Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
venom
👽 The collection of awesome software, tools, libraries, documents, books, resources and cool stuff about information security, penetration testing and offensive cybersecurity.
https://github.com/kraloveckey/venom
Last synced: 4 days ago
JSON representation
-
Analysis Tools
- `CyberChef` - The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis.
- `DocBleach` - An open-source Content Disarm & Reconstruct software sanitizing Office, PDF and RTF Documents.
- `Kaitai Struct` - File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby.
- `peepdf` - Python tool to explore PDF files in order to find out if the file can be harmful or not.
- `Veles` - Binary data visualization and analysis tool.
-
Anonymity / Tor Tools
- `dos-over-tor` - Proof of concept denial of service over Tor stress test tool.
- `kalitorify` - Transparent proxy through Tor for Kali Linux OS.
- `I2P` - The Invisible Internet Project.
- `Nipe` - Script to redirect all traffic from the machine to the Tor network.
- `Metadata Anonymization Toolkit (MAT)` - Metadata removal tool, supporting a wide range of commonly used file formats, written in Python3.
- `OnionScan` - Tool for investigating the Dark Web by finding operational security issues introduced by Tor hidden service operators.
- `Tor` - Free software and onion routed overlay network that helps you defend against traffic analysis.
-
Network
-
Protocol Analyzers / Sniffers
- `Debookee` - Simple and powerful network traffic analyzer for macOS.
- `Live HTTP headers` - Live HTTP headers is a free firefox addon to see your browser requests in real time. It shows the entire headers of the requests and can be used to find the security loopholes in implementations.
- `Wireshark` - Widely-used graphical, cross-platform network protocol analyzer.
-
Forensics
- `dsniff` - Collection of tools for network auditing and pentesting.
- `Intercepter-NG` - Multifunctional network toolkit.
- `Ncrack` - High-speed network authentication cracking tool built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords.
- `Praeda` - Automated multi-function printer data harvester for gathering usable data during security assessments.
-
Anti-Spam
- `Spam Scanner` - Anti-Spam Scanning Service and Anti-Spam API.
- `SpamAssassin` - A powerful and popular email spam filter employing a variety of detection technique.
-
DDoS Tools
- `Anevicon` - Powerful UDP-based load generator, written in Rust.
- `HOIC` - Updated version of Low Orbit Ion Cannon, has 'boosters' to get around common counter measures.
- `T50` - Faster network stress tool.
-
Firewall
- `fwknop` - Protects ports via Single Packet Authorization in your firewall.
- `ipset` - Framework inside the Linux kernel, which can be administered by the ipset utility. Depending on the type, an IP set may store IP addresses, networks, (TCP/UDP) port numbers, MAC addresses, interface names or combinations of them in a way, which ensures lightning speed when matching an entry against a set.
- `OPNsense` - is an open source, easy-to-use and easy-to-build FreeBSD based firewall and routing platform. OPNsense includes most of the features available in expensive commercial firewalls, and more in many cases. It brings the rich feature set of commercial offerings with the benefits of open and verifiable sources.
- `pfSense` - Firewall and Router FreeBSD distribution.
-
IDS / IPS / Host IDS / Host IPS
- `AIEngine` - AIEngine is a next generation interactive/programmable Python/Ruby/Java/Lua packet inspection engine with capabilities of learning without any human intervention, NIDS(Network Intrusion Detection System) functionality, DNS domain classification, network collector, network forensics and many others.
- `Snort` - Snort is a free and open source network intrusion prevention system (NIPS) and network intrusion detection system (NIDS)created by Martin Roesch in 1998. Snort is now developed by Sourcefire, of which Roesch is the founder and CTO. In 2009, Snort entered InfoWorld's Open Source Hall of Fame as one of the "greatest [pieces of] open source software of all time".
- `Stealth` - File integrity checker that leaves virtually no sediment. Controller runs from another machine, which makes it hard for an attacker to know that the file system is being checked at defined pseudo random intervals over SSH. Highly recommended for small to medium deployments.
- `Suricata` - Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF and its supporting vendors.
- `Zeek` - Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
-
IP
- `abuseipdb` - Check an IP Address, Domain Name, or Subnet.
- `ifconfig.io` - What is my ip address?.
- `ipdeny` - All country IP block files are provided in CIDR format.
- `myip` - Live Whois IP Source.
- `subnet-calculator` - The CIDR Calculator enables CIDR network calculations using IP address, subnet mask, mask bits, maximum required IP addresses and maximum required subnets.
-
Honey Pot / Honey Net
- `awesome-honeypots` - The canonical awesome honeypot list.
- `Conpot` - ICS/SCADA Honeypot. Conpot is a low interactive server side Industrial Control Systems honeypot designed to be easy to deploy, modify and extend. By providing a range of common industrial control protocols we created the basics to build your own system, capable to emulate complex infrastructures to convince an adversary that he just found a huge industrial complex. To improve the deceptive capabilities, we also provided the possibility to server a custom human machine interface to increase the honeypots attack surface. The response times of the services can be artificially delayed to mimic the behaviour of a system under constant load. Because we are providing complete stacks of the protocols, Conpot can be accessed with productive HMI's or extended with real hardware. Conpot is developed under the umbrella of the Honeynet Project and on the shoulders of a couple of very big giants.
-
Monitoring / Logging / Event Management
- `Falco` - The cloud-native runtime security project and de facto Kubernetes threat detection engine now part of the CNCF.
- `Node Security Platform` - Similar feature set to Snyk, but free in most cases, and very cheap for others.
- `Prelude` - Prelude is a Universal "Security Information & Event Management" (SIEM) system. Prelude collects, normalizes, sorts, aggregates, correlates and reports all security-related events independently of the product brand or license giving rise to such events; Prelude is "agentless".
-
Network Reconnaissance Tools
- `dnschecker` - Online DNS Check.
- `DNSDumpster` - Online DNS recon and search service.
- `dnstracer` - Determines where a given DNS server gets its information from, and follows the chain of DNS servers.
- `nmap` - Free security scanner for network exploration & security audits.
- `zmap` - Open source network scanner that enables researchers to easily perform Internet-wide network studies.
-
Network Traffic Replay and Editing Tools
- `tcpreplay` - Suite of free Open Source utilities for editing and replaying previously captured network traffic.
- `TraceWrangler` - Network capture file toolkit that can edit and merge `pcap` or `pcapng` files with batch editing features.
-
Network Vulnerability Scanners
-
Proxies and Machine-in-the-Middle (MITM) Tools
- `BetterCAP` - Modular, portable and easily extensible MITM framework.
-
VPN
- `OpenVPN` - OpenVPN is an open source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchange.
-
Wireless Network Tools
- `Aircrack-ng` - Set of tools for auditing wireless networks.
- `BoopSuite` - Suite of tools written in Python for wireless auditing.
- `Bully` - Implementation of the WPS brute force attack, written in C.
- `Kismet` - Wireless network detector, sniffer, and IDS.
- `Reaver` - Brute force attack against WiFi Protected Setup.
-
-
Anti-virus Evasion Tools
- `Shellter` - Dynamic shellcode injection tool, and the first truly dynamic PE infector ever created.
- `UniByAv` - Simple obfuscator that takes raw shellcode and generates Anti-Virus friendly executables by using a brute-forcable, 32-bit XOR key.
- `Veil` - Generate metasploit payloads that bypass common anti-virus solutions.
-
Cloud Platform Attack Tools
- `HackingThe.cloud`
- `Cloud Container Attack Tool (CCAT)` - Tool for testing security of container environments.
-
Collaboration Tools
- `Lair` - Reactive attack collaboration framework and web application built with meteor.
- `Reconmap` - Open-source collaboration platform for InfoSec professionals that streamlines the pentest process.
-
CTF Tools / Resources / Courses
- `Awesome CTF` - A curated list of CTF frameworks, libraries, resources and software.
- `Hack The Box` - An online cybersecurity training platform allowing IT professionals to advance their ethical hacking skills and be part of a worldwide community.
- `Offensive Security Training` - Training from BackTrack/Kali developers.
- `OverTheWire War Games` - The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of fun-filled games.
- `Roppers Academy Training` - Free courses on computing and security fundamentals designed to train a beginner to crush their first CTF.
- `TryHackMe` - Online platform for learning cyber security, using hands-on exercises and labs.
-
Datastores
- `databunker` - Databunker is an address book on steroids for storing personal data. GDPR and encryption are out of the box.
- `nextcloud` - A safe home for all your data.
- `passbolt` - The password manager your team was waiting for. Free, open source, extensible, based on OpenPGP.
- `Vault` - An encrypted datastore secure enough to hold environment and application secrets.
-
Emails
- `10minutemail` - Free Temporary Email.
- `mail-tester` - Test the Spammyness of your Emails.
- `dkimvalidator` - DKIM, SPF, SpamAssassin Email Validator.
- `spf-policy-tester` - SPF Policy Tester.
- `spf` - SPF Record Check - Lookup SPF Records.
-
Endpoint
-
Anti-Virus / Anti-Malware
- `Awesome Malware Analysis` - A curated list of awesome malware analysis tools and resources.
- `ClamAv` - ClamAV® is an open-source antivirus engine for detecting trojans, viruses, malware & other malicious threats.
- `Linux Malware Detect` - A malware scanner for Linux designed around the threats faced in shared hosted environments.
-
Authentication
- `FreeOTP` - A two-factor authentication application for systems utilizing one-time password protocols. Tokens can be added easily by scanning a QR code.
-
Mobile / Android / iOS
- `android-security-awesome` - A collection of android security related resources. A lot of work is happening in academia and industry on tools to perform dynamic analysis, static analysis and reverse engineering of android apps.
- `dotPeek` - Free-of-charge standalone tool based on ReSharper's bundled decompiler.
- `Themis` - High-level multi-platform cryptographic framework for protecting sensitive data: secure messaging with forward secrecy and secure data storage (AES256GCM), suits for building end-to-end encrypted applications.
-
Forensics
- `mig` - MIG is a platform to perform investigative surgery on remote endpoints. It enables investigators to obtain information from large numbers of systems in parallel, thus accelerating investigation of incidents and day-to-day operations security.
-
-
Exfiltration Tools
-
Forensics
- `Iodine` - Tunnel IPv4 data through a DNS server; useful for exfiltration from networks where Internet access is firewalled, but DNS queries are allowed.
-
-
Hash Cracking Tools
-
Forensics
- `CeWL` - Generates custom wordlists by spidering a target's website and collecting unique words.
- `crackstation` - Password Hash Cracker.
- `Rar Crack` - RAR bruteforce cracker.
-
-
Hex Editors
-
Forensics
- `Hexinator` - World's finest (proprietary, commercial) Hex Editor.
- `wxHexEditor` - Free GUI hex editor for GNU/Linux, macOS, and Windows.
-
-
Intentionally Vulnerable Systems
-
Forensics
- `Vulnerable WordPress Installation` - `docker pull wpscanteam/vulnerablewordpress`.
-
-
Multi-paradigm Frameworks
-
Forensics
- `Armitage` - Java-based GUI front-end for the Metasploit Framework.
- `Metasploit` - Software for offensive security teams to help verify vulnerabilities and manage security assessments.
-
-
Open Sources Intelligence (OSINT)
-
Wireless Network Tools
- `Hunter.io` - Data broker providing a Web search interface for discovering the email addresses and other organizational details of a company.
- `Threat Crowd` - Search engine for threats.
-
Metadata harvesting and analysis
- `FOCA (Fingerprinting Organizations with Collected Archives)` - Automated document harvester that searches Google, Bing, and DuckDuckGo to find and extrapolate internal company organizational structures.
-
Network device discovery tools
- `Shodan` - World's first search engine for Internet-connected devices.
-
OSINT Online Resources
- `bugmenot` - Find and share logins, see if the bugmenot community has shared any logins for it.
- `Extract Images` - Extract Images from any public website by using a virtual browser.
- `GhostProject` - Searchable database of billions of cleartext passwords, partially visible for free.
- `iHUNT Intelligence FRAMEWORK` - Focuses on gathering information from free and open-source tools or resources. The intention is to help people find free and open source combined OSINT, GEOINT, SOCMINT and HUMINT resources for research or practice purposes, especially Law Enforcement and Intelligence Officers.
- `NetBootcamp OSINT Tools` - Collection of OSINT links and custom Web interfaces to other services.
- `whatsmyname` - This tool allows you to enumerate usernames across many websites.
- `WiGLE.net` - Information about wireless networks world-wide, with user-friendly desktop and web applications.
-
Web application and resource analysis tools
- `EyeWitness` - Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible.
- `Wappalyzer` - Wappalyzer uncovers the technologies used on websites.
-
-
Operating Systems
-
Linux
- `GTFOBins` - Curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems.
- `LOLBAS (Living Off The Land Binaries and Scripts)` - Documents binaries, scripts, and libraries that can be used for "Living Off The Land" techniques, i.e., binaries that can be used by an attacker to perform actions beyond their original purpose.
- `Lynis` - Auditing tool for UNIX-based systems.
- `crontab.guru` - The quick and simple editor for cron schedule expressions.
- `Data Storage Converter` - Popular data storage unit conversions.
- `explainshell` - Write down a command-line to see the help text that matches each argument.
- `LDAP TS Converter` - LDAP, Active Directory & Filetime Timestamp Converter.
- `Unix TS Converter` - Epoch & Unix Timestamp Conversion Tools.
- `chmod calculator` - Chmod calculator allows you to quickly generate permissions in numerical and symbolic formats. All extra options are included (recursive, sticky, etc). You’ll be ready to copy paste your chmod command into your terminal in seconds.
-
macOS
- `Bella` - Pure Python post-exploitation data mining and remote administration tool for macOS.
-
Windows
- `Empire` - Pure PowerShell post-exploitation agent.
- `wePWNise` - Generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software.
- `Windows Credentials Editor` - Inspect logon sessions and add, change, list, and delete associated credentials, including Kerberos tickets.
-
Operating System Distributions
- `Android Tamer` - Distribution built for Android security professionals that includes tools required for Android security testing.
- `ArchStrike` - Arch GNU/Linux repository for security professionals and enthusiasts.
- `BlackArch` - Arch GNU/Linux-based distribution for penetration testers and security researchers.
- `Buscador` - GNU/Linux virtual machine that is pre-configured for online investigators.
- `Kali` - Rolling Debian-based GNU/Linux distribution designed for penetration testing and digital forensics.
- `Parrot` - Distribution similar to Kali, with support for multiple hardware architectures.
- `PentestBox` - Open source pre-configured portable penetration testing environment for the Windows Operating System.
- `Qubes OS` - Qubes OS is a free and open-source security-oriented operating system meant for single-user desktop computing.
- `tsurugi` - heavily customized Linux distribution that designed to support DFIR investigations, malware analysis and OSINT activities.
-
Online Operating Systems Resources
- `DistroWatch.com's Security Category` - Website dedicated to talking about, reviewing, and keeping up to date with open source operating systems.
-
-
Penetration Testing
-
Online Penetration Testing Resources
- `offsec.tools` - A vast collection of security tools for bug bounty, pentest and red teaming.
- `MITRE's Adversarial Tactics, Techniques & Common Knowledge (ATT&CK)` - Curated knowledge base and model for cyber adversary behavior.
- `Penetration Testing Framework (PTF)` - Outline for performing penetration tests compiled as a general framework usable by vulnerability analysts and penetration testers alike.
- `XSS-Payloads` - Resource dedicated to all things XSS (cross-site), including payloads, tools, games, and documentation.
-
Passwords
- `weakpass` - For any kind of bruteforce find wordlists.
-
Penetration Testing Report Templates
- `T&VS Pentesting Report Template` - Pentest report template provided by Test and Verification Services, Ltd.
-
-
Physical Access Tools
-
Penetration Testing Report Templates
- `AT Commands` - Use AT commands over an Android device's USB port to rewrite device firmware, bypass security mechanisms, exfiltrate sensitive information, perform screen unlocks, and inject touch events.
- `Poisontap` - Siphons cookies, exposes internal (LAN-side) router and installs web backdoor on locked computers.
- `Proxmark3` - RFID/NFC cloning, replay, and spoofing toolkit often used for analyzing and attacking proximity cards/readers, wireless keys/keyfobs, and more.
- `Thunderclap` - Open source I/O security research platform for auditing physical DMA-enabled hardware peripheral ports.
-
-
Reverse Engineering
-
Penetration Testing Report Templates
- `angr` - Platform-agnostic binary analysis framework.
- `Capstone` - Lightweight multi-platform, multi-architecture disassembly framework.
- `Ghidra` - Suite of free software reverse engineering tools developed by NSA's Research Directorate originally exposed in WikiLeaks's "Vault 7" publication and now maintained as open source software.
- `Immunity Debugger` - Powerful way to write exploits and analyze malware.
- `OllyDbg` - x86 debugger for Windows binaries that emphasizes binary code analysis.
-
-
Social Engineering
-
Penetration Testing Report Templates
- `fakeinfo` - Generate Fake Info.
- `fake-telegram-chat-generator` - Generate your very own fake Telegram Messanger Chat.
- `zeoob` - Create Fake Instagram, Twitter & Facebook Posts.
-
-
Threat Intelligence
-
Penetration Testing Report Templates
- `Internet Storm Center` - The ISC was created in 2001 following the successful detection, analysis, and widespread warning of the Li0n worm. Today, the ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers.
- `leakedin.com` - The primary purpose of leakedin.com is to make visitors aware about the risks of loosing data. This blog just compiles samples of data lost or disclosed on sites like pastebin.com.
- `MISP - Open Source Threat Intelligence Platform` - MISP threat sharing platform is a free and open source software helping information sharing of threat intelligence including cyber security indicators. A threat intelligence platform for gathering, sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information. The MISP project includes software, common libraries ([taxonomies](https://www.misp-project.org/taxonomies.html), [threat-actors and various malware](https://www.misp-project.org/galaxy.html)), an extensive data model to share new information using [objects](https://www.misp-project.org/objects.html) and default [feeds](https://www.misp-project.org/feeds/).
- `PhishStats` - Phishing Statistics with search for IP, domain and website title.
- `Threat Jammer` - REST API service that allows developers, security engineers, and other IT professionals to access curated threat intelligence data from a variety of sources.
- `Tor Bulk Exit List` - CollecTor, your friendly data-collecting service in the Tor network. CollecTor fetches data from various nodes and services in the public Tor network and makes it available to the world. If you're doing research on the Tor network, or if you're developing an application that uses Tor network data, this is your place to start. [TOR Node List](https://www.dan.me.uk/tornodes) / [DNS Blacklists](https://www.dan.me.uk/dnsbl) / [Tor Node List](http://torstatus.blutmagie.de/)
- `AutoShun` - AutoShun is a Snort plugin that allows you to send your Snort IDS logs to a centralized server that will correlate attacks from your sensor logs with other snort sensors, honeypots, and mail filters from around the world.
-
-
Vulnerability Databases
-
Penetration Testing Report Templates
- `Bugtraq (BID)` - Software security bug identification database compiled from submissions to the SecurityFocus mailing list and other sources, operated by Symantec, Inc.
- `China National Vulnerability Database (CNNVD)` - Chinese government-run vulnerability database analoguous to the United States's CVE database hosted by Mitre Corporation.
- `Common Vulnerabilities and Exposures (CVE)` - Dictionary of common names (i.e., CVE Identifiers) for publicly known security vulnerabilities.
- `CXSecurity` - Archive of published CVE and Bugtraq software vulnerabilities cross-referenced with a Google dork database for discovering the listed vulnerability.
- `Exploit-DB` - Non-profit project hosting exploits for software vulnerabilities, provided as a public service by Offensive Security.
- `HPI-VDB` - Aggregator of cross-referenced software vulnerabilities offering free-of-charge API access, provided by the Hasso-Plattner Institute, Potsdam.
- `Inj3ct0r` - Exploit marketplace and vulnerability information aggregator. ([`Onion service`](http://mvfjfugdwgc5uwho.onion/).)
- `National Vulnerability Database (NVD)` - United States government's National Vulnerability Database provides additional meta-data (CPE, CVSS scoring) of the standard CVE List along with a fine-grained search engine.
- `Open Source Vulnerabilities (OSV)` - Database of vulnerabilities affecting open source software, queryable by project, Git commit, or version.
- `Rapid7` - Vulnerability & Exploit Database.
- `Sploitus` - Convenient central place for identifying the newest exploits and finding attacks that exploit known vulnerabilities.
- `US-CERT Vulnerability Notes Database` - Summaries, technical details, remediation information, and lists of vendors affected by software vulnerabilities, aggregated by the United States Computer Emergency Response Team (US-CERT).
- `Vulmon` - Vulnerability search engine with vulnerability intelligence features that conducts full text searches in its database.
- `Vulnerability Lab` - Open forum for security advisories organized by category of exploit target.
- `Vulners` - Security database of software vulnerabilities.
-
-
Web
-
Penetration Testing Report Templates
- `Awesome Web Hacking` - This list is for anyone wishing to learn about web application security but do not have a starting point.
-
Web Exploitation
- `autochrome` - Chrome browser profile preconfigured with appropriate settings needed for web application testing.
- `sslstrip` - Demonstration of the HTTPS stripping attacks.
-
Web Path Discovery / Bruteforcing Tools
- `DotDotPwn` - Directory traversal fuzzer.
-
Web Proxies Intercepting
- `Fiddler` - Free cross-platform web debugging proxy with user-friendly companion tools.
- `mitmproxy` - Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
- `OWASP Zed Attack Proxy (ZAP)` - Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.
-
Web Vulnerability Scanners
- `Nikto` - Noisy but fast black box web server and web application vulnerability scanner.
- `SecApps` - In-browser web application security testing suite.
- `skipfish` - Performant and adaptable active web application security reconnaissance tool.
- `WebReaver` - Commercial, graphical web application vulnerability scanner designed for macOS.
- `WPScan` - Black box WordPress vulnerability scanner.
- `ZAP` - The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
-
-
Web Servers
-
Web Vulnerability Scanners
- `nginx playground` - Paste in an nginx config, and then a server starts nginx for you and runs any curl or http command you want against that nginx server.
- `Server Side TLS` - help teams with the configuration of TLS.
-
-
Useful Resources
-
Security Awesome Lists
- `Awesome AppSec` - Resources for learning about application security.
- `Awesome Blue Team` - Awesome resources, tools, and other shiny things for cybersecurity blue teams.
- `Awesome Crypto Papers` - A curated list of cryptography papers, articles, tutorials and howtos.
- `Awesome Hacking` - A curated list of awesome Hacking tutorials, tools and resources.
- `Awesome Incident Response` - A curated list of resources for incident response.
- `Awesome Linux Containers` - A curated list of awesome Linux Containers frameworks, libraries and software.
- `Awesome PCAP Tools` - A collection of tools developed by other researchers in the Computer Science area to process network traces.
- `Awesome Security` - Software, libraries, documents, and other resources.
- `Awesome Shell Scripting` - Command line frameworks, toolkits, guides and gizmos.
-
Other Lists
- `awesome-awesomeness` - awesome-* or *-awesome lists.
- `Awesome Self-Hosted`
- `Azure Security` - A practical guide to the native security services of Microsoft Azure.
- `InfoSec & Hacking challenges` - Comprehensive directory of CTFs, wargames, hacking challenge websites, pentest practice lab exercises, and more.
- `Rawsec's CyberSecurity Inventory` - An open-source inventory of tools, resources, CTF platforms and Operating Systems about CyberSecurity. ([`Source`](https://gitlab.com/rawsec/rawsec-cybersecurity-list))
- `.NET Programming` - Software framework for Microsoft Windows platform development.
- `C/C++ Programming` - One of the main language for open source security tools.
- `JavaScript Programming` - In-browser development and scripting.
- `Ruby Programming by @markets` - The de-facto language for writing exploits.
-
-
Other
-
Other Lists
- `development/curlconverter` - Convert curl commands to Python, JavaScript and more.
- `development/Text to ASCII` - Text to ASCII Art Generator (TAAG).
-
Categories
Network
47
Operating Systems
23
Useful Resources
18
Vulnerability Databases
15
Web
13
Open Sources Intelligence (OSINT)
13
Endpoint
8
Threat Intelligence
7
Anonymity / Tor Tools
7
Penetration Testing
6
CTF Tools / Resources / Courses
6
Reverse Engineering
5
Emails
5
Analysis Tools
5
Datastores
4
Physical Access Tools
4
Hash Cracking Tools
3
Anti-virus Evasion Tools
3
Social Engineering
3
Cloud Platform Attack Tools
2
Web Servers
2
Multi-paradigm Frameworks
2
Hex Editors
2
Collaboration Tools
2
Other
2
Intentionally Vulnerable Systems
1
Exfiltration Tools
1
Sub Categories
Penetration Testing Report Templates
36
Forensics
14
Other Lists
11
Operating System Distributions
9
Security Awesome Lists
9
Linux
9
Web Vulnerability Scanners
8
Wireless Network Tools
7
OSINT Online Resources
7
Network Reconnaissance Tools
5
IP
5
IDS / IPS / Host IDS / Host IPS
5
Online Penetration Testing Resources
4
Firewall
4
Windows
3
Anti-Virus / Anti-Malware
3
DDoS Tools
3
Web Proxies Intercepting
3
Monitoring / Logging / Event Management
3
Mobile / Android / iOS
3
Protocol Analyzers / Sniffers
3
Web Exploitation
2
Anti-Spam
2
Network Vulnerability Scanners
2
Honey Pot / Honey Net
2
Web application and resource analysis tools
2
Network Traffic Replay and Editing Tools
2
Web Path Discovery / Bruteforcing Tools
1
macOS
1
Proxies and Machine-in-the-Middle (MITM) Tools
1
Passwords
1
Metadata harvesting and analysis
1
VPN
1
Authentication
1
Online Operating Systems Resources
1
Network device discovery tools
1
Keywords
awesome
13
awesome-list
12
security
9
list
6
ruby
2
owasp
2
cryptography
2
cybersecurity
2
java
2
encryption
2
dynamic-analysis
1
malware-analysis
1
malware-collection
1
malware-research
1
malware-samples
1
encoding
1
network-traffic
1
static-analysis
1
threat-intelligence
1
threat-sharing
1
threatintel
1
android
1
asymmetric-cryptography
1
authentication
1
data-manipulation
1
cryptography-library
1
golang
1
ios
1
javascript
1
objective-c
1
data-analysis
1
php
1
python
1
office
1
pdf
1
content-disarm-reconstruct
1
security-tools
1
threat
1
bash-script
1
iptables
1
kali-linux
1
kalitorify
1
tor
1
tor-proxy
1
transparent-proxy
1
metadata
1
python3
1
parsing
1
ctf
1
penetration
1