awesome-hacking
Hacking resource catalog
A curated list of resources for learning hacking and penetration testing
A curated list of awesome Hacking tutorials, tools and resources
13k stars
611 watching
2k forks
last commit: 6 months ago
Linked from 17 awesome lists
awesomehacking
System / Tutorials | |||
| Roppers Computing Fundamentals | |||
System / Tutorials / Roppers Computing Fundamentals | |||
| gitbook | Free, self-paced curriculum that builds a base of knowledge in computers and networking. Intended to build up a student with no prior technical knowledge to be confident in their ability to learn anything and continue their security education. Full text available as a | ||
System / Tutorials | |||
| Corelan Team's Exploit writing tutorial | |||
| Exploit Writing Tutorials for Pentesters | |||
| Understanding the basics of Linux Binary Exploitation | 1,303 | over 3 years ago | |
| Shells | |||
| Missing Semester | |||
System / Tools | |||
| Metasploit | 34,181 | 6 days ago | A computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development |
| mimikatz | 19,466 | 5 months ago | A little tool to play with Windows security |
| Hackers tools | Tutorial on tools | ||
System / Tools / Docker Images for Penetration Testing & Security | |||
| official Kali Linux | |||
| official OWASP ZAP | 12,743 | 6 days ago | - |
| official WPScan | - | ||
| Official Metasploit | - | ||
| Damn Vulnerable Web Application (DVWA) | - | ||
| Vulnerable WordPress Installation | - | ||
| Vulnerability as a service: Shellshock | - | ||
| Vulnerability as a service: Heartbleed | - | ||
| Security Ninjas | - | ||
| Arch Linux Penetration Tester | - | ||
| Docker Bench for Security | - | ||
| OWASP Security Shepherd | - | ||
| OWASP WebGoat Project docker image | - | ||
| OWASP NodeGoat | 1,885 | 5 months ago | - |
| OWASP Mutillidae II Web Pen-Test Practice Application | - | ||
| OWASP Juice Shop | 10,466 | 10 days ago | - |
| Docker Metasploit | - | ||
System / General | |||
| Exploit database | An ultimate archive of exploits and vulnerable software | ||
Reverse Engineering / Tutorials | |||
| Begin RE: A Reverse Engineering Tutorial Workshop | |||
| Malware Analysis Tutorials: a Reverse Engineering Approach | |||
| Malware Unicorn Reverse Engineering Tutorial | |||
| Lena151: Reversing With Lena | |||
Reverse Engineering / Tools / Disassemblers and debuggers | |||
| IDA | IDA is a Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger | ||
| OllyDbg | A 32-bit assembler level analysing debugger for Windows | ||
| x64dbg | 44,804 | about 1 month ago | An open-source x64/x32 debugger for Windows |
| radare2 | 20,705 | 6 days ago | A portable reversing framework |
| plasma | 3,047 | about 3 years ago | Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code |
| ScratchABit | 396 | almost 4 years ago | Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API |
| Capstone | 7,605 | 8 days ago | |
| Ghidra | A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission | ||
Reverse Engineering / Tools / Decompilers | |||
| Luyten | 5,008 | 4 months ago | one of the best, though a bit slow, hangs on some binaries and not very well maintained |
| dotPeek | a free-of-charge .NET decompiler from JetBrains | ||
| ILSpy | 21,639 | 6 days ago | an open-source .NET assembly browser and decompiler |
| dnSpy | 26,644 | almost 4 years ago | .NET assembly editor, decompiler, and debugger |
| Hopper | A OS X and Linux Disassembler/Decompiler for 32/64-bit Windows/Mac/Linux/iOS executables | ||
| cutter | a decompiler based on radare2 | ||
| retdec | 8,025 | about 2 months ago | |
| snowman | 2,262 | over 1 year ago | |
| Hex-Rays | |||
| uncompyle6 | 3,796 | 5 days ago | decompiler for the over 20 releases and 20 years of CPython |
Reverse Engineering / Tools / Deobfuscators | |||
| de4dot | 6,972 | about 4 years ago | .NET deobfuscator and unpacker |
| JS Beautifier | 8,633 | 16 days ago | |
| JS Nice | a web service guessing JS variables names and types based on the model derived from open source | ||
Reverse Engineering / Tools / Other | |||
| nudge4j | 161 | over 4 years ago | Java tool to let the browser talk to the JVM |
| dex2jar | 12,351 | 4 months ago | Tools to work with Android .dex and Java .class files |
| androguard | Reverse engineering, malware and goodware analysis of Android applications | ||
| antinet | 298 | over 10 years ago | .NET anti-managed debugger and anti-profiler code |
| UPX | the Ultimate Packer (and unpacker) for eXecutables | ||
Reverse Engineering / Tools / Execution logging and tracing | |||
| Wireshark | A free and open-source packet analyzer | ||
| tcpdump | A powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture | ||
| mitmproxy | 36,838 | 7 days ago | An interactive, SSL-capable man-in-the-middle proxy for HTTP with a console interface |
| Charles Proxy | A cross-platform GUI web debugging proxy to view intercepted HTTP and HTTPS/SSL live traffic | ||
| usbmon | USB capture for Linux | ||
| USBPcap | 926 | about 1 year ago | USB capture for Windows |
| dynStruct | 316 | over 5 years ago | structures recovery via dynamic instrumentation |
| drltrace | 389 | over 4 years ago | shared library calls tracing |
Reverse Engineering / Tools / Binary files examination and editing | |||
| HxD | A hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size | ||
| WinHex | A hexadecimal editor, helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security | ||
| wxHexEditor | 563 | 5 months ago | |
| Synalize It | / - | ||
| Binwalk | 11,276 | 7 days ago | Detects signatures, unpacks archives, visualizes entropy |
| Veles | 1,154 | over 5 years ago | a visualizer for statistical properties of blobs |
| Kaitai Struct | 4,027 | about 2 months ago | a DSL for creating parsers in a variety of programming languages. The Web IDE is particularly useful for reverse-engineering |
| Protobuf inspector | 966 | almost 4 years ago | |
| DarunGrim | 359 | about 4 years ago | executable differ |
| DBeaver | 40,507 | 3 days ago | a DB editor |
| Dependencies | 9,136 | 6 months ago | a FOSS replacement to Dependency Walker |
| PEview | A quick and easy way to view the structure and content of 32-bit Portable Executable (PE) and Component Object File Format (COFF) files | ||
| BinText | A small, very fast and powerful text extractor that will be of particular interest to programmers | ||
Reverse Engineering / General | |||
| Open Malware | |||
Web / Tools | |||
| Spyse | Data gathering service that collects web info using OSINT. Provided info: IPv4 hosts, domains/whois, ports/banners/protocols, technologies, OS, AS, maintains huge SSL/TLS DB, and more... All the data is stored in its own database allowing get the data without scanning | ||
| sqlmap | 32,576 | 6 days ago | Automatic SQL injection and database takeover tool |
| NoSQLMap | 2,921 | 4 months ago | Automated NoSQL database enumeration and web application exploitation tool |
| tools.web-max.ca | base64 base85 md4,5 hash, sha1 hash encoding/decoding | ||
| VHostScan | 1,200 | 12 months ago | A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages |
| SubFinder | 10,277 | 10 days ago | SubFinder is a subdomain discovery tool that discovers valid subdomains for any target using passive online sources |
| Findsubdomains | A subdomains discovery tool that collects all possible subdomains from open source internet and validates them through various tools to provide accurate results | ||
| badtouch | 400 | 11 months ago | Scriptable network authentication cracker |
| PhpSploit | 2,221 | 7 months ago | Full-featured C2 framework which silently persists on webserver via evil PHP oneliner |
| Git-Scanner | 339 | over 4 years ago | A tool for bug hunting or pentesting for targeting websites that have open repositories available in public |
| CSP Scanner | Analyze a site's Content-Security-Policy (CSP) to find bypasses and missing directives | ||
| Shodan | A web-crawling search engine that lets users search for various types of servers connected to the internet | ||
| masscan | 23,687 | 3 months ago | Internet scale portscanner |
| Keyscope | 387 | 6 months ago | an extensible key and secret validation tool for auditing active secrets against multiple SaaS vendors |
| Decompiler.com | Java, Android, Python, C# online decompiler | ||
Web / General | |||
| Strong node.js | 501 | 7 months ago | An exhaustive checklist to assist in the source code security analysis of a node.js web service |
Network / Tools | |||
| NetworkMiner | A Network Forensic Analysis Tool (NFAT) | ||
| Paros | A Java-based HTTP/HTTPS proxy for assessing web application vulnerability | ||
| pig | 463 | about 4 years ago | A Linux packet crafting tool |
| findsubdomains | really fast subdomains scanning service that has much greater opportunities than simple subs finder(works using OSINT) | ||
| cirt-fuzzer | A simple TCP/UDP protocol fuzzer | ||
| ASlookup | a useful tool for exploring autonomous systems and all related info (CIDR, ASN, Org...) | ||
| ZAP | The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications | ||
| mitmsocks4j | 35 | almost 12 years ago | Man-in-the-middle SOCKS Proxy for Java |
| ssh-mitm | 1,625 | over 3 years ago | An SSH/SFTP man-in-the-middle tool that logs interactive sessions and passwords |
| nmap | Nmap (Network Mapper) is a security scanner | ||
| Aircrack-ng | An 802.11 WEP and WPA-PSK keys cracking program | ||
| Nipe | 1,954 | 3 months ago | A script to make Tor Network your default gateway |
| Habu | 886 | 12 months ago | Python Network Hacking Toolkit |
| Wifi Jammer | Free program to jam all wifi clients in range | ||
| Firesheep | Free program for HTTP session hijacking attacks | ||
| Scapy | 246 | 3 months ago | A Python tool and library for low level packet creation and manipulation |
| Amass | 12,067 | 5 days ago | In-depth subdomain enumeration tool that performs scraping, recursive brute forcing, crawling of web archives, name altering and reverse DNS sweeping |
| sniffglue | 1,129 | 2 months ago | Secure multithreaded packet sniffer |
| Netz | 388 | over 3 years ago | Discover internet-wide misconfigurations, using zgrab2 and others |
| RustScan | 14,669 | 9 days ago | Extremely fast port scanner built with Rust, designed to scan all ports in a couple of seconds and utilizes nmap to perform port enumeration in a fraction of the time |
| PETEP | 184 | 12 months ago | Extensible TCP/UDP proxy with GUI for traffic analysis & modification with SSL/TLS support |
Forensic / Tools | |||
| Autopsy | A digital forensics platform and graphical interface to and other digital forensics tools | ||
| sleuthkit | 2,630 | 6 days ago | A library and collection of command-line digital forensics tools |
| EnCase | The shared technology within a suite of digital investigations products by Guidance Software | ||
| malzilla | Malware hunting tool | ||
| IPED - Indexador e Processador de Evidências Digitais | Brazilian Federal Police Tool for Forensic Investigation | ||
| CyLR | 645 | over 2 years ago | NTFS forensic image collector |
| CAINE | CAINE is a Ubuntu-based app that offers a complete forensic environment that provides a graphical interface. This tool can be integrated into existing software tools as a module. It automatically extracts a timeline from RAM | ||
Cryptography / Tools | |||
| xortool | 1,396 | over 1 year ago | A tool to analyze multi-byte XOR cipher |
| John the Ripper | A fast password cracker | ||
| Aircrack | Aircrack is 802.11 WEP and WPA-PSK keys cracking program | ||
| Ciphey | 18,214 | 8 months ago | Automated decryption tool using artificial intelligence & natural language processing |
Wargame / System | |||
| OverTheWire - Semtex | |||
| OverTheWire - Vortex | |||
| OverTheWire - Drifter | |||
| pwnable.kr | Provide various pwn challenges regarding system security | ||
| Exploit Exercises - Nebula | |||
| SmashTheStack | |||
| HackingLab | |||
Wargame / Reverse Engineering | |||
| Reversing.kr | This site tests your ability to Cracking & Reverse Code Engineering | ||
| CodeEngn | (Korean) | ||
| simples.kr | (Korean) | ||
| Crackmes.de | The world first and largest community website for crackmes and reversemes | ||
Wargame / Web | |||
| Hack This Site! | a free, safe and legal training ground for hackers to test and expand their hacking skills | ||
| Hack The Box | a free site to perform pentesting in a variety of different systems | ||
| Webhacking.kr | |||
| 0xf.at | a website without logins or ads where you can solve password-riddles (so called hackits) | ||
| fuzzy.land | Website by an Austrian group. Lots of challenges taken from CTFs they participated in | ||
| Gruyere | |||
| Others | |||
| TryHackMe | Hands-on cyber security training through real-world scenarios | ||
Wargame / Cryptography | |||
| OverTheWire - Krypton | |||
Wargame / Bug bounty | |||
| Awesome bug bounty resources by EdOverflow | 5,938 | about 1 year ago | |
Wargame / Bug bounty - Earn Some Money | |||
| Bugcrowd | |||
| Hackerone | |||
| Intigriti | Europe's #1 ethical hacking and bug bounty program | ||
CTF / Competition | |||
| DEF CON | |||
| CSAW CTF | |||
| hack.lu CTF | |||
| Pliad CTF | |||
| RuCTFe | |||
| Ghost in the Shellcode | |||
| PHD CTF | |||
| SECUINSIDE CTF | |||
| Codegate CTF | |||
| Boston Key Party CTF | |||
| ZeroDays CTF | |||
| Insomni’hack | |||
| Pico CTF | |||
| prompt(1) to win | XSS Challenges | ||
| HackTheBox | |||
CTF / General | |||
| Hack+ | An Intelligent network of bots that fetch the latest InfoSec content | ||
| CTFtime.org | All about CTF (Capture The Flag) | ||
| WeChall | |||
| CTF archives (shell-storm) | |||
| Rookit Arsenal | OS RE and rootkit development | ||
| Pentest Cheat Sheets | 3,889 | 9 months ago | Collection of cheat sheets useful for pentesting |
| Movies For Hackers | 10,622 | 4 months ago | A curated list of movies every hacker & cyberpunk must watch |
| Roppers CTF Fundamentals Course | Free course designed to get a student crushing CTFs as quickly as possible. Teaches the mentality and skills required for crypto, forensics, and more. Full text available as a | ||
OS / Online resources | |||
| Security related Operating Systems @ Rawsec | Complete list of security related operating systems | ||
| Best Linux Penetration Testing Distributions @ CyberPunk | Description of main penetration testing distributions | ||
| Security @ Distrowatch | Website dedicated to talking about, reviewing and keeping up to date with open source operating systems | ||
Post exploitation / tools | |||
| empire | 7,461 | almost 5 years ago | A post exploitation framework for powershell and python |
| silenttrinity | 2,196 | 12 months ago | A post exploitation tool that uses iron python to get past powershell restrictions |
| PowerSploit | 11,918 | over 4 years ago | A PowerShell post exploitation framework |
| ebowla | 737 | almost 6 years ago | Framework for Making Environmental Keyed Payloads |
ETC | |||
| SecTools | Top 125 Network Security Tools | ||
| Roppers Security Fundamentals | Free course that teaches a beginner how security works in the real world. Learn security theory and execute defensive measures so that you are better prepared against threats online and in the physical world. Full text available as a | ||
| Roppers Practical Networking | A hands-on, wildly practical introduction to networking and making packets dance. No wasted time, no memorizing, just learning the fundamentals | ||
| Rawsec's CyberSecurity Inventory | An open-source inventory of tools, resources, CTF platforms and Operating Systems about CyberSecurity. ( ) | ||
| The Cyberclopaedia | The open-source encyclopedia of cybersecurity | ||
Backlinks from these awesome lists:
-
sindresorhus/awesome
-
hack-with-github/awesome-hacking
-
bayandin/awesome-awesomeness
-
enaqx/awesome-pentest
-
jivoi/awesome-osint
-
sbilly/awesome-security
-
rshipp/awesome-malware-analysis
-
k4m4/movies-for-hackers
-
jnv/lists
-
stanzhai/be-a-professional-programmer
-
decalage2/awesome-security-hardening
-
cugu/awesome-forensics
-
inquest/awesome-yara
-
jaredthecoder/awesome-vehicle-security
-
0ex/more-awesome
-
netanmangal/awesome-hacking
-
hexsecs/awesome-embedded-security
dnspyex/dnspy
nextronsystems/aptsimulator
antoniococo/sharpyshell
hausec/adape-script
as0ler/r2flutch
icsharpcode/avalonedit
realvizu/nsdepcop
aaaguirrep/offensive-docker
emilyanncr/windows-post-exploitation