Binary files examination and editing

• Scapy - A Python tool and library for low level packet creation and manipulation
• Shodan - A web-crawling search engine that lets users search for various types of servers connected to the internet.
• nmap - Nmap (Network Mapper) is a security scanner
• Synalize It
• PEview - A quick and easy way to view the structure and content of 32-bit Portable Executable (PE) and Component Object File Format (COFF) files
• findsubdomains - really fast subdomains scanning service that has much greater opportunities than simple subs finder(works using OSINT).
• Findsubdomains - A subdomains discovery tool that collects all possible subdomains from open source internet and validates them through various tools to provide accurate results.
• Decompiler.com - Java, Android, Python, C# online decompiler.
• ZAP - The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications
• CSP Scanner - Analyze a site's Content-Security-Policy (CSP) to find bypasses and missing directives.
• Autopsy - A digital forensics platform and graphical interface to [The Sleuth Kit](http://www.sleuthkit.org/sleuthkit/index.php) and other digital forensics tools
• Spyse - Data gathering service that collects web info using OSINT. Provided info: IPv4 hosts, domains/whois, ports/banners/protocols, technologies, OS, AS, maintains huge SSL/TLS DB, and more... All the data is stored in its own database allowing get the data without scanning.
• Spyse - Data gathering service that collects web info using OSINT. Provided info: IPv4 hosts, domains/whois, ports/banners/protocols, technologies, OS, AS, maintains huge SSL/TLS DB, and more... All the data is stored in its own database allowing get the data without scanning.
• CAINE - CAINE is a Ubuntu-based app that offers a complete forensic environment that provides a graphical interface. This tool can be integrated into existing software tools as a module. It automatically extracts a timeline from RAM.
• BinText - A small, very fast and powerful text extractor that will be of particular interest to programmers.
• cirt-fuzzer - A simple TCP/UDP protocol fuzzer.
• ASlookup - a useful tool for exploring autonomous systems and all related info (CIDR, ASN, Org...)
• IPED - Indexador e Processador de Evidências Digitais - Brazilian Federal Police Tool for Forensic Investigation
• CSP Scanner - Analyze a site's Content-Security-Policy (CSP) to find bypasses and missing directives.
• Wifi Jammer - Free program to jam all wifi clients in range
• Wifi Jammer - Free program to jam all wifi clients in range
• DBeaver - a DB editor.
• sqlmap - Automatic SQL injection and database takeover tool
• Dependencies - a FOSS replacement to Dependency Walker.
• masscan - Internet scale portscanner.
• sniffglue - Secure multithreaded packet sniffer
• ssh-mitm - An SSH/SFTP man-in-the-middle tool that logs interactive sessions and passwords.
• wxHexEditor
• Binwalk - Detects signatures, unpacks archives, visualizes entropy.
• NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.
• VHostScan - A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
• PhpSploit - Full-featured C2 framework which silently persists on webserver via evil PHP oneliner
• Netz - Discover internet-wide misconfigurations, using zgrab2 and others.
• Keyscope - an extensible key and secret validation tool for auditing active secrets against multiple SaaS vendors
• CyLR - NTFS forensic image collector
• sleuthkit - A library and collection of command-line digital forensics tools
• Git-Scanner - A tool for bug hunting or pentesting for targeting websites that have open `.git` repositories available in public
• Veles - a visualizer for statistical properties of blobs.
• Kaitai Struct - a DSL for creating parsers in a variety of programming languages. The Web IDE is particularly useful for reverse-engineering.
• pig - A Linux packet crafting tool
• RustScan - Extremely fast port scanner built with Rust, designed to scan all ports in a couple of seconds and utilizes nmap to perform port enumeration in a fraction of the time.
• Amass - In-depth subdomain enumeration tool that performs scraping, recursive brute forcing, crawling of web archives, name altering and reverse DNS sweeping
• badtouch - Scriptable network authentication cracker
• SubFinder - SubFinder is a subdomain discovery tool that discovers valid subdomains for any target using passive online sources.
• CSP Scanner - Analyze a site's Content-Security-Policy (CSP) to find bypasses and missing directives.
• Nipe - A script to make Tor Network your default gateway.
• Habu - Python Network Hacking Toolkit
• HxD - A hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size
• WinHex - A hexadecimal editor, helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security
• Protobuf inspector
• DarunGrim - executable differ.
• PEview - A quick and easy way to view the structure and content of 32-bit Portable Executable (PE) and Component Object File Format (COFF) files
• BinText - A small, very fast and powerful text extractor that will be of particular interest to programmers.
• tools.web-max.ca - base64 base85 md4,5 hash, sha1 hash encoding/decoding
• Paros - A Java-based HTTP/HTTPS proxy for assessing web application vulnerability
• cirt-fuzzer - A simple TCP/UDP protocol fuzzer.
• mitmsocks4j - Man-in-the-middle SOCKS Proxy for Java
• Firesheep - Free program for HTTP session hijacking attacks.
• PETEP - Extensible TCP/UDP proxy with GUI for traffic analysis & modification with SSL/TLS support.
• Autopsy - A digital forensics platform and graphical interface to [The Sleuth Kit](http://www.sleuthkit.org/sleuthkit/index.php) and other digital forensics tools
• EnCase - The shared technology within a suite of digital investigations products by Guidance Software

Execution logging and tracing

• Wireshark - A free and open-source packet analyzer
• usbmon - USB capture for Linux.
• mitmproxy - An interactive, SSL-capable man-in-the-middle proxy for HTTP with a console interface
• USBPcap - USB capture for Windows.
• drltrace - shared library calls tracing.
• dynStruct - structures recovery via dynamic instrumentation.
• Charles Proxy - A cross-platform GUI web debugging proxy to view intercepted HTTP and HTTPS/SSL live traffic

Decompilers

• dotPeek - a free-of-charge .NET decompiler from JetBrains
• cutter - a decompiler based on radare2.
• Hex-Rays
• JADX - a decompiler for Android apps. Not related to JAD.
• JD-GUI
• uncompyle6 - decompiler for the over 20 releases and 20 years of CPython.
• Luyten - one of the best, though a bit slow, hangs on some binaries and not very well maintained.
• Krakatau - the best decompiler I have used. Is able to decompile apps written in Scala and Kotlin into Java code. JD-GUI and Luyten have failed to do it fully.
• snowman
• dnSpy - .NET assembly editor, decompiler, and debugger
• JAD - JAD Java Decompiler (closed-source, unmaintained)
• ILSpy - an open-source .NET assembly browser and decompiler
• Hopper - A OS X and Linux Disassembler/Decompiler for 32/64-bit Windows/Mac/Linux/iOS executables.
• retdec
• Hex-Rays

Docker Images for Penetration Testing & Security

• Damn Vulnerable Web Application (DVWA)
• OWASP Mutillidae II Web Pen-Test Practice Application
• OWASP Security Shepherd
• Vulnerability as a service: Heartbleed
• Vulnerability as a service: Shellshock
• official WPScan
• Official Metasploit
• Security Ninjas
• Docker Bench for Security
• OWASP WebGoat Project docker image
• official Kali Linux
• Arch Linux Penetration Tester
• Docker Metasploit
• official OWASP ZAP
• OWASP NodeGoat
• OWASP Juice Shop
• Vulnerability as a service: Shellshock
• Security Ninjas
• Vulnerability as a service: Heartbleed
• official Kali Linux
• Official Metasploit

Tools

• Aircrack - Aircrack is 802.11 WEP and WPA-PSK keys cracking program.
• xortool - A tool to analyze multi-byte XOR cipher
• Ciphey - Automated decryption tool using artificial intelligence & natural language processing.

Disassemblers and debuggers

• OllyDbg - A 32-bit assembler level analysing debugger for Windows
• x64dbg - An open-source x64/x32 debugger for Windows
• ScratchABit - Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API
• Capstone
• Ghidra - A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission
• OllyDbg - A 32-bit assembler level analysing debugger for Windows

• Hackers tools - Tutorial on tools.
• Metasploit
• mimikatz - A little tool to play with Windows security
• Hackers tools - Tutorial on tools.

Deobfuscators

• JS Nice - a web service guessing JS variables names and types based on the model derived from open source.
• de4dot - .NET deobfuscator and unpacker.
• JS Beautifier
• JS Nice - a web service guessing JS variables names and types based on the model derived from open source.

Other

• dex2jar - Tools to work with Android .dex and Java .class files
• nudge4j - Java tool to let the browser talk to the JVM
• antinet - .NET anti-managed debugger and anti-profiler code
• androguard - Reverse engineering, malware and goodware analysis of Android applications
• UPX - the Ultimate Packer (and unpacker) for eXecutables

• Corelan Team's Exploit writing tutorial
• gitbook
• Roppers Computing Fundamentals
• Exploit Writing Tutorials for Pentesters
• Shells
• Missing Semester
• Exploit Writing Tutorials for Pentesters
• Shells
• Understanding the basics of Linux Binary Exploitation
• Exploit Writing Tutorials for Pentesters
• Exploit Writing Tutorials for Pentesters
• Shells

Docker Images for Penetration Testing & Security

• Malware Unicorn Reverse Engineering Tutorial
• Begin RE: A Reverse Engineering Tutorial Workshop
• Lena151: Reversing With Lena
• Malware Analysis Tutorials: a Reverse Engineering Approach
• Malware Analysis Tutorials: a Reverse Engineering Approach

Tools

• CTFtime.org - All about CTF (Capture The Flag)
• CTF archives (shell-storm)
• WeChall
• Rookit Arsenal - OS RE and rootkit development
• Hack+ - An Intelligent network of bots that fetch the latest InfoSec content.
• Roppers CTF Fundamentals Course - Free course designed to get a student crushing CTFs as quickly as possible. Teaches the mentality and skills required for crypto, forensics, and more. Full text available as a [gitbook](https://www.hoppersroppers.org/ctf/).
• Movies For Hackers - A curated list of movies every hacker & cyberpunk must watch.
• Pentest Cheat Sheets - Collection of cheat sheets useful for pentesting
• CTF archives (shell-storm)
• Hack+ - An Intelligent network of bots that fetch the latest InfoSec content.

Docker Images for Penetration Testing & Security

• Exploit database - An ultimate archive of exploits and vulnerable software

Binary files examination and editing

• Open Malware
• Strong node.js - An exhaustive checklist to assist in the source code security analysis of a node.js web service.

Tools

• TryHackMe - Hands-on cyber security training through real-world scenarios.
• Gruyere
• Hack This Site! - a free, safe and legal training ground for hackers to test and expand their hacking skills
• 0xf.at - a website without logins or ads where you can solve password-riddles (so called hackits).
• fuzzy.land - Website by an Austrian group. Lots of challenges taken from CTFs they participated in.
• Webhacking.kr
• Others

Tools

• Rawsec's CyberSecurity Inventory - An open-source inventory of tools, resources, CTF platforms and Operating Systems about CyberSecurity. ([Source](https://gitlab.com/rawsec/rawsec-cybersecurity-list))
• Roppers Security Fundamentals - Free course that teaches a beginner how security works in the real world. Learn security theory and execute defensive measures so that you are better prepared against threats online and in the physical world. Full text available as a [gitbook](https://www.hoppersroppers.org/security/).
• Roppers Practical Networking - A hands-on, wildly practical introduction to networking and making packets dance. No wasted time, no memorizing, just learning the fundamentals.
• silenttrinity - A post exploitation tool that uses iron python to get past powershell restrictions.
• empire - A post exploitation framework for powershell and python.
• PowerSploit - A PowerShell post exploitation framework
• ebowla - Framework for Making Environmental Keyed Payloads
• The Cyberclopaedia - The open-source encyclopedia of cybersecurity. [GitHub Repository](https://github.com/cr0mll/cyberclopaedia)

Tools

• Pico CTF
• DEF CON
• Ghost in the Shellcode
• CSAW CTF
• Pliad CTF
• RuCTFe
• SECUINSIDE CTF
• Codegate CTF
• Boston Key Party CTF
• ZeroDays CTF
• Insomni’hack
• hack.lu CTF
• RuCTFe
• Ghost in the Shellcode
• PHD CTF
• Codegate CTF
• Boston Key Party CTF
• HackTheBox

Tools

• Intigriti
• Bugcrowd
• Hackerone
• Hackerone

Tools

• Security related Operating Systems @ Rawsec - Complete list of security related operating systems
• Best Linux Penetration Testing Distributions @ CyberPunk - Description of main penetration testing distributions

Tools

• Reversing.kr - This site tests your ability to Cracking & Reverse Code Engineering
• CodeEngn - (Korean)
• Crackmes.de - The world first and largest community website for crackmes and reversemes.
• Reversing.kr - This site tests your ability to Cracking & Reverse Code Engineering
• CodeEngn - (Korean)
• simples.kr - (Korean)

Tools

• Awesome bug bounty resources by EdOverflow

Tools

• SmashTheStack
• OverTheWire - Semtex
• OverTheWire - Vortex
• OverTheWire - Drifter
• Exploit Exercises - Nebula
• HackingLab

Tools

• OverTheWire - Krypton