« Back to home

Useful links


Here a list of links to different web resources on various subjects.

Hacking/Social engineering

  • Bishopfox: A nice collection of tools for web crawling
  • Bot or Not: Study a Twitter user profile to identify the probability of being a bot
  • Pipl: Find information on a person from a name, email, phone number …
  • Tweets Analyzer: A command line tool for tweet analysis ( geolocation, time, hashtags …)
  • Pakala: Tool to spot vulnerabilities inside of Ethereum smart contracts
  • 2FA: List supported 2FA for main Internet websites
  • Jenkins-Pillage: A tool to automatize data collection in a vulnerable Jenkins instance
  • Google Image: Did you know you can use Google to search for an image online, quite convenient.
  • Online Metadata viewer: If you’re lazy to have it offline.
  • Tools tldr: A script or tool not in this list? Then you can probably find it there

Privacy/Anonymity/Decentralized services

  • Dnsleaktest: check if your VPN is leaking your IP address
  • Ipleak: Alternative website to Dnsleaktest
  • Witch: check client info, useful to see if you’re OpenVPN software is well implemented (detectable, change default port)
  • Tor bridge: Get a tor bridge if Tor is blocked in your country, odds are this website is blocked too in that case
  • Blocklists: the Best collection of blocklists for a DNS filtering service (Pi-hole, your router, ublock…)
  • Vueville: Nice resources on how to set up a camera surveillance system
  • Tor-relay.co: An online tool to help you configure a Tor relay on any platform, quite handy for first-timer.
  • Kycnot.me: Many cryptocurrencies services accessible without ANY identity control. I would never expected we would need such a website 5 years ago where anonymity was the agreed norm.
  • Pandemic Big Brother: Makes me wish to emigrate to Sweden
  • Fawkes: A tool to cloack your personal pictures, read more in this Master’s prez)

Tor .onion websites


  • Opensnitch: A user-friendly GUI system firewall for Linux
  • Rkhunter: An excellent tool to track potential rootkit on a Unix like system
  • Windows update troubleshooter: A helpful tool made by Microsoft to help to troubleshoot their shitty OS updates. If not already done, I recommend you to turn off automatic windows update in the registry and only take the business versions which are tested and more stable.
  • Blackbird: best tool to disable Windows 10 tracking services and useless features (Xbox, Music, Weather, News …)


  • Chaoskube: Tool to kill random pods in a Kubernetes cluster (Chaos engineering)
  • Dive: A tool to “dive” inside of docker images
  • AWS roadmap: Roadmap of forecasted features about containers on AWS
  • Lazydocker: A terminal UI to make the docker-compose experience close to the K8S console
  • K8S prod best practices: A mandatory checklist
  • K8SYAML: A web tool to easily generate K8S yaml config files

AWS Cloud

  • Asecurecloud: the best collection of resources on AWS security, including a tool to craft automatically corresponding Cloudformation templates
  • AWS status: Get in real time the availability of different AWS regions, zones, and services
  • ec2instance: Nice table containing the pricing and specifications of any ec2 instances across regions
  • AWS Data Transfer Cost: Figure summarizing the cost of any data transfer across AWS Cloud
  • IAM Cloudonaut: The best guide I’ve found to AWS services API, a MUST before writing any IAM policy
  • AWS service support: AWS security coverage per service
  • AWS CLI builder: The purpose of this website is all in the name
  • LastWeekInAWS: Best AWS mailing list to stay up to date
  • AWSGeek: Probably the best set of AWS explaining diagrams available online
  • AWS Breaking Changes: Someone kind enough to track all the breaking AWS service changes that have been carefully hidden in obscure forums by the AWS staff 👹
  • Cloudformation Roadmap: Official AWS maintained list of upcoming Cloudformation features,definitely a crucial resource.
  • AWS History: A list to help you tracking announced AWS services and their release.
  • Lambda Coldstart: A handy resource provided by Nordcloud to check lambda coldstart according: runtime, region, size, memory. And they run it twice a day!!
  • AWS exposable resources: List of AWS resources that can inadvertently be made public 😱

Other Clouds (GCP, Azure …)

  • Lowendbox: Temporary announces for cheap VPS
  • Serverless Benchmark: A performance benchmark of the serverless functions of several Cloud Providers
  • Cloud Comparison Tool: A tool to help to compare the features and solutions of different Cloud Providers
  • GCP calculator: A billing calculator for resources on Google Cloud Platform
  • KilledbyGoogle: Because all Google’s product have an EOL, I’m waiting to find GCP, Gmail and Playstore here.
  • Azure checklist: Azure migration readiness checklist
  • MS Licensing: Only clear visualization of the licenses for MicroSoft Cloud products I could find. No idea why it’s not on their official website.
  • Permissions Cloud: A great web tool to verify Cloud API permissions.

Web Development

  • realfavicongenerator: Best website to generate favicons adapted to all platform types
  • Css Peeper: Nice web plugin simplifying the identification of CSS style on a site, useful if like me you’re not particularly blessed in web designing
  • Markmap: A js library to generate mindmaps from Markdown. If I add some on this blog, you’ll know where it comes from.
  • Regexr: Because anyway no one likes to write Regex
  • Wordsafety: Check a name for unwanted meaning in 19+ languages
  • Unsplash: My go-to when I need free-usable images
  • SRI Hash Generator: Subresource Integrity Hash Generator

DevSecOps / AppSec

  • 12factors: A MUST read in the field of applicative development
  • Choose a license: Useful resource made by Github to help you to choose the right license for your open source project
  • Cloudworker: A tool to run Cloudflare Worker scripts locally
  • CNCF landscape: A landscape of all the Cloud Native hotest tools ordered per category, handy if you’re still hesitant on which tools to adopt at the begining of a new project.
  • Git cheatsheet: I’m sure even the best among us needs such a help sometimes
  • eng-practices: Google’s best practices for code review
  • SSL Configuration Generator: Online tool from Mozilla to help generating SSL config files
  • Dangit: Cheatsheet to fix Git mistakes
  • AppSecMap: A great visualisation to select vendors for everything you might need in AppSec

Enterprise Security

  • Zero Trust Architecture: Guidance to implement a Zero-Trust IT architecture (From the British National Cyber Security Center NCSC)
  • OWASP DevSecOps Matrix: OWASP DevSecOps maturity model Matrix (web version)
  • CVSSJS: There are days this tool represents more than 90% of my work outside of reporting.
  • ATT&CK: The ATT&CK matrix, no need for presentation anymore
  • RE&CT: Equivalent of the ATT&CK matrix for the defensive (blue team) side.
  • D3FEND: Official ATT&CK defensive equivalent from the MITRE organization
  • Sim3 OpenCSIRT Online tool to assess a CSIRT capabilities.
  • VECTR: Tool to facilitate the tracking of red and blue team testing.
  • Uncoder: Online tool to convert SIEM/EDR detection rules accros various formats.


  • Whattomine: Best site to calculate your mining profitability and options
  • Coinwarz: Equivalent to Whattomine but more ASIC oriented
  • Nicehash calculator: Calculate profitability when using Nicehash mining software
  • Monerobenchmark: Benchmark of mining equipments for Monero
  • crypto51: risk of a PoW cryptocurrency being 51% attacked
  • Howmanyconfs: similar, give you the safety of a PoW blockchain compare to BTC (Based on Nicehash prices per s and time between confirmation)


  • Bitcoin-only: Best all-in source of information
  • Bitcoinqna: Same as above, but shorter
  • Bitcoinfees: Recommended Bitcoin transaction fees
  • Txaccelerator: A tool to accelerate a Bitcoin transaction validation
  • 1ml: Tool to analyze Bitcoin lightning network
  • Mtgox: Monitor the activity of Bitcoin accounts associated with the hack of Mtgox in 2014 ( 850k Bitcoins stolen )
  • Caravan: Open-source tool to manage Bitcoin multi-sig transactions
  • MicroStrategy Bitcoin Strategy: See how Bitcoin performed compare to many other asset types
  • BitcoinWisdom: Track the performance of Bitcoin and other cryptocurrencies.
  • LN.Guide: Extensive guide on the Bitcoin lightning network
  • WalletsRecovery: Tool to help recovering a broken Bitcoin wallet
  • Bitcoin Privacy Guide: An extensive Guide to Bitcoin privacy
  • Bitcoin Uptime Tracker: Track Bitcoin network uptime (I wish all my applications would be that resilient)
  • KYCP: A tool provided by OxT research team to verify the anonymity of each sat included in a BTC transaction

Ethereum & DeFi

  • Ethresearch: Research subjects in the Ethereum community
  • Ethgasstation: Tool to optimize gas price while doing an Ethereum transaction
  • Dapp.com: List of the most popular Decentralized Applications (Dapps) on each blockchain, a reference if you like Dapps
  • Opensea: If as me you love ERC20 tokens, I bet you love even more ERC721 collectibles. And you know what? There is a market place for them
  • Tornado.cash: A bit of privacy in the Ethereum world
  • Revoke: Allow to revoke an address participation to a smart contract (As long as you own the private key)
  • DeFi Pulse: Best resource to learn more about a DeFi protocol
  • StackingEther: Analyze of the Ethereum2.0 PoS network
  • DaiStats: Statistics from the Dai decentralized stablecoin network


  • Localmonero: Equivalent to localbitcoin but for Monero which is a private coin
  • Moneroworld: Real-time information on the Monero ecosystem
  • xmr.to: Service to pay someone in Bitcoin but using Monero
  • Staking Rewards: Analyze top staking cryptocurrencies project by reward