awesome-hacking

A curated list of awesome Hacking tutorials, tools and resources

GitHub

13k stars
610 watching
2k forks
last commit: 4 months ago
Linked from 17 awesome lists

awesomehacking

System / Tutorials

Roppers Computing Fundamentals

System / Tutorials / Roppers Computing Fundamentals

gitbook Free, self-paced curriculum that builds a base of knowledge in computers and networking. Intended to build up a student with no prior technical knowledge to be confident in their ability to learn anything and continue their security education. Full text available as a

System / Tutorials

Corelan Team's Exploit writing tutorial
Exploit Writing Tutorials for Pentesters
Understanding the basics of Linux Binary Exploitation 1,295 over 3 years ago
Shells
Missing Semester

System / Tools

Metasploit 33,868 10 days ago A computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development
mimikatz 19,317 3 months ago A little tool to play with Windows security
Hackers tools Tutorial on tools

System / Tools / Docker Images for Penetration Testing & Security

official Kali Linux
official OWASP ZAP 12,560 12 days ago -
official WPScan -
Official Metasploit -
Damn Vulnerable Web Application (DVWA) -
Vulnerable WordPress Installation -
Vulnerability as a service: Shellshock -
Vulnerability as a service: Heartbleed -
Security Ninjas -
Arch Linux Penetration Tester -
Docker Bench for Security -
OWASP Security Shepherd -
OWASP WebGoat Project docker image -
OWASP NodeGoat 1,878 4 months ago -
OWASP Mutillidae II Web Pen-Test Practice Application -
OWASP Juice Shop 10,269 7 days ago -
Docker Metasploit -

System / General

Exploit database An ultimate archive of exploits and vulnerable software

Reverse Engineering / Tutorials

Begin RE: A Reverse Engineering Tutorial Workshop
Malware Analysis Tutorials: a Reverse Engineering Approach
Malware Unicorn Reverse Engineering Tutorial
Lena151: Reversing With Lena

Reverse Engineering / Tools / Disassemblers and debuggers

IDA IDA is a Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger
OllyDbg A 32-bit assembler level analysing debugger for Windows
x64dbg 44,505 5 days ago An open-source x64/x32 debugger for Windows
radare2 20,462 8 days ago A portable reversing framework
plasma 3,050 about 3 years ago Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code
ScratchABit 394 almost 4 years ago Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API
Capstone 7,509 12 days ago
Ghidra A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission

Reverse Engineering / Tools / Decompilers

Luyten 4,992 3 months ago one of the best, though a bit slow, hangs on some binaries and not very well maintained
dotPeek a free-of-charge .NET decompiler from JetBrains
ILSpy 21,362 6 days ago an open-source .NET assembly browser and decompiler
dnSpy 26,416 almost 4 years ago .NET assembly editor, decompiler, and debugger
Hopper A OS X and Linux Disassembler/Decompiler for 32/64-bit Windows/Mac/Linux/iOS executables
cutter a decompiler based on radare2
retdec 7,982 17 days ago
snowman 2,262 over 1 year ago
Hex-Rays
uncompyle6 3,759 5 days ago decompiler for the over 20 releases and 20 years of CPython

Reverse Engineering / Tools / Deobfuscators

de4dot 6,912 about 4 years ago .NET deobfuscator and unpacker
JS Beautifier 8,594 12 days ago
JS Nice a web service guessing JS variables names and types based on the model derived from open source

Reverse Engineering / Tools / Other

nudge4j 159 over 4 years ago Java tool to let the browser talk to the JVM
dex2jar 12,263 3 months ago Tools to work with Android .dex and Java .class files
androguard Reverse engineering, malware and goodware analysis of Android applications
antinet 296 over 10 years ago .NET anti-managed debugger and anti-profiler code
UPX the Ultimate Packer (and unpacker) for eXecutables

Reverse Engineering / Tools / Execution logging and tracing

Wireshark A free and open-source packet analyzer
tcpdump A powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture
mitmproxy 36,325 8 days ago An interactive, SSL-capable man-in-the-middle proxy for HTTP with a console interface
Charles Proxy A cross-platform GUI web debugging proxy to view intercepted HTTP and HTTPS/SSL live traffic
usbmon USB capture for Linux
USBPcap 910 12 months ago USB capture for Windows
dynStruct 316 about 5 years ago structures recovery via dynamic instrumentation
drltrace 388 about 4 years ago shared library calls tracing

Reverse Engineering / Tools / Binary files examination and editing

HxD A hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size
WinHex A hexadecimal editor, helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security
wxHexEditor 559 4 months ago
Synalize It / -
Binwalk 10,749 9 days ago Detects signatures, unpacks archives, visualizes entropy
Veles 1,145 over 5 years ago a visualizer for statistical properties of blobs
Kaitai Struct 3,990 10 days ago a DSL for creating parsers in a variety of programming languages. The Web IDE is particularly useful for reverse-engineering
Protobuf inspector 952 almost 4 years ago
DarunGrim 359 about 4 years ago executable differ
DBeaver 39,937 about 23 hours ago a DB editor
Dependencies 8,987 5 months ago a FOSS replacement to Dependency Walker
PEview A quick and easy way to view the structure and content of 32-bit Portable Executable (PE) and Component Object File Format (COFF) files
BinText A small, very fast and powerful text extractor that will be of particular interest to programmers

Reverse Engineering / General

Open Malware

Web / Tools

Spyse Data gathering service that collects web info using OSINT. Provided info: IPv4 hosts, domains/whois, ports/banners/protocols, technologies, OS, AS, maintains huge SSL/TLS DB, and more... All the data is stored in its own database allowing get the data without scanning
sqlmap 32,113 17 days ago Automatic SQL injection and database takeover tool
NoSQLMap 2,880 3 months ago Automated NoSQL database enumeration and web application exploitation tool
tools.web-max.ca base64 base85 md4,5 hash, sha1 hash encoding/decoding
VHostScan 1,192 10 months ago A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages
SubFinder 10,057 5 days ago SubFinder is a subdomain discovery tool that discovers valid subdomains for any target using passive online sources
Findsubdomains A subdomains discovery tool that collects all possible subdomains from open source internet and validates them through various tools to provide accurate results
badtouch 397 10 months ago Scriptable network authentication cracker
PhpSploit 2,207 5 months ago Full-featured C2 framework which silently persists on webserver via evil PHP oneliner
Git-Scanner 338 over 4 years ago A tool for bug hunting or pentesting for targeting websites that have open repositories available in public
CSP Scanner Analyze a site's Content-Security-Policy (CSP) to find bypasses and missing directives
Shodan A web-crawling search engine that lets users search for various types of servers connected to the internet
masscan 23,456 2 months ago Internet scale portscanner
Keyscope 385 5 months ago an extensible key and secret validation tool for auditing active secrets against multiple SaaS vendors
Decompiler.com Java, Android, Python, C# online decompiler

Web / General

Strong node.js 500 6 months ago An exhaustive checklist to assist in the source code security analysis of a node.js web service

Network / Tools

NetworkMiner A Network Forensic Analysis Tool (NFAT)
Paros A Java-based HTTP/HTTPS proxy for assessing web application vulnerability
pig 462 almost 4 years ago A Linux packet crafting tool
findsubdomains really fast subdomains scanning service that has much greater opportunities than simple subs finder(works using OSINT)
cirt-fuzzer A simple TCP/UDP protocol fuzzer
ASlookup a useful tool for exploring autonomous systems and all related info (CIDR, ASN, Org...)
ZAP The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications
mitmsocks4j 34 over 11 years ago Man-in-the-middle SOCKS Proxy for Java
ssh-mitm 1,616 over 3 years ago An SSH/SFTP man-in-the-middle tool that logs interactive sessions and passwords
nmap Nmap (Network Mapper) is a security scanner
Aircrack-ng An 802.11 WEP and WPA-PSK keys cracking program
Nipe 1,929 about 1 month ago A script to make Tor Network your default gateway
Habu 881 11 months ago Python Network Hacking Toolkit
Wifi Jammer Free program to jam all wifi clients in range
Firesheep Free program for HTTP session hijacking attacks
Scapy 243 about 1 month ago A Python tool and library for low level packet creation and manipulation
Amass 11,907 19 days ago In-depth subdomain enumeration tool that performs scraping, recursive brute forcing, crawling of web archives, name altering and reverse DNS sweeping
sniffglue 1,095 about 1 month ago Secure multithreaded packet sniffer
Netz 388 over 3 years ago Discover internet-wide misconfigurations, using zgrab2 and others
RustScan 14,349 4 days ago Extremely fast port scanner built with Rust, designed to scan all ports in a couple of seconds and utilizes nmap to perform port enumeration in a fraction of the time
PETEP 181 11 months ago Extensible TCP/UDP proxy with GUI for traffic analysis & modification with SSL/TLS support

Forensic / Tools

Autopsy A digital forensics platform and graphical interface to and other digital forensics tools
sleuthkit 2,598 4 days ago A library and collection of command-line digital forensics tools
EnCase The shared technology within a suite of digital investigations products by Guidance Software
malzilla Malware hunting tool
IPED - Indexador e Processador de Evidências Digitais Brazilian Federal Police Tool for Forensic Investigation
CyLR 625 over 2 years ago NTFS forensic image collector
CAINE CAINE is a Ubuntu-based app that offers a complete forensic environment that provides a graphical interface. This tool can be integrated into existing software tools as a module. It automatically extracts a timeline from RAM

Cryptography / Tools

xortool 1,382 over 1 year ago A tool to analyze multi-byte XOR cipher
John the Ripper A fast password cracker
Aircrack Aircrack is 802.11 WEP and WPA-PSK keys cracking program
Ciphey 18,020 7 months ago Automated decryption tool using artificial intelligence & natural language processing

Wargame / System

OverTheWire - Semtex
OverTheWire - Vortex
OverTheWire - Drifter
pwnable.kr Provide various pwn challenges regarding system security
Exploit Exercises - Nebula
SmashTheStack
HackingLab

Wargame / Reverse Engineering

Reversing.kr This site tests your ability to Cracking & Reverse Code Engineering
CodeEngn (Korean)
simples.kr (Korean)
Crackmes.de The world first and largest community website for crackmes and reversemes

Wargame / Web

Hack This Site! a free, safe and legal training ground for hackers to test and expand their hacking skills
Hack The Box a free site to perform pentesting in a variety of different systems
Webhacking.kr
0xf.at a website without logins or ads where you can solve password-riddles (so called hackits)
fuzzy.land Website by an Austrian group. Lots of challenges taken from CTFs they participated in
Gruyere
Others
TryHackMe Hands-on cyber security training through real-world scenarios

Wargame / Cryptography

OverTheWire - Krypton

Wargame / Bug bounty

Awesome bug bounty resources by EdOverflow 5,826 about 1 year ago

Wargame / Bug bounty - Earn Some Money

Bugcrowd
Hackerone
Intigriti Europe's #1 ethical hacking and bug bounty program

CTF / Competition

DEF CON
CSAW CTF
hack.lu CTF
Pliad CTF
RuCTFe
Ghost in the Shellcode
PHD CTF
SECUINSIDE CTF
Codegate CTF
Boston Key Party CTF
ZeroDays CTF
Insomni’hack
Pico CTF
prompt(1) to win XSS Challenges
HackTheBox

CTF / General

Hack+ An Intelligent network of bots that fetch the latest InfoSec content
CTFtime.org All about CTF (Capture The Flag)
WeChall
CTF archives (shell-storm)
Rookit Arsenal OS RE and rootkit development
Pentest Cheat Sheets 3,864 8 months ago Collection of cheat sheets useful for pentesting
Movies For Hackers 10,561 2 months ago A curated list of movies every hacker & cyberpunk must watch
Roppers CTF Fundamentals Course Free course designed to get a student crushing CTFs as quickly as possible. Teaches the mentality and skills required for crypto, forensics, and more. Full text available as a

OS / Online resources

Security related Operating Systems @ Rawsec Complete list of security related operating systems
Best Linux Penetration Testing Distributions @ CyberPunk Description of main penetration testing distributions
Security @ Distrowatch Website dedicated to talking about, reviewing and keeping up to date with open source operating systems

Post exploitation / tools

empire 7,418 over 4 years ago A post exploitation framework for powershell and python
silenttrinity 2,184 10 months ago A post exploitation tool that uses iron python to get past powershell restrictions
PowerSploit 11,812 about 4 years ago A PowerShell post exploitation framework
ebowla 735 over 5 years ago Framework for Making Environmental Keyed Payloads

ETC

SecTools Top 125 Network Security Tools
Roppers Security Fundamentals Free course that teaches a beginner how security works in the real world. Learn security theory and execute defensive measures so that you are better prepared against threats online and in the physical world. Full text available as a
Roppers Practical Networking A hands-on, wildly practical introduction to networking and making packets dance. No wasted time, no memorizing, just learning the fundamentals
Rawsec's CyberSecurity Inventory An open-source inventory of tools, resources, CTF platforms and Operating Systems about CyberSecurity. ( )
The Cyberclopaedia The open-source encyclopedia of cybersecurity

Backlinks from these awesome lists: