Skip to main content
Skip to main content
PANOPTICON
back

External Resources

169 off-site sources I cross-reference: dashboards, OSINT directories, training labs, malware samples, and research portfolios. Filter by kind or search across name and description.External sites change ownership and quality over time. Verify a specific link before relying on it.

kind:
tag:

Showing 169 of 169 loading community entries…

  • My Threat Intel

    Live ransomware dashboard · country / sector / timeline charts · 180+ ransomware groups with ransom-note transcripts and leak-site screenshots

  • deepdarkCTI

    Continuously updated repository of dark-web and CTI sources, by fastfire

  • Threat Landscape Free Tools

    Curated free DFIR and threat-intel tools directory

  • Vecert Analyzer

    Free file and indicator analyzer for incident response

  • World Monitor

    Real-time OSINT dashboard, news, markets, ADS-B and AIS tracking across 435+ sources

  • OSINT Tools

    Curated OSINT directory

  • OSINTrack

    OSINT investigation tracker

  • AI SOC

    AI-assisted SOC playground by Perplexity Labs.

  • AISecurity.zone
    featured

    Community-curated hub of AI-security resources — adversarial ML, LLM red-teaming, model/data exfiltration, prompt-injection catalogues, governance frameworks, and AI-CTI tooling. Useful as a discovery surface when triaging AI-system risks or scoping AI red-team engagements.

    why: Centralised AI-security starting point I cross-reference when scoping AI risk assessments or building detection content for LLM-adjacent threats.

  • Syberseeker Free Certification Courses
    featured

    Curated start.me page by Syberseeker aggregating free certification tracks — security, cloud, networking, and blue-team paths from vendors, universities, and community programs. Mirrored in-platform at /threatintel/osint/certs with a daily auto-sync.

    why: The single best free-cert starting point I have found. Direct mirror on the platform means the same link list is searchable, deep-linkable, and survives start.me outages.

  • LeakRadar

    290B+ leaked credentials indexed from stealer logs, combolists, and database dumps. REST API + Telegram/Slack/webhook alerts.

  • Serus

    AI-powered data-exposure monitoring and dark-web surveillance for individuals and orgs. Combines breach search with takedown automation.

  • OpenSourceMalware

    Community-driven platform for sharing and analysing malware samples and threat intelligence.

  • AI Goat
    featured

    Open-source AI security playground for hands-on LLM red teaming — prompt injection, RAG poisoning, OWASP LLM Top 10 — runs fully offline.

  • VulnOS
    featured

    Cybersecurity learning platform with practical, interactive labs for hands-on skill building.

  • Black Ledger Security
    featured

    Research portfolio publishing AI/LLM security findings and the SPECTRA framework for context-aware adversarial testing of production AI deployments.

  • WebVerse Labs Pro
    featured

    Web-app pentest training platform — 36 labs across 5 difficulty tiers with XP, leaderboards, and vulnerability-chaining scenarios.

  • Red Team Community

    Red-team practitioner community hub.

  • hunter.how

    Internet asset search engine in the Shodan/Censys/FOFA family. Fingerprints 500+ network protocols across 2,000+ products with country, SSL-certificate, and subdomain filters. Free daily quota; paid plans for higher throughput.

  • Darkfeed.io

    Real-time threat intelligence dashboard aggregating IOCs, dark-web activity, and adversary infrastructure indicators from multiple sources. Free tier available.

  • DeepFind.Me

    Comprehensive OSINT toolkit — username search (50+ platforms), geolocation, email/domain recon, metadata extraction, dark-web link checker, crypto wallet tracking, and more. REST API available.

  • AI Supply Chain Observatory
    featured

    Visual dashboard tracking AI supply-chain risks, model provenance, and dependency vulnerabilities across the ML ecosystem.

  • DarkWebDaily

    Curated dark-web news aggregator — breach announcements, ransomware claims, and underground forum highlights delivered in a daily digest format.

  • LLM Security Slides
    featured

    Presentation covering LLM attack surfaces, prompt injection techniques, jailbreaking methodologies, and AI red-teaming tradecraft.

  • GenieBot

    AI-powered security assistant and chatbot for threat intelligence queries and security automation.

  • Web Check
    featured

    All-in-one website analysis tool — DNS, SSL, headers, WHOIS, tech stack, performance, and security audit from a single URL input.

  • Claude 101

    Learning resource hub for Claude AI — prompt engineering guides, use-case examples, and best practices for Anthropic Claude.

  • AppSec Master
    featured

    Interactive application security training platform — hands-on labs covering OWASP Top 10, API security, and secure coding practices.

  • OSINT Tools
    featured

    Curated directory of OSINT tools with community collections, featured tool listings, and new-tool discovery feed.

  • Intelligence on Chain
    featured

    Curated, filterable directory of blockchain/crypto OSINT tools — wallet tracing, transaction analysis, identity and infrastructure recon. Field-tested entries organized by cost, skill level, OPSEC sensitivity, and input type (address, hash, email, username).

    why: On-chain OSINT companion to the crypto-trace / fund-flow tooling here.

  • DataBreach.com

    Data breach search platform — check if credentials or personal data have been exposed in known breaches. Also provides breach monitoring alerts.

  • MalwareWorld
    featured

    Aggregated threat intelligence from 100+ public blacklists. Search IPs/domains, view threat maps, download categorized blocklists (bad reputation, malware, spam, phishing, cryptocurrency, DGA).

  • HackTricks Tools
    featured

    Interactive security tools by HackTricks — domain/DNS auditor, host checker, clickjacking PoC generator, GitHub leaks scanner, AI chatbot, and cloud IAM auditor (PEASS).

  • OSV.dev
    featured

    Open Source Vulnerabilities database — Google-backed, API-first vulnerability feed covering PyPI, npm, Go, Maven, and other ecosystems with ecosystem-agnostic schema.

  • Digital Defense

    OPSEC and privacy toolkit — guides and checklists for operational security, digital footprint reduction, and secure communications.

  • Awesome Privacy

    Curated list of privacy-focused tools and services — VPNs, encrypted messaging, password managers, analytics alternatives, and privacy hardware.

  • BitWire IP Blocklist (stats)

    Upstream stats dashboard for bitwire-it/ipblocklist — live counters, growth history and source attribution. Pairs with the in-platform mirror at /threatintel/bitwire-blocklist.

  • CrowdThreat

    Threat intelligence dashboard — cross-references IOCs, threat actor profiles, and campaign tracking. Includes OSINT tools section at /osint_tools.

  • TI Mindmap Hub

    Interactive threat intelligence mindmap — visual navigation of TTPs, threat actors, campaigns, and detection strategies mapped to the MITRE ATT&CK framework.

  • Insider Threat Matrix
    featured

    Comprehensive insider threat framework covering indicators, detection methods, mitigation strategies, and case studies across personas and attack vectors.

  • Orca OSINT/CTI

    OSINT and cyber threat intelligence platform — unified search across multiple data sources for indicators, threat actors, and infrastructure discovery.

  • RedHunt Labs Research
    featured

    Security research blog from RedHunt Labs — attack surface management insights, vulnerability disclosures, and adversary infrastructure tracking write-ups.

  • AIDefend

    AI-powered cybersecurity defense platform — automated threat detection, response orchestration, and security posture management.

  • Cyber Laws

    Legal reference platform for cybersecurity regulations worldwide — GDPR, CCPA, HIPAA, DPDP, and cross-border data protection frameworks with jurisdictional analysis.

  • KongSec OSAI Notes
    featured

    Research notes on offensive AI security — prompt injection, LLM red-teaming, AI supply-chain attacks, and adversarial ML techniques.

  • Mjolnir Intelligence

    Threat intelligence dashboard — IOC feeds, campaign tracking, and real-time security event monitoring from Mjolnir Security.

  • Mjolnir VulnOT

    Vulnerability notes and OT/IoT security advisory aggregator — CVE tracking, exploit POC references, and remediation guidance for operational technology.

  • OWASP AI Security Visualizer
    featured

    Interactive visualizer for the OWASP AI Security landscape — maps AI-specific threats, vulnerabilities, and controls across the ML lifecycle.

  • CyberSecTools
    featured

    Curated catalog of cybersecurity tools organized by category — penetration testing, forensics, OSINT, red teaming, and blue team operations.

  • Sigma Rule Explorer (nasbench)
    featured

    Interactive Sigma rule browser — search, filter, and explore Sigma detection rules with SIEM conversion previews for Splunk, Elastic, QRadar, and more.

  • Ghostint Tools
    featured

    Curated OSINT and cybersecurity tools directory — categorized tools for reconnaissance, social media investigation, and digital forensics.

  • Arcanum AI Security Resources
    featured

    Curated resources on AI/ML security — papers, tools, frameworks, and CTF challenges focused on adversarial ML, LLM security, and AI red teaming.

  • ExtSentry Feeds

    Browser extension threat feeds — curated list of malicious browser extensions tracked via abuse reports and security research.

  • HOCSEC

    Cybersecurity tools and resources directory by Hackers Online Club — categorized security tools, learning resources, and community projects.

  • Quanqiuchongtu

    Global cybersecurity conflict monitoring dashboard — tracks nation-state cyber operations, hacktivist campaigns, and geopolitical cyber events.

  • Cyber Threat Map (wddadk)

    Live cyber threat attack map — real-time visualization of cyber attacks, DDoS events, and scanning activity across global infrastructure.

  • APT28 Victimology
    featured

    APT28 (Fancy Bear) victimology dashboard — tracks known targets, campaigns, and infrastructure attribution for the Russian state-sponsored threat actor.

  • Kilaz.net
    featured

    Security research and threat intelligence blog — APT analysis, malware reverse engineering, and cybercrime ecosystem investigations.

  • THC Mail

    The Hackers Choice mail service — privacy-focused email with security features for the infosec community.

  • CrowdThreat OSINT Tools

    Curated OSINT tools section within CrowdThreat — categorized open-source intelligence tools for digital investigations.

  • DMARC Labs

    Free DMARC RUA report analyzer — privacy-first, in-memory XML parsing with IP enrichment, SPF/DKIM/DMARC alignment per sender. See also /dfir/dmarc-analyzer on this site.

  • OSV.dev API

    Open Source Vulnerabilities REST API — query by package/version or commit hash to identify known vulnerabilities across open-source ecosystems.

  • Hudson Rock Free Tools

    Free infostealer exposure check — search by email, domain, or username for compromised credentials from infostealer infections. By Hudson Rock.

  • InfoStealers.com Victims

    Infostealer victims dashboard by Hudson Rock — browse compromised machines, employees, and domains per infostealer family.

  • OpenDirSearch (abifog)

    Open directory search engine — find publicly accessible directory listings for OSINT recon and file discovery.

  • ODCrawler

    Open directory crawler and search engine — indexes publicly accessible directory listings for OSINT investigations.

  • ODFinder

    Open directory finder tool — search engine for finding open directory listings across the web for OSINT data gathering.

  • LendX

    Open directory search engine — discover exposed directory listings and publicly accessible files for intelligence gathering.

  • Palined Search

    Open directory search tool — search across publicly accessible directory listings for OSINT and reconnaissance.

  • Ewasion Open Directory Finder

    Open directory finder tool — browser-based tool for discovering and searching open directory listings.

  • Expde Open Directory Finder

    Open directory search tool — find exposed directory listings and publicly accessible file indexes for OSINT collection.

  • EyeDex

    Open directory index and search engine — browse and search across publicly accessible directory listings worldwide.

  • Newsmap

    Geographic heatmap of global news by category — visualize breaking news trends, media bias, and coverage density across regions.

  • Ransomware Operator Interviews
    featured

    First-person conversations with ransomware operators. Negotiation tactics, affiliate economics, and the human side of the ransomware ecosystem.

  • TelemetryApp
    featured

    Telegram search and analytics platform — search channels, messages, groups, and media across Telegram's public surface. Built for OSINT analysts and threat hunters.

  • LYZEM

    Telegram search engine — full-text search across public channels and messages. Indexes content beyond Telegram's native search for OSINT discovery.

  • Telegago

    Google Custom Search Engine scoped to Telegram public content — search indexed Telegram channels, groups, and messages via Google's crawler.

  • XTEA
    featured

    Telegram intelligence and search platform — advanced search across channels, messages, and media. Designed for OSINT researchers, investigators, and threat analysts.

  • TGStat
    featured

    Telegram analytics and statistics platform — channel rankings, subscriber growth, engagement metrics, and content search across millions of public Telegram channels.

  • TGDB

    Telegram database and directory — browse and search public Telegram channels, groups, and bots. Categorized index for OSINT discovery and channel enumeration.

  • vx-underground
    featured

    The largest collection of malware source code, samples, and papers on the internet. Curated corpus spanning decades of malware families, APT tools, and reverse-engineering research.

  • MalwareBazaar
    featured

    abuse.ch project — crowdsourced malware sample repository. Upload and download samples, search by hash/tag/family, API access. Integrated into this platform's IOC checker.

  • VirusShare

    Malware sample repository maintained by VirusTotal contributor. 40M+ samples available for download. Free registration required. Password-protected ZIP archives.

  • MalShare
    featured

    Free malware sample repository with REST API. 1000+ daily samples from 30+ sources. Search by hash, file type, or keyword. API key available with free registration. Integrated into this platform's IOC checker.

  • theZoo

    Open-source live malware repository on GitHub. Curated samples organized by family with encrypted archives. CLI tool for downloading and analysing samples. Educational purpose.

  • PolySwarm

    Decentralized malware marketplace — submit samples for scanning by multiple competing engines. Free tier available. Real-time threat intelligence from 40+ anti-malware engines.

  • InQuest Labs
    featured

    Malware research lab — IOC database, YARA rule repository, retrohunt, and sample analysis. Free tier with API access. Specialises in document-based malware (Office, PDF, LNK).

  • ThreatFox
    featured

    abuse.ch IOC sharing platform — community-submitted IOCs (IPs, domains, URLs, hashes) mapped to malware families. Searchable database with API. Integrated into this platform's live IOCs feed.

  • URLhaus
    featured

    abuse.ch URL tracking — community-submitted malicious URLs serving malware payloads. Searchable database with API and downloadable blocklists. Integrated into this platform's live IOCs feed.

  • SSL Blacklist

    abuse.ch SSL/TLS certificate blacklist — tracks malicious SSL certificates used by botnet C2 servers. Downloadable IP and certificate SHA1 blacklists.

  • YARAify

    abuse.ch YARA scanning platform — submit samples for YARA rule matching, search by YARA rule, upload custom rules. Community-driven detection rule testing.

  • ANY.RUN
    featured

    Interactive malware sandbox — real-time behavioural analysis with Windows VMs. Free tier with public submissions. Process tree, network captures, MITRE ATT&CK mapping.

  • Joe Sandbox

    Commercial malware analysis sandbox with free community tier. Deep behavioural analysis, YARA rules, sigma detection, and network IOCs extraction.

  • Hybrid Analysis
    featured

    Free malware analysis sandbox by CrowdStrike. Static + dynamic analysis, MITRE mapping, network IOCs, and community verdicts. API access available.

  • VirusTotal
    featured

    The definitive malware and IOC analysis platform. 70+ AV engine scan, behavioural sandbox, YARA search, graph analysis, community comments. Free API with rate limits.

  • AlienVault OTX
    featured

    Open Threat Exchange — community-driven threat intelligence. IOC pulses, reputation data, endpoint telemetry. Free API. Integrated into this platform's IOC checker.

  • C2IntelFeeds

    Automated C2 infrastructure feeds — IP and domain lists for Cobalt Strike, Sliver, Brute Ratel, and other C2 frameworks. Updated daily via GitHub. Integrated into this platform's live IOCs feed.

  • OpenPhish

    Automated phishing intelligence — real-time phishing URL feed. Community feed is free; premium adds targeted brand analysis. Integrated into this platform's live IOCs feed.

  • PhishTank

    Community phishing verification platform — submit and verify suspected phishing URLs. Free API and downloadable database. Operated by OpenDNS/Cisco.

  • OpenGraph Intel
    featured

    Open-source visual intelligence platform for OSINT link analysis and graph-based investigation workflows. Investigate entities, map relationships, and run graph-native transforms. Features username search, domain-to-IP pivoting, email-to-domain extraction, and HTTP header analysis.

  • CrowdSec CTI

    Crowd-sourced threat intelligence API. IP reputation, attack categories, behaviors, and community trust scores. Free tier: 1000 lookups/month. Integrated into this platform's IOC checker.

  • Spur.us

    VPN, proxy, and residential IP detection service. Identifies anonymization services and their providers. Free community endpoint available. Integrated into this platform's IP enrichment.

  • IPinfo.io

    IP geolocation, ASN, company, and privacy detection API. 50k requests/month on free tier. Integrated into this platform's IP enrichment.

  • CriminalIP

    IP reputation and vulnerability scanning platform. Detects malware, botnets, phishing, mining, and remote access. Free tier: 100 lookups/month.

  • Shodan InternetDB

    Free, keyless IP intelligence API from Shodan. Returns open ports, CVEs, hostnames, and tags for any IP address. Unlimited lookups. Integrated into this platform's IOC checker.

  • PhishStats.info

    Phishing URL statistics and reputation data. Score, first/last seen, target brand, hosting country. Free API, no authentication required. Integrated into this platform's IOC checker.

  • Digital Side Threat Intel

    Free threat intelligence feeds on GitHub — malware URLs, phishing URLs, C2 domains, and file hashes. Updated regularly. Integrated into this platform's IOC checker.

  • MISP · Malware Information Sharing Platform
    featured

    Open-source threat intelligence platform for sharing, storing and correlating IOCs. 200+ default feeds from public sources. STIX/TAXII support, feed system, API, and MISP taxii server integration. De facto standard for CTI sharing.

  • IntelOwl
    featured

    Open-source threat intelligence analysis orchestration — submits files, URLs, hashes, IPs to 200+ analyzers (VirusTotal, AbuseIPDB, Shodan, YARA, etc.). REST API, web UI, Celery-based job queue.

  • OpenCTI
    featured

    Open-source threat intelligence platform by Filigran. Knowledge graph for threat actors, TTPs, campaigns, IOCs. STIX/TAXII native, 20+ connectors, MITRE ATT&CK mapping. Self-hosted or cloud.

  • INTELMQ · Feed Processing Framework

    Python framework by CERT Austria for collecting, processing, and correlating threat intelligence feeds. Modular bots (collectors, parsers, experts, outputs). Handles 200+ feed formats at scale.

  • CriticalPathSecurity · Public Intelligence Feeds
    featured

    Curated, deduplicated threat intelligence feeds combining Abuse.CH, AlienVault, BinaryDefense, CobaltStrike, Emerging Threats, SANS, ThreatFox, Tor, and more. Standardized TXT format with versioned files.

  • Bert-JanP · Open Source Threat Intel Feeds

    CSV catalog of 145+ free threat intelligence feeds organized by type (IP, DNS, URL, MD5, SHA256, CVE, JA3) with vendor metadata. Reference directory for discovering new feed sources.

  • Awesome Threat Intelligence
    featured

    Curated list of 1,000+ threat intelligence resources — feeds, tools, frameworks, platforms, YARA rules, SIGMA rules, standards, books, and courses. 10,000+ GitHub stars.

  • Awesome Threat Intel

    Extended directory of threat intelligence projects, tools, and data sources. Covers STIX/TAXII, MISP, YARA, SIGMA, OpenCTI connectors, and CTI automation pipelines.

  • Awesome Threat Detection

    Curated list of open-source threat detection resources — detection engineering, SIGMA rules, YARA rules, queries (KQL, SPL, EQL), threat hunting, and adversary emulation.

  • YARAHub

    Open YARA rule sharing platform. Community-submitted detection rules with metadata, testing, and indexed search. Covers malware families, C2 frameworks, and file formats.

  • InQuest · Awesome YARA

    Curated list of YARA rules, tools, and resources — rule repositories, testing frameworks, IDE plugins, and learning materials for YARA-based detection engineering.

  • Awesome Rules · Detection Rules Collection

    Massive collection of detection rules across YARA, SIGMA, KQL, SPL, and EQL formats. Categorised by MITRE ATT&CK technique. Curated from multiple open-source rule repositories.

  • gendigitalinc · IOC Repository

    Per-malware-family IoC directories with YARA rules and indicators. Organized by malware name with IPs, domains, hashes, and rule files for each family.

  • jstrosch · Malware Samples & Sources

    Curated malware sample collection organized by family. Includes analysis notes, configuration extractors, and references to original sources. Regularly updated with new campaigns.

  • Awesome Forensics Extreme Collection

    Comprehensive DFIR and OSINT tool collection — disk forensics, memory analysis, network forensics, timeline analysis, triage, and reporting tools. Community-maintained resource list.

  • Awesome Forensics

    Curated list of digital forensics resources — forensic tools, analysis frameworks, artifact collections, CTF challenges, and educational materials for DFIR practitioners.

  • OSINT Collectors

    Curated collection of OSINT data collectors — web scraping templates, API wrappers, and data extraction scripts for open-source intelligence gathering across platforms.

  • OSINT for Countries

    Per-country OSINT resource directory — 1,500+ curated tools and data sources across 247 countries. Covers government registries, news, maps, people search, social media, transportation, utilities, and crime data. Powers the interactive country OSINT map on this platform.

  • AWS Incident Response Samples

    Official AWS incident response playbook samples — CloudFormation templates, Lambda functions, and runbooks for automating IR workflows in AWS. Pre-built response actions for common scenarios.

  • TAXII 2.1 Server

    This platform's TAXII 2.1 server for automated threat intelligence sharing. Compatible with MISP, OpenCTI, Splunk SOAR, and other TAXII clients. Collections: IOCs, actors, malware, vulnerabilities, briefings.

  • Nexus OSINT

    French open-source intelligence platform — real-time aggregation across geopolitics, cyber, and military domains. Multi-source dashboard surfacing breaking events with structured metadata for analysts tracking hybrid threats.

  • CLOAK Matrix

    OPSEC techniques and procedures reference — tactic → technique → sub-technique → procedure hierarchy modeled after MITRE ATT&CK but scoped to operational-security tradecraft. Useful for blue teams mapping counter-surveillance controls and red teams modelling adversary OPSEC gaps.

  • OnionScan

    Tor hidden-service scanner that probes .onion operators for opsec leaks and misconfiguration that could deanonymize them. Reports on exposed server banners, EXIF in page assets, open ports, Apache mod_status leaks, and other metadata that has historically been used to identify Silk Road-style operators. MIT, Go, s-rah/onionscan.

  • OnionScout

    Lightweight Python CLI for auditing Tor hidden services for clearnet dependencies, metadata leaks, fingerprinting indicators, and basic de-anonymization risks. Modern (2026) alternative to OnionScan, pip-installable.

  • DroidFS

    Android encrypted overlay filesystem using gocryptfs (and CryFS). Mounts volumes as virtual disks without root, keeping data invisible to other apps and media scanners. AGPL-3.0, on F-Droid. Critical for mobile OpSec — encrypted photo capture, internal file viewer, fingerprint unlock, auto-lock on background.

  • MacChangerX

    Python Linux MAC changer with random / spoof / anti-fingerprint modes. Bundles log clearing, hostname spoofing, DNS cache flushing, and Bluetooth MAC rotation — all-in-one L2 fingerprint erasure. MIT, requires root. (Small but free and works.)

  • SpoofDPI

    Go-based anti-censorship proxy that bypasses Deep Packet Inspection without root/admin by modifying the length of the first packets in the TLS handshake, defeating packet-based DPI used by ISPs to censor the web. Apache-2.0, 4.6k★, install via Homebrew or single binary from GitHub releases.

  • kloak

    Keystroke and mouse anti-fingerprinting tool. Emulates an average typing rhythm by randomizing inter-key intervals + speed, defeating keystroke-biometric identification. Also obfuscates mouse path/timing. BSD-3-Clause, Wayland-native, ships in Whonix / Tails. Original vmonaco/kloak archived; Whonix fork is the active branch.

  • ProxyChains-NG

    LD_PRELOAD hook that routes any dynamically-linked program's TCP traffic through a proxy cascade. Fork of the classic proxychains adding IPv6 support, mixed SOCKS4/5 + HTTP/HTTPS chaining, and automatic failover to live nodes. GPL-2.0, available in apt/brew/Arch.

  • RaspiBlitz

    DIY Bitcoin + Lightning full node on a Raspberry Pi with integrated Tor, Electrum server, and physical-key HD wallet isolation. Self-sovereign hardware node with zero cloud dependence. MIT, but the hardware (Pi 4/5 + 1-2 TB SSD + PSU) costs ~$200-400 — software is free, the appliance isn't.

  • Anthropic Cybersecurity Skills
    featured

    754 structured cybersecurity skills for AI agents across 26 security domains. Mapped to 5 frameworks: MITRE ATT&CK v19.1, NIST CSF 2.0, MITRE ATLAS, D3FEND, and NIST AI RMF. Works with Claude Code, Copilot, Codex CLI, Cursor, Gemini CLI, and 20+ platforms. 14,000+ GitHub stars.

  • Awesome Agent Skills
    featured

    Collection of 1,400+ AI agent skills from official dev teams (Anthropic, Google, Vercel, Stripe, Cloudflare, Trail of Bits) and the community. Compatible with Claude Code, Codex, Gemini CLI, Cursor, and agentskills.io standard. 24,000+ GitHub stars.

  • Awesome AI Security
    featured

    Curated list of AI security resources — frameworks, standards, red teaming tools, LLM attack techniques, agentic AI security, MCP security, adversarial ML, and AI governance. 1,000+ GitHub stars.

  • OpenOSINT

    AI-powered OSINT agent with interactive REPL, CLI, MCP server, and Web UI. 16 tools for email, username, breach, WHOIS, IP, subdomain, Shodan, VirusTotal, Censys, and DNS intelligence. Supports Claude, GPT-4, and local Ollama models. Apache 2.0.

  • Awesome Pentest
    featured

    Comprehensive curated collection of 10,000+ penetration testing resources — tools, books, frameworks, CTF platforms, network tools, exploit development, OSINT, web exploitation, reverse engineering, and security conferences. 26,000+ GitHub stars.

  • OWASP Web Security Testing Checklist

    Structured OWASP checklist covering 100+ web application security tests — info gathering, config management, authentication, session management, authorization, data validation, cryptography, and business logic. 2,000+ GitHub stars.

  • CTI as a Code
    featured

    Version-controlled CTI methodology with 8 structured training assignments covering reactive, proactive, and full-cycle intelligence. Docker Compose lab stack (OpenCTI, TheHive, Cortex, Elastic SIEM). Evidence-traced analysis with deployable Sigma rule output.

    why: Practitioner-grade CTI training that treats investigations like software engineering — version-controlled, template-driven, evidence-traced, and reproducible.

  • Redroom
    featured

    CIA-style real-time geopolitical news monitoring platform — live map visualization, news crawler, facilities database, and Neo4j network graph explorer. MENA region focus with interactive map overlays and dark/light mode.

  • WorldWideView
    featured

    Geospatial intelligence platform — real-time 3D globe with live data feeds, entity filters, and infrastructure tracking. AI-powered news aggregation, geopolitical monitoring, and infrastructure visualization.

  • signature-base
    featured

    Comprehensive YARA rules and IOC signatures by Florian Roth. 1,000+ rules covering APT groups, malware families, web shells, and exploitation tools. Updated regularly. MIT licensed.

  • ThreatHunter-Playbook
    featured

    Detection logic mapped to MITRE ATT&CK — Jupyter notebooks with Sigma rules, Splunk queries, and threat-hunting methodologies for each technique. Community-driven, regularly updated.

  • ransomwatch

    Ransomware group monitoring — tracks 100+ ransomware operations, scrapes leak sites, and publishes structured JSON of new victim posts. MIT licensed. Integrated into this platform's live IOCs feed.

  • MISP Galaxy
    featured

    Open knowledge base of threat actor clusters, malware, ransomware, tools, and ATT&CK matrices. 200+ clusters covering threat actors, backdoors, bankers, exploit kits, ransomware, RATs, and surveillance vendors. CC0-licensed — importable into any threat intelligence platform.

    why: Definitive open-source repository of structured threat intelligence clusters — the reference for actor naming, tool tracking, and cross-platform STIX-compatible sharing.

  • The OSINT Vault

    Complete OSINT platform with 4,577+ verified public records sources across all 50 US states, multi-search launcher (80+ platforms), Google dork generator, report composer, bookmarklet library (60+ one-click tools), and investigation notebook. All browser-based, no registration required.

    why: The OSINT Grid (4,577 public records sources) is a unique structured dataset. Multi-search launcher and dork generator complement our existing /dfir/google-dorks and /dfir/osint-map tools.

  • ThreatSignal

    Threat intelligence dashboard — live IOC feeds, campaign tracking, and real-time security event monitoring from Mjolnir Security.

  • BAMQAM
    featured

    Live military/geopolitical operations dashboard by Nehemia Gershuni-Aylho. ADS-B aircraft tracking, AIS ship tracking, satellite tracking, GPS jamming overlays, fire/thermal detection, UKMTO maritime incidents, Gulf civil defense alerts, NOTAM data, and time-machine replay. Real-time CENTCOM theater visualization.

    why: Bridges the gap between civilian CTI and military OSINT. The GPS jamming overlay, time-machine replay, and UKMTO maritime incident feed are unique capabilities not found in other open dashboards. Strong complement to our GlobalPulse war-room and aircraft layers.

  • pathfinding.cloud
    featured

    AWS IAM privilege escalation attack paths and hands-on labs by Datadog Security Labs. Comprehensive library of IAM escalation techniques with exploitation guides, detection coverage maps, and deployable lab scenarios (Stratus Red Team meets IAM Vulnerable).

    why: The only open-source resource mapping complete AWS IAM privilege escalation chains with both offensive and defensive coverage. Essential for cloud security assessments and detection engineering.

  • OSIRIS
    featured

    Open-source Palantir alternative — 3D globe tracking 10,000+ aircraft (ADS-B), 2,000+ satellites, and worldwide CCTV. Built-in browser tools: Nmap, DNS, WHOIS, SSL cert, BGP/ASN lookups, IP reputation. 20+ live feeds (earthquakes, wildfires, nuclear facilities, cyber threats, conflicts, GPS jamming).

    why: Unifies the OSINT + CTI + GEOINT experience into a single browser dashboard — closest open-source analogue to commercial intelligence platforms. Strong complement to our GlobalPulse war-room and our aircraft/satellite layers.

  • Personal Security Checklist
    featured

    Lissy93's curated checklist of 300+ tips for protecting digital security and privacy — 21k+ stars on GitHub. Structured as a YAML knowledge base with categories covering accounts, devices, networks, communications, physical, and OPSEC. CC0-licensed.

    why: The de-facto open-source personal security checklist. The structured YAML makes it a natural complement to a local interactive checklist implementation.

  • Mastering Threat Intelligence Platforms

    Curated start.me page aggregating threat-intelligence platform resources, tooling, and references. Useful for discovering adjacent CTI sources and community-maintained watchlists.

  • Bitwire IP Blocklist (GitHub)
    featured

    Bitwire-it/ipblocklist — 338-star GitHub repo aggregating 30+ IP blocklists (AbuseIPDB, FireHOL, ipsum, ThreatFox, Spamhaus DROP, Binary Defense, SANS, CINSscore) into two curated feeds updated every 2h. inbound.txt (~2M IPs) for WAN-IN drops, outbound.txt (~150K IPs) for LAN-OUT blocks. CC BY-NC-SA 4.0.

    why: Best open-source single-source-of-truth for compiled malicious IP feeds. Reflected in /threatintel/bitwire-blocklist (in-platform dashboard), /dfir/blocklists (consolidated pfSense/iptables/Suricata) and /api/v1/feeds/ioc-summary?source=bitwire-inbound|bitwire.

  • ifconfig.co

    Minimal "what is my IP" service with JSON / plain-text / user-agent / port-aware endpoints. Useful as a sanity check during egress filtering tests, IP-reputation triage, and to confirm whether a VPN / proxy / Tor exit is in use.

  • Gonzosint Fingerprinter

    Comprehensive browser-fingerprint demo from Gonzosint. Loads ThumbmarkJS, ImprintJS and 8+ other fingerprinting libraries side-by-side so analysts can see what each library leaks: canvas hash, audio context, WebGL renderer, font enumeration, hardware concurrency, etc.

    why: Side-by-side comparison of every major fingerprint library is unique — useful for /dfir/privacy follow-up: see exactly what your own browser is leaking and which library would be the most effective adversary tool.

  • OSINT Newsletter — OSINT Tools Library

    Curated GitBook catalog of OSINT tools maintained by the OSINT Newsletter community. Grouped by category (people search, geolocation, social, infra) with one-page summaries, screenshots, and quick links. A more editorial / human-curated alternative to the OSINT Framework.

  • URLScan.io
    featured

    Free public URL sandbox — 100 scans/day without auth. Captures screenshot, rendered DOM, network requests, TLS chain, and verdicts for any submitted URL. Used by /api/v1/url-preview and as enrichment in /dfir/phishing.

  • GreyNoise Community

    Free community API classifies IPs as benign / malicious / unknown by tracking internet-wide scanner/mass-exploitation traffic. Tag-based filter lets analysts separate targeted from opportunistic noise. Strong complement to AbuseIPDB.

  • LeakIX

    Open search engine for exposed services and leaked credentials. Free public API. Used by /api/v1/breach/leakix to surface internet-exposed hosts with CVE / version context.

  • AbuseIPDB

    Community IP-reputation database — 1000 free lookups/day. Confidence-scored abuse reports per IP. Used as enrichment in /api/v1/ioc-check.

  • Shodan

    Internet-wide device / service / banner search engine. Free tier exposes the most popular queries. Used in the platform's enrichment providers for service fingerprinting and CVE/CPE lookup.

  • APT Tracker

    Open-source APT groups and operations database — tracks 411 groups across 9 regions with aliases, attributed malware, known operations, and country-level mapping. CC BY 4.0 licensed, compiled from public threat intelligence sources.

  • vxdb.sh

    Threat intelligence and cybercrime news blog — deep-dive investigations into organized crime, crypto heists, infostealers, piracy takedowns, and underground markets. Ghost-powered, CC BY 4.0.

  • H3AD-SEC
    featured

    Operational cyber defense platform with 20+ live tools across 7 domains: Threat Exchange (VERDIKT, X-VERDIKT, PARSE-X, DNSCOPE, MAILSCOPE), AI-powered runbooks (INSIGHT-AI, QUERYCRAFT-AI, FPLENS-AI, ATTMAP-AI, CHRONO-AI, MALBRIEF-AI, PROMPTVAULT, VERDIKT-AI), Detection Engineering (TRACERULES), Threat Hunting (HYPOS, PIVEX, TRACEPULSE), SOC Ops (QUICKTRACE, PHISHOPS, SHIFTLOG), Digital Forensics (REGSCOPE, MALBRIEF-AI), and IR (PHISHBOOK).

    why: Comprehensive platform with tools across the full kill chain. Several tools are directly integrated into this platform (FPLENS, QUERYCRAFT, CHRONO, MALBRIEF, VERDIKT, PHISHOPS, PIVEX, TRACEPULSE, QUICKTRACE, PHISHBOOK).