Top 50 Awesome List

carpedm20/awesome-hacking

Security  1 month ago  7.6k
A curated list of awesome Hacking tutorials, tools and resources
View byDAY/WEEK/README
View on Github

Sep 15th

Tutorials

  • Roppers Computing Fundamentals
    • Free, self-paced curriculum that builds a base of knowledge in computers and networking. Intended to build up a student with no prior technical knowledge to be confident in their ability to learn anything and continue their security education. Full text available as a gitbook.
  • General

  • Roppers CTF Fundamentals Course - Free course designed to get a student crushing CTFs as quickly as possible. Teaches the mentality and skills required for crypto, forensics, and more. Full text available as a gitbook.
  • ETC

  • Roppers Security Fundamentals - Free course that teaches a beginner how security works in the real world. Learn security theory and execute defensive measures so that you are better prepared against threats online and in the physical world. Full text available as a gitbook.
  • May 27th

    Tools

  • Netzstars301 - Discover internet-wide misconfigurations, using zgrab2 and others.
  • Feb 16th

    Tools

  • RustScanstars4.9k - Extremely fast port scanner built with Rust, designed to scan all ports in a couple of seconds and utilizes nmap to perform port enumeration in a fraction of the time.
  • CSP Scanner - Analyze a site's Content-Security-Policy (CSP) to find bypasses and missing directives.
  • Nov 3rd, 2020

    Nov 2nd, 2020

    Tools

    Docker Images for Penetration Testing & Security

  • `docker pull metasploitframework/metasploit-framework
  • Tutorials

  • Exploit Writing Tutorials for Pentesters
  • Oct 23rd, 2020

    Tools

    Disassemblers and debuggers

  • Ghidra - A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission
  • Oct 2nd, 2020

    Tools

  • Git-Scannerstars189 - A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public
  • Sep 30th, 2020

    Competition

  • prompt(1) to win - XSS Challenges
  • Tools

    Other

  • Kaitai Structstars2.7k - a DSL for creating parsers in a variety of programming languages. The Web IDE is particularly useful for reverse-engineering.
  • Aug 26th, 2020

    Tools

  • PhpSploitstars1.5k - Full-featured C2 framework which silently persists on webserver via evil PHP oneliner
  • Aug 4th, 2020

    Cryptography

    Tools

  • Cipheystars8.6k - Automated decryption tool using artificial intelligence & natural language processing.
  • May 23rd, 2020

    Tutorials

  • Shells
  • Missing Semester
  • Tools

  • Hackers tools - Tutorial on tools.
  • Apr 8th, 2020

    Tools

  • Scapystars41 - A Python tool and library for low level packet creation and manipulation
  • Nov 14th, 2019

    Tools

  • Spyse - Data gathering service that collects web info using OSINT. Provided info: IPv4 hosts, domains/whois, ports/banners/protocols, technologies, OS, AS, maintains huge SSL/TLS DB, and more... All the data is stored in its own database allowing get the data without scanning.
  • Findsubdomains - A subdomains discovery tool that collects all possible subdomains from open source internet and validates them through various tools to provide accurate results.
  • Oct 15th, 2019

    Competition

  • HackTheBox
  • tools

  • ebowlastars660 - Framework for Making Environmental Keyed Payloads
  • Oct 11th, 2019

    Tools

  • IPED - Indexador e Processador de Evidências Digitais - Brazilian Federal Police Tool for Forensic Investigation
  • Oct 7th, 2019

    System

  • HackingLab
  • Oct 4th, 2019

    Web

  • fuzzy.land - Website by an Austrian group. Lots of challenges taken from CTFs they participated in.
  • Sep 5th, 2019

    Tools

  • findsubdomains - really fast subdomains scanning service that has much greater opportunities than simple subs finder(works using OSINT).
  • cirt-fuzzer - A simple TCP/UDP protocol fuzzer.
  • ASlookup - a useful tool for exploring autonomous systems and all related info (CIDR, ASN, Org...)
  • Aug 9th, 2019

    tools

  • PowerSploitstars8.8k - A PowerShell post exploitation framework
  • Jun 10th, 2019

    Tools

    Decompilers

  • JD-GUIstars10.5k
  • Python
  • Tools

    Hex editors

  • Synalize It/Hexinator -
  • Competition

  • Pico CTF
  • Mar 8th, 2019

    General

  • Strong node.jsstars441 - An exhaustive checklist to assist in the source code security analysis of a node.js web service.
  • Nov 13th, 2018

    Tools

  • badtouchstars293 - Scriptable network authentication cracker
  • sniffgluestars738 - Secure multithreaded packet sniffer
  • Oct 29th, 2018

    Bug bounty - Earn Some Money

  • Bugcrowd
  • Hackerone
  • Oct 20th, 2018

    Tools

    Disassemblers and debuggers

  • x64dbgstars37.6k - An open-source x64/x32 debugger for Windows
  • Capstonestars5.2k
  • Tools

    Decompilers

  • JVM-based languages
  • Krakataustars1.5k - the best decompiler I have used. Is able to decompile apps written in Scala and Kotlin into Java code. JD-GUI and Luyten have failed to do it fully.
  • procyon
    • Luytenstars4.2k - one of the best, though a bit slow, hangs on some binaries and not very well maintained.
  • JAD - JAD Java Decompiler (closed-source, unmaintained)
  • JADXstars27.5k - a decompiler for Android apps. Not related to JAD.
  • .net-based languages
    • dotPeek - a free-of-charge .NET decompiler from JetBrains
    • ILSpystars13.6k - an open-source .NET assembly browser and decompiler
    • dnSpystars19.3k - .NET assembly editor, decompiler, and debugger
  • native code
  • Tools

    Deobfuscators

  • de4dotstars5.4k - .NET deobfuscator and unpacker.
  • JS Beautifierstars7.4k
  • JS Nice - a web service guessing JS variables names and types based on the model derived from open source.
  • Tools

    Other

  • nudge4jstars146 - Java tool to let the browser talk to the JVM
  • dex2jarstars9k - Tools to work with Android .dex and Java .class files
  • androguard - Reverse engineering, malware and goodware analysis of Android applications
  • antinetstars256 - .NET anti-managed debugger and anti-profiler code
  • UPX - the Ultimate Packer (and unpacker) for eXecutables
  • Tools

    Execution logging and tracing

  • Wireshark - A free and open-source packet analyzer
  • tcpdump - A powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture
  • mitmproxystars25k - An interactive, SSL-capable man-in-the-middle proxy for HTTP with a console interface
  • Charles Proxy - A cross-platform GUI web debugging proxy to view intercepted HTTP and HTTPS/SSL live traffic
  • usbmon - USB capture for Linux.
  • USBPcapstars591 - USB capture for Windows.
  • dynStructstars284 - structures recovery via dynamic instrumentation.
  • drltracestars309 - shared library calls tracing.
  • Tools

    Hex editors

  • HxD - A hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size
  • WinHex - A hexadecimal editor, helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security
  • wxHexEditorstars402
  • Tools

    Other

  • Binwalkstars7.8k - Detects signatures, unpacks archives, visualizes entropy.
  • Velesstars805 - a visualizer for statistical properties of blobs.
  • Protobuf inspectorstars598
  • DarunGrimstars354 - executable differ.
  • DBeaverstars22.8k - a DB editor.
  • Dependenciesstars4.2k - a FOSS replacement to Dependency Walker.
  • PEview - A quick and easy way to view the structure and content of 32-bit Portable Executable (PE) and Component Object File Format (COFF) files
  • BinText - A small, very fast and powerful text extractor that will be of particular interest to programmers.
  • Oct 9th, 2018

    tools

  • empirestars6.2k - A post exploitation framework for powershell and python.
  • silenttrinitystars1.7k - A post exploitation tool that uses iron python to get past powershell restrictions.
  • Aug 30th, 2018

    Tools

  • Nipestars1.2k - A script to make Tor Network your default gateway.
  • Jul 26th, 2018

    Tools

  • Amassstars6k - In-depth subdomain enumeration tool that performs scraping, recursive brute forcing, crawling of web archives, name altering and reverse DNS sweeping
  • Jun 25th, 2018

    Tools

  • NoSQLMapstars1.9k - Automated NoSQL database enumeration and web application exploitation tool.
  • VHostScanstars865 - A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
  • SubFinderstars4.3k - SubFinder is a subdomain discovery tool that discovers valid subdomains for any target using passive online sources.
  • Jun 23rd, 2018

    Jun 15th, 2018

    Tools

  • ssh-mitmstars1.4k - An SSH/SFTP man-in-the-middle tool that logs interactive sessions and passwords.
  • May 30th, 2018

    May 11th, 2018

    Tools

  • Autopsy - A digital forensics platform and graphical interface to The Sleuth Kit and other digital forensics tools
  • Bug bounty

  • Awesome bug bounty resources by EdOverflowstars3.6k
  • General

  • Movies For Hackersstars8.9k - A curated list of movies every hacker & cyberpunk must watch.
  • Mar 30th, 2018

    Web

  • Hack The Box - a free site to perform pentesting in a variety of different systems.
  • Oct 22nd, 2017

    Tools

  • Wifi Jammer - Free program to jam all wifi clients in range
  • Firesheep - Free program for HTTP session hijacking attacks.
  • Sep 16th, 2017

    Tools

  • Habustars710 - Python Network Hacking Toolkit
  • May 23rd, 2017

    General

  • Hack+ - An Intelligent network of bots that fetch the latest InfoSec content.
  • Mar 27th, 2017

    Tools

  • Paros - A Java-based HTTP/HTTPS proxy for assessing web application vulnerability
  • mitmsocks4jstars27 - Man-in-the-middle SOCKS Proxy for Java
  • sleuthkitstars1.9k - A library and collection of command-line digital forensics tools
  • EnCase - The shared technology within a suite of digital investigations products by Guidance Software
  • Cryptography

    Tools

  • xortoolstars1.1k - A tool to analyze multi-byte XOR cipher
  • Mar 5th, 2017

    General

  • Pentest Cheat Sheetsstars2.5k - Collection of cheat sheets useful for pentesting
  • Feb 15th, 2017

    Online resources

  • Security @ Distrowatch - Website dedicated to talking about, reviewing and keeping up to date with open source operating systems
  • Security related Operating Systems @ Rawsec - Complete list of security related operating systems
  • Best Linux Penetration Testing Distributions @ CyberPunk - Description of main penetration testing distributions
  • Feb 4th, 2017

    Tools

    Disassemblers and debuggers

  • ScratchABitstars374 - Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API
  • Jan 2nd, 2017

    Tools

    Docker Images for Penetration Testing & Security

  • docker pull kalilinux/kali-linux-docker official Kali Linux
  • docker pull owasp/zap2docker-stable - official OWASP ZAPstars8.9k
  • docker pull wpscanteam/wpscan - official WPScan
  • Nov 1st, 2016

    General

  • Rookit Arsenal - OS RE and rootkit development
  • Jul 3rd, 2016

    Tools

    Disassemblers and debuggers

  • plasmastars3k - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
  • May 14th, 2016

    Reverse Engineering

  • Crackmes.de - The world first and largest community website for crackmes and reversemes.
  • Mar 13th, 2016

    Tools

  • pigstars405 - A Linux packet crafting tool
  • Nov 14th, 2015

    General

  • Exploit database - An ultimate archive of exploits and vulnerable software
  • CTF archives (shell-storm)
  • Tools

  • nmap - Nmap (Network Mapper) is a security scanner
  • Web

  • 0xf.at - a website without logins or ads where you can solve password-riddles (so called hackits).
  • Competition

  • PHD CTF
  • Oct 11th, 2015

    Tools

    Disassemblers and debuggers

  • radare2stars15.1k - A portable reversing framework
  • Dec 17th, 2014

    Cryptography

    Tools

  • Aircrack - Aircrack is 802.11 WEP and WPA-PSK keys cracking program.
  • John the Ripper - A fast password cracker
  • Tools

  • sqlmapstars21.4k - Automatic SQL injection and database takeover tool
  • Aircrack-ng - An 802.11 WEP and WPA-PSK keys cracking program
  • Metasploitstars25.4k A computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.
  • mimikatzstars14.3k - A little tool to play with Windows security
  • malzilla - Malware hunting tool
  • ETC

  • SecTools - Top 125 Network Security Tools
  • General

  • Open Malware
  • CTFtime.org - All about CTF (Capture The Flag)
  • WeChall
  • Competition

  • RuCTFe
  • Ghost in the Shellcode
  • SECUINSIDE CTF
  • Codegate CTF
  • Boston Key Party CTF
  • hack.lu CTF
  • Pliad CTF
  • Tutorials

  • Corelan Team's Exploit writing tutorial
  • Malware Analysis Tutorials: a Reverse Engineering Approach
  • Tools

    Disassemblers and debuggers

  • IDA - IDA is a Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger
  • OllyDbg - A 32-bit assembler level analysing debugger for Windows
  • System

  • Exploit Exercises - Nebula
  • Reverse Engineering

  • simples.kr - (Korean)
  • Dec 16th, 2014

    Tools

  • tools.web-max.ca - base64 base85 md4,5 hash, sha1 hash encoding/decoding
  • NetworkMiner - A Network Forensic Analysis Tool (NFAT)
  • ZAP - The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications
  • System

  • OverTheWire - Semtex
  • OverTheWire - Vortex
  • OverTheWire - Drifter
  • pwnable.kr - Provide various pwn challenges regarding system security
  • SmashTheStack
  • Reverse Engineering

  • Reversing.kr - This site tests your ability to Cracking & Reverse Code Engineering
  • CodeEngn - (Korean)
  • Cryptography

  • OverTheWire - Krypton
  • Web

  • Hack This Site! - a free, safe and legal training ground for hackers to test and expand their hacking skills
  • Webhacking.kr
  • Competition

  • DEF CON
  • CSAW CTF
  • Last Checked At: 2021-10-25T04:25:41.035Z
    Previous
    ashishb/android-security-awesome
    Next
    paralax/awesome-honeypots

    About

    Track your favorite github awesome repo, not just star it. trackawesomelist.com provides website, newsletter, RSS for tracking the popular awesome list by daily and weekly.
    Contact us: [email protected]
    Track Awesome List - Track your favorite Github awesome repos, not just star them | Product Hunt

    Subscribe

    Subscribe to our weekly newsletter to receive the awesome updates! We never send spam and you can unsubscribe instantly with one click. Here's past issues.

    Links

    Follow us on TwitterSubscribe us on TelegramSubmit awesome list repoNewsletterDonateSitemap