2015-08-06 03:22:27 +00:00
# Awesome Hacking [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)
2014-12-16 12:16:22 +00:00
2014-12-17 05:34:54 +00:00
A curated list of awesome Hacking. Inspired by [awesome-machine-learning ](https://github.com/josephmisiti/awesome-machine-learning/ )
2014-12-16 12:16:22 +00:00
2015-11-14 03:33:25 +00:00
If you want to contribute to this list (please do), send me a pull request or contact me [@carpedm20 ](https://twitter.com/carpedm20 )
2014-12-17 05:34:54 +00:00
2016-04-21 15:50:54 +00:00
For a list of free hacking books available for download, go [here ](https://github.com/Hack-with-Github/Free-Security-eBooks )
2014-12-17 05:34:54 +00:00
## Table of Contents
<!-- MarkdownTOC depth=4 -->
2014-12-16 12:16:22 +00:00
- [System ](#system )
2014-12-17 05:34:54 +00:00
- [Tutorials ](#system-tutorials )
- [Tools ](#system-tools )
2016-06-07 14:33:23 +00:00
- [Docker ](#docker )
2014-12-17 05:47:05 +00:00
- [General ](#system-general )
2014-12-17 05:34:54 +00:00
- [Reverse Engineering ](#reverse-engineering )
- [Tutorials ](#reverse-engineering-tutorials )
2014-12-16 12:16:22 +00:00
- [Tools ](#reverse-engineering-tools )
2014-12-17 05:47:05 +00:00
- [General ](#reverse-engineering-general )
2014-12-16 12:16:22 +00:00
- [Web ](#web )
2014-12-16 12:41:40 +00:00
- [Tutorials ](#web-tutorials )
2014-12-16 12:16:22 +00:00
- [Tools ](#web-tools )
- [Network ](#network )
- [Tutorials ](#network-tutorials )
- [Tools ](#network-tools )
2014-12-16 12:41:40 +00:00
- [Forensic ](#forensic )
2014-12-17 05:34:54 +00:00
- [Tutorials ](#forensic-tutorials )
- [Tools ](#forensic-tools )
2014-12-16 12:41:40 +00:00
- [Cryptography ](#cryptography )
2014-12-17 05:34:54 +00:00
- [Tutorials ](#cryptography-tutorials )
- [Tools ](#cryptography-tools )
2014-12-16 12:16:22 +00:00
- [Wargame ](#wargame )
2014-12-17 05:47:05 +00:00
- [System ](#wargame-system )
- [Reverse Engineering ](#wargame-reverse-engineering )
- [Web ](#wargame-web )
- [Network ](#wargame-network )
- [Forensic ](#wargame-forensic )
- [Cryptography ](#wargame-cryptography )
2014-12-17 05:34:54 +00:00
- [CTF ](#ctf )
- [Competition ](#ctf-competiton )
2014-12-17 05:58:50 +00:00
- [General ](#ctf-general )
- [General ](#general )
2014-12-17 05:34:54 +00:00
<!-- /MarkdownTOC -->
< a name = "system" / >
2014-12-16 12:22:09 +00:00
# System
2014-12-16 12:16:22 +00:00
2014-12-17 05:34:54 +00:00
< a name = "system-tutorial" / >
## Tutorials
* [Corelan Team's Exploit writing tutorial ](https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/ )
* [Exploit Writing Tutorials for Pentesters ](http://www.punter-infosec.com/exploit-writing-tutorials-for-pentesters/ )
< a name = "system-tools" / >
## Tools
* [Metasploit ](https://github.com/rapid7/metasploit-framework ) A computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.
* [mimikatz ](https://github.com/gentilkiwi/mimikatz ) - A little tool to play with Windows security
2014-12-16 12:16:22 +00:00
2014-12-17 05:47:05 +00:00
< a name = "system-general" / >
## General
2015-11-14 03:33:25 +00:00
* [Exploit database ](https://www.exploit-db.com/ ) - An ultimate archive of exploits and vulnerable software
2014-12-17 05:47:05 +00:00
2014-12-17 05:34:54 +00:00
< a name = "reverse-engineering" / >
2014-12-16 12:22:09 +00:00
# Reverse Engineering
2014-12-16 12:16:22 +00:00
2014-12-17 05:34:54 +00:00
< a name = "reverse-engineering-tutorial" / >
2014-12-16 12:22:09 +00:00
## Tutorials
2014-12-16 12:16:22 +00:00
* [Lenas Reversing for Newbies ](https://tuts4you.com/download.php?list.17 )
2014-12-17 05:34:54 +00:00
* [Malware Analysis Tutorials: a Reverse Engineering Approach ](http://fumalwareanalysis.blogspot.kr/p/malware-analysis-tutorials-reverse.html )
2014-12-16 12:16:22 +00:00
2014-12-17 05:34:54 +00:00
< a name = "reverse-engineering-tools" / >
2014-12-16 12:22:09 +00:00
## Tools
2014-12-17 05:34:54 +00:00
* [IDA ](https://www.hex-rays.com/products/ida/ ) - IDA is a Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger
* [OllyDbg ](http://www.ollydbg.de/ ) - A 32-bit assembler level analysing debugger for Windows
2016-10-26 05:22:11 +00:00
* [x64dbg ](http://x64dbg.com/ ) - An open-source x64/x32 debugger for Windows
2015-11-14 03:33:25 +00:00
* [dex2jar ](https://github.com/pxb1988/dex2jar ) - Tools to work with android .dex and java .class files
2014-12-17 05:34:54 +00:00
* [JD-GUI ](http://jd.benow.ca/ ) - A standalone graphical utility that displays Java source codes of “.class” files
2016-08-22 09:16:07 +00:00
* [procyon ](https://bitbucket.org/mstrobel/procyon/wiki/Java%20Decompiler ) - A modern open-source Java decompiler
2014-12-17 06:23:14 +00:00
* [androguard ](https://code.google.com/p/androguard/ ) - Reverse engineering, Malware and goodware analysis of Android applications
2016-08-22 09:16:07 +00:00
* [JAD ](http://varaneckas.com/jad/ ) - JAD Java Decompiler (closed-source, unmaintained)
2014-12-17 05:34:54 +00:00
* [dotPeek ](https://www.jetbrains.com/decompiler/ ) - a free-of-charge .NET decompiler from JetBrains
* [UPX ](http://upx.sourceforge.net/ ) - the Ultimate Packer for eXecutables
2015-10-11 05:59:11 +00:00
* [radare2 ](https://github.com/radare/radare2 ) - A portable reversing framework
2016-07-03 09:42:08 +00:00
* [plasma ](https://github.com/joelpx/plasma ) - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
2016-07-17 13:09:03 +00:00
* [Hopper ](https://www.hopperapp.com ) - A OS X and Linux Disassembler/Decompiler for 32/64 bit Windows/Mac/Linux/iOS executables.
2014-12-16 12:41:40 +00:00
2014-12-17 05:47:05 +00:00
< a name = "reverse-engineering-general" / >
## General
* [Open Malware ](http://www.offensivecomputing.net/ )
2014-12-17 05:34:54 +00:00
< a name = "web" / >
2014-12-16 12:22:09 +00:00
# Web
2014-12-17 05:34:54 +00:00
< a name = "web-tools" / >
2014-12-16 12:22:09 +00:00
## Tools
2014-12-17 06:05:50 +00:00
* [sqlmap ](https://github.com/sqlmapproject/sqlmap ) - Automatic SQL injection and database takeover tool
2014-12-16 12:41:40 +00:00
* [tools.web-max.ca ](http://tools.web-max.ca/encode_decode.php ) - base64 base85 md4,5 hash, sha1 hash encoding/decoding
2014-12-16 12:16:22 +00:00
2014-12-17 05:34:54 +00:00
< a name = "network" / >
2014-12-16 12:22:09 +00:00
# Network
2014-12-17 05:34:54 +00:00
< a name = "network-tools" / >
2014-12-16 12:22:09 +00:00
## Tools
2014-12-16 12:41:40 +00:00
* [Wireshark ](https://www.wireshark.org/ ) - A free and open-source packet analyzer
* [NetworkMiner ](http://www.netresec.com/?page=NetworkMiner ) - A Network Forensic Analysis Tool (NFAT)
2014-12-17 05:34:54 +00:00
* [tcpdump ](http://www.tcpdump.org/ ) - a powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture
2014-12-16 12:16:22 +00:00
* [Paros ](http://sourceforge.net/projects/paros/ ) - A Java based HTTP/HTTPS proxy for assessing web application vulnerability
2016-03-13 18:52:18 +00:00
* [pig ](https://github.com/rafael-santiago/pig ) - A Linux packet crafting tool
2014-12-16 12:41:40 +00:00
* [ZAP ](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project ) - The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications
* [mitmproxy ](https://mitmproxy.org/ ) - An interactive, SSL-capable man-in-the-middle proxy for HTTP with a console interface
2014-12-16 12:16:22 +00:00
* [mitmsocks4j ](https://github.com/Akdeniz/mitmsocks4j ) - Man in the Middle SOCKS Proxy for JAVA
2015-11-14 03:33:25 +00:00
* [nmap ](https://nmap.org/ ) - Nmap (Network Mapper) is a security scanner
2014-12-17 05:58:50 +00:00
* [Aircrack-ng ](http://www.aircrack-ng.org/ ) - An 802.11 WEP and WPA-PSK keys cracking program
2016-08-21 17:29:01 +00:00
* [Charles Proxy ](https://charlesproxy.com ) - A cross platform GUI web debugging proxy to view intercepted HTTP and HTTPS/SSL live traffic.
2014-12-17 05:58:50 +00:00
2014-12-16 12:16:22 +00:00
2014-12-17 05:34:54 +00:00
< a name = "forensic" / >
2014-12-16 12:41:40 +00:00
# Forensic
2014-12-17 05:34:54 +00:00
< a name = "forensic-tools" / >
2014-12-16 12:41:40 +00:00
## Tools
2014-12-17 06:05:50 +00:00
* [Autospy ](http://www.sleuthkit.org/autopsy/ ) - A digital forensics platform and graphical interface to [The Sleuth Kit ](http://www.sleuthkit.org/sleuthkit/index.php ) and other digital forensics tools
* [sleuthkit ](https://github.com/sleuthkit/sleuthkit ) - A library and collection of command line digital forensics tools
2014-12-17 10:39:06 +00:00
* [EnCase ](https://www.guidancesoftware.com/products/Pages/encase-forensic/overview.aspx ) - the shared technology within a suite of digital investigations products by Guidance Software
2014-12-17 05:34:54 +00:00
* [malzilla ](http://malzilla.sourceforge.net/ ) - Malware hunting tool
* [PEview ](http://wjradburn.com/software/ ) - a quick and easy way to view the structure and content of 32-bit Portable Executable (PE) and Component Object File Format (COFF) files
* [HxD ](http://mh-nexus.de/en/hxd/ ) - A hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size
* [WinHex ](http://www.winhex.com/winhex/ ) - A hexadecimal editor, helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security
* [BinText ](http://www.mcafee.com/kr/downloads/free-tools/bintext.aspx ) - A small, very fast and powerful text extractor that will be of particular interest to programmers
2014-12-16 12:41:40 +00:00
# Cryptography
2014-12-17 05:58:50 +00:00
### Tools
* [xortool ](https://github.com/hellman/xortool ) - A tool to analyze multi-byte xor cipher
* [John the Ripper ](http://www.openwall.com/john/ ) - A fast password cracker
2014-12-17 06:28:59 +00:00
* [Aircrack ](http://www.aircrack-ng.org/ ) - Aircrack is 802.11 WEP and WPA-PSK keys cracking program.
2014-12-17 05:58:50 +00:00
2016-06-07 14:33:23 +00:00
< a name = "docker" / >
### Docker Images for Penetration Testing & Security
* `docker pull kalilinux/kali-linux-docker` [official Kali Linux ](https://hub.docker.com/r/kalilinux/kali-linux-docker/ )
* `docker pull owasp/zap2docker-stable` - [official OWASP ZAP ](https://github.com/zaproxy/zaproxy )
* `docker pull wpscanteam/wpscan` - [official WPScan ](https://hub.docker.com/r/wpscanteam/wpscan/ )
* `docker pull pandrew/metasploit` - [docker-metasploit ](https://hub.docker.com/r/pandrew/metasploit/ )
* `docker pull citizenstig/dvwa` - [Damn Vulnerable Web Application (DVWA) ](https://hub.docker.com/r/citizenstig/dvwa/ )
* `docker pull wpscanteam/vulnerablewordpress` - [Vulnerable WordPress Installation ](https://hub.docker.com/r/wpscanteam/vulnerablewordpress/ )
* `docker pull hmlio/vaas-cve-2014-6271` - [Vulnerability as a service: Shellshock ](https://hub.docker.com/r/hmlio/vaas-cve-2014-6271/ )
* `docker pull hmlio/vaas-cve-2014-0160` - [Vulnerability as a service: Heartbleed ](https://hub.docker.com/r/hmlio/vaas-cve-2014-0160/ )
* `docker pull opendns/security-ninjas` - [Security Ninjas ](https://hub.docker.com/r/opendns/security-ninjas/ )
* `docker pull usertaken/archlinux-pentest-lxde` - [Arch Linux Penetration Tester ](https://hub.docker.com/r/usertaken/archlinux-pentest-lxde/ )
* `docker pull diogomonica/docker-bench-security` - [Docker Bench for Security ](https://hub.docker.com/r/diogomonica/docker-bench-security/ )
* `docker pull ismisepaul/securityshepherd` - [OWASP Security Shepherd ](https://hub.docker.com/r/ismisepaul/securityshepherd/ )
* `docker pull danmx/docker-owasp-webgoat` - [OWASP WebGoat Project docker image ](https://hub.docker.com/r/danmx/docker-owasp-webgoat/ )
2016-12-21 03:43:16 +00:00
* `docker-compose build && docker-compose up` - [OWASP NodeGoat ](https://github.com/owasp/nodegoat#option-3---run-nodegoat-on-docker )
2016-06-07 14:33:23 +00:00
* `docker pull citizenstig/nowasp` - [OWASP Mutillidae II Web Pen-Test Practice Application ](https://hub.docker.com/r/citizenstig/nowasp/ )
2016-12-23 09:21:43 +00:00
* `docker pull bkimminich/juice-shop` - [OWASP Juice Shop ](https://github.com/bkimminich/juice-shop#docker-container-- )
2016-06-07 14:33:23 +00:00
2014-12-16 12:41:40 +00:00
2014-12-17 05:34:54 +00:00
< a name = "wargame" / >
2014-12-16 12:22:09 +00:00
# Wargame
2014-12-17 05:34:54 +00:00
< a name = "wargame-system" / >
2014-12-16 12:22:09 +00:00
## System
2014-12-16 12:41:40 +00:00
* [OverTheWire - Semtex ](http://overthewire.org/wargames/semtex/ )
* [OverTheWire - Vortex ](http://overthewire.org/wargames/vortex/ )
* [OverTheWire - Drifter ](http://overthewire.org/wargames/drifter/ )
* [pwnable.kr ](http://pwnable.kr/ ) - Provide various pwn challenges regarding system security
2014-12-17 05:34:54 +00:00
* [Exploit Exercises - Nebula ](https://exploit-exercises.com/nebula/ )
2014-12-16 12:41:40 +00:00
* [SmashTheStack ](http://smashthestack.org/ )
2014-12-16 12:16:22 +00:00
2014-12-17 05:34:54 +00:00
< a name = "wargame-reverse-engineering" / >
## Reverse Engineering
2014-12-16 12:41:40 +00:00
* [Reversing.kr ](http://www.reversing.kr/ ) - This site tests your ability to Cracking & Reverse Code Engineering
* [CodeEngn ](http://codeengn.com/challenges/ ) - (Korean)
2014-12-17 05:34:54 +00:00
* [simples.kr ](http://simples.kr/ ) - (Korean)
2016-05-14 15:19:50 +00:00
* [Crackmes.de ](http://crackmes.de/ ) - The world first and largest community website for crackmes and reversemes.
2014-12-16 12:16:22 +00:00
2014-12-17 05:34:54 +00:00
< a name = "wargame-web" / >
2014-12-16 12:22:09 +00:00
## Web
2014-12-16 12:16:22 +00:00
* [Hack This Site! ](https://www.hackthissite.org/ ) - a free, safe and legal training ground for hackers to test and expand their hacking skills
* [Webhacking.kr ](http://webhacking.kr/ )
2015-11-14 03:33:25 +00:00
* [0xf.at ](https://0xf.at/ ) - a website without logins or ads where you can solve password-riddles (so called hackits).
2015-10-09 12:27:43 +00:00
2014-12-16 12:16:22 +00:00
2014-12-17 05:34:54 +00:00
< a name = "wargame-cryptography" / >
2014-12-16 12:41:40 +00:00
## Cryptography
* [OverTheWire - Krypton ](http://overthewire.org/wargames/krypton/ )
2014-12-16 12:22:09 +00:00
2014-12-17 05:34:54 +00:00
< a name = "ctf" / >
2014-12-16 12:22:09 +00:00
# CTF
2014-12-17 05:34:54 +00:00
< a name = "ctf-competition" / >
## Competition
2014-12-16 12:16:22 +00:00
* [DEF CON ](https://legitbs.net/ )
* [CSAW CTF ](https://ctf.isis.poly.edu/ )
2014-12-17 05:34:54 +00:00
* [hack.lu CTF ](http://hack.lu/ )
* [Pliad CTF ](http://www.plaidctf.com/ )
2014-12-17 05:47:05 +00:00
* [RuCTFe ](http://ructf.org/e/ )
* [Ghost in the Shellcode ](http://ghostintheshellcode.com/ )
2015-11-14 03:33:25 +00:00
* [PHD CTF ](http://www.phdays.com/ )
2014-12-17 05:47:05 +00:00
* [SECUINSIDE CTF ](http://secuinside.com/ )
* [Codegate CTF ](http://ctf.codegate.org/html/Main.html?lang=eng )
* [Boston Key Party CTF ](http://bostonkeyparty.net/ )
2014-12-17 05:34:54 +00:00
2014-12-17 05:58:50 +00:00
< a name = "ctf-general" / >
## General
2014-12-17 05:34:54 +00:00
* [CTFtime.org ](https://ctftime.org/ ) - All about CTF (Capture The Flag)
* [WeChall ](http://www.wechall.net/ )
2015-11-14 03:33:25 +00:00
* [CTF archives (shell-storm) ](http://shell-storm.org/repo/CTF/ )
2016-11-01 01:45:58 +00:00
* [Rookit Arsenal ](https://amzn.com/144962636X ) - OS RE and rootkit development
2014-12-17 05:58:50 +00:00
2014-12-17 06:05:50 +00:00
< a name = "etc" / >
# ETC
2014-12-17 05:58:50 +00:00
* [SecTools ](http://sectools.org/ ) - Top 125 Network Security Tools
2016-06-30 19:03:54 +00:00
* [Kali Linux ](https://www.kali.org/ ) - Pen-Testing Linux Distribution