Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-pentest
https://github.com/H4CK3RT3CH/awesome-pentest
- Metasploit Unleashed - Free Offensive Security Metasploit course.
- PTES - Penetration Testing Execution Standard.
- OWASP - Open Web Application Security Project.
- PENTEST-WIKI - Free online security knowledge library for pentesters / researchers.
- Vulnerability Assessment Framework - Penetration Testing Framework.
- XSS-Payloads - Ultimate resource for all things cross-site including payloads, tools, games and documentation.
- Shellcode Tutorial - Tutorial on how to write shellcode.
- Shellcode Examples - Shellcodes database.
- Exploit Writing Tutorials - Tutorials on how to develop exploits.
- shellsploit - New Generation Exploit Development Kit.
- Voltron - Hacky debugger UI for hackers.
- OSINT Framework - Collection of various OSINT tools broken out by category.
- Intel Techniques - Collection of OSINT tools. Menu on the left can be used to navigate through the categories.
- NetBootcamp OSINT Tools - Collection of OSINT links and custom Web interfaces to other services such as [Facebook Graph Search](http://netbootcamp.org/facebook.html) and [various paste sites](http://netbootcamp.org/pastesearch.html).
- Social Engineering Framework - Information resource for social engineers.
- Schuyler Towne channel - Lockpicking videos and security talks.
- bosnianbill - More lockpicking videos.
- /r/lockpicking - Resources for learning lockpicking, equipment recommendations.
- Security related Operating Systems @ Rawsec - Complete list of security related operating systems.
- Best Linux Penetration Testing Distributions @ CyberPunk - Description of main penetration testing distributions.
- Security @ Distrowatch - Website dedicated to talking about, reviewing, and keeping up to date with open source operating systems.
- cuckoo - Open source automated malware analysis system.
- Computer Aided Investigative Environment (CAINE) - Italian GNU/Linux live distribution created as a digital forensics project.
- Digital Evidence & Forensics Toolkit (DEFT) - Live CD for forensic analysis runnable without tampering or corrupting connected devices where the boot process takes place.
- Tails - Live OS aimed at preserving privacy and anonymity.
- Kali - GNU/Linux distribution designed for digital forensics and penetration testing.
- ArchStrike - Arch GNU/Linux repository for security professionals and enthusiasts.
- BlackArch - Arch GNU/Linux-based distribution for penetration testers and security researchers.
- Network Security Toolkit (NST) - Fedora-based bootable live operating system designed to provide easy access to best-of-breed open source network security applications.
- Pentoo - Security-focused live CD based on Gentoo.
- BackBox - Ubuntu-based distribution for penetration tests and security assessments.
- Parrot - Distribution similar to Kali, with multiple architecture.
- Buscador - GNU/Linux virtual machine that is pre-configured for online investigators.
- Fedora Security Lab - Provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies.
- The Pentesters Framework - Distro organized around the Penetration Testing Execution Standard (PTES), providing a curated collection of utilities that eliminates often unused toolchains.
- AttifyOS - GNU/Linux distribution focused on tools useful during Internet of Things (IoT) security assessments.
- official Kali Linux
- official OWASP ZAP
- official WPScan
- Damn Vulnerable Web Application (DVWA)
- Vulnerable WordPress Installation
- Vulnerability as a service: Shellshock
- Vulnerability as a service: Heartbleed
- Security Ninjas
- Docker Bench for Security
- OWASP Security Shepherd
- OWASP WebGoat Project docker image
- OWASP NodeGoat
- OWASP Mutillidae II Web Pen-Test Practice Application
- OWASP Juice Shop
- Kali Linux Docker Image
- docker-metasploit
- Metasploit - Software for offensive security teams to help verify vulnerabilities and manage security assessments.
- Armitage - Java-based GUI front-end for the Metasploit Framework.
- Faraday - Multiuser integrated pentesting environment for red teams performing cooperative penetration tests, security audits, and risk assessments.
- ExploitPack - Graphical tool for automating penetration tests that ships with many pre-packaged exploits.
- Pupy - Cross-platform (Windows, Linux, macOS, Android) remote administration and post-exploitation tool.
- Nexpose - Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7.
- Nessus - Commercial vulnerability management, configuration, and compliance assessment platform, sold by Tenable.
- OpenVAS - Free software implementation of the popular Nessus vulnerability assessment system.
- Vuls - Agentless vulnerability scanner for GNU/Linux and FreeBSD, written in Go.
- Brakeman - Static analysis security vulnerability scanner for Ruby on Rails applications.
- cppcheck - Extensible C/C++ static analyzer focused on finding bugs.
- FindBugs - Free software static analyzer to look for bugs in Java code.
- sobelow - Security-focused static analysis for the Phoenix Framework.
- Nikto - Noisy but fast black box web server and web application vulnerability scanner.
- Arachni - Scriptable framework for evaluating the security of web applications.
- w3af - Web application attack and audit framework.
- Wapiti - Black box web application vulnerability scanner with built-in fuzzer.
- SecApps - In-browser web application security testing suite.
- WebReaver - Commercial, graphical web application vulnerability scanner designed for macOS.
- WPScan - Black box WordPress vulnerability scanner.
- cms-explorer - Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running.
- joomscan - Joomla vulnerability scanner.
- zmap - Open source network scanner that enables researchers to easily perform Internet-wide network studies.
- nmap - Free security scanner for network exploration & security audits.
- pig - GNU/Linux packet crafting tool.
- scanless - Utility for using websites to perform port scans on your behalf so as not to reveal your own IP.
- tcpdump/libpcap - Common packet analyzer that runs under the command line.
- Wireshark - Widely-used graphical, cross-platform network protocol analyzer.
- Network-Tools.com - Website offering an interface to numerous basic network utilities like `ping`, `traceroute`, `whois`, and more.
- netsniff-ng - Swiss army knife for for network sniffing.
- Intercepter-NG - Multifunctional network toolkit.
- SPARTA - Graphical interface offering scriptable, configurable access to existing network infrastructure scanning and enumeration tools.
- dnschef - Highly configurable DNS proxy for pentesters.
- DNSDumpster - Online DNS recon and search service.
- CloudFail - Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS.
- dnsenum - Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results.
- dnsmap - Passive DNS network mapper.
- dnsrecon - DNS enumeration script.
- dnstracer - Determines where a given DNS server gets its information from, and follows the chain of DNS servers.
- passivedns-client - Library and query tool for querying several passive DNS providers.
- passivedns - Network sniffer that logs all DNS server replies for use in a passive DNS setup.
- Mass Scan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
- Zarp - Network attack tool centered around the exploitation of local networks.
- mitmproxy - Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
- Morpheus - Automated ettercap TCP/IP Hijacking tool.
- mallory - HTTP/HTTPS proxy over SSH.
- SSH MITM - Intercept SSH connections with a proxy; all plaintext passwords and sessions are logged to disk.
- Netzob - Reverse engineering, traffic generation and fuzzing of communication protocols.
- DET - Proof of concept to perform data exfiltration using either single or multiple channel(s) at the same time.
- pwnat - Punches holes in firewalls and NATs.
- dsniff - Collection of tools for network auditing and pentesting.
- tgcd - Simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls.
- smbmap - Handy SMB enumeration tool.
- scapy - Python-based interactive packet manipulation program & library.
- Dshell - Network forensic analysis framework.
- Debookee - Simple and powerful network traffic analyzer for macOS.
- Dripcap - Caffeinated packet analyzer.
- Printer Exploitation Toolkit (PRET) - Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features.
- Praeda - Automated multi-function printer data harvester for gathering usable data during security assessments.
- routersploit - Open source exploitation framework similar to Metasploit but dedicated to embedded devices.
- evilgrade - Modular framework to take advantage of poor upgrade implementations by injecting fake updates.
- XRay - Network (sub)domain discovery and reconnaissance automation tool.
- Aircrack-ng - Set of tools for auditing wireless networks.
- Kismet - Wireless network detector, sniffer, and IDS.
- Reaver - Brute force attack against WiFi Protected Setup.
- Wifite - Automated wireless attack tool.
- SSLyze - Fast and comprehensive TLS/SSL configuration analyzer to help identify security mis-configurations.
- tls_prober - Fingerprint a server's SSL/TLS implementation.
- OWASP Zed Attack Proxy (ZAP) - Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.
- Fiddler - Free cross-platform web debugging proxy with user-friendly companion tools.
- Burp Suite - Integrated platform for performing security testing of web applications.
- autochrome - Easy to install a test browser with all the appropriate setting needed for web application testing with native Burp support, from NCCGroup.
- Browser Exploitation Framework (BeEF) - Command and control server for delivering exploits to commandeered Web browsers.
- Offensive Web Testing Framework (OWTF) - Python-based framework for pentesting Web applications based on the OWASP Testing Guide.
- Wordpress Exploit Framework - Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
- WPSploit - Exploit WordPress-powered websites with Metasploit.
- SQLmap - Automatic SQL injection and database takeover tool.
- tplmap - Automatic server-side template injection and Web server takeover tool.
- weevely3 - Weaponized web shell.
- Wappalyzer - Wappalyzer uncovers the technologies used on websites.
- WhatWeb - Website fingerprinter.
- BlindElephant - Web application fingerprinter.
- wafw00f - Identifies and fingerprints Web Application Firewall (WAF) products.
- fimap - Find, prepare, audit, exploit and even Google automatically for LFI/RFI bugs.
- Kadabra - Automatic LFI exploiter and scanner.
- Kadimus - LFI scan and exploit tool.
- liffy - LFI exploitation tool.
- Commix - Automated all-in-one operating system command injection and exploitation tool.
- DVCS Ripper - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR.
- GitTools - Automatically find and download Web-accessible `.git` repositories.
- sslstrip - Demonstration of the HTTPS stripping attacks.
- sslstrip2 - SSLStrip version to defeat HSTS.
- HexEdit.js - Browser-based hex editing.
- Hexinator - World's finest (proprietary, commercial) Hex Editor.
- Frhed - Binary file editor for Windows.
- 0xED - Native macOS hex editor that supports plug-ins to display custom data types.
- Kaitai Struct - File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby.
- Veles - Binary data visualization and analysis tool.
- Hachoir - Python library to view and edit a binary stream as tree of fields and tools for metadata extraction.
- John the Ripper - Fast password cracker.
- Hashcat - The more fast hash cracker.
- CeWL - Generates custom wordlists by spidering a target's website and collecting unique words.
- Sysinternals Suite - The Sysinternals Troubleshooting Utilities.
- Windows Credentials Editor - Security tool to list logon sessions and add, change, list and delete associated credentials.
- mimikatz - Credentials extraction tool for Windows operating system.
- PowerSploit - PowerShell Post-Exploitation Framework.
- Windows Exploit Suggester - Detects potential missing patches on the target.
- Responder - LLMNR, NBT-NS and MDNS poisoner.
- Bloodhound - Graphical Active Directory trust relationship explorer.
- Empire - Pure PowerShell post-exploitation agent.
- Fibratus - Tool for exploration and tracing of the Windows kernel.
- wePWNise - Generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software.
- redsnarf - Post-exploitation tool for retrieving password hashes and credentials from Windows workstations, servers, and domain controllers.
- Magic Unicorn - Shellcode generator for numerous attack vectors, including Microsoft Office macros, PowerShell, HTML applications (HTA), or `certutil` (using fake certificates).
- Linux Exploit Suggester - Heuristic reporting on potentially viable exploits for a given GNU/Linux system.
- Bella - Pure Python post-exploitation data mining and remote administration tool for macOS.
- LOIC - Open source network stress tool for Windows.
- JS LOIC - JavaScript in-browser version of LOIC.
- SlowLoris - DoS tool that uses low bandwidth on the attacking side.
- HOIC - Updated version of Low Orbit Ion Cannon, has 'boosters' to get around common counter measures.
- T50 - Faster network stress tool.
- UFONet - Abuses OSI layer 7 HTTP to create/manage 'zombies' and to conduct different attacks using; `GET`/`POST`, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.
- Social Engineer Toolkit (SET) - Open source pentesting framework designed for social engineering featuring a number of custom attack vectors to make believable attacks quickly.
- King Phisher - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content.
- Evilginx - MITM attack framework used for phishing credentials and session cookies from any Web service.
- wifiphisher - Automated phishing attacks against WiFi networks.
- Catphish - Tool for phishing and corporate espionage written in Ruby.
- Maltego - Proprietary software for open source intelligence and forensics, from Paterva.
- theHarvester - E-mail, subdomain and people names harvester.
- creepy - Geolocation OSINT tool.
- metagoofil - Metadata harvester.
- Google Hacking Database - Database of Google dorks; can be used for recon.
- Google-dorks - Common Google dorks and others you probably don't know.
- GooDork - Command line Google dorking tool.
- dork-cli - Command line Google dork tool.
- Censys - Collects data on hosts and websites through daily ZMap and ZGrab scans.
- Shodan - World's first search engine for Internet-connected devices.
- recon-ng - Full-featured Web Reconnaissance framework written in Python.
- github-dorks - CLI tool to scan github repos/organizations for potential sensitive information leak.
- vcsmap - Plugin-based tool to scan public version control systems for sensitive information.
- Spiderfoot - Multi-source OSINT automation tool with a Web UI and report visualizations
- BinGoo - GNU/Linux bash based Bing and Google Dorking Tool.
- fast-recon - Perform Google dorks against a domain.
- snitch - Information gathering via dorks.
- Sn1per - Automated Pentest Recon Scanner.
- Threat Crowd - Search engine for threats.
- Virus Total - VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.
- DataSploit - OSINT visualizer utilizing Shodan, Censys, Clearbit, EmailHunter, FullContact, and Zoomeye behind the scenes.
- AQUATONE - Subdomain discovery tool utilizing various open sources producing a report that can be used as input to other tools.
- Tor - Free software and onion routed overlay network that helps you defend against traffic analysis.
- I2P - The Invisible Internet Project.
- Nipe - Script to redirect all traffic from the machine to the Tor network.
- What Every Browser Knows About You - Comprehensive detection page to test your own Web browser's configuration for privacy and identity leaks.
- Interactive Disassembler (IDA Pro) - Proprietary multi-processor disassembler and debugger for Windows, GNU/Linux, or macOS; also has a free version, [IDA Free](https://www.hex-rays.com/products/ida/support/download_freeware.shtml).
- WDK/WinDbg - Windows Driver Kit and WinDbg.
- OllyDbg - x86 debugger for Windows binaries that emphasizes binary code analysis.
- Radare2 - Open source, crossplatform reverse engineering framework.
- x64dbg - Open source x64/x32 debugger for windows.
- Immunity Debugger - Powerful way to write exploits and analyze malware.
- Evan's Debugger - OllyDbg-like debugger for GNU/Linux.
- Medusa - Open source, cross-platform interactive disassembler.
- plasma - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
- peda - Python Exploit Development Assistance for GDB.
- dnSpy - Tool to reverse engineer .NET assemblies.
- binwalk - Fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.
- PyREBox - Python scriptable Reverse Engineering sandbox by Cisco-Talos.
- LAN Turtle - Covert "USB Ethernet Adapter" that provides remote access, network intelligence gathering, and MITM capabilities when installed in a local network.
- USB Rubber Ducky - Customizable keystroke injection attack platform masquerading as a USB thumbdrive.
- Poisontap - Siphons cookies, exposes internal (LAN-side) router and installs web backdoor on locked computers.
- WiFi Pineapple - Wireless auditing and penetration testing platform.
- ctf-tools - Collection of setup scripts to install various security research tools easily and quickly deployable to new machines.
- Pwntools - Rapid exploit development framework built for use in CTFs.
- RsaCtfTool - Decrypt data enciphered using weak RSA keys, and recover private keys from public keys using a variety of automated attacks.
- The Art of Exploitation by Jon Erickson, 2008
- Metasploit: The Penetration Tester's Guide by David Kennedy et al., 2011
- Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman, 2014
- Rtfm: Red Team Field Manual by Ben Clark, 2014
- The Hacker Playbook by Peter Kim, 2014
- The Basics of Hacking and Penetration Testing by Patrick Engebretson, 2013
- Professional Penetration Testing by Thomas Wilhelm, 2013
- Advanced Penetration Testing for Highly-Secured Environments by Lee Allen, 2012
- Violent Python by TJ O'Connor, 2012
- Fuzzing: Brute Force Vulnerability Discovery by Michael Sutton et al., 2007
- Black Hat Python: Python Programming for Hackers and Pentesters by Justin Seitz, 2014
- Penetration Testing: Procedures & Methodologies by EC-Council, 2010
- Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp, 2010
- Advanced Persistent Threat Hacking: The Art and Science of Hacking Any Organization by Tyler Wrightson, 2014
- Bug Hunter's Diary by Tobias Klein, 2011
- The Database Hacker's Handbook, David Litchfield et al., 2005
- The Shellcoders Handbook by Chris Anley et al., 2007
- The Mac Hacker's Handbook by Charlie Miller & Dino Dai Zovi, 2009
- The Web Application Hackers Handbook by D. Stuttard, M. Pinto, 2011
- iOS Hackers Handbook by Charlie Miller et al., 2012
- Android Hackers Handbook by Joshua J. Drake et al., 2014
- The Browser Hackers Handbook by Wade Alcorn et al., 2014
- The Mobile Application Hackers Handbook by Dominic Chell et al., 2015
- Car Hacker's Handbook by Craig Smith, 2016
- Holistic Info-Sec for Web Developers (Fascicle 0)
- Holistic Info-Sec for Web Developers (Fascicle 1)
- Nmap Network Scanning by Gordon Fyodor Lyon, 2009
- Practical Packet Analysis by Chris Sanders, 2011
- Wireshark Network Analysis by by Laura Chappell & Gerald Combs, 2012
- Network Forensics: Tracking Hackers through Cyberspace by Sherri Davidoff & Jonathan Ham, 2012
- Reverse Engineering for Beginners by Dennis Yurichev
- Hacking the Xbox by Andrew Huang, 2003
- The IDA Pro Book by Chris Eagle, 2011
- Practical Reverse Engineering by Bruce Dang et al., 2014
- Gray Hat Hacking The Ethical Hacker's Handbook by Daniel Regalado et al., 2015
- Practical Malware Analysis by Michael Sikorski & Andrew Honig, 2012
- The Art of Memory Forensics by Michael Hale Ligh et al., 2014
- Malware Analyst's Cookbook and DVD by Michael Hale Ligh et al., 2010
- Windows Internals by Mark Russinovich et al., 2012
- The Art of Deception by Kevin D. Mitnick & William L. Simon, 2002
- The Art of Intrusion by Kevin D. Mitnick & William L. Simon, 2005
- Ghost in the Wires by Kevin D. Mitnick & William L. Simon, 2011
- No Tech Hacking by Johnny Long & Jack Wiles, 2008
- Social Engineering: The Art of Human Hacking by Christopher Hadnagy, 2010
- Unmasking the Social Engineer: The Human Element of Security by Christopher Hadnagy, 2014
- Social Engineering in IT Security: Tools, Tactics, and Techniques by Sharon Conheady, 2014
- Practical Lock Picking by Deviant Ollam, 2012
- Keys to the Kingdom by Deviant Ollam, 2012
- CIA Lock Picking Field Operative Training Manual
- Lock Picking: Detail Overkill by Solomon
- Eddie the Wire books
- Defcon Suggested Reading
- Common Vulnerabilities and Exposures (CVE) - Dictionary of common names (i.e., CVE Identifiers) for publicly known security vulnerabilities.
- National Vulnerability Database (NVD) - United States government's National Vulnerability Database provides additional meta-data (CPE, CVSS scoring) of the standard CVE List along with a fine-grained search engine.
- US-CERT Vulnerability Notes Database - Summaries, technical details, remediation information, and lists of vendors affected by software vulnerabilities, aggregated by the United States Computer Emergency Response Team (US-CERT).
- Full-Disclosure - Public, vendor-neutral forum for detailed discussion of vulnerabilities, often publishes details before many other sources.
- Bugtraq (BID) - Software security bug identification database compiled from submissions to the SecurityFocus mailing list and other sources, operated by Symantec, Inc.
- Exploit-DB - Non-profit project hosting exploits for software vulnerabilities, provided as a public service by Offensive Security.
- Microsoft Security Bulletins - Announcements of security issues discovered in Microsoft software, published by the Microsoft Security Response Center (MSRC).
- Microsoft Security Advisories - Archive of security advisories impacting Microsoft software.
- Mozilla Foundation Security Advisories - Archive of security advisories impacting Mozilla software, including the Firefox Web Browser.
- Packet Storm - Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry.
- CXSecurity - Archive of published CVE and Bugtraq software vulnerabilities cross-referenced with a Google dork database for discovering the listed vulnerability.
- SecuriTeam - Independent source of software vulnerability information.
- Vulnerability Lab - Open forum for security advisories organized by category of exploit target.
- Zero Day Initiative - Bug bounty program with publicly accessible archive of published security advisories, operated by TippingPoint.
- Vulners - Security database of software vulnerabilities.
- Inj3ct0r - Exploit marketplace and vulnerability information aggregator.
- Open Source Vulnerability Database (OSVDB) - Historical archive of security vulnerabilities in computerized equipment, no longer adding to its vulnerability database as of April, 2016.
- HPI-VDB - Aggregator of cross-referenced software vulnerabilities offering free-of-charge API access, provided by the Hasso-Plattner Institute, Potsdam.
- Offensive Security Training - Training from BackTrack/Kali developers.
- SANS Security Training - Computer Security Training & Certification.
- Open Security Training - Training material for computer security classes.
- CTF Field Guide - Everything you need to win your next CTF competition.
- ARIZONA CYBER WARFARE RANGE - 24x7 live fire exercises for beginners through real world operations; capability for upward progression into the real world of cyber warfare.
- Cybrary - Free courses in ethical hacking and advanced penetration testing. Advanced penetration testing courses are based on the book 'Penetration Testing for Highly Secured Environments'.
- Computer Security Student - Many free tutorials, great for beginners, $10/mo membership unlocks all content.
- European Union Agency for Network and Information Security - ENISA Cyber Security Training material.
- DEF CON - Annual hacker convention in Las Vegas.
- Black Hat - Annual security conference in Las Vegas.
- BSides - Framework for organising and holding security conferences.
- CCC - Annual meeting of the international hacker scene in Germany.
- DerbyCon - Annual hacker conference based in Louisville.
- PhreakNIC - Technology conference held annually in middle Tennessee.
- ShmooCon - Annual US East coast hacker convention.
- CarolinaCon - Infosec conference, held annually in North Carolina.
- CHCon - Christchurch Hacker Con, Only South Island of New Zealand hacker con.
- SummerCon - One of the oldest hacker conventions, held during Summer.
- Hack.lu - Annual conference held in Luxembourg.
- Hackfest - Largest hacking conference in Canada.
- HITB - Deep-knowledge security conference held in Malaysia and The Netherlands.
- Troopers - Annual international IT Security event with workshops held in Heidelberg, Germany.
- Hack3rCon - Annual US hacker conference.
- ThotCon - Annual US hacker conference held in Chicago.
- LayerOne - Annual US security conference held every spring in Los Angeles.
- DeepSec - Security Conference in Vienna, Austria.
- SkyDogCon - Technology conference in Nashville.
- SECUINSIDE - Security Conference in [Seoul](https://en.wikipedia.org/wiki/Seoul).
- DefCamp - Largest Security Conference in Eastern Europe, held annually in Bucharest, Romania.
- AppSecUSA - Annual conference organized by OWASP.
- BruCON - Annual security conference in Belgium.
- Infosecurity Europe - Europe's number one information security event, held in London, UK.
- Nullcon - Annual conference in Delhi and Goa, India.
- RSA Conference USA - Annual security conference in San Francisco, California, USA.
- Swiss Cyber Storm - Annual security conference in Lucerne, Switzerland.
- Virus Bulletin Conference - Annual conference going to be held in Denver, USA for 2016.
- Ekoparty - Largest Security Conference in Latin America, held annually in Buenos Aires, Argentina.
- 44Con - Annual Security Conference held in London.
- BalCCon - Balkan Computer Congress, annually held in Novi Sad, Serbia.
- FSec - FSec - Croatian Information Security Gathering in Varaždin, Croatia.
- 2600: The Hacker Quarterly - American publication about technology and computer "underground."
- Phrack Magazine - By far the longest running hacker zine.
- Kali Linux Tools - List of tools present in Kali Linux.
- SecTools - Top 125 Network Security Tools.
- Pentest Cheat Sheets - Awesome Pentest Cheat Sheets.
- C/C++ Programming - One of the main language for open source security tools.
- .NET Programming - Software framework for Microsoft Windows platform development.
- Shell Scripting - Command line frameworks, toolkits, guides and gizmos.
- Ruby Programming by @dreikanter - The de-facto language for writing exploits.
- Ruby Programming by @markets - The de-facto language for writing exploits.
- Ruby Programming by @Sdogruyol - The de-facto language for writing exploits.
- JavaScript Programming - In-browser development and scripting.
- Node.js Programming by @sindresorhus - Curated list of delightful Node.js packages and resources.
- Python tools for penetration testers - Lots of pentesting tools are written in Python.
- Python Programming by @svaksha - General Python programming.
- Python Programming by @vinta - General Python programming.
- Android Security - Collection of Android security related resources.
- Awesome Awesomness - The List of the Lists.
- AppSec - Resources for learning about application security.
- CTFs - Capture The Flag frameworks, libraries, etc.
- InfoSec § Hacking challenges - Comprehensive directory of CTFs, wargames, hacking challenge websites, pentest practice lab exercises, and more.
- Hacking - Tutorials, tools, and resources.
- Honeypots - Honeypots, tools, components, and more.
- Infosec - Information security resources for pentesting, forensics, and more.
- Forensics - Free (mostly open source) forensic analysis tools and resources.
- Malware Analysis - Tools and resources for analysts.
- PCAP Tools - Tools for processing network traffic.
- Security - Software, libraries, documents, and other resources.
- Awesome Lockpicking - Awesome guides, tools, and other resources about the security and compromise of locks, safes, and keys.
- SecLists - Collection of multiple types of lists used during security assessments.
- Security Talks - Curated list of security conferences.
- ![CC-BY
- Creative Commons Attribution 4.0 International License
Programming Languages
Keywords
security
26
awesome
14
python
14
awesome-list
11
hacking
10
pentesting
10
penetration-testing
7
list
7
pentest
6
security-tools
5
ruby
5
security-audit
5
appsec
5
ctf
4
linux
4
cybersecurity
3
infosec
3
windows
3
javascript
3
vulnerabilities
3
application-security
3
golang
3
osint
3
network
3
owasp
3
python3
3
recon
3
scanner
3
vulnerability-scanners
2
dos
2
vulnerability-management
2
security-automation
2
penetration
2
open-source
2
man-in-the-middle
2
proxy
2
ssl
2
tls
2
pentesting-tools
2
hacking-tools
2
static-analysis
2
owasp-top-ten
2
ssh
2
mitm
2
exploitation
2
reverse-engineering
2
security-scanner
2
python2
2
rails
2
packet-sniffer
2