI. Effective prompting techniques can significantly improve the quality and relevance of responses from ChatGPT across various use cases.

Key Techniques:

  • Clear and specific instructions
  • Role-based prompting
  • Few-shot examples
  • Chain of thought reasoning
  • Context setting
  • Output formatting

Resources:

Claude Prompting

Section titled “Claude Prompting”

Anthropic Claude prompting techniques

Claude is an AI assistant created by Anthropic. It’s designed to be helpful, harmless, and honest. Effective prompting with Claude involves understanding its capabilities and communication style.

Key Techniques:

  • Constitutional AI principles
  • Detailed context provision
  • Step-by-step reasoning
  • Safety considerations
  • Structured conversations
  • Task decomposition

Resources:

Claude Code

Section titled “Claude Code”

Claude for coding assistance

Claude Code refers to using Anthropic’s Claude AI specifically for programming tasks, code review, debugging, and software development assistance.

Key Features:

  • Code generation
  • Bug detection and fixing
  • Code explanation
  • Refactoring suggestions
  • Multiple language support
  • Architecture guidance

Resources:

Gemini Prompting

Section titled “Gemini Prompting”

Google Gemini prompting techniques

Gemini is Google’s family of multimodal large language models. It can process text, images, audio, and video, making it versatile for various prompting scenarios.

Key Techniques:

  • Multimodal prompting
  • Context-aware instructions
  • Creative applications
  • Technical problem solving
  • Image and text combination
  • Structured outputs

Resources:

LLaMA Prompting

Section titled “LLaMA Prompting”

Meta LLaMA model prompting techniques

LLaMA (Large Language Model Meta AI) is a family of foundation language models developed by Meta. Understanding how to effectively prompt LLaMA models is crucial for optimal performance.

Key Techniques:

  • Model-specific formatting
  • Temperature and parameter tuning
  • System prompts
  • Instruction following
  • Fine-tuning considerations
  • Local deployment

Resources:

DeepSeek Prompting

Section titled “DeepSeek Prompting”

DeepSeek AI model prompting techniques

DeepSeek is an AI research company that develops large language models. Their models are known for strong performance in coding and reasoning tasks.

Key Techniques:

  • Code-focused prompting
  • Mathematical reasoning
  • Logical problem solving
  • Multi-step instructions
  • Performance optimization
  • Model-specific features

Resources:

Perplexity Prompting

Section titled “Perplexity Prompting”

Perplexity AI search prompting techniques

Perplexity AI is an AI-powered search engine that provides conversational answers with citations. It combines search capabilities with language model responses.

Key Techniques:

  • Research-focused queries
  • Citation verification
  • Follow-up questions
  • Source evaluation
  • Fact-checking
  • Academic research

Resources:

Qwen Prompting

Section titled “Qwen Prompting”

Alibaba Qwen model prompting techniques

Qwen is a series of large language models developed by Alibaba Cloud. These models are designed for various applications including chat, coding, and multimodal tasks.

Key Techniques:

  • Multilingual prompting
  • Cultural context awareness
  • Technical documentation
  • Code generation
  • Multimodal capabilities
  • Enterprise applications

Resources:

White Rabbit Neo Prompting

Section titled “White Rabbit Neo Prompting”

Advanced prompting techniques and methodologies

White Rabbit Neo represents advanced prompting methodologies and techniques for maximizing AI model performance across various tasks and domains.

Key Techniques:

  • Meta-prompting strategies
  • Advanced reasoning chains
  • Multi-model orchestration
  • Prompt optimization
  • Performance benchmarking
  • Custom methodologies

Resources:

Pydantic AI

Section titled “Pydantic AI”

Type-safe AI framework for Python

Pydantic AI is a Python framework for building type-safe AI applications. It provides structured ways to interact with language models while maintaining data validation and type safety.

Key Features:

  • Type-safe AI interactions
  • Structured data validation
  • Model integration
  • Error handling
  • Performance optimization
  • Production-ready

Installation:

TaskMaster AI

Section titled “TaskMaster AI”

AI task management and automation

TaskMaster AI represents tools and frameworks for managing and automating AI-powered tasks, workflows, and processes in various applications.

Key Features:

  • Task automation
  • Workflow management
  • AI orchestration
  • Performance monitoring
  • Resource optimization
  • Integration capabilities

Resources:

  • Framework Documentation: Various AI task management tools
  • Integration Guides: Platform-specific implementations
  • Best Practices: Task automation methodologies
  • Documentation: View TaskMaster AI Cheatsheet

OpenAI Codex

Section titled “OpenAI Codex”

AI-powered code generation

Codex is an AI system by OpenAI that translates natural language to code. It powers GitHub Copilot and can be used for various programming tasks and code generation.

Key Features:

  • Natural language to code
  • Multiple programming languages
  • Code completion
  • Bug fixing
  • Code explanation
  • API integration

Resources:

🔒 Cybersecurity Tools

Section titled “🔒 Cybersecurity Tools”

Network Discovery & Scanning

Section titled “Network Discovery & Scanning”

ZMap

Section titled “ZMap”

Fast Internet-wide network scanner

ZMap is a fast single packet network scanner designed for Internet-wide network surveys. It can scan the entire IPv4 address space in under 45 minutes on a gigabit network connection.

Key Features:

  • Internet-wide scanning
  • High-speed performance
  • Modular architecture
  • Custom probe modules
  • Output flexibility
  • Research-focused

Installation:

Web Application Security

Section titled “Web Application Security”

Arachni

Section titled “Arachni”

Web application security scanner

Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of modern web applications.

Key Features:

  • High-performance scanning
  • Modular architecture
  • REST API
  • Web UI
  • Distributed scanning
  • Comprehensive reporting

Installation:

Digital Forensics & Memory Analysis

Section titled “Digital Forensics & Memory Analysis”

Volatility

Section titled “Volatility”

Advanced memory forensics framework

Volatility is an open source memory forensics framework for incident response and malware analysis. It provides a collection of tools for the extraction of digital artifacts from volatile memory (RAM) samples.

Key Features:

  • Memory dump analysis
  • Process analysis
  • Network artifact extraction
  • Malware detection
  • Timeline analysis
  • Plugin architecture

Installation:

Reverse Engineering

Section titled “Reverse Engineering”

Radare2

Section titled “Radare2”

Reverse engineering framework

Radare2 is a portable reversing framework that can disassemble, analyze, debug, modify and manipulate binary files. It has a set of libraries, tools and plugins to ease reverse engineering tasks.

Key Features:

  • Multi-architecture support
  • Debugger integration
  • Scripting capabilities
  • Graph visualization
  • Hex editor
  • Extensible architecture

Installation:

x64dbg

Section titled “x64dbg”

Windows debugger

x64dbg is an open-source x64/x32 debugger for Windows. It has a comprehensive and familiar, yet new user interface with a focus on debugging and analysis.

Key Features:

  • x64 and x32 support
  • Plugin system
  • Script automation
  • Memory map
  • Call stack analysis
  • Breakpoint management

Installation:

Wireless Security

Section titled “Wireless Security”

Wifite

Section titled “Wifite”

Automated wireless attack tool

Wifite is a tool to audit WEP or WPA encrypted wireless networks. It uses aircrack-ng, pyrit, reaver, tshark tools to perform and automate wireless auditing.

Key Features:

  • Automated attacks
  • Multiple attack methods
  • WEP and WPA support
  • Customizable options
  • Progress monitoring
  • Result reporting

Installation:

Evasion & Obfuscation

Section titled “Evasion & Obfuscation”

Veil

Section titled “Veil”

Payload generation framework

Veil is a tool designed to generate metasploit payloads that bypass common anti-virus solutions. It’s part of the Veil-Framework and focuses on payload generation.

Key Features:

  • AV evasion techniques
  • Multiple payload types
  • Encoding options
  • Custom templates
  • Automation support
  • Framework integration

Installation:

  • GitHub Repository: https://github.com/Veil-Framework/Veil
  • Installation Script: git clone https://github.com/Veil-Framework/Veil.git && cd Veil && ./config/setup.sh
  • Platform Support: Linux (Kali recommended)
  • Dependencies: Wine, Python, various compilers
  • Documentation: View Veil Cheatsheet

Reconnaissance

Section titled “Reconnaissance”

Recon-ng

Section titled “Recon-ng”

Web reconnaissance framework

Recon-ng is a full-featured reconnaissance framework designed with the goal of providing a powerful environment to conduct open source web-based reconnaissance quickly and thoroughly.

Key Features:

  • Modular framework
  • Database integration
  • API integrations
  • Automated workflows
  • Report generation
  • Extensible architecture

Installation:

SearchSploit

Section titled “SearchSploit”

Exploit database search tool

SearchSploit is a command line search tool for Exploit-DB that also allows you to take a copy of Exploit Database with you wherever you go.

Key Features:

  • Offline exploit database
  • Command-line interface
  • Search functionality
  • Exploit copying
  • Regular updates
  • Integration with tools

Installation:

Network Utilities

Section titled “Network Utilities”

Proxychains

Section titled “Proxychains”

Proxy chains tool

Proxychains is a UNIX program, that hooks network-related libc functions in dynamically linked programs via a preloaded DLL and redirects the connections through SOCKS4a/5 or HTTP proxies.

Key Features:

  • Proxy chaining
  • SOCKS and HTTP support
  • DNS resolution control
  • Application hooking
  • Configuration flexibility
  • Anonymity enhancement

Installation:

Responder

Section titled “Responder”

LLMNR, NBT-NS and MDNS poisoner

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.

Key Features:

  • Protocol poisoning
  • Credential harvesting
  • Rogue server functionality
  • Multiple protocol support
  • Hash capture
  • Network analysis

Installation:

Container Security

Section titled “Container Security”

Trivy

Section titled “Trivy”

Container vulnerability scanner

Trivy is a simple and comprehensive vulnerability scanner for containers and other artifacts. It detects vulnerabilities of OS packages and language-specific packages.

Key Features:

  • Container image scanning
  • Filesystem scanning
  • Git repository scanning
  • Kubernetes scanning
  • SBOM generation
  • Policy enforcement

Installation:

Falco

Section titled “Falco”

Runtime security monitoring

Falco is a cloud native runtime security tool that makes it easy to consume kernel events, and enrich those events with information from Kubernetes and the rest of the cloud native stack.

Key Features:

  • Runtime threat detection
  • Kubernetes integration
  • Custom rule engine
  • Real-time monitoring
  • Alert integration
  • Cloud native focus

Installation:

☁️ Cloud Platforms

Section titled “☁️ Cloud Platforms”

Cloud Providers

Section titled “Cloud Providers”

AWS (Amazon Web Services)

Section titled “AWS (Amazon Web Services)”

Comprehensive cloud computing platform

Amazon Web Services is a subsidiary of Amazon providing on-demand cloud computing platforms and APIs to individuals, companies, and governments, on a metered pay-as-you-go basis.

Key Services:

  • EC2 (Compute)
  • S3 (Storage)
  • RDS (Database)
  • Lambda (Serverless)
  • CloudFormation (Infrastructure)
  • IAM (Identity Management)

Getting Started:

Vercel

Section titled “Vercel”

Frontend deployment platform

Vercel is a cloud platform for static sites and Serverless Functions that fits perfectly with your workflow. It enables developers to host Jamstack websites and web services that deploy instantly.

Key Features:

  • Instant deployments
  • Global CDN
  • Serverless functions
  • Preview deployments
  • Custom domains
  • Analytics

Getting Started:

  • Web: Sign up at vercel.com
  • CLI: npm install -g vercel
  • GitHub Integration: Connect repositories for automatic deployments

Netlify

Section titled “Netlify”

Web development platform

Netlify is a San Francisco-based cloud computing company that offers hosting and serverless backend services for web applications and static websites.

Key Features:

  • Continuous deployment
  • Form handling
  • Identity management
  • Edge functions
  • Split testing
  • Analytics

Getting Started:

  • Web: Sign up at netlify.com
  • CLI: npm install -g netlify-cli
  • Git Integration: Connect repositories for automatic deployments

DevOps & GitOps

Section titled “DevOps & GitOps”

ArgoCD

Section titled “ArgoCD”

Declarative GitOps continuous delivery tool for Kubernetes

ArgoCD is a declarative, GitOps continuous delivery tool for Kubernetes that follows the GitOps pattern of using Git repositories as the source of truth for defining the desired application state.

Key Features:

  • GitOps workflow automation
  • Kubernetes-native deployment
  • Multi-cluster management
  • Application synchronization
  • Web UI and CLI
  • RBAC and security

Installation:

  • Kubernetes: kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
  • Helm: helm install argocd argo/argo-cd
  • CLI: Download from GitHub releases
  • Documentation: View ArgoCD Cheatsheet

env0

Section titled “env0”

Infrastructure as Code management platform

env0 is an Infrastructure as Code (IaC) management platform that automates and governs Terraform, Pulumi, CloudFormation, and other IaC tools with collaborative workflows, policy enforcement, and cost management.

Key Features:

  • IaC automation and governance
  • Multi-framework support (Terraform, Pulumi, etc.)
  • Cost management and estimation
  • Policy enforcement
  • Drift detection
  • Collaborative workflows

Installation:

  • Cloud Service: Access at env0.com
  • CLI: npm install -g @env0/cli
  • API Integration: REST API available
  • Documentation: View env0 Cheatsheet

FluxCD

Section titled “FluxCD”

GitOps continuous delivery solution for Kubernetes

FluxCD is a set of continuous and progressive delivery solutions for Kubernetes that are open and extensible, implementing GitOps principles to automatically deploy applications and infrastructure changes from Git repositories.

Key Features:

  • GitOps workflow automation
  • Multi-source support (Git, Helm, OCI)
  • Progressive delivery
  • Multi-tenancy support
  • Notification system
  • Security scanning

Installation:

  • CLI: curl -s https://fluxcd.io/install.sh | sudo bash
  • Bootstrap: flux bootstrap github --owner=USER --repository=REPO
  • Homebrew: brew install fluxcd/tap/flux
  • Documentation: View FluxCD Cheatsheet

Port

Section titled “Port”

Internal Developer Platform and service catalog

Port is an Internal Developer Platform (IDP) that creates a comprehensive developer portal for managing and visualizing your entire software catalog with self-service capabilities and governance standards.

Key Features:

  • Service catalog management
  • Self-service actions
  • Scorecards and standards
  • Data model flexibility
  • Integration ecosystem
  • Developer portal

Installation:

  • Cloud Service: Access at getport.io
  • API Integration: REST API and webhooks
  • CLI Tools: Various integration tools
  • Documentation: View Port Cheatsheet

Mobile Security & Forensics

Section titled “Mobile Security & Forensics”

Frida

Section titled “Frida”

Dynamic instrumentation toolkit

Frida is a dynamic code instrumentation toolkit for developers, reverse-engineers, and security researchers. It lets you inject snippets of JavaScript or your own library into native apps on Windows, macOS, GNU/Linux, iOS, Android, and QNX.

Key Features:

  • Dynamic instrumentation
  • Cross-platform support
  • JavaScript API
  • Real-time analysis
  • Function hooking
  • Memory manipulation

Installation:

MobSF

Section titled “MobSF”

Mobile Security Framework

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Key Features:

  • Static analysis
  • Dynamic analysis
  • Malware analysis
  • API security testing
  • Web interface
  • Report generation

Installation:

Drozer

Section titled “Drozer”

Android security testing framework

Drozer is a security testing framework for Android. It allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps’ IPC endpoints and the underlying OS.

Key Features:

  • Android app testing
  • IPC endpoint analysis
  • Content provider testing
  • Service enumeration
  • Activity testing
  • Vulnerability assessment

Installation:

QARK

Section titled “QARK”

Quick Android Review Kit

QARK (Quick Android Review Kit) is designed to look for several security related Android application vulnerabilities, either in source code or packaged APKs.

Key Features:

  • Static analysis
  • APK analysis
  • Source code review
  • Vulnerability detection
  • Report generation
  • Automated scanning

Installation:

AndroGuard

Section titled “AndroGuard”

Android application analysis platform

AndroGuard is a full python tool to play with Android files. It provides a set of tools to analyze Android applications and the Android platform.

Key Features:

  • APK analysis
  • DEX file analysis
  • Bytecode analysis
  • Control flow graphs
  • Call graphs
  • Signature detection

Installation:

Digital Forensics

Section titled “Digital Forensics”

Autopsy

Section titled “Autopsy”

Digital forensics platform

Autopsy is a digital forensics platform and graphical interface to The Sleuth Kit and other digital forensics tools. It can be used by law enforcement, military, and corporate examiners to investigate what happened on a computer.

Key Features:

  • Timeline analysis
  • Hash filtering
  • Keyword searching
  • Web artifacts
  • Email analysis
  • Registry analysis

Installation:

The Sleuth Kit

Section titled “The Sleuth Kit”

Digital forensics tools

The Sleuth Kit (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data.

Key Features:

  • File system analysis
  • Volume analysis
  • Timeline creation
  • Hash database support
  • Metadata analysis
  • Deleted file recovery

Installation:

OSINT Tools

Section titled “OSINT Tools”

Maltego

Section titled “Maltego”

Link analysis software

Maltego is an open source intelligence (OSINT) and graphical link analysis tool for gathering and connecting information for investigative tasks.

Key Features:

  • Graph-based analysis
  • Data mining
  • Link analysis
  • Transform hub
  • Collaboration features
  • Export capabilities

Installation:

Database Security

Section titled “Database Security”

NoSQLMap

Section titled “NoSQLMap”

NoSQL injection testing tool

NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases and web applications using NoSQL.

Key Features:

  • NoSQL injection testing
  • Multiple database support
  • Automated exploitation
  • Payload generation
  • Vulnerability scanning
  • Report generation

Installation:

Reverse Engineering

Section titled “Reverse Engineering”

Cutter

Section titled “Cutter”

Free and open-source reverse engineering platform

Cutter is a free and open-source reverse engineering platform powered by Rizin. It aims at being an advanced and customizable reverse-engineering platform while keeping the user experience in mind.

Key Features:

  • Graph visualization
  • Decompiler integration
  • Debugger support
  • Plugin system
  • Cross-platform
  • Modern UI

Installation:

Rizin

Section titled “Rizin”

UNIX-like reverse engineering framework

Rizin is a free and open-source reverse engineering framework, providing a complete binary analysis experience with features like disassembler, hexadecimal editor, emulation, binary inspection, debugger, and more.

Key Features:

  • Multi-architecture support
  • Scriptable interface
  • Plugin architecture
  • Emulation capabilities
  • Binary analysis
  • Debugging support

Installation:

🔒 Security Tools

Section titled “🔒 Security Tools”

Password Management

Section titled “Password Management”

1Password

Section titled “1Password”

Password manager and digital vault

1Password is a password manager developed by AgileBits Inc. It provides a place for users to store various passwords, software licenses, and other sensitive information in a virtual vault.

Key Features:

  • Password generation
  • Secure sharing
  • Two-factor authentication
  • Travel mode
  • Watchtower security
  • Cross-platform sync

Installation:

  • All Platforms: Download from 1password.com
  • Package Managers:
    • Windows: winget install AgileBits.1Password
    • macOS: brew install --cask 1password
  • Browser Extensions: Available for all major browsers

Bitwarden

Section titled “Bitwarden”

Open-source password manager

Bitwarden is a freemium open-source password management service that stores sensitive information such as website credentials in an encrypted vault.

Key Features:

  • Open source
  • Cross-platform
  • Secure sharing
  • Two-factor authentication
  • Self-hosting option
  • Free tier available

Installation:

  • All Platforms: Download from bitwarden.com
  • Package Managers:
    • Windows: winget install Bitwarden.Bitwarden
    • macOS: brew install --cask bitwarden
    • Linux: sudo snap install bitwarden

Code Quality & Security Analysis

Section titled “Code Quality & Security Analysis”

Checkov

Section titled “Checkov”

Infrastructure as Code security scanner

Checkov is a static code analysis tool for Infrastructure as Code (IaC) that scans cloud infrastructure provisioned using Terraform, CloudFormation, Kubernetes, Helm, ARM Templates, and Serverless framework.

Key Features:

  • Multi-framework IaC scanning
  • Security misconfiguration detection
  • Compliance policy enforcement
  • CI/CD integration
  • Custom policy creation
  • Remediation guidance

Installation:

  • Python Package: pip install checkov
  • Docker: docker run bridgecrew/checkov
  • Homebrew: brew install checkov
  • Documentation: View Checkov Cheatsheet

Qodana

Section titled “Qodana”

JetBrains’ code quality platform

Qodana is JetBrains’ code quality platform that brings the power of JetBrains IDEs to your CI/CD pipeline with comprehensive static analysis, security scanning, and quality gate enforcement.

Key Features:

  • IDE-quality static analysis
  • Security vulnerability detection
  • Code quality metrics
  • CI/CD integration
  • Multi-language support
  • Quality gate enforcement

Installation:

  • Docker: docker run jetbrains/qodana
  • GitHub Actions: JetBrains Qodana Action
  • CLI Tool: Download from JetBrains
  • Documentation: View Qodana Cheatsheet

SonarCloud

Section titled “SonarCloud”

Cloud-based code quality and security analysis

SonarCloud is a cloud-based code quality and security analysis platform that automatically reviews code for bugs, vulnerabilities, and code smells with seamless CI/CD pipeline integration.

Key Features:

  • Automated code analysis
  • Security vulnerability detection
  • Quality gate enforcement
  • CI/CD integration
  • Pull request analysis
  • Multi-language support

Installation:

  • Cloud Service: Access at sonarcloud.io
  • GitHub Actions: SonarCloud GitHub Action
  • CLI Scanner: Download SonarScanner CLI
  • Documentation: View SonarCloud Cheatsheet

TFSec

Section titled “TFSec”

Terraform security scanner

TFSec is a static analysis security scanner for Terraform code that detects potential security issues in your infrastructure as code before deployment.

Key Features:

  • Terraform-specific security scanning
  • Fast static analysis
  • CI/CD integration
  • Custom rule creation
  • Multiple output formats
  • Remediation guidance

Installation:

  • Binary: Download from GitHub releases
  • Homebrew: brew install tfsec
  • Go Install: go install github.com/aquasecurity/tfsec/cmd/tfsec@latest
  • Documentation: View TFSec Cheatsheet

Web Security & Penetration Testing

Section titled “Web Security & Penetration Testing”

Boofuzz

Section titled “Boofuzz”

Modern network protocol fuzzing framework

Boofuzz is a fork of the Sulley fuzzing framework that provides a comprehensive network protocol fuzzing solution with advanced monitoring and crash detection capabilities.

Key Features:

  • Protocol-aware fuzzing
  • Crash detection and monitoring
  • Web interface for management
  • Extensible architecture
  • Session recording and replay
  • Target monitoring

Installation:

  • Python Package: pip install boofuzz
  • Docker: docker run boofuzz/boofuzz
  • Source: Clone from GitHub
  • Documentation: View Boofuzz Cheatsheet

Dalfox

Section titled “Dalfox”

Fast and powerful XSS scanner

Dalfox is a powerful open-source XSS scanner and utility focused on automation, providing comprehensive XSS detection with context-aware payloads and WAF bypass techniques.

Key Features:

  • Context-aware XSS detection
  • WAF bypass techniques
  • DOM-based XSS analysis
  • Burp Suite integration
  • CI/CD pipeline support
  • Custom payload generation

Installation:

  • Binary: Download from GitHub releases
  • Go Install: go install github.com/hahwul/dalfox/v2@latest
  • Docker: docker run hahwul/dalfox
  • Documentation: View Dalfox Cheatsheet

gf (Gf patterns)

Section titled “gf (Gf patterns)”

Wrapper around grep for bug bounty hunting

gf is a wrapper around grep that allows you to quickly search for patterns in files, particularly useful for finding potential vulnerabilities in source code and web applications.

Key Features:

  • Pre-built vulnerability patterns
  • Custom pattern creation
  • Fast file searching
  • Bug bounty focused
  • Integration with other tools
  • Extensible pattern library

Installation:

  • Go Install: go install github.com/tomnomnom/gf@latest
  • Binary: Download from GitHub releases
  • Pattern Installation: gf -save patterns
  • Documentation: View gf Cheatsheet

JSParser

Section titled “JSParser”

JavaScript endpoint and secret extraction tool

JSParser is a Python tool designed to parse JavaScript files and extract endpoints, secrets, and other sensitive information for security testing and reconnaissance.

Key Features:

  • Endpoint extraction from JS files
  • Secret and API key detection
  • URL and path discovery
  • Batch processing support
  • Integration with other tools
  • Custom pattern matching

Installation:

  • Python Package: pip install jsparser
  • Git Clone: git clone https://github.com/nahamsec/JSParser
  • Docker: Available via Docker Hub
  • Documentation: View JSParser Cheatsheet

Kiterunner

Section titled “Kiterunner”

Fast and modular content discovery tool

Kiterunner is a fast and modular tool designed for content discovery and API endpoint enumeration, excelling at discovering hidden API endpoints through intelligent wordlist-based scanning.

Key Features:

  • Fast multi-threaded scanning
  • API endpoint discovery
  • Custom wordlist support
  • Response analysis and filtering
  • Integration with security tools
  • Comprehensive output formats

Installation:

  • Binary: Download from GitHub releases
  • Docker: docker run assetnote/kiterunner
  • Source: Build from GitHub source
  • Documentation: View Kiterunner Cheatsheet

LinkFinder

Section titled “LinkFinder”

Endpoint discovery through JavaScript files

LinkFinder is a Python script that finds endpoints in JavaScript files, helping security researchers and penetration testers discover hidden API endpoints and sensitive URLs.

Key Features:

  • JavaScript file analysis
  • Endpoint extraction
  • Burp Suite integration
  • Batch processing
  • Custom regex patterns
  • Output formatting options

Installation:

  • Git Clone: git clone https://github.com/GerbenJavado/LinkFinder
  • Python Requirements: pip install -r requirements.txt
  • Burp Extension: Available as Burp Suite extension
  • Documentation: View LinkFinder Cheatsheet

Subzy

Section titled “Subzy”

Subdomain takeover vulnerability detection tool

Subzy is a subdomain takeover vulnerability checker that helps identify subdomains vulnerable to takeover attacks by checking for dangling DNS records and unclaimed services.

Key Features:

  • Subdomain takeover detection
  • Multiple service provider support
  • Fast concurrent checking
  • JSON output format
  • Integration with other tools
  • Custom fingerprint support

Installation:

  • Go Install: go install github.com/LukaSikic/subzy@latest
  • Binary: Download from GitHub releases
  • Docker: docker run lukasikic/subzy
  • Documentation: View Subzy Cheatsheet

Wappalyzer

Section titled “Wappalyzer”

Web technology fingerprinting tool

Wappalyzer is a technology profiler that identifies the technologies used on websites, including content management systems, web frameworks, analytics tools, and more.

Key Features:

  • Technology fingerprinting
  • Browser extension available
  • Command-line interface
  • API access
  • Bulk analysis support
  • Comprehensive technology database

Installation:

  • NPM Package: npm install -g wappalyzer
  • Browser Extension: Available for Chrome, Firefox
  • Docker: docker run wappalyzer/cli
  • Documentation: View Wappalyzer Cheatsheet

whatweb

Section titled “whatweb”

Web technology fingerprinting scanner

whatweb is a web scanner that identifies what websites are running, including web technologies, content management systems, blogging platforms, analytics packages, and more.

Key Features:

  • Aggressive web fingerprinting
  • Plugin-based architecture
  • Multiple output formats
  • Proxy support
  • Custom plugin development
  • Comprehensive technology detection

Installation:

  • Ruby Gem: gem install whatweb
  • Package Manager: apt install whatweb (Debian/Ubuntu)
  • Source: Clone from GitHub
  • Documentation: View whatweb Cheatsheet

XSStrike

Section titled “XSStrike”

Advanced XSS detection and exploitation suite

XSStrike is an advanced XSS detection suite equipped with a powerful fuzzing engine and numerous novel techniques for finding and exploiting XSS vulnerabilities.

Key Features:

  • Advanced XSS detection
  • Context-aware payloads
  • WAF bypass techniques
  • Crawling capabilities
  • DOM-based XSS analysis
  • Exploitation framework

Installation:

  • Git Clone: git clone https://github.com/s0md3v/XSStrike
  • Python Requirements: pip install -r requirements.txt
  • Docker: Available via Docker Hub
  • Documentation: View XSStrike Cheatsheet

Penetration Testing & Security Assessment

Section titled “Penetration Testing & Security Assessment”

ARACNE

Section titled “ARACNE”

LLM-based SSH exploitation agent

ARACNE is an advanced LLM-based autonomous agent specifically designed for targeting SSH services, capable of exploring and exploiting vulnerabilities within Linux shell environments using artificial intelligence.

Key Features:

  • AI-powered exploitation
  • SSH service targeting
  • Autonomous exploration
  • Linux shell exploitation
  • Multi-step attack chains
  • Intelligent vulnerability discovery

Installation:

  • Research Tool: Available through academic channels
  • Requirements: Python 3.8+, LLM API access
  • Documentation: View ARACNE Cheatsheet

Aikido Security

Section titled “Aikido Security”

End-to-end code-to-cloud security platform

Aikido Security provides comprehensive code-to-cloud security with continuous VAPT (Vulnerability Assessment and Penetration Testing) integrated into developer workflows for modern DevSecOps practices.

Key Features:

  • Code-to-cloud security
  • Continuous VAPT
  • Developer workflow integration
  • Real-time vulnerability detection
  • Compliance automation
  • Security posture management

Installation:

  • Cloud Platform: Access at aikido.dev
  • CLI Tool: npm install -g @aikidosec/cli
  • CI/CD Integration: GitHub Actions, GitLab CI
  • Documentation: View Aikido Security Cheatsheet

AutoPentest

Section titled “AutoPentest”

Autonomous GPT-4o pentesting system

AutoPentest is an autonomous black-box penetration testing system powered by GPT-4o and LangChain, capable of executing sophisticated multi-step attack chains without human intervention.

Key Features:

  • GPT-4o powered automation
  • Black-box testing approach
  • Multi-step attack chains
  • LangChain integration
  • Autonomous vulnerability discovery
  • Comprehensive reporting

Installation:

  • Research Platform: Available through security research channels
  • Requirements: OpenAI API access, Python 3.9+
  • Documentation: View AutoPentest Cheatsheet

Intruder

Section titled “Intruder”

Automated vulnerability testing service

Intruder is a cloud-based automated vulnerability scanner that continuously monitors your systems for security weaknesses, providing comprehensive vulnerability management with intelligent prioritization.

Key Features:

  • Automated vulnerability scanning
  • Continuous monitoring
  • Intelligent prioritization
  • Cloud-based platform
  • Compliance reporting
  • Integration capabilities

Installation:

  • Cloud Service: Access at intruder.io
  • API Integration: RESTful API available
  • CI/CD Integration: Jenkins, GitHub Actions
  • Documentation: View Intruder Cheatsheet

Invicti

Section titled “Invicti”

DAST/IAST security analysis platform

Invicti (formerly Netsparker) combines Dynamic Application Security Testing (DAST) and Interactive Application Security Testing (IAST) for comprehensive runtime security analysis during development and production.

Key Features:

  • DAST and IAST capabilities
  • Runtime security analysis
  • False positive reduction
  • CI/CD integration
  • Comprehensive reporting
  • Enterprise scalability

Installation:

  • Enterprise Platform: Contact Invicti for licensing
  • Cloud Service: Available as SaaS
  • On-premises: Enterprise deployment options
  • Documentation: View Invicti Cheatsheet

PlexTrac

Section titled “PlexTrac”

Pentest reporting and issue management platform

PlexTrac is a comprehensive penetration testing reporting and vulnerability management platform that streamlines findings prioritization, remediation workflows, and security program management.

Key Features:

  • Pentest report automation
  • Vulnerability management
  • Remediation tracking
  • Collaboration tools
  • Compliance reporting
  • Integration ecosystem

Installation:

  • Cloud Platform: Access at plextrac.com
  • API Integration: RESTful API available
  • Enterprise Deployment: On-premises options
  • Documentation: View PlexTrac Cheatsheet

PTHelper

Section titled “PTHelper”

AI-powered pentesting orchestration assistant

PTHelper is an open-source modular assistant designed for orchestrating penetration testing steps using AI and automation frameworks, enhancing the efficiency and effectiveness of security assessments.

Key Features:

  • AI-powered orchestration
  • Modular architecture
  • Automation framework integration
  • Pentesting workflow optimization
  • Open-source platform
  • Extensible plugin system

Installation:

  • GitHub: git clone https://github.com/pthelper/pthelper
  • Python Package: pip install pthelper
  • Docker: docker run pthelper/pthelper
  • Documentation: View PTHelper Cheatsheet

OSINT & Intelligence Gathering

Section titled “OSINT & Intelligence Gathering”

1TRACE

Section titled “1TRACE”

Social mapping and relationship analysis platform

1TRACE is an advanced social mapping and relationship analysis platform designed for intelligence gathering, investigation, and surveillance operations with comprehensive social network analysis capabilities.

Key Features:

  • Social network mapping
  • Relationship analysis
  • Behavioral profiling
  • Intelligence gathering
  • Surveillance capabilities
  • Advanced analytics

Installation:

  • Professional License: Contact vendor for licensing
  • Enterprise Platform: On-premises deployment
  • API Access: RESTful API available
  • Documentation: View 1TRACE Cheatsheet

FOCA

Section titled “FOCA”

Metadata analysis and document intelligence tool

FOCA (Fingerprinting Organizations with Collected Archives) is a powerful metadata analysis tool for extracting hidden information from documents and files, specializing in discovering sensitive organizational data.

Key Features:

  • Metadata extraction
  • Document intelligence
  • Network information discovery
  • User profiling
  • Security risk assessment
  • Automated analysis

Installation:

  • Windows Application: Download from GitHub
  • Requirements: .NET Framework 4.5+
  • GitHub: Available at ElevenPaths/FOCA
  • Documentation: View FOCA Cheatsheet

SpiderFoot

Section titled “SpiderFoot”

OSINT automation and reconnaissance tool

SpiderFoot is an open-source intelligence automation tool that performs reconnaissance and information gathering on targets, integrating with over 200 data sources for comprehensive OSINT collection.

Key Features:

  • OSINT automation
  • 200+ data source integration
  • Web interface and CLI
  • Threat intelligence
  • Risk assessment
  • Modular architecture

Installation:

  • Python Package: pip install spiderfoot
  • Docker: docker run spiderfoot/spiderfoot
  • GitHub: git clone https://github.com/smicallef/spiderfoot
  • Documentation: View SpiderFoot Cheatsheet

Productivity & Development Frameworks

Section titled “Productivity & Development Frameworks”

PowerShell

Section titled “PowerShell”

Cross-platform task automation and configuration management framework

PowerShell is a cross-platform task automation solution made up of a command-line shell, a scripting language, and a configuration management framework. PowerShell runs on Windows, Linux, and macOS.

Key Features:

  • Object-oriented pipeline
  • Extensive cmdlet library
  • Remote management
  • Scripting capabilities
  • Cross-platform support
  • Integration with .NET

Installation:

Vim

Section titled “Vim”

Highly configurable text editor

Vim is a highly configurable text editor built to make creating and changing any kind of text very efficient. It is included as “vi” with most UNIX systems and with Apple OS X.

Key Features:

  • Modal editing
  • Extensive customization
  • Plugin ecosystem
  • Keyboard-centric
  • Cross-platform
  • Lightweight

Installation:

Neovim

Section titled “Neovim”

Hyperextensible Vim-based text editor

Neovim is a project that seeks to aggressively refactor Vim in order to simplify maintenance and encourage contributions, split the work between multiple developers, enable advanced UIs, and maximize extensibility.

Key Features:

  • Lua scripting
  • Built-in LSP support
  • Async job control
  • Better plugin architecture
  • Modern terminal features
  • Backward compatibility

Installation:

Emacs

Section titled “Emacs”

Extensible, customizable text editor

GNU Emacs is a free software text editor. It was created by GNU Project founder Richard Stallman. In common with other varieties of Emacs, GNU Emacs is extensible using a Turing complete programming language.

Key Features:

  • Extensible with Lisp
  • Built-in package manager
  • Org mode
  • Multiple buffers
  • Integrated development environment
  • Cross-platform

Installation:

Nano

Section titled “Nano”

Simple text editor

GNU nano is a text editor for Unix-like computing systems or operating environments using a command line interface. It emulates the Pico text editor, part of the Pine email client, and also provides additional functionality.

Key Features:

  • Simple interface
  • Syntax highlighting
  • Search and replace
  • Multiple file buffers
  • Undo/redo
  • Lightweight

Installation:

tmux

Section titled “tmux”

Terminal multiplexer

tmux is a terminal multiplexer. It lets you switch easily between several programs in one terminal, detach them (they keep running in the background) and reattach them to a different terminal.

Key Features:

  • Session management
  • Window splitting
  • Detachable sessions
  • Scriptable
  • Customizable
  • Remote session support

Installation:

Screen

Section titled “Screen”

Terminal multiplexer

GNU Screen is a terminal multiplexer, a software application that can be used to multiplex several virtual consoles, allowing a user to access multiple separate login sessions inside a single terminal window.

Key Features:

  • Session persistence
  • Multiple windows
  • Session sharing
  • Logging capabilities
  • Copy mode
  • Customizable

Installation:

  • Package Managers:
    • Ubuntu/Debian: sudo apt install screen
    • macOS: brew install screen (usually pre-installed)
    • Windows: Available via WSL
  • Documentation: View Screen Cheatsheet

Make

Section titled “Make”

Build automation tool

Make is a build automation tool that automatically builds executable programs and libraries from source code by reading files called Makefiles which specify how to derive the target program.

Key Features:

  • Dependency tracking
  • Incremental builds
  • Cross-platform
  • Rule-based building
  • Variable substitution
  • Pattern rules

Installation:

  • Package Managers:
    • Ubuntu/Debian: sudo apt install make
    • macOS: brew install make (usually pre-installed with Xcode)
    • Windows: Available via MinGW or WSL
  • Documentation: View Make Cheatsheet

CMake

Section titled “CMake”

Cross-platform build system

CMake is a cross-platform free and open-source software tool for managing the build process of software using a compiler-independent method. It supports directory hierarchies and applications that depend on multiple libraries.

Key Features:

  • Cross-platform builds
  • Generator support
  • Dependency management
  • Testing integration
  • Package finding
  • Modern C++ support

Installation:

Gradle

Section titled “Gradle”

Build automation tool

Gradle is a build automation tool for multi-language software development. It controls the development process in the tasks of compilation and packaging to testing, deployment, and publishing.

Key Features:

  • Incremental builds
  • Build cache
  • Dependency management
  • Multi-project builds
  • Plugin ecosystem
  • Kotlin DSL support

Installation:

Maven

Section titled “Maven”

Build automation and project management tool

Apache Maven is a build automation tool used primarily for Java projects. Maven can also be used to build and manage projects written in C#, Ruby, Scala, and other languages.

Key Features:

  • Dependency management
  • Project object model
  • Plugin architecture
  • Repository system
  • Build lifecycle
  • Multi-module projects

Installation:

Ant

Section titled “Ant”

Java-based build tool

Apache Ant is a software tool for automating software build processes. It originally came from the Apache Tomcat project in early 2000 as a replacement for the Make build tool of Unix.

Key Features:

  • XML-based build files
  • Cross-platform
  • Extensible
  • Task-oriented
  • Java integration
  • IDE support

Installation:

SBT

Section titled “SBT”

Scala build tool

sbt is a build tool for Scala, Java, and more. It requires Java 1.8 or later. sbt uses a small number of concepts to support flexible and powerful build definitions.

Key Features:

  • Incremental compilation
  • Interactive shell
  • Scala integration
  • Dependency management
  • Plugin system
  • Multi-project builds

Installation:

Bazel

Section titled “Bazel”

Build and test tool

Bazel is a free software tool for the automation of building and testing of software. The company Google uses the build tool Blaze internally and released an open-sourced port of the Blaze tool as Bazel.

Key Features:

  • Fast incremental builds
  • Multi-language support
  • Scalable
  • Remote execution
  • Hermetic builds
  • Extensible

Installation:

📱 Mobile Development

Section titled “📱 Mobile Development”

Cross-Platform Frameworks

Section titled “Cross-Platform Frameworks”

React Native

Section titled “React Native”

Build mobile apps using React

React Native is an open-source UI software framework created by Meta Platforms, Inc. It is used to develop applications for Android, Android TV, iOS, macOS, tvOS, Web, Windows and UWP.

Key Features:

  • Cross-platform development
  • Hot reloading
  • Native performance
  • Large ecosystem
  • Code sharing with React
  • Strong community

Installation:

Flutter

Section titled “Flutter”

Google’s UI toolkit for building natively compiled applications

Flutter is an open-source UI software development kit created by Google. It is used to develop cross platform applications for Android, iOS, Linux, macOS, Windows, Google Fuchsia, and the web from a single codebase.

Key Features:

  • Single codebase
  • Hot reload
  • Rich widgets
  • Native performance
  • Strong typing (Dart)
  • Google backing

Installation:

Additional Cybersecurity Tools

Section titled “Additional Cybersecurity Tools”

Aircrack-ng

Section titled “Aircrack-ng”

Wireless network security assessment tool suite

Aircrack-ng is a complete suite of tools to assess WiFi network security. It focuses on different areas of WiFi security: monitoring, attacking, testing, and cracking.

Key Features:

  • Packet capture and analysis
  • WEP and WPA/WPA2 cracking
  • Fake access point creation
  • Deauthentication attacks
  • Wireless network monitoring
  • Dictionary and brute force attacks

Installation:

Bettercap

Section titled “Bettercap”

Network attack and monitoring framework

Bettercap is a powerful, easily extensible and portable framework written in Go which aims to offer to security researchers, red teamers and reverse engineers an easy to use, all-in-one solution with all the features they might need for performing reconnaissance and attacking WiFi networks, Bluetooth Low Energy devices, wireless HID devices and Ethernet networks.

Key Features:

  • WiFi networks reconnaissance and attacks
  • Bluetooth Low Energy scanning and fuzzing
  • HID device attacks
  • Network spoofing and MITM
  • Web interface
  • Extensible with modules

Installation:

Hydra

Section titled “Hydra”

Network logon cracker

Hydra is a parallelized login cracker which supports numerous protocols to attack. It is very fast and flexible, and new modules are easy to add. This tool makes it possible for researchers and security consultants to show how easy it would be to gain unauthorized access to a system remotely.

Key Features:

  • Multiple protocol support
  • Parallel processing
  • Dictionary attacks
  • Brute force attacks
  • Modular architecture
  • Cross-platform support

Installation:

Nessus

Section titled “Nessus”

Vulnerability assessment scanner

Nessus is a proprietary vulnerability scanner developed by Tenable, Inc. It is free of charge for personal use in a non-enterprise environment. Nessus is the most deployed vulnerability scanner in the industry.

Key Features:

  • Comprehensive vulnerability scanning
  • Configuration auditing
  • Malware detection
  • Sensitive data discovery
  • Web application scanning
  • Compliance checking

Installation:

Burp Suite

Section titled “Burp Suite”

Web application security testing platform

Burp Suite is a leading range of cybersecurity tools, brought to you by PortSwigger. We believe in giving you the most advanced tools to find more vulnerabilities, faster. Our world-renowned research team’s discoveries feature in Burp Suite to ensure you’re always ahead of the curve.

Key Features:

  • Web application scanning
  • Manual testing tools
  • Proxy functionality
  • Intruder for automated attacks
  • Repeater for request manipulation
  • Extensible with plugins

Installation:

Wireshark

Section titled “Wireshark”

Network protocol analyzer

Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education.

Key Features:

  • Deep inspection of protocols
  • Live capture and offline analysis
  • Rich VoIP analysis
  • Read/write many file formats
  • Coloring rules for analysis
  • Output can be exported to XML, PostScript, CSV, or plain text

Installation:

John the Ripper

Section titled “John the Ripper”

Password cracking tool

John the Ripper is a free password cracking software tool. Originally developed for the Unix operating system, it can run on fifteen different platforms. It is among the most frequently used password testing and breaking programs as it combines a number of password crackers into one package.

Key Features:

  • Multiple hash format support
  • Dictionary attacks
  • Brute force attacks
  • Hybrid attacks
  • Distributed cracking
  • Custom rules

Installation:

Hashcat

Section titled “Hashcat”

Advanced password recovery tool

Hashcat is the world’s fastest and most advanced password recovery utility, supporting five unique modes of attack for over 300 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and macOS.

Key Features:

  • GPU acceleration
  • Multiple attack modes
  • 300+ hash algorithms
  • Distributed cracking
  • Rule-based attacks
  • Mask attacks

Installation:

Metasploit

Section titled “Metasploit”

Penetration testing framework

The Metasploit Framework is a Ruby-based, modular penetration testing platform that enables you to write, test, and execute exploit code. The Metasploit Framework contains a suite of tools that you can use to test security vulnerabilities, enumerate networks, execute attacks, and evade detection.

Key Features:

  • Exploit development and execution
  • Payload generation
  • Post-exploitation modules
  • Auxiliary modules
  • Evasion techniques
  • Extensive database

Installation:

Nmap

Section titled “Nmap”

Network discovery and security auditing tool

Nmap (“Network Mapper”) is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

Key Features:

  • Host discovery
  • Port scanning
  • Service detection
  • OS detection
  • Scriptable interaction
  • Stealth scanning

Installation:

SQLMap

Section titled “SQLMap”

Automatic SQL injection and database takeover tool

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.

Key Features:

  • Automatic SQL injection detection
  • Database fingerprinting
  • Data extraction
  • File system access
  • Operating system takeover
  • Out-of-band connections

Installation:

OWASP ZAP

Section titled “OWASP ZAP”

Web application security scanner

The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by a dedicated international team of volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications.

Key Features:

  • Automated scanning
  • Manual testing tools
  • Passive scanning
  • Active scanning
  • API testing
  • Authentication support

Installation:

This tools directory provides comprehensive information about essential development tools, including installation instructions and key features. Each tool entry includes direct links to official websites and package manager commands for easy installation across different operating systems.

🔒 Cybersecurity Tools

Section titled “🔒 Cybersecurity Tools”

Command & Control (C2) Frameworks

Section titled “Command & Control (C2) Frameworks”

VSagent

Section titled “VSagent”

C2 framework that hides traffic in VIEWSTATE parameters

VSagent is a specialized command and control framework that disguises malicious traffic by embedding it within ASP.NET VIEWSTATE parameters, making detection significantly more challenging for traditional security monitoring tools.

Key Features:

  • VIEWSTATE parameter obfuscation
  • Web application traffic mimicry
  • Stealth communication channels
  • Custom payload encoding
  • Anti-detection mechanisms
  • Lightweight footprint

Installation:

Ares RAT

Section titled “Ares RAT”

Python-based remote access tool with web interface

Ares RAT is a comprehensive remote access tool built in Python that provides a web-based interface for managing compromised systems, offering both ease of use and powerful post-exploitation capabilities.

Key Features:

  • Web-based management interface
  • Cross-platform compatibility
  • File system manipulation
  • Screen capture capabilities
  • Keylogging functionality
  • Network reconnaissance

Installation:

Active Directory & Windows Tools

Section titled “Active Directory & Windows Tools”

SharpUp

Section titled “SharpUp”

C# port of PowerUp for privilege escalation enumeration

SharpUp is a C# implementation of PowerUp that performs comprehensive privilege escalation checks on Windows systems, identifying potential vectors for elevating privileges in Active Directory environments.

Key Features:

  • Comprehensive privilege escalation checks
  • Service enumeration and analysis
  • Registry vulnerability detection
  • File permission auditing
  • Scheduled task analysis
  • .NET framework integration

Installation:

Mobile Security Tools

Section titled “Mobile Security Tools”

Objection

Section titled “Objection”

Runtime mobile exploration toolkit powered by Frida

Objection is a runtime mobile exploration toolkit that leverages Frida to provide comprehensive security testing capabilities for iOS and Android applications during dynamic analysis.

Key Features:

  • Runtime application manipulation
  • SSL pinning bypass
  • Method hooking and tracing
  • File system exploration
  • Memory dumping
  • API interaction monitoring

Installation:

Evasion & Obfuscation Tools

Section titled “Evasion & Obfuscation Tools”

Shellter

Section titled “Shellter”

Dynamic shellcode injection tool

Shellter is a dynamic shellcode injection tool, and the first truly dynamic PE infector ever created. It can be used in order to inject shellcode into native Windows applications (currently 32-bit applications only).

Key Features:

  • Dynamic PE infection
  • Shellcode injection
  • Anti-virus evasion
  • Steganographic encoding
  • Polymorphic code generation
  • Automatic mode operation

Installation:

Network Security Tools

Section titled “Network Security Tools”

RustScan

Section titled “RustScan”

Modern port scanner

RustScan is a modern take on the port scanner. Faster, smarter, more efficient. RustScan uses modern async/await syntax to make it blazingly fast.

Key Features:

  • Ultra-fast scanning
  • Adaptive learning
  • Custom scripting
  • Nmap integration
  • IPv6 support
  • JSON output

Installation:

Reaver

Section titled “Reaver”

WPS brute force attack tool

Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases, as described in http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf.

Key Features:

  • WPS PIN brute forcing
  • WPA/WPA2 passphrase recovery
  • Pixie dust attacks
  • Session management
  • Progress tracking
  • Multiple interface support

Installation:

WifiForge

Section titled “WifiForge”

WiFi security testing framework

WifiForge is a comprehensive WiFi security testing framework that provides tools for wireless network assessment, penetration testing, and security analysis.

Key Features:

  • Wireless network discovery
  • Security assessment tools
  • Attack automation
  • Report generation
  • Multiple attack vectors
  • Framework integration

Installation:

Sguil

Section titled “Sguil”

Network security monitoring platform

Sguil (pronounced sgweel) is built by network security analysts for network security analysts. Sguil’s main component is an intuitive GUI that provides access to realtime events, session data, and raw packet captures.

Key Features:

  • Real-time event monitoring
  • Packet capture analysis
  • Alert management
  • Session reconstruction
  • Database integration
  • Multi-sensor support

Installation:

Squert

Section titled “Squert”

Web application for browsing Sguil events

Squert is a web application that is used to query and view event data stored in a Sguil database (typically IDS alert data). Squert is a visual tool that attempts to provide additional context to events through the use of metadata, time series representations and weighted and logically grouped result sets.

Key Features:

  • Web-based interface
  • Event visualization
  • Time series analysis
  • Metadata correlation
  • Search capabilities
  • Export functionality

Installation:

Snorby

Section titled “Snorby”

Ruby on Rails web application for network security monitoring

Snorby is a ruby on rails web application for network security monitoring that interfaces with current popular intrusion detection systems (Snort, Suricata and other NSM tools).

Key Features:

  • Web-based dashboard
  • Alert management
  • Reporting capabilities
  • User management
  • Plugin architecture
  • Multi-sensor support

Installation:

Cloud Security Tools

Section titled “Cloud Security Tools”

CloudMapper

Section titled “CloudMapper”

AWS security assessment tool

CloudMapper helps you analyze your Amazon Web Services (AWS) environments. The original purpose was to generate network diagrams and display them in your browser. It now contains much more functionality, including auditing for security issues.

Key Features:

  • AWS environment mapping
  • Security assessment
  • Network visualization
  • Compliance checking
  • Resource inventory
  • Risk analysis

Installation:

Docker Bench

Section titled “Docker Bench”

Docker security benchmark script

The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production. The tests are all automated, and are inspired by the CIS Docker Benchmark v1.2.0.

Key Features:

  • Security benchmark testing
  • CIS compliance checking
  • Automated assessment
  • Detailed reporting
  • Best practice validation
  • Container security analysis

Installation:

  • GitHub Repository: https://github.com/docker/docker-bench-security
  • Docker: docker run -it --net host --pid host --userns host --cap-add audit_control -e DOCKER_CONTENT_TRUST=$DOCKER_CONTENT_TRUST -v /etc:/etc:ro -v /usr/bin/containerd:/usr/bin/containerd:ro -v /usr/bin/runc:/usr/bin/runc:ro -v /usr/lib/systemd:/usr/lib/systemd:ro -v /var/lib:/var/lib:ro -v /var/run/docker.sock:/var/run/docker.sock:ro --label docker_bench_security docker/docker-bench-security
  • Documentation: View Docker Bench Cheatsheet

Kube-hunter

Section titled “Kube-hunter”

Kubernetes security testing tool

kube-hunter hunts for security weaknesses in Kubernetes clusters. The tool was developed to increase awareness and visibility for security issues in Kubernetes environments.

Key Features:

  • Kubernetes security scanning
  • Vulnerability detection
  • Network reconnaissance
  • Privilege escalation testing
  • Configuration assessment
  • Automated reporting

Installation:

Additional Development & System Tools

Section titled “Additional Development & System Tools”

Git

Section titled “Git”

Distributed version control system

Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency.

Key Features:

  • Distributed version control
  • Branching and merging
  • Data integrity
  • Speed and performance
  • Staging area
  • Free and open source

Installation:

Docker

Section titled “Docker”

Containerization platform

Docker is a set of platform as a service products that use OS-level virtualization to deliver software in packages called containers.

Key Features:

  • Application containerization
  • Image management
  • Container orchestration
  • Cross-platform support
  • Resource isolation
  • Microservices architecture

Installation:

cURL

Section titled “cURL”

Command line tool for transferring data

cURL is a computer software project providing a library and command-line tool for transferring data using various network protocols.

Key Features:

  • Multiple protocol support
  • HTTP/HTTPS requests
  • File transfer capabilities
  • Authentication support
  • Proxy support
  • SSL/TLS support

Installation:

SSH

Section titled “SSH”

Secure Shell protocol

SSH (Secure Shell) is a cryptographic network protocol for operating network services securely over an unsecured network.

Key Features:

  • Secure remote access
  • Encrypted communication
  • Key-based authentication
  • Port forwarding
  • File transfer capabilities
  • Cross-platform support

Installation:

  • Package Managers:
    • Ubuntu/Debian: sudo apt install openssh-client openssh-server
    • macOS: Pre-installed
    • Windows: Available via OpenSSH or PuTTY
  • Documentation: View SSH Cheatsheet

APT

Section titled “APT”

Advanced Package Tool

APT (Advanced Package Tool) is a free-software user interface that works with core libraries to handle the installation and removal of software on Debian and Debian-based Linux distributions.

Key Features:

  • Package management
  • Dependency resolution
  • Repository management
  • Security updates
  • System maintenance
  • Command-line interface

Installation:

  • Platform Support: Debian, Ubuntu, and derivatives
  • Pre-installed: Usually comes with Debian-based systems
  • Documentation: View APT Cheatsheet

Homebrew

Section titled “Homebrew”

Package manager for macOS and Linux

Homebrew is a free and open-source software package management system that simplifies the installation of software on Apple’s operating system, macOS, as well as Linux.

Key Features:

  • Package management
  • Formula system
  • Cask support for GUI applications
  • Tap repositories
  • Cross-platform support
  • Community-driven

Installation:

npm

Section titled “npm”

Node.js package manager

npm is a package manager for the JavaScript programming language maintained by npm, Inc. npm is the default package manager for the JavaScript runtime environment Node.js.

Key Features:

  • Package management
  • Dependency resolution
  • Script running
  • Version management
  • Registry access
  • CLI tools

Installation:

GDB

Section titled “GDB”

GNU Debugger

GDB, the GNU Project debugger, allows you to see what is going on ‘inside’ another program while it executes — or what another program was doing at the moment it crashed.

Key Features:

  • Program debugging
  • Breakpoint management
  • Memory inspection
  • Stack trace analysis
  • Variable examination
  • Remote debugging

Installation:

Dig

Section titled “Dig”

DNS lookup tool

dig (domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried.

Key Features:

  • DNS query tool
  • Multiple record types
  • Batch mode operation
  • Reverse lookups
  • Trace functionality
  • Output formatting

Installation:

  • Package Managers:
    • Ubuntu/Debian: sudo apt install dnsutils
    • macOS: brew install bind (usually pre-installed)
    • Windows: Available via WSL or third-party tools
  • Documentation: View Dig Cheatsheet

Ping

Section titled “Ping”

Network connectivity testing tool

Ping is a computer network administration software utility used to test the reachability of a host on an Internet Protocol network.

Key Features:

  • Network connectivity testing
  • Round-trip time measurement
  • Packet loss detection
  • IPv4 and IPv6 support
  • Continuous monitoring
  • Statistics reporting

Installation:

Traceroute

Section titled “Traceroute”

Network path tracing tool

Traceroute is a computer network diagnostic tool for displaying possible routes (paths) and measuring transit delays of packets across an Internet Protocol network.

Key Features:

  • Network path tracing
  • Hop-by-hop analysis
  • Latency measurement
  • Route discovery
  • Network troubleshooting
  • Multiple protocols

Installation:

  • Package Managers:
    • Ubuntu/Debian: sudo apt install traceroute
    • macOS: Pre-installed
    • Windows: tracert command available
  • Documentation: View Traceroute Cheatsheet

Netstat

Section titled “Netstat”

Network statistics tool

Netstat is a command-line network utility that displays network connections for Transmission Control Protocol, routing tables, and a number of network interface and network protocol statistics.

Key Features:

  • Network connection monitoring
  • Port status checking
  • Routing table display
  • Interface statistics
  • Protocol statistics
  • Process identification

Installation:

  • Pre-installed: Available on most operating systems
  • Package Managers:
    • Ubuntu/Debian: sudo apt install net-tools
    • macOS: Pre-installed
    • Windows: Pre-installed
  • Documentation: View Netstat Cheatsheet

Regular Expressions

Section titled “Regular Expressions”

Pattern matching language

Regular expressions (regex) are sequences of characters that define a search pattern. Usually such patterns are used by string-searching algorithms for “find” or “find and replace” operations on strings.

Key Features:

  • Pattern matching
  • Text processing
  • Search and replace
  • Data validation
  • Text extraction
  • Cross-language support

Resources:

Final Batch of Specialized Tools

Section titled “Final Batch of Specialized Tools”

Python

Section titled “Python”

High-level programming language

Python is an interpreted, high-level and general-purpose programming language. Python’s design philosophy emphasizes code readability with its notable use of significant whitespace.

Key Features:

  • Easy to learn and use
  • Extensive standard library
  • Cross-platform compatibility
  • Large ecosystem of packages
  • Multiple programming paradigms
  • Strong community support

Installation:

JavaScript

Section titled “JavaScript”

Programming language for web development

JavaScript is a programming language that conforms to the ECMAScript specification. JavaScript is high-level, often just-in-time compiled, and multi-paradigm.

Key Features:

  • Client-side and server-side development
  • Dynamic typing
  • First-class functions
  • Prototype-based object-orientation
  • Event-driven programming
  • Extensive ecosystem

Resources:

Bash

Section titled “Bash”

Unix shell and command language

Bash is a Unix shell and command language written by Brian Fox for the GNU Project as a free software replacement for the Bourne shell.

Key Features:

  • Command-line interface
  • Scripting capabilities
  • Job control
  • Command history
  • Tab completion
  • Alias support

Installation:

  • Pre-installed: Available on most Unix-like systems
  • Package Managers:
    • Ubuntu/Debian: Usually pre-installed
    • macOS: Pre-installed
    • Windows: Available via WSL or Git Bash
  • Documentation: View Bash Cheatsheet

Fish

Section titled “Fish”

Smart and user-friendly command line shell

Fish is a smart and user-friendly command line shell for Linux, macOS, and the rest of the family. Fish includes features like syntax highlighting, autosuggestions, and tab completions that just work.

Key Features:

  • Syntax highlighting
  • Autosuggestions
  • Tab completions
  • Web-based configuration
  • Scripting capabilities
  • User-friendly design

Installation:

Zsh

Section titled “Zsh”

Extended Bourne shell

Zsh is an extended Bourne shell with many improvements, including some features of Bash, ksh, and tcsh. It’s designed to be interactive and incorporates many useful features.

Key Features:

  • Advanced tab completion
  • Spelling correction
  • Theme support
  • Plugin system
  • Powerful globbing
  • Command history sharing

Installation:

GCC

Section titled “GCC”

GNU Compiler Collection

GCC is a compiler system produced by the GNU Project supporting various programming languages. GCC is a key component of the GNU toolchain and the standard compiler for most projects related to GNU and Linux.

Key Features:

  • Multiple language support
  • Cross-platform compilation
  • Optimization capabilities
  • Debugging support
  • Standards compliance
  • Open source

Installation:

Clang

Section titled “Clang”

C language family frontend for LLVM

Clang is a compiler front end for the C, C++, Objective-C, and Objective-C++ programming languages, as well as the OpenMP, OpenCL, RenderScript, CUDA and HIP frameworks.

Key Features:

  • Fast compilation
  • Excellent diagnostics
  • Static analysis
  • Cross-platform support
  • LLVM backend
  • Standards compliance

Installation:

MySQL

Section titled “MySQL”

Relational database management system

MySQL is an open-source relational database management system. Its name is a combination of “My”, the name of co-founder Michael Widenius’s daughter, and “SQL”, the abbreviation for Structured Query Language.

Key Features:

  • ACID compliance
  • Multi-version concurrency control
  • SQL standard support
  • Replication and clustering
  • Performance optimization
  • Cross-platform support

Installation:

PostgreSQL

Section titled “PostgreSQL”

Advanced open source relational database

PostgreSQL is a powerful, open source object-relational database system with over 30 years of active development that has earned it a strong reputation for reliability, feature robustness, and performance.

Key Features:

  • ACID compliance
  • Advanced data types
  • Full-text search
  • JSON support
  • Extensibility
  • Standards compliance

Installation:

MongoDB

Section titled “MongoDB”

Document-oriented NoSQL database

MongoDB is a source-available cross-platform document-oriented database program. Classified as a NoSQL database program, MongoDB uses JSON-like documents with optional schemas.

Key Features:

  • Document-based storage
  • Horizontal scaling
  • Flexible schema
  • Rich query language
  • Aggregation framework
  • GridFS for large files

Installation:

Redis

Section titled “Redis”

In-memory data structure store

Redis is an open source, in-memory data structure store, used as a database, cache, and message broker. Redis provides data structures such as strings, hashes, lists, sets, sorted sets with range queries, bitmaps, hyperloglogs, geospatial indexes, and streams.

Key Features:

  • In-memory storage
  • Data persistence
  • Pub/Sub messaging
  • Lua scripting
  • Clustering support
  • Multiple data structures

Installation:

SQLite

Section titled “SQLite”

Self-contained SQL database engine

SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine. SQLite is the most used database engine in the world.

Key Features:

  • Self-contained
  • Zero-configuration
  • Transactional
  • Small footprint
  • Cross-platform
  • Public domain

Installation:

Additional Essential Tools

Section titled “Additional Essential Tools”

DNF/YUM

Section titled “DNF/YUM”

Package manager for RPM-based Linux distributions

DNF (Dandified YUM) is the next-generation version of the Yellowdog Updater Modified (YUM), a package manager for RPM-based Linux distributions.

Key Features:

  • Package management
  • Dependency resolution
  • Repository management
  • Transaction history
  • Plugin system
  • Performance improvements

Installation:

  • Pre-installed: Available on Fedora, CentOS, RHEL
  • Package Managers:
    • Fedora: dnf (default)
    • CentOS/RHEL: yum or dnf
  • Documentation: View DNF/YUM Cheatsheet

Pacman

Section titled “Pacman”

Package manager for Arch Linux

Pacman is a package manager for the Arch Linux distribution and its derivatives. It combines a simple binary package format with an easy-to-use build system.

Key Features:

  • Binary package management
  • Build system integration
  • Dependency tracking
  • Package signing
  • Delta compression
  • Simple configuration

Installation:

Ksh

Section titled “Ksh”

Korn shell

The Korn shell (ksh) is a Unix shell which was developed by David Korn at Bell Labs in the early 1980s and announced at USENIX on July 14, 1983.

Key Features:

  • Command-line editing
  • Job control
  • Aliases and functions
  • Arrays
  • Arithmetic evaluation
  • POSIX compliance

Installation:

  • Package Managers:
    • Ubuntu/Debian: sudo apt install ksh
    • macOS: brew install ksh
    • Windows: Available via WSL
  • Documentation: View Ksh Cheatsheet

C Shell (csh)

Section titled “C Shell (csh)”

C-like shell

The C shell (csh) is a Unix shell created by Bill Joy while he was a graduate student at University of California, Berkeley in the late 1970s.

Key Features:

  • C-like syntax
  • Command history
  • Job control
  • Aliases
  • Variable substitution
  • Interactive features

Installation:

  • Package Managers:
    • Ubuntu/Debian: sudo apt install csh
    • macOS: Usually pre-installed
    • Windows: Available via WSL
  • Documentation: View C Shell Cheatsheet

POSIX Shell (sh)

Section titled “POSIX Shell (sh)”

POSIX-compliant shell

The POSIX shell (sh) is a command-line interpreter that provides a command line user interface for Unix-like operating systems, conforming to the POSIX standard.

Key Features:

  • POSIX compliance
  • Portable scripting
  • Basic shell features
  • Standard compliance
  • Minimal footprint
  • Cross-platform compatibility

Installation:

Assembly Languages

Section titled “Assembly Languages”

Low-level programming languages

Assembly language is a low-level programming language for a computer or other programmable device specific to a particular computer architecture.

Supported Architectures:

  • x86 Assembly - 32-bit Intel architecture
  • x86-64 Assembly - 64-bit Intel/AMD architecture
  • ARM Assembly - ARM processor architecture
  • AArch64 Assembly - 64-bit ARM architecture
  • MIPS Assembly - MIPS processor architecture
  • RISC-V Assembly - RISC-V processor architecture

Resources:

Terminal Emulators

Section titled “Terminal Emulators”

Alacritty

Section titled “Alacritty”

Cross-platform, GPU-accelerated terminal emulator

Alacritty is a cross-platform, OpenGL terminal emulator. It is the fastest terminal emulator and focuses on simplicity and performance.

Key Features:

  • GPU acceleration
  • Cross-platform support
  • Configuration via YAML
  • Vi mode
  • Scrollback search
  • True color support

Installation:

iTerm2

Section titled “iTerm2”

Terminal emulator for macOS

iTerm2 is a replacement for Terminal and the successor to iTerm. It works on Macs with macOS 10.14 or newer. iTerm2 brings the terminal into the modern age with features you never knew you always wanted.

Key Features:

  • Split panes
  • Hotkey window
  • Search functionality
  • Autocomplete
  • Paste history
  • Instant replay

Installation:

GNOME Terminal

Section titled “GNOME Terminal”

Terminal emulator for GNOME desktop environment

GNOME Terminal is a terminal emulator for the GNOME desktop environment written by Havoc Pennington and others.

Key Features:

  • Multiple tabs
  • Profile management
  • Transparency support
  • Custom fonts and colors
  • Keyboard shortcuts
  • GNOME integration

Installation:

  • Package Managers:
    • Ubuntu/Debian: sudo apt install gnome-terminal
    • Usually pre-installed on GNOME systems
  • Documentation: View GNOME Terminal Cheatsheet

Ghostty

Section titled “Ghostty”

Fast, feature-rich terminal emulator

Ghostty is a fast, feature-rich terminal emulator that uses platform-native UI and GPU acceleration.

Key Features:

  • GPU acceleration
  • Platform-native UI
  • Configuration system
  • Ligature support
  • True color support
  • Cross-platform

Installation:

Xterm

Section titled “Xterm”

Standard terminal emulator for X Window System

Xterm is the standard terminal emulator for the X Window System. It provides DEC VT102 and Tektronix 4014 compatible terminals for programs that cannot use the window system directly.

Key Features:

  • VT102 compatibility
  • Tektronix 4014 support
  • Color support
  • Font selection
  • Scrollback buffer
  • X11 integration

Installation:

  • Package Managers:
    • Ubuntu/Debian: sudo apt install xterm
    • macOS: brew install xterm
    • Usually pre-installed on X11 systems
  • Documentation: View Xterm Cheatsheet

Mac Terminal

Section titled “Mac Terminal”

Built-in terminal for macOS

Terminal is the built-in terminal emulator for macOS, providing command-line access to the Unix-based macOS system.

Key Features:

  • Multiple tabs and windows
  • Profile customization
  • Shell integration
  • Secure keyboard entry
  • Search functionality
  • AppleScript support

Installation:

Windows Terminal

Section titled “Windows Terminal”

Modern terminal application for Windows

Windows Terminal is a modern, fast, efficient, powerful, and productive terminal application for users of command-line tools and shells like Command Prompt, PowerShell, and WSL.

Key Features:

  • Multiple tabs
  • Panes
  • Unicode and UTF-8 support
  • GPU accelerated text rendering
  • Custom themes and styling
  • Profiles and settings

Installation:

This comprehensive tools directory now provides detailed information about essential development, cybersecurity, and system administration tools, including installation instructions and key features for each tool across multiple platforms.

Installation:

Wireless Security Tools

Section titled “Wireless Security Tools”

Reaver

Section titled “Reaver”

WPS PIN brute force attack tool for wireless security testing

Reaver is a specialized tool for exploiting WPS (Wi-Fi Protected Setup) vulnerabilities by performing brute force attacks against WPS PIN authentication mechanisms.

Key Features:

  • WPS PIN brute forcing
  • Pixie dust attacks
  • Session management
  • Progress tracking
  • Multiple attack modes
  • Comprehensive logging

Installation:

WifiForge

Section titled “WifiForge”

Comprehensive wireless security training and testing platform

WifiForge is a comprehensive platform designed for wireless security training and penetration testing, providing educational resources and practical testing capabilities.

Key Features:

  • Educational training modules
  • Practical testing scenarios
  • Vulnerability assessment tools
  • Comprehensive documentation
  • Interactive learning environment
  • Real-world attack simulations

Installation:

Digital Forensics Tools

Section titled “Digital Forensics Tools”

Autopsy

Section titled “Autopsy”

Comprehensive digital forensics platform with GUI

Autopsy is a digital forensics platform and graphical interface to The Sleuth Kit and other digital forensics tools, providing comprehensive analysis capabilities for digital investigations.

Key Features:

  • Graphical case management
  • Timeline analysis
  • Keyword searching
  • Hash analysis
  • File system analysis
  • Report generation

Installation:

Sleuth Kit

Section titled “Sleuth Kit”

Command-line digital forensics toolkit

The Sleuth Kit is a collection of command-line tools and a C library that allows investigators to analyze disk images and recover files from them, serving as the foundation for many forensics tools.

Key Features:

  • File system analysis
  • Timeline creation
  • Deleted file recovery
  • Metadata extraction
  • Hash database support
  • Cross-platform compatibility

Installation:

OSINT Tools

Section titled “OSINT Tools”

Maltego

Section titled “Maltego”

Comprehensive OSINT and graphical link analysis platform

Maltego is a comprehensive open source intelligence (OSINT) and graphical link analysis tool for gathering and connecting information for investigative tasks.

Key Features:

  • Graphical link analysis
  • Transform marketplace
  • Data visualization
  • Social network analysis
  • Threat intelligence integration
  • Custom transform development

Installation:

Database Security Tools

Section titled “Database Security Tools”

NoSQLMap

Section titled “NoSQLMap”

NoSQL database security testing and injection tool

NoSQLMap is a comprehensive tool for testing NoSQL database security, providing automated injection testing capabilities for MongoDB, CouchDB, Redis, and other NoSQL databases.

Key Features:

  • Multi-database support
  • Automated injection testing
  • Data extraction capabilities
  • Blind injection techniques
  • Custom payload development
  • Comprehensive reporting

Installation:

Reverse Engineering Tools

Section titled “Reverse Engineering Tools”

Cutter

Section titled “Cutter”

Modern reverse engineering platform with GUI for Rizin

Cutter is a free and open-source reverse engineering platform powered by Rizin, providing a modern graphical interface for binary analysis and reverse engineering tasks.

Key Features:

  • Modern graphical interface
  • Graph view analysis
  • Decompiler integration
  • Plugin system
  • Cross-platform support
  • Collaborative features

Installation:

Rizin

Section titled “Rizin”

Modern reverse engineering framework and command-line toolkit

Rizin is a free and open-source reverse engineering framework that provides a complete toolkit for binary analysis, disassembly, debugging, and exploitation development.

Key Features:

  • Comprehensive disassembly engine
  • Debugging capabilities
  • Scripting support
  • Plugin architecture
  • Cross-platform compatibility
  • Active development community

Installation:

angr

Section titled “angr”

Python-based symbolic execution engine for binary analysis

angr is a powerful binary analysis platform that combines symbolic execution, static analysis, and dynamic analysis to automatically analyze binaries and find vulnerabilities.

Key Features:

  • Symbolic execution engine
  • Control flow graph analysis
  • Vulnerability detection
  • Automated exploit generation
  • Python API
  • Cross-architecture support

Installation:

Binary Ninja

Section titled “Binary Ninja”

Lightweight, scriptable reverse engineering platform

Binary Ninja is a modern reverse engineering platform with powerful Python and C APIs, designed for both automation and education with advanced lifting and analysis capabilities.

Key Features:

  • SSA-based intermediate representation
  • Live analysis and decompilation
  • Advanced lifting capabilities
  • Python and C APIs
  • Plugin architecture
  • Educational licensing

Installation:

Ghidra Plugins

Section titled “Ghidra Plugins”

Extensions and enhancements for NSA’s Ghidra framework

Ghidra Plugins extend the functionality of Ghidra with additional analysis capabilities, collaborative features, and integration with other tools like BinExport and VS Code.

Key Features:

  • BinExport for IDA/Binary Ninja comparison
  • GhidraBridge for external tool integration
  • Enhanced analysis capabilities
  • Collaborative reverse engineering
  • Custom script development
  • Extended file format support

Installation:

JEB Decompiler

Section titled “JEB Decompiler”

Professional Android and native binary decompiler

JEB Decompiler is a proprietary reverse engineering platform targeting Android apps, Java bytecode, and native binaries with excellent support for obfuscated code analysis.

Key Features:

  • Android APK analysis
  • DEX/OAT decompilation
  • Native binary analysis
  • Interactive decompilation
  • Extensible architecture
  • Obfuscation handling

Installation:

Lighthouse Plugin

Section titled “Lighthouse Plugin”

Code coverage visualization plugin for IDA Pro and Ghidra

Lighthouse is a code coverage plugin that visualizes coverage data directly within disassemblers, particularly useful for correlating fuzzing results with disassembly analysis.

Key Features:

  • Real-time coverage visualization
  • Multiple coverage format support
  • Differential coverage analysis
  • Fuzzing integration
  • Interactive coverage exploration
  • Performance optimization

Installation:

REVEN

Section titled “REVEN”

Advanced dynamic binary analysis and reverse debugging platform

REVEN by Tetrane provides whole-system record/replay capabilities with time-travel reverse engineering, memory visualization, and advanced vulnerability research features.

Key Features:

  • Whole-system record/replay
  • Time-travel reverse debugging
  • Memory visualization
  • Vulnerability detection
  • Advanced analysis capabilities
  • Enterprise-grade platform

Installation:

Unicorn Engine

Section titled “Unicorn Engine”

Lightweight multi-architecture CPU emulator framework

Unicorn Engine is a lightweight, multi-platform CPU emulator framework based on QEMU, providing clean APIs for emulating CPU instructions across various architectures.

Key Features:

  • Multi-architecture support
  • Lightweight design
  • Clean API interface
  • Extensive language bindings
  • Integration capabilities
  • Security research focus

Installation:

WASM Tools

Section titled “WASM Tools”

WebAssembly binary analysis and decompilation toolkit

WASM Tools provide comprehensive analysis capabilities for WebAssembly binaries, including decompilation, security analysis, and reverse engineering of WASM modules.

Key Features:

  • WASM binary analysis
  • Decompilation to C-like code
  • Security vulnerability detection
  • Browser integration
  • Malware analysis capabilities
  • Multiple tool integration

Installation:

Cloud Security Tools

Section titled “Cloud Security Tools”

CloudMapper

Section titled “CloudMapper”

AWS environment visualization and security assessment tool

CloudMapper is a comprehensive tool for visualizing and assessing AWS cloud environments, providing security analysis and compliance checking capabilities.

Key Features:

  • AWS environment mapping
  • Security assessment
  • Compliance checking
  • Network visualization
  • Resource inventory
  • Risk analysis

Installation:

Container Security Tools

Section titled “Container Security Tools”

Docker Bench

Section titled “Docker Bench”

Docker security audit tool implementing CIS benchmarks

Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production, based on the CIS Docker Benchmark.

Key Features:

  • CIS benchmark compliance
  • Automated security auditing
  • Comprehensive reporting
  • Container configuration analysis
  • Host security assessment
  • Remediation guidance

Installation:

Kube-hunter

Section titled “Kube-hunter”

Kubernetes penetration testing and security assessment tool

Kube-hunter is a comprehensive security testing tool designed to identify security weaknesses in Kubernetes clusters and provide actionable remediation guidance.

Key Features:

  • Kubernetes security scanning
  • Vulnerability identification
  • Network-based testing
  • Pod-based testing
  • Comprehensive reporting
  • Remediation guidance

Installation:

Authentication Security Tools

Section titled “Authentication Security Tools”

Hydra

Section titled “Hydra”

Comprehensive network authentication cracking tool

Hydra is a parallelized login cracker that supports numerous protocols and services, making it one of the most versatile tools for testing authentication security.

Key Features:

  • Multi-protocol support
  • Parallel processing
  • Custom wordlists
  • Session management
  • Comprehensive logging
  • Cross-platform compatibility

Installation:

Vulnerability Assessment Tools

Section titled “Vulnerability Assessment Tools”

Nessus

Section titled “Nessus”

Enterprise vulnerability assessment platform

Nessus is a comprehensive vulnerability assessment solution that provides accurate vulnerability identification, configuration auditing, and compliance checking for enterprise environments.

Key Features:

  • Comprehensive vulnerability scanning
  • Configuration auditing
  • Compliance reporting
  • Web application testing
  • Network discovery
  • Risk prioritization

Installation:

Web Application Security Tools

Section titled “Web Application Security Tools”

Burp Suite

Section titled “Burp Suite”

Industry-leading web application security testing platform

Burp Suite is a comprehensive platform for web application security testing, providing both automated scanning capabilities and manual testing tools for security professionals.

Key Features:

  • Intercepting proxy
  • Automated scanning
  • Manual testing tools
  • Extension marketplace
  • Collaboration features
  • Comprehensive reporting

Installation:

OWASP ZAP

Section titled “OWASP ZAP”

Free web application security scanner

OWASP ZAP (Zed Attack Proxy) is one of the world’s most popular free security tools, providing comprehensive web application security testing capabilities for developers and security professionals.

Key Features:

  • Intercepting proxy
  • Automated scanning
  • Manual testing tools
  • API testing
  • CI/CD integration
  • Extensive plugin ecosystem

Installation:

Network Analysis Tools

Section titled “Network Analysis Tools”

Wireshark

Section titled “Wireshark”

World’s most widely used network protocol analyzer

Wireshark is a comprehensive network protocol analyzer that provides deep inspection of hundreds of protocols, with live capture and offline analysis capabilities.

Key Features:

  • Deep packet inspection
  • Live capture and offline analysis
  • Rich VoIP analysis
  • Read/write many file formats
  • Powerful display filters
  • Cross-platform support

Installation:

Password Security Tools

Section titled “Password Security Tools”

John the Ripper

Section titled “John the Ripper”

Powerful password cracking tool

John the Ripper is one of the most popular password testing and breaking programs, providing comprehensive password security auditing capabilities.

Key Features:

  • Multiple hash format support
  • Wordlist and brute force attacks
  • Rule-based attacks
  • Distributed cracking
  • Custom algorithms
  • Cross-platform compatibility

Installation:

Hashcat

Section titled “Hashcat”

Advanced password recovery tool with GPU acceleration

Hashcat is the world’s fastest and most advanced password recovery tool, supporting GPU acceleration and hundreds of hash algorithms.

Key Features:

  • GPU acceleration support
  • 300+ hash algorithms
  • Multiple attack modes
  • Distributed cracking
  • Real-time performance monitoring
  • Cross-platform compatibility

Installation:

Penetration Testing Frameworks

Section titled “Penetration Testing Frameworks”

Metasploit

Section titled “Metasploit”

World’s most widely used penetration testing framework

Metasploit is a comprehensive penetration testing platform that provides the infrastructure, content, and tools to perform penetration tests and extensive security auditing.

Key Features:

  • Extensive exploit database
  • Payload generation
  • Post-exploitation modules
  • Auxiliary modules
  • Meterpreter shell
  • Framework extensibility

Installation:

Network Discovery & Security Auditing

Section titled “Network Discovery & Security Auditing”

Nmap

Section titled “Nmap”

Network discovery and security auditing tool

Nmap is a free and open source utility for network discovery and security auditing, providing comprehensive host discovery, port scanning, and service detection capabilities.

Key Features:

  • Host discovery
  • Port scanning
  • Service detection
  • OS detection
  • NSE scripting engine
  • Flexible output formats

Installation:

SQL Injection Testing

Section titled “SQL Injection Testing”

SQLmap

Section titled “SQLmap”

Automatic SQL injection and database takeover tool

SQLmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over database servers.

Key Features:

  • Automatic SQL injection detection
  • Database fingerprinting
  • Data extraction
  • File system access
  • Operating system takeover
  • Out-of-band connections

Installation:

Wireshark is a free and open-source packet analyzer used for network troubleshooting, analysis, software and communications protocol development, and education.

Key Features:

  • Deep packet inspection
  • Protocol analysis
  • Real-time capture
  • Filtering capabilities
  • Statistical analysis
  • Cross-platform support

Installation:

  • Official Website: Download from wireshark.org
  • Package Managers: Available for all major distributions
  • Requirements: Network interface access
  • Documentation: View Wireshark Cheatsheet

Password Security Tools

Section titled “Password Security Tools”

John the Ripper

Section titled “John the Ripper”

Powerful password cracking tool

John the Ripper is a fast password cracker that supports hundreds of hash and cipher types, making it one of the most versatile tools for password security testing.

Key Features:

  • Multi-format hash support
  • Dictionary attacks
  • Brute force attacks
  • Rule-based attacks
  • Distributed cracking
  • Custom algorithms

Installation:

  • Package Managers: Available for most distributions
  • Source: Compile from GitHub
  • Requirements: C compiler, OpenSSL
  • Documentation: View John the Ripper Cheatsheet

Hashcat

Section titled “Hashcat”

World’s fastest password recovery tool

Hashcat is the world’s fastest and most advanced password recovery utility, supporting over 300 highly-optimized hashing algorithms and utilizing GPU acceleration for maximum performance.

Key Features:

  • GPU acceleration
  • 300+ hash algorithms
  • Multiple attack modes
  • Distributed cracking
  • Rule-based attacks
  • Mask attacks

Installation:

  • Official Website: Download from hashcat.net
  • Package Managers: Available for most distributions
  • Requirements: OpenCL/CUDA drivers
  • Documentation: View Hashcat Cheatsheet

Penetration Testing Frameworks

Section titled “Penetration Testing Frameworks”

Metasploit

Section titled “Metasploit”

World’s most widely used penetration testing framework

Metasploit is a comprehensive penetration testing framework that provides the infrastructure, content, and tools to perform penetration tests and extensive security auditing.

Key Features:

  • Exploit development framework
  • Payload generation
  • Post-exploitation modules
  • Auxiliary modules
  • Meterpreter shell
  • Extensive module library

Installation:

  • Official Website: Download from Rapid7
  • Package Managers: Available for most distributions
  • Requirements: Ruby, PostgreSQL
  • Documentation: View Metasploit Cheatsheet

Network Discovery Tools

Section titled “Network Discovery Tools”

Nmap

Section titled “Nmap”

Network discovery and security auditing tool

Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing, capable of scanning large networks and determining what hosts are available.

Key Features:

  • Host discovery
  • Port scanning
  • Service detection
  • OS fingerprinting
  • Scripting engine (NSE)
  • Comprehensive reporting

Installation:

  • Package Managers: Available for all major distributions
  • Official Website: Download from nmap.org
  • Requirements: Network access
  • Documentation: View Nmap Cheatsheet

SQL Injection Testing Tools

Section titled “SQL Injection Testing Tools”

SQLmap

Section titled “SQLmap”

Automatic SQL injection and database takeover tool

SQLmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over database servers.

Key Features:

  • Automatic SQL injection detection
  • Database enumeration
  • Data extraction
  • File system access
  • Operating system takeover
  • WAF bypass techniques

Installation:

  • Python: pip install sqlmap
  • GitHub: Clone repository
  • Requirements: Python 3.x
  • Documentation: View SQLmap Cheatsheet

Network Discovery & Scanning Tools

Section titled “Network Discovery & Scanning Tools”

ZMap

Section titled “ZMap”

Fast internet-wide network scanner

ZMap is a fast single-packet network scanner optimized for Internet-wide network surveys, capable of scanning the entire IPv4 address space in under 45 minutes.

Key Features:

  • Internet-wide scanning capability
  • Single-packet scanning
  • High-speed performance
  • Modular architecture
  • IPv4 address space coverage
  • Research-focused design

Installation:

Web Application Security Tools

Section titled “Web Application Security Tools”

Arachni

Section titled “Arachni”

Web application security scanner framework

Arachni is an open-source, feature-rich web application security scanner capable of detecting various security vulnerabilities in web applications through comprehensive testing.

Key Features:

  • Comprehensive vulnerability detection
  • Modular architecture
  • High-performance scanning
  • REST API support
  • Detailed reporting
  • Custom module development

Installation:

Pegasus-Pentest-Arsenal

Section titled “Pegasus-Pentest-Arsenal”

Comprehensive web security testing toolkit

Pegasus-Pentest-Arsenal is a comprehensive web application security testing toolkit that combines 10 powerful penetration testing features into one unified tool.

Key Features:

  • 10 integrated testing modules
  • Web application focus
  • Comprehensive vulnerability detection
  • User-friendly interface
  • Automated testing capabilities
  • Detailed reporting

Installation:

Wireless Security Tools

Section titled “Wireless Security Tools”

Wifite

Section titled “Wifite”

Automated wireless attack tool

Wifite is an automated wireless attack tool for Linux that simplifies the process of auditing wireless networks by automating various attack techniques.

Key Features:

  • Automated wireless auditing
  • Multiple attack methods
  • WPS attack support
  • Handshake capture
  • Dictionary attacks
  • User-friendly interface

Installation:

Digital Forensics Tools

Section titled “Digital Forensics Tools”

Volatility

Section titled “Volatility”

Memory forensics framework

Volatility is the world’s most widely used memory forensics tool, providing a comprehensive framework for extracting digital artifacts from volatile memory (RAM) samples.

Key Features:

  • Memory dump analysis
  • Process enumeration
  • Network connection analysis
  • Registry extraction
  • Malware detection
  • Timeline analysis

Installation:

Reverse Engineering Tools

Section titled “Reverse Engineering Tools”

Radare2

Section titled “Radare2”

Complete reverse engineering framework

Radare2 (r2) is a complete framework for reverse-engineering and analyzing binaries, composed of a set of small utilities that can be used together or independently.

Key Features:

  • Multi-architecture support
  • Disassembly and assembly
  • Debugging capabilities
  • Scripting support
  • Graph visualization
  • Extensive plugin system

Installation:

x64dbg

Section titled “x64dbg”

Open-source Windows debugger

x64dbg is an open-source user mode debugger for Windows, optimized for reverse engineering and malware analysis with support for both x64 and x32 applications.

Key Features:

  • x64 and x32 debugging
  • Plugin system
  • Scripting support
  • Memory analysis
  • Disassembly view
  • Breakpoint management

Installation:

Container Security Tools

Section titled “Container Security Tools”

Trivy

Section titled “Trivy”

Comprehensive security scanner

Trivy is an all-in-one open source security scanner that finds vulnerabilities, misconfigurations, and other security issues in containers, Kubernetes, code repositories, and cloud environments.

Key Features:

  • Multi-target scanning
  • Vulnerability detection
  • Misconfiguration scanning
  • Secret detection
  • SBOM generation
  • CI/CD integration

Installation:

Falco

Section titled “Falco”

Runtime security monitoring

Falco is a cloud native runtime security tool for Linux operating systems designed to detect and alert on abnormal behavior and potential security threats.

Key Features:

  • Runtime security monitoring
  • Kubernetes integration
  • Custom rule engine
  • Real-time alerting
  • Syscall monitoring
  • Cloud native design

Installation:

Evasion & Obfuscation Tools

Section titled “Evasion & Obfuscation Tools”

Veil

Section titled “Veil”

Payload generation framework

Veil is a tool designed to generate metasploit payloads that bypass common anti-virus solutions, providing various evasion techniques for penetration testing.

Key Features:

  • AV evasion techniques
  • Multiple payload formats
  • Metasploit integration
  • Custom encoding methods
  • Modular architecture
  • Automated generation

Installation:

Reconnaissance Tools

Section titled “Reconnaissance Tools”

Recon-ng

Section titled “Recon-ng”

Web reconnaissance framework

Recon-ng is a full-featured reconnaissance framework designed to provide a powerful environment for conducting open source web-based reconnaissance quickly and thoroughly.

Key Features:

  • Modular framework
  • Database integration
  • API integration
  • Automated reconnaissance
  • Report generation
  • Extensible architecture

Installation:

SearchSploit

Section titled “SearchSploit”

Exploit database search tool

SearchSploit is a command line search tool for Exploit-DB that allows you to take a copy of the Exploit Database with you wherever you go.

Key Features:

  • Offline exploit database
  • Command line interface
  • Regular updates
  • Multiple search options
  • Integration with Metasploit
  • Portable database

Installation:

Training & Education Platforms

Section titled “Training & Education Platforms”

DVWA

Section titled “DVWA”

Damn Vulnerable Web Application

DVWA is a PHP/MySQL web application that is damn vulnerable, designed to be an aid for security professionals to test their skills and tools in a legal environment.

Key Features:

  • Deliberately vulnerable web app
  • Multiple difficulty levels
  • Common web vulnerabilities
  • Educational focus
  • Easy deployment
  • Comprehensive documentation

Installation:

WebGoat

Section titled “WebGoat”

OWASP web security training platform

WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons through hands-on exercises.

Key Features:

  • Interactive security lessons
  • OWASP Top 10 coverage
  • Progressive difficulty
  • Detailed explanations
  • Modern web technologies
  • Community support

Installation:

Tool Management Frameworks

Section titled “Tool Management Frameworks”

PTF (Pentesters Framework)

Section titled “PTF (Pentesters Framework)”

Penetration testing tool management

PTF is a Python script designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for penetration testing by automating tool installation and management.

Key Features:

  • Automated tool installation
  • Tool management system
  • Distribution agnostic
  • Regular updates
  • Modular architecture
  • Easy configuration

Installation:

Threat Hunting Tools

Section titled “Threat Hunting Tools”

Malwoverview

Section titled “Malwoverview”

Malware analysis and threat hunting

Malwoverview is a first response tool for threat hunting that performs initial and quick triage of malware samples, URLs, IP addresses, domains, and IOCs using multiple threat intelligence sources.

Key Features:

  • Multi-source threat intelligence
  • Malware sample analysis
  • IOC investigation
  • Automated reporting
  • API integration
  • Batch processing

Installation:

Network Utilities

Section titled “Network Utilities”

Proxychains

Section titled “Proxychains”

Proxy chains for anonymity

Proxychains is a tool that forces any TCP connection made by any given application to follow through proxy servers like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy.

Key Features:

  • TCP connection proxying
  • Multiple proxy support
  • TOR integration
  • Dynamic chain support
  • DNS proxying
  • Stealth capabilities

Installation:

Responder

Section titled “Responder”

LLMNR/NBT-NS/mDNS poisoner

Responder is a LLMNR, NBT-NS and MDNS poisoner with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.

Key Features:

  • Network protocol poisoning
  • Credential harvesting
  • Rogue authentication servers
  • Multiple protocol support
  • NTLM relay capabilities
  • Active Directory targeting

Installation:

This comprehensive cybersecurity tools section provides detailed profiles for 50+ essential security testing tools across 21+ specialized categories. Each tool includes detailed descriptions, key features, installation instructions, and links to comprehensive cheatsheets for in-depth usage guidance.

📊 SIEM & Security Analytics Platforms

Section titled “📊 SIEM & Security Analytics Platforms”

Cloud-Native SIEM Solutions

Section titled “Cloud-Native SIEM Solutions”

Sumo Logic

Section titled “Sumo Logic”

Cloud-native security analytics platform

Sumo Logic is a cloud-native machine data analytics platform that delivers real-time continuous intelligence across the entire application lifecycle and stack.

Key Features:

  • Real-time log analytics
  • Machine learning insights
  • Cloud security monitoring
  • Compliance reporting
  • Threat detection
  • Custom dashboards

Installation:

Microsoft Sentinel

Section titled “Microsoft Sentinel”

Cloud-native SIEM and SOAR solution

Microsoft Sentinel is a scalable, cloud-native security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution.

Key Features:

  • Intelligent security analytics
  • Threat hunting capabilities
  • Automated response
  • Machine learning detection
  • Azure integration
  • KQL query language

Installation:

Elastic SIEM

Section titled “Elastic SIEM”

Open-source security analytics platform

Elastic Security combines SIEM, endpoint security, and threat hunting in one solution, built on the Elastic Stack for speed, scale, and relevance.

Key Features:

  • Real-time threat detection
  • Endpoint protection
  • Timeline analysis
  • Machine learning analytics
  • Case management
  • Open-source foundation

Installation:

Traditional SIEM Platforms

Section titled “Traditional SIEM Platforms”

Splunk

Section titled “Splunk”

Security information and event management platform

Splunk is a software platform to search, analyze and visualize machine-generated data gathered from websites, applications, sensors, devices, and other sources.

Key Features:

  • Real-time search and analysis
  • Machine learning capabilities
  • Custom dashboards
  • Alert management
  • Data correlation
  • Extensive app ecosystem

Installation:

Threat Intelligence Platforms

Section titled “Threat Intelligence Platforms”

MISP

Section titled “MISP”

Malware Information Sharing Platform

MISP is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threats about cyber security incidents analysis and malware analysis.

Key Features:

  • Threat intelligence sharing
  • IOC management
  • Event correlation
  • API integration
  • Community feeds
  • Automated enrichment

Installation:

🔒 VPN & Network Security Solutions

Section titled “🔒 VPN & Network Security Solutions”

Modern VPN Solutions

Section titled “Modern VPN Solutions”

Tailscale

Section titled “Tailscale”

Zero-config mesh VPN

Tailscale is a zero config VPN that installs on any device in minutes, manages firewall rules for you, and works from anywhere.

Key Features:

  • Zero-configuration setup
  • Mesh networking
  • End-to-end encryption
  • Cross-platform support
  • Access control lists
  • Magic DNS

Installation:

Outline VPN

Section titled “Outline VPN”

Open-source VPN server

Outline is an open-source project that lets anyone create, run, and share access to their own VPN. Outline is designed to be resistant to blocking.

Key Features:

  • Easy server deployment
  • Shadowsocks protocol
  • Censorship resistance
  • Multi-user support
  • Cross-platform clients
  • Simple management

Installation:

Traditional VPN Solutions

Section titled “Traditional VPN Solutions”

OpenVPN

Section titled “OpenVPN”

Open-source VPN solution

OpenVPN is an open-source commercial software that implements virtual private network techniques to create secure point-to-point or site-to-site connections.

Key Features:

  • SSL/TLS encryption
  • Cross-platform support
  • Flexible authentication
  • Network bridging
  • Load balancing
  • High availability

Installation:

🛡️ Network Security Monitoring Platforms

Section titled “🛡️ Network Security Monitoring Platforms”

Comprehensive Security Platforms

Section titled “Comprehensive Security Platforms”

SecurityOnion

Section titled “SecurityOnion”

Network security monitoring platform

SecurityOnion is a free and open-source Linux distribution for threat hunting, enterprise security monitoring, and log management.

Key Features:

  • Full packet capture
  • Network security monitoring
  • Intrusion detection (Suricata)
  • Network analysis (Zeek)
  • Log management (Elastic Stack)
  • Case management (TheHive)

Installation:

Digital Forensics Platforms

Section titled “Digital Forensics Platforms”

SIFT Workstation

Section titled “SIFT Workstation”

Digital forensics and incident response toolkit

SIFT (SANS Investigative Forensic Toolkit) Workstation is a group of free open-source incident response and forensic tools designed to perform detailed digital forensic examinations.

Key Features:

  • Forensic imaging tools
  • Memory analysis
  • Network forensics
  • Timeline analysis
  • File carving
  • Malware analysis

Installation:

GRR Rapid Response

Section titled “GRR Rapid Response”

Incident response framework

GRR Rapid Response is an incident response framework focused on remote live forensics consisting of a python agent and server infrastructure.

Key Features:

  • Remote forensics
  • Live response
  • Memory analysis
  • File collection
  • Registry analysis
  • Timeline reconstruction

Installation:

Pattern Matching & Detection

Section titled “Pattern Matching & Detection”

YARA

Section titled “YARA”

Pattern matching engine for malware research

YARA is a tool aimed at helping malware researchers to identify and classify malware samples by creating descriptions of malware families based on textual or binary patterns.

Key Features:

  • Pattern matching rules
  • Malware classification
  • File scanning
  • Memory scanning
  • Custom rule creation
  • Integration capabilities

Installation:

🔥 Network Security & Firewall Solutions

Section titled “🔥 Network Security & Firewall Solutions”

Enterprise Firewall Platforms

Section titled “Enterprise Firewall Platforms”

pfSense

Section titled “pfSense”

Open-source firewall and router platform

pfSense is a free and open-source firewall and router that also features unified threat management, load balancing, multi WAN, and more.

Key Features:

  • Stateful firewall
  • VPN server/client
  • Traffic shaping
  • Load balancing
  • Intrusion detection
  • Web filtering

Installation:

Cisco ASA

Section titled “Cisco ASA”

Enterprise security appliance

Cisco Adaptive Security Appliance (ASA) is a security device that combines firewall, antivirus, intrusion prevention, and virtual private network (VPN) capabilities.

Key Features:

  • Next-generation firewall
  • VPN concentrator
  • Intrusion prevention
  • Application control
  • URL filtering
  • High availability

Installation:

Linux Firewall Solutions

Section titled “Linux Firewall Solutions”

iptables

Section titled “iptables”

Linux kernel firewall

iptables is a user-space utility program that allows a system administrator to configure the IP packet filter rules of the Linux kernel firewall.

Key Features:

  • Packet filtering
  • Network address translation
  • Port forwarding
  • Connection tracking
  • Rate limiting
  • Custom chains

Installation:

  • Pre-installed: Available on most Linux distributions
  • Package Managers:
    • Ubuntu/Debian: sudo apt install iptables
    • CentOS/RHEL: sudo yum install iptables
  • Requirements: Linux kernel with netfilter
  • Documentation: View iptables Cheatsheet

Intrusion Detection Systems

Section titled “Intrusion Detection Systems”

Snort

Section titled “Snort”

Network intrusion detection and prevention system

Snort is a free open source network intrusion detection system (IDS) and intrusion prevention system (IPS) created in 1998 by Martin Roesch.

Key Features:

  • Real-time traffic analysis
  • Packet logging
  • Protocol analysis
  • Content searching
  • Rule-based detection
  • Preprocessor modules

Installation:

🐳 Container & Orchestration Security

Section titled “🐳 Container & Orchestration Security”

Container Orchestration

Section titled “Container Orchestration”

Kubernetes

Section titled “Kubernetes”

Container orchestration platform

Kubernetes is an open-source container orchestration system for automating software deployment, scaling, and management.

Key Features:

  • Container orchestration
  • Service discovery
  • Load balancing
  • Storage orchestration
  • Automated rollouts
  • Self-healing

Installation:

kubectl

Section titled “kubectl”

Kubernetes command-line tool

kubectl is a command-line tool for communicating with a Kubernetes cluster’s control plane, using the Kubernetes API.

Key Features:

  • Cluster management
  • Resource deployment
  • Service management
  • Debugging tools
  • Configuration management
  • Scaling operations

Installation:

🎯 Penetration Testing Distributions

Section titled “🎯 Penetration Testing Distributions”

Security Testing Platforms

Section titled “Security Testing Platforms”

Kali Linux

Section titled “Kali Linux”

Penetration testing and security auditing platform

Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing, maintained and funded by Offensive Security.

Key Features:

  • 600+ penetration testing tools
  • Forensic capabilities
  • Live boot support
  • ARM support
  • Cloud images
  • Docker containers

Installation:

Baby-naptime

Section titled “Baby-naptime”

AI-powered vulnerability analysis tool

Baby-naptime is an open source implementation of Google’s Project Naptime - a vulnerability analysis tool that uses Large Language Models (LLMs) to discover and exploit native vulnerabilities automatically.

Key Features:

  • Intelligent vulnerability detection using LLMs
  • Automated exploit generation and testing
  • Memory corruption analysis
  • GDB integration for debugging
  • Smart code navigation and analysis
  • Detailed vulnerability reporting
  • Support for multiple LLM models (GPT-4o, O3-mini, O1-preview)
  • Adaptive binary compilation with security mitigations disabled

Installation:

Rogue

Section titled “Rogue”

Intelligent web vulnerability scanner powered by LLMs

Rogue is an advanced AI security testing agent that leverages Large Language Models to intelligently discover and validate web application vulnerabilities. Unlike traditional scanners, Rogue thinks like a human penetration tester.

Key Features:

  • Intelligent vulnerability discovery using LLMs
  • Advanced payload generation tailored to targets
  • Context-aware testing and analysis
  • Automated exploit verification
  • Comprehensive reporting with reproduction steps
  • Subdomain enumeration and discovery
  • Built-in traffic monitoring and proxy
  • Expandable scope with recursive URL testing

Installation:

Social Engineering Tools

Section titled “Social Engineering Tools”

Social Engineer Toolkit (SET)

Section titled “Social Engineer Toolkit (SET)”

Social engineering penetration testing framework

The Social-Engineer Toolkit (SET) is an open-source penetration testing framework designed for social engineering attacks.

Key Features:

  • Spear-phishing attacks
  • Website attack vectors
  • Infectious media generator
  • Mass mailer attack
  • SMS spoofing
  • Wireless access point attacks

Installation:

This expanded security tools section provides comprehensive coverage of modern SIEM platforms, VPN solutions, network security monitoring tools, and specialized security frameworks. Each tool includes detailed descriptions, key features, installation instructions, and links to comprehensive cheatsheets for in-depth usage guidance.

System Monitoring & Analysis

Section titled “System Monitoring & Analysis”

Wazuh

Section titled “Wazuh”

Open-source security platform for threat detection and compliance

Wazuh is a comprehensive security platform that provides unified XDR and SIEM protection for endpoints and cloud workloads.

Key Features:

  • Log data analysis and threat detection
  • File integrity monitoring
  • Vulnerability assessment
  • Configuration assessment
  • Incident response
  • Regulatory compliance

Installation:

osquery

Section titled “osquery”

SQL-based operating system instrumentation framework

osquery exposes an operating system as a high-performance relational database, allowing SQL-based queries to explore operating system data.

Key Features:

  • SQL-based system queries
  • Cross-platform support
  • Real-time monitoring
  • Scheduled queries
  • Event-based collection
  • Integration with security tools

Installation:

btop

Section titled “btop”

Modern resource monitor for system performance

btop is a modern, cross-platform resource monitor that shows usage and stats for processor, memory, disks, network, and processes.

Key Features:

  • Real-time system monitoring
  • Interactive process management
  • GPU monitoring support
  • Customizable interface
  • Mouse support
  • Multiple themes

Installation:

Data Processing & Analysis

Section titled “Data Processing & Analysis”

Logstash

Section titled “Logstash”

Data processing pipeline for Elasticsearch

Logstash is a server-side data processing pipeline that ingests data from multiple sources, transforms it, and sends it to Elasticsearch.

Key Features:

  • Real-time data processing
  • 200+ plugins available
  • Horizontal scalability
  • Flexible pipeline configuration
  • Multiple input/output formats
  • Data transformation capabilities

Installation:

Threat Hunting & Analysis

Section titled “Threat Hunting & Analysis”

Strelka

Section titled “Strelka”

Real-time file analysis system

Strelka is a real-time file analysis system used for threat hunting, threat detection, and incident response.

Key Features:

  • Real-time file scanning
  • Modular architecture
  • Multiple file format support
  • YARA integration
  • Scalable deployment
  • API access

Installation:

Sigma

Section titled “Sigma”

Generic signature format for SIEM systems

Sigma is a generic and open signature format that allows you to describe relevant log events in a straightforward manner.

Key Features:

  • Generic rule format
  • SIEM-agnostic detection rules
  • Rule conversion tools
  • Community rule repository
  • Threat hunting support
  • Detection engineering

Installation:

CyberChef

Section titled “CyberChef”

Cyber Swiss Army Knife for data transformation

CyberChef is a simple, intuitive web app for carrying out all manner of “cyber” operations within a web browser.

Key Features:

  • 300+ operations available
  • Drag and drop interface
  • Recipe sharing
  • Bulk operations
  • Data format conversion
  • Cryptographic operations

Installation:

Velociraptor

Section titled “Velociraptor”

Digital forensics and incident response platform

Velociraptor is an advanced digital forensic and incident response tool that enhances your visibility into your endpoints.

Key Features:

  • Endpoint visibility
  • Hunt for artifacts
  • Monitor continuously
  • Offline collector
  • Server/client architecture
  • VQL query language

Installation:

Intrusion Detection & Deception

Section titled “Intrusion Detection & Deception”

OpenCanary

Section titled “OpenCanary”

Honeypot and intrusion detection system

OpenCanary is a daemon that runs several canary versions of services that alerts when a service is (ab)used.

Key Features:

  • Multiple service emulation
  • Configurable alerts
  • Low resource usage
  • Easy deployment
  • Syslog integration
  • Web interface

Installation:

Network Monitoring & Capture

Section titled “Network Monitoring & Capture”

Stenographer

Section titled “Stenographer”

Full packet capture system

Stenographer is a full-packet-capture utility for buffering packets to disk for intrusion detection and incident response purposes.

Key Features:

  • Full packet capture
  • Fast packet retrieval
  • Scalable storage
  • Query interface
  • Time-based indexing
  • Integration ready

Installation:

tshark

Section titled “tshark”

Wireshark command-line interface for network analysis

tshark is the command-line version of Wireshark, providing powerful network packet analysis capabilities for troubleshooting, security analysis, and network monitoring.

Key Features:

  • Command-line packet capture and analysis
  • Protocol dissection and filtering
  • Statistical analysis and reporting
  • Scriptable automation
  • Cross-platform support
  • Integration with monitoring systems

Installation:

OpenVAS

Section titled “OpenVAS”

Comprehensive vulnerability assessment scanner

OpenVAS is a full-featured vulnerability scanner providing extensive security testing capabilities for networks, systems, and applications.

Key Features:

  • Comprehensive vulnerability scanning
  • Web-based management interface
  • Authenticated scanning capabilities
  • Custom scan configurations
  • Detailed reporting and analysis
  • API integration support

Installation:

Nessus

Section titled “Nessus”

Professional vulnerability assessment platform

Nessus is a comprehensive vulnerability assessment solution providing advanced security scanning and compliance checking capabilities.

Key Features:

  • Advanced vulnerability detection
  • Compliance and configuration auditing
  • Credentialed scanning support
  • Custom policy creation
  • API integration and automation
  • Enterprise reporting capabilities

Installation:

Fiddler

Section titled “Fiddler”

Web debugging proxy for HTTP/HTTPS traffic analysis

Fiddler is a web debugging proxy that logs all HTTP(S) traffic between your computer and the Internet, allowing detailed analysis and modification of web traffic.

Key Features:

  • HTTP/HTTPS traffic capture and analysis
  • Request/response modification
  • Performance monitoring and optimization
  • Security testing capabilities
  • Mobile device debugging support
  • Extensible scripting framework

Installation:

PingPlotter

Section titled “PingPlotter”

Network troubleshooting and visualization tool

PingPlotter provides comprehensive network path analysis and monitoring capabilities for diagnosing connectivity issues and performance problems.

Key Features:

  • Visual network path analysis
  • Real-time monitoring and alerting
  • Historical data tracking
  • Multi-target monitoring
  • Performance metrics analysis
  • Automated reporting capabilities

Installation:

Traceroute

Section titled “Traceroute”

Network path tracing utility

Traceroute is a network diagnostic tool for displaying the route and measuring transit delays of packets across an IP network.

Key Features:

  • Network path discovery and analysis
  • Hop-by-hop latency measurement
  • Route change detection
  • Multiple protocol support (ICMP, UDP, TCP)
  • IPv4 and IPv6 compatibility
  • Cross-platform availability

Installation:

  • Built-in: Pre-installed on most systems
  • Package Managers:
    • Ubuntu/Debian: sudo apt install traceroute
    • Windows: tracert (built-in)
    • macOS: traceroute (built-in)
  • Documentation: View Traceroute Cheatsheet

iperf3

Section titled “iperf3”

Network performance measurement tool

iperf3 is a tool for active measurements of the maximum achievable bandwidth on IP networks, supporting tuning of various parameters and UDP characteristics.

Key Features:

  • TCP and UDP bandwidth measurement
  • Bidirectional testing capabilities
  • Multiple stream support
  • Real-time performance monitoring
  • JSON output for automation
  • Cross-platform compatibility

Installation:

  • Official Website: https://iperf.fr/
  • Package Managers:
    • Ubuntu/Debian: sudo apt install iperf3
    • CentOS/RHEL: sudo yum install iperf3
    • macOS: brew install iperf3
  • Documentation: View iperf3 Cheatsheet

MTR

Section titled “MTR”

Network diagnostic tool combining ping and traceroute

MTR (My Traceroute) combines the functionality of traceroute and ping programs in a single network diagnostic tool, providing continuous monitoring capabilities.

Key Features:

  • Real-time network path analysis
  • Continuous monitoring and statistics
  • Multiple output formats (text, CSV, JSON)
  • IPv4 and IPv6 support
  • Packet loss and latency tracking
  • Interactive and batch modes

Installation:

Arpwatch

Section titled “Arpwatch”

Ethernet/FDDI station activity monitor

Arpwatch monitors Ethernet activity and maintains a database of Ethernet/IP address pairings, detecting changes and potential security issues.

Key Features:

  • ARP table monitoring and analysis
  • MAC address change detection
  • Email notification system
  • Network baseline establishment
  • Security anomaly detection
  • Database-driven tracking

Installation:

GNS3

Section titled “GNS3”

Graphical Network Simulator

GNS3 is a network software emulator that allows the combination of virtual and real devices, used to simulate complex networks for testing and training purposes.

Key Features:

  • Network topology design and simulation
  • Support for multiple vendor devices
  • Integration with virtual machines
  • Packet capture and analysis
  • Collaborative network design
  • Educational and training capabilities

Installation:

Packet Tracer

Section titled “Packet Tracer”

Cisco network simulation platform

Cisco Packet Tracer is a powerful network simulation program that allows students to experiment with network behavior and ask “what if” questions.

Key Features:

  • Network topology design and simulation
  • Cisco device configuration practice
  • Protocol simulation and analysis
  • Educational scenarios and labs
  • Assessment and grading tools
  • Multi-user collaboration support

Installation:

Zeek (Bro)

Section titled “Zeek (Bro)”

Network security monitoring framework

Zeek is a powerful network security monitoring framework that provides comprehensive network analysis and security monitoring capabilities for detecting intrusions and analyzing network traffic.

Key Features:

  • Real-time network traffic analysis
  • Protocol analysis and logging
  • Custom script development
  • Threat detection and hunting
  • Incident response capabilities
  • Cluster deployment support

Installation:

  • Official Website: https://zeek.org/
  • Package Managers:
    • Ubuntu/Debian: sudo apt install zeek
    • CentOS/RHEL: sudo yum install zeek
    • FreeBSD: pkg install zeek
  • Documentation: View Zeek Cheatsheet

Netstat

Section titled “Netstat”

Network connection utility

Netstat displays network connections, routing tables, interface statistics, masquerade connections, and multicast memberships, essential for network troubleshooting and security analysis.

Key Features:

  • Network connection monitoring
  • Process-to-port mapping
  • Routing table display
  • Interface statistics analysis
  • Security monitoring capabilities
  • Cross-platform availability

Installation:

  • Built-in: Pre-installed on most systems
  • Package Managers:
    • Ubuntu/Debian: sudo apt install net-tools
    • Alternative: ss command (modern replacement)
  • Documentation: View Netstat Cheatsheet

This comprehensive tools section now includes essential system monitoring, data processing, threat hunting, intrusion detection, and network capture tools. Each tool provides detailed descriptions, key features, installation instructions, and links to comprehensive cheatsheets for professional security operations.

🔧 Additional Tools

Section titled “🔧 Additional Tools”

Comprehensive Tool Directory

Section titled “Comprehensive Tool Directory”

Aadinternals

Section titled “Aadinternals”

Documentation: View Aadinternals Cheatsheet

Acunetix

Section titled “Acunetix”

Comprehensive acunetix commands and workflows for network operations across all platforms.

Documentation: View Acunetix Cheatsheet

Adconnectdump

Section titled “Adconnectdump”

Documentation: View Adconnectdump Cheatsheet

Age

Section titled “Age”

Comprehensive age commands and usage patterns for efficient workflow management.

Documentation: View Age Cheatsheet

Alterx

Section titled “Alterx”

AlterX is a fast and customizable subdomain wordlist generator developed by Project Discovery. It uses patterns and domain-specific language (DSL) to generate permutations and alterations of subdomains, making it a powerful tool for active subdomain enumeration.

Documentation: View Alterx Cheatsheet

Anchore

Section titled “Anchore”

Comprehensive anchore commands and workflows for system administration across all platforms.

Documentation: View Anchore Cheatsheet

Angular

Section titled “Angular”

Comprehensive angular commands and workflows for system administration across all platforms.

Documentation: View Angular Cheatsheet

Ansible

Section titled “Ansible”

Comprehensive ansible commands and workflows for system administration across all platforms.

Documentation: View Ansible Cheatsheet

Apache HTTP Server

Section titled “Apache HTTP Server”

Web application testing and analysis tool

Documentation: View Apache HTTP Server Cheatsheet

Apimonitor

Section titled “Apimonitor”

Comprehensive apimonitor commands and usage patterns for efficient workflow management.

Documentation: View Apimonitor Cheatsheet

Apktool

Section titled “Apktool”

Comprehensive apktool commands and usage patterns for efficient workflow management.

Documentation: View Apktool Cheatsheet

Apt Get

Section titled “Apt Get”

Comprehensive apt-get commands and usage patterns for efficient workflow management.

Documentation: View Apt Get Cheatsheet

Aqua

Section titled “Aqua”

Comprehensive aqua commands and usage patterns for efficient workflow management.

Documentation: View Aqua Cheatsheet

Aquatone

Section titled “Aquatone”

Comprehensive aquatone commands and usage patterns for efficient workflow management.

Documentation: View Aquatone Cheatsheet

Arjun

Section titled “Arjun”

Comprehensive arjun commands and usage patterns for efficient workflow management.

Documentation: View Arjun Cheatsheet

Arp Scan

Section titled “Arp Scan”

Comprehensive arp-scan commands and workflows for security testing and analysis across all platforms.

Documentation: View Arp Scan Cheatsheet

Asnmap

Section titled “Asnmap”

ASNmap is a fast and versatile tool developed by Project Discovery for mapping Autonomous System Numbers (ASNs) to their corresponding IP ranges and organization information.

Documentation: View Asnmap Cheatsheet

Asreproast

Section titled “Asreproast”

Comprehensive asreproast commands and workflows for system administration across all platforms.

Documentation: View Asreproast Cheatsheet

Assetfinder

Section titled “Assetfinder”

Comprehensive assetfinder commands and workflows for system administration across all platforms.

Documentation: View Assetfinder Cheatsheet

Atom

Section titled “Atom”

Comprehensive atom commands and workflows for system administration across all platforms.

Documentation: View Atom Cheatsheet

Augment Code

Section titled “Augment Code”

Augment Code is an AI-powered software development platform featuring autonomous coding agents, industry-leading context engine, and production-ready code generation.

Documentation: View Augment Code Cheatsheet

Autogen

Section titled “Autogen”

AutoGen is a groundbreaking open-source framework developed by Microsoft Research that revolutionizes the development of Large Language Model (LLM) applications by enabling sophisticated multi-agent c…

Documentation: View Autogen Cheatsheet

Awesome Go

Section titled “Awesome Go”

Comprehensive awesome-go commands and workflows for system administration across all platforms.

Documentation: View Awesome Go Cheatsheet

Awesome Java

Section titled “Awesome Java”

Comprehensive awesome-java commands and workflows for system administration across all platforms.

Documentation: View Awesome Java Cheatsheet

Awesome Javascript

Section titled “Awesome Javascript”

Comprehensive awesome-javascript commands and usage patterns for efficient workflow management.

Documentation: View Awesome Javascript Cheatsheet

Awesome Nodejs

Section titled “Awesome Nodejs”

Curated list of Node.js packages and resources - Essential commands and usage patterns.

Documentation: View Awesome Nodejs Cheatsheet

Awesome Python

Section titled “Awesome Python”

Comprehensive awesome-python commands and workflows for system administration across all platforms.

Documentation: View Awesome Python Cheatsheet

Azucar

Section titled “Azucar”

Documentation: View Azucar Cheatsheet

Azure Security Assessment Tool

Section titled “Azure Security Assessment Tool”

Azure Security Assessment Tool is a comprehensive Rust-based security scanner designed to assess Azure environments with over 200 security rules. This tool provides automated security assessments, compliance checking, and vulnerability identification across Azure subscriptions.

Documentation: View Azure Security Assessment Tool Cheatsheet

Azurehound

Section titled “Azurehound”

Documentation: View Azurehound Cheatsheet

Backdoors Breaches

Section titled “Backdoors Breaches”

Specialized tool for technical operations

Documentation: View Backdoors Breaches Cheatsheet

Bandit

Section titled “Bandit”

Bandit is a security linter designed to find common security issues in Python code. It analyzes Python source code and identifies potential security vulnerabilities by scanning for known patterns and anti-patterns.

Documentation: View Bandit Cheatsheet

Bash Bunny

Section titled “Bash Bunny”

The Bash Bunny is a multi-vector USB attack and automation platform developed by Hak5. This advanced physical penetration testing tool combines the functionality of multiple attack vectors into a single USB device, making it an essential tool for security professionals conducting physical security assessments.

Documentation: View Bash Bunny Cheatsheet

Batch

Section titled “Batch”

Comprehensive batch commands and workflows for system administration across all platforms.

Documentation: View Batch Cheatsheet

Bazaar

Section titled “Bazaar”

Comprehensive bazaar commands and workflows for system administration across all platforms.

Documentation: View Bazaar Cheatsheet

Beacon

Section titled “Beacon”

Comprehensive beacon commands and workflows for system administration across all platforms.

Documentation: View Beacon Cheatsheet

Beef

Section titled “Beef”

Documentation: View Beef Cheatsheet

Bingoo

Section titled “Bingoo”

Comprehensive bingoo commands and usage patterns for efficient workflow management.

Documentation: View Bingoo Cheatsheet

Binwalk

Section titled “Binwalk”

Documentation: View Binwalk Cheatsheet

Bitbucket

Section titled “Bitbucket”

Comprehensive bitbucket commands and usage patterns for efficient workflow management.

Documentation: View Bitbucket Cheatsheet

Bitlocker

Section titled “Bitlocker”

Comprehensive bitlocker commands and usage patterns for efficient workflow management.

Documentation: View Bitlocker Cheatsheet

Blackeye

Section titled “Blackeye”

Blackeye is a comprehensive phishing tool developed by thelinuxchoice that provides 32+ ready-to-use phishing templates for popular websites and services.

Documentation: View Blackeye Cheatsheet

Bloodhound

Section titled “Bloodhound”

BloodHound is an open-source tool that uses graph theory to reveal hidden and often unintended relationships within an Active Directory (AD) environment.

Documentation: View Bloodhound Cheatsheet

Brackets

Section titled “Brackets”

Comprehensive brackets commands and workflows for system administration across all platforms.

Documentation: View Brackets Cheatsheet

Brakeman

Section titled “Brakeman”

Brakeman is a static analysis security scanner specifically designed for Ruby on Rails applications. It analyzes Rails application code to find security vulnerabilities without requiring the application to be running.

Documentation: View Brakeman Cheatsheet

Brute Ratel C4

Section titled “Brute Ratel C4”

Documentation: View Brute Ratel C4 Cheatsheet

Brutespray

Section titled “Brutespray”

Comprehensive brutespray commands and workflows for system administration across all platforms.

Documentation: View Brutespray Cheatsheet

Bugsy

Section titled “Bugsy”

Specialized tool for technical operations

Documentation: View Bugsy Cheatsheet

Bully

Section titled “Bully”

Comprehensive bully commands and workflows for system administration across all platforms.

Documentation: View Bully Cheatsheet

Bundler

Section titled “Bundler”

Comprehensive bundler commands and workflows for system administration across all platforms.

Documentation: View Bundler Cheatsheet

Burp

Section titled “Burp”

Comprehensive burp commands and usage patterns for efficient workflow management.

Documentation: View Burp Cheatsheet

Bwapp

Section titled “Bwapp”

Comprehensive bwapp commands and workflows for software development across all platforms.

Documentation: View Bwapp Cheatsheet

Bzr

Section titled “Bzr”

Comprehensive bzr commands and workflows for system administration across all platforms.

Documentation: View Bzr Cheatsheet

Caine

Section titled “Caine”

Comprehensive caine commands and usage patterns for efficient workflow management.

Documentation: View Caine Cheatsheet

Censys

Section titled “Censys”

Comprehensive censys commands and workflows for system administration across all platforms.

Documentation: View Censys Cheatsheet

Censys Python

Section titled “Censys Python”

Comprehensive censys-python commands and workflows for system administration across all platforms.

Documentation: View Censys Python Cheatsheet

Cewl

Section titled “Cewl”

Comprehensive cewl commands and usage patterns for efficient workflow management.

Documentation: View Cewl Cheatsheet

Chai

Section titled “Chai”

Comprehensive chai commands and usage patterns for efficient workflow management.

Documentation: View Chai Cheatsheet

Cheatsheet God

Section titled “Cheatsheet God”

Comprehensive cheatsheet-god commands and workflows for system administration across all platforms.

Documentation: View Cheatsheet God Cheatsheet

Checkmarx

Section titled “Checkmarx”

Comprehensive checkmarx commands and workflows for system administration across all platforms.

Documentation: View Checkmarx Cheatsheet

Chef

Section titled “Chef”

Comprehensive chef commands and workflows for system administration across all platforms.

Documentation: View Chef Cheatsheet

Chisel

Section titled “Chisel”

Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. It’s a powerful tool for network pivoting, port forwarding, and bypassing firewalls.

Documentation: View Chisel Cheatsheet

Chocolatey

Section titled “Chocolatey”

Comprehensive chocolatey commands and workflows for system administration across all platforms.

Documentation: View Chocolatey Cheatsheet

Clair

Section titled “Clair”

Comprehensive clair commands and usage patterns for efficient workflow management.

Documentation: View Clair Cheatsheet

Class Dump

Section titled “Class Dump”

Comprehensive class-dump commands and workflows for system administration across all platforms.

Documentation: View Class Dump Cheatsheet

Cloud Scout

Section titled “Cloud Scout”

Cloud Scout is an open-source tool developed by Sygnia for cloud security mapping and attack path visualization across hybrid cloud environments. This comprehensive platform provides security teams with the ability to map cloud infrastructure, identify attack paths, and visualize potential security risks across AWS, Azure, and Google Cloud Platform environments.

Documentation: View Cloud Scout Cheatsheet

Cloudflare

Section titled “Cloudflare”

Comprehensive cloudflare commands and workflows for system administration across all platforms.

Documentation: View Cloudflare Cheatsheet

Cloudfox

Section titled “Cloudfox”

AWS security assessment tool for cloud penetration testing - Essential commands and usage patterns.

Documentation: View Cloudfox Cheatsheet

Cloudgoat

Section titled “Cloudgoat”

Comprehensive cloudgoat commands and workflows for system administration across all platforms.

Documentation: View Cloudgoat Cheatsheet

Cloudlist

Section titled “Cloudlist”

Documentation: View Cloudlist Cheatsheet

Cloudsploit

Section titled “Cloudsploit”

Comprehensive cloudsploit commands and usage patterns for efficient workflow management.

Documentation: View Cloudsploit Cheatsheet

Cobalt Strike

Section titled “Cobalt Strike”

Documentation: View Cobalt Strike Cheatsheet

Codeql

Section titled “Codeql”

Comprehensive codeql commands and workflows for software development across all platforms.

Documentation: View Codeql Cheatsheet

Composer

Section titled “Composer”

Comprehensive composer commands and workflows for system administration across all platforms.

Documentation: View Composer Cheatsheet

Comsvcs

Section titled “Comsvcs”

Comprehensive comsvcs commands and workflows for system administration across all platforms.

Documentation: View Comsvcs Cheatsheet

Conda

Section titled “Conda”

Comprehensive conda commands and workflows for system administration across all platforms.

Documentation: View Conda Cheatsheet

Context7

Section titled “Context7”

Context7 is a Model Context Protocol (MCP) server that provides AI coding tools with access to up-to-date, version-specific documentation for 1000+ libraries and frameworks.

Documentation: View Context7 Cheatsheet

Continue Dev

Section titled “Continue Dev”

Continue.dev is an open-source AI code assistant that puts developers in complete control. It’s model-agnostic, highly customizable, and can run with any LLM provider or locally hosted models.

Documentation: View Continue Dev Cheatsheet

Cortex

Section titled “Cortex”

Specialized tool for technical operations

Documentation: View Cortex Cheatsheet

Couchdb

Section titled “Couchdb”

Comprehensive couchdb commands and usage patterns for efficient workflow management.

Documentation: View Couchdb Cheatsheet

Covenant

Section titled “Covenant”

Documentation: View Covenant Cheatsheet

Coverage

Section titled “Coverage”

Comprehensive coverage commands and workflows for system administration across all platforms.

Documentation: View Coverage Cheatsheet

Cowpatty

Section titled “Cowpatty”

Comprehensive cowpatty commands and usage patterns for efficient workflow management.

Documentation: View Cowpatty Cheatsheet

Crackmapexec

Section titled “Crackmapexec”

Documentation: View Crackmapexec Cheatsheet

Crewai

Section titled “Crewai”

Documentation: View Crewai Cheatsheet

Cron

Section titled “Cron”

Comprehensive cron commands and workflows for system administration across all platforms.

Documentation: View Cron Cheatsheet

Crontab

Section titled “Crontab”

Comprehensive crontab commands and workflows for system administration across all platforms.

Documentation: View Crontab Cheatsheet

Crowbar

Section titled “Crowbar”

Comprehensive crowbar commands and usage patterns for efficient workflow management.

Documentation: View Crowbar Cheatsheet

Crunch

Section titled “Crunch”

Comprehensive crunch commands and usage patterns for efficient workflow management.

Documentation: View Crunch Cheatsheet

Cti Python Stix2

Section titled “Cti Python Stix2”

Comprehensive cti-python-stix2 commands and usage patterns for efficient workflow management.

Documentation: View Cti Python Stix2 Cheatsheet

Cupp

Section titled “Cupp”

Comprehensive cupp commands and workflows for system administration across all platforms.

Documentation: View Cupp Cheatsheet

Datadog

Section titled “Datadog”

Comprehensive datadog commands and usage patterns for efficient workflow management.

Documentation: View Datadog Cheatsheet

Dc3Dd

Section titled “Dc3Dd”

Comprehensive dc3dd commands and workflows for system administration across all platforms.

Documentation: View Dc3Dd Cheatsheet

Dcfldd

Section titled “Dcfldd”

Comprehensive dcfldd commands and workflows for system administration across all platforms.

Documentation: View Dcfldd Cheatsheet

Dd

Section titled “Dd”

Comprehensive dd commands and usage patterns for efficient workflow management.

Documentation: View Dd Cheatsheet

Decryptautologon

Section titled “Decryptautologon”

Tool for decrypting Windows AutoLogon credentials - Essential commands and usage patterns.

Documentation: View Decryptautologon Cheatsheet

Deimosc2

Section titled “Deimosc2”

Documentation: View Deimosc2 Cheatsheet

Detours

Section titled “Detours”

Comprehensive detours commands and workflows for system administration across all platforms.

Documentation: View Detours Cheatsheet

Dex2Jar

Section titled “Dex2Jar”

Comprehensive dex2jar commands and workflows for system administration across all platforms.

Documentation: View Dex2Jar Cheatsheet

Dia Browser

Section titled “Dia Browser”

Documentation: View Dia Browser Cheatsheet

Exploitdb

Section titled “Exploitdb”

ExploitDB is a comprehensive archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers.

Documentation: View Exploitdb Cheatsheet

Fast Google Dorks Scan

Section titled “Fast Google Dorks Scan”

Comprehensive fast-google-dorks-scan commands and workflows for security testing and analysis across all platforms.

Documentation: View Fast Google Dorks Scan Cheatsheet

Golden Guide For Pentesting

Section titled “Golden Guide For Pentesting”

Comprehensive golden-guide-for-pentesting commands and workflows for security testing and analysis across all platforms.

Documentation: View Golden Guide For Pentesting Cheatsheet

Java Deserialization Scanner

Section titled “Java Deserialization Scanner”

Comprehensive java-deserialization-scanner commands and usage patterns for efficient workflow management.

Documentation: View Java Deserialization Scanner Cheatsheet

Javascript Malware Collection

Section titled “Javascript Malware Collection”

Comprehensive javascript-malware-collection commands and workflows for system administration across all platforms.

Documentation: View Javascript Malware Collection Cheatsheet

John

Section titled “John”

Comprehensive john commands and workflows for system administration across all platforms.

Documentation: View John Cheatsheet

Linux Exploit Suggester

Section titled “Linux Exploit Suggester”

Comprehensive linux-exploit-suggester commands and workflows for security testing and analysis across all platforms.

Documentation: View Linux Exploit Suggester Cheatsheet

Masscan

Section titled “Masscan”

Documentation: View Masscan Cheatsheet

Metasploit Framework

Section titled “Metasploit Framework”

The Metasploit Framework is the world’s most widely used penetration testing framework, developed by Rapid7. Originally created by H.D. Moore in 2003, Metasploit has evolved into the de facto standard for exploit development, vulnerability validation, and penetration testing.

Documentation: View Metasploit Framework Cheatsheet

Metasploitable

Section titled “Metasploitable”

Specialized tool for technical operations

Documentation: View Metasploitable Cheatsheet

Nbtscan

Section titled “Nbtscan”

Comprehensive nbtscan commands and workflows for security testing and analysis across all platforms.

Documentation: View Nbtscan Cheatsheet

Openshift

Section titled “Openshift”

Comprehensive openshift commands and workflows for security testing and analysis across all platforms.

Documentation: View Openshift Cheatsheet

Openssl

Section titled “Openssl”

Comprehensive openssl commands and workflows for security testing and analysis across all platforms.

Documentation: View Openssl Cheatsheet

Opentelemetry

Section titled “Opentelemetry”

Comprehensive opentelemetry commands and workflows for security testing and analysis across all platforms.

Documentation: View Opentelemetry Cheatsheet

Opentracing

Section titled “Opentracing”

Comprehensive opentracing commands and usage patterns for efficient workflow management.

Documentation: View Opentracing Cheatsheet

Openvas

Section titled “Openvas”

OpenVAS (Open Vulnerability Assessment System) is a full-featured vulnerability scanner that provides comprehensive vulnerability management capabilities.

Documentation: View Openvas Cheatsheet

Owasp Api Security Top 10

Section titled “Owasp Api Security Top 10”

Specialized tool for technical operations

Documentation: View Owasp Api Security Top 10 Cheatsheet

Owasp Dependency Check

Section titled “Owasp Dependency Check”

OWASP Dependency-Check is a Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project’s dependencies.

Documentation: View Owasp Dependency Check Cheatsheet

Owasp Threat Dragon Desktop

Section titled “Owasp Threat Dragon Desktop”

Comprehensive owasp-threat-dragon-desktop commands and usage patterns for efficient workflow management.

Documentation: View Owasp Threat Dragon Desktop Cheatsheet

Ptf Pentesters Framework

Section titled “Ptf Pentesters Framework”

Specialized tool for technical operations

Documentation: View Ptf Pentesters Framework Cheatsheet

Python Pentest Tools

Section titled “Python Pentest Tools”

Comprehensive python-pentest-tools commands and usage patterns for efficient workflow management.

Documentation: View Python Pentest Tools Cheatsheet

Thc Hydra

Section titled “Thc Hydra”

Comprehensive thc-hydra commands and workflows for system administration across all platforms.

Documentation: View Thc Hydra Cheatsheet

Threathunting Keywords

Section titled “Threathunting Keywords”

Specialized tool for technical operations

Documentation: View Threathunting Keywords Cheatsheet

Unicornscan

Section titled “Unicornscan”

Asynchronous network stimulus delivery and response framework - Essential commands and usage patterns.

Documentation: View Unicornscan Cheatsheet

Windows Exploit Suggester

Section titled “Windows Exploit Suggester”

Comprehensive windows-exploit-suggester commands and workflows for security testing and analysis across all platforms.

Documentation: View Windows Exploit Suggester Cheatsheet

Django

Section titled “Django”

Comprehensive django commands and usage patterns for efficient workflow management.

Documentation: View Django Cheatsheet

Express

Section titled “Express”

Fast, unopinionated web framework for Node.js applications - Essential commands and usage patterns.

Documentation: View Express Cheatsheet

Go For Javascript Developers

Section titled “Go For Javascript Developers”

Comprehensive go-for-javascript-developers commands and workflows for software development across all platforms.

Documentation: View Go For Javascript Developers Cheatsheet

Nginx

Section titled “Nginx”

Comprehensive nginx commands and usage patterns for efficient workflow management.

Documentation: View Nginx Cheatsheet

Nodegoat

Section titled “Nodegoat”

Comprehensive nodegoat commands and workflows for system administration across all platforms.

Documentation: View Nodegoat Cheatsheet

React

Section titled “React”

Comprehensive react commands and workflows for system administration across all platforms.

Documentation: View React Cheatsheet

Vue

Section titled “Vue”

Comprehensive vue commands and usage patterns for efficient workflow management.

Documentation: View Vue Cheatsheet

Webscreenshot

Section titled “Webscreenshot”

Comprehensive webscreenshot commands and workflows for software development across all platforms.

Documentation: View Webscreenshot Cheatsheet

Zap Api Nodejs

Section titled “Zap Api Nodejs”

Node.js API client for OWASP ZAP security testing proxy - Essential commands and usage patterns.

Documentation: View Zap Api Nodejs Cheatsheet

Enum4Linux

Section titled “Enum4Linux”

Comprehensive enum4linux commands and usage patterns for efficient workflow management.

Documentation: View Enum4Linux Cheatsheet

Linux File Management

Section titled “Linux File Management”

Linux file management encompasses the essential commands and techniques for navigating, organizing, and manipulating files and directories in Linux systems.

Documentation: View Linux File Management Cheatsheet

Linux Network Commands

Section titled “Linux Network Commands”

Documentation: View Linux Network Commands Cheatsheet

Linux Process Management

Section titled “Linux Process Management”

Documentation: View Linux Process Management Cheatsheet

Linux Text Processing

Section titled “Linux Text Processing”

Documentation: View Linux Text Processing Cheatsheet

Linuxprivchecker

Section titled “Linuxprivchecker”

Linux privilege escalation enumeration script - Essential commands and usage patterns.

Documentation: View Linuxprivchecker Cheatsheet

Mcp Servers

Section titled “Mcp Servers”

Documentation: View Mcp Servers Cheatsheet

Nanodump

Section titled “Nanodump”

Comprehensive nanodump commands and workflows for system administration across all platforms.

Documentation: View Nanodump Cheatsheet

Powershell Empire

Section titled “Powershell Empire”

Comprehensive powershell-empire commands and workflows for system administration across all platforms.

Documentation: View Powershell Empire Cheatsheet

Serverless Goat

Section titled “Serverless Goat”

Comprehensive serverless-goat commands and workflows for system administration across all platforms.

Documentation: View Serverless Goat Cheatsheet

Sshuttle

Section titled “Sshuttle”

Comprehensive sshuttle commands and workflows for system administration across all platforms.

Documentation: View Sshuttle Cheatsheet

Systemctl

Section titled “Systemctl”

Comprehensive systemctl commands and usage patterns for efficient workflow management.

Documentation: View Systemctl Cheatsheet

Systemd

Section titled “Systemd”

Comprehensive systemd commands and workflows for system administration across all platforms.

Documentation: View Systemd Cheatsheet

Github Copilot

Section titled “Github Copilot”

GitHub Copilot is an AI-powered code completion tool developed by GitHub and OpenAI. It provides intelligent code suggestions, generates entire functions, and assists with documentation and testing.

Documentation: View Github Copilot Cheatsheet

Goatrider

Section titled “Goatrider”

Comprehensive goatrider commands and workflows for system administration across all platforms.

Documentation: View Goatrider Cheatsheet

Linpmem

Section titled “Linpmem”

Linux physical memory acquisition tool for forensic analysis - Essential commands and usage patterns.

Documentation: View Linpmem Cheatsheet

Paramspider

Section titled “Paramspider”

Comprehensive paramspider commands and usage patterns for efficient workflow management.

Documentation: View Paramspider Cheatsheet

Pip

Section titled “Pip”

Comprehensive pip commands and usage patterns for efficient workflow management.

Documentation: View Pip Cheatsheet

Steghide

Section titled “Steghide”

Comprehensive steghide commands and usage patterns for efficient workflow management.

Documentation: View Steghide Cheatsheet

Veracode

Section titled “Veracode”

Comprehensive veracode commands and workflows for software development across all platforms.

Documentation: View Veracode Cheatsheet

Winpmem

Section titled “Winpmem”

Comprehensive winpmem commands and workflows for system administration across all platforms.

Documentation: View Winpmem Cheatsheet

Findomain

Section titled “Findomain”

Comprehensive findomain commands and workflows for system administration across all platforms.

Documentation: View Findomain Cheatsheet

Goodfaith

Section titled “Goodfaith”

Comprehensive goodfaith commands and workflows for system administration across all platforms.

Documentation: View Goodfaith Cheatsheet

Google Domain Fronting

Section titled “Google Domain Fronting”

Comprehensive google-domain-fronting commands and usage patterns for efficient workflow management.

Documentation: View Google Domain Fronting Cheatsheet

Langchain

Section titled “Langchain”

LangChain is a comprehensive framework for developing applications powered by large language models (LLMs), designed to simplify every stage of the LLM application lifecycle from development to deploy…

Documentation: View Langchain Cheatsheet

Llamaindex

Section titled “Llamaindex”

LlamaIndex is a powerful data framework designed to connect large language models (LLMs) with external data sources, enabling the creation of sophisticated retrieval-augmented generation (RAG) applica…

Documentation: View Llamaindex Cheatsheet

Railsgoat

Section titled “Railsgoat”

Comprehensive railsgoat commands and workflows for system administration across all platforms.

Documentation: View Railsgoat Cheatsheet

Villain

Section titled “Villain”

Documentation: View Villain Cheatsheet

Elasticsearch

Section titled “Elasticsearch”

Comprehensive elasticsearch commands and workflows for system administration across all platforms.

Documentation: View Elasticsearch Cheatsheet

Elk

Section titled “Elk”

Comprehensive elk commands and workflows for system administration across all platforms.

Documentation: View Elk Cheatsheet

Fakelogonscreen

Section titled “Fakelogonscreen”

Comprehensive fakelogonscreen commands and usage patterns for efficient workflow management.

Documentation: View Fakelogonscreen Cheatsheet

Grafana

Section titled “Grafana”

Comprehensive grafana commands and usage patterns for efficient workflow management.

Documentation: View Grafana Cheatsheet

Prometheus

Section titled “Prometheus”

Comprehensive prometheus commands and workflows for system administration across all platforms.

Documentation: View Prometheus Cheatsheet

Rsyslog

Section titled “Rsyslog”

Comprehensive rsyslog commands and workflows for system administration across all platforms.

Documentation: View Rsyslog Cheatsheet

Syslog Ng

Section titled “Syslog Ng”

Comprehensive syslog-ng commands and workflows for system administration across all platforms.

Documentation: View Syslog Ng Cheatsheet

Winlogon

Section titled “Winlogon”

Comprehensive winlogon commands and workflows for system administration across all platforms.

Documentation: View Winlogon Cheatsheet

Zerologon Bof

Section titled “Zerologon Bof”

Comprehensive zerologon-bof commands and workflows for system administration across all platforms.

Documentation: View Zerologon Bof Cheatsheet

Nagios

Section titled “Nagios”

Comprehensive nagios commands and workflows for system administration across all platforms.

Documentation: View Nagios Cheatsheet

Diagon

Section titled “Diagon”

Comprehensive diagon commands and usage patterns for efficient workflow management.

Documentation: View Diagon Cheatsheet

Dirb

Section titled “Dirb”

Comprehensive dirb commands and usage patterns for efficient workflow management.

Documentation: View Dirb Cheatsheet

Dirbuster

Section titled “Dirbuster”

Comprehensive dirbuster commands and workflows for system administration across all platforms.

Documentation: View Dirbuster Cheatsheet

Dirsearch

Section titled “Dirsearch”

Comprehensive dirsearch commands and usage patterns for efficient workflow management.

Documentation: View Dirsearch Cheatsheet

Dns Management

Section titled “Dns Management”

Documentation: View Dns Management Cheatsheet

Dnspy

Section titled “Dnspy”

dnSpy represents the pinnacle of .NET reverse engineering and debugging technology, serving as the most comprehensive and powerful tool available for analyzing, debugging, and modifying .NET applicati…

Documentation: View Dnspy Cheatsheet

Dnsx

Section titled “Dnsx”

DNSx is a fast and multi-purpose DNS toolkit developed by Project Discovery that allows running multiple DNS probes using the retryabledns library. It’s designed to perform various DNS queries with a focus on speed and reliability.

Documentation: View Dnsx Cheatsheet

Dostackbufferoverflowgood

Section titled “Dostackbufferoverflowgood”

Educational tool for learning stack buffer overflow techniques - Essential commands and usage patterns.

Documentation: View Dostackbufferoverflowgood Cheatsheet

Dradis

Section titled “Dradis”

Dradis is an open-source collaboration and reporting platform designed for information security teams. It provides a centralized location for storing, organizing, and sharing security assessment findings, making it easier for teams to collaborate during penetration tests, vulnerability assessments, and security audits.

Documentation: View Dradis Cheatsheet

Draft

Section titled “Draft”

Comprehensive draft commands and workflows for system administration across all platforms.

Documentation: View Draft Cheatsheet

Drone

Section titled “Drone”

Comprehensive drone commands and workflows for system administration across all platforms.

Documentation: View Drone Cheatsheet

Duckduckgo

Section titled “Duckduckgo”

Privacy-focused search engine and API for developers - Essential commands and usage patterns.

Documentation: View Duckduckgo Cheatsheet

Dumpit

Section titled “Dumpit”

Comprehensive dumpit commands and workflows for system administration across all platforms.

Documentation: View Dumpit Cheatsheet

Eaphammer

Section titled “Eaphammer”

Comprehensive eaphammer commands and workflows for system administration across all platforms.

Documentation: View Eaphammer Cheatsheet

Element

Section titled “Element”

Comprehensive element commands and workflows for system administration across all platforms.

Documentation: View Element Cheatsheet

Elsa

Section titled “Elsa”

Specialized tool for technical operations

Documentation: View Elsa Cheatsheet

Emerge

Section titled “Emerge”

Comprehensive emerge commands and workflows for system administration across all platforms.

Documentation: View Emerge Cheatsheet

Empire

Section titled “Empire”

Documentation: View Empire Cheatsheet

Evilginx2

Section titled “Evilginx2”

EvilGinx2 is a man-in-the-middle attack framework designed for advanced phishing campaigns. It acts as a reverse proxy between the target website and the victim, allowing attackers to capture credentials, session cookies, and bypass two-factor authentication (2FA).

Documentation: View Evilginx2 Cheatsheet

Evilgophish

Section titled “Evilgophish”

Comprehensive evilgophish commands and usage patterns for efficient workflow management.

Documentation: View Evilgophish Cheatsheet

Excel

Section titled “Excel”

Documentation: View Excel Cheatsheet

Exegol

Section titled “Exegol”

Comprehensive exegol commands and workflows for system administration across all platforms.

Documentation: View Exegol Cheatsheet

Exiftool

Section titled “Exiftool”

Comprehensive exiftool commands and workflows for system administration across all platforms.

Documentation: View Exiftool Cheatsheet

Eyewitness

Section titled “Eyewitness”

Comprehensive eyewitness commands and usage patterns for efficient workflow management.

Documentation: View Eyewitness Cheatsheet

Faker

Section titled “Faker”

Library for generating fake data for testing and development - Essential commands and usage patterns.

Documentation: View Faker Cheatsheet

Fastapi

Section titled “Fastapi”

Comprehensive fastapi commands and usage patterns for efficient workflow management.

Documentation: View Fastapi Cheatsheet

Feroxbuster

Section titled “Feroxbuster”

Comprehensive feroxbuster commands and usage patterns for efficient workflow management.

Documentation: View Feroxbuster Cheatsheet

Ffuf

Section titled “Ffuf”

ffuf (Fuzz Faster U Fool) is a fast web fuzzer written in Go. It’s designed to be a versatile tool for web application security testing, capable of fuzzing directories, files, parameters, headers, and more.

Documentation: View Ffuf Cheatsheet

Flamingo

Section titled “Flamingo”

Comprehensive flamingo commands and usage patterns for efficient workflow management.

Documentation: View Flamingo Cheatsheet

Flare Vm

Section titled “Flare Vm”

Comprehensive flare-vm commands and workflows for system administration across all platforms.

Documentation: View Flare Vm Cheatsheet

Section titled “Flink”

Comprehensive flink commands and workflows for system administration across all platforms.

Documentation: View Flink Cheatsheet

Fluxion

Section titled “Fluxion”

Comprehensive fluxion commands and usage patterns for efficient workflow management.

Documentation: View Fluxion Cheatsheet

Foremost

Section titled “Foremost”

Comprehensive foremost commands and usage patterns for efficient workflow management.

Documentation: View Foremost Cheatsheet

Ftkimager

Section titled “Ftkimager”

Comprehensive ftkimager commands and workflows for system administration across all platforms.

Documentation: View Ftkimager Cheatsheet

Gau

Section titled “Gau”

Comprehensive gau commands and workflows for system administration across all platforms.

Documentation: View Gau Cheatsheet

Gedit

Section titled “Gedit”

Comprehensive gedit commands and usage patterns for efficient workflow management.

Documentation: View Gedit Cheatsheet

Gem

Section titled “Gem”

Ruby package manager for installing and managing Ruby libraries - Essential commands and usage patterns.

Documentation: View Gem Cheatsheet

Ghidra

Section titled “Ghidra”

Ghidra represents a revolutionary advancement in reverse engineering tools, developed by the National Security Agency (NSA) and released as open-source software in 2019.

Documentation: View Ghidra Cheatsheet

Ghostpack

Section titled “Ghostpack”

Comprehensive ghostpack commands and usage patterns for efficient workflow management.

Documentation: View Ghostpack Cheatsheet

Go Audit

Section titled “Go Audit”

Comprehensive go-audit commands and usage patterns for efficient workflow management.

Documentation: View Go Audit Cheatsheet

Goad

Section titled “Goad”

Comprehensive goad commands and workflows for system administration across all platforms.

Documentation: View Goad Cheatsheet

Gobuster

Section titled “Gobuster”

Gobuster is a tool used to brute-force URIs (directories and files) in web sites, DNS subdomains, virtual host names on target web servers, and open Amazon S3 buckets.

Documentation: View Gobuster Cheatsheet

Goby

Section titled “Goby”

Comprehensive goby commands and workflows for system administration across all platforms.

Documentation: View Goby Cheatsheet

Gocrack

Section titled “Gocrack”

Comprehensive gocrack commands and workflows for system administration across all platforms.

Documentation: View Gocrack Cheatsheet

Godoh

Section titled “Godoh”

Comprehensive godoh commands and workflows for system administration across all platforms.

Documentation: View Godoh Cheatsheet

Godpotato

Section titled “Godpotato”

Comprehensive godpotato commands and usage patterns for efficient workflow management.

Documentation: View Godpotato Cheatsheet

Goexec

Section titled “Goexec”

Comprehensive goexec commands and workflows for system administration across all platforms.

Documentation: View Goexec Cheatsheet

Gofetch

Section titled “Gofetch”

Comprehensive gofetch commands and workflows for system administration across all platforms.

Documentation: View Gofetch Cheatsheet

Golang

Section titled “Golang”

Comprehensive golang commands and workflows for system administration across all platforms.

Documentation: View Golang Cheatsheet

Goldencopy

Section titled “Goldencopy”

Windows privilege escalation tool for copying files with elevated permissions - Essential commands and usage patterns.

Documentation: View Goldencopy Cheatsheet

Goodhound

Section titled “Goodhound”

BloodHound data analysis tool for Active Directory security assessment - Essential commands and usage patterns.

Documentation: View Goodhound Cheatsheet

Goodork

Section titled “Goodork”

Comprehensive goodork commands and workflows for system administration across all platforms.

Documentation: View Goodork Cheatsheet

Googd0Rker

Section titled “Googd0Rker”

Comprehensive googd0rker commands and usage patterns for efficient workflow management.

Documentation: View Googd0Rker Cheatsheet

Goohak

Section titled “Goohak”

Comprehensive goohak commands and workflows for system administration across all platforms.

Documentation: View Goohak Cheatsheet

Gopher

Section titled “Gopher”

Comprehensive gopher commands and workflows for system administration across all platforms.

Documentation: View Gopher Cheatsheet

Gopherus

Section titled “Gopherus”

Comprehensive gopherus commands and workflows for system administration across all platforms.

Documentation: View Gopherus Cheatsheet

Gophish

Section titled “Gophish”

Documentation: View Gophish Cheatsheet

Gosint

Section titled “Gosint”

Comprehensive gosint commands and workflows for system administration across all platforms.

Documentation: View Gosint Cheatsheet

Goversioninfo

Section titled “Goversioninfo”

Comprehensive goversioninfo commands and workflows for system administration across all platforms.

Documentation: View Goversioninfo Cheatsheet

Gowitness

Section titled “Gowitness”

Comprehensive gowitness commands and workflows for system administration across all platforms.

Documentation: View Gowitness Cheatsheet

Gpg

Section titled “Gpg”

Comprehensive gpg commands and workflows for system administration across all platforms.

Documentation: View Gpg Cheatsheet

Gruyere

Section titled “Gruyere”

Comprehensive gruyere commands and workflows for system administration across all platforms.

Documentation: View Gruyere Cheatsheet

Guymager

Section titled “Guymager”

Comprehensive guymager commands and usage patterns for efficient workflow management.

Documentation: View Guymager Cheatsheet

Harness

Section titled “Harness”

Comprehensive harness commands and usage patterns for efficient workflow management.

Documentation: View Harness Cheatsheet

Havoc

Section titled “Havoc”

Documentation: View Havoc Cheatsheet

Helm

Section titled “Helm”

Comprehensive helm commands and workflows for system administration across all platforms.

Documentation: View Helm Cheatsheet

Hexdump

Section titled “Hexdump”

Comprehensive hexdump commands and workflows for system administration across all platforms.

Documentation: View Hexdump Cheatsheet

Hexway Hive

Section titled “Hexway Hive”

Specialized tool for technical operations

Documentation: View Hexway Hive Cheatsheet

Hg

Section titled “Hg”

Comprehensive hg commands and workflows for system administration across all platforms.

Documentation: View Hg Cheatsheet

Host

Section titled “Host”

Documentation: View Host Cheatsheet

Hping3

Section titled “Hping3”

Comprehensive hping3 commands and workflows for system administration across all platforms.

Documentation: View Hping3 Cheatsheet

Httpx

Section titled “Httpx”

HTTPX is a fast and multi-purpose HTTP toolkit developed by Project Discovery that allows running multiple probes using the retryablehttp library. It is designed to maintain the result reliability with increased threads and is optimized for large-scale scanning.

Documentation: View Httpx Cheatsheet

Hyper

Section titled “Hyper”

Comprehensive hyper commands and usage patterns for efficient workflow management.

Documentation: View Hyper Cheatsheet

Icinga

Section titled “Icinga”

Comprehensive icinga commands and workflows for DevOps and infrastructure management across all platforms.

Documentation: View Icinga Cheatsheet

Ida

Section titled “Ida”

Comprehensive ida commands and workflows for system administration across all platforms.

Documentation: View Ida Cheatsheet

Ida Pro

Section titled “Ida Pro”

IDA Pro stands as the undisputed industry standard for reverse engineering and binary analysis, representing over three decades of continuous development and refinement in disassembly technology.

Documentation: View Ida Pro Cheatsheet

Immunity

Section titled “Immunity”

Comprehensive immunity commands and workflows for system administration across all platforms.

Documentation: View Immunity Cheatsheet

Impacket

Section titled “Impacket”

Impacket is a collection of Python classes for working with network protocols. It provides low-level programmatic access to packets and implements several protocols including SMB, MSRPC, and Kerberos.

Documentation: View Impacket Cheatsheet

Init

Section titled “Init”

Comprehensive init commands and workflows for system administration across all platforms.

Documentation: View Init Cheatsheet

Insomnia

Section titled “Insomnia”

Specialized tool for technical operations

Documentation: View Insomnia Cheatsheet

Interactsh

Section titled “Interactsh”

Documentation: View Interactsh Cheatsheet

Invoke Obfuscation

Section titled “Invoke Obfuscation”

Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator. It was designed to assist red teamers and penetration testers in bypassing antivirus, application whitelisting, and other defensive measures by obfuscating PowerShell scripts and commands.

Documentation: View Invoke Obfuscation Cheatsheet

Istio

Section titled “Istio”

Comprehensive istio commands and usage patterns for efficient workflow management.

Documentation: View Istio Cheatsheet

Jaeger

Section titled “Jaeger”

Comprehensive jaeger commands and workflows for system administration across all platforms.

Documentation: View Jaeger Cheatsheet

Java Idx Parser

Section titled “Java Idx Parser”

Specialized tool for technical operations

Documentation: View Java Idx Parser Cheatsheet

Jenkins

Section titled “Jenkins”

Comprehensive jenkins commands and workflows for system administration across all platforms.

Documentation: View Jenkins Cheatsheet

Joe

Section titled “Joe”

Comprehensive joe commands and workflows for system administration across all platforms.

Documentation: View Joe Cheatsheet

Judas

Section titled “Judas”

Judas is a pluggable phishing proxy developed by joncooperworks that specializes in real-time website cloning through reverse proxy functionality. Unlike static phishing pages, Judas creates dynamic clones that mirror the target website’s behavior, including JavaScript execution, form submissions, and session management.

Documentation: View Judas Cheatsheet

Juice Shop

Section titled “Juice Shop”

Comprehensive juice-shop commands and workflows for system administration across all platforms.

Documentation: View Juice Shop Cheatsheet

Jupyter

Section titled “Jupyter”

Comprehensive Jupyter Notebook shortcuts and workflows for data science and interactive computing.

Documentation: View Jupyter Cheatsheet

K8S

Section titled “K8S”

Comprehensive k8s commands and workflows for DevOps and infrastructure management across all platforms.

Documentation: View K8S Cheatsheet

Kafka

Section titled “Kafka”

Comprehensive kafka commands and usage patterns for efficient workflow management.

Documentation: View Kafka Cheatsheet

Karma

Section titled “Karma”

Comprehensive karma commands and workflows for system administration across all platforms.

Documentation: View Karma Cheatsheet

Katana

Section titled “Katana”

Katana is a fast and customizable web crawling framework developed by Project Discovery. It’s designed to crawl websites efficiently to gather information and discover endpoints.

Documentation: View Katana Cheatsheet

Kerberoast

Section titled “Kerberoast”

Comprehensive kerberoast commands and usage patterns for efficient workflow management.

Documentation: View Kerberoast Cheatsheet

Keybase

Section titled “Keybase”

Comprehensive keybase commands and usage patterns for efficient workflow management.

Documentation: View Keybase Cheatsheet

Kibana

Section titled “Kibana”

Data visualization and exploration tool for Elasticsearch - Essential commands and usage patterns.

Documentation: View Kibana Cheatsheet

Kind

Section titled “Kind”

Tool for running local Kubernetes clusters using Docker containers - Essential commands and usage patterns.

Documentation: View Kind Cheatsheet

King Phisher

Section titled “King Phisher”

King Phisher is a professional-grade phishing campaign toolkit developed by RSM US LLP for testing and promoting user awareness by simulating real-world phishing attacks.

Documentation: View King Phisher Cheatsheet

Kingofbugbountytips

Section titled “Kingofbugbountytips”

Comprehensive kingofbugbountytips commands and workflows for system administration across all platforms.

Documentation: View Kingofbugbountytips Cheatsheet

Kismet

Section titled “Kismet”

Kismet is a wireless network and device detector, sniffer, wardriving tool, and WIDS (wireless intrusion detection) framework. It works with Wi-Fi interfaces, Bluetooth interfaces, some SDR (software defined radio) hardware like the RTLSDR, and other specialized capture hardware.

Documentation: View Kismet Cheatsheet

Kiwi

Section titled “Kiwi”

Comprehensive kiwi commands and workflows for system administration across all platforms.

Documentation: View Kiwi Cheatsheet

Knockpy

Section titled “Knockpy”

Comprehensive knockpy commands and usage patterns for efficient workflow management.

Documentation: View Knockpy Cheatsheet

Koadic

Section titled “Koadic”

Documentation: View Koadic Cheatsheet

Kong

Section titled “Kong”

Comprehensive kong commands and workflows for system administration across all platforms.

Documentation: View Kong Cheatsheet

Kube Bench

Section titled “Kube Bench”

Comprehensive kube-bench commands and workflows for system administration across all platforms.

Documentation: View Kube Bench Cheatsheet

Langgraph

Section titled “Langgraph”

LangGraph represents a paradigm shift in building AI agent workflows, offering a stateful, orchestration framework that brings unprecedented control and flexibility to agent-based applications.

Documentation: View Langgraph Cheatsheet

Lazagne

Section titled “Lazagne”

Comprehensive lazagne commands and usage patterns for efficient workflow management.

Documentation: View Lazagne Cheatsheet

Ldd

Section titled “Ldd”

Comprehensive ldd commands and workflows for system administration across all platforms.

Documentation: View Ldd Cheatsheet

Lighttpd

Section titled “Lighttpd”

Comprehensive lighttpd commands and workflows for network operations across all platforms.

Documentation: View Lighttpd Cheatsheet

Ligolo

Section titled “Ligolo”

Comprehensive ligolo commands and usage patterns for efficient workflow management.

Documentation: View Ligolo Cheatsheet

Ligolo Ng

Section titled “Ligolo Ng”

Comprehensive ligolo-ng commands and workflows for system administration across all platforms.

Documentation: View Ligolo Ng Cheatsheet

Linenum

Section titled “Linenum”

Comprehensive linenum commands and workflows for system administration across all platforms.

Documentation: View Linenum Cheatsheet

Linkerd

Section titled “Linkerd”

Service mesh for Kubernetes providing observability and security - Essential commands and usage patterns.

Documentation: View Linkerd Cheatsheet

Linpeas

Section titled “Linpeas”

Comprehensive linpeas commands and workflows for system administration across all platforms.

Documentation: View Linpeas Cheatsheet

Lldb

Section titled “Lldb”

Comprehensive lldb commands and workflows for system administration across all platforms.

Documentation: View Lldb Cheatsheet

Lovable Dev

Section titled “Lovable Dev”

Lovable.dev is an AI-powered full-stack development platform that enables users to create production-ready web applications through natural language conversations.

Documentation: View Lovable Dev Cheatsheet

Lsassy

Section titled “Lsassy”

Python library for remotely extracting credentials from lsass - Essential commands and usage patterns.

Documentation: View Lsassy Cheatsheet

Ltrace

Section titled “Ltrace”

Comprehensive ltrace commands and usage patterns for efficient workflow management.

Documentation: View Ltrace Cheatsheet

Luks

Section titled “Luks”

Comprehensive luks commands and workflows for system administration across all platforms.

Documentation: View Luks Cheatsheet

Lynis

Section titled “Lynis”

Lynis is an open-source security auditing tool for Unix-based systems (Linux, macOS, BSD). It performs comprehensive security scans to assess system hardening, compliance, and security posture.

Documentation: View Lynis Cheatsheet

Maltego Telegram

Section titled “Maltego Telegram”

Comprehensive maltego-telegram commands and usage patterns for efficient workflow management.

Documentation: View Maltego Telegram Cheatsheet

Medusa

Section titled “Medusa”

Comprehensive medusa commands and workflows for system administration across all platforms.

Documentation: View Medusa Cheatsheet

Meg

Section titled “Meg”

Comprehensive meg commands and usage patterns for efficient workflow management.

Documentation: View Meg Cheatsheet

Megatron Java

Section titled “Megatron Java”

Comprehensive megatron-java commands and workflows for system administration across all platforms.

Documentation: View Megatron Java Cheatsheet

Memcached

Section titled “Memcached”

Comprehensive memcached commands and workflows for system administration across all platforms.

Documentation: View Memcached Cheatsheet

Mercurial

Section titled “Mercurial”

Comprehensive mercurial commands and workflows for system administration across all platforms.

Documentation: View Mercurial Cheatsheet

Merlin

Section titled “Merlin”

Documentation: View Merlin Cheatsheet

Metabigor

Section titled “Metabigor”

Comprehensive metabigor commands and workflows for system administration across all platforms.

Documentation: View Metabigor Cheatsheet

Metagoofil

Section titled “Metagoofil”

Comprehensive metagoofil commands and workflows for system administration across all platforms.

Documentation: View Metagoofil Cheatsheet

Meterpreter

Section titled “Meterpreter”

Comprehensive meterpreter commands and usage patterns for efficient workflow management.

Documentation: View Meterpreter Cheatsheet

Microburst

Section titled “Microburst”

Documentation: View Microburst Cheatsheet

Mimikatz

Section titled “Mimikatz”

Documentation: View Mimikatz Cheatsheet

Mix

Section titled “Mix”

Comprehensive mix commands and workflows for system administration across all platforms.

Documentation: View Mix Cheatsheet

Modlishka

Section titled “Modlishka”

Modlishka is an advanced reverse proxy phishing tool developed by drk1wi that enables sophisticated phishing attacks with 2FA bypass capabilities and session hijacking.

Documentation: View Modlishka Cheatsheet

Msfconsole

Section titled “Msfconsole”

Comprehensive msfconsole commands and workflows for system administration across all platforms.

Documentation: View Msfconsole Cheatsheet

Msfvenom

Section titled “Msfvenom”

Comprehensive msfvenom commands and workflows for system administration across all platforms.

Documentation: View Msfvenom Cheatsheet

Mutillidae

Section titled “Mutillidae”

Comprehensive mutillidae commands and workflows for system administration across all platforms.

Documentation: View Mutillidae Cheatsheet

Mythic

Section titled “Mythic”

Documentation: View Mythic Cheatsheet

N8N

Section titled “N8N”

n8n is a powerful, open-source workflow automation platform that enables users to connect different systems, services, and APIs to create automated workflows with minimal coding.

Documentation: View N8N Cheatsheet

Naabu

Section titled “Naabu”

Naabu is a fast port scanner written in Go by Project Discovery. It’s designed with a focus on reliability and simplicity, making it an excellent tool for attack surface discovery.

Documentation: View Naabu Cheatsheet

Nats

Section titled “Nats”

Comprehensive nats commands and usage patterns for efficient workflow management.

Documentation: View Nats Cheatsheet

Nc

Section titled “Nc”

Comprehensive nc commands and usage patterns for efficient workflow management.

Documentation: View Nc Cheatsheet

Ncat

Section titled “Ncat”

Comprehensive ncat commands and usage patterns for efficient workflow management.

Documentation: View Ncat Cheatsheet

Ncrack

Section titled “Ncrack”

Comprehensive ncrack commands and usage patterns for efficient workflow management.

Documentation: View Ncrack Cheatsheet

Needle

Section titled “Needle”

Comprehensive needle commands and workflows for system administration across all platforms.

Documentation: View Needle Cheatsheet

Neo4J

Section titled “Neo4J”

Comprehensive neo4j commands and workflows for system administration across all platforms.

Documentation: View Neo4J Cheatsheet

Netcat

Section titled “Netcat”

Comprehensive netcat commands and workflows for network operations across all platforms.

Documentation: View Netcat Cheatsheet

Netdiscover

Section titled “Netdiscover”

Comprehensive netdiscover commands and usage patterns for efficient workflow management.

Documentation: View Netdiscover Cheatsheet

Networkminer

Section titled “Networkminer”

NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows that can detect operating systems, sessions, hostnames, open ports, and more by analyzing network traffic captured in PCAP files.

Documentation: View Networkminer Cheatsheet

Nexpose

Section titled “Nexpose”

Vulnerability management and security assessment tool - Essential commands and usage patterns.

Documentation: View Nexpose Cheatsheet

Next.Js

Section titled “Next.Js”

Comprehensive next.js commands and workflows for system administration across all platforms.

Documentation: View Next.Js Cheatsheet

Ngrok

Section titled “Ngrok”

Comprehensive ngrok commands and usage patterns for efficient workflow management.

Documentation: View Ngrok Cheatsheet

Nikto

Section titled “Nikto”

Nikto is an Open Source web server scanner that performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versi…

Documentation: View Nikto Cheatsheet

Ninja

Section titled “Ninja”

Comprehensive ninja commands and usage patterns for efficient workflow management.

Documentation: View Ninja Cheatsheet

Nix

Section titled “Nix”

Comprehensive nix commands and usage patterns for efficient workflow management.

Documentation: View Nix Cheatsheet

Nm

Section titled “Nm”

Comprehensive nm commands and workflows for system administration across all platforms.

Documentation: View Nm Cheatsheet

Notify

Section titled “Notify”

Notify is a versatile notification system developed by Project Discovery that allows sending real-time notifications to various platforms and services.

Documentation: View Notify Cheatsheet

Notion

Section titled “Notion”

Documentation: View Notion Cheatsheet

Nslookup

Section titled “Nslookup”

nslookup is a network administration command-line tool for querying the Domain Name System (DNS) to obtain domain name or IP address mapping, or other DNS records.

Documentation: View Nslookup Cheatsheet

Nuclei

Section titled “Nuclei”

Nuclei is a fast, template-based vulnerability scanner developed by Project Discovery. It focuses on providing extensive configurability, massive extensibility, and ease of use.

Documentation: View Nuclei Cheatsheet

Nuget

Section titled “Nuget”

Comprehensive nuget commands and workflows for system administration across all platforms.

Documentation: View Nuget Cheatsheet

Objdump

Section titled “Objdump”

Comprehensive objdump commands and workflows for system administration across all platforms.

Documentation: View Objdump Cheatsheet

Obsidian

Section titled “Obsidian”

Obsidian is a powerful knowledge management and note-taking application that uses linked thought and graph visualization to help you build a second brain.

Documentation: View Obsidian Cheatsheet

Ollydbg

Section titled “Ollydbg”

Comprehensive ollydbg commands and workflows for system administration across all platforms.

Documentation: View Ollydbg Cheatsheet

Onesixtyone

Section titled “Onesixtyone”

Comprehensive onesixtyone commands and workflows for system administration across all platforms.

Documentation: View Onesixtyone Cheatsheet

Ossec

Section titled “Ossec”

OSSEC is a comprehensive open-source Host-based Intrusion Detection System (HIDS) that provides log analysis, file integrity monitoring, policy monitoring, rootkit detection, real-time alerting, and a…

Documentation: View Ossec Cheatsheet

Outguess

Section titled “Outguess”

Steganography tool for hiding data in JPEG images - Essential commands and usage patterns.

Documentation: View Outguess Cheatsheet

Owasp Amass

Section titled “Owasp Amass”

OWASP Amass is an open-source network mapping and external asset discovery tool that helps information security professionals discover assets belonging to their organization.

Documentation: View Owasp Amass Cheatsheet

P4

Section titled “P4”

Comprehensive p4 commands and usage patterns for efficient workflow management.

Documentation: View P4 Cheatsheet

Pacu

Section titled “Pacu”

Comprehensive pacu commands and usage patterns for efficient workflow management.

Documentation: View Pacu Cheatsheet

Pagodo

Section titled “Pagodo”

Comprehensive pagodo commands and workflows for system administration across all platforms.

Documentation: View Pagodo Cheatsheet

Patator

Section titled “Patator”

Comprehensive patator commands and workflows for system administration across all platforms.

Documentation: View Patator Cheatsheet

Pgp

Section titled “Pgp”

Comprehensive pgp commands and workflows for system administration across all platforms.

Documentation: View Pgp Cheatsheet

Section titled “Plink”

Comprehensive plink commands and workflows for system administration across all platforms.

Documentation: View Plink Cheatsheet

Polaris

Section titled “Polaris”

Comprehensive polaris commands and usage patterns for efficient workflow management.

Documentation: View Polaris Cheatsheet

Poortego

Section titled “Poortego”

Comprehensive poortego commands and workflows for system administration across all platforms.

Documentation: View Poortego Cheatsheet

Posh Virustotal

Section titled “Posh Virustotal”

Comprehensive posh-virustotal commands and workflows for system administration across all platforms.

Documentation: View Posh Virustotal Cheatsheet

Poshc2

Section titled “Poshc2”

Documentation: View Poshc2 Cheatsheet

Poshc2 Python

Section titled “Poshc2 Python”

Specialized tool for technical operations

Documentation: View Poshc2 Python Cheatsheet

Postman

Section titled “Postman”

Comprehensive Postman shortcuts and workflows for API development and testing.

Documentation: View Postman Cheatsheet

Powersploit

Section titled “Powersploit”

PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules: CodeExecution, ScriptModification, Persistence, AntivirusBypass, Exfiltration, Mayhem, Privesc, and Recon.

Documentation: View Powersploit Cheatsheet

Powerup

Section titled “Powerup”

Comprehensive powerup commands and workflows for system administration across all platforms.

Documentation: View Powerup Cheatsheet

Powerview

Section titled “Powerview”

Documentation: View Powerview Cheatsheet

Powerzure

Section titled “Powerzure”

Documentation: View Powerzure Cheatsheet

Privesc

Section titled “Privesc”

Comprehensive privesc commands and workflows for system administration across all platforms.

Documentation: View Privesc Cheatsheet

Procdump

Section titled “Procdump”

Comprehensive procdump commands and workflows for DevOps and infrastructure management across all platforms.

Documentation: View Procdump Cheatsheet

Procmon

Section titled “Procmon”

Comprehensive procmon commands and workflows for system administration across all platforms.

Documentation: View Procmon Cheatsheet

Productivity

Section titled “Productivity”

Documentation: View Productivity Cheatsheet

Prowler

Section titled “Prowler”

Prowler is an Open Source security tool to perform AWS, Azure, and GCP security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness.

Documentation: View Prowler Cheatsheet

Pub

Section titled “Pub”

Dart package manager for managing dependencies and publishing packages - Essential commands and usage patterns.

Documentation: View Pub Cheatsheet

Puppet

Section titled “Puppet”

Comprehensive puppet commands and workflows for system administration across all platforms.

Documentation: View Puppet Cheatsheet

Puppeteer

Section titled “Puppeteer”

Comprehensive puppeteer commands and workflows for system administration across all platforms.

Documentation: View Puppeteer Cheatsheet

Pupy

Section titled “Pupy”

Documentation: View Pupy Cheatsheet

Putty

Section titled “Putty”

PuTTY is a free and open-source terminal emulator, serial console, and network file transfer application. Originally developed for Windows, PuTTY supports SSH, Telnet, rlogin, and raw socket connections.

Documentation: View Putty Cheatsheet

Pwnagotchi

Section titled “Pwnagotchi”

Comprehensive pwnagotchi commands and workflows for system administration across all platforms.

Documentation: View Pwnagotchi Cheatsheet

Pypykatz

Section titled “Pypykatz”

Comprehensive pypykatz commands and workflows for system administration across all platforms.

Documentation: View Pypykatz Cheatsheet

Pyrit

Section titled “Pyrit”

Comprehensive pyrit commands and usage patterns for efficient workflow management.

Documentation: View Pyrit Cheatsheet

Pythagora

Section titled “Pythagora”

Pythagora is the world’s first all-in-one AI development platform powered by 14 specialized agents that handle everything from planning and coding to testing, debugging, and deployment.

Documentation: View Pythagora Cheatsheet

Python Dshield

Section titled “Python Dshield”

Comprehensive python-dshield commands and usage patterns for efficient workflow management.

Documentation: View Python Dshield Cheatsheet

Python Evt

Section titled “Python Evt”

Comprehensive python-evt commands and usage patterns for efficient workflow management.

Documentation: View Python Evt Cheatsheet

Python Icap Yara

Section titled “Python Icap Yara”

Comprehensive python-icap-yara commands and workflows for system administration across all platforms.

Documentation: View Python Icap Yara Cheatsheet

Python Iocextract

Section titled “Python Iocextract”

Comprehensive python-iocextract commands and usage patterns for efficient workflow management.

Documentation: View Python Iocextract Cheatsheet

Python Ntfs

Section titled “Python Ntfs”

Comprehensive python-ntfs commands and usage patterns for efficient workflow management.

Documentation: View Python Ntfs Cheatsheet

Python Pty Shells

Section titled “Python Pty Shells”

Comprehensive python-pty-shells commands and workflows for system administration across all platforms.

Documentation: View Python Pty Shells Cheatsheet

Python Uncompyle6

Section titled “Python Uncompyle6”

Comprehensive python-uncompyle6 commands and usage patterns for efficient workflow management.

Documentation: View Python Uncompyle6 Cheatsheet

Python3 Venv

Section titled “Python3 Venv”

Comprehensive python3-venv commands and workflows for system administration across all platforms.

Documentation: View Python3 Venv Cheatsheet

Pythonidae

Section titled “Pythonidae”

Comprehensive pythonidae commands and workflows for system administration across all platforms.

Documentation: View Pythonidae Cheatsheet

Qualys

Section titled “Qualys”

Comprehensive qualys commands and usage patterns for efficient workflow management.

Documentation: View Qualys Cheatsheet

R2

Section titled “R2”

Comprehensive r2 commands and workflows for system administration across all platforms.

Documentation: View R2 Cheatsheet

Rancher

Section titled “Rancher”

Comprehensive rancher commands and usage patterns for efficient workflow management.

Documentation: View Rancher Cheatsheet

Rekall

Section titled “Rekall”

Comprehensive rekall commands and workflows for system administration across all platforms.

Documentation: View Rekall Cheatsheet

Remnux

Section titled “Remnux”

Comprehensive remnux commands and workflows for system administration across all platforms.

Documentation: View Remnux Cheatsheet

Retire.Js

Section titled “Retire.Js”

Comprehensive retire.js commands and usage patterns for efficient workflow management.

Documentation: View Retire.Js Cheatsheet

Rita

Section titled “Rita”

RITA (Real Intelligence Threat Analytics) is an open-source framework for network traffic analysis that ingests Zeek (formerly Bro) logs and detects indicators of compromise through statistical analys…

Documentation: View Rita Cheatsheet

Roadtools

Section titled “Roadtools”

ROADtools (The Azure AD exploration framework) is a collection of tools developed by Dirk-Jan Mollema for Azure Active Directory reconnaissance and assessment.

Documentation: View Roadtools Cheatsheet

Rpcclient

Section titled “Rpcclient”

Comprehensive rpcclient commands and workflows for system administration across all platforms.

Documentation: View Rpcclient Cheatsheet

Rubeus

Section titled “Rubeus”

Rubeus is a C# toolset for raw Kerberos interaction and abuses. It’s designed for attacking Kerberos implementations and includes functionality for ticket requests, renewals, and various Kerberos-based attacks.

Documentation: View Rubeus Cheatsheet

Rust

Section titled “Rust”

Comprehensive rust commands and usage patterns for efficient workflow management.

Documentation: View Rust Cheatsheet

Safety

Section titled “Safety”

Comprehensive safety commands and usage patterns for efficient workflow management.

Documentation: View Safety Cheatsheet

Scalpel

Section titled “Scalpel”

Comprehensive scalpel commands and usage patterns for efficient workflow management.

Documentation: View Scalpel Cheatsheet

Scapy

Section titled “Scapy”

Comprehensive scapy commands and workflows for system administration across all platforms.

Documentation: View Scapy Cheatsheet

Scoop

Section titled “Scoop”

Comprehensive scoop commands and workflows for system administration across all platforms.

Documentation: View Scoop Cheatsheet

Scoutsuite

Section titled “Scoutsuite”

ScoutSuite is an open-source multi-cloud security auditing tool that enables security posture assessment of cloud environments. It gathers configuration data for manual inspection and highlights risk areas through the use of a web-based report.

Documentation: View Scoutsuite Cheatsheet

Scylla

Section titled “Scylla”

Comprehensive scylla commands and workflows for system administration across all platforms.

Documentation: View Scylla Cheatsheet

Seatbelt

Section titled “Seatbelt”

Comprehensive seatbelt commands and workflows for system administration across all platforms.

Documentation: View Seatbelt Cheatsheet

Selenium

Section titled “Selenium”

Comprehensive selenium commands and usage patterns for efficient workflow management.

Documentation: View Selenium Cheatsheet

Semgrep

Section titled “Semgrep”

Semgrep is a fast, open-source static analysis tool for finding bugs, security vulnerabilities, and enforcing code standards across multiple programming languages.

Documentation: View Semgrep Cheatsheet

Sessiongopher

Section titled “Sessiongopher”

PowerShell tool for extracting saved session information - Essential commands and usage patterns.

Documentation: View Sessiongopher Cheatsheet

Sharphound

Section titled “Sharphound”

Documentation: View Sharphound Cheatsheet

Sherlock

Section titled “Sherlock”

Sherlock is a powerful OSINT tool that hunts down social media accounts by username across 400+ social networks. It’s designed to find usernames across a large number of social networks very quickly, making it an essential tool for digital investigations, background checks, and cybersecurity research.

Documentation: View Sherlock Cheatsheet

Shodan

Section titled “Shodan”

Comprehensive shodan commands and workflows for system administration across all platforms.

Documentation: View Shodan Cheatsheet

Shosubgo

Section titled “Shosubgo”

Comprehensive shosubgo commands and workflows for system administration across all platforms.

Documentation: View Shosubgo Cheatsheet

Showmount

Section titled “Showmount”

Network File System (NFS) client utility for displaying mount information - Essential commands and usage patterns.

Documentation: View Showmount Cheatsheet

Signal

Section titled “Signal”

Comprehensive signal commands and workflows for system administration across all platforms.

Documentation: View Signal Cheatsheet

Silver

Section titled “Silver”

Comprehensive silver commands and workflows for system administration across all platforms.

Documentation: View Silver Cheatsheet

Skipfish

Section titled “Skipfish”

Specialized tool for technical operations

Documentation: View Skipfish Cheatsheet

Sliver

Section titled “Sliver”

Documentation: View Sliver Cheatsheet

Smbclient

Section titled “Smbclient”

Comprehensive smbclient commands and workflows for system administration across all platforms.

Documentation: View Smbclient Cheatsheet

Smtp User Enum

Section titled “Smtp User Enum”

Comprehensive smtp-user-enum commands and workflows for system administration across all platforms.

Documentation: View Smtp User Enum Cheatsheet

Snap

Section titled “Snap”

Comprehensive snap commands and workflows for system administration across all platforms.

Documentation: View Snap Cheatsheet

Snmp Check

Section titled “Snmp Check”

Comprehensive snmp-check commands and usage patterns for efficient workflow management.

Documentation: View Snmp Check Cheatsheet

Snmpwalk

Section titled “Snmpwalk”

Comprehensive snmpwalk commands and workflows for system administration across all platforms.

Documentation: View Snmpwalk Cheatsheet

Snyk

Section titled “Snyk”

Comprehensive snyk commands and workflows for system administration across all platforms.

Documentation: View Snyk Cheatsheet

Socat

Section titled “Socat”

Comprehensive socat commands and workflows for system administration across all platforms.

Documentation: View Socat Cheatsheet

Social Engineering Toolkit

Section titled “Social Engineering Toolkit”

Documentation: View Social Engineering Toolkit Cheatsheet

Socialfish

Section titled “Socialfish”

SocialFish is an advanced phishing tool and information collector developed by UndeadSec. It specializes in social media phishing attacks and comprehensive information gathering, providing automated phishing page generation, real-time credential harvesting, and detailed victim profiling.

Documentation: View Socialfish Cheatsheet

Solr

Section titled “Solr”

Comprehensive solr commands and workflows for system administration across all platforms.

Documentation: View Solr Cheatsheet

Sonarqube

Section titled “Sonarqube”

SonarQube is a comprehensive platform for continuous inspection of code quality and security. It performs automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities across 25+ programming languages.

Documentation: View Sonarqube Cheatsheet

Sops

Section titled “Sops”

Comprehensive sops commands and workflows for system administration across all platforms.

Documentation: View Sops Cheatsheet

Sourceforge

Section titled “Sourceforge”

Open source software development platform and repository - Essential commands and usage patterns.

Documentation: View Sourceforge Cheatsheet

Spark

Section titled “Spark”

Comprehensive spark commands and workflows for system administration across all platforms.

Documentation: View Spark Cheatsheet

Spoofcard

Section titled “Spoofcard”

SpoofCard is a commercial caller ID spoofing service that allows users to change their caller ID information when making phone calls. Originally designed for legitimate purposes like privacy protection and business communications, it has become a popular tool in social engineering and vishing (voice phishing) attacks.

Documentation: View Spoofcard Cheatsheet

Spring Boot

Section titled “Spring Boot”

Comprehensive spring-boot commands and workflows for system administration across all platforms.

Documentation: View Spring Boot Cheatsheet

Stack

Section titled “Stack”

Comprehensive stack commands and workflows for system administration across all platforms.

Documentation: View Stack Cheatsheet

Stegcracker

Section titled “Stegcracker”

Comprehensive stegcracker commands and workflows for system administration across all platforms.

Documentation: View Stegcracker Cheatsheet

Stego Toolkit

Section titled “Stego Toolkit”

Collection of steganography tools for hiding and extracting data - Essential commands and usage patterns.

Documentation: View Stego Toolkit Cheatsheet

Stegsolve

Section titled “Stegsolve”

Comprehensive stegsolve commands and workflows for system administration across all platforms.

Documentation: View Stegsolve Cheatsheet

Storm

Section titled “Storm”

Distributed real-time computation system for stream processing - Essential commands and usage patterns.

Documentation: View Storm Cheatsheet

Stormspotter

Section titled “Stormspotter”

Stormspotter is an Azure Red Team tool for graphing Azure and Azure AD objects. Originally developed by Microsoft’s Azure Red Team, Stormspotter creates a comprehensive attack surface map of Azure environments by collecting and visualizing relationships between Azure resources, identities, and permissions.

Documentation: View Stormspotter Cheatsheet

Strace

Section titled “Strace”

Comprehensive strace commands and workflows for system administration across all platforms.

Documentation: View Strace Cheatsheet

Strings

Section titled “Strings”

Comprehensive strings commands and workflows for system administration across all platforms.

Documentation: View Strings Cheatsheet

Subfinder

Section titled “Subfinder”

Subfinder is a powerful subdomain discovery tool developed by Project Discovery that discovers valid subdomains for websites using passive online sources.

Documentation: View Subfinder Cheatsheet

Sublist3R

Section titled “Sublist3R”

Comprehensive sublist3r commands and workflows for system administration across all platforms.

Documentation: View Sublist3R Cheatsheet

Supabase

Section titled “Supabase”

Supabase stands as the leading open-source alternative to Firebase, built on top of PostgreSQL and designed to provide developers with a complete Backend-as-a-Service (BaaS) platform.

Documentation: View Supabase Cheatsheet

Suricata

Section titled “Suricata”

Suricata is a high-performance Network Intrusion Detection System (NIDS), Intrusion Prevention System (IPS), and Network Security Monitoring (NSM) engine.

Documentation: View Suricata Cheatsheet

Svn

Section titled “Svn”

Apache Subversion version control system - Essential commands and usage patterns.

Documentation: View Svn Cheatsheet

Sysdig

Section titled “Sysdig”

Comprehensive sysdig commands and usage patterns for efficient workflow management.

Documentation: View Sysdig Cheatsheet

Tcpdump

Section titled “Tcpdump”

Comprehensive tcpdump commands and workflows for network operations across all platforms.

Documentation: View Tcpdump Cheatsheet

Terragoat

Section titled “Terragoat”

Comprehensive terragoat commands and workflows for system administration across all platforms.

Documentation: View Terragoat Cheatsheet

The Little Go Book

Section titled “The Little Go Book”

Comprehensive the-little-go-book commands and usage patterns for efficient workflow management.

Documentation: View The Little Go Book Cheatsheet

Theharvester

Section titled “Theharvester”

theHarvester is a powerful OSINT (Open Source Intelligence) tool designed for gathering email addresses, subdomain names, virtual hosts, open ports, banners, and employee names from different public s…

Documentation: View Theharvester Cheatsheet

Thehive

Section titled “Thehive”

TheHive is a scalable, open-source security incident response platform designed for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be invest…

Documentation: View Thehive Cheatsheet

Throwback

Section titled “Throwback”

Throwback is a HTTP/HTTPS beaconing implant with a C2 server designed for red team operations and penetration testing. Developed by Silent Break Security, it consists of a C++ backdoor implant and a PHP/MySQL-based command and control server.

Documentation: View Throwback Cheatsheet

Traefik

Section titled “Traefik”

Comprehensive traefik commands and usage patterns for efficient workflow management.

Documentation: View Traefik Cheatsheet

Trevorc2

Section titled “Trevorc2”

Documentation: View Trevorc2 Cheatsheet

Truecrypt

Section titled “Truecrypt”

Comprehensive truecrypt commands and workflows for security testing and analysis across all platforms.

Documentation: View Truecrypt Cheatsheet

Trust

Section titled “Trust”

Rust-based tool for managing trusted certificates and keys - Essential commands and usage patterns.

Documentation: View Trust Cheatsheet

Trusted

Section titled “Trusted”

Comprehensive trusted commands and workflows for system administration across all platforms.

Documentation: View Trusted Cheatsheet

Tshark

Section titled “Tshark”

Comprehensive tshark commands and workflows for system administration across all platforms.

Documentation: View Tshark Cheatsheet

Twint

Section titled “Twint”

Twint is an advanced Twitter scraping tool written in Python that allows for scraping tweets from Twitter profiles without using Twitter’s API. It can fetch tweets, followers, following, retweets, and more while bypassing most of Twitter’s limitations.

Documentation: View Twint Cheatsheet

Uncover

Section titled “Uncover”

Uncover is a powerful search engine wrapper developed by Project Discovery that allows quickly discovering exposed hosts on the internet using multiple search engines.

Documentation: View Uncover Cheatsheet

Untitledgoosetool

Section titled “Untitledgoosetool”

Cobalt Strike BOF (Beacon Object File) collection for post-exploitation - Essential commands and usage patterns.

Documentation: View Untitledgoosetool Cheatsheet

Usb Rubber Ducky

Section titled “Usb Rubber Ducky”

The USB Rubber Ducky is a keystroke injection tool disguised as a generic flash drive. Created by Hak5, it appears as a keyboard to the target computer and can execute pre-programmed keystroke sequences at superhuman speeds.

Documentation: View Usb Rubber Ducky Cheatsheet

Veracrypt

Section titled “Veracrypt”

Comprehensive veracrypt commands and workflows for security testing and analysis across all platforms.

Documentation: View Veracrypt Cheatsheet

W3Af

Section titled “W3Af”

Documentation: View W3Af Cheatsheet

Wapiti

Section titled “Wapiti”

Wapiti is a web application vulnerability scanner that performs black-box testing of web applications. It crawls web pages and looks for scripts and forms where it can inject data.

Documentation: View Wapiti Cheatsheet

Warp

Section titled “Warp”

Warp is a revolutionary, Rust-based terminal emulator that reimagines the command-line experience with AI integration, block-based interface, and modern IDE-like features.

Documentation: View Warp Cheatsheet

Watson

Section titled “Watson”

Comprehensive watson commands and workflows for system administration across all platforms.

Documentation: View Watson Cheatsheet

Waybackurls

Section titled “Waybackurls”

Comprehensive waybackurls commands and workflows for system administration across all platforms.

Documentation: View Waybackurls Cheatsheet

Weirdaal

Section titled “Weirdaal”

Comprehensive weirdaal commands and workflows for system administration across all platforms.

Documentation: View Weirdaal Cheatsheet

Wfuzz

Section titled “Wfuzz”

Wfuzz is a web application fuzzer designed to facilitate web application assessments. It can be used to find resources not linked (directories, servlets, scripts, etc.), bruteforce GET and POST parameters, bruteforce Forms parameters (User/Password), Fuzzing, etc.

Documentation: View Wfuzz Cheatsheet

Wifiphisher

Section titled “Wifiphisher”

Documentation: View Wifiphisher Cheatsheet

Windbg

Section titled “Windbg”

Comprehensive windbg commands and workflows for system administration across all platforms.

Documentation: View Windbg Cheatsheet

Winpeas

Section titled “Winpeas”

Comprehensive winpeas commands and workflows for system administration across all platforms.

Documentation: View Winpeas Cheatsheet

Wire

Section titled “Wire”

Comprehensive wire commands and usage patterns for efficient workflow management.

Documentation: View Wire Cheatsheet

Xplico

Section titled “Xplico”

Specialized tool for technical operations

Documentation: View Xplico Cheatsheet

Xxd

Section titled “Xxd”

Comprehensive xxd commands and workflows for system administration across all platforms.

Documentation: View Xxd Cheatsheet

Yum

Section titled “Yum”

Comprehensive yum commands and workflows for system administration across all platforms.

Documentation: View Yum Cheatsheet

Zabbix

Section titled “Zabbix”

Comprehensive zabbix commands and usage patterns for efficient workflow management.

Documentation: View Zabbix Cheatsheet

Zeek

Section titled “Zeek”

Zeek (formerly known as Bro) is a powerful network security monitoring framework that provides comprehensive network analysis and security monitoring capabilities.

Documentation: View Zeek Cheatsheet

Zipkin

Section titled “Zipkin”

Comprehensive zipkin commands and workflows for system administration across all platforms.

Documentation: View Zipkin Cheatsheet

Zoomeye

Section titled “Zoomeye”

Comprehensive zoomeye commands and workflows for system administration across all platforms.

Documentation: View Zoomeye Cheatsheet

Zsteg

Section titled “Zsteg”

Comprehensive zsteg commands and workflows for system administration across all platforms.

Documentation: View Zsteg Cheatsheet

Zuul

Section titled “Zuul”

CI/CD gating system for project integration and testing - Essential commands and usage patterns.

Documentation: View Zuul Cheatsheet

Supermaven

Section titled “Supermaven”

AI code completion with massive context

Supermaven is the fastest AI code completion tool with a 1 million token context window, providing intelligent suggestions based on your entire codebase.

Key Features:

  • 1M token context window
  • Fastest completion speed
  • Whole codebase awareness
  • Cross-file references
  • Multi-language support
  • IDE integrations

Installation:

Tabnine

Section titled “Tabnine”

AI assistant for software developers

Tabnine is an AI code assistant that provides intelligent code completions based on your code patterns and best practices from open source.

Key Features:

  • Deep learning model
  • Local processing option
  • Team learning capabilities
  • Custom model training
  • Privacy-focused
  • Extensive IDE support

Installation:

🎨 Design & Creative Tools

Section titled “🎨 Design & Creative Tools”

Gamma

Section titled “Gamma”

AI-powered presentation and document creation

Gamma is an AI-powered platform for creating beautiful presentations, documents, and webpages with intelligent design assistance.

Key Features:

  • AI content generation
  • Smart design suggestions
  • Real-time collaboration
  • Multiple export formats
  • Brand consistency
  • Interactive elements

Installation:

🎬 Media & Content Creation

Section titled “🎬 Media & Content Creation”

ElevenLabs

Section titled “ElevenLabs”

AI voice synthesis and text-to-speech

ElevenLabs provides cutting-edge AI voice synthesis technology for creating realistic speech from text with custom voice cloning capabilities.

Key Features:

  • High-quality voice synthesis
  • Voice cloning technology
  • Multiple languages support
  • API integration
  • Real-time streaming
  • Custom voice creation

Installation:

Runway

Section titled “Runway”

AI-powered video generation and editing

Runway is an AI platform for video generation, editing, and creative content creation using advanced machine learning models.

Key Features:

  • Text-to-video generation
  • Image-to-video conversion
  • AI video editing tools
  • Real-time collaboration
  • Multiple export formats
  • Advanced motion controls

Installation:

🔧 Development & Productivity Tools

Section titled “🔧 Development & Productivity Tools”

NocoDB

Section titled “NocoDB”

Open source Airtable alternative

NocoDB transforms any database into a smart spreadsheet interface, providing a no-code platform for database management and collaboration.

Key Features:

  • Database to spreadsheet conversion
  • REST & GraphQL APIs
  • Collaboration features
  • Multiple database support
  • Self-hosted option
  • Rich data types

Installation:

Vercel

Section titled “Vercel”

Frontend cloud platform

Vercel is a cloud platform for static sites and serverless functions that fits perfectly with your workflow and enables frontend teams to do their best work.

Key Features:

  • Instant deployments
  • Serverless functions
  • Edge network
  • Git integration
  • Preview deployments
  • Analytics and monitoring

Installation:

Divjoy

Section titled “Divjoy”

React codebase generator

Divjoy is a React codebase generator that helps you build production-ready applications with authentication, payments, and more.

Key Features:

  • React app generation
  • Authentication integration
  • Payment processing
  • Database integration
  • UI component libraries
  • Deployment ready

Installation:

🔒 Security & Data Tools

Section titled “🔒 Security & Data Tools”

Legit Security

Section titled “Legit Security”

AI-native application security platform

Legit Security provides an AI-native ASPM (Application Security Posture Management) platform for comprehensive application security.

Key Features:

  • AI-powered vulnerability detection
  • Application security posture management
  • DevSecOps integration
  • Compliance automation
  • Risk prioritization
  • Remediation guidance

Installation:

Wiz MCP

Section titled “Wiz MCP”

AI-powered cloud security automation

Wiz MCP (Model Context Protocol) provides AI-powered cloud security automation and universal security control plane for enterprise workflows.

Key Features:

  • AI-driven security automation
  • Cloud security posture management
  • Threat detection and response
  • Compliance monitoring
  • Integration with AI assistants
  • Enterprise-grade security

Installation:

Vectra AI

Section titled “Vectra AI”

Network detection and response platform

Vectra AI provides AI-powered network detection and response (NDR) for identifying and stopping cyber threats in real-time.

Key Features:

  • AI-powered threat detection
  • Network traffic analysis
  • Behavioral analytics
  • Incident investigation
  • Automated response
  • Threat hunting capabilities

Installation:

ALTR

Section titled “ALTR”

Data security and governance platform

ALTR provides a unified data security platform for data governance, classification, and protection across modern data stacks.

Key Features:

  • Data classification and discovery
  • Access control and monitoring
  • Data masking and tokenization
  • Compliance automation
  • Multi-cloud support
  • Real-time data protection

Installation:

🛠️ Specialized Tools

Section titled “🛠️ Specialized Tools”

Scraper API

Section titled “Scraper API”

Web scraping infrastructure

Scraper API provides web scraping infrastructure with proxy rotation, CAPTCHA solving, and browser automation for reliable data extraction.

Key Features:

  • Proxy rotation
  • CAPTCHA solving
  • JavaScript rendering
  • Global proxy network
  • API-based scraping
  • Scalable infrastructure

Installation:

Base44

Section titled “Base44”

AI-powered no-code platform

Base44 is an AI-powered no-code platform for building applications with natural language commands and automated development workflows.

Key Features:

  • AI-powered app generation
  • No-code development
  • Natural language interface
  • Automated workflows
  • Database integration
  • Deployment automation

Installation:

Presentify

Section titled “Presentify”

Screen annotation and presentation tool

Presentify is a macOS application for screen annotation, highlighting, and presentation enhancement during screen sharing and presentations.

Key Features:

  • Screen annotation tools
  • Cursor highlighting
  • Zoom and magnification
  • Drawing and shapes
  • Screen recording
  • Presentation mode

Installation: