Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

awesome-hacking-tools

😱An awesome curated list for hacking & pentesting tools!
https://github.com/Jackelele/awesome-hacking-tools

Last synced: 1 day ago
JSON representation

  • Android Security

  • Asset Discovery

    • Domain / Subdomain Discovery

    • Content Discovery

      • RustButer - Files, directories and vhost buster written in Rust.
    • IP Address Discovery

      • Massdns - A DNS resolver utility for bulk lookups
      • Mxtoolbox - Bulk Domain/IP lookup tool
      • Domaintoipconverter - Bulk domain to IP converter
      • Googleapps Dig - Online Dig tool by Google
      • DataSploit (IP Address Modules) - An OSINT Framework to perform various recon techniques
      • Domain Dossier - Investigate domains and IP addresses
      • Bgpview - Search ASN, IPv4/IPv6 or resource name
      • Viewdns
      • Ultratools ipv6Info - Multiple information related to IPv6 address
      • Whois - Command line utility usually used to find information about registered users/assignees of an Internet resource.
      • Linux - us/windows-server/administration/windows-commands/nslookup) - Command line utility usually used for querying the DNS records
      • bgp - Internet Backbone and Colocation Provider ... Hurricane Electric IP Transit. Our Global Internet Backbone provides IP Transit with low latency, access to thousands of networks, and dual-stack
    • Email Discovery

    • Network/Port Scanning

      • Zmap - A fast network scanner designed for Internet-wide network surveys
      • Masscan - An asynchronously TCP port scanner
      • ZMapv6 - A modified version of Zmap with IPv6 support.
      • Nmap - A free and open source utility for network discovery. The most popular port scanner.
    • Business Communication Infrastructure Discovery

      • Gitrob - Reconnaissance tool for GitHub organizations
      • Github - Github Advanced Search
      • Gitlab - Search Gitlab projects
      • Publicwww - Source Code Search Engine
      • builtwith - Web technology information profiler tool. Find out what a website is built with.
    • Cloud Infrastructure Discovery

      • CloudScraper - A tool to spider websites for cloud resources (S3 Buckets, Azure Blobs, DigitalOcean Storage Space)
      • InSp3ctor - AWS S3 Bucket/Object finder
      • Spaces-finder - A tool to hunt for publicly accessible DigitalOcean Spaces
      • GCPBucketBrute - A Google Storage buckets enumeration script
      • CloudStorageFinder - Tools to find public data in cloud storage systems
      • Buckets Grayhatwarfare - Search for Open Amazon s3 Buckets and their contents
    • Social Media / Employee Profiling

      • LinkedInt - A LinkedIn scraper for reconnaissance
      • Glassdoor - Company review and rating search
      • SocialBlade - Track user statistics for different platforms including YouTube and Twitter
      • Social-Searcher - Social Media Search Engine
    • Data Leaks

      • Scavenger - Paste sites crawler (bot) looking for leaked credentials
      • Pwnbin - Python based Pastebin crawler for keywords.
      • PwnedOrNot - Tool to find passwords for compromised accounts
      • Dumpmon - A twitter bot which monitors multiple paste sites for password dumps and other sensitive information
      • Pastebin_scraper - Automated tool to monitor pastebin for interesting information
    • Company Information and Associations

      • Crunchbase - Information about companies (funding, acquisition, merger etc.) and the people behind them
      • OverSeas Registries - List of company registries located around the world
    • Internet Survey Data

      • Project Sonar - Rapid7’s internet-wide surveys data across different services and protocols
      • Portradar - Free and open port scan data by packet.tel
    • Internet Scan / Archived Information

  • Application Security

    • Websites

      • Juice Shop - An intentionally insecure Javascript Web Application.
      • OWASP NodeGoat - Purposly vulnerable to the OWASP Top 10 Node.JS web application, with [tutorials](https://nodegoat.herokuapp.com/tutorial), [security regression testing with the OWASP Zap API](https://github.com/OWASP/NodeGoat/wiki/NodeGoat-Security-Regression-tests-with-ZAP-API), [docker image](https://github.com/owasp/nodegoat#option-3---run-nodegoat-on-docker). With several options to get up and running fast.
      • Web App Sec Quiz - Self-assessment quiz for web application security
      • SecurePasswords.info - Secure passwords in several languages/frameworks.
      • Security News Feeds Cheat-Sheet - A list of security news sources.
      • MicroCorruption - Capture The Flag - Learn Assembly and Embedded Device Security
    • Application Security Learning Resources

    • Blogs

      • NCC Group - Blog - The blog of NCC Group, formerly Matasano, iSEC Partners, and NGS Secure.
    • Tools

  • Credits