Hacking |

“The truth is revealed by removing things that stand in its light, an art not unlike sculpture, in which the artist creates, not by building, but by hacking away.” - Alan Watts

Welcome to the Hacking section of Liberty tools! Hacking should be used to increase your knowledge and harden your defenses. Please use these tools responsibly.

Anonymity#

BinGoo - GNU/Linux bash based Bing and Google Dorking Tool.
Censys - Collects data on hosts and websites through daily ZMap and ZGrab scans.
creepy - Geolocation OSINT tool.
dork-cli - Command line Google dork tool.
Fast-recon - Perform Google dorks against a domain.
GooDork - Command line Google dorking tool.
Google Hacking Database - Database of Google dorks; can be used for recon.
Google-dorks - Common Google dorks and others you probably don’t know.
I2P - The Invisible Internet Project.
Maltego - One of the Hacking Tools and Proprietary software for open source intelligence and forensics, from Paterva.
metagoofil - Metadata harvester.
Nipe - Script to redirect all traffic from the machine to the Tor network.
OnionScan - One of the Hacking Tools for investigating the Dark Web by finding operational security issues introduced by Tor hidden service operators.
recon-ng - One of the Hacking Tools Full-featured Web Reconnaissance framework written in Python.
snitch - Information gathering via dorks.
Spiderfoot - Multi-source OSINT automation tool with a Web UI and report visualizations.
theHarvester - E-mail, subdomain and people names harvester.
Tor - Free software and onion routed overlay network that helps you defend against traffic analysis.
Virus Total - VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.
What Every Browser Knows About You - Comprehensive detection page to test your own Web browser’s configuration for privacy and identity leaks.
ZoomEye - Search engine for cyberspace that lets the user find specific network components.

Bug Bounty Platforms#

Bugcrowd List - List of many companies that provide bug bounties.

CTF(Capture the flag)#

Ctf-tools - Collection of setup scripts to install various security research tools easily and quickly deployable to new machines.
Pwntools - Rapid exploit development framework built for use in CTFs.
RsaCtfTool - Decrypt data enciphered using weak RSA keys, and recover private keys from public keys using a variety of automated attacks.

DDoS#

HOIC - Updated version of Low Orbit Ion Cannon, has ‘boosters’ to get around common counter measures.
JS LOIC - JavaScript in-browser version of LOIC.
LOIC - Open source network stress tool for Windows.
SlowLoris - DoS tool that uses low bandwidth on the attacking side.
T50 - Faster network stress tool.
UFONet - Abuses OSI layer 7 HTTP to create/manage ‘zombies’ and to conduct different attacks using; GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.

Defense Evasion#

AntiVirus Evasion Tool (AVET) - Post-process exploits containing executable files targeted for Windows machines to avoid being recognized by antivirus software.
Hyperion - Runtime encryptor for 32-bit portable executables (“PE .exes”).
PeCloak.py - Automates the process of hiding a malicious Windows executable from antivirus (AV) detection.
PeCloakCapstone - Multi-platform fork of the peCloak.py automated malware antivirus evasion tool.
UniByAv - Simple obfuscator that takes raw shellcode and generates Anti-Virus friendly executables by using a brute-forcable, 32-bit XOR key.
Veil - Generate metasploit payloads that bypass common anti-virus solutions.

Defcon Suggested Reading#

Defcon Suggested Reading

Email Spoofing#

SpoofBox - Offers email, SMS, Phone spoofing and lots of other tools. Not a free service. Can also be used to look up phone numbers.

Exploit Development#

Exploit Writing Tutorials - Tutorials on how to develop exploits.
Shellcode Examples - Shellcodes database.
Shellcode Tutorial - Tutorial on how to write shellcode.

File Format Analysis#

Hachoir - Python library to view and edit a binary stream as tree of fields and tools for metadata extraction.
Kaitai Struct - File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby.
Veles - Binary data visualization and analysis tool.

Forensics#

Autopsy - Full suite of open source forensics tools.
CAINE - CAINE is Linux Live CD that contains a wealth of digital forensic tools. Features include a user-friendly GUI, semi-automated report creation and tools for Mobile Forensics, Network Forensics, Data Recovery and more.
FTK Imager - Open Source Disk imaging tool.
Paladin Forensic Suite - Live Ubuntu distro with lots of tools. Open source with free and paid versions.
SIFT Workstation - The SIFT Workstation is a collection of free and open-source incident response and forensic tools designed to perform detailed digital forensic examinations in a variety of settings, all built inside an Ubuntu VM.
SMART - Open source sampling of many proprietary forensics tools.

GNU/Linux Utilities#

Linux Exploit Suggester - Heuristic reporting on potentially viable exploits for a given GNU/Linux system.

Hacking Focused OSINT#

AQUATONE - Subdomain discovery tool utilizing various open sources producing a report that can be used as input to other tools.
BinGoo - GNU/Linux bash based Bing and Google Dorking Tool.
Censys - Collects data on hosts and websites through daily ZMap and ZGrab scans.
creepy - Geolocation OSINT tool.
DataSploit - OSINT visualizer utilizing Shodan, Censys, Clearbit, EmailHunter, FullContact, and Zoomeye behind the scenes.
dork-cli - Command line Google dork tool.
Fast-recon - Perform Google dorks against a domain.
GooDork - Command line Google dorking tool.
Google Hacking Database - Database of Google dorks; can be used for recon.
Google-dorks - Common Google dorks and others you probably don’t know.
github-dorks - CLI tool to scan Github repos/organizations for potential sensitive information leak.
Intrigue - Automated OSINT & Attack Surface discovery framework with powerful API, UI and CLI.
Maltego - One of the Hacking Tools and Proprietary software for open source intelligence and forensics, from Paterva.
metagoofil - Metadata harvester.
recon-ng - One of the Hacking Tools Full-featured Web Reconnaissance framework written in Python.
Shodan - World’s first search engine for Internet-connected devices.
snitch - Information gathering via dorks.
Sn1per - One of the Hacking Tools for Automated Pentest Recon Scanner.
Spiderfoot - Multi-source OSINT automation tool with a Web UI and report visualizations.
Threat Crowd - Search engine for threats.
theHarvester - E-mail, subdomain and people names harvester.
vcsmap - Plugin-based tool to scan public version control systems for sensitive information.
Virus Total - VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.
What Every Browser Knows About You - Comprehensive detection page to test your own Web browser’s configuration for privacy and identity leaks.
ZoomEye - Search engine for cyberspace that lets the user find specific network components.

Hacking Conventions#

44Con - Annual Security Conference held in London.
AppSecUSA - Annual conference organized by OWASP.
BalCCon - Balkan Computer Congress, annually held in Novi Sad, Serbia.
Black Hat - Annual security conference in Las Vegas.
BruCON - Annual security conference in Belgium.
CarolinaCon - Infosec conference, held annually in North Carolina.
CCC - Annual meeting of the international hacker scene in Germany.
CHCon - Christchurch Hacker Con, Only South Island of New Zealand hacker con.
DeepSec - Security Conference in Vienna, Austria.
DefCamp - Largest Security Conference in Eastern Europe, held annually in Bucharest, Romania.
DEF CON - Annual hacker convention in Las Vegas. Known for having a left wing bias.
Ekoparty - Largest Security Conference in Latin America, held annually in Buenos Aires, Argentina.
FSec - FSec - Croatian Information Security Gathering in Varaždin, Croatia.
Hack3rCon - Annual US hacker conference.
Hack.lu - Annual conference held in Luxembourg.
Hackfest - Largest hacking conference in Canada.
HITB - Deep-knowledge security conference held in Malaysia and The Netherlands.
Hacking In The Box - Deep-knowledge security conference held in Malaysia and The Netherlands.
Infosecurity Europe - Europe’s number one information security event, held in London, UK.
LayerOne - Annual US security conference held every spring in Los Angeles.
Nullcon - Annual conference in Delhi and Goa, India.
PhreakNIC - Technology conference held annually in middle Tennessee.
RSA Conference USA - Annual security conference in San Francisco, California, USA.
ShmooCon - Annual US East coast hacker convention.
SkyDogCon - Technology conference in Nashville.
SummerCon - One of the oldest hacker conventions, held during Summer.
Swiss Cyber Storm - Annual security conference in Lucerne, Switzerland.
ThotCon - Annual US hacker conference held in Chicago.
Troopers - Annual international IT Security event with workshops held in Heidelberg, Germany.
Virus Bulletin Conference - Annual conference going to be held in Denver, USA for 2016.

Hash Cracking#

BruteForce Wallet - Find the password of an encrypted wallet file (i.e. wallet.dat).
CeWL - Generates custom wordlists by spidering a target’s website and collecting unique words.
Hashcat - Another One of the Hacking Tools The more fast hash cracker.
John the Ripper - One of the best Hacking Tools for Fast password cracker.
JWT Cracker - Simple HS256 JWT token brute force cracker.
Rar Crack - RAR bruteforce cracker.

Hex Editors#

0xED – Native macOS hex editor that supports plug-ins to display custom data types.
Frhed – Binary file editor for Windows.
HexEdit.js – Browser-based hex editing.
Hexinator – World’s finest (proprietary, commercial) Hex Editor.

Information Security Magazines#

2600: The Hacker Quarterly – American publication about technology and computer “underground.”
Phrack Magazine – By far the longest running hacker zine.
Unredacted Magazine - The official magazine from Michael Bazzell author of Extreme Privacy.

Lock Picking Resources#

Awesome Lockpicking – Awesome guides, tools, and other resources about the security and compromise of locks, safes, and keys.
Bosnianbill – More lockpicking videos.
Schuyler Towne channel – Lockpicking videos and security talks.
/r/lockpicking – Resources for learning lockpicking, equipment recommendations.

macOS Utilities#

Bella – Pure Python post-exploitation data mining and remote administration tool for macOS.

Multi-paradigm Frameworks#

Armitage – Java-based GUI front-end for the Metasploit Framework.
ExploitPack – Graphical tool for automating penetration tests that ships with many pre-packaged exploits.
Faraday – Multiuser integrated pentesting environment for red teams performing cooperative penetration tests, security audits, and risk assessments.
Metasploit – Post exploitation Hacking Tools for offensive security teams to help verify vulnerabilities and manage security assessments.
Pupy – Cross-platform (Windows, Linux, macOS, Android) remote administration and post-exploitation tool.

Network Tools#

BetterCAP – Modular, portable and easily extensible MITM framework.
CloudFail – Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS.
CrackMapExec – A swiss army knife for pentesting networks.
Debookee – Simple and powerful network traffic analyzer for macOS.
DET – Proof of concept to perform data exfiltration using either single or multiple channel(s) at the same time.
Dgcd – Simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls.
Dnsmap – One of the Hacking Tools for Passive DNS network mapper.
Dnsrecon – One of the Hacking Tools for DNS enumeration script.
Dnschef – Highly configurable DNS proxy for pentesters.
Dnsenum – Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results.
Dnstracer – Determines where a given DNS server gets its information from, and follows the chain of DNS servers.
DNSDumpster – One of the Hacking Tools for Online DNS recon and search service.
Dshell – Network forensic analysis framework.
Dsniff – Collection of tools for network auditing and pentesting.
Dripcap – Caffeinated packet analyzer.
Evilgrade – Modular framework to take advantage of poor upgrade implementations by injecting fake updates.
Ettercap – Comprehensive, mature suite for machine-in-the-middle attacks.
Impacket – A collection of Python classes for working with network protocols.
Intercepter-NG – Multifunctional network toolkit.
Mass Scan – Best Hacking Tools for TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
Mallory – HTTP/HTTPS proxy over SSH.
Mitmproxy – Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
Morpheus – Automated ettercap TCP/IP Hacking Tools.
Netsniff-ng – Swiss army knife for network sniffing.
Network-Tools.com – Website offering an interface to numerous basic network utilities like ping, traceroute, whois, and more.
Nmap – Free security scanner for network exploration & security audits.
Passivedns – Network sniffer that logs all DNS server replies for use in a passive DNS setup.
Passivedns-client – Library and query tool for querying several passive DNS providers.
Pig – One of the Hacking Tools for GNU/Linux packet crafting.
Pwnat – Punches holes in firewalls and NATs.
Praeda – Automated multi-function printer data harvester for gathering usable data during security assessments.
Printer Exploitation Toolkit (PRET) – Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features.
Routersploit – Open source exploitation framework similar to Metasploit but dedicated to embedded devices.
Scanless – Utility for using websites to perform port scans on your behalf so as not to reveal your own IP.
Scapy – Python-based interactive packet manipulation program & library.
SPARTA – Graphical interface offering scriptable, configurable access to existing network infrastructure scanning and enumeration tools.
SSH MITM – Intercept SSH connections with a proxy; all plaintext passwords and sessions are logged to disk.
Tcpdump/libpcap – Common packet analyzer that runs under the command line.
Wireshark – Widely-used graphical, cross-platform network protocol analyzer.
XRay – Network (sub)domain discovery and reconnaissance automation tool.
Zarp – Network attack tool centered around the exploitation of local networks.
Zmap – Open source network scanner that enables researchers to easily perform Internet-wide network studies.

Operating Systems#

Best Linux Penetration Testing Distributions @ CyberPunk – Description of main penetration testing distributions.
Cuckoo – Open source automated malware analysis system.
Computer Aided Investigative Environment (CAINE) – Italian GNU/Linux live distribution created as a digital forensics project.
CSILinux - CSI’s mission is to equip you with the most advanced tools in digital forensics, OSINT, and incident response.
Digital Evidence & Forensics Toolkit (DEFT) – Live CD for forensic analysis runnable without tampering or corrupting connected devices where the boot process takes place.
Security related Operating Systems @ Rawsec – Penetration testing tools & Hacking Tools list Related Complete list of security operating systems.
Security @ Distrowatch – Website dedicated to talking about, reviewing, and keeping up to date with open source operating systems.
Tails – Live OS aimed at preserving privacy and anonymity.

Physical Hacking Tools#

Anof-cyber/APTRS - APTRS (Automated Penetration Testing Reporting System) is an automated reporting tool in Python and Django. The tool allows Penetration testers to create a report directly without using the Traditional Docx file. It also provides an approach to keeping track of the projects and vulnerabilities.
Canarytokens.org - Canarytokens are a free, quick, painless way to help defenders discover they’ve been breached by having attackers announce themselves. These are digital honeypots you can configure on your own network.
Flipperzero.one - Flipper Zero is a portable multi-tool for pentesters and geeks in a toy-like body. It loves hacking digital stuff, such as radio protocols, access control systems, hardware and more. It’s fully open-source and customizable, so you can extend it in whatever way you like. Check out more firmware options here
Hak5.org - Sells many hacking for wifi pentesting, hotplug attacks, implants, remote access field kits and more. Breakdown of multiple tools
LAN Turtle – Covert “USB Ethernet Adapter” that provides remote access, network intelligence gathering, and MITM capabilities when installed in a local network.
Poisontap – Siphons cookies, exposes internal (LAN-side) router and installs web backdoor on locked computers.
USB Rubber Ducky – Customizable keystroke injection attack platform masquerading as a USB thumbdrive.
WiFi Pineapple – Wireless auditing and penetration testing platform.

Penetration Testing Resources#

Pentest Tools#

Metasploit Unleashed - Free Offensive Security Metasploit course.
MITRE’s Adversarial Tactics, Techniques & Common Knowledge (ATT&CK) – Curated knowledge base and model for cyber adversary behavior.
Open Source Security Testing Methodology Manual (OSSTMM) – Framework for providing test cases that result in verified facts on which to base decisions that impact an organization’s security.
Open Web Application Security Project (OWASP) – Worldwide not-for-profit charitable organization focused on improving the security of especially Web-based and Application-layer software.
Penetration Testing Execution Standard (PTES) – Documentation designed to provide a common language and scope for performing and reporting the results of a penetration test.
Penetration Testing Framework (PTF) – Outline for performing penetration tests compiled as a general framework usable by vulnerability analysts and penetration testers alike.
PENTEST-WIKI – Free online security knowledge library for pentesters and researchers.
Security related Operating Systems @ Rawsec – Penetration testing tools & Hacking Tools list Related Complete list of security operating systems.
Shellcode Examples – Shellcodes database.
Shellcode Tutorial – Tutorial on how to write shellcode.
XSS-Payloads – Ultimate resource for all things cross-site including payloads, tools, games and documentation.

Penetration Testing Distributions#

ArchStrike – Arch GNU/Linux repository for security professionals and enthusiasts.
AttifyOS – GNU/Linux distribution focused on tools useful during Internet of Things (IoT) security assessments.
BackBox – Ubuntu-based distribution for penetration tests and security assessments.
BlackArch – Arch GNU/Linux-based distribution with best Hacking Tools for penetration testers and security researchers.
Fedora Security Lab – Provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies.
Kali – GNU/Linux distribution designed for digital forensics and penetration testing Hacking Tools.
Network Security Toolkit (NST) – Fedora-based bootable live operating system designed to provide easy access to best-of-breed open source network security applications.
Parrot – Distribution similar to Kali, with multiple architectures with 100 of Hacking Tools.
Pentoo – Security-focused live CD based on Gentoo.
The Pentesters Framework – Distro organized around the Penetration Testing Execution Standard (PTES), providing a curated collection of utilities that eliminates often unused toolchains.

Docker for Penetration Testing#

docker pull kalilinux/kali-linux-docker
docker pull owasp/zap2docker-stable
docker pull wpscanteam/wpscan
docker pull citizenstig/dvwa
docker pull wpscanteam/vulnerablewordpress
docker pull hmlio/vaas-cve-2014-6271
docker pull hmlio/vaas-cve-2014-0160
docker pull opendns/security-ninjas
docker pull diogomonica/docker-bench-security
docker pull ismisepaul/securityshepherd
docker pull danmx/docker-owasp-webgoat
docker-compose build && docker-compose up
docker pull citizenstig/nowasp
docker pull bkimminich/juice-shop
docker pull phocean/msf

Penetration Testing Report Templates#

Pentesting Report Template – lucideus.com template.
Pentesting Report Template – pcisecuritystandards.org template.
Public Pentesting Reports – Curated list of public penetration test reports released by several consulting firms and academic security groups.

Ransomware Recovery#

Nomoreransom - Help detect what kind of ransomware encryption you’re affected by and free tools to unlock it, in many but not all cases.

Reverse Engineering Tools#

Binwalk – Fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.
Capstone – Lightweight multi-platform, multi-architecture disassembly framework.
dnSpy – One of the Hacking Tools to reverse engineer .NET assemblies.
Evan’s Debugger – OllyDbg-like debugger for GNU/Linux.
Frida – Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
Immunity Debugger – Powerful way to write exploits and analyze malware.
Interactive Disassembler (IDA Pro) – Proprietary multi-processor disassembler and debugger for Windows, GNU/Linux, or macOS; also has a free version, IDA Free.
Medusa – Open source, cross-platform interactive disassembler.
OllyDbg – x86 debugger for Windows binaries that emphasizes binary code analysis.
Peda – Python Exploit Development Assistance for GDB.
Plasma – Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
PyREBox – Python scriptable Reverse Engineering sandbox by Cisco-Talos.
Radare2 – Open source, crossplatform reverse engineering framework.
rVMI – Debugger on steroids; inspect userspace processes, kernel drivers, and preboot environments in a single tool.
Voltron – Extensible debugger UI toolkit written in Python.
WDK/WinDbg – Windows Driver Kit and WinDbg.
x64dbg – Open source x64/x32 debugger for windows.

Security Courses#

ARIZONA CYBER WARFARE RANGE – 24×7 live fire exercises for beginners through real world operations; capability for upward progression into the real world of cyber warfare.
Computer Security Student – Many free tutorials, great for beginners, $10/mo membership unlocks all content.
CTF Field Guide – Everything you need to win your next CTF competition.
Cybrary – Free courses in ethical hacking and advanced penetration testing. Advanced penetration testing courses are based on the book ‘Penetration Testing for Highly-Secured Environments’.
European Union Agency for Network and Information Security – ENISA Cyber Security Training material.
Offensive Security Training – Training from BackTrack/Kali developers.
Open Security Training – Training material for computer security classes.
SANS Security Training – Computer Security Training & Certification.

Side-channel Tools#

ChipWhisperer – Complete open-source toolchain for side-channel power analysis and glitching attacks.

Beelogger – Tool for generating keylooger.
Catphish – Tool for phishing and corporate espionage written in Ruby.
Evilginx – MITM attack framework used for phishing credentials and session cookies from any Web service.
King Phisher – One of the Hacking Tools for Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content.
Social Engineer Toolkit (SET) – Open source pentesting framework designed for social engineering featuring a number of custom attack vectors to make believable attacks quickly.
Social Engineering Framework – Information resource for social engineers.
wifiphisher – Automated phishing attacks against WiFi networks.

Static Analyzers#

Bandit – Security oriented static analyser for python code.
Brakeman – Static analysis security vulnerability scanner for Ruby on Rails applications.
Cppcheck – Extensible C/C++ static analyzer focused on finding bugs.
FindBugs – Free software static analyzer to look for bugs in Java code.
Sobelow – Security-focused static analysis for the Phoenix Framework.

Transport Layer Security Tools#

SSLyze – Fast and comprehensive TLS/SSL configuration analyzer to help identify security mis-configurations.
TLS Prober – Fingerprint a server’s SSL/TLS implementation.
Testssl.sh – Command line tool which checks a server’s service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws.

Tools, Lists, Tutorials etc.#

AD Exploit guides - Detailed guide on methods to exploit Active Directory.
Android Security – Collection of Android security-related resources.
AppSec – Resources for learning about application security.
Awesome Awesomness – The List of the Lists.
C/C++ Programming – One of the main language for open source security tools.
CTFs – Capture The Flag frameworks, libraries, etc.
Exploit Writing Tutorials – Tutorials on how to develop exploits.
Forensics – Free (mostly open source) forensic analysis tools and resources.
GB Hackers Tools List - Massive list of Tools.
Hackerone Tools List - Massive list of Tools.
Hacking – Tutorials, tools, and resources.
Honeypots – Honeypots, tools, components, and more.
InfoSec § Hacking challenges – Comprehensive directory of CTFs, wargames, hacking challenge websites, Penetration testing tools list practice lab exercises, and more.
Infosec – Information security resources for pentesting, forensics, and more.
JavaScript Programming – In-browser development and scripting.
Kali Linux Tools – List of Hacking tools present in Kali Linux.
Malware Analysis – Tools and resources for analysts.
Node.js Programming – Curated list of delightful Node.js packages and resources.
PCAP Tools – Tools for processing network traffic.
Penetration Testing Cheat Sheets – Awesome Pentest Cheat Sheets.
Pivoting and Tunneling Guide - Detailed guide on methods to exploit.
Python Programming 1 – General Python programming.
Python Programming 2 – General Python programming.
Python tools for penetration testers – Lots of pentesting tools are written in Python.
Ruby Programming 1 – The de-facto language for writing exploits.
Ruby Programming 2 – The de-facto

Virtual Machines Labs#

CFTtime - Free capture the flag hacking games.
MindMaps - Massive list of smaller sites that provide individual hacking challenges.
Pentesterlab - Free and paid Pentesting training with labs.
Sadcloud - Sadcloud is a tool for spinning up insecure AWS infrastructure with Terraform.
Vulnerability Hub - Free Virtual machines to hack, provided by the community.
Vulnmachines - A place to learn and improve penetration testing/ethical hacking skills for FREE. The labs consist of 100+ real world scenarios to practice the latest exploits and cutting edge hacking techniques.

Vulnerability Databases#

Bugtraq (BID) – Software security bug identification database compiled from submissions to the SecurityFocus mailing list and other sources, operated by Symantec, Inc.
Common Vulnerabilities and Exposures (CVE) – Dictionary of common names (i.e., CVE Identifiers) for publicly known security vulnerabilities.
CXSecurity – Archive of published CVE and Bugtraq software vulnerabilities cross-referenced with a Google dork database for discovering the listed vulnerability.
Exploit-DB – Non-profit project hosting exploits for software vulnerabilities, provided as a public service by Offensive Security.
Full-Disclosure – Public, vendor-neutral forum for detailed discussion of vulnerabilities, often publishes details before many other sources.
Inj3ct0r (Onion service) – Exploit marketplace and vulnerability information aggregator.
Microsoft Security Advisories – Archive of security advisories impacting Microsoft software.
Microsoft Security Bulletins – Announcements of security issues discovered in Microsoft software, published by the Microsoft Security Response Center (MSRC).
Mozilla Foundation Security Advisories – Archive of security advisories impacting Mozilla software, including the Firefox Web Browser.
National Vulnerability Database (NVD) – United States government’s National Vulnerability Database provides additional meta-data (CPE, CVSS scoring) of the standard CVE List along with a fine-grained search engine.
Packet Storm – Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry.
SecuriTeam – Independent source of software vulnerability information.
US-CERT Vulnerability Notes Database – Summaries, technical details, remediation information, and lists of vendors affected by software vulnerabilities, aggregated by the United States Computer Emergency Response Team (US-CERT).
Vulnerability Lab – Open forum for security advisories organized by category of exploit target.
Vulners – Security database of software vulnerabilities.
Zero Day Initiative – Bug bounty program with the publicly accessible archive of published security advisories, operated by TippingPoint.

Vulnerability Scanners#

Nexpose – Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7.
Nessus – Commercial vulnerability management, configuration, and compliance assessment platform, sold by Tenable. Free for under 25 devices.
OpenVAS – Free open source software implementation of the popular Nessus vulnerability assessment system.
Vuls – Agentless vulnerability scanner for GNU/Linux and FreeBSD, written in Go.

Web Exploitation#

Autochrome – Easy to install a test browser with all the appropriate setting needed for web application testing with native Burp support, from NCCGroup.
BlindElephant – Web application fingerprinter.
Browser Exploitation Framework (BeEF) – Command and control server for delivering exploits to commandeered Web browsers.
Burp Suite – One of the Hacking Tools integrated platform for performing security testing of web applications.
Commix – Automated all-in-one operating system command injection and exploitation tool.
DVCS Ripper – Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR.
EyeWitness – Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible.
Fiddler – Free cross-platform web debugging proxy with user-friendly companion tools.
Fimap – Find, prepare, audit, exploit and even Google automatically for LFI/RFI bugs.
FuzzDB – Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
GitTools – One of the Hacking Tools that Automatically find and download Web accessible .git repositories.
Kadabra – Automatic LFI exploiter and scanner.
Kadimus – LFI scan and exploit tool.
Liffy – LFI exploitation tool.
NoSQLmap – Automatic NoSQL injection and database takeover tool.
Offensive Web Testing Framework (OWTF) – Python-based framework for pentesting Web applications based on the OWASP Testing Guide.
Sslstrip – One of the Hacking Tools Demonstration of the HTTPS stripping attacks.
Sslstrip2 – SSLStrip version to defeat HSTS.
sqlmap – Automatic SQL injection and database takeover tool.
Tplmap – Automatic server-side template injection and Web server takeover Hacking Tools.
VHostScan – A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
Weevely3 – Weaponized web shell.
Webscreenshot – A simple script to take screenshots of list of websites.
WhatWeb – Website fingerprinter.
Wappalyzer – Wappalyzer uncovers the technologies used on websites.
wafw00f – Identifies and fingerprints Web Application Firewall (WAF) products.
WordPress Exploit Framework – Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
WPSploit – Exploit WordPress-powered websites with Metasploit.

Web Scanners#

Arachni – Scriptable framework for evaluating the security of web applications.
Cms-explorer – Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running.
Nikto – Noisy but fast black box web server and web application vulnerability scanner.
SecApps – In-browser web application security testing suite.
WebReaver – Commercial, graphical web application vulnerability scanner designed for macOS.
w3af – Hacking Tools for Web application attack and audit framework.
WPScan – Hacking Tools of Black box WordPress vulnerability scanner.
Wapiti – Black box web application vulnerability scanner with built-in fuzzer.
Joomscan – One of the best Hacking Tools for Joomla vulnerability scanner.
ACSTIS – Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.

Windows Utilities#

Bloodhound – Graphical Active Directory trust relationship explorer.
DeathStar – Python script that uses Empire’s RESTful API to automate gaining Domain Admin rights in Active Directory environments.
Empire – Pure PowerShell post-exploitation agent.
Fibratus – Tool for exploration and tracing of the Windows kernel.
Magic Unicorn – Shellcode generator for numerous attack vectors, including Microsoft Office macros, PowerShell, HTML applications (HTA), or certutil (using fake certificates).
Mimikatz – Credentials extraction tool for Windows operating system.
PowerSploit – PowerShell Post-Exploitation Framework.
redsnarf – Post-exploitation tool for retrieving password hashes and credentials from Windows workstations, servers, and domain controllers.
Responder – LLMNR, NBT-NS and MDNS poisoner.
Sysinternals Suite – The Sysinternals Troubleshooting Utilities.
wePWNise – Generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software.
Windows Credentials Editor – Inspect logon sessions and add, change, list, and delete associated credentials, including Kerberos tickets.
Windows Exploit Suggester – Detects potential missing patches on the target.

Wireless Network Hacking#

Aircrack-ng – Set of Penetration testing & Hacking Tools list for auditing wireless networks.
Fluxion – Suite of automated social engineering based WPA attacks.
Kismet – Wireless network detector, sniffer, and IDS.
Reaver – Brute force attack against WiFi Protected Setup.
Wifite – Automated wireless attack tool.