*"The truth is revealed by removing things that stand in its light, an art not unlike sculpture, in which the artist creates, not by building, but by hacking away." - Alan Watts*
Welcome to the Hacking section of Liberty tools! Hacking should be used to increase your knowledge and harden your defenses. Please use these tools responsibly.
---
### **Anonymity**
- [**BinGoo**](https://github.com/Hood3dRob1n/BinGoo) - GNU/Linux bash based Bing and Google Dorking Tool.
- [**Censys**](https://www.censys.io/) - Collects data on hosts and websites through daily ZMap and ZGrab scans.
- [**dork-cli**](https://github.com/jgor/dork-cli) - Command line Google dork tool.
- [**Fast-recon**](https://github.com/DanMcInerney/fast-recon) - Perform Google dorks against a domain.
- [**GooDork**](https://github.com/k3170makan/GooDork) - Command line Google dorking tool.
- [**Google Hacking Database**](https://www.exploit-db.com/google-hacking-database) - Database of Google dorks; can be used for recon.
- [**Google-dorks**](https://github.com/JohnTroony/Google-dorks) - Common Google dorks and others you probably don’t know.
- [**I2P**](https://geti2p.net/) - The Invisible Internet Project.
- [**Maltego**](http://www.paterva.com/web7/) - One of the Hacking Tools and Proprietary software for open source intelligence and forensics, from Paterva.
- [**Nipe**](https://github.com/GouveaHeitor/nipe) - Script to redirect all traffic from the machine to the Tor network.
- [**OnionScan**](https://onionscan.org/) - One of the Hacking Tools for investigating the Dark Web by finding operational security issues introduced by Tor hidden service operators.
- [**recon-ng**](https://github.com/lanmaster53/recon-ng) - One of the Hacking Tools Full-featured Web Reconnaissance framework written in Python.
- [**snitch**](https://github.com/Smaash/snitch) - Information gathering via dorks.
- [**Spiderfoot**](http://www.spiderfoot.net/) - Multi-source OSINT automation tool with a Web UI and report visualizations.
- [**theHarvester**](https://github.com/laramies/theHarvester) - E-mail, subdomain and people names harvester.
- [**Tor**](https://www.torproject.org/) - Free software and onion routed overlay network that helps you defend against traffic analysis.
- [**Virus Total**](https://www.virustotal.com/) - VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.
- [**What Every Browser Knows About You**](http://webkay.robinlinus.com/) - Comprehensive detection page to test your own Web browser’s configuration for privacy and identity leaks.
- [**ZoomEye**](https://www.zoomeye.org/) - Search engine for cyberspace that lets the user find specific network components.
---
### Bug Bounty Platforms
- [**Bugcrowd List**](https://www.bugcrowd.com/bug-bounty-list/) - List of many companies that provide bug bounties.
---
### **CTF(Capture the flag)**
- [**Ctf-tools**](https://github.com/zardus/ctf-tools) - Collection of setup scripts to install various security research tools easily and quickly deployable to new machines.
- [**Pwntools**](https://github.com/Gallopsled/pwntools) - Rapid exploit development framework built for use in CTFs.
- [**RsaCtfTool**](https://github.com/sourcekris/RsaCtfTool) - Decrypt data enciphered using weak RSA keys, and recover private keys from public keys using a variety of automated attacks.
---
### **DDoS**
- [**HOIC**](https://sourceforge.net/projects/high-orbit-ion-cannon/) - Updated version of Low Orbit Ion Cannon, has ‘boosters’ to get around common counter measures.
- [**JS LOIC**](http://metacortexsecurity.com/tools/anon/LOIC/LOICv1.html) - JavaScript in-browser version of LOIC.
- [**LOIC**](https://github.com/NewEraCracker/LOIC/) - Open source network stress tool for Windows.
- [**SlowLoris**](https://github.com/gkbrk/slowloris) - DoS tool that uses low bandwidth on the attacking side.
- [**UFONet**](https://github.com/epsylon/ufonet) - Abuses OSI layer 7 HTTP to create/manage ‘zombies’ and to conduct different attacks using; GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.
---
### **Defense Evasion**
- [**AntiVirus Evasion Tool (AVET)**](https://github.com/govolution/avet) - Post-process exploits containing executable files targeted for Windows machines to avoid being recognized by antivirus software.
- [**PeCloak.py**](https://www.securitysift.com/pecloak-py-an-experiment-in-av-evasion/) - Automates the process of hiding a malicious Windows executable from antivirus (AV) detection.
- [**PeCloakCapstone**](https://github.com/v-p-b/peCloakCapstone) - Multi-platform fork of the peCloak.py automated malware antivirus evasion tool.
- [**UniByAv**](https://github.com/Exploit-install/UniByAv) - Simple obfuscator that takes raw shellcode and generates Anti-Virus friendly executables by using a brute-forcable, 32-bit XOR key.
- [**Veil**](https://github.com/Veil-Framework/Veil) - Generate metasploit payloads that bypass common anti-virus solutions.
- [**SpoofBox**](https://www.spoofbox.com) - Offers email, SMS, Phone spoofing and lots of other tools. Not a free service. Can also be used to look up phone numbers.
---
### **Exploit Development**
- [**Exploit Writing Tutorials**](https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/) - Tutorials on how to develop exploits.
- [**Shellcode Tutorial**](http://www.vividmachines.com/shellcode/shellcode.html) - Tutorial on how to write shellcode.
---
### **File Format Analysis**
- [**Hachoir**](http://hachoir3.readthedocs.io/) - Python library to view and edit a binary stream as tree of fields and tools for metadata extraction.
- [**Kaitai Struct**](http://kaitai.io/) - File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby.
- [**Veles**](https://codisec.com/veles/) - Binary data visualization and analysis tool.
---
### Forensics
- [**Autopsy**](https://www.autopsy.com/) - Full suite of open source forensics tools.
- [**CAINE**](https://forensictools.dev/listing/caine/) - CAINE is Linux Live CD that contains a wealth of digital forensic tools. Features include a user-friendly GUI, semi-automated report creation and tools for Mobile Forensics, Network Forensics, Data Recovery and more.
- [**FTK Imager**](https://www.exterro.com/ftk-imager) - Open Source Disk imaging tool.
- [**Paladin Forensic Suite**](https://sumuri.com/product-category/brands/paladin/) - Live Ubuntu distro with lots of tools. Open source with free and paid versions.
- [**SIFT Workstation**](https://www.sans.org/tools/sift-workstation/) - The SIFT Workstation is a collection of free and open-source incident response and forensic tools designed to perform detailed digital forensic examinations in a variety of settings, all built inside an Ubuntu VM.
- [**SMART**](https://smart-forensic.com/) - Open source sampling of many proprietary forensics tools.
---
### **GNU/Linux Utilities**
- [**Linux Exploit Suggester**](https://github.com/PenturaLabs/Linux_Exploit_Suggester) - Heuristic reporting on potentially viable exploits for a given GNU/Linux system.
---
### **Hacking Focused OSINT**
- [**AQUATONE**](https://github.com/michenriksen/aquatone) - Subdomain discovery tool utilizing various open sources producing a report that can be used as input to other tools.
- [**BinGoo**](https://github.com/Hood3dRob1n/BinGoo) - GNU/Linux bash based Bing and Google Dorking Tool.
- [**Censys**](https://www.censys.io/) - Collects data on hosts and websites through daily ZMap and ZGrab scans.
- [**DataSploit**](https://github.com/upgoingstar/datasploit) - OSINT visualizer utilizing Shodan, Censys, Clearbit, EmailHunter, FullContact, and Zoomeye behind the scenes.
- [**dork-cli**](https://github.com/jgor/dork-cli) - Command line Google dork tool.
- [**Fast-recon**](https://github.com/DanMcInerney/fast-recon) - Perform Google dorks against a domain.
- [**GooDork**](https://github.com/k3170makan/GooDork) - Command line Google dorking tool.
- [**Google Hacking Database**](https://www.exploit-db.com/google-hacking-database) - Database of Google dorks; can be used for recon.
- [**Google-dorks**](https://github.com/JohnTroony/Google-dorks) - Common Google dorks and others you probably don’t know.
- [**github-dorks**](https://github.com/techgaun/github-dorks) - CLI tool to scan Github repos/organizations for potential sensitive information leak.
- [**Intrigue**](http://intrigue.io/) - Automated OSINT & Attack Surface discovery framework with powerful API, UI and CLI.
- [**Maltego**](http://www.paterva.com/web7/) - One of the Hacking Tools and Proprietary software for open source intelligence and forensics, from Paterva.
- [**recon-ng**](https://github.com/lanmaster53/recon-ng) - One of the Hacking Tools Full-featured Web Reconnaissance framework written in Python.
- [**Shodan**](https://www.shodan.io/) - World’s first search engine for Internet-connected devices.
- [**snitch**](https://github.com/Smaash/snitch) - Information gathering via dorks.
- [**Sn1per**](https://github.com/1N3/Sn1per) - One of the Hacking Tools for Automated Pentest Recon Scanner.
- [**Spiderfoot**](http://www.spiderfoot.net/) - Multi-source OSINT automation tool with a Web UI and report visualizations.
- [**Threat Crowd**](http://ci-www.threatcrowd.org/) - Search engine for threats.
- [**theHarvester**](https://github.com/laramies/theHarvester) - E-mail, subdomain and people names harvester.
- [**vcsmap**](https://github.com/melvinsh/vcsmap) - Plugin-based tool to scan public version control systems for sensitive information.
- [**Virus Total**](https://www.virustotal.com/) - VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.
- [**What Every Browser Knows About You**](http://webkay.robinlinus.com/) - Comprehensive detection page to test your own Web browser’s configuration for privacy and identity leaks.
- [**ZoomEye**](https://www.zoomeye.org/) - Search engine for cyberspace that lets the user find specific network components.
---
### Hacking Conventions
- [**44Con**](https://44con.com/) - Annual Security Conference held in London.
- [**AppSecUSA**](https://globalappsec.org/) - Annual conference organized by OWASP.
- [**BalCCon**](https://www.balccon.org/) - Balkan Computer Congress, annually held in Novi Sad, Serbia.
- [**Black Hat**](http://www.blackhat.com/) - Annual security conference in Las Vegas.
- [**BruCON**](http://brucon.org/) - Annual security conference in Belgium.
- [**CarolinaCon**](http://www.carolinacon.org/) - Infosec conference, held annually in North Carolina.
- [**CCC**](https://events.ccc.de/congress/) - Annual meeting of the international hacker scene in Germany.
- [**CHCon**](https://2016.chcon.nz/) - Christchurch Hacker Con, Only South Island of New Zealand hacker con.
- [**DeepSec**](https://deepsec.net/) - Security Conference in Vienna, Austria.
- [**DefCamp**](http://def.camp/) - Largest Security Conference in Eastern Europe, held annually in Bucharest, Romania.
- [**DEF CON**](https://www.defcon.org/) - Annual hacker convention in Las Vegas. Known for having a left wing bias.
- [**Ekoparty**](http://www.ekoparty.org/) - Largest Security Conference in Latin America, held annually in Buenos Aires, Argentina.
- [**FSec**](http://fsec.foi.hr/) - FSec - Croatian Information Security Gathering in Varaždin, Croatia.
- [**Hack3rCon**](http://hack3rcon.org/) - Annual US hacker conference.
- [**Hack.lu**](https://2016.hack.lu/) - Annual conference held in Luxembourg.
- [**Hackfest**](https://hackfest.ca/) - Largest hacking conference in Canada.
- [**HITB**](https://conference.hitb.org/) - Deep-knowledge security conference held in Malaysia and The Netherlands.
- [**Hacking In The Box**](https://conference.hitb.org/) - Deep-knowledge security conference held in Malaysia and The Netherlands.
- [**Infosecurity Europe**](http://www.infosecurityeurope.com/) - Europe’s number one information security event, held in London, UK.
- [**LayerOne**](http://www.layerone.org/) - Annual US security conference held every spring in Los Angeles.
- [**Nullcon**](http://nullcon.net/website/) - Annual conference in Delhi and Goa, India.
- [**PhreakNIC**](http://phreaknic.info/) - Technology conference held annually in middle Tennessee.
- [**RSA Conference USA**](https://www.rsaconference.com/) - Annual security conference in San Francisco, California, USA.
- [**ShmooCon**](http://shmoocon.org/) - Annual US East coast hacker convention.
- [**SkyDogCon**](http://www.skydogcon.com/) - Technology conference in Nashville.
- [**SummerCon**](http://www.summercon.org/) - One of the oldest hacker conventions, held during Summer.
- [**0xED**](https://web.archive.org/web/20140106172311if_/http://www.suavetech.com:80/0xed/0xed.html) – Native macOS hex editor that supports plug-ins to display custom data types.
- [**Frhed**](http://frhed.sourceforge.net/) – Binary file editor for Windows.
- [**2600: The Hacker Quarterly**](https://www.2600.com/Magazine/DigitalEditions) – American publication about technology and computer “underground.”
- [**Phrack Magazine**](http://www.phrack.org/) – By far the longest running hacker zine.
- [**Unredacted Magazine**](https://unredactedmagazine.com/) - The official magazine from Michael Bazzell author of Extreme Privacy.
---
### **Lock Picking Resources**
- [**Awesome Lockpicking**](https://github.com/meitar/awesome-lockpicking) – Awesome guides, tools, and other resources about the security and compromise of locks, safes, and keys.
- [**Bosnianbill**](https://www.youtube.com/user/bosnianbill) – More lockpicking videos.
- [**Schuyler Towne channel**](https://www.youtube.com/user/SchuylerTowne/) – Lockpicking videos and security talks.
- [**/r/lockpicking**](https://www.reddit.com/r/lockpicking) – Resources for learning lockpicking, equipment recommendations.
---
### **macOS Utilities**
- [Bella](https://github.com/00xkhaled/Bella) – Pure Python post-exploitation data mining and remote administration tool for macOS.
---
### **Multi-paradigm Frameworks**
- [**Armitage**](https://github.com/blackhatethicalhacking/armitage) – Java-based GUI front-end for the Metasploit Framework.
- [**ExploitPack**](https://juansacco.gitbooks.io/exploitpack/content/) – Graphical tool for automating penetration tests that ships with many pre-packaged exploits.
- [**Faraday**](https://github.com/infobyte/faraday) – Multiuser integrated pentesting environment for red teams performing cooperative penetration tests, security audits, and risk assessments.
- [**Metasploit**](https://www.metasploit.com/) – Post exploitation Hacking Tools for offensive security teams to help verify vulnerabilities and manage security assessments.
- [**BetterCAP**](https://www.bettercap.org/) – Modular, portable and easily extensible MITM framework.
- [**CloudFail**](https://github.com/m0rtem/CloudFail) – Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS.
- [**CrackMapExec**](https://github.com/byt3bl33d3r/CrackMapExec) – A swiss army knife for pentesting networks.
- [**Debookee**](http://www.iwaxx.com/debookee/) – Simple and powerful network traffic analyzer for macOS.
- [**DET**](https://github.com/sensepost/DET) – Proof of concept to perform data exfiltration using either single or multiple channel(s) at the same time.
- [**Dgcd**](http://tgcd.sourceforge.net/) – Simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls.
- [**Dnsmap**](https://github.com/makefu/dnsmap/) – One of the Hacking Tools for Passive DNS network mapper.
- [**Dnsrecon**](https://github.com/darkoperator/dnsrecon/) – One of the Hacking Tools for DNS enumeration script.
- [**Dnschef**](https://github.com/iphelix/dnschef) – Highly configurable DNS proxy for pentesters.
- [**Dnsenum**](https://github.com/fwaeytens/dnsenum/) – Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results.
- [**Dnstracer**](http://www.mavetju.org/unix/dnstracer.php) – Determines where a given DNS server gets its information from, and follows the chain of DNS servers.
- [**DNSDumpster**](https://dnsdumpster.com/) – One of the Hacking Tools for Online DNS recon and search service.
- [**Evilgrade**](https://github.com/infobyte/evilgrade) – Modular framework to take advantage of poor upgrade implementations by injecting fake updates.
- [**Ettercap**](http://www.ettercap-project.org/) – Comprehensive, mature suite for machine-in-the-middle attacks.
- [**Impacket**](https://github.com/CoreSecurity/impacket) – A collection of Python classes for working with network protocols.
- [**Mass Scan**](https://github.com/robertdavidgraham/masscan) – Best Hacking Tools for TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
- [**Mallory**](https://github.com/justmao945/mallory) – HTTP/HTTPS proxy over SSH.
- [**Mitmproxy**](https://github.com/mitmproxy/mitmproxy) – Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
- [**Netsniff-ng**](https://github.com/netsniff-ng/netsniff-ng) – Swiss army knife for network sniffing.
- [**Network-Tools.com**](http://network-tools.com/) – Website offering an interface to numerous basic network utilities like ping, traceroute, whois, and more.
- [**Passivedns**](https://github.com/gamelinux/passivedns) – Network sniffer that logs all DNS server replies for use in a passive DNS setup.
- [**Passivedns-client**](https://github.com/chrislee35/passivedns-client) – Library and query tool for querying several passive DNS providers.
- [**Pig**](https://github.com/rafael-santiago/pig) – One of the Hacking Tools for GNU/Linux packet crafting.
- [**Pwnat**](https://github.com/samyk/pwnat) – Punches holes in firewalls and NATs.
- [**Praeda**](http://h.foofus.net/?page_id=218) – Automated multi-function printer data harvester for gathering usable data during security assessments.
- [**Printer Exploitation Toolkit (PRET)**](https://github.com/RUB-NDS/PRET) – Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features.
- [**Routersploit**](https://github.com/reverse-shell/routersploit) – Open source exploitation framework similar to Metasploit but dedicated to embedded devices.
- [**Scanless**](https://github.com/vesche/scanless) – Utility for using websites to perform port scans on your behalf so as not to reveal your own IP.
- [**Scapy**](https://github.com/secdev/scapy) – Python-based interactive packet manipulation program & library.
- [**SPARTA**](https://sparta.secforce.com/) – Graphical interface offering scriptable, configurable access to existing network infrastructure scanning and enumeration tools.
- [**SSH MITM**](https://github.com/jtesta/ssh-mitm) – Intercept SSH connections with a proxy; all plaintext passwords and sessions are logged to disk.
- [**Tcpdump/libpcap**](http://www.tcpdump.org/) – Common packet analyzer that runs under the command line.
- [**XRay**](https://github.com/evilsocket/xray) – Network (sub)domain discovery and reconnaissance automation tool.
- [**Zarp**](https://github.com/hatRiot/zarp) – Network attack tool centered around the exploitation of local networks.
- [**Zmap**](https://zmap.io/) – Open source network scanner that enables researchers to easily perform Internet-wide network studies.
---
### **Operating Systems**
- [**Best Linux Penetration Testing Distributions @ CyberPunk**](https://n0where.net/best-linux-penetration-testing-distributions/) – Description of main penetration testing distributions.
- [**Cuckoo**](https://github.com/cuckoosandbox/cuckoo) – Open source automated malware analysis system.
- [**Computer Aided Investigative Environment (CAINE)**](http://www.caine-live.net/) – Italian GNU/Linux live distribution created as a digital forensics project.
- [**CSILinux**](https://csilinux.com/) - CSI's mission is to equip you with the most advanced tools in digital forensics, OSINT, and incident response.
- [**Digital Evidence & Forensics Toolkit (DEFT)**](https://archiveos.org/deft/) – Live CD for forensic analysis runnable without tampering or corrupting connected devices where the boot process takes place.
- [**Security related Operating Systems @ Rawsec**](https://github.com/tyki6/rawsec_cli) – Penetration testing tools & Hacking Tools list Related Complete list of security operating systems.
- [**Security @ Distrowatch**](http://distrowatch.com/search.php?category=Security) – Website dedicated to talking about, reviewing, and keeping up to date with open source operating systems.
- [**Tails**](https://tails.boum.org/) – Live OS aimed at preserving privacy and anonymity.
---
### Physical Hacking Tools
- [**Anof-cyber/APTRS**](https://github.com/Anof-cyber/APTRS) - APTRS (Automated Penetration Testing Reporting System) is an automated reporting tool in Python and Django. The tool allows Penetration testers to create a report directly without using the Traditional Docx file. It also provides an approach to keeping track of the projects and vulnerabilities.
- [**Canarytokens.org**](https://canarytokens.org/generate) - Canarytokens are a free, quick, painless way to help defenders discover they've been breached by having attackers announce themselves. These are digital honeypots you can configure on your own network.
- [**Flipperzero.one**](https://flipperzero.one/) - Flipper Zero is a portable multi-tool for pentesters and geeks in a toy-like body. It loves hacking digital stuff, such as radio protocols, access control systems, hardware and more. It's fully open-source and customizable, so you can extend it in whatever way you like. Check out more firmware options [**here**](https://flipper-xtre.me/asset-packs/)
- [**Hak5.org**](https://shop.hak5.org/) - Sells many hacking for wifi pentesting, hotplug attacks, implants, remote access field kits and more. [**Breakdown of multiple tools**](https://www.youtube.com/watch?v=6F7EHO4niCw)
- [**LAN Turtle**](https://lanturtle.com/) – Covert “USB Ethernet Adapter” that provides remote access, network intelligence gathering, and MITM capabilities when installed in a local network.
- [**Poisontap**](https://samy.pl/poisontap/) – Siphons cookies, exposes internal (LAN-side) router and installs web backdoor on locked computers.
- [**USB Rubber Ducky**](http://usbrubberducky.com/) – Customizable keystroke injection attack platform masquerading as a USB thumbdrive.
- [**WiFi Pineapple**](https://www.wifipineapple.com/) – Wireless auditing and penetration testing platform.
- [**MITRE’s Adversarial Tactics, Techniques & Common Knowledge (ATT&CK)**](https://attack.mitre.org/) – Curated knowledge base and model for cyber adversary behavior.
- [**Open Source Security Testing Methodology Manual (OSSTMM)**](http://www.isecom.org/mirror/OSSTMM.3.pdf) – Framework for providing test cases that result in verified facts on which to base decisions that impact an organization’s security.
- [**Open Web Application Security Project (OWASP)**](https://www.owasp.org/index.php/Main_Page) – Worldwide not-for-profit charitable organization focused on improving the security of especially Web-based and Application-layer software.
- [**Penetration Testing Execution Standard (PTES)**](http://www.pentest-standard.org/) – Documentation designed to provide a common language and scope for performing and reporting the results of a penetration test.
- [**Penetration Testing Framework (PTF)**](http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html) – Outline for performing penetration tests compiled as a general framework usable by vulnerability analysts and penetration testers alike.
- [**PENTEST-WIKI**](https://github.com/nixawk/pentest-wiki) – Free online security knowledge library for pentesters and researchers.
- [**Security related Operating Systems @ Rawsec**](https://github.com/tyki6/rawsec_cli) – Penetration testing tools & Hacking Tools list Related Complete list of security operating systems.
- [**Shellcode Tutorial**](http://www.vividmachines.com/shellcode/shellcode.html) – Tutorial on how to write shellcode.
- [**XSS-Payloads**](http://www.xss-payloads.com/) – Ultimate resource for all things cross-site including payloads, tools, games and documentation.
### **Penetration Testing Distributions**
- [**ArchStrike**](https://archstrike.org/) – Arch GNU/Linux repository for security professionals and enthusiasts.
- [**AttifyOS**](https://github.com/adi0x90/attifyos) – GNU/Linux distribution focused on tools useful during Internet of Things (IoT) security assessments.
- [**BackBox**](https://backbox.org/) – Ubuntu-based distribution for penetration tests and security assessments.
- [**BlackArch**](https://www.blackarch.org/) – Arch GNU/Linux-based distribution with best Hacking Tools for penetration testers and security researchers.
- [**Fedora Security Lab**](https://labs.fedoraproject.org/en/security/) – Provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies.
- [**Kali**](https://www.kali.org/) – GNU/Linux distribution designed for digital forensics and penetration testing Hacking Tools.
- [**Network Security Toolkit (NST)**](http://networksecuritytoolkit.org/) – Fedora-based bootable live operating system designed to provide easy access to best-of-breed open source network security applications.
- [**Parrot**](https://www.parrotsec.org/) – Distribution similar to Kali, with multiple architectures with 100 of Hacking Tools.
- [**Pentoo**](http://www.pentoo.ch/) – Security-focused live CD based on Gentoo.
- [**The Pentesters Framework**](https://github.com/trustedsec/ptf) – Distro organized around the Penetration Testing Execution Standard (PTES), providing a curated collection of utilities that eliminates often unused toolchains.
- [**Public Pentesting Reports**](https://github.com/juliocesarfort/public-pentesting-reports) – Curated list of public penetration test reports released by several consulting firms and academic security groups.
### Ransomware Recovery
- [**Nomoreransom**](https://www.nomoreransom.org/en/index.html) - Help detect what kind of ransomware encryption you’re affected by and free tools to unlock it, in many but not all cases.
### **Reverse Engineering Tools**
- [**Binwalk**](https://github.com/devttys0/binwalk) – Fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.
- [**dnSpy**](https://github.com/0xd4d/dnSpy) – One of the Hacking Tools to reverse engineer .NET assemblies.
- [**Evan’s Debugger**](http://www.codef00.com/projects#debugger) – OllyDbg-like debugger for GNU/Linux.
- [**Frida**](https://www.frida.re/) – Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
- [**Immunity Debugger**](http://debugger.immunityinc.com/) – Powerful way to write exploits and analyze malware.
- [**Interactive Disassembler (IDA Pro)**](https://www.hex-rays.com/products/ida/) – Proprietary multi-processor disassembler and debugger for Windows, GNU/Linux, or macOS; also has a free version, [IDA Free](https://www.hex-rays.com/products/ida/support/download_freeware.shtml).
- [**Medusa**](https://github.com/wisk/medusa) – Open source, cross-platform interactive disassembler.
- [**OllyDbg**](http://www.ollydbg.de/) – x86 debugger for Windows binaries that emphasizes binary code analysis.
- [**Peda**](https://github.com/longld/peda) – Python Exploit Development Assistance for GDB.
- [**Plasma**](https://github.com/joelpx/plasma) – Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
- [**PyREBox**](https://github.com/Cisco-Talos/pyrebox) – Python scriptable Reverse Engineering sandbox by Cisco-Talos.
- [**Radare2**](http://rada.re/r/index.html) – Open source, crossplatform reverse engineering framework.
- [**rVMI**](https://github.com/fireeye/rVMI) – Debugger on steroids; inspect userspace processes, kernel drivers, and preboot environments in a single tool.
- [**Voltron**](https://github.com/snare/voltron) – Extensible debugger UI toolkit written in Python.
- [**WDK/WinDbg**](https://msdn.microsoft.com/en-us/windows/hardware/hh852365.aspx) – Windows Driver Kit and WinDbg.
- [**x64dbg**](http://x64dbg.com/) – Open source x64/x32 debugger for windows.
### Security Courses
- [**ARIZONA CYBER WARFARE RANGE**](http://azcwr.org/) – 24×7 live fire exercises for beginners through real world operations; capability for upward progression into the real world of cyber warfare.
- [**Computer Security Student**](http://computersecuritystudent.com/) – Many free tutorials, great for beginners, \$10/mo membership unlocks all content.
- [**CTF Field Guide**](https://trailofbits.github.io/ctf/) – Everything you need to win your next CTF competition.
- [**Cybrary**](http://cybrary.it/) – Free courses in ethical hacking and advanced penetration testing. Advanced penetration testing courses are based on the book ‘Penetration Testing for Highly-Secured Environments’.
- [**European Union Agency for Network and Information Security**](https://www.enisa.europa.eu/topics/trainings-for-cybersecurity-specialists/online-training-material) – ENISA Cyber Security Training material.
- [**Offensive Security Training**](https://www.offensive-security.com/information-security-training/) – Training from BackTrack/Kali developers.
- [**Open Security Training**](http://opensecuritytraining.info/) – Training material for computer security classes.
- [**SANS Security Training**](http://www.sans.org/) – Computer Security Training & Certification.
### **Side-channel Tools**
- [**ChipWhisperer**](http://chipwhisperer.com/) – Complete open-source toolchain for side-channel power analysis and glitching attacks.
### **Social Engineering**
- [**Beelogger**](https://github.com/4w4k3/BeeLogger) – Tool for generating keylooger.
- [**Catphish**](https://github.com/ring0lab/catphish) – Tool for phishing and corporate espionage written in Ruby.
- [**Evilginx**](https://github.com/kgretzky/evilginx) – MITM attack framework used for phishing credentials and session cookies from any Web service.
- [**King Phisher**](https://github.com/securestate/king-phisher) – One of the Hacking Tools for Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content.
- [**Social Engineer Toolkit (SET)**](https://github.com/trustedsec/social-engineer-toolkit) – Open source pentesting framework designed for social engineering featuring a number of custom attack vectors to make believable attacks quickly.
- [**Social Engineering Framework**](http://www.social-engineer.org/framework/general-discussion/) – Information resource for social engineers.
- [**wifiphisher**](https://github.com/sophron/wifiphisher) – Automated phishing attacks against WiFi networks.
### **Static Analyzers**
- [**Bandit**](https://pypi.python.org/pypi/bandit/) – Security oriented static analyser for python code.
- [**Brakeman**](https://github.com/presidentbeef/brakeman) – Static analysis security vulnerability scanner for Ruby on Rails applications.
- [**FindBugs**](http://findbugs.sourceforge.net/) – Free software static analyzer to look for bugs in Java code.
- [**Sobelow**](https://github.com/nccgroup/sobelow) – Security-focused static analysis for the Phoenix Framework.
### **Transport Layer Security Tools**
- [**SSLyze**](https://github.com/nabla-c0d3/sslyze) – Fast and comprehensive TLS/SSL configuration analyzer to help identify security mis-configurations.
- [**TLS Prober**](https://github.com/WestpointLtd/tls_prober) – Fingerprint a server’s SSL/TLS implementation.
- [**Testssl.sh**](https://github.com/drwetter/testssl.sh) – Command line tool which checks a server’s service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws.
### **Tools, Lists, Tutorials etc.**
- [**AD Exploit guides**](https://scribe.froth.zone/@kuwaitison/active-directory-lateral-movement-and-post-exploitation-cheat-sheet-3170982a7055) - Detailed guide on methods to exploit Active Directory.
- [**Android Security**](https://github.com/ashishb/android-security-awesome) – Collection of Android security-related resources.
- [**AppSec**](https://github.com/paragonie/awesome-appsec) – Resources for learning about application security.
- [**Awesome Awesomness**](https://github.com/bayandin/awesome-awesomeness) – The List of the Lists.
- [**C/C++ Programming**](https://github.com/fffaraz/awesome-cpp) – One of the main language for open source security tools.
- [**CTFs**](https://github.com/apsdehal/awesome-ctf) – Capture The Flag frameworks, libraries, etc.
- [**Exploit Writing Tutorials**](https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/) – Tutorials on how to develop exploits.
- [**Forensics**](https://github.com/Cugu/awesome-forensics) – Free (mostly open source) forensic analysis tools and resources.
- [**GB Hackers Tools List**](https://gbhackers.com/hacking-tools-list/) - Massive list of Tools.
- [**Hackerone Tools List**](https://www.hackerone.com/ethical-hacker/100-hacking-tools-and-resources) - Massive list of Tools.
- [**Hacking**](https://github.com/carpedm20/awesome-hacking) – Tutorials, tools, and resources.
- [**Honeypots**](https://github.com/paralax/awesome-honeypots) – Honeypots, tools, components, and more.
- [**InfoSec § Hacking challenges**](https://github.com/AnarchoTechNYC/meta/wiki/InfoSec#hacking-challenges) – Comprehensive directory of CTFs, wargames, hacking challenge websites, Penetration testing tools list practice lab exercises, and more.
- [**Infosec**](https://github.com/onlurking/awesome-infosec) – Information security resources for pentesting, forensics, and more.
- [**JavaScript Programming**](https://github.com/sorrycc/awesome-javascript) – In-browser development and scripting.
- [**Kali Linux Tools**](https://gbhackers.com/kalitutorials/) – List of Hacking tools present in Kali Linux.
- [**Malware Analysis**](https://gbhackers.com/malware-analysis-cheat-sheet-and-tools-list/) – Tools and resources for analysts.
- [**Node.js Programming**](https://github.com/sindresorhus/awesome-nodejs) – Curated list of delightful Node.js packages and resources.
- [**PCAP Tools**](https://github.com/caesar0301/awesome-pcaptools) – Tools for processing network traffic.
- [**Pivoting and Tunneling Guide**](https://scribe.rip/@kuwaitison/pivoting-and-tunneling-for-oscp-and-beyond-cheat-sheet-3435d1d6022) - Detailed guide on methods to exploit.
- [**Python Programming 1**](https://github.com/svaksha/pythonidae) – General Python programming.
- [**Python Programming 2**](https://github.com/vinta/awesome-python) – General Python programming.
- [**Python tools for penetration testers**](https://github.com/dloss/python-pentest-tools) – Lots of pentesting tools are written in Python.
- [**Ruby Programming 1**](https://github.com/dreikanter/ruby-bookmarks) – The de-facto language for writing exploits.
- [**Ruby Programming 2**](https://github.com/markets/awesome-ruby) – The de-facto
---
### **Virtual Machines Labs**
- [**CFTtime**](https://ctftime.org) - Free capture the flag hacking games.
- [**MindMaps**](http://www.amanhardikar.com/mindmaps/Practice.html) - Massive list of smaller sites that provide individual hacking challenges.
- [**Pentesterlab**](https://www.pentesterlab.com) - Free and paid Pentesting training with labs.
- [**Sadcloud**](https://github.com/nccgroup/sadcloud) - Sadcloud is a tool for spinning up insecure AWS infrastructure with Terraform.
- [**Vulnerability Hub**](https://www.vulnhub.com/) - Free Virtual machines to hack, provided by the community.
- [**Vulnmachines**](https://vulnmachines.com) - A place to learn and improve penetration testing/ethical hacking skills for FREE. The labs consist of 100+ real world scenarios to practice the latest exploits and cutting edge hacking techniques.
---
### **Vulnerability Databases**
- [**Bugtraq (BID)**](http://www.securityfocus.com/bid/) – Software security bug identification database compiled from submissions to the SecurityFocus mailing list and other sources, operated by Symantec, Inc.
- [**Common Vulnerabilities and Exposures (CVE)**](https://cve.mitre.org/) – Dictionary of common names (i.e., CVE Identifiers) for publicly known security vulnerabilities.
- [**CXSecurity**](https://cxsecurity.com/) – Archive of published CVE and Bugtraq software vulnerabilities cross-referenced with a Google dork database for discovering the listed vulnerability.
- [**Exploit-DB**](https://www.exploit-db.com/) – Non-profit project hosting exploits for software vulnerabilities, provided as a public service by Offensive Security.
- [**Full-Disclosure**](http://seclists.org/fulldisclosure/) – Public, vendor-neutral forum for detailed discussion of vulnerabilities, often publishes details before many other sources.
- [**Inj3ct0r**](https://www.0day.today/) ([Onion service](http://mvfjfugdwgc5uwho.onion/)) – Exploit marketplace and vulnerability information aggregator.
- [**Microsoft Security Advisories**](https://technet.microsoft.com/en-us/security/advisories#APUMA) – Archive of security advisories impacting Microsoft software.
- [**Microsoft Security Bulletins**](https://technet.microsoft.com/en-us/security/bulletins#sec_search) – Announcements of security issues discovered in Microsoft software, published by the Microsoft Security Response Center (MSRC).
- [**Mozilla Foundation Security Advisories**](https://www.mozilla.org/security/advisories/) – Archive of security advisories impacting Mozilla software, including the Firefox Web Browser.
- [**National Vulnerability Database (NVD)**](https://nvd.nist.gov/) – United States government’s National Vulnerability Database provides additional meta-data (CPE, CVSS scoring) of the standard CVE List along with a fine-grained search engine.
- [**Packet Storm**](https://packetstormsecurity.com/files/) – Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry.
- [**SecuriTeam**](http://www.securiteam.com/) – Independent source of software vulnerability information.
- [**US-CERT Vulnerability Notes Database**](https://www.kb.cert.org/vuls/) – Summaries, technical details, remediation information, and lists of vendors affected by software vulnerabilities, aggregated by the United States Computer Emergency Response Team (US-CERT).
- [**Vulnerability Lab**](https://www.vulnerability-lab.com/) – Open forum for security advisories organized by category of exploit target.
- [**Vulners**](https://vulners.com/) – Security database of software vulnerabilities.
- [**Zero Day Initiative**](http://zerodayinitiative.com/advisories/published/) – Bug bounty program with the publicly accessible archive of published security advisories, operated by TippingPoint.
---
### **Vulnerability Scanners**
- [**Nexpose**](https://www.rapid7.com/products/nexpose/) – Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7.
- [**Nessus**](https://www.tenable.com/products/nessus-vulnerability-scanner) – Commercial vulnerability management, configuration, and compliance assessment platform, sold by Tenable. Free for under 25 devices.
- [**OpenVAS**](http://www.openvas.org/) – Free open source software implementation of the popular Nessus vulnerability assessment system.
- [**Vuls**](https://github.com/future-architect/vuls) – Agentless vulnerability scanner for GNU/Linux and FreeBSD, written in Go.
---
### **Web Exploitation**
- [**Autochrome**](https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/march/autochrome/) – Easy to install a test browser with all the appropriate setting needed for web application testing with native Burp support, from NCCGroup.
- [**BlindElephant**](http://blindelephant.sourceforge.net/) – Web application fingerprinter.
- [**Browser Exploitation Framework (BeEF)**](https://github.com/beefproject/beef) – Command and control server for delivering exploits to commandeered Web browsers.
- [**Burp Suite**](https://portswigger.net/burp/) – One of the Hacking Tools integrated platform for performing security testing of web applications.
- [**Commix**](https://github.com/commixproject/commix) – Automated all-in-one operating system command injection and exploitation tool.
- [**DVCS Ripper**](https://github.com/kost/dvcs-ripper) – Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR.
- [**EyeWitness**](https://github.com/ChrisTruncer/EyeWitness) – Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible.
- [**Fiddler**](https://www.telerik.com/fiddler) – Free cross-platform web debugging proxy with user-friendly companion tools.
- [**Fimap**](https://github.com/kurobeats/fimap) – Find, prepare, audit, exploit and even Google automatically for LFI/RFI bugs.
- [**FuzzDB**](https://github.com/fuzzdb-project/fuzzdb) – Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
- [**GitTools**](https://github.com/internetwache/GitTools) – One of the Hacking Tools that Automatically find and download Web accessible .git repositories.
- [**Kadabra**](https://github.com/D35m0nd142/Kadabra) – Automatic LFI exploiter and scanner.
- [**Kadimus**](https://github.com/P0cL4bs/Kadimus) – LFI scan and exploit tool.
- [**NoSQLmap**](http://nosqlmap.net/) – Automatic NoSQL injection and database takeover tool.
- [**Offensive Web Testing Framework (OWTF)**](https://www.owasp.org/index.php/OWASP_OWTF) – Python-based framework for pentesting Web applications based on the OWASP Testing Guide.
- [**Sslstrip**](https://www.thoughtcrime.org/software/sslstrip/) – One of the Hacking Tools Demonstration of the HTTPS stripping attacks.
- [**Sslstrip2**](https://github.com/LeonardoNve/sslstrip2) – SSLStrip version to defeat HSTS.
- [**sqlmap**](http://sqlmap.org/) – Automatic SQL injection and database takeover tool.
- [**Tplmap**](https://github.com/epinna/tplmap) – Automatic server-side template injection and Web server takeover Hacking Tools.
- [**VHostScan**](https://github.com/codingo/VHostScan) – A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
- [**Weevely3**](https://github.com/epinna/weevely3) – Weaponized web shell.
- [**Webscreenshot**](https://github.com/maaaaz/webscreenshot) – A simple script to take screenshots of list of websites.
- [**Wappalyzer**](https://www.wappalyzer.com/) – Wappalyzer uncovers the technologies used on websites.
- [**wafw00f**](https://github.com/EnableSecurity/wafw00f) – Identifies and fingerprints Web Application Firewall (WAF) products.
- [**WordPress Exploit Framework**](https://github.com/rastating/wordpress-exploit-framework) – Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
- [**WPSploit**](https://github.com/espreto/wpsploit) – Exploit WordPress-powered websites with Metasploit.
---
### **Web Scanners**
- [**Arachni**](http://www.arachni-scanner.com/) – Scriptable framework for evaluating the security of web applications.
- [**Cms-explorer**](https://code.google.com/archive/p/cms-explorer/) – Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running.
- [**Nikto**](https://cirt.net/nikto2) – Noisy but fast black box web server and web application vulnerability scanner.
- [**SecApps**](https://secapps.com/) – In-browser web application security testing suite.
- [**WebReaver**](https://www.webreaver.com/) – Commercial, graphical web application vulnerability scanner designed for macOS.
- [**w3af**](https://github.com/andresriancho/w3af) – Hacking Tools for Web application attack and audit framework.
- [**WPScan**](https://wpscan.org/) – Hacking Tools of Black box WordPress vulnerability scanner.
- [**Wapiti**](http://wapiti.sourceforge.net/) – Black box web application vulnerability scanner with built-in fuzzer.
- [**Joomscan**](https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project) – One of the best Hacking Tools for Joomla vulnerability scanner.
- [**Bloodhound**](https://github.com/adaptivethreat/Bloodhound/wiki) – Graphical Active Directory trust relationship explorer.
- [**DeathStar**](https://github.com/byt3bl33d3r/DeathStar) – Python script that uses Empire’s RESTful API to automate gaining Domain Admin rights in Active Directory environments.
- [**Empire**](https://www.powershellempire.com/) – Pure PowerShell post-exploitation agent.
- [**Fibratus**](https://github.com/rabbitstack/fibratus) – Tool for exploration and tracing of the Windows kernel.
- [**Magic Unicorn**](https://github.com/trustedsec/unicorn) – Shellcode generator for numerous attack vectors, including Microsoft Office macros, PowerShell, HTML applications (HTA), or certutil (using fake certificates).
- [**Mimikatz**](http://blog.gentilkiwi.com/mimikatz) – Credentials extraction tool for Windows operating system.
- [**redsnarf**](https://github.com/nccgroup/redsnarf) – Post-exploitation tool for retrieving password hashes and credentials from Windows workstations, servers, and domain controllers.
- [**Responder**](https://github.com/SpiderLabs/Responder) – LLMNR, NBT-NS and MDNS poisoner.
- [**Sysinternals Suite**](https://technet.microsoft.com/en-us/sysinternals/bb842062) – The Sysinternals Troubleshooting Utilities.
- [**wePWNise**](https://labs.mwrinfosecurity.com/tools/wepwnise/) – Generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software.
- [**Windows Credentials Editor**](http://www.ampliasecurity.com/research/windows-credentials-editor/) – Inspect logon sessions and add, change, list, and delete associated credentials, including Kerberos tickets.
- [**Windows Exploit Suggester**](https://github.com/GDSSecurity/Windows-Exploit-Suggester) – Detects potential missing patches on the target.
---
### **Wireless Network Hacking**
- [**Aircrack-ng**](http://www.aircrack-ng.org/) – Set of Penetration testing & Hacking Tools list for auditing wireless networks.
- [**Fluxion**](https://github.com/FluxionNetwork/fluxion) – Suite of automated social engineering based WPA attacks.
- [**Kismet**](https://kismetwireless.net/) – Wireless network detector, sniffer, and IDS.
- [**Reaver**](https://code.google.com/archive/p/reaver-wps) – Brute force attack against WiFi Protected Setup.