Tools

• Webhacking.kr
• 0xf.at - a website without logins or ads where you can solve password-riddles (so called hackits).
• Hack This Site! - a free, safe and legal training ground for hackers to test and expand their hacking skills
• Hack The Box - a free site to perform pentesting in a variety of different systems.
• fuzzy.land - Website by an Austrian group. Lots of challenges taken from CTFs they participated in.
• Gruyere
• Others
• TryHackMe - Hands-on cyber security training through real-world scenarios.

• Roppers Computing Fundamentals
• gitbook
• Corelan Team's Exploit writing tutorial
• Exploit Writing Tutorials for Pentesters
• Understanding the basics of Linux Binary Exploitation
• Shells
• Missing Semester
• Exploit Writing Tutorials for Pentesters
• Shells
• Understanding the basics of Linux Binary Exploitation

Docker Images for Penetration Testing & Security

• Begin RE: A Reverse Engineering Tutorial Workshop
• Malware Analysis Tutorials: a Reverse Engineering Approach
• Malware Unicorn Reverse Engineering Tutorial
• Lena151: Reversing With Lena
• Malware Analysis Tutorials: a Reverse Engineering Approach

• Hackers tools - Tutorial on tools.
• Metasploit
• mimikatz - A little tool to play with Windows security

Docker Images for Penetration Testing & Security

• official Kali Linux
• official WPScan
• Official Metasploit
• Damn Vulnerable Web Application (DVWA)
• Vulnerable WordPress Installation
• Vulnerability as a service: Shellshock
• Vulnerability as a service: Heartbleed
• Security Ninjas
• Arch Linux Penetration Tester
• Docker Bench for Security
• OWASP Security Shepherd
• OWASP WebGoat Project docker image
• OWASP Mutillidae II Web Pen-Test Practice Application
• OWASP Juice Shop
• Docker Metasploit
• official OWASP ZAP
• OWASP NodeGoat

Disassemblers and debuggers

• IDA - IDA is a Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger
• OllyDbg - A 32-bit assembler level analysing debugger for Windows
• radare2 - A portable reversing framework
• plasma - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
• Capstone
• Ghidra - A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission
• Capstone
• x64dbg - An open-source x64/x32 debugger for Windows
• ScratchABit - Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API

Decompilers

• procyon
• JAD - JAD Java Decompiler (closed-source, unmaintained)
• dotPeek - a free-of-charge .NET decompiler from JetBrains
• dnSpy - .NET assembly editor, decompiler, and debugger
• Hopper - A OS X and Linux Disassembler/Decompiler for 32/64-bit Windows/Mac/Linux/iOS executables.
• cutter - a decompiler based on radare2.
• retdec
• Hex-Rays
• dnSpy - .NET assembly editor, decompiler, and debugger
• Krakatau - the best decompiler I have used. Is able to decompile apps written in Scala and Kotlin into Java code. JD-GUI and Luyten have failed to do it fully.
• JD-GUI
• Luyten - one of the best, though a bit slow, hangs on some binaries and not very well maintained.
• JADX - a decompiler for Android apps. Not related to JAD.
• snowman
• uncompyle6 - decompiler for the over 20 releases and 20 years of CPython.

Deobfuscators

• de4dot - .NET deobfuscator and unpacker.
• JS Beautifier
• JS Nice - a web service guessing JS variables names and types based on the model derived from open source.
• de4dot - .NET deobfuscator and unpacker.

Other

• androguard - Reverse engineering, malware and goodware analysis of Android applications
• UPX - the Ultimate Packer (and unpacker) for eXecutables
• nudge4j - Java tool to let the browser talk to the JVM
• dex2jar - Tools to work with Android .dex and Java .class files
• antinet - .NET anti-managed debugger and anti-profiler code

Execution logging and tracing

• Wireshark - A free and open-source packet analyzer
• tcpdump - A powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture
• Charles Proxy - A cross-platform GUI web debugging proxy to view intercepted HTTP and HTTPS/SSL live traffic
• usbmon - USB capture for Linux.
• tcpdump - A powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture

Binary files examination and editing

• HxD - A hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size
• WinHex - A hexadecimal editor, helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security
• Synalize It
• PEview - A quick and easy way to view the structure and content of 32-bit Portable Executable (PE) and Component Object File Format (COFF) files
• BinText - A small, very fast and powerful text extractor that will be of particular interest to programmers.
• Spyse - Data gathering service that collects web info using OSINT. Provided info: IPv4 hosts, domains/whois, ports/banners/protocols, technologies, OS, AS, maintains huge SSL/TLS DB, and more... All the data is stored in its own database allowing get the data without scanning.
• tools.web-max.ca - base64 base85 md4,5 hash, sha1 hash encoding/decoding
• SubFinder - SubFinder is a subdomain discovery tool that discovers valid subdomains for any target using passive online sources.
• Findsubdomains - A subdomains discovery tool that collects all possible subdomains from open source internet and validates them through various tools to provide accurate results.
• badtouch - Scriptable network authentication cracker
• CSP Scanner - Analyze a site's Content-Security-Policy (CSP) to find bypasses and missing directives.
• Shodan - A web-crawling search engine that lets users search for various types of servers connected to the internet.
• Decompiler.com - Java, Android, Python, C# online decompiler.
• NetworkMiner - A Network Forensic Analysis Tool (NFAT)
• Paros - A Java-based HTTP/HTTPS proxy for assessing web application vulnerability
• findsubdomains - really fast subdomains scanning service that has much greater opportunities than simple subs finder(works using OSINT).
• cirt-fuzzer - A simple TCP/UDP protocol fuzzer.
• ASlookup - a useful tool for exploring autonomous systems and all related info (CIDR, ASN, Org...)
• ZAP - The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications
• nmap - Nmap (Network Mapper) is a security scanner
• Nipe - A script to make Tor Network your default gateway.
• Habu - Python Network Hacking Toolkit
• Scapy - A Python tool and library for low level packet creation and manipulation
• Amass - In-depth subdomain enumeration tool that performs scraping, recursive brute forcing, crawling of web archives, name altering and reverse DNS sweeping
• Autopsy - A digital forensics platform and graphical interface to [The Sleuth Kit](http://www.sleuthkit.org/sleuthkit/index.php) and other digital forensics tools
• malzilla - Malware hunting tool
• CAINE - CAINE is a Ubuntu-based app that offers a complete forensic environment that provides a graphical interface. This tool can be integrated into existing software tools as a module. It automatically extracts a timeline from RAM.
• Spyse - Data gathering service that collects web info using OSINT. Provided info: IPv4 hosts, domains/whois, ports/banners/protocols, technologies, OS, AS, maintains huge SSL/TLS DB, and more... All the data is stored in its own database allowing get the data without scanning.
• IPED - Indexador e Processador de Evidências Digitais - Brazilian Federal Police Tool for Forensic Investigation
• Wifi Jammer - Free program to jam all wifi clients in range
• CSP Scanner - Analyze a site's Content-Security-Policy (CSP) to find bypasses and missing directives.
• Wifi Jammer - Free program to jam all wifi clients in range

Tools

• John the Ripper - A fast password cracker
• Aircrack - Aircrack is 802.11 WEP and WPA-PSK keys cracking program.

Docker Images for Penetration Testing & Security

• Exploit database - An ultimate archive of exploits and vulnerable software

Binary files examination and editing

• Open Malware

Tools

• Hack+ - An Intelligent network of bots that fetch the latest InfoSec content.
• CTFtime.org - All about CTF (Capture The Flag)
• WeChall
• CTF archives (shell-storm)
• Rookit Arsenal - OS RE and rootkit development
• Roppers CTF Fundamentals Course - Free course designed to get a student crushing CTFs as quickly as possible. Teaches the mentality and skills required for crypto, forensics, and more. Full text available as a [gitbook](https://www.hoppersroppers.org/ctf/).

Tools

• OverTheWire - Semtex
• OverTheWire - Vortex
• OverTheWire - Drifter
• pwnable.kr - Provide various pwn challenges regarding system security
• Exploit Exercises - Nebula
• SmashTheStack

Tools

• Reversing.kr - This site tests your ability to Cracking & Reverse Code Engineering
• CodeEngn - (Korean)
• simples.kr - (Korean)
• Crackmes.de - The world first and largest community website for crackmes and reversemes.

Tools

• OverTheWire - Krypton

Tools

• Bugcrowd
• Hackerone
• Intigriti

Tools

• DEF CON
• CSAW CTF
• hack.lu CTF
• Pliad CTF
• RuCTFe
• Ghost in the Shellcode
• PHD CTF
• SECUINSIDE CTF
• Codegate CTF
• Boston Key Party CTF
• ZeroDays CTF
• Pico CTF
• prompt(1) to win - XSS Challenges
• HackTheBox
• Insomni’hack

Tools

• Security related Operating Systems @ Rawsec - Complete list of security related operating systems
• Security @ Distrowatch - Website dedicated to talking about, reviewing and keeping up to date with open source operating systems
• Best Linux Penetration Testing Distributions @ CyberPunk - Description of main penetration testing distributions

Tools

• SecTools - Top 125 Network Security Tools
• Roppers Security Fundamentals - Free course that teaches a beginner how security works in the real world. Learn security theory and execute defensive measures so that you are better prepared against threats online and in the physical world. Full text available as a [gitbook](https://www.hoppersroppers.org/security/).
• Roppers Practical Networking - A hands-on, wildly practical introduction to networking and making packets dance. No wasted time, no memorizing, just learning the fundamentals.
• Rawsec's CyberSecurity Inventory - An open-source inventory of tools, resources, CTF platforms and Operating Systems about CyberSecurity. ([Source](https://gitlab.com/rawsec/rawsec-cybersecurity-list))