I frequently give talks about cybersecurity. During these talks I mention (and sometimes live-demo) various tools hackers and security researchers use, as well as tools used to prevent or mitigate attacks. Here is a partial list of the tools I mention. This is by no means an exhaustive list. As with the rest of this blog, opinions here are my own.

Last updated April 29, 2018


  • Email harvesting - TheHarvester by Edge Security
  • Vulnerability scanning - Nessus by Tenable
  • Penetration testing - Metasploit by Rapid7.
  • Viruses to download - VirusShare.com WARNING: these are real viruses. Do not run anything from this site on a device you care about.
  • Twitter locations - GeoSocial Footprint
  • Corporate website IT job listings - look at your target’s job listings for IT staff to identify potential attack vectors



Reports and further reading