carpedm20/awesome-hacking

Security 4 months ago 8.4k

A curated list of awesome Hacking tutorials, tools and resources

Feb 28th

Online resources

Security related Operating Systems @ Rawsec - Complete list of security related operating systems

ETC

Rawsec's CyberSecurity Inventory - An open-source inventory of tools, resources, CTF platforms and Operating Systems about CyberSecurity. (Source)

Oct 20th, 2021

Tools

Decompiler.com - Java, Android, Python, C# online decompiler.

Oct 9th, 2021

Web

TryHackMe - Hands-on cyber security training through real-world scenarios.

Sep 15th, 2021

Tutorials

Roppers Computing Fundamentals

Free, self-paced curriculum that builds a base of knowledge in computers and networking. Intended to build up a student with no prior technical knowledge to be confident in their ability to learn anything and continue their security education. Full text available as a gitbook.

General

Roppers CTF Fundamentals Course - Free course designed to get a student crushing CTFs as quickly as possible. Teaches the mentality and skills required for crypto, forensics, and more. Full text available as a gitbook.

ETC

Roppers Security Fundamentals - Free course that teaches a beginner how security works in the real world. Learn security theory and execute defensive measures so that you are better prepared against threats online and in the physical world. Full text available as a gitbook.

May 27th, 2021

Tools

Netz stars330 - Discover internet-wide misconfigurations, using zgrab2 and others.

Feb 16th, 2021

Tools

RustScan stars6.5k - Extremely fast port scanner built with Rust, designed to scan all ports in a couple of seconds and utilizes nmap to perform port enumeration in a fraction of the time.

CSP Scanner - Analyze a site's Content-Security-Policy (CSP) to find bypasses and missing directives.

Nov 3rd, 2020

Tutorials

Lena151: Reversing With Lena

Nov 2nd, 2020

Tools

Docker Images for Penetration Testing & Security

`docker pull metasploitframework/metasploit-framework

Tutorials

Exploit Writing Tutorials for Pentesters

Oct 23rd, 2020

Tools

Disassemblers and debuggers

Ghidra - A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission

Oct 2nd, 2020

Tools

Git-Scanner stars265 - A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public

Sep 30th, 2020

Competition

prompt(1) to win - XSS Challenges

Tools

Other

Kaitai Struct stars3k - a DSL for creating parsers in a variety of programming languages. The Web IDE is particularly useful for reverse-engineering.

Aug 26th, 2020

Tools

PhpSploit stars1.7k - Full-featured C2 framework which silently persists on webserver via evil PHP oneliner

Aug 4th, 2020

Cryptography

Tools

Ciphey stars10.1k - Automated decryption tool using artificial intelligence & natural language processing.

Jun 20th, 2020

Tutorials

Begin RE: A Reverse Engineering Tutorial Workshop

Malware Unicorn Reverse Engineering Tutorial

May 23rd, 2020

Tutorials

Shells

Missing Semester

Tools

Hackers tools - Tutorial on tools.

Apr 8th, 2020

Tools

Scapy stars72 - A Python tool and library for low level packet creation and manipulation

Nov 14th, 2019

Tools

Spyse - Data gathering service that collects web info using OSINT. Provided info: IPv4 hosts, domains/whois, ports/banners/protocols, technologies, OS, AS, maintains huge SSL/TLS DB, and more... All the data is stored in its own database allowing get the data without scanning.

Findsubdomains - A subdomains discovery tool that collects all possible subdomains from open source internet and validates them through various tools to provide accurate results.

Oct 15th, 2019

Competition

HackTheBox

tools

ebowla stars682 - Framework for Making Environmental Keyed Payloads

Oct 11th, 2019

Tools

IPED - Indexador e Processador de Evidências Digitais - Brazilian Federal Police Tool for Forensic Investigation

Oct 7th, 2019

System

HackingLab

Oct 4th, 2019

Web

fuzzy.land - Website by an Austrian group. Lots of challenges taken from CTFs they participated in.

Sep 5th, 2019

Tools

findsubdomains - really fast subdomains scanning service that has much greater opportunities than simple subs finder(works using OSINT).

cirt-fuzzer - A simple TCP/UDP protocol fuzzer.

ASlookup - a useful tool for exploring autonomous systems and all related info (CIDR, ASN, Org...)

Aug 9th, 2019

tools

PowerSploit stars9.6k - A PowerShell post exploitation framework

Jun 10th, 2019

Tools

Decompilers

JD-GUI stars11.3k

Python

uncompyle6 stars2.7k - decompiler for the over 20 releases and 20 years of CPython.

Tools

Hex editors

Synalize It/Hexinator -

Competition

Pico CTF

Mar 8th, 2019

General

Strong node.js stars463 - An exhaustive checklist to assist in the source code security analysis of a node.js web service.

Nov 13th, 2018

Tools

badtouch stars324 - Scriptable network authentication cracker

sniffglue stars849 - Secure multithreaded packet sniffer

Oct 29th, 2018

Bug bounty - Earn Some Money

Bugcrowd

Hackerone

Oct 20th, 2018

Tools

Disassemblers and debuggers

x64dbg stars38.7k - An open-source x64/x32 debugger for Windows

Capstone stars5.7k

Tools

Decompilers

JVM-based languages

Krakatau stars1.6k - the best decompiler I have used. Is able to decompile apps written in Scala and Kotlin into Java code. JD-GUI and Luyten have failed to do it fully.

procyon

Luyten stars4.4k - one of the best, though a bit slow, hangs on some binaries and not very well maintained.

JAD - JAD Java Decompiler (closed-source, unmaintained)

JADX stars30.6k - a decompiler for Android apps. Not related to JAD.

.net-based languages

dotPeek - a free-of-charge .NET decompiler from JetBrains
ILSpy stars15.3k - an open-source .NET assembly browser and decompiler
dnSpy stars21k - .NET assembly editor, decompiler, and debugger

native code

Hopper - A OS X and Linux Disassembler/Decompiler for 32/64-bit Windows/Mac/Linux/iOS executables.
cutter stars11.5k - a decompiler based on radare2.
retdec stars6.6k
snowman stars2.2k
Hex-Rays

Tools

Deobfuscators

de4dot stars5.8k - .NET deobfuscator and unpacker.

JS Beautifier stars7.8k

JS Nice - a web service guessing JS variables names and types based on the model derived from open source.

Tools

Other

nudge4j stars149 - Java tool to let the browser talk to the JVM

dex2jar stars9.9k - Tools to work with Android .dex and Java .class files

androguard - Reverse engineering, malware and goodware analysis of Android applications

antinet stars265 - .NET anti-managed debugger and anti-profiler code

UPX - the Ultimate Packer (and unpacker) for eXecutables

Tools

Execution logging and tracing

Wireshark - A free and open-source packet analyzer

tcpdump - A powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture

mitmproxy stars28k - An interactive, SSL-capable man-in-the-middle proxy for HTTP with a console interface

Charles Proxy - A cross-platform GUI web debugging proxy to view intercepted HTTP and HTTPS/SSL live traffic

usbmon - USB capture for Linux.

USBPcap stars668 - USB capture for Windows.

dynStruct stars289 - structures recovery via dynamic instrumentation.

drltrace stars328 - shared library calls tracing.

Tools

Hex editors

HxD - A hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size

WinHex - A hexadecimal editor, helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security

wxHexEditor stars437

Tools

Other

Binwalk stars8.3k - Detects signatures, unpacks archives, visualizes entropy.

Veles stars846 - a visualizer for statistical properties of blobs.

Protobuf inspector stars700

DarunGrim stars353 - executable differ.

DBeaver stars27k - a DB editor.

Dependencies stars5k - a FOSS replacement to Dependency Walker.

PEview - A quick and easy way to view the structure and content of 32-bit Portable Executable (PE) and Component Object File Format (COFF) files

BinText - A small, very fast and powerful text extractor that will be of particular interest to programmers.

Oct 9th, 2018

tools

empire stars6.5k - A post exploitation framework for powershell and python.

silenttrinity stars1.9k - A post exploitation tool that uses iron python to get past powershell restrictions.

Aug 30th, 2018

Tools

Nipe stars1.4k - A script to make Tor Network your default gateway.

Jul 26th, 2018

Tools

Amass stars7.3k - In-depth subdomain enumeration tool that performs scraping, recursive brute forcing, crawling of web archives, name altering and reverse DNS sweeping

Jun 25th, 2018

Tools

NoSQLMap stars2.1k - Automated NoSQL database enumeration and web application exploitation tool.

VHostScan stars944 - A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.

SubFinder stars5.7k - SubFinder is a subdomain discovery tool that discovers valid subdomains for any target using passive online sources.

Jun 23rd, 2018

Competition

ZeroDays CTF

Insomni’hack

Jun 15th, 2018

Tools

ssh-mitm stars1.4k - An SSH/SFTP man-in-the-middle tool that logs interactive sessions and passwords.

May 30th, 2018

Web

Gruyere

Others

May 11th, 2018

Tools

Autopsy - A digital forensics platform and graphical interface to The Sleuth Kit and other digital forensics tools

Bug bounty

Awesome bug bounty resources by EdOverflow stars4.2k

General

Movies For Hackers stars9.1k - A curated list of movies every hacker & cyberpunk must watch.

May 1st, 2018

Tutorials

Understanding the basics of Linux Binary Exploitation stars1.1k

Mar 30th, 2018

Web

Hack The Box - a free site to perform pentesting in a variety of different systems.

Oct 22nd, 2017

Tools

Wifi Jammer - Free program to jam all wifi clients in range

Firesheep - Free program for HTTP session hijacking attacks.

Sep 16th, 2017

Tools

Habu stars753 - Python Network Hacking Toolkit

May 23rd, 2017

General

Hack+ - An Intelligent network of bots that fetch the latest InfoSec content.

Mar 27th, 2017

Tools

Paros - A Java-based HTTP/HTTPS proxy for assessing web application vulnerability

mitmsocks4j stars28 - Man-in-the-middle SOCKS Proxy for Java

sleuthkit stars2.1k - A library and collection of command-line digital forensics tools

EnCase - The shared technology within a suite of digital investigations products by Guidance Software

Cryptography

Tools

xortool stars1.1k - A tool to analyze multi-byte XOR cipher

Mar 5th, 2017

General

Pentest Cheat Sheets stars2.8k - Collection of cheat sheets useful for pentesting

Feb 15th, 2017

Online resources

Security @ Distrowatch - Website dedicated to talking about, reviewing and keeping up to date with open source operating systems

Best Linux Penetration Testing Distributions @ CyberPunk - Description of main penetration testing distributions

Feb 4th, 2017

Tools

Disassemblers and debuggers

ScratchABit stars377 - Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API

Jan 2nd, 2017

Tools

Docker Images for Penetration Testing & Security

docker pull kalilinux/kali-linux-docker official Kali Linux

docker pull owasp/zap2docker-stable - official OWASP ZAP stars9.6k

docker pull wpscanteam/wpscan - official WPScan

Nov 1st, 2016

General

Rookit Arsenal - OS RE and rootkit development

Jul 3rd, 2016

Tools

Disassemblers and debuggers

plasma stars3k - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.

May 14th, 2016

Reverse Engineering

Crackmes.de - The world first and largest community website for crackmes and reversemes.

Mar 13th, 2016

Tools

pig stars423 - A Linux packet crafting tool

Nov 14th, 2015

General

Exploit database - An ultimate archive of exploits and vulnerable software

CTF archives (shell-storm)

Tools

nmap - Nmap (Network Mapper) is a security scanner

Web

0xf.at - a website without logins or ads where you can solve password-riddles (so called hackits).

Competition

PHD CTF

Oct 11th, 2015

Tools

Disassemblers and debuggers

radare2 stars16.4k - A portable reversing framework

Dec 17th, 2014

Cryptography

Tools

Aircrack - Aircrack is 802.11 WEP and WPA-PSK keys cracking program.

John the Ripper - A fast password cracker

Tools

sqlmap stars23.8k - Automatic SQL injection and database takeover tool

Aircrack-ng - An 802.11 WEP and WPA-PSK keys cracking program

Metasploit stars27.6k A computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.

mimikatz stars15.5k - A little tool to play with Windows security

malzilla - Malware hunting tool