Top 50 Awesome List

carpedm20/awesome-hacking

Security  4 months ago  7.9k
A curated list of awesome Hacking tutorials, tools and resources
View byDAY/WEEK/README
View on Github

Awesome Hacking -An Amazing Project Awesome

A curated list of awesome Hacking. Inspired by awesome-machine-learningstars52.7k

If you want to contribute to this list (please do), send me a pull request or contact me @carpedm20

For a list of free hacking books available for download, go herestars3.2k

Table of Contents

System

Tutorials

Tools

  • Metasploitstars26.2k A computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.
  • mimikatzstars14.8k - A little tool to play with Windows security
  • Hackers tools - Tutorial on tools.

Docker Images for Penetration Testing & Security

` - Official Metasploit

General

Reverse Engineering

Tutorials

Tools

Disassemblers and debuggers

  • IDA - IDA is a Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger
  • OllyDbg - A 32-bit assembler level analysing debugger for Windows
  • x64dbgstars38k - An open-source x64/x32 debugger for Windows
  • radare2stars15.6k - A portable reversing framework
  • plasmastars3k - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
  • ScratchABitstars373 - Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API
  • Capstonestars5.4k
  • Ghidra - A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission

Decompilers

  • JVM-based languages

  • Krakataustars1.5k - the best decompiler I have used. Is able to decompile apps written in Scala and Kotlin into Java code. JD-GUI and Luyten have failed to do it fully.

  • JD-GUIstars10.8k

  • procyon

    • Luytenstars4.3k - one of the best, though a bit slow, hangs on some binaries and not very well maintained.
  • JAD - JAD Java Decompiler (closed-source, unmaintained)

  • JADXstars28.8k - a decompiler for Android apps. Not related to JAD.

  • .net-based languages

    • dotPeek - a free-of-charge .NET decompiler from JetBrains
    • ILSpystars14.2k - an open-source .NET assembly browser and decompiler
    • dnSpystars19.9k - .NET assembly editor, decompiler, and debugger
  • native code

  • Python

Deobfuscators

Other

  • nudge4jstars147 - Java tool to let the browser talk to the JVM
  • dex2jarstars9.4k - Tools to work with Android .dex and Java .class files
  • androguard - Reverse engineering, malware and goodware analysis of Android applications
  • antinetstars263 - .NET anti-managed debugger and anti-profiler code
  • UPX - the Ultimate Packer (and unpacker) for eXecutables

Execution logging and tracing

  • Wireshark - A free and open-source packet analyzer
  • tcpdump - A powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture
  • mitmproxystars25.8k - An interactive, SSL-capable man-in-the-middle proxy for HTTP with a console interface
  • Charles Proxy - A cross-platform GUI web debugging proxy to view intercepted HTTP and HTTPS/SSL live traffic
  • usbmon - USB capture for Linux.
  • USBPcapstars620 - USB capture for Windows.
  • dynStructstars286 - structures recovery via dynamic instrumentation.
  • drltracestars321 - shared library calls tracing.

Binary files examination and editing

Hex editors

  • HxD - A hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size
  • WinHex - A hexadecimal editor, helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security
  • wxHexEditorstars419
  • Synalize It/Hexinator -

Other

General

Web

Tools

  • Spyse - Data gathering service that collects web info using OSINT. Provided info: IPv4 hosts, domains/whois, ports/banners/protocols, technologies, OS, AS, maintains huge SSL/TLS DB, and more... All the data is stored in its own database allowing get the data without scanning.
  • sqlmapstars22.2k - Automatic SQL injection and database takeover tool
  • NoSQLMapstars2k - Automated NoSQL database enumeration and web application exploitation tool.
  • tools.web-max.ca - base64 base85 md4,5 hash, sha1 hash encoding/decoding
  • VHostScanstars897 - A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
  • SubFinderstars4.7k - SubFinder is a subdomain discovery tool that discovers valid subdomains for any target using passive online sources.
  • Findsubdomains - A subdomains discovery tool that collects all possible subdomains from open source internet and validates them through various tools to provide accurate results.
  • badtouchstars305 - Scriptable network authentication cracker
  • PhpSploitstars1.5k - Full-featured C2 framework which silently persists on webserver via evil PHP oneliner
  • Git-Scannerstars205 - A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public
  • CSP Scanner - Analyze a site's Content-Security-Policy (CSP) to find bypasses and missing directives.

General

  • Strong node.jsstars455 - An exhaustive checklist to assist in the source code security analysis of a node.js web service.

Network

Tools

  • NetworkMiner - A Network Forensic Analysis Tool (NFAT)
  • Paros - A Java-based HTTP/HTTPS proxy for assessing web application vulnerability
  • pigstars412 - A Linux packet crafting tool
  • findsubdomains - really fast subdomains scanning service that has much greater opportunities than simple subs finder(works using OSINT).
  • cirt-fuzzer - A simple TCP/UDP protocol fuzzer.
  • ASlookup - a useful tool for exploring autonomous systems and all related info (CIDR, ASN, Org...)
  • ZAP - The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications
  • mitmsocks4jstars28 - Man-in-the-middle SOCKS Proxy for Java
  • ssh-mitmstars1.4k - An SSH/SFTP man-in-the-middle tool that logs interactive sessions and passwords.
  • nmap - Nmap (Network Mapper) is a security scanner
  • Aircrack-ng - An 802.11 WEP and WPA-PSK keys cracking program
  • Nipestars1.2k - A script to make Tor Network your default gateway.
  • Habustars724 - Python Network Hacking Toolkit
  • Wifi Jammer - Free program to jam all wifi clients in range
  • Firesheep - Free program for HTTP session hijacking attacks.
  • Scapystars52 - A Python tool and library for low level packet creation and manipulation
  • Amassstars6.5k - In-depth subdomain enumeration tool that performs scraping, recursive brute forcing, crawling of web archives, name altering and reverse DNS sweeping
  • sniffgluestars799 - Secure multithreaded packet sniffer
  • Netzstars311 - Discover internet-wide misconfigurations, using zgrab2 and others.
  • RustScanstars5.5k - Extremely fast port scanner built with Rust, designed to scan all ports in a couple of seconds and utilizes nmap to perform port enumeration in a fraction of the time.

Forensic

Tools

Cryptography

Tools

  • xortoolstars1.1k - A tool to analyze multi-byte XOR cipher
  • John the Ripper - A fast password cracker
  • Aircrack - Aircrack is 802.11 WEP and WPA-PSK keys cracking program.
  • Cipheystars9.3k - Automated decryption tool using artificial intelligence & natural language processing.

Wargame

System

Reverse Engineering

  • Reversing.kr - This site tests your ability to Cracking & Reverse Code Engineering
  • CodeEngn - (Korean)
  • simples.kr - (Korean)
  • Crackmes.de - The world first and largest community website for crackmes and reversemes.

Web

  • Hack This Site! - a free, safe and legal training ground for hackers to test and expand their hacking skills
  • Hack The Box - a free site to perform pentesting in a variety of different systems.
  • Webhacking.kr
  • 0xf.at - a website without logins or ads where you can solve password-riddles (so called hackits).
  • fuzzy.land - Website by an Austrian group. Lots of challenges taken from CTFs they participated in.
  • Gruyere
  • Others

Cryptography

Bug bounty

Bug bounty - Earn Some Money

CTF

Competition

General

OS

Online resources

Post exploitation

tools

ETC

  • SecTools - Top 125 Network Security Tools
  • Roppers Security Fundamentals - Free course that teaches a beginner how security works in the real world. Learn security theory and execute defensive measures so that you are better prepared against threats online and in the physical world. Full text available as a gitbook.

ON THIS PAGE

  1. Awesome Hacking -An Amazing Project Awesome
  2. Table of Contents
  3. System
  4. Tutorials
  5. Tools
  6. Docker Images for Penetration Testing & Security
  7. General
  8. Reverse Engineering
  9. Tutorials
  10. Tools
  11. Disassemblers and debuggers
  12. Decompilers
  13. Deobfuscators
  14. Other
  15. Execution logging and tracing
  16. Binary files examination and editing
  17. General
  18. Web
  19. Tools
  20. General
  21. Network
  22. Tools
  23. Forensic
  24. Tools
  25. Cryptography
  26. Tools
  27. Wargame
  28. System
  29. Reverse Engineering
  30. Web
  31. Cryptography
  32. Bug bounty
  33. Bug bounty - Earn Some Money
  34. CTF
  35. Competition
  36. General
  37. OS
  38. Online resources
  39. Post exploitation
  40. tools
  41. ETC
Last Checked At: 2022-01-24T04:41:42.094Z
Previous
ashishb/android-security-awesome
Next
paralax/awesome-honeypots

About

Track your favorite github awesome repo, not just star it. trackawesomelist.com provides website, newsletter, RSS for tracking the popular awesome list by daily and weekly.
Contact us: [email protected]
Track Awesome List - Track your favorite Github awesome repos, not just star them | Product Hunt

Subscribe

Subscribe to our weekly newsletter to receive the awesome updates! We never send spam and you can unsubscribe instantly with one click. Here's past issues.

Links

Follow us on TwitterSubscribe us on TelegramSubmit awesome list repoNewsletterDonateSitemap