Post

Essential Websites Every Hacker Should Know

A curated list of websites every hacker, pentester, or security enthusiast should know. Organized by category with short descriptions and suggested usage.

Posted Updated
By Elimane Juuf
6 min read
Essential Websites Every Hacker Should Know

Essential Websites Every Hacker Should Know

A curated list of websites every hacker, pentester, or security enthusiast should know. Organized by category with short descriptions and suggested usage.

πŸ•΅οΈ OSINT & Recon

  • OSINT Framework – Collection of OSINT tools organized by category. Use for: emails, domains, social profiles, metadata.
  • Shodan – Search engine for internet-connected devices. Use for: finding exposed devices/services.
  • Censys – Search engine for certificates and hosts. Use for: discovering vulnerable infrastructure.
  • Grep.app – Search across millions of open-source code repositories quickly.
  • Have I Been Pwned – Breach data lookup. Use for: checking email/domain compromises.
  • Hunter.io – Email discovery. Use for: recon on valid emails.
  • crt.sh – SSL certificate transparency logs. Use for: finding subdomains.
  • Ping.eu – Online tools for ping, traceroute, whois, DNS lookups, and more.
  • DNSDumpster – DNS mapping. Use for: subdomains, MX records, IP ranges.
  • Social Searcher – Search mentions across social media. Use for: usernames, activity tracking.
  • Web Archive / Wayback Machine – Archived website versions. Use for: old endpoints, leaks.
  • LeakIX – Exposed servers/devices. Use for: discovering leaks.
  • FOFA – Internet asset search. Use for: ports, devices, services.
  • Am I Unique? – Analyze your browser fingerprint and see how trackable you are.
  • Cover Your Tracks (EFF) – Test how well your browser and privacy setup protect against tracking.
  • TruePeopleSearch – People search engine. Use for: public personal info.
  • FastPeopleSearch – Alternative people lookup. Use for: addresses, phone numbers.
  • GreyNoise – Noise analysis. Use for: filtering harmless vs malicious IPs.
  • Netlas Host Search – Network asset search. Use for: IP/domain recon.
  • TinEye – Reverse image search. Use for: image origins.
  • PimEyes – Facial recognition search. Use for: person image lookup.
  • Redirect Checker – Trace URL redirects. Use for: identifying hidden jumps in redirects.
  • WhereGoes – Visualize redirect chains. Use for: seeing full URL redirection flow.
  • HTTP Status Checker – Inspect HTTP codes and headers. Use for: debugging web requests and redirects.
  • Unshorten.It – Expand shortened URLs. Use for: revealing hidden destinations.
  • BGPView – BGP and ASN lookup. Use for: investigating network ranges.
  • Satellite Map – Satellite imagery to explore the globe, useful for OSINT investigations.
  • EarthCam – Live streaming webcams from around the world, often leveraged in OSINT.
  • Route Views – Access live BGP routing table data for network reconnaissance.
  • Hurricane Electric BGP – BGP routing and prefix search. Use for: network-level recon.
  • IPVoid – IP reputation checker. Use for: analyzing IPs for blacklists or malicious history.
  • AbuseIPDB – IP abuse reporting database. Use for: checking if an IP is reported for attacks.
  • NSLookup.io – DNS record lookup. Use for: inspecting DNS configuration.
  • WebStatsDomain β€” Domain stats and metadata
  • Dnschecker β€” Global DNS propagation checks
  • PortChecker.io – Check open ports on your network or a remote host. Use for: quick port scanning and network accessibility testing.

☣️ Malware & Threat Analysis

  • VirusTotal – Scan files, URLs, and domains. Use for: malware detection.
  • Hybrid Analysis – Online malware sandbox. Use for: suspicious file analysis.
  • Any.run – Interactive malware analysis. Use for: live malware behavior tracking.
  • MalwareBazaar – Malware samples repo. Use for: researching malware families.
  • CyberChef – Data analysis toolkit. Use for: encode/decode, hash, manipulate data.
  • URLScan – URL isolation & scanning. Use for: phishing/malware site detection.
  • BrowserLeaks – Test browser leaks/fingerprints. Use for: privacy & recon.
  • Sucuri SiteCheck – Website scanner. Use for: infections, vulnerabilities.
  • Web-Check.xyz – Website reputation check. Use for: security overview.

πŸ”‘ Passwords & Hashes

  • CrackStation – Password hash cracking. Use for: recovering plain-text passwords.
  • MD5Decrypt – Hash decryption. Use for: MD5, SHA1 lookups.
  • Hashes.com – Online hash cracking. Use for: multiple hash types.

πŸ’£ Vulnerability & Exploit Research

  • Exploit-DB – Exploit database. Use for: public PoCs.
  • CVE Details – CVE database. Use for: software/vendor vulnerabilities.
  • NVD – Official CVE database. Use for: CVE lookups, scoring.
  • Packet Storm Security – Exploits, advisories, tools. Use for: PoCs & security research.
  • Pentest Tools Website Scanner – Web vuln scanner. Use for: quick online scans.

🌐 Recon & Infrastructure Info

  • IPinfo – IP & ASN lookup. Use for: mapping network infrastructure.
  • ZoomEye – IoT/device search engine. Use for: exposed services.
  • JWT Auditor – JWT inspection. Use for: token misconfig checks.
  • JWT Lens – JWT analyzer. Use for: quick token decoding.

βš”οΈ Reverse Shells & Exploitation

  • Reverse Shells – Reverse shell generator. Use for: payload creation.
  • GTFOBins – Unix privilege escalation tricks. Use for: post-exploitation.
  • LOLBAS – Windows binaries abuse. Use for: Windows privilege escalation.
  • Linux Smart Enumeration – Linux enum script. Use for: privilege escalation recon.
  • PEASS-ng – Privilege escalation tools. Use for: Linux/Windows post-exploitation.

🎭 Phishing & Privacy

  • PhishTank – Phishing database. Use for: URL phishing checks.
  • Boostfluence Instagram Viewer – Anonymous Instagram viewing. Use for: social OSINT.
  • Temp-Mail – Disposable emails. Use for: anon registrations.
  • SMS24 – Temporary phone numbers. Use for: SMS verification bypass.
  • Globfone – Free online SMS, calls, and file sharing. Use for: temporary messaging, anonymous communication.

πŸ“š Hacking & Security References

  • HackTricks – Hacking techniques & cheatsheets. Use for: pentest guidance.
  • 0xdf’s Blog β€” High-quality HTB & CTF writeups
  • Awesome-Hacking – Massive collection of hacking tools and resources.
  • awesome-bug-bounty – Curated list of bug bounty resources.
  • TBHM – The Bug Hunter’s Methodology (Jason Haddix).
  • pwnhub – A growing collection of hacking writeups, scripts, and resources.
  • Awesome Red Team Cheatsheet – A massive collection of red team tactics, tools, and references.
  • Ghostpack Compiled Binaries – Precompiled Ghostpack binaries useful for red team operations.
  • HackerTyper – Fun website to β€œlook like” you’re coding like a hacker.
  • Hacker News – Daily tech, security, and startup news.
  • The Hacker Recipes – A comprehensive knowledge base of offensive security techniques, tactics, and playbooks.
  • 0day.today – Exploit and vulnerability database.
  • HackerRepo – Curated repository of hacking and security resources.
  • SQLi Pentest Toolkit β€” SQL Injection exploitation utilities
  • LostSec – A great collection of offensive security knowledge and techniques.
  • KC7 Cyber β€” Cybersecurity wargame for students
  • Codingame – Solve programming puzzles and compete through gamified coding challenges.
  • Microcorruption – A gamified reverse engineering CTF with embedded systems focus.
  • Crackmes.one – A huge archive of crackmes to train your reverse engineering and binary exploitation skills.
  • PayloadsAllTheThings – Attack payloads collection. Use for: XSS, SQLi, LFI, RCE.
  • Bug Bounty Cheatsheet – Bug bounty methodology. Use for: hunting workflow.
  • IntelX – Leak search engine. Use for: leaked docs, emails, creds.
  • Notes by Ben Heater – Security notes repo. Use for: learning material.
  • Patorjk.com – Text & ASCII utilities. Use for: ASCII art, text manipulation.

πŸ›°οΈ Threat Modeling & Frameworks

  • MITRE ATT&CK – Knowledge base of adversary TTPs. Use for: detection, attack mapping.

πŸ“‚ OSINT GitHub Repositories

πŸ” Search Tools & Techniques

🎯 Specific OSINT Areas

πŸ›‘οΈ Privacy & OPSEC

πŸŒ‘ Dark Web Resources ⚠️

⚠️ Warning: Requires Tor Browser. Use only for legal OSINT & research.

Tip:Bookmark and organize these resources by category. Always use them ethically in labs, CTFs, or authorized pentests only.

Pentesting, Resources
tools osint malware recon security
This post is licensed under CC BY 4.0 by the author.