903 lines
52 KiB
Markdown
903 lines
52 KiB
Markdown
|
---
|
|||
|
|
title: "Hacking"
|
|||
|
|
date:
|
|||
|
|
draft: false
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
</br>
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
</br>
|
|||
|
|
|
|||
|
|
|
|||
|
|
*"The truth is revealed by removing things that stand in its light, an art not unlike sculpture, in which the artist creates, not by building, but by hacking away." - Alan Watts*
|
|||
|
|
|
|||
|
|
Welcome to the Hacking section of Liberty tools! Hacking should be used to increase your knowledge and harden your defenses. Please use these tools responsibly.
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
### **Anonymity**
|
|||
|
|
|
|||
|
|
- [**BinGoo**](https://github.com/Hood3dRob1n/BinGoo) - GNU/Linux bash based Bing and Google Dorking Tool.
|
|||
|
|
|
|||
|
|
- [**Censys**](https://www.censys.io/) - Collects data on hosts and websites through daily ZMap and ZGrab scans.
|
|||
|
|
|
|||
|
|
- [**creepy**](https://github.com/ilektrojohn/creepy) - Geolocation OSINT tool.
|
|||
|
|
|
|||
|
|
- [**dork-cli**](https://github.com/jgor/dork-cli) - Command line Google dork tool.
|
|||
|
|
|
|||
|
|
- [**Fast-recon**](https://github.com/DanMcInerney/fast-recon) - Perform Google dorks against a domain.
|
|||
|
|
|
|||
|
|
- [**GooDork**](https://github.com/k3170makan/GooDork) - Command line Google dorking tool.
|
|||
|
|
|
|||
|
|
- [**Google Hacking Database**](https://www.exploit-db.com/google-hacking-database) - Database of Google dorks; can be used for recon.
|
|||
|
|
|
|||
|
|
- [**Google-dorks**](https://github.com/JohnTroony/Google-dorks) - Common Google dorks and others you probably don’t know.
|
|||
|
|
|
|||
|
|
- [**I2P**](https://geti2p.net/) - The Invisible Internet Project.
|
|||
|
|
|
|||
|
|
- [**Maltego**](http://www.paterva.com/web7/) - One of the Hacking Tools and Proprietary software for open source intelligence and forensics, from Paterva.
|
|||
|
|
|
|||
|
|
- [**metagoofil**](https://github.com/laramies/metagoofil) - Metadata harvester.
|
|||
|
|
|
|||
|
|
- [**Nipe**](https://github.com/GouveaHeitor/nipe) - Script to redirect all traffic from the machine to the Tor network.
|
|||
|
|
|
|||
|
|
- [**OnionScan**](https://onionscan.org/) - One of the Hacking Tools for investigating the Dark Web by finding operational security issues introduced by Tor hidden service operators.
|
|||
|
|
|
|||
|
|
- [**recon-ng**](https://github.com/lanmaster53/recon-ng) - One of the Hacking Tools Full-featured Web Reconnaissance framework written in Python.
|
|||
|
|
|
|||
|
|
- [**snitch**](https://github.com/Smaash/snitch) - Information gathering via dorks.
|
|||
|
|
|
|||
|
|
- [**Spiderfoot**](http://www.spiderfoot.net/) - Multi-source OSINT automation tool with a Web UI and report visualizations.
|
|||
|
|
|
|||
|
|
- [**theHarvester**](https://github.com/laramies/theHarvester) - E-mail, subdomain and people names harvester.
|
|||
|
|
|
|||
|
|
- [**Tor**](https://www.torproject.org/) - Free software and onion routed overlay network that helps you defend against traffic analysis.
|
|||
|
|
|
|||
|
|
- [**Virus Total**](https://www.virustotal.com/) - VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.
|
|||
|
|
|
|||
|
|
- [**What Every Browser Knows About You**](http://webkay.robinlinus.com/) - Comprehensive detection page to test your own Web browser’s configuration for privacy and identity leaks.
|
|||
|
|
|
|||
|
|
- [**ZoomEye**](https://www.zoomeye.org/) - Search engine for cyberspace that lets the user find specific network components.
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
### Bug Bounty Platforms
|
|||
|
|
|
|||
|
|
- [**Bugcrowd List**](https://www.bugcrowd.com/bug-bounty-list/) - List of many companies that provide bug bounties.
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
### **CTF(Capture the flag)**
|
|||
|
|
|
|||
|
|
- [**Ctf-tools**](https://github.com/zardus/ctf-tools) - Collection of setup scripts to install various security research tools easily and quickly deployable to new machines.
|
|||
|
|
|
|||
|
|
- [**Pwntools**](https://github.com/Gallopsled/pwntools) - Rapid exploit development framework built for use in CTFs.
|
|||
|
|
|
|||
|
|
- [**RsaCtfTool**](https://github.com/sourcekris/RsaCtfTool) - Decrypt data enciphered using weak RSA keys, and recover private keys from public keys using a variety of automated attacks.
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
### **DDoS**
|
|||
|
|
|
|||
|
|
- [**HOIC**](https://sourceforge.net/projects/high-orbit-ion-cannon/) - Updated version of Low Orbit Ion Cannon, has ‘boosters’ to get around common counter measures.
|
|||
|
|
|
|||
|
|
- [**JS LOIC**](http://metacortexsecurity.com/tools/anon/LOIC/LOICv1.html) - JavaScript in-browser version of LOIC.
|
|||
|
|
|
|||
|
|
- [**LOIC**](https://github.com/NewEraCracker/LOIC/) - Open source network stress tool for Windows.
|
|||
|
|
|
|||
|
|
- [**SlowLoris**](https://github.com/gkbrk/slowloris) - DoS tool that uses low bandwidth on the attacking side.
|
|||
|
|
|
|||
|
|
- [**T50**](https://sourceforge.net/projects/t50/) - Faster network stress tool.
|
|||
|
|
|
|||
|
|
- [**UFONet**](https://github.com/epsylon/ufonet) - Abuses OSI layer 7 HTTP to create/manage ‘zombies’ and to conduct different attacks using; GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
### **Defense Evasion**
|
|||
|
|
|
|||
|
|
- [**AntiVirus Evasion Tool (AVET)**](https://github.com/govolution/avet) - Post-process exploits containing executable files targeted for Windows machines to avoid being recognized by antivirus software.
|
|||
|
|
|
|||
|
|
- [**Hyperion**](http://nullsecurity.net/tools/binary.html) - Runtime encryptor for 32-bit portable executables (“PE .exes”).
|
|||
|
|
|
|||
|
|
- [**PeCloak.py**](https://www.securitysift.com/pecloak-py-an-experiment-in-av-evasion/) - Automates the process of hiding a malicious Windows executable from antivirus (AV) detection.
|
|||
|
|
|
|||
|
|
- [**PeCloakCapstone**](https://github.com/v-p-b/peCloakCapstone) - Multi-platform fork of the peCloak.py automated malware antivirus evasion tool.
|
|||
|
|
|
|||
|
|
- [**UniByAv**](https://github.com/Exploit-install/UniByAv) - Simple obfuscator that takes raw shellcode and generates Anti-Virus friendly executables by using a brute-forcable, 32-bit XOR key.
|
|||
|
|
|
|||
|
|
- [**Veil**](https://github.com/Veil-Framework/Veil) - Generate metasploit payloads that bypass common anti-virus solutions.
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
### **Defcon Suggested Reading**
|
|||
|
|
|
|||
|
|
- [**Defcon Suggested Reading**](https://www.defcon.org/html/links/book-list.html)
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
### Email Spoofing
|
|||
|
|
|
|||
|
|
- [**SpoofBox**](https://www.spoofbox.com) - Offers email, SMS, Phone spoofing and lots of other tools. Not a free service. Can also be used to look up phone numbers.
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
### **Exploit Development**
|
|||
|
|
|
|||
|
|
- [**Exploit Writing Tutorials**](https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/) - Tutorials on how to develop exploits.
|
|||
|
|
|
|||
|
|
- [**Shellcode Examples**](http://shell-storm.org/shellcode/) - Shellcodes database.
|
|||
|
|
|
|||
|
|
- [**Shellcode Tutorial**](http://www.vividmachines.com/shellcode/shellcode.html) - Tutorial on how to write shellcode.
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
### **File Format Analysis**
|
|||
|
|
|
|||
|
|
- [**Hachoir**](http://hachoir3.readthedocs.io/) - Python library to view and edit a binary stream as tree of fields and tools for metadata extraction.
|
|||
|
|
|
|||
|
|
- [**Kaitai Struct**](http://kaitai.io/) - File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby.
|
|||
|
|
|
|||
|
|
- [**Veles**](https://codisec.com/veles/) - Binary data visualization and analysis tool.
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
### Forensics
|
|||
|
|
|
|||
|
|
- [**Autopsy**](https://www.autopsy.com/) - Full suite of open source forensics tools.
|
|||
|
|
|
|||
|
|
- [**CAINE**](https://forensictools.dev/listing/caine/) - CAINE is Linux Live CD that contains a wealth of digital forensic tools. Features include a user-friendly GUI, semi-automated report creation and tools for Mobile Forensics, Network Forensics, Data Recovery and more.
|
|||
|
|
|
|||
|
|
- [**FTK Imager**](https://www.exterro.com/ftk-imager) - Open Source Disk imaging tool.
|
|||
|
|
|
|||
|
|
- [**Paladin Forensic Suite**](https://sumuri.com/product-category/brands/paladin/) - Live Ubuntu distro with lots of tools. Open source with free and paid versions.
|
|||
|
|
|
|||
|
|
- [**SIFT Workstation**](https://www.sans.org/tools/sift-workstation/) - The SIFT Workstation is a collection of free and open-source incident response and forensic tools designed to perform detailed digital forensic examinations in a variety of settings, all built inside an Ubuntu VM.
|
|||
|
|
|
|||
|
|
- [**SMART**](https://smart-forensic.com/) - Open source sampling of many proprietary forensics tools.
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
### **GNU/Linux Utilities**
|
|||
|
|
|
|||
|
|
- [**Linux Exploit Suggester**](https://github.com/PenturaLabs/Linux_Exploit_Suggester) - Heuristic reporting on potentially viable exploits for a given GNU/Linux system.
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
### **Hacking Focused OSINT**
|
|||
|
|
|
|||
|
|
- [**AQUATONE**](https://github.com/michenriksen/aquatone) - Subdomain discovery tool utilizing various open sources producing a report that can be used as input to other tools.
|
|||
|
|
|
|||
|
|
- [**BinGoo**](https://github.com/Hood3dRob1n/BinGoo) - GNU/Linux bash based Bing and Google Dorking Tool.
|
|||
|
|
|
|||
|
|
- [**Censys**](https://www.censys.io/) - Collects data on hosts and websites through daily ZMap and ZGrab scans.
|
|||
|
|
|
|||
|
|
- [**creepy**](https://github.com/ilektrojohn/creepy) - Geolocation OSINT tool.
|
|||
|
|
|
|||
|
|
- [**DataSploit**](https://github.com/upgoingstar/datasploit) - OSINT visualizer utilizing Shodan, Censys, Clearbit, EmailHunter, FullContact, and Zoomeye behind the scenes.
|
|||
|
|
|
|||
|
|
- [**dork-cli**](https://github.com/jgor/dork-cli) - Command line Google dork tool.
|
|||
|
|
|
|||
|
|
- [**Fast-recon**](https://github.com/DanMcInerney/fast-recon) - Perform Google dorks against a domain.
|
|||
|
|
|
|||
|
|
- [**GooDork**](https://github.com/k3170makan/GooDork) - Command line Google dorking tool.
|
|||
|
|
|
|||
|
|
- [**Google Hacking Database**](https://www.exploit-db.com/google-hacking-database) - Database of Google dorks; can be used for recon.
|
|||
|
|
|
|||
|
|
- [**Google-dorks**](https://github.com/JohnTroony/Google-dorks) - Common Google dorks and others you probably don’t know.
|
|||
|
|
|
|||
|
|
- [**github-dorks**](https://github.com/techgaun/github-dorks) - CLI tool to scan Github repos/organizations for potential sensitive information leak.
|
|||
|
|
|
|||
|
|
- [**Intrigue**](http://intrigue.io/) - Automated OSINT & Attack Surface discovery framework with powerful API, UI and CLI.
|
|||
|
|
|
|||
|
|
- [**Maltego**](http://www.paterva.com/web7/) - One of the Hacking Tools and Proprietary software for open source intelligence and forensics, from Paterva.
|
|||
|
|
|
|||
|
|
- [**metagoofil**](https://github.com/laramies/metagoofil) - Metadata harvester.
|
|||
|
|
|
|||
|
|
- [**recon-ng**](https://github.com/lanmaster53/recon-ng) - One of the Hacking Tools Full-featured Web Reconnaissance framework written in Python.
|
|||
|
|
|
|||
|
|
- [**Shodan**](https://www.shodan.io/) - World’s first search engine for Internet-connected devices.
|
|||
|
|
|
|||
|
|
- [**snitch**](https://github.com/Smaash/snitch) - Information gathering via dorks.
|
|||
|
|
|
|||
|
|
- [**Sn1per**](https://github.com/1N3/Sn1per) - One of the Hacking Tools for Automated Pentest Recon Scanner.
|
|||
|
|
|
|||
|
|
- [**Spiderfoot**](http://www.spiderfoot.net/) - Multi-source OSINT automation tool with a Web UI and report visualizations.
|
|||
|
|
|
|||
|
|
- [**Threat Crowd**](http://ci-www.threatcrowd.org/) - Search engine for threats.
|
|||
|
|
|
|||
|
|
- [**theHarvester**](https://github.com/laramies/theHarvester) - E-mail, subdomain and people names harvester.
|
|||
|
|
|
|||
|
|
- [**vcsmap**](https://github.com/melvinsh/vcsmap) - Plugin-based tool to scan public version control systems for sensitive information.
|
|||
|
|
|
|||
|
|
- [**Virus Total**](https://www.virustotal.com/) - VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.
|
|||
|
|
|
|||
|
|
- [**What Every Browser Knows About You**](http://webkay.robinlinus.com/) - Comprehensive detection page to test your own Web browser’s configuration for privacy and identity leaks.
|
|||
|
|
|
|||
|
|
- [**ZoomEye**](https://www.zoomeye.org/) - Search engine for cyberspace that lets the user find specific network components.
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
### Hacking Conventions
|
|||
|
|
|
|||
|
|
- [**44Con**](https://44con.com/) - Annual Security Conference held in London.
|
|||
|
|
|
|||
|
|
- [**AppSecUSA**](https://globalappsec.org/) - Annual conference organized by OWASP.
|
|||
|
|
|
|||
|
|
- [**BalCCon**](https://www.balccon.org/) - Balkan Computer Congress, annually held in Novi Sad, Serbia.
|
|||
|
|
|
|||
|
|
- [**Black Hat**](http://www.blackhat.com/) - Annual security conference in Las Vegas.
|
|||
|
|
|
|||
|
|
- [**BruCON**](http://brucon.org/) - Annual security conference in Belgium.
|
|||
|
|
|
|||
|
|
- [**CarolinaCon**](http://www.carolinacon.org/) - Infosec conference, held annually in North Carolina.
|
|||
|
|
|
|||
|
|
- [**CCC**](https://events.ccc.de/congress/) - Annual meeting of the international hacker scene in Germany.
|
|||
|
|
|
|||
|
|
- [**CHCon**](https://2016.chcon.nz/) - Christchurch Hacker Con, Only South Island of New Zealand hacker con.
|
|||
|
|
|
|||
|
|
- [**DeepSec**](https://deepsec.net/) - Security Conference in Vienna, Austria.
|
|||
|
|
|
|||
|
|
- [**DefCamp**](http://def.camp/) - Largest Security Conference in Eastern Europe, held annually in Bucharest, Romania.
|
|||
|
|
|
|||
|
|
- [**DEF CON**](https://www.defcon.org/) - Annual hacker convention in Las Vegas. Known for having a left wing bias.
|
|||
|
|
|
|||
|
|
- [**Ekoparty**](http://www.ekoparty.org/) - Largest Security Conference in Latin America, held annually in Buenos Aires, Argentina.
|
|||
|
|
|
|||
|
|
- [**FSec**](http://fsec.foi.hr/) - FSec - Croatian Information Security Gathering in Varaždin, Croatia.
|
|||
|
|
|
|||
|
|
- [**Hack3rCon**](http://hack3rcon.org/) - Annual US hacker conference.
|
|||
|
|
|
|||
|
|
- [**Hack.lu**](https://2016.hack.lu/) - Annual conference held in Luxembourg.
|
|||
|
|
|
|||
|
|
- [**Hackfest**](https://hackfest.ca/) - Largest hacking conference in Canada.
|
|||
|
|
|
|||
|
|
- [**HITB**](https://conference.hitb.org/) - Deep-knowledge security conference held in Malaysia and The Netherlands.
|
|||
|
|
|
|||
|
|
- [**Hacking In The Box**](https://conference.hitb.org/) - Deep-knowledge security conference held in Malaysia and The Netherlands.
|
|||
|
|
|
|||
|
|
- [**Infosecurity Europe**](http://www.infosecurityeurope.com/) - Europe’s number one information security event, held in London, UK.
|
|||
|
|
|
|||
|
|
- [**LayerOne**](http://www.layerone.org/) - Annual US security conference held every spring in Los Angeles.
|
|||
|
|
|
|||
|
|
- [**Nullcon**](http://nullcon.net/website/) - Annual conference in Delhi and Goa, India.
|
|||
|
|
|
|||
|
|
- [**PhreakNIC**](http://phreaknic.info/) - Technology conference held annually in middle Tennessee.
|
|||
|
|
|
|||
|
|
- [**RSA Conference USA**](https://www.rsaconference.com/) - Annual security conference in San Francisco, California, USA.
|
|||
|
|
|
|||
|
|
- [**ShmooCon**](http://shmoocon.org/) - Annual US East coast hacker convention.
|
|||
|
|
|
|||
|
|
- [**SkyDogCon**](http://www.skydogcon.com/) - Technology conference in Nashville.
|
|||
|
|
|
|||
|
|
- [**SummerCon**](http://www.summercon.org/) - One of the oldest hacker conventions, held during Summer.
|
|||
|
|
|
|||
|
|
- [**Swiss Cyber Storm**](https://www.swisscyberstorm.com/) - Annual security conference in Lucerne, Switzerland.
|
|||
|
|
|
|||
|
|
- [**ThotCon**](http://thotcon.org/) - Annual US hacker conference held in Chicago.
|
|||
|
|
|
|||
|
|
- [**Troopers**](https://www.troopers.de/) - Annual international IT Security event with workshops held in Heidelberg, Germany.
|
|||
|
|
|
|||
|
|
- [**Virus Bulletin Conference**](https://www.virusbulletin.com/conference/index) - Annual conference going to be held in Denver, USA for 2016.
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
### **Hash Cracking**
|
|||
|
|
|
|||
|
|
- [**BruteForce Wallet**](https://github.com/glv2/bruteforce-wallet) - Find the password of an encrypted wallet file (i.e. wallet.dat).
|
|||
|
|
|
|||
|
|
- [**CeWL**](https://digi.ninja/projects/cewl.php) - Generates custom wordlists by spidering a target’s website and collecting unique words.
|
|||
|
|
|
|||
|
|
- [**Hashcat**](http://hashcat.net/hashcat/) - Another One of the Hacking Tools The more fast hash cracker.
|
|||
|
|
|
|||
|
|
- [**John the Ripper**](http://www.openwall.com/john/) - One of the best Hacking Tools for Fast password cracker.
|
|||
|
|
|
|||
|
|
- [**JWT Cracker**](https://github.com/lmammino/jwt-cracker) - Simple HS256 JWT token brute force cracker.
|
|||
|
|
|
|||
|
|
- [**Rar Crack**](http://rarcrack.sourceforge.net/) - RAR bruteforce cracker.
|
|||
|
|
|
|||
|
|
|
|||
|
|
### **Hex Editors**
|
|||
|
|
|
|||
|
|
- [**0xED**](https://web.archive.org/web/20140106172311if_/http://www.suavetech.com:80/0xed/0xed.html) – Native macOS hex editor that supports plug-ins to display custom data types.
|
|||
|
|
|
|||
|
|
- [**Frhed**](http://frhed.sourceforge.net/) – Binary file editor for Windows.
|
|||
|
|
|
|||
|
|
- [**HexEdit.js**](https://hexed.it/) – Browser-based hex editing.
|
|||
|
|
|
|||
|
|
- [**Hexinator**](https://hexinator.com/) – World’s finest (proprietary, commercial) Hex Editor.
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
### **Information Security Magazines**
|
|||
|
|
|
|||
|
|
- [**2600: The Hacker Quarterly**](https://www.2600.com/Magazine/DigitalEditions) – American publication about technology and computer “underground.”
|
|||
|
|
|
|||
|
|
- [**Phrack Magazine**](http://www.phrack.org/) – By far the longest running hacker zine.
|
|||
|
|
|
|||
|
|
- [**Unredacted Magazine**](https://unredactedmagazine.com/) - The official magazine from Michael Bazzell author of Extreme Privacy.
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
### **Lock Picking Resources**
|
|||
|
|
|
|||
|
|
- [**Awesome Lockpicking**](https://github.com/meitar/awesome-lockpicking) – Awesome guides, tools, and other resources about the security and compromise of locks, safes, and keys.
|
|||
|
|
|
|||
|
|
- [**Bosnianbill**](https://www.youtube.com/user/bosnianbill) – More lockpicking videos.
|
|||
|
|
|
|||
|
|
- [**Schuyler Towne channel**](https://www.youtube.com/user/SchuylerTowne/) – Lockpicking videos and security talks.
|
|||
|
|
|
|||
|
|
- [**/r/lockpicking**](https://www.reddit.com/r/lockpicking) – Resources for learning lockpicking, equipment recommendations.
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
### **macOS Utilities**
|
|||
|
|
|
|||
|
|
- [Bella](https://github.com/00xkhaled/Bella) – Pure Python post-exploitation data mining and remote administration tool for macOS.
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
### **Multi-paradigm Frameworks**
|
|||
|
|
|
|||
|
|
- [**Armitage**](https://github.com/blackhatethicalhacking/armitage) – Java-based GUI front-end for the Metasploit Framework.
|
|||
|
|
|
|||
|
|
- [**ExploitPack**](https://juansacco.gitbooks.io/exploitpack/content/) – Graphical tool for automating penetration tests that ships with many pre-packaged exploits.
|
|||
|
|
|
|||
|
|
- [**Faraday**](https://github.com/infobyte/faraday) – Multiuser integrated pentesting environment for red teams performing cooperative penetration tests, security audits, and risk assessments.
|
|||
|
|
|
|||
|
|
- [**Metasploit**](https://www.metasploit.com/) – Post exploitation Hacking Tools for offensive security teams to help verify vulnerabilities and manage security assessments.
|
|||
|
|
|
|||
|
|
- [**Pupy**](https://github.com/n1nj4sec/pupy) – Cross-platform (Windows, Linux, macOS, Android) remote administration and post-exploitation tool.
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
### **Network Tools**
|
|||
|
|
|
|||
|
|
- [**BetterCAP**](https://www.bettercap.org/) – Modular, portable and easily extensible MITM framework.
|
|||
|
|
|
|||
|
|
- [**CloudFail**](https://github.com/m0rtem/CloudFail) – Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS.
|
|||
|
|
|
|||
|
|
- [**CrackMapExec**](https://github.com/byt3bl33d3r/CrackMapExec) – A swiss army knife for pentesting networks.
|
|||
|
|
|
|||
|
|
- [**Debookee**](http://www.iwaxx.com/debookee/) – Simple and powerful network traffic analyzer for macOS.
|
|||
|
|
|
|||
|
|
- [**DET**](https://github.com/sensepost/DET) – Proof of concept to perform data exfiltration using either single or multiple channel(s) at the same time.
|
|||
|
|
|
|||
|
|
- [**Dgcd**](http://tgcd.sourceforge.net/) – Simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls.
|
|||
|
|
|
|||
|
|
- [**Dnsmap**](https://github.com/makefu/dnsmap/) – One of the Hacking Tools for Passive DNS network mapper.
|
|||
|
|
|
|||
|
|
- [**Dnsrecon**](https://github.com/darkoperator/dnsrecon/) – One of the Hacking Tools for DNS enumeration script.
|
|||
|
|
|
|||
|
|
- [**Dnschef**](https://github.com/iphelix/dnschef) – Highly configurable DNS proxy for pentesters.
|
|||
|
|
|
|||
|
|
- [**Dnsenum**](https://github.com/fwaeytens/dnsenum/) – Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results.
|
|||
|
|
|
|||
|
|
- [**Dnstracer**](http://www.mavetju.org/unix/dnstracer.php) – Determines where a given DNS server gets its information from, and follows the chain of DNS servers.
|
|||
|
|
|
|||
|
|
- [**DNSDumpster**](https://dnsdumpster.com/) – One of the Hacking Tools for Online DNS recon and search service.
|
|||
|
|
|
|||
|
|
- [**Dshell**](https://github.com/USArmyResearchLab/Dshell) – Network forensic analysis framework.
|
|||
|
|
|
|||
|
|
- [**Dsniff**](https://www.kali.org/tools/dsniff/) – Collection of tools for network auditing and pentesting.
|
|||
|
|
|
|||
|
|
- [**Dripcap**](https://github.com/orinocoz/dripcap) – Caffeinated packet analyzer.
|
|||
|
|
|
|||
|
|
- [**Evilgrade**](https://github.com/infobyte/evilgrade) – Modular framework to take advantage of poor upgrade implementations by injecting fake updates.
|
|||
|
|
|
|||
|
|
- [**Ettercap**](http://www.ettercap-project.org/) – Comprehensive, mature suite for machine-in-the-middle attacks.
|
|||
|
|
|
|||
|
|
- [**Impacket**](https://github.com/CoreSecurity/impacket) – A collection of Python classes for working with network protocols.
|
|||
|
|
|
|||
|
|
- [**Intercepter-NG**](http://sniff.su/) – Multifunctional network toolkit.
|
|||
|
|
|
|||
|
|
- [**Mass Scan**](https://github.com/robertdavidgraham/masscan) – Best Hacking Tools for TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
|
|||
|
|
|
|||
|
|
- [**Mallory**](https://github.com/justmao945/mallory) – HTTP/HTTPS proxy over SSH.
|
|||
|
|
|
|||
|
|
- [**Mitmproxy**](https://github.com/mitmproxy/mitmproxy) – Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
|
|||
|
|
|
|||
|
|
- [**Morpheus**](https://github.com/r00t-3xp10it/morpheus) – Automated ettercap TCP/IP Hacking Tools.
|
|||
|
|
|
|||
|
|
- [**Netsniff-ng**](https://github.com/netsniff-ng/netsniff-ng) – Swiss army knife for network sniffing.
|
|||
|
|
|
|||
|
|
- [**Network-Tools.com**](http://network-tools.com/) – Website offering an interface to numerous basic network utilities like ping, traceroute, whois, and more.
|
|||
|
|
|
|||
|
|
- [**Nmap**](https://nmap.org/) – Free security scanner for network exploration & security audits.
|
|||
|
|
|
|||
|
|
- [**Passivedns**](https://github.com/gamelinux/passivedns) – Network sniffer that logs all DNS server replies for use in a passive DNS setup.
|
|||
|
|
|
|||
|
|
- [**Passivedns-client**](https://github.com/chrislee35/passivedns-client) – Library and query tool for querying several passive DNS providers.
|
|||
|
|
|
|||
|
|
- [**Pig**](https://github.com/rafael-santiago/pig) – One of the Hacking Tools for GNU/Linux packet crafting.
|
|||
|
|
|
|||
|
|
- [**Pwnat**](https://github.com/samyk/pwnat) – Punches holes in firewalls and NATs.
|
|||
|
|
|
|||
|
|
- [**Praeda**](http://h.foofus.net/?page_id=218) – Automated multi-function printer data harvester for gathering usable data during security assessments.
|
|||
|
|
|
|||
|
|
- [**Printer Exploitation Toolkit (PRET)**](https://github.com/RUB-NDS/PRET) – Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features.
|
|||
|
|
|
|||
|
|
- [**Routersploit**](https://github.com/reverse-shell/routersploit) – Open source exploitation framework similar to Metasploit but dedicated to embedded devices.
|
|||
|
|
|
|||
|
|
- [**Scanless**](https://github.com/vesche/scanless) – Utility for using websites to perform port scans on your behalf so as not to reveal your own IP.
|
|||
|
|
|
|||
|
|
- [**Scapy**](https://github.com/secdev/scapy) – Python-based interactive packet manipulation program & library.
|
|||
|
|
|
|||
|
|
- [**SPARTA**](https://sparta.secforce.com/) – Graphical interface offering scriptable, configurable access to existing network infrastructure scanning and enumeration tools.
|
|||
|
|
|
|||
|
|
- [**SSH MITM**](https://github.com/jtesta/ssh-mitm) – Intercept SSH connections with a proxy; all plaintext passwords and sessions are logged to disk.
|
|||
|
|
|
|||
|
|
- [**Tcpdump/libpcap**](http://www.tcpdump.org/) – Common packet analyzer that runs under the command line.
|
|||
|
|
|
|||
|
|
- [**Wireshark**](https://www.wireshark.org/) – Widely-used graphical, cross-platform network protocol analyzer.
|
|||
|
|
|
|||
|
|
- [**XRay**](https://github.com/evilsocket/xray) – Network (sub)domain discovery and reconnaissance automation tool.
|
|||
|
|
|
|||
|
|
- [**Zarp**](https://github.com/hatRiot/zarp) – Network attack tool centered around the exploitation of local networks.
|
|||
|
|
|
|||
|
|
- [**Zmap**](https://zmap.io/) – Open source network scanner that enables researchers to easily perform Internet-wide network studies.
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
### **Operating Systems**
|
|||
|
|
|
|||
|
|
- [**Best Linux Penetration Testing Distributions @ CyberPunk**](https://n0where.net/best-linux-penetration-testing-distributions/) – Description of main penetration testing distributions.
|
|||
|
|
|
|||
|
|
- [**Cuckoo**](https://github.com/cuckoosandbox/cuckoo) – Open source automated malware analysis system.
|
|||
|
|
|
|||
|
|
- [**Computer Aided Investigative Environment (CAINE)**](http://www.caine-live.net/) – Italian GNU/Linux live distribution created as a digital forensics project.
|
|||
|
|
|
|||
|
|
- [**CSILinux**](https://csilinux.com/) - CSI's mission is to equip you with the most advanced tools in digital forensics, OSINT, and incident response.
|
|||
|
|
|
|||
|
|
- [**Digital Evidence & Forensics Toolkit (DEFT)**](https://archiveos.org/deft/) – Live CD for forensic analysis runnable without tampering or corrupting connected devices where the boot process takes place.
|
|||
|
|
|
|||
|
|
- [**Security related Operating Systems @ Rawsec**](https://github.com/tyki6/rawsec_cli) – Penetration testing tools & Hacking Tools list Related Complete list of security operating systems.
|
|||
|
|
|
|||
|
|
- [**Security @ Distrowatch**](http://distrowatch.com/search.php?category=Security) – Website dedicated to talking about, reviewing, and keeping up to date with open source operating systems.
|
|||
|
|
|
|||
|
|
- [**Tails**](https://tails.boum.org/) – Live OS aimed at preserving privacy and anonymity.
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
### Physical Hacking Tools
|
|||
|
|
|
|||
|
|
- [**Anof-cyber/APTRS**](https://github.com/Anof-cyber/APTRS) - APTRS (Automated Penetration Testing Reporting System) is an automated reporting tool in Python and Django. The tool allows Penetration testers to create a report directly without using the Traditional Docx file. It also provides an approach to keeping track of the projects and vulnerabilities.
|
|||
|
|
|
|||
|
|
- [**Canarytokens.org**](https://canarytokens.org/generate) - Canarytokens are a free, quick, painless way to help defenders discover they've been breached by having attackers announce themselves. These are digital honeypots you can configure on your own network.
|
|||
|
|
|
|||
|
|
- [**Flipperzero.one**](https://flipperzero.one/) - Flipper Zero is a portable multi-tool for pentesters and geeks in a toy-like body. It loves hacking digital stuff, such as radio protocols, access control systems, hardware and more. It's fully open-source and customizable, so you can extend it in whatever way you like. Check out more firmware options [**here**](https://flipper-xtre.me/asset-packs/)
|
|||
|
|
|
|||
|
|
- [**Hak5.org**](https://shop.hak5.org/) - Sells many hacking for wifi pentesting, hotplug attacks, implants, remote access field kits and more. [**Breakdown of multiple tools**](https://www.youtube.com/watch?v=6F7EHO4niCw)
|
|||
|
|
|
|||
|
|
- [**LAN Turtle**](https://lanturtle.com/) – Covert “USB Ethernet Adapter” that provides remote access, network intelligence gathering, and MITM capabilities when installed in a local network.
|
|||
|
|
|
|||
|
|
- [**Poisontap**](https://samy.pl/poisontap/) – Siphons cookies, exposes internal (LAN-side) router and installs web backdoor on locked computers.
|
|||
|
|
|
|||
|
|
- [**USB Rubber Ducky**](http://usbrubberducky.com/) – Customizable keystroke injection attack platform masquerading as a USB thumbdrive.
|
|||
|
|
|
|||
|
|
- [**WiFi Pineapple**](https://www.wifipineapple.com/) – Wireless auditing and penetration testing platform.
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## Penetration Testing Resources
|
|||
|
|
|
|||
|
|
### Pentest Tools
|
|||
|
|
|
|||
|
|
- [**Metasploit Unleashed**](https://www.offsec.com/metasploit-unleashed/) - Free Offensive Security Metasploit course.
|
|||
|
|
|
|||
|
|
- [**MITRE’s Adversarial Tactics, Techniques & Common Knowledge (ATT&CK)**](https://attack.mitre.org/) – Curated knowledge base and model for cyber adversary behavior.
|
|||
|
|
|
|||
|
|
- [**Open Source Security Testing Methodology Manual (OSSTMM)**](http://www.isecom.org/mirror/OSSTMM.3.pdf) – Framework for providing test cases that result in verified facts on which to base decisions that impact an organization’s security.
|
|||
|
|
|
|||
|
|
- [**Open Web Application Security Project (OWASP)**](https://www.owasp.org/index.php/Main_Page) – Worldwide not-for-profit charitable organization focused on improving the security of especially Web-based and Application-layer software.
|
|||
|
|
|
|||
|
|
- [**Penetration Testing Execution Standard (PTES)**](http://www.pentest-standard.org/) – Documentation designed to provide a common language and scope for performing and reporting the results of a penetration test.
|
|||
|
|
|
|||
|
|
- [**Penetration Testing Framework (PTF)**](http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html) – Outline for performing penetration tests compiled as a general framework usable by vulnerability analysts and penetration testers alike.
|
|||
|
|
|
|||
|
|
- [**PENTEST-WIKI**](https://github.com/nixawk/pentest-wiki) – Free online security knowledge library for pentesters and researchers.
|
|||
|
|
|
|||
|
|
- [**Security related Operating Systems @ Rawsec**](https://github.com/tyki6/rawsec_cli) – Penetration testing tools & Hacking Tools list Related Complete list of security operating systems.
|
|||
|
|
|
|||
|
|
- [**Shellcode Examples**](http://shell-storm.org/shellcode/) – Shellcodes database.
|
|||
|
|
|
|||
|
|
- [**Shellcode Tutorial**](http://www.vividmachines.com/shellcode/shellcode.html) – Tutorial on how to write shellcode.
|
|||
|
|
|
|||
|
|
- [**XSS-Payloads**](http://www.xss-payloads.com/) – Ultimate resource for all things cross-site including payloads, tools, games and documentation.
|
|||
|
|
|
|||
|
|
### **Penetration Testing Distributions**
|
|||
|
|
|
|||
|
|
- [**ArchStrike**](https://archstrike.org/) – Arch GNU/Linux repository for security professionals and enthusiasts.
|
|||
|
|
|
|||
|
|
- [**AttifyOS**](https://github.com/adi0x90/attifyos) – GNU/Linux distribution focused on tools useful during Internet of Things (IoT) security assessments.
|
|||
|
|
|
|||
|
|
- [**BackBox**](https://backbox.org/) – Ubuntu-based distribution for penetration tests and security assessments.
|
|||
|
|
|
|||
|
|
- [**BlackArch**](https://www.blackarch.org/) – Arch GNU/Linux-based distribution with best Hacking Tools for penetration testers and security researchers.
|
|||
|
|
|
|||
|
|
- [**Fedora Security Lab**](https://labs.fedoraproject.org/en/security/) – Provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies.
|
|||
|
|
|
|||
|
|
- [**Kali**](https://www.kali.org/) – GNU/Linux distribution designed for digital forensics and penetration testing Hacking Tools.
|
|||
|
|
|
|||
|
|
- [**Network Security Toolkit (NST)**](http://networksecuritytoolkit.org/) – Fedora-based bootable live operating system designed to provide easy access to best-of-breed open source network security applications.
|
|||
|
|
|
|||
|
|
- [**Parrot**](https://www.parrotsec.org/) – Distribution similar to Kali, with multiple architectures with 100 of Hacking Tools.
|
|||
|
|
|
|||
|
|
- [**Pentoo**](http://www.pentoo.ch/) – Security-focused live CD based on Gentoo.
|
|||
|
|
|
|||
|
|
- [**The Pentesters Framework**](https://github.com/trustedsec/ptf) – Distro organized around the Penetration Testing Execution Standard (PTES), providing a curated collection of utilities that eliminates often unused toolchains.
|
|||
|
|
|
|||
|
|
### **Docker for Penetration Testing**
|
|||
|
|
|
|||
|
|
- docker pull kalilinux/kali-linux-docker
|
|||
|
|
- docker pull owasp/zap2docker-stable
|
|||
|
|
- docker pull wpscanteam/wpscan
|
|||
|
|
- docker pull citizenstig/dvwa
|
|||
|
|
- docker pull wpscanteam/vulnerablewordpress
|
|||
|
|
- docker pull hmlio/vaas-cve-2014-6271
|
|||
|
|
- docker pull hmlio/vaas-cve-2014-0160
|
|||
|
|
- docker pull opendns/security-ninjas
|
|||
|
|
- docker pull diogomonica/docker-bench-security
|
|||
|
|
- docker pull ismisepaul/securityshepherd
|
|||
|
|
- docker pull danmx/docker-owasp-webgoat
|
|||
|
|
- docker-compose build && docker-compose up
|
|||
|
|
- docker pull citizenstig/nowasp
|
|||
|
|
- docker pull bkimminich/juice-shop
|
|||
|
|
- docker pull phocean/msf
|
|||
|
|
|
|||
|
|
### **Penetration Testing Report Templates**
|
|||
|
|
|
|||
|
|
- [**Pentesting Report Template**](http://lucideus.com/pdf/stw.pdf) – lucideus.com template.
|
|||
|
|
|
|||
|
|
- [**Pentesting Report Template**](https://www.pcisecuritystandards.org/documents/Penetration_Testing_Guidance_March_2015.pdf) – pcisecuritystandards.org template.
|
|||
|
|
|
|||
|
|
- [**Public Pentesting Reports**](https://github.com/juliocesarfort/public-pentesting-reports) – Curated list of public penetration test reports released by several consulting firms and academic security groups.
|
|||
|
|
|
|||
|
|
### Ransomware Recovery
|
|||
|
|
|
|||
|
|
- [**Nomoreransom**](https://www.nomoreransom.org/en/index.html) - Help detect what kind of ransomware encryption you’re affected by and free tools to unlock it, in many but not all cases.
|
|||
|
|
|
|||
|
|
### **Reverse Engineering Tools**
|
|||
|
|
|
|||
|
|
- [**Binwalk**](https://github.com/devttys0/binwalk) – Fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.
|
|||
|
|
|
|||
|
|
- [**Capstone**](http://www.capstone-engine.org/) – Lightweight multi-platform, multi-architecture disassembly framework.
|
|||
|
|
|
|||
|
|
- [**dnSpy**](https://github.com/0xd4d/dnSpy) – One of the Hacking Tools to reverse engineer .NET assemblies.
|
|||
|
|
|
|||
|
|
- [**Evan’s Debugger**](http://www.codef00.com/projects#debugger) – OllyDbg-like debugger for GNU/Linux.
|
|||
|
|
|
|||
|
|
- [**Frida**](https://www.frida.re/) – Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
|
|||
|
|
|
|||
|
|
- [**Immunity Debugger**](http://debugger.immunityinc.com/) – Powerful way to write exploits and analyze malware.
|
|||
|
|
|
|||
|
|
- [**Interactive Disassembler (IDA Pro)**](https://www.hex-rays.com/products/ida/) – Proprietary multi-processor disassembler and debugger for Windows, GNU/Linux, or macOS; also has a free version, [IDA Free](https://www.hex-rays.com/products/ida/support/download_freeware.shtml).
|
|||
|
|
|
|||
|
|
- [**Medusa**](https://github.com/wisk/medusa) – Open source, cross-platform interactive disassembler.
|
|||
|
|
|
|||
|
|
- [**OllyDbg**](http://www.ollydbg.de/) – x86 debugger for Windows binaries that emphasizes binary code analysis.
|
|||
|
|
|
|||
|
|
- [**Peda**](https://github.com/longld/peda) – Python Exploit Development Assistance for GDB.
|
|||
|
|
|
|||
|
|
- [**Plasma**](https://github.com/joelpx/plasma) – Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
|
|||
|
|
|
|||
|
|
- [**PyREBox**](https://github.com/Cisco-Talos/pyrebox) – Python scriptable Reverse Engineering sandbox by Cisco-Talos.
|
|||
|
|
|
|||
|
|
- [**Radare2**](http://rada.re/r/index.html) – Open source, crossplatform reverse engineering framework.
|
|||
|
|
|
|||
|
|
- [**rVMI**](https://github.com/fireeye/rVMI) – Debugger on steroids; inspect userspace processes, kernel drivers, and preboot environments in a single tool.
|
|||
|
|
|
|||
|
|
- [**Voltron**](https://github.com/snare/voltron) – Extensible debugger UI toolkit written in Python.
|
|||
|
|
|
|||
|
|
- [**WDK/WinDbg**](https://msdn.microsoft.com/en-us/windows/hardware/hh852365.aspx) – Windows Driver Kit and WinDbg.
|
|||
|
|
|
|||
|
|
- [**x64dbg**](http://x64dbg.com/) – Open source x64/x32 debugger for windows.
|
|||
|
|
|
|||
|
|
### Security Courses
|
|||
|
|
|
|||
|
|
- [**ARIZONA CYBER WARFARE RANGE**](http://azcwr.org/) – 24×7 live fire exercises for beginners through real world operations; capability for upward progression into the real world of cyber warfare.
|
|||
|
|
|
|||
|
|
- [**Computer Security Student**](http://computersecuritystudent.com/) – Many free tutorials, great for beginners, \$10/mo membership unlocks all content.
|
|||
|
|
|
|||
|
|
- [**CTF Field Guide**](https://trailofbits.github.io/ctf/) – Everything you need to win your next CTF competition.
|
|||
|
|
|
|||
|
|
- [**Cybrary**](http://cybrary.it/) – Free courses in ethical hacking and advanced penetration testing. Advanced penetration testing courses are based on the book ‘Penetration Testing for Highly-Secured Environments’.
|
|||
|
|
|
|||
|
|
- [**European Union Agency for Network and Information Security**](https://www.enisa.europa.eu/topics/trainings-for-cybersecurity-specialists/online-training-material) – ENISA Cyber Security Training material.
|
|||
|
|
|
|||
|
|
- [**Offensive Security Training**](https://www.offensive-security.com/information-security-training/) – Training from BackTrack/Kali developers.
|
|||
|
|
|
|||
|
|
- [**Open Security Training**](http://opensecuritytraining.info/) – Training material for computer security classes.
|
|||
|
|
|
|||
|
|
- [**SANS Security Training**](http://www.sans.org/) – Computer Security Training & Certification.
|
|||
|
|
|
|||
|
|
### **Side-channel Tools**
|
|||
|
|
|
|||
|
|
- [**ChipWhisperer**](http://chipwhisperer.com/) – Complete open-source toolchain for side-channel power analysis and glitching attacks.
|
|||
|
|
|
|||
|
|
### **Social Engineering**
|
|||
|
|
|
|||
|
|
- [**Beelogger**](https://github.com/4w4k3/BeeLogger) – Tool for generating keylooger.
|
|||
|
|
|
|||
|
|
- [**Catphish**](https://github.com/ring0lab/catphish) – Tool for phishing and corporate espionage written in Ruby.
|
|||
|
|
|
|||
|
|
- [**Evilginx**](https://github.com/kgretzky/evilginx) – MITM attack framework used for phishing credentials and session cookies from any Web service.
|
|||
|
|
|
|||
|
|
- [**King Phisher**](https://github.com/securestate/king-phisher) – One of the Hacking Tools for Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content.
|
|||
|
|
|
|||
|
|
- [**Social Engineer Toolkit (SET)**](https://github.com/trustedsec/social-engineer-toolkit) – Open source pentesting framework designed for social engineering featuring a number of custom attack vectors to make believable attacks quickly.
|
|||
|
|
|
|||
|
|
- [**Social Engineering Framework**](http://www.social-engineer.org/framework/general-discussion/) – Information resource for social engineers.
|
|||
|
|
|
|||
|
|
- [**wifiphisher**](https://github.com/sophron/wifiphisher) – Automated phishing attacks against WiFi networks.
|
|||
|
|
|
|||
|
|
### **Static Analyzers**
|
|||
|
|
|
|||
|
|
- [**Bandit**](https://pypi.python.org/pypi/bandit/) – Security oriented static analyser for python code.
|
|||
|
|
|
|||
|
|
- [**Brakeman**](https://github.com/presidentbeef/brakeman) – Static analysis security vulnerability scanner for Ruby on Rails applications.
|
|||
|
|
|
|||
|
|
- [**Cppcheck**](http://cppcheck.sourceforge.net/) – Extensible C/C++ static analyzer focused on finding bugs.
|
|||
|
|
|
|||
|
|
- [**FindBugs**](http://findbugs.sourceforge.net/) – Free software static analyzer to look for bugs in Java code.
|
|||
|
|
|
|||
|
|
- [**Sobelow**](https://github.com/nccgroup/sobelow) – Security-focused static analysis for the Phoenix Framework.
|
|||
|
|
|
|||
|
|
### **Transport Layer Security Tools**
|
|||
|
|
|
|||
|
|
- [**SSLyze**](https://github.com/nabla-c0d3/sslyze) – Fast and comprehensive TLS/SSL configuration analyzer to help identify security mis-configurations.
|
|||
|
|
|
|||
|
|
- [**TLS Prober**](https://github.com/WestpointLtd/tls_prober) – Fingerprint a server’s SSL/TLS implementation.
|
|||
|
|
|
|||
|
|
- [**Testssl.sh**](https://github.com/drwetter/testssl.sh) – Command line tool which checks a server’s service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws.
|
|||
|
|
|
|||
|
|
### **Tools, Lists, Tutorials etc.**
|
|||
|
|
|
|||
|
|
- [**AD Exploit guides**](https://scribe.froth.zone/@kuwaitison/active-directory-lateral-movement-and-post-exploitation-cheat-sheet-3170982a7055) - Detailed guide on methods to exploit Active Directory.
|
|||
|
|
|
|||
|
|
- [**Android Security**](https://github.com/ashishb/android-security-awesome) – Collection of Android security-related resources.
|
|||
|
|
|
|||
|
|
- [**AppSec**](https://github.com/paragonie/awesome-appsec) – Resources for learning about application security.
|
|||
|
|
|
|||
|
|
- [**Awesome Awesomness**](https://github.com/bayandin/awesome-awesomeness) – The List of the Lists.
|
|||
|
|
|
|||
|
|
- [**C/C++ Programming**](https://github.com/fffaraz/awesome-cpp) – One of the main language for open source security tools.
|
|||
|
|
|
|||
|
|
- [**CTFs**](https://github.com/apsdehal/awesome-ctf) – Capture The Flag frameworks, libraries, etc.
|
|||
|
|
|
|||
|
|
- [**Exploit Writing Tutorials**](https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/) – Tutorials on how to develop exploits.
|
|||
|
|
|
|||
|
|
- [**Forensics**](https://github.com/Cugu/awesome-forensics) – Free (mostly open source) forensic analysis tools and resources.
|
|||
|
|
|
|||
|
|
- [**GB Hackers Tools List**](https://gbhackers.com/hacking-tools-list/) - Massive list of Tools.
|
|||
|
|
|
|||
|
|
- [**Hackerone Tools List**](https://www.hackerone.com/ethical-hacker/100-hacking-tools-and-resources) - Massive list of Tools.
|
|||
|
|
|
|||
|
|
- [**Hacking**](https://github.com/carpedm20/awesome-hacking) – Tutorials, tools, and resources.
|
|||
|
|
|
|||
|
|
- [**Honeypots**](https://github.com/paralax/awesome-honeypots) – Honeypots, tools, components, and more.
|
|||
|
|
|
|||
|
|
- [**InfoSec § Hacking challenges**](https://github.com/AnarchoTechNYC/meta/wiki/InfoSec#hacking-challenges) – Comprehensive directory of CTFs, wargames, hacking challenge websites, Penetration testing tools list practice lab exercises, and more.
|
|||
|
|
|
|||
|
|
- [**Infosec**](https://github.com/onlurking/awesome-infosec) – Information security resources for pentesting, forensics, and more.
|
|||
|
|
|
|||
|
|
- [**JavaScript Programming**](https://github.com/sorrycc/awesome-javascript) – In-browser development and scripting.
|
|||
|
|
|
|||
|
|
- [**Kali Linux Tools**](https://gbhackers.com/kalitutorials/) – List of Hacking tools present in Kali Linux.
|
|||
|
|
|
|||
|
|
- [**Malware Analysis**](https://gbhackers.com/malware-analysis-cheat-sheet-and-tools-list/) – Tools and resources for analysts.
|
|||
|
|
|
|||
|
|
- [**Node.js Programming**](https://github.com/sindresorhus/awesome-nodejs) – Curated list of delightful Node.js packages and resources.
|
|||
|
|
|
|||
|
|
- [**PCAP Tools**](https://github.com/caesar0301/awesome-pcaptools) – Tools for processing network traffic.
|
|||
|
|
|
|||
|
|
- [**Penetration Testing Cheat Sheets**](https://github.com/coreb1t/awesome-pentest-cheat-sheets) – Awesome Pentest Cheat Sheets.
|
|||
|
|
|
|||
|
|
- [**Pivoting and Tunneling Guide**](https://scribe.rip/@kuwaitison/pivoting-and-tunneling-for-oscp-and-beyond-cheat-sheet-3435d1d6022) - Detailed guide on methods to exploit.
|
|||
|
|
|
|||
|
|
- [**Python Programming 1**](https://github.com/svaksha/pythonidae) – General Python programming.
|
|||
|
|
|
|||
|
|
- [**Python Programming 2**](https://github.com/vinta/awesome-python) – General Python programming.
|
|||
|
|
|
|||
|
|
- [**Python tools for penetration testers**](https://github.com/dloss/python-pentest-tools) – Lots of pentesting tools are written in Python.
|
|||
|
|
|
|||
|
|
- [**Ruby Programming 1**](https://github.com/dreikanter/ruby-bookmarks) – The de-facto language for writing exploits.
|
|||
|
|
|
|||
|
|
- [**Ruby Programming 2**](https://github.com/markets/awesome-ruby) – The de-facto
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
### **Virtual Machines Labs**
|
|||
|
|
|
|||
|
|
- [**CFTtime**](https://ctftime.org) - Free capture the flag hacking games.
|
|||
|
|
|
|||
|
|
- [**MindMaps**](http://www.amanhardikar.com/mindmaps/Practice.html) - Massive list of smaller sites that provide individual hacking challenges.
|
|||
|
|
|
|||
|
|
- [**Pentesterlab**](https://www.pentesterlab.com) - Free and paid Pentesting training with labs.
|
|||
|
|
|
|||
|
|
- [**Sadcloud**](https://github.com/nccgroup/sadcloud) - Sadcloud is a tool for spinning up insecure AWS infrastructure with Terraform.
|
|||
|
|
|
|||
|
|
- [**Vulnerability Hub**](https://www.vulnhub.com/) - Free Virtual machines to hack, provided by the community.
|
|||
|
|
|
|||
|
|
- [**Vulnmachines**](https://vulnmachines.com) - A place to learn and improve penetration testing/ethical hacking skills for FREE. The labs consist of 100+ real world scenarios to practice the latest exploits and cutting edge hacking techniques.
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
### **Vulnerability Databases**
|
|||
|
|
|
|||
|
|
- [**Bugtraq (BID)**](http://www.securityfocus.com/bid/) – Software security bug identification database compiled from submissions to the SecurityFocus mailing list and other sources, operated by Symantec, Inc.
|
|||
|
|
|
|||
|
|
- [**Common Vulnerabilities and Exposures (CVE)**](https://cve.mitre.org/) – Dictionary of common names (i.e., CVE Identifiers) for publicly known security vulnerabilities.
|
|||
|
|
|
|||
|
|
- [**CXSecurity**](https://cxsecurity.com/) – Archive of published CVE and Bugtraq software vulnerabilities cross-referenced with a Google dork database for discovering the listed vulnerability.
|
|||
|
|
|
|||
|
|
- [**Exploit-DB**](https://www.exploit-db.com/) – Non-profit project hosting exploits for software vulnerabilities, provided as a public service by Offensive Security.
|
|||
|
|
|
|||
|
|
- [**Full-Disclosure**](http://seclists.org/fulldisclosure/) – Public, vendor-neutral forum for detailed discussion of vulnerabilities, often publishes details before many other sources.
|
|||
|
|
|
|||
|
|
- [**Inj3ct0r**](https://www.0day.today/) ([Onion service](http://mvfjfugdwgc5uwho.onion/)) – Exploit marketplace and vulnerability information aggregator.
|
|||
|
|
|
|||
|
|
- [**Microsoft Security Advisories**](https://technet.microsoft.com/en-us/security/advisories#APUMA) – Archive of security advisories impacting Microsoft software.
|
|||
|
|
|
|||
|
|
- [**Microsoft Security Bulletins**](https://technet.microsoft.com/en-us/security/bulletins#sec_search) – Announcements of security issues discovered in Microsoft software, published by the Microsoft Security Response Center (MSRC).
|
|||
|
|
|
|||
|
|
- [**Mozilla Foundation Security Advisories**](https://www.mozilla.org/security/advisories/) – Archive of security advisories impacting Mozilla software, including the Firefox Web Browser.
|
|||
|
|
|
|||
|
|
- [**National Vulnerability Database (NVD)**](https://nvd.nist.gov/) – United States government’s National Vulnerability Database provides additional meta-data (CPE, CVSS scoring) of the standard CVE List along with a fine-grained search engine.
|
|||
|
|
|
|||
|
|
- [**Packet Storm**](https://packetstormsecurity.com/files/) – Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry.
|
|||
|
|
|
|||
|
|
- [**SecuriTeam**](http://www.securiteam.com/) – Independent source of software vulnerability information.
|
|||
|
|
|
|||
|
|
- [**US-CERT Vulnerability Notes Database**](https://www.kb.cert.org/vuls/) – Summaries, technical details, remediation information, and lists of vendors affected by software vulnerabilities, aggregated by the United States Computer Emergency Response Team (US-CERT).
|
|||
|
|
|
|||
|
|
- [**Vulnerability Lab**](https://www.vulnerability-lab.com/) – Open forum for security advisories organized by category of exploit target.
|
|||
|
|
|
|||
|
|
- [**Vulners**](https://vulners.com/) – Security database of software vulnerabilities.
|
|||
|
|
|
|||
|
|
- [**Zero Day Initiative**](http://zerodayinitiative.com/advisories/published/) – Bug bounty program with the publicly accessible archive of published security advisories, operated by TippingPoint.
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
### **Vulnerability Scanners**
|
|||
|
|
|
|||
|
|
- [**Nexpose**](https://www.rapid7.com/products/nexpose/) – Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7.
|
|||
|
|
|
|||
|
|
- [**Nessus**](https://www.tenable.com/products/nessus-vulnerability-scanner) – Commercial vulnerability management, configuration, and compliance assessment platform, sold by Tenable. Free for under 25 devices.
|
|||
|
|
|
|||
|
|
- [**OpenVAS**](http://www.openvas.org/) – Free open source software implementation of the popular Nessus vulnerability assessment system.
|
|||
|
|
|
|||
|
|
- [**Vuls**](https://github.com/future-architect/vuls) – Agentless vulnerability scanner for GNU/Linux and FreeBSD, written in Go.
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
### **Web Exploitation**
|
|||
|
|
|
|||
|
|
- [**Autochrome**](https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/march/autochrome/) – Easy to install a test browser with all the appropriate setting needed for web application testing with native Burp support, from NCCGroup.
|
|||
|
|
|
|||
|
|
- [**BlindElephant**](http://blindelephant.sourceforge.net/) – Web application fingerprinter.
|
|||
|
|
|
|||
|
|
- [**Browser Exploitation Framework (BeEF)**](https://github.com/beefproject/beef) – Command and control server for delivering exploits to commandeered Web browsers.
|
|||
|
|
|
|||
|
|
- [**Burp Suite**](https://portswigger.net/burp/) – One of the Hacking Tools integrated platform for performing security testing of web applications.
|
|||
|
|
|
|||
|
|
- [**Commix**](https://github.com/commixproject/commix) – Automated all-in-one operating system command injection and exploitation tool.
|
|||
|
|
|
|||
|
|
- [**DVCS Ripper**](https://github.com/kost/dvcs-ripper) – Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR.
|
|||
|
|
|
|||
|
|
- [**EyeWitness**](https://github.com/ChrisTruncer/EyeWitness) – Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible.
|
|||
|
|
|
|||
|
|
- [**Fiddler**](https://www.telerik.com/fiddler) – Free cross-platform web debugging proxy with user-friendly companion tools.
|
|||
|
|
|
|||
|
|
- [**Fimap**](https://github.com/kurobeats/fimap) – Find, prepare, audit, exploit and even Google automatically for LFI/RFI bugs.
|
|||
|
|
|
|||
|
|
- [**FuzzDB**](https://github.com/fuzzdb-project/fuzzdb) – Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
|
|||
|
|
|
|||
|
|
- [**GitTools**](https://github.com/internetwache/GitTools) – One of the Hacking Tools that Automatically find and download Web accessible .git repositories.
|
|||
|
|
|
|||
|
|
- [**Kadabra**](https://github.com/D35m0nd142/Kadabra) – Automatic LFI exploiter and scanner.
|
|||
|
|
|
|||
|
|
- [**Kadimus**](https://github.com/P0cL4bs/Kadimus) – LFI scan and exploit tool.
|
|||
|
|
|
|||
|
|
- [**Liffy**](https://github.com/hvqzao/liffy) – LFI exploitation tool.
|
|||
|
|
|
|||
|
|
- [**NoSQLmap**](http://nosqlmap.net/) – Automatic NoSQL injection and database takeover tool.
|
|||
|
|
|
|||
|
|
- [**Offensive Web Testing Framework (OWTF)**](https://www.owasp.org/index.php/OWASP_OWTF) – Python-based framework for pentesting Web applications based on the OWASP Testing Guide.
|
|||
|
|
|
|||
|
|
- [**Sslstrip**](https://www.thoughtcrime.org/software/sslstrip/) – One of the Hacking Tools Demonstration of the HTTPS stripping attacks.
|
|||
|
|
|
|||
|
|
- [**Sslstrip2**](https://github.com/LeonardoNve/sslstrip2) – SSLStrip version to defeat HSTS.
|
|||
|
|
|
|||
|
|
- [**sqlmap**](http://sqlmap.org/) – Automatic SQL injection and database takeover tool.
|
|||
|
|
|
|||
|
|
- [**Tplmap**](https://github.com/epinna/tplmap) – Automatic server-side template injection and Web server takeover Hacking Tools.
|
|||
|
|
|
|||
|
|
- [**VHostScan**](https://github.com/codingo/VHostScan) – A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
|
|||
|
|
|
|||
|
|
- [**Weevely3**](https://github.com/epinna/weevely3) – Weaponized web shell.
|
|||
|
|
|
|||
|
|
- [**Webscreenshot**](https://github.com/maaaaz/webscreenshot) – A simple script to take screenshots of list of websites.
|
|||
|
|
|
|||
|
|
- [**WhatWeb**](https://github.com/urbanadventurer/WhatWeb) – Website fingerprinter.
|
|||
|
|
|
|||
|
|
- [**Wappalyzer**](https://www.wappalyzer.com/) – Wappalyzer uncovers the technologies used on websites.
|
|||
|
|
|
|||
|
|
- [**wafw00f**](https://github.com/EnableSecurity/wafw00f) – Identifies and fingerprints Web Application Firewall (WAF) products.
|
|||
|
|
|
|||
|
|
- [**WordPress Exploit Framework**](https://github.com/rastating/wordpress-exploit-framework) – Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
|
|||
|
|
|
|||
|
|
- [**WPSploit**](https://github.com/espreto/wpsploit) – Exploit WordPress-powered websites with Metasploit.
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
### **Web Scanners**
|
|||
|
|
|
|||
|
|
- [**Arachni**](http://www.arachni-scanner.com/) – Scriptable framework for evaluating the security of web applications.
|
|||
|
|
|
|||
|
|
- [**Cms-explorer**](https://code.google.com/archive/p/cms-explorer/) – Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running.
|
|||
|
|
|
|||
|
|
- [**Nikto**](https://cirt.net/nikto2) – Noisy but fast black box web server and web application vulnerability scanner.
|
|||
|
|
|
|||
|
|
- [**SecApps**](https://secapps.com/) – In-browser web application security testing suite.
|
|||
|
|
|
|||
|
|
- [**WebReaver**](https://www.webreaver.com/) – Commercial, graphical web application vulnerability scanner designed for macOS.
|
|||
|
|
|
|||
|
|
- [**w3af**](https://github.com/andresriancho/w3af) – Hacking Tools for Web application attack and audit framework.
|
|||
|
|
|
|||
|
|
- [**WPScan**](https://wpscan.org/) – Hacking Tools of Black box WordPress vulnerability scanner.
|
|||
|
|
|
|||
|
|
- [**Wapiti**](http://wapiti.sourceforge.net/) – Black box web application vulnerability scanner with built-in fuzzer.
|
|||
|
|
|
|||
|
|
- [**Joomscan**](https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project) – One of the best Hacking Tools for Joomla vulnerability scanner.
|
|||
|
|
|
|||
|
|
- [**ACSTIS**](https://github.com/tijme/angularjs-csti-scanner) – Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
### **Windows Utilities**
|
|||
|
|
|
|||
|
|
- [**Bloodhound**](https://github.com/adaptivethreat/Bloodhound/wiki) – Graphical Active Directory trust relationship explorer.
|
|||
|
|
|
|||
|
|
- [**DeathStar**](https://github.com/byt3bl33d3r/DeathStar) – Python script that uses Empire’s RESTful API to automate gaining Domain Admin rights in Active Directory environments.
|
|||
|
|
|
|||
|
|
- [**Empire**](https://www.powershellempire.com/) – Pure PowerShell post-exploitation agent.
|
|||
|
|
|
|||
|
|
- [**Fibratus**](https://github.com/rabbitstack/fibratus) – Tool for exploration and tracing of the Windows kernel.
|
|||
|
|
|
|||
|
|
- [**Magic Unicorn**](https://github.com/trustedsec/unicorn) – Shellcode generator for numerous attack vectors, including Microsoft Office macros, PowerShell, HTML applications (HTA), or certutil (using fake certificates).
|
|||
|
|
|
|||
|
|
- [**Mimikatz**](http://blog.gentilkiwi.com/mimikatz) – Credentials extraction tool for Windows operating system.
|
|||
|
|
|
|||
|
|
- [**PowerSploit**](https://github.com/PowerShellMafia/PowerSploit) – PowerShell Post-Exploitation Framework.
|
|||
|
|
|
|||
|
|
- [**redsnarf**](https://github.com/nccgroup/redsnarf) – Post-exploitation tool for retrieving password hashes and credentials from Windows workstations, servers, and domain controllers.
|
|||
|
|
|
|||
|
|
- [**Responder**](https://github.com/SpiderLabs/Responder) – LLMNR, NBT-NS and MDNS poisoner.
|
|||
|
|
|
|||
|
|
- [**Sysinternals Suite**](https://technet.microsoft.com/en-us/sysinternals/bb842062) – The Sysinternals Troubleshooting Utilities.
|
|||
|
|
|
|||
|
|
- [**wePWNise**](https://labs.mwrinfosecurity.com/tools/wepwnise/) – Generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software.
|
|||
|
|
|
|||
|
|
- [**Windows Credentials Editor**](http://www.ampliasecurity.com/research/windows-credentials-editor/) – Inspect logon sessions and add, change, list, and delete associated credentials, including Kerberos tickets.
|
|||
|
|
|
|||
|
|
- [**Windows Exploit Suggester**](https://github.com/GDSSecurity/Windows-Exploit-Suggester) – Detects potential missing patches on the target.
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
### **Wireless Network Hacking**
|
|||
|
|
|
|||
|
|
- [**Aircrack-ng**](http://www.aircrack-ng.org/) – Set of Penetration testing & Hacking Tools list for auditing wireless networks.
|
|||
|
|
|
|||
|
|
- [**Fluxion**](https://github.com/FluxionNetwork/fluxion) – Suite of automated social engineering based WPA attacks.
|
|||
|
|
|
|||
|
|
- [**Kismet**](https://kismetwireless.net/) – Wireless network detector, sniffer, and IDS.
|
|||
|
|
|
|||
|
|
- [**Reaver**](https://code.google.com/archive/p/reaver-wps) – Brute force attack against WiFi Protected Setup.
|
|||
|
|
|
|||
|
|
- [**Wifite**](https://github.com/derv82/wifite) – Automated wireless attack tool.
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
|