HomeSecurity & Ops › Awesome Hacking

Awesome Hacking

by carpedm20 · carpedm20/awesome-hacking

A curated list of awesome hacking tutorials, tools and resources.

★ 13k stars191 projects ⑂ 0 forks0 open issues
191 projects
Bugcrowdbugcrowd.com
Hackeronehackerone.com
Intigritiintigriti.com

Europe's #1 ethical hacking and bug bounty program.

Boston Key Party CTFbostonkeyparty.net
Codegate CTFctf.codegate.org
CSAW CTFctf.isis.poly.edu
DEF CONlegitbs.net
Ghost in the Shellcodeghostintheshellcode.com
HackTheBoxhackthebox.eu
Insomni’hackinsomnihack.ch
PHD CTFphdays.com
Pico CTFpicoctf.com
Pliad CTFplaidctf.com

XSS Challenges

RuCTFeructf.org
SECUINSIDE CTFsecuinside.com
ZeroDays CTFzerodays.ie
OverTheWire - Kryptonoverthewire.org
cuttergithub.com

a decompiler based on radare2.

dnSpygithub.com

.NET assembly editor, decompiler, and debugger

dotPeekjetbrains.com

a free-of-charge .NET decompiler from JetBrains

Hex-Rayshex-rays.com
Hopperhopperapp.com

A OS X and Linux Disassembler/Decompiler for 32/64-bit Windows/Mac/Linux/iOS executables.

ILSpygithub.com

an open-source .NET assembly browser and decompiler

JADvaraneckas.com

JAD Java Decompiler (closed-source, unmaintained)

JADXgithub.com

a decompiler for Android apps. Not related to JAD.

JD-GUIgithub.com
Krakataugithub.com

the best decompiler I have used. Is able to decompile apps written in Scala and Kotlin into Java code. JD-GUI and Luyten have failed to do it fully.

Luytengithub.com

one of the best, though a bit slow, hangs on some binaries and not very well maintained.

procyonbitbucket.org
retdecgithub.com
snowmangithub.com
uncompyle6github.com

decompiler for the over 20 releases and 20 years of CPython.

de4dotgithub.com

.NET deobfuscator and unpacker.

JS Beautifiergithub.com
JS Nicejsnice.org

a web service guessing JS variables names and types based on the model derived from open source.

Capstonegithub.com
Ghidraghidra-sre.org

A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission

IDAhex-rays.com

IDA is a Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger

OllyDbgollydbg.de

A 32-bit assembler level analysing debugger for Windows

plasmagithub.com

Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.

radare2github.com

A portable reversing framework

ScratchABitgithub.com

Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API

x64dbggithub.com

An open-source x64/x32 debugger for Windows

Docker Metasploithub.docker.com
official Kali Linuxhub.docker.com
official WPScanhub.docker.com
OWASP NodeGoatgithub.com
Security Ninjashub.docker.com
Charles Proxycharlesproxy.com

A cross-platform GUI web debugging proxy to view intercepted HTTP and HTTPS/SSL live traffic

drltracegithub.com

shared library calls tracing.

dynStructgithub.com

structures recovery via dynamic instrumentation.

mitmproxygithub.com

An interactive, SSL-capable man-in-the-middle proxy for HTTP with a console interface

tcpdumptcpdump.org

A powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture

usbmonkernel.org

USB capture for Linux.

USBPcapgithub.com

USB capture for Windows.

Wiresharkwireshark.org

A free and open-source packet analyzer

CTFtime.orgctftime.org

All about CTF (Capture The Flag)

Exploit databaseexploit-db.com

An ultimate archive of exploits and vulnerable software

Hack+hack.plus

An Intelligent network of bots that fetch the latest InfoSec content.

A curated list of movies every hacker & cyberpunk must watch.

Open Malwareoffensivecomputing.net

Collection of cheat sheets useful for pentesting

OS RE and rootkit development

Free course designed to get a student crushing CTFs as quickly as possible. Teaches the mentality and skills required for crypto, forensics, and more. Full text available as a gitbook.

Strong node.jsgithub.com

An exhaustive checklist to assist in the source code security analysis of a node.js web service.

WeChallwechall.net
HxDmh-nexus.de

A hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size

Synalize Itsynalysis.net

/Hexinator -

WinHexwinhex.com

A hexadecimal editor, helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security

wxHexEditorgithub.com

Description of main penetration testing distributions

Security @ Distrowatchdistrowatch.com

Website dedicated to talking about, reviewing and keeping up to date with open source operating systems

Complete list of security related operating systems

androguardcode.google.com

Reverse engineering, malware and goodware analysis of Android applications

antinetgithub.com

.NET anti-managed debugger and anti-profiler code

BinTextweb.archive.org

A small, very fast and powerful text extractor that will be of particular interest to programmers.

Binwalkgithub.com

Detects signatures, unpacks archives, visualizes entropy.

DarunGrimgithub.com

executable differ.

DBeavergithub.com

a DB editor.

Dependenciesgithub.com

a FOSS replacement to Dependency Walker.

dex2jargithub.com

Tools to work with Android .dex and Java .class files

Kaitai Structgithub.com

a DSL for creating parsers in a variety of programming languages. The Web IDE is particularly useful for reverse-engineering.

nudge4jgithub.com

Java tool to let the browser talk to the JVM

PEviewwjradburn.com

A quick and easy way to view the structure and content of 32-bit Portable Executable (PE) and Component Object File Format (COFF) files

UPXupx.sourceforge.net

the Ultimate Packer (and unpacker) for eXecutables

Velesgithub.com

a visualizer for statistical properties of blobs.

CodeEngncodeengn.com

(Korean)

Crackmes.decrackmes.de

The world first and largest community website for crackmes and reversemes.

Reversing.krreversing.kr

This site tests your ability to Cracking & Reverse Code Engineering

simples.krsimples.kr

(Korean)

Exploit Exercises - Nebulaexploit-exercises.com
HackingLabhacking-lab.com
OverTheWire - Drifteroverthewire.org
OverTheWire - Semtexoverthewire.org
OverTheWire - Vortexoverthewire.org
pwnable.krpwnable.kr

Provide various pwn challenges regarding system security

SmashTheStacksmashthestack.org
Aircrackaircrack-ng.org

Aircrack is 802.11 WEP and WPA-PSK keys cracking program.

Aircrack-ngaircrack-ng.org

An 802.11 WEP and WPA-PSK keys cracking program

Amassgithub.com

In-depth subdomain enumeration tool that performs scraping, recursive brute forcing, crawling of web archives, name altering and reverse DNS sweeping

ASlookupaslookup.com

a useful tool for exploring autonomous systems and all related info (CIDR, ASN, Org...)

Autopsysleuthkit.org

A digital forensics platform and graphical interface to The Sleuth Kit and other digital forensics tools

badtouchgithub.com

Scriptable network authentication cracker

CAINEcaine-live.net

CAINE is a Ubuntu-based app that offers a complete forensic environment that provides a graphical interface. This tool can be integrated into existing software tools as a module. It automatically extracts a timeline from RAM.

Cipheygithub.com

Automated decryption tool using artificial intelligence & natural language processing.

A simple TCP/UDP protocol fuzzer.

CSP Scannercspscanner.com

Analyze a site's Content-Security-Policy (CSP) to find bypasses and missing directives.

CyLRgithub.com

NTFS forensic image collector

Decompiler.comdecompiler.com

Java, Android, Python, C# online decompiler.

EnCaseguidancesoftware.com

The shared technology within a suite of digital investigations products by Guidance Software

findsubdomainsfindsubdomains.com

really fast subdomains scanning service that has much greater opportunities than simple subs finder(works using OSINT).

Findsubdomainsfindsubdomains.com

A subdomains discovery tool that collects all possible subdomains from open source internet and validates them through various tools to provide accurate results.

Firesheepcodebutler.github.io

Free program for HTTP session hijacking attacks.

Git-Scannergithub.com

A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public

Habugithub.com

Python Network Hacking Toolkit

Hackers toolsyoutube.com

Tutorial on tools.

Brazilian Federal Police Tool for Forensic Investigation

John the Ripperopenwall.com

A fast password cracker

Keyscopegithub.com

an extensible key and secret validation tool for auditing active secrets against multiple SaaS vendors

malzillamalzilla.sourceforge.net

Malware hunting tool

masscangithub.com

Internet scale portscanner.

Metasploitgithub.com

A computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.

mimikatzgithub.com

A little tool to play with Windows security

mitmsocks4jgithub.com

Man-in-the-middle SOCKS Proxy for Java

NetworkMinernetresec.com

A Network Forensic Analysis Tool (NFAT)

Netzgithub.com

Discover internet-wide misconfigurations, using zgrab2 and others.

Nipegithub.com

A script to make Tor Network your default gateway.

nmapnmap.org

Nmap (Network Mapper) is a security scanner

NoSQLMapgithub.com

Automated NoSQL database enumeration and web application exploitation tool.

Parossourceforge.net

A Java-based HTTP/HTTPS proxy for assessing web application vulnerability

PETEPgithub.com

Extensible TCP/UDP proxy with GUI for traffic analysis & modification with SSL/TLS support.

PhpSploitgithub.com

Full-featured C2 framework which silently persists on webserver via evil PHP oneliner

piggithub.com

A Linux packet crafting tool

RustScangithub.com

Extremely fast port scanner built with Rust, designed to scan all ports in a couple of seconds and utilizes nmap to perform port enumeration in a fraction of the time.

Scapygithub.com

A Python tool and library for low level packet creation and manipulation

Shodanshodan.io

A web-crawling search engine that lets users search for various types of servers connected to the internet.

sleuthkitgithub.com

A library and collection of command-line digital forensics tools

sniffgluegithub.com

Secure multithreaded packet sniffer

Spysespyse.com

Data gathering service that collects web info using OSINT. Provided info: IPv4 hosts, domains/whois, ports/banners/protocols, technologies, OS, AS, maintains huge SSL/TLS DB, and more... All the data is stored in its own database allowing get the data without scanning.

sqlmapgithub.com

Automatic SQL injection and database takeover tool

ssh-mitmgithub.com

An SSH/SFTP man-in-the-middle tool that logs interactive sessions and passwords.

SubFindergithub.com

SubFinder is a subdomain discovery tool that discovers valid subdomains for any target using passive online sources.

tools.web-max.catools.web-max.ca

base64 base85 md4,5 hash, sha1 hash encoding/decoding

VHostScangithub.com

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.

Wifi Jammern0where.net

Free program to jam all wifi clients in range

xortoolgithub.com

A tool to analyze multi-byte XOR cipher

ZAPowasp.org

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications

gitbookhoppersroppers.org

.

Missing Semestermissing.csail.mit.edu
Shellsyoutube.com
0xf.at0xf.at

a website without logins or ads where you can solve password-riddles (so called hackits).

fuzzy.landfuzzy.land

Website by an Austrian group. Lots of challenges taken from CTFs they participated in.

Gruyeregoogle-gruyere.appspot.com
Hack The Boxhackthebox.eu

a free site to perform pentesting in a variety of different systems.

Hack This Site!hackthissite.org

a free, safe and legal training ground for hackers to test and expand their hacking skills

Othersowasp.org
TryHackMetryhackme.com

Hands-on cyber security training through real-world scenarios.

Webhacking.krwebhacking.kr
ebowlagithub.com

Framework for Making Environmental Keyed Payloads

empiregithub.com

A post exploitation framework for powershell and python.

PowerSploitgithub.com

A PowerShell post exploitation framework

An open-source inventory of tools, resources, CTF platforms and Operating Systems about CyberSecurity. (Source)

A hands-on, wildly practical introduction to networking and making packets dance. No wasted time, no memorizing, just learning the fundamentals.

Free course that teaches a beginner how security works in the real world. Learn security theory and execute defensive measures so that you are better prepared against threats online and in the physical world. Full text available as a gitbook.

SecToolssectools.org

Top 125 Network Security Tools

silenttrinitygithub.com

A post exploitation tool that uses iron python to get past powershell restrictions.

The Cyberclopaediacr0mll.github.io

The open-source encyclopedia of cybersecurity. GitHub Repository

↵ to searchesc to close
awesomelist.dev