awesome hacking

A curated list of awesome Hacking tutorials, tools and resources.

For a list of free hacking books available for download, go here

Table of Contents

• System
  • Tutorials
  • Tools
  • Docker
  • General
• Reverse Engineering
  • Tutorials
  • Tools
  • General
• Web
  • Tutorials
  • Tools
• Network
  • Tutorials
  • Tools
• Forensic
  • Tutorials
  • Tools
• Cryptography
  • Tutorials
  • Tools
• Wargame
  • System
  • Reverse Engineering
  • Web
  • Network
  • Forensic
  • Cryptography
• CTF
  • Competition
  • General
• OS
  • Online ressources
• ETC

System

Tutorials

• Corelan Team's Exploit writing tutorial
• Exploit Writing Tutorials for Pentesters

Tools

• Metasploit A computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.
• mimikatz - A little tool to play with Windows security

Docker Images for Penetration Testing & Security

• docker pull kalilinux/kali-linux-docker official Kali Linux
• docker pull owasp/zap2docker-stable - official OWASP ZAP
• docker pull wpscanteam/wpscan - official WPScan
• docker pull pandrew/metasploit - docker-metasploit
• docker pull citizenstig/dvwa - Damn Vulnerable Web Application (DVWA)
• docker pull wpscanteam/vulnerablewordpress - Vulnerable WordPress Installation
• docker pull hmlio/vaas-cve-2014-6271 - Vulnerability as a service: Shellshock
• docker pull hmlio/vaas-cve-2014-0160 - Vulnerability as a service: Heartbleed
• docker pull opendns/security-ninjas - Security Ninjas
• docker pull usertaken/archlinux-pentest-lxde - Arch Linux Penetration Tester
• docker pull diogomonica/docker-bench-security - Docker Bench for Security
• docker pull ismisepaul/securityshepherd - OWASP Security Shepherd
• docker pull danmx/docker-owasp-webgoat - OWASP WebGoat Project docker image
• docker-compose build && docker-compose up - OWASP NodeGoat
• docker pull citizenstig/nowasp - OWASP Mutillidae II Web Pen-Test Practice Application
• docker pull bkimminich/juice-shop - OWASP Juice Shop

General

• Exploit database - An ultimate archive of exploits and vulnerable software

Reverse Engineering

Tutorials

• Lenas Reversing for Newbies
• Malware Analysis Tutorials: a Reverse Engineering Approach

Tools

• [nudge4j] (https://github.com/lorenzoongithub/nudge4j) - Java tool to let the browser talk to the JVM
• IDA - IDA is a Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger
• OllyDbg - A 32-bit assembler level analysing debugger for Windows
• x64dbg - An open-source x64/x32 debugger for Windows
• dex2jar - Tools to work with Android .dex and Java .class files
• JD-GUI - A standalone graphical utility that displays Java source codes of “.class” files
• procyon - A modern open-source Java decompiler
• androguard - Reverse engineering, malware and goodware analysis of Android applications
• JAD - JAD Java Decompiler (closed-source, unmaintained)
• dotPeek - a free-of-charge .NET decompiler from JetBrains
• ILSpy - an open-source .NET assembly browser and decompiler
• dnSpy - .NET assembly editor, decompiler, and debugger
• de4dot - .NET deobfuscator and unpacker.
• antinet - .NET anti-managed debugger and anti-profiler code
• UPX - the Ultimate Packer for eXecutables
• radare2 - A portable reversing framework
• plasma - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
• Hopper - A OS X and Linux Disassembler/Decompiler for 32/64-bit Windows/Mac/Linux/iOS executables.
• ScratchABit - Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API

General

• Open Malware

Web

Tools

• sqlmap - Automatic SQL injection and database takeover tool
• tools.web-max.ca - base64 base85 md4,5 hash, sha1 hash encoding/decoding

Network

Tools

• Wireshark - A free and open-source packet analyzer
• NetworkMiner - A Network Forensic Analysis Tool (NFAT)
• tcpdump - A powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture
• Paros - A Java-based HTTP/HTTPS proxy for assessing web application vulnerability
• pig - A Linux packet crafting tool
• ZAP - The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications
• mitmproxy - An interactive, SSL-capable man-in-the-middle proxy for HTTP with a console interface
• mitmsocks4j - Man-in-the-middle SOCKS Proxy for Java
• nmap - Nmap (Network Mapper) is a security scanner
• Aircrack-ng - An 802.11 WEP and WPA-PSK keys cracking program
• Charles Proxy - A cross-platform GUI web debugging proxy to view intercepted HTTP and HTTPS/SSL live traffic
• Nipe - A script to make Tor Network your default gateway.

Forensic

Tools

• Autospy - A digital forensics platform and graphical interface to The Sleuth Kit and other digital forensics tools
• sleuthkit - A library and collection of command-line digital forensics tools
• EnCase - The shared technology within a suite of digital investigations products by Guidance Software
• malzilla - Malware hunting tool
• PEview - A quick and easy way to view the structure and content of 32-bit Portable Executable (PE) and Component Object File Format (COFF) files
• HxD - A hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size
• WinHex - A hexadecimal editor, helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security
• BinText - A small, very fast and powerful text extractor that will be of particular interest to programmers

Cryptography

Tools

• xortool - A tool to analyze multi-byte XOR cipher
• John the Ripper - A fast password cracker
• Aircrack - Aircrack is 802.11 WEP and WPA-PSK keys cracking program.

Wargame

System

• OverTheWire - Semtex
• OverTheWire - Vortex
• OverTheWire - Drifter
• pwnable.kr - Provide various pwn challenges regarding system security
• Exploit Exercises - Nebula
• SmashTheStack

Reverse Engineering

• Reversing.kr - This site tests your ability to Cracking & Reverse Code Engineering
• CodeEngn - (Korean)
• simples.kr - (Korean)
• Crackmes.de - The world first and largest community website for crackmes and reversemes.

Web

• Hack This Site! - a free, safe and legal training ground for hackers to test and expand their hacking skills
• Webhacking.kr
• 0xf.at - a website without logins or ads where you can solve password-riddles (so called hackits).

Cryptography

• OverTheWire - Krypton

CTF

Competition

• DEF CON
• CSAW CTF
• hack.lu CTF
• Pliad CTF
• RuCTFe
• Ghost in the Shellcode
• PHD CTF
• SECUINSIDE CTF
• Codegate CTF
• Boston Key Party CTF

General

• CTFtime.org - All about CTF (Capture The Flag)
• WeChall
• CTF archives (shell-storm)
• Rookit Arsenal - OS RE and rootkit development
• Pentest Cheat Sheets - Collection of cheat sheets useful for pentesting
• Movies For Hacker - A curated list of movies every hacker & cyberpunk must watch.

OS

Online resources

• Security related Operating Systems @ Rawsec - Complete list of security related operating systems
• Best Linux Penetration Testing Distributions @ CyberPunk - Description of main penetration testing distributions
• Security @ Distrowatch - Website dedicated to talking about, reviewing and keeping up to date with open source operating systems

ETC

• SecTools - Top 125 Network Security Tools

from https://github.com/carpedm20/awesome-hacking
-----------

A collection of various awesome lists for hackers.

Awesome Hacking

A collection of awesome lists for hackers, pentesters & security researchers.
Your contributions are always welcome !

Awesome Repositories

Repository	Description
Android Security	Collection of Android security related resources
AppSec	Resources for learning about application security
Bug Bounty	List of Bug Bounty Programs and write-ups from the Bug Bounty hunters
Cheatsheets	Penetration Testing / Security Cheatsheets
CTF	List of CTF frameworks, libraries, resources and softwares
Cyber Skills	Curated list of hacking environments where you can train your cyber skills legally and safely
DevSecOps	List of awesome DevSecOps tools with the help from community experiments and contributions
Exploit Development	Resources for learning about Exploit Development
Fuzzing	List of fuzzing resources for learning Fuzzing and initial phases of Exploit Development like root cause analysis
Hacking	List of awesome Hacking tutorials, tools and resources
Honeypots	List of honeypot resources
Incident Response	List of tools for incident response
Industrial Control System Security	List of resources related to Industrial Control System (ICS) security
InfoSec	List of awesome infosec courses and training resources
IoT Hacks	Collection of Hacks in IoT Space
Malware Analysis	List of awesome malware analysis tools and resources
OSINT	List of amazingly awesome Open Source Intelligence (OSINT) tools and resources
OSX and iOS Security	OSX and iOS related security tools
Pcaptools	Collection of tools developed by researchers in the Computer Science area to process network traces
Pentest	List of awesome penetration testing resources, tools and other shiny things
PHP Security	Libraries for generating secure random numbers, encrypting data and scanning for vulnerabilities
Reversing	List of awesome reverse engineering resources
Sec Talks	List of awesome security talks
SecLists	Collection of multiple types of lists used during security assessments
Security	Collection of awesome software, libraries, documents, books, resources and cools stuffs about security
Static Analysis	List of static analysis tools, linters and code quality checkers for various programming languages
Threat Intelligence	List of Awesome Threat Intelligence resources
Vehicle Security	List of resources for learning about vehicle security and car hacking
Web Hacking	List of web application security
Windows Exploitation	List of awesome Windows Exploitation resources and shiny things
WiFi Arsenal	Pack of various useful/useless tools for 802.11 hacking

Other useful repositories

Repository	Description
APT Notes	Various public documents, whitepapers and articles about APT campaigns
Bug Bounty Reference	List of bug bounty write-up that is categorized by the bug nature
CTF Tool	List of Capture The Flag (CTF) frameworks, libraries, resources and softwares
Forensics	List of awesome forensic analysis tools and resources
Free Programming Books	Free programming books for developers
Gray Hacker Resources	Useful for CTFs, wargames, pentesting
Infosec Getting Started	A collection of resources, documentation, links, etc to help people learn about Infosec
Infosec Reference	Information Security Reference That Doesn't Suck
IOC	Collection of sources of indicators of compromise
Linux Kernel Exploitation	A bunch of links related to Linux kernel fuzzing and exploitation
Machine Learning for Cyber Security	Curated list of tools and resources related to the use of machine learning for cyber security
Malware Scripts	Useful scripts related with malware
PayloadsAllTheThings	List of useful payloads and bypass for Web Application Security and Pentest/CTF
Pentest Cheatsheets	Collection of the cheat sheets useful for pentesting
Pentest Wiki	A free online security knowledge library for pentesters / researchers
Resource List	Collection of useful GitHub projects loosely categorised
Reverse Engineering	List of Reverse Engineering articles, books, and papers
RFSec-ToolKit	Collection of Radio Frequency Communication Protocol Hacktools
Security Cheatsheets	Collection of cheatsheets for various infosec tools and topics
Security List	Great security list for fun and profit
Shell	List of awesome command-line frameworks, toolkits, guides and gizmos to make complete use of shell

from https://github.com/Hack-with-Github/Awesome-Hacking