Stay up-to-date with the latest vulnerabilities and attacks
https://www.sans.org/newsletters/newsbites/ SANS NewsBites (bi-weekly)
https://www.sans.org/newsletters/at-risk/ SANS @Risk (weekly)
Reconnaissance / OSINT
https://osintframework.com (web based framework containing different tools that you can use to carry out open-source intelligence)
https://tineye.com (Reverse Image Search)
https://www.osintcombine.com/reverse-image-analyzer (Reverse Image Search with AI/ML)
https://29a.ch/photo-forensics (Photo Forensics with Metadata Analysis)
https://pimeyes.com/en (Search engine for Face Recognition)
https://www.virustotal.com/gui/home/url (Analysis of Malware)
https://urlscan.io (Analysis of Websites for Malware)
https://dnsdumpster.com (Online Domain research tool, can find subdomains)
https://crt.sh (Certificate search, can find subdomains)
https://shodan.io (IoT Search Engine)
https://search.censys.io (IoT Search Engine)
https://builtwith.com (Find out what websites are Built With)
http://web.archive.org (Wayback Machine)
https://whatsmyname.app (Enumerate Usernames across Websites)
https://www.social-searcher.com (Free Social Media Search Engine)
https://www.heavy.ai/demos/tweetmap (Analysing geolocated Tweets)
https://intelx.io/tools?tab=youtube (YouTube Metadata Viewer)
http://mattw.io/youtube-metadata (YouTube Metadata Viewer)
https://haveibeenpwned.com (Check if your email or phone is in a data breach)
https://emailrep.io (Simple Email Reputation)
https://www.walletexplorer.com (Bitcoin block explorer with address grouping and wallet labeling)
https://www.bitcoinwhoswho.com (Bitcoin Address Lookup)
https://etherscan.io (Ethereum Blockchain Explorer)
https://opencellid.org (Database of cell towers)
https://www.osintcombine.com/data-visualization-tool (Data visualisation tool)
https://www.osinttechniques.com/osint-tools.html (Collection of OSINT online tools)
https://github.com/ElevenPaths/FOCA (tool used to find metadata and hidden information in documents)
https://github.com/lanmaster53/recon-ng (full-featured reconnaissance framework to conduct open source web-based reconnaissance)
https://www.maltego.com/downloads (OSINT tool which analyses the searches and findings graphically)
https://github.com/laramies/theHarvester (tool that gathers names, emails, IPs, subdomains, and URLs by using multiple public resources)
https://github.com/pielco11/fav-up (Lookup real IP from Cloudflare)
Linux
https://explainshell.com (Explains parameters for common linux commands)
https://www.revshells.com (Online Reverse Shell Generator)
Windows
https://github.com/4ndr34z/ntlmthief (NTLMThief)
Search Engines
https://shodan.io (IoT Search Engine)
https://security.snyk.io (Database with known vulnerabilities)
https://filesec.io (Database of file extensions used by attackers)
https://andreacristaldi.github.io/APTmap (APTmap)
Vulnerability Scanning
https://de.tenable.com/products/nessus/nessus-essentials (Nessus Essentials - scan up to 16 IPs for free)
Exploits
https://exploit-db.com (Tested exploits recommended)
http://0day.today (Exploit database)
Privilege Escalation
https://gtfobins.github.io (How to bypass local security restrictions in Linux / UNIX)
https://lolbas-project.github.io (Living Off The Land Binaries, Scripts and Libraries / WINDOWS)
https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/ (Basic Linux Privilege Escalation)
https://github.com/abatchy17/WindowsExploits ((mostly) pre-compiled Windows PE exploits)
Web
https://github.com/projectdiscovery/katana (Katana web crawler)
https://github.com/kraken-ng (Kraken webshell)
Practice Questions
https://ceh.cagy.org (CEHv8 - CEHv10)
CPENT TryHackme-Machines
Blue (Windows, Metasploit)
RootMe (Linux, File Upload Vulnerability, Reverse Shell)
0day (Linux, many rabbit holes, Metasploit)
ColddBox (Linux, Wordpress, Brute Force, Reverse Shell)
All in One (Linux, Wordpress, FileInclusion, Reverse Shell)
DogCat (Linux, LFI, Log Poisening)
CPENT Active Directory
https://orange-cyberdefense.github.io/ocd-mindmaps/img/pentest_ad_dark_2022_11.svg (AD Exploitation Mindmap)
https://github.com/Orange-Cyberdefense/GOAD (Game of Active Directory)
https://zer1t0.gitlab.io/posts/attacking_ad (Attacking Active Directory)
https://github.com/lefayjey/linWinPwn (LinWinPwn - automation of Active Directory Enumeration)