Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-hacking
https://github.com/cscannell-inacloud/awesome-hacking
- Corelan Team's Exploit writing tutorial
- Exploit Writing Tutorials for Pentesters
- Understanding the basics of Linux Binary Exploitation
- Lenas Reversing for Newbies
- Malware Analysis Tutorials: a Reverse Engineering Approach
- Metasploit
- mimikatz - A little tool to play with Windows security
- official Kali Linux
- official OWASP ZAP
- official WPScan
- docker-metasploit
- Damn Vulnerable Web Application (DVWA)
- Vulnerable WordPress Installation
- Vulnerability as a service: Shellshock
- Vulnerability as a service: Heartbleed
- Security Ninjas
- Arch Linux Penetration Tester
- Docker Bench for Security
- OWASP Security Shepherd
- OWASP WebGoat Project docker image
- OWASP NodeGoat
- OWASP Mutillidae II Web Pen-Test Practice Application
- OWASP Juice Shop
- IDA - IDA is a Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger
- OllyDbg - A 32-bit assembler level analysing debugger for Windows
- x64dbg - An open-source x64/x32 debugger for Windows
- radare2 - A portable reversing framework
- plasma - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
- ScratchABit - Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API
- Capstone
- Krakatau - the best decompiler I have used. Is able to decompile apps written in Scala and Kotlin into Java code. JD-GUI and Luyten have failed to do it fully.
- JD-GUI
- procyon
- Luyten - one of the best, though a bit slow, hangs on some binaries and not very well maintained.
- JAD - JAD Java Decompiler (closed-source, unmaintained)
- JADX - a decompiler for Android apps. Not related to JAD.
- dotPeek - a free-of-charge .NET decompiler from JetBrains
- ILSpy - an open-source .NET assembly browser and decompiler
- dnSpy - .NET assembly editor, decompiler, and debugger
- Hopper - A OS X and Linux Disassembler/Decompiler for 32/64-bit Windows/Mac/Linux/iOS executables.
- cutter - a decompiler based on radare2.
- retdec
- snowman
- Hex-Rays
- de4dot - .NET deobfuscator and unpacker.
- JS Beautifier
- JS Nice - a web service guessing JS variables names and types based on the model derived from open source.
- nudge4j - Java tool to let the browser talk to the JVM
- dex2jar - Tools to work with Android .dex and Java .class files
- androguard - Reverse engineering, malware and goodware analysis of Android applications
- antinet - .NET anti-managed debugger and anti-profiler code
- UPX - the Ultimate Packer (and unpacker) for eXecutables
- Wireshark - A free and open-source packet analyzer
- tcpdump - A powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture
- mitmproxy - An interactive, SSL-capable man-in-the-middle proxy for HTTP with a console interface
- Charles Proxy - A cross-platform GUI web debugging proxy to view intercepted HTTP and HTTPS/SSL live traffic
- usbmon - USB capture for Linux.
- USBPcap - USB capture for Windows.
- dynStruct - structures recovery via dynamic instrumentation.
- drltrace - shared library calls tracing.
- HxD - A hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size
- WinHex - A hexadecimal editor, helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security
- wxHexEditor
- Synalize It
- Binwalk - Detects signatures, unpacks archives, visualizes entropy.
- Veles - a visualizer for statistical properties of blobs.
- Kaitai Struct - a DSL for creating parsers in a variety of programming languages. The Web IDE is particulary useful fir reverse-engineering.
- Protobuf inspector
- DarunGrim - executable differ.
- DBeaver - a DB editor.
- Dependencies - a FOSS replacement to Dependency Walker.
- PEview - A quick and easy way to view the structure and content of 32-bit Portable Executable (PE) and Component Object File Format (COFF) files
- BinText - A small, very fast and powerful text extractor that will be of particular interest to programmers.
- sqlmap - Automatic SQL injection and database takeover tool
- NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.
- tools.web-max.ca - base64 base85 md4,5 hash, sha1 hash encoding/decoding
- VHostScan - A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
- SubFinder - SubFinder is a subdomain discovery tool that discovers valid subdomains for any target using passive online sources.
- badtouch - Scriptable network authentication cracker
- NetworkMiner - A Network Forensic Analysis Tool (NFAT)
- Paros - A Java-based HTTP/HTTPS proxy for assessing web application vulnerability
- pig - A Linux packet crafting tool
- ZAP - The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications
- mitmsocks4j - Man-in-the-middle SOCKS Proxy for Java
- ssh-mitm - An SSH/SFTP man-in-the-middle tool that logs interactive sessions and passwords.
- nmap - Nmap (Network Mapper) is a security scanner
- Aircrack-ng - An 802.11 WEP and WPA-PSK keys cracking program
- Nipe - A script to make Tor Network your default gateway.
- Habu - Python Network Hacking Toolkit
- Wifi Jammer - Free program to jam all wifi clients in range
- Firesheep - Free program for HTTP session hijacking attacks.
- Scapy - A Python tool and library for low level packet creation and manipulation
- Amass - In-depth subdomain enumeration tool that performs scraping, recursive brute forcing, crawling of web archives, name altering and reverse DNS sweeping
- sniffglue - Secure multithreaded packet sniffer
- Autopsy - A digital forensics platform and graphical interface to [The Sleuth Kit](http://www.sleuthkit.org/sleuthkit/index.php) and other digital forensics tools
- sleuthkit - A library and collection of command-line digital forensics tools
- EnCase - The shared technology within a suite of digital investigations products by Guidance Software
- malzilla - Malware hunting tool
- xortool - A tool to analyze multi-byte XOR cipher
- John the Ripper - A fast password cracker
- Aircrack - Aircrack is 802.11 WEP and WPA-PSK keys cracking program.
- Exploit database - An ultimate archive of exploits and vulnerable software
- Open Malware
- Strong node.js - An exhaustive checklist to assist in the source code security analysis of a node.js web service.
- Hack+ - An Intelligent network of bots that fetch the latest InfoSec content.
- CTFtime.org - All about CTF (Capture The Flag)
- WeChall
- CTF archives (shell-storm)
- Rookit Arsenal - OS RE and rootkit development
- Pentest Cheat Sheets - Collection of cheat sheets useful for pentesting
- Movies For Hackers - A curated list of movies every hacker & cyberpunk must watch.
- OverTheWire - Semtex
- OverTheWire - Vortex
- OverTheWire - Drifter
- pwnable.kr - Provide various pwn challenges regarding system security
- Exploit Exercises - Nebula
- SmashTheStack
- Reversing.kr - This site tests your ability to Cracking & Reverse Code Engineering
- CodeEngn - (Korean)
- simples.kr - (Korean)
- Crackmes.de - The world first and largest community website for crackmes and reversemes.
- Hack This Site! - a free, safe and legal training ground for hackers to test and expand their hacking skills
- Hack The Box - a free site to perform pentesting in a variety of different systems.
- Webhacking.kr
- 0xf.at - a website without logins or ads where you can solve password-riddles (so called hackits).
- Gruyere
- Others
- OverTheWire - Krypton
- Awesome bug bounty resources by EdOverflow
- Bugcrowd
- Hackerone
- DEF CON
- CSAW CTF
- hack.lu CTF
- Pliad CTF
- RuCTFe
- Ghost in the Shellcode
- PHD CTF
- SECUINSIDE CTF
- Codegate CTF
- Boston Key Party CTF
- ZeroDays CTF
- Insomni’hack
- Pico CTF
- prompt(1) to win - XSS Challeges
- Security related Operating Systems @ Rawsec - Complete list of security related operating systems
- Best Linux Penetration Testing Distributions @ CyberPunk - Description of main penetration testing distributions
- Security @ Distrowatch - Website dedicated to talking about, reviewing and keeping up to date with open source operating systems
- empire - A post exploitation framework for powershell and python.
- silenttrinity - A post exploitation tool that uses iron python to get past powershell restrictions.
- SecTools - Top 125 Network Security Tools
Keywords
security
8
hacking
7
reverse-engineering
5
security-tools
5
python
5
penetration-testing
4
java
4
javascript
3
bugbounty
3
hacking-tool
3
cpp
3
packet-crafting
2
forensics
2
network-analysis
2
windows
2
awesome
2
lua
2
offensive-security
2
network
2
man-in-the-middle
2
rust
2
scanner
2
python3
2
security-audit
2
pcap
2
csharp
2
web-application-security
2
oscp
2
malware-analysis
2
appsec
2
disassembler
2
debugging
2
nosql
2
database
2
owasp-top-ten
2
ctf
2
sql-injection
2
pentesting
2
visualization
1
shaders
1
mysql
1
qt
1
hexeditor
1
oracle
1
win
1
mac
1
linux
1
hex-editor
1
postgresql
1
hex
1