Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/husnainfareed/Awesome-Ethical-Hacking-Resources
π π Awesome list about all kinds of resources for learning Ethical Hacking and Penetration Testing.
https://github.com/husnainfareed/Awesome-Ethical-Hacking-Resources
List: Awesome-Ethical-Hacking-Resources
awesome awesome-list hacking hacktoberfest learning-hacking penetration-testing resources vulnerable-applications web-hacking
Last synced: 3 months ago
JSON representation
π π Awesome list about all kinds of resources for learning Ethical Hacking and Penetration Testing.
- Host: GitHub
- URL: https://github.com/husnainfareed/Awesome-Ethical-Hacking-Resources
- Owner: husnainfareed
- License: mit
- Created: 2017-12-25T15:05:44.000Z (over 6 years ago)
- Default Branch: main
- Last Pushed: 2024-01-09T21:05:46.000Z (6 months ago)
- Last Synced: 2024-04-05T05:03:08.104Z (3 months ago)
- Topics: awesome, awesome-list, hacking, hacktoberfest, learning-hacking, penetration-testing, resources, vulnerable-applications, web-hacking
- Homepage:
- Size: 122 KB
- Stars: 2,241
- Watchers: 142
- Forks: 435
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Lists
- awesome-security-collection - **411**ζ
- awesome-stars - Awesome-Ethical-Hacking-Resources
- awesome-cyber-security - **411**ζ
- awesome-cyber-security - **384**ζ
- ultimate-awesome - Awesome-Ethical-Hacking-Resources - π π Awesome list about all kinds of resources for learning Ethical Hacking and Penetration Testing. (Other Lists / Julia Lists)
README
# Awesome Resources For Learning Ethical Hacking & Pentesting β‘οΈ [](https://github.com/sindresorhus/awesome)  
What Iβm sharing here is a collection of some best resources about Hacking & Penetration Testing to make you learn faster! Let's make it the best resource repository for our community.
## Contents
- [Books](#books)
- [Online ](#online)
- [Offline](#offline)
- [Vulnerable Machines and Websites](#Vulnerable-machines-and-websites)
- [Vulnerability Databases And Resources](#vulnerability-databases-and-resources)
- [Malware Analysis](#malware-analysis)
- [Linux Penetration Testing OS](#linux-penetration-testing-os)
- [Courses](#courses)
- [Workshop Playlists](#workshop-playlists)
- [Security Talks and Conferences](#security-talks-and-conferences)
- [YouTube Channels](#youtube-channels)
- [Forums](#forums)
**You are welcome to fork and contribute.**
**Also you can find my writeups/tutorials on medium: @hussnainfareed :)**
## Books
1. The Hacker Playbook 2: Practical Guide To Penetration Testing
2. The Basics of Hacking and Penetration Testing, Second Edition: Ethical Hacking and Penetration Testing Made Easy
3. Breaking into Information Security: Learning the Ropes 101
4. Penetration Testing: A Hands-On Introduction to Hacking
5. Social Engineering: The Art of Human Hacking
6. Hacking: The Art of Exploitation, 2nd Edition
7. Web Hacking 101
8. OWASP Testing Guide (A must-read for web application developers and penetration testers)
9. The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
10. The Basics of Web Hacking: Tools and Techniques to Attack the Web
## Learning Platforms to Sharpen Your Skills
### Online
Name | Description
---- | ----
[CTF Hacker101](https://ctf.hacker101.com/) | The Hacker101 CTF is a game designed to let you learn to hack in a safe, rewarding environment. Hacker101 is a free educational site for hackers.
[Hack The Box :: Penetration Testing Labs](https://www.hackthebox.eu) | An online platform to test and advance your skills in penetration testing and cyber security. Join today and start training in our online labs.
[TryHackMe](https://tryhackme.com) | TryHackMe is an online platform that teaches cyber security through short, gamified real-world labs.
[CTF365](https://ctf365.com/) | An account-based ctf site, awarded by Kaspersky, MIT, and T-Mobile.
[Backdoor](https://backdoor.sdslabs.co) | Pen testing labs that have a space for beginners, a practice arena, and various competitions, account required.
[Hack.me](https://hack.me/) | Lets you build/host/attack vulnerable web apps.
[CTFLearn](https://ctflearn.com/) | An account-based ctf site, where users can go in and solve a range of challenges.
[OWASP Vulnerable Web Applications Directory Project (Online)](https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project#tab=On-Line_apps) | List of online available vulnerable applications for learning purposes.
[Pentestit labs](https://lab.pentestit.ru) | Hands-on Pentesting Labs (OSCP style)
[Root-me.org](https://www.root-me.org) | Hundreds of challenges are available to train yourself in different and not simulated environments
[Vulnhub.com](https://www.vulnhub.com) | Vulnerable By Design VMs for practical 'hands-on' experience in digital security
[Windows / Linux Local Privilege Escalation Workshop](https://github.com/sagishahar/lpeworkshop) | Practice your Linux and Windows privilege escalation.
[Hacking Articles](http://www.hackingarticles.in/ctf-challenges1/) | CTF Brief Write-up collection with a lot of screenshots good for beginners.
[Rafay Hacking Articles, a great blog](http://www.rafayhackingarticles.net/) | Write up collections by Rafay Baloch.
[PentesterLab](https://pentesterlab.com/) | 20$ signature, complete content basic to write exploits, web, android.
[CyberSec WTF](https://cybersecurity.wtf/)| Emulated web pentesting challenges from bounty write-ups
### Off-Line
Name | Description
---- | ----
[Damn Vulnerable Xebia Training Environment](https://github.com/davevs/dvxte) | Docker Container including several vulnerable web applications (DVWA, DVWServices, DVWSockets, WebGoat, Juiceshop, Railsgoat, django.NV, Buggy Bank, Mutilidae II and more)
[OWASP Vulnerable Web Applications Directory Project (Offline)](https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project#tab=Off-Line_apps) | List of offline available vulnerable applications for learning purposes
## Vulnerable Machines/Websites
1. [FiringRange](https://public-firing-range.appspot.com/)
## Vulnerability Databases And Resources
Vulnerability Databases are the first place to start your day as a security professional. Any new vulnerability detection is generally available through the public vulnerability databases. These databases are a big source of information for hackers to be able to understand and exploit/avoid/fix the vulnerability.
* http://www.exploit-db.com/
* http://1337day.com/
* http://securityvulns.com/
* http://www.securityfocus.com/
* http://www.osvdb.org/
* http://www.securiteam.com/
* http://secunia.com/advisories/
* http://insecure.org/sploits_all.html
* http://zerodayinitiative.com/advisories/published/
* http://nmrc.org/pub/index.html
* http://web.nvd.nist.gov
* http://www.vupen.com/english/security-advisories/
* http://www.vupen.com/blog/
* http://cvedetails.com/
* http://www.rapid7.com/vulndb/index.jsp
* http://oval.mitre.org/
* http://sploitus.com/
* http://cxsecurity.com/
### Malware Analysis
Name | Description
---- | ----
[Malware traffic analysis](http://www.malware-traffic-analysis.net/) | list of traffic analysis exercises
[Malware Analysis - CSCI 4976](https://github.com/RPISEC/Malware/blob/master/README.md) | another class from the folks at RPISEC, quality content
[Bad Binaries] (https://www.badbinaries.com/) | walkthrough documents of malware traffic analysis exercises and some occasional malware analysis.
### Linux Penetration Testing OS
Name | Description
---- | -----
[Kali](http://kali.org/) | the infamous pen-testing distro from the folks at Offensive Security
[Parrot ](https://www.parrotsec.org/) | Debian includes a full portable lab for security, DFIR, and development
[Android Tamer](https://androidtamer.com//) | Android Tamer is a Virtual / Live Platform for Android Security professionals.
[BlackArch](https://blackarch.org/index.html) | Arch Linux-based pentesting distro, compatible with Arch installs
[LionSec Linux](https://lionsec-linux.org/) | pentesting OS based on Ubuntu
## Courses
1. [Computer Systems Security, MIT](https://ocw.mit.edu/courses/6-858-computer-systems-security-fall-2014/)
2. [cisco's cources](https://www.netacad.com/courses/cybersecurity)
3.[cybrary](https://www.cybrary.it/catalog/cybersecurity/)
4.[hackers academy](https://hackersacademy.com/)
For those who want to do CEH, the following links are for you.
2. [CBT Nuggets CEH Training](http://goo.gl/JuW85U)
3. [CEH Books](https://goo.gl/gjCBLK)
4. [Guide to Binary Exploitation](https://github.com/r0hi7/binexp)
## Workshops/Playlists
1. [Web Hacking](https://www.youtube.com/playlist?list=PLJM73L2pQRd4lXBZjsHAmeEqsn5pENXxN)
2. [Ethical Hacking, A Comprehensive Playlist covering almost everything](https://www.youtube.com/playlist?list=PLkRo97mCIn9lgvE7AskNsmwJVOlJX2zaI)
## Security Talks and Conferences
1. [InfoCon - Hacking Conference Archive](https://infocon.org/cons/)
2. [Curated list of Security Talks and Videos](https://github.com/PaulSec/awesome-sec-talks)
3. [Blackhat](https://www.youtube.com/user/BlackHatOfficialYT)
4. [Defcon](https://www.youtube.com/user/DEFCONConference)
5. [Security Tube](http://www.securitytube.net/)
6. [Kevin Mitnick: Live Hack at CeBIT](https://www.youtube.com/watch?v=Q7G3kKRdUl4)
7. [Ghost in the Cloud, Kevin Mitnick](https://www.youtube.com/watch?v=76yrWGzScgI)
8. [Kevin Mitnick | Talks at Google](https://www.youtube.com/watch?v=aUqes9QdLQ4)
9. [Complete Free Hacking Course: Go from Beginner to Expert Hacker Today](https://www.youtube.com/watch?v=7nF2BAfWUEg)
## YouTube Channels
Now letβs get Towards YouTube Channel Links... These Channels are Shared By Hackers where They Upload their Video POCs.. Watching them u can actually understand how to demonstrate these types of attacks...
1. [LiveOverflow](https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w)
2. [Black Hat](https://www.youtube.com/channel/UCJ6q9Ie29ajGqKApbLqfBOg)
3. [Injector Pca](https://www.youtube.com/channel/UCRFG_j0cgLWtJOG6fl_-rxQ)
4. [Hisham Mir](https://www.youtube.com/channel/UCYTK8lk8oLLaA330rqd0qgA)
5. [Devil Killer](https://www.youtube.com/channel/UCwfYw-C2xqemqrXq0IKF_Mg)
6. [Suleman Malik](https://www.youtube.com/channel/UC59IHQcCmgNw4GIvsXeLnDQ)
7. [Dem0n](https://www.youtube.com/channel/UC_jNs1biBixcQeSUoJxvNLw)
8. [Frans RosΓ©n](https://www.youtube.com/channel/UCV89UhUtxqwP0j4o9tMipsA)
9. [HackerOne](https://www.youtube.com/channel/UCsgzmECky2Q9lQMWzDwMhYw)
10. [ak1t4 machine](https://www.youtube.com/channel/UCaftcKRiJJW0AJHmR1E5MAQ)
11. [Shawar Khan](https://www.youtube.com/channel/UCPxJLZCoIRJHs1VebWeaByA)
12. [vulnerability0lab](https://www.youtube.com/channel/UC4QJ7X4nnkAYXsnFQpdytcA)
13. [Bugcrowd](https://www.youtube.com/channel/UCo1NHk_bgbAbDBc4JinrXww)
14. [Vijay Kumar](https://www.youtube.com/channel/UCs2NmJGRecw_huNzvQNf2_A)
15. [Web Development Tutorials](https://www.youtube.com/channel/UCS0y5e-AMsZO8GEFtKBAzkA)
16. [Jan Wikholm](https://www.youtube.com/channel/UCOQtLXVJduZ4-YUFOi5EzIA)
17. [Bhargav Tandel](https://www.youtube.com/channel/UCh5MTJLt3LYr_rkwcOQJNWg)
18. [ErrOr SquaD](https://www.youtube.com/channel/UCou-7r8Mk4oQcBmazxp5uwg)
19. [SecurityIdiots](https://www.youtube.com/channel/UCPPAYs04kwfXcHnerm_ueFw)
20. [Penetration Testing in Linux](https://www.youtube.com/channel/UC286ntgASMskhPIJQebJVvA)
21. [Hussnain Fareed](https://www.youtube.com/channel/UCbq5fgcqUz-PlMs3RCOUrXw)
22. [Null Byte](https://www.youtube.com/channel/UCgTNupxATBfWmfehv21ym-g)
23. [ZAID](https://www.youtube.com/user/zaidsabeeh)
24. [vabs tutorial](https://www.youtube.com/channel/UCa0wCQEB8CRKzjJV2GZ_EzA)
25. [the cyber mentor](https://www.youtube.com/channel/UC0ArlFuFYMpEewyRBzdLHiw)
26. [PwnFunction](https://www.youtube.com/channel/UCW6MNdOsqv2E9AjQkv9we7A)
27. [GetCyber](https://www.youtube.com/@GetCyber/videos)
Any Channel Link Missing? Kindly add it in the Comments
### Forums
Name | Description
---- | ----
[0x00sec](https://0x00sec.org/) | hacker, malware, computer engineering, Reverse engineering
[Antichat](https://forum.antichat.ru/) | russian based forum
[CODEBY.NET](https://codeby.net/) | hacker, WAPT, malware, computer engineering, Reverse engineering, forensics - russian based forum
[EAST Exploit database](http://eastexploits.com/) | exploit DB for commercial exploits written for EAST Pentest Framework
[Greysec](https://greysec.net) | hacking and security forum
[Hackforums](https://hackforums.net/) | posting webstite for hacks/exploits/various discussion
### Contribution
Your contributions and suggestions are heartily welcome. ([emoji key](https://allcontributors.org/docs/en/emoji-key))
# NOTE:
All references are taken from the Internet and shared on the Internet xD Thanks to those who shared their opinion before that helped me learn π
if you have any questions, please ask in the comments. If you know about any good resource for beginners, please share it here.