Awesome Hacking -An Amazing Project
A curated list of awesome Hacking. Inspired by
awesome-machine-learning
If you want to contribute to this list (please do), send me a pull request
or contact me
[@carpedm20](https://twitter.com/carpedm20)
For a list of free hacking books available for download, go
here
Table of Contents
System
Tutorials
-
Metasploit
A computer security project that provides information about security
vulnerabilities and aids in penetration testing and IDS signature
development.
-
mimikatz - A little
tool to play with Windows security
-
Hackers tools
- Tutorial on tools.
Docker Images for Penetration Testing & Security
General
Reverse Engineering
Tutorials
Disassemblers and debuggers
-
IDA - IDA is a
Windows, Linux or Mac OS X hosted multi-processor disassembler and
debugger
-
OllyDbg - A 32-bit assembler level
analysing debugger for Windows
-
x64dbg - An open-source
x64/x32 debugger for Windows
-
radare2 - A portable
reversing framework
-
plasma - Interactive
disassembler for x86/ARM/MIPS. Generates indented pseudo-code with
colored syntax code.
-
ScratchABit -
Easily retargetable and hackable interactive disassembler with
IDAPython-compatible plugin API
- Capstone
-
Ghidra - A software reverse
engineering (SRE) suite of tools developed by NSA’s Research Directorate
in support of the Cybersecurity mission
Decompilers
Deobfuscators
-
de4dot - .NET deobfuscator
and unpacker.
-
JS Beautifier
-
JS Nice - a web service guessing JS
variables names and types based on the model derived from open source.
Other
-
nudge4j - Java
tool to let the browser talk to the JVM
-
dex2jar - Tools to work
with Android .dex and Java .class files
-
androguard - Reverse
engineering, malware and goodware analysis of Android applications
-
antinet - .NET
anti-managed debugger and anti-profiler code
-
UPX - the Ultimate Packer (and
unpacker) for eXecutables
Execution logging and tracing
-
Wireshark - A free and
open-source packet analyzer
-
tcpdump - A powerful command-line
packet analyzer; and libpcap, a portable C/C++ library for network
traffic capture
-
mitmproxy - An
interactive, SSL-capable man-in-the-middle proxy for HTTP with a console
interface
-
Charles Proxy - A cross-platform
GUI web debugging proxy to view intercepted HTTP and HTTPS/SSL live
traffic
-
usbmon
- USB capture for Linux.
-
USBPcap - USB capture
for Windows.
-
dynStruct -
structures recovery via dynamic instrumentation.
-
drltrace - shared
library calls tracing.
Binary files examination and editing
Hex editors
-
HxD - A hex editor which,
additionally to raw disk editing and modifying of main memory (RAM),
handles files of any size
-
WinHex - A hexadecimal
editor, helpful in the realm of computer forensics, data recovery,
low-level data processing, and IT security
- wxHexEditor
-
Synalize It/Hexinator
-
Other
-
Binwalk - Detects
signatures, unpacks archives, visualizes entropy.
-
Veles - a visualizer for
statistical properties of blobs.
-
Kaitai Struct -
a DSL for creating parsers in a variety of programming languages. The
Web IDE is particularly useful for reverse-engineering.
-
Protobuf inspector
-
DarunGrim -
executable differ.
-
DBeaver - a DB editor.
-
Dependencies - a
FOSS replacement to Dependency Walker.
-
PEview - A quick and easy
way to view the structure and content of 32-bit Portable Executable (PE)
and Component Object File Format (COFF) files
-
BinText
- A small, very fast and powerful text extractor that will be of
particular interest to programmers.
General
Web
-
Spyse - Data gathering service that
collects web info using OSINT. Provided info: IPv4 hosts, domains/whois,
ports/banners/protocols, technologies, OS, AS, maintains huge SSL/TLS
DB, and more… All the data is stored in its own database allowing get
the data without scanning.
-
sqlmap - Automatic
SQL injection and database takeover tool
-
NoSQLMap - Automated
NoSQL database enumeration and web application exploitation tool.
-
tools.web-max.ca
- base64 base85 md4,5 hash, sha1 hash encoding/decoding
-
VHostScan - A virtual
host scanner that performs reverse lookups, can be used with pivot
tools, detect catch-all scenarios, aliases and dynamic default pages.
-
SubFinder -
SubFinder is a subdomain discovery tool that discovers valid subdomains
for any target using passive online sources.
-
Findsubdomains - A subdomains
discovery tool that collects all possible subdomains from open source
internet and validates them through various tools to provide accurate
results.
-
badtouch - Scriptable
network authentication cracker
-
PhpSploit -
Full-featured C2 framework which silently persists on webserver via evil
PHP oneliner
-
Git-Scanner - A
tool for bug hunting or pentesting for targeting websites that have open
.git repositories available in public
-
CSP Scanner - Analyze a site’s
Content-Security-Policy (CSP) to find bypasses and missing directives.
General
-
Strong node.js
- An exhaustive checklist to assist in the source code security analysis
of a node.js web service.
Network
-
NetworkMiner -
A Network Forensic Analysis Tool (NFAT)
-
Paros - A
Java-based HTTP/HTTPS proxy for assessing web application vulnerability
-
pig - A Linux
packet crafting tool
-
findsubdomains - really fast
subdomains scanning service that has much greater opportunities than
simple subs finder(works using OSINT).
-
cirt-fuzzer - A simple TCP/UDP
protocol fuzzer.
-
ASlookup - a useful tool for
exploring autonomous systems and all related info (CIDR, ASN, Org…)
-
ZAP
- The Zed Attack Proxy (ZAP) is an easy to use integrated penetration
testing tool for finding vulnerabilities in web applications
-
mitmsocks4j -
Man-in-the-middle SOCKS Proxy for Java
-
ssh-mitm - An SSH/SFTP
man-in-the-middle tool that logs interactive sessions and passwords.
-
nmap - Nmap (Network Mapper) is a
security scanner
-
Aircrack-ng - An 802.11 WEP
and WPA-PSK keys cracking program
-
Nipe - A script to
make Tor Network your default gateway.
-
Habu - Python Network
Hacking Toolkit
-
Wifi Jammer - Free program
to jam all wifi clients in range
-
Firesheep - Free
program for HTTP session hijacking attacks.
-
Scapy - A Python
tool and library for low level packet creation and manipulation
-
Amass - In-depth subdomain
enumeration tool that performs scraping, recursive brute forcing,
crawling of web archives, name altering and reverse DNS sweeping
-
sniffglue - Secure
multithreaded packet sniffer
-
Netz - Discover
internet-wide misconfigurations, using zgrab2 and others.
-
RustScan - Extremely
fast port scanner built with Rust, designed to scan all ports in a
couple of seconds and utilizes nmap to perform port enumeration in a
fraction of the time.
Forensic
Cryptography
-
xortool - A tool to
analyze multi-byte XOR cipher
-
John the Ripper - A fast
password cracker
-
Aircrack - Aircrack is 802.11
WEP and WPA-PSK keys cracking program.
-
Ciphey - Automated
decryption tool using artificial intelligence & natural language
processing.
Wargame
System
Reverse Engineering
-
Reversing.kr - This site tests
your ability to Cracking & Reverse Code Engineering
- CodeEngn - (Korean)
- simples.kr - (Korean)
-
Crackmes.de - The world first and
largest community website for crackmes and reversemes.
Web
-
Hack This Site! - a free,
safe and legal training ground for hackers to test and expand their
hacking skills
-
Hack The Box - a free site to
perform pentesting in a variety of different systems.
- Webhacking.kr
-
0xf.at - a website without logins or ads
where you can solve password-riddles (so called hackits).
-
fuzzy.land - Website by an Austrian
group. Lots of challenges taken from CTFs they participated in.
- Gruyere
-
Others
Cryptography
Bug bounty
Bug bounty - Earn Some Money
CTF
Competition
General
OS
Online resources
-
empire - A post
exploitation framework for powershell and python.
-
silenttrinity
- A post exploitation tool that uses iron python to get past powershell
restrictions.
-
PowerSploit
- A PowerShell post exploitation framework
-
ebowla -
Framework for Making Environmental Keyed Payloads
ETC