Awesome Hacking -An Amazing Project
A curated list of awesome Hacking.
Table of Contents
- System
- Tutorials
- Tools
- Docker
- General
- Reverse Engineering
- Tutorials
- Tools
- General
- Web
- Tools
- General
- Network
- Tools
- Forensic
- Tools
- Cryptography
- Tools
- Wargame
- System
- Reverse Engineering
- Web
- Cryptography
- Bug bounty
- CTF
- Competition
- General
- OS
- Online resources
- Post exploitation
- tools
- ETC
System
Tutorials
- Corelan Team’s Exploit writing tutorial 4
- Exploit Writing Tutorials for Pentesters 3
- Understanding the basics of Linux Binary Exploitation 5
- Shells 4
- Missing Semester 1
Tools
- Metasploit 4 A computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.
- mimikatz 1 – A little tool to play with Windows security
- Hackers tools 2 – Tutorial on tools.
Docker Images for Penetration Testing & Security
docker pull kalilinux/kali-linux-docker
official Kali Linux 1docker pull owasp/zap2docker-stable
– official OWASP ZAPdocker pull wpscanteam/wpscan
– official WPScandocker pull metasploitframework/metasploit-framework
– Official Metasploitdocker pull citizenstig/dvwa
– Damn Vulnerable Web Application (DVWA)docker pull wpscanteam/vulnerablewordpress
– Vulnerable WordPress Installationdocker pull hmlio/vaas-cve-2014-6271
– Vulnerability as a service: Shellshockdocker pull hmlio/vaas-cve-2014-0160
– Vulnerability as a service: Heartbleeddocker pull opendns/security-ninjas
– Security Ninjasdocker pull usertaken/archlinux-pentest-lxde
– Arch Linux Penetration Testerdocker pull diogomonica/docker-bench-security
– Docker Bench for Securitydocker pull ismisepaul/securityshepherd
– OWASP Security Shepherddocker pull danmx/docker-owasp-webgoat
– OWASP WebGoat Project docker imagedocker pull vulnerables/web-owasp-nodegoat
– OWASP NodeGoatdocker pull citizenstig/nowasp
– OWASP Mutillidae II Web Pen-Test Practice Applicationdocker pull bkimminich/juice-shop
– OWASP Juice Shopdocker pull phocean/msf
– Docker Metasploit
General
- Exploit database 4 – An ultimate archive of exploits and vulnerable software
Reverse Engineering
Tutorials
- Begin RE: A Reverse Engineering Tutorial Workshop 3
- Malware Analysis Tutorials: a Reverse Engineering Approach 1
- Malware Unicorn Reverse Engineering Tutorial 3
Tools
Disassemblers and debuggers
- IDA 1 – IDA is a Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger
- OllyDbg – A 32-bit assembler level analysing debugger for Windows
- x64dbg – An open-source x64/x32 debugger for Windows
- radare2 – A portable reversing framework
- plasma – Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
- ScratchABit – Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API
- Capstone
- Ghidra – A software reverse engineering (SRE) suite of tools developed by NSA’s Research Directorate in support of the Cybersecurity mission
Decompilers
- JVM-based languages
- Krakatau – the best decompiler I have used. Is able to decompile apps written in Scala and Kotlin into Java code. JD-GUI and Luyten have failed to do it fully.
- JD-GUI
- procyon
- Luyten – one of the best, though a bit slow, hangs on some binaries and not very well maintained.
- JAD – JAD Java Decompiler (closed-source, unmaintained)
- JADX – a decompiler for Android apps. Not related to JAD.
- .net-based languages
- native code
- Python
- uncompyle6 – decompiler for the over 20 releases and 20 years of CPython.
Deobfuscators
- de4dot – .NET deobfuscator and unpacker.
- JS Beautifier
- JS Nice – a web service guessing JS variables names and types based on the model derived from open source.
Other
- nudge4j – Java tool to let the browser talk to the JVM
- dex2jar – Tools to work with Android .dex and Java .class files
- androguard – Reverse engineering, malware and goodware analysis of Android applications
- antinet – .NET anti-managed debugger and anti-profiler code
- UPX – the Ultimate Packer (and unpacker) for eXecutables
Execution logging and tracing
- Wireshark – A free and open-source packet analyzer
- tcpdump – A powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture
- mitmproxy – An interactive, SSL-capable man-in-the-middle proxy for HTTP with a console interface
- Charles Proxy – A cross-platform GUI web debugging proxy to view intercepted HTTP and HTTPS/SSL live traffic
- usbmon – USB capture for Linux.
- USBPcap 1 – USB capture for Windows.
- dynStruct – structures recovery via dynamic instrumentation.
- drltrace – shared library calls tracing.
Binary files examination and editing
Hex editors
- HxD – A hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size
- WinHex 1 – A hexadecimal editor, helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security
- wxHexEditor
- Synalize It/Hexinator –
Other
- Binwalk – Detects signatures, unpacks archives, visualizes entropy.
- Veles – a visualizer for statistical properties of blobs.
- Kaitai Struct – a DSL for creating parsers in a variety of programming languages. The Web IDE is particularly useful for reverse-engineering.
- Protobuf inspector
- DarunGrim – executable differ.
- DBeaver – a DB editor.
- Dependencies – a FOSS replacement to Dependency Walker.
- PEview – A quick and easy way to view the structure and content of 32-bit Portable Executable (PE) and Component Object File Format (COFF) files
- BinText – A small, very fast and powerful text extractor that will be of particular interest to programmers.
General
Web
Tools
- Spyse 2 – Data gathering service that collects web info using OSINT. Provided info: IPv4 hosts, domains/whois, ports/banners/protocols, technologies, OS, AS, maintains huge SSL/TLS DB, and more… All the data is stored in its own database allowing get the data without scanning.
- sqlmap – Automatic SQL injection and database takeover tool
- NoSQLMap – Automated NoSQL database enumeration and web application exploitation tool.
- tools.web-max.ca – base64 base85 md4,5 hash, sha1 hash encoding/decoding
- VHostScan – A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
- SubFinder – SubFinder is a subdomain discovery tool that discovers valid subdomains for any target using passive online sources.
- Findsubdomains – A subdomains discovery tool that collects all possible subdomains from open source internet and validates them through various tools to provide accurate results.
- badtouch – Scriptable network authentication cracker
- PhpSploit – Full-featured C2 framework which silently persists on webserver via evil PHP oneliner
- Git-Scanner – A tool for bug hunting or pentesting for targeting websites that have open
.git
repositories available in public - CSP Scanner – Analyze a site’s Content-Security-Policy (CSP) to find bypasses and missing directives.
General
- Strong node.js – An exhaustive checklist to assist in the source code security analysis of a node.js web service.
Network
Tools
- NetworkMiner 2 – A Network Forensic Analysis Tool (NFAT)
- Paros – A Java-based HTTP/HTTPS proxy for assessing web application vulnerability
- pig – A Linux packet crafting tool
- findsubdomains – really fast subdomains scanning service that has much greater opportunities than simple subs finder(works using OSINT).
- cirt-fuzzer – A simple TCP/UDP protocol fuzzer.
- ASlookup – a useful tool for exploring autonomous systems and all related info (CIDR, ASN, Org…)
- ZAP – The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications
- mitmsocks4j – Man-in-the-middle SOCKS Proxy for Java
- ssh-mitm – An SSH/SFTP man-in-the-middle tool that logs interactive sessions and passwords.
- nmap – Nmap (Network Mapper) is a security scanner
- Aircrack-ng 2 – An 802.11 WEP and WPA-PSK keys cracking program
- Nipe – A script to make Tor Network your default gateway.
- Habu 1 – Python Network Hacking Toolkit
- Wifi Jammer 1 – Free program to jam all wifi clients in range
- Firesheep – Free program for HTTP session hijacking attacks.
- Scapy 1 – A Python tool and library for low level packet creation and manipulation
- Amass – In-depth subdomain enumeration tool that performs scraping, recursive brute forcing, crawling of web archives, name altering and reverse DNS sweeping
- sniffglue – Secure multithreaded packet sniffer
- [RustScan][https://github.com/rustscan/rustscan] – Extremely fast port scanner built with Rust, designed to scan all ports in a couple of seconds and utilizes nmap to perform port enumeration in a fraction of the time.
Forensic
Tools
- Autopsy – A digital forensics platform and graphical interface to The Sleuth Kit and other digital forensics tools
- sleuthkit – A library and collection of command-line digital forensics tools
- EnCase – The shared technology within a suite of digital investigations products by Guidance Software
- malzilla 1 – Malware hunting tool
- IPED – Indexador e Processador de Evidências Digitais – Brazilian Federal Police Tool for Forensic Investigation
Cryptography
Tools
- xortool – A tool to analyze multi-byte XOR cipher
- John the Ripper – A fast password cracker
- Aircrack 2 – Aircrack is 802.11 WEP and WPA-PSK keys cracking program.
- Ciphey – Automated decryption tool using artificial intelligence & natural language processing.
Wargame
System
- OverTheWire – Semtex
- OverTheWire – Vortex
- OverTheWire – Drifter
- pwnable.kr – Provide various pwn challenges regarding system security
- Exploit Exercises – Nebula
- SmashTheStack
- HackingLab
Reverse Engineering
- Reversing.kr 1 – This site tests your ability to Cracking & Reverse Code Engineering
- CodeEngn 1 – (Korean)
- simples.kr – (Korean)
- Crackmes.de – The world first and largest community website for crackmes and reversemes.
Web
- Hack This Site! 1 – a free, safe and legal training ground for hackers to test and expand their hacking skills
- Hack The Box 1 – a free site to perform pentesting in a variety of different systems.
- Webhacking.kr
- 0xf.at – a website without logins or ads where you can solve password-riddles (so called hackits).
- fuzzy.land – Website by an Austrian group. Lots of challenges taken from CTFs they participated in.
- Gruyere
- Others
Cryptography
Bug bounty
Bug bounty – Earn Some Money
CTF
Competition
- DEF CON
- CSAW CTF
- hack.lu CTF
- Pliad CTF
- RuCTFe
- Ghost in the Shellcode
- PHD CTF
- SECUINSIDE CTF
- Codegate CTF
- Boston Key Party CTF
- ZeroDays CTF
- Insomni’hack 1
- Pico CTF
- prompt(1) to win – XSS Challenges
- HackTheBox 1
General
- Hack+ 1 – An Intelligent network of bots that fetch the latest InfoSec content.
- CTFtime.org – All about CTF (Capture The Flag)
- WeChall
- CTF archives (shell-storm)
- Rookit Arsenal – OS RE and rootkit development
- Pentest Cheat Sheets – Collection of cheat sheets useful for pentesting
- Movies For Hackers 1 – A curated list of movies every hacker & cyberpunk must watch.
- Hopper’s Roppers Intro. to CTF Course – A free course that teaches the fundamentals of forensics, cryptography, and web-exploitation required to be successful in Capture the Flag competitions.
OS
Online resources
- Security related Operating Systems @ Rawsec – Complete list of security related operating systems
- Best Linux Penetration Testing Distributions @ CyberPunk – Description of main penetration testing distributions
- Security @ Distrowatch – Website dedicated to talking about, reviewing and keeping up to date with open source operating systems
Post exploitation
tools
- empire – A post exploitation framework for powershell and python.
- silenttrinity – A post exploitation tool that uses iron python to get past powershell restrictions.
- PowerSploit – A PowerShell post exploitation framework
- ebowla – Framework for Making Environmental Keyed Payloads
ETC
- SecTools – Top 125 Network Security Tools
- Hopper’s Roppers Security Training – Four free courses designed to teach beginners the fundamentals of computing, security, and CTFs.
Free Hacking & Security eBooks
A curated list of free Security and Pentesting related E-Books available on the Internet.
Network Pentesting
Defensive Security
- Holistic Info-Sec for Web Developers – Fascicle 0 1
- Holistic Info-Sec for Web Developers – Fascicle 1
- OWASP Hacking Tutorials and Web App Protection
- Threat Modeling – Designing for Security
Offensive Security
- Backtrack
- Kali Linux
- Hacking
- Advanced SQL Injection Hacking and Guide 1
- A Beginners Guide To Hacking Computer Systems
- Blind SQL Injection Discovery & Exploitation
- CEH – Hacking Database Secrets and Exploit
- Ethical Hacking Complete E-book for Beginners
- Hackers High School 13 Complete Hacking Ebooks
- Hacking attacks and Examples Test
- Hacking into Computer Systems
- Hackers’ Secrets
- Operating Systems
- Web & WebApp
- 501 Website Hacking Secrets 1
- Cross Site Scripting and Hacking Websites
- Dangerous Google Hacking Database and Attacks
- Hack any Website, Complete Web App Hacking
- Hacking Website Database and owning systems 1
- Internet Advanced Denial of Service (DDOS) Attack
- Internet Security Technology and Hacking
- The Web Application Hacker’s Handbook
- Vulnerability Exploit & website Hacking for Dummies
- Web App Hacking (Hackers Handbook)
- XSS, Vulnerability Exploitation & Website Hacking
Programming Languages
Reverse Engineering
Virus Botnet and Malware
Misc
- Computer Hacking – Cyber Laws Harvard 1
- Ethical Hacking Value and Penetration testing
- Secrets of Super and Professional Hackers 2
- Hackers High School 13Complete Hacking E-books
- Network Hacking and Shadows Hacking Attacks 2
Source: GitHub
ENJOY & HAPPY LEARNING!
DON’T BE CHEAP! LOL (APPRECIATE THE SHARE & HIT LIKE)