2015-08-06 03:22:27 +00:00
# Awesome Hacking [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)
2014-12-16 12:16:22 +00:00
2014-12-17 05:34:54 +00:00
A curated list of awesome Hacking. Inspired by [awesome-machine-learning ](https://github.com/josephmisiti/awesome-machine-learning/ )
2014-12-16 12:16:22 +00:00
2015-11-14 03:33:25 +00:00
If you want to contribute to this list (please do), send me a pull request or contact me [@carpedm20 ](https://twitter.com/carpedm20 )
2014-12-17 05:34:54 +00:00
2016-04-21 15:50:54 +00:00
For a list of free hacking books available for download, go [here ](https://github.com/Hack-with-Github/Free-Security-eBooks )
2014-12-17 05:34:54 +00:00
## Table of Contents
<!-- MarkdownTOC depth=4 -->
2014-12-16 12:16:22 +00:00
- [System ](#system )
2018-08-30 00:34:39 +00:00
- [Tutorials ](#tutorials )
- [Tools ](#tools )
- [Docker ](#docker-images-for-penetration-testing--security )
- [General ](#general )
2014-12-17 05:34:54 +00:00
- [Reverse Engineering ](#reverse-engineering )
2018-08-30 00:34:39 +00:00
- [Tutorials ](#tutorials-1 )
- [Tools ](#tools-1 )
- [General ](#general-1 )
2014-12-16 12:16:22 +00:00
- [Web ](#web )
2018-08-30 00:34:39 +00:00
- [Tools ](#tools-2 )
2014-12-16 12:16:22 +00:00
- [Network ](#network )
2018-08-30 00:34:39 +00:00
- [Tools ](#tools-3 )
2014-12-16 12:41:40 +00:00
- [Forensic ](#forensic )
2018-08-30 00:34:39 +00:00
- [Tools ](#tools-4 )
2014-12-16 12:41:40 +00:00
- [Cryptography ](#cryptography )
2018-08-30 00:34:39 +00:00
- [Tools ](#tools-5 )
2014-12-16 12:16:22 +00:00
- [Wargame ](#wargame )
2018-08-30 00:34:39 +00:00
- [System ](#system-1 )
- [Reverse Engineering ](#reverse-engineering-1 )
- [Web ](#web-1 )
- [Cryptography ](#cryptography-1 )
- [Bug bounty ](#bug-bounty )
2014-12-17 05:34:54 +00:00
- [CTF ](#ctf )
2018-08-30 00:34:39 +00:00
- [Competition ](#competition )
- [General ](#general-2 )
2017-02-15 20:02:46 +00:00
- [OS ](#os )
2018-01-19 09:54:08 +00:00
- [Online resources ](#online-resources )
2017-01-02 08:43:42 +00:00
- [ETC ](#etc )
2014-12-17 05:34:54 +00:00
<!-- /MarkdownTOC -->
2014-12-16 12:22:09 +00:00
# System
2014-12-16 12:16:22 +00:00
2014-12-17 05:34:54 +00:00
## Tutorials
* [Corelan Team's Exploit writing tutorial ](https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/ )
* [Exploit Writing Tutorials for Pentesters ](http://www.punter-infosec.com/exploit-writing-tutorials-for-pentesters/ )
2018-05-01 13:26:13 +00:00
* [Understanding the basics of Linux Binary Exploitation ](https://github.com/r0hi7/BinExp )
2014-12-17 05:34:54 +00:00
## Tools
* [Metasploit ](https://github.com/rapid7/metasploit-framework ) A computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.
* [mimikatz ](https://github.com/gentilkiwi/mimikatz ) - A little tool to play with Windows security
2014-12-16 12:16:22 +00:00
2017-01-02 08:43:42 +00:00
### Docker Images for Penetration Testing & Security
* `docker pull kalilinux/kali-linux-docker` [official Kali Linux ](https://hub.docker.com/r/kalilinux/kali-linux-docker/ )
* `docker pull owasp/zap2docker-stable` - [official OWASP ZAP ](https://github.com/zaproxy/zaproxy )
* `docker pull wpscanteam/wpscan` - [official WPScan ](https://hub.docker.com/r/wpscanteam/wpscan/ )
* `docker pull pandrew/metasploit` - [docker-metasploit ](https://hub.docker.com/r/pandrew/metasploit/ )
* `docker pull citizenstig/dvwa` - [Damn Vulnerable Web Application (DVWA) ](https://hub.docker.com/r/citizenstig/dvwa/ )
* `docker pull wpscanteam/vulnerablewordpress` - [Vulnerable WordPress Installation ](https://hub.docker.com/r/wpscanteam/vulnerablewordpress/ )
* `docker pull hmlio/vaas-cve-2014-6271` - [Vulnerability as a service: Shellshock ](https://hub.docker.com/r/hmlio/vaas-cve-2014-6271/ )
* `docker pull hmlio/vaas-cve-2014-0160` - [Vulnerability as a service: Heartbleed ](https://hub.docker.com/r/hmlio/vaas-cve-2014-0160/ )
* `docker pull opendns/security-ninjas` - [Security Ninjas ](https://hub.docker.com/r/opendns/security-ninjas/ )
* `docker pull usertaken/archlinux-pentest-lxde` - [Arch Linux Penetration Tester ](https://hub.docker.com/r/usertaken/archlinux-pentest-lxde/ )
* `docker pull diogomonica/docker-bench-security` - [Docker Bench for Security ](https://hub.docker.com/r/diogomonica/docker-bench-security/ )
* `docker pull ismisepaul/securityshepherd` - [OWASP Security Shepherd ](https://hub.docker.com/r/ismisepaul/securityshepherd/ )
* `docker pull danmx/docker-owasp-webgoat` - [OWASP WebGoat Project docker image ](https://hub.docker.com/r/danmx/docker-owasp-webgoat/ )
* `docker-compose build && docker-compose up` - [OWASP NodeGoat ](https://github.com/owasp/nodegoat#option-3---run-nodegoat-on-docker )
* `docker pull citizenstig/nowasp` - [OWASP Mutillidae II Web Pen-Test Practice Application ](https://hub.docker.com/r/citizenstig/nowasp/ )
* `docker pull bkimminich/juice-shop` - [OWASP Juice Shop ](https://github.com/bkimminich/juice-shop#docker-container-- )
2014-12-16 12:16:22 +00:00
2014-12-17 05:47:05 +00:00
## General
2015-11-14 03:33:25 +00:00
* [Exploit database ](https://www.exploit-db.com/ ) - An ultimate archive of exploits and vulnerable software
2014-12-17 05:47:05 +00:00
2014-12-17 05:34:54 +00:00
2014-12-16 12:22:09 +00:00
# Reverse Engineering
2014-12-16 12:16:22 +00:00
2014-12-16 12:22:09 +00:00
## Tutorials
2014-12-16 12:16:22 +00:00
* [Lenas Reversing for Newbies ](https://tuts4you.com/download.php?list.17 )
2014-12-17 05:34:54 +00:00
* [Malware Analysis Tutorials: a Reverse Engineering Approach ](http://fumalwareanalysis.blogspot.kr/p/malware-analysis-tutorials-reverse.html )
2014-12-16 12:16:22 +00:00
2014-12-16 12:22:09 +00:00
## Tools
2017-10-17 14:40:53 +00:00
* [nudge4j ](https://github.com/lorenzoongithub/nudge4j ) - Java tool to let the browser talk to the JVM
2014-12-17 05:34:54 +00:00
* [IDA ](https://www.hex-rays.com/products/ida/ ) - IDA is a Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger
* [OllyDbg ](http://www.ollydbg.de/ ) - A 32-bit assembler level analysing debugger for Windows
2016-10-26 05:22:11 +00:00
* [x64dbg ](http://x64dbg.com/ ) - An open-source x64/x32 debugger for Windows
2017-03-27 10:14:36 +00:00
* [dex2jar ](https://github.com/pxb1988/dex2jar ) - Tools to work with Android .dex and Java .class files
2014-12-17 05:34:54 +00:00
* [JD-GUI ](http://jd.benow.ca/ ) - A standalone graphical utility that displays Java source codes of “.class” files
2016-08-22 09:16:07 +00:00
* [procyon ](https://bitbucket.org/mstrobel/procyon/wiki/Java%20Decompiler ) - A modern open-source Java decompiler
2017-03-27 10:14:36 +00:00
* [androguard ](https://code.google.com/p/androguard/ ) - Reverse engineering, malware and goodware analysis of Android applications
2016-08-22 09:16:07 +00:00
* [JAD ](http://varaneckas.com/jad/ ) - JAD Java Decompiler (closed-source, unmaintained)
2014-12-17 05:34:54 +00:00
* [dotPeek ](https://www.jetbrains.com/decompiler/ ) - a free-of-charge .NET decompiler from JetBrains
2017-02-22 19:56:03 +00:00
* [ILSpy ](https://github.com/icsharpcode/ILSpy/ ) - an open-source .NET assembly browser and decompiler
2018-08-30 00:34:39 +00:00
* [dnSpy ](https://github.com/0xd4d/dnSpy ) - .NET assembly editor, decompiler, and debugger
* [de4dot ](https://github.com/0xd4d/de4dot ) - .NET deobfuscator and unpacker.
* [antinet ](https://github.com/0xd4d/antinet ) - .NET anti-managed debugger and anti-profiler code
2014-12-17 05:34:54 +00:00
* [UPX ](http://upx.sourceforge.net/ ) - the Ultimate Packer for eXecutables
2015-10-11 05:59:11 +00:00
* [radare2 ](https://github.com/radare/radare2 ) - A portable reversing framework
2016-07-03 09:42:08 +00:00
* [plasma ](https://github.com/joelpx/plasma ) - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
2017-03-27 10:14:36 +00:00
* [Hopper ](https://www.hopperapp.com ) - A OS X and Linux Disassembler/Decompiler for 32/64-bit Windows/Mac/Linux/iOS executables.
2017-02-04 06:31:02 +00:00
* [ScratchABit ](https://github.com/pfalcon/ScratchABit ) - Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API
2014-12-16 12:41:40 +00:00
2017-02-23 10:42:09 +00:00
2014-12-17 05:47:05 +00:00
## General
* [Open Malware ](http://www.offensivecomputing.net/ )
2014-12-17 05:34:54 +00:00
2014-12-16 12:22:09 +00:00
# Web
## Tools
2014-12-17 06:05:50 +00:00
* [sqlmap ](https://github.com/sqlmapproject/sqlmap ) - Automatic SQL injection and database takeover tool
2018-06-25 06:53:43 +00:00
* [NoSQLMap ](https://github.com/codingo/NoSQLMap ) - Automated NoSQL database enumeration and web application exploitation tool.
2014-12-16 12:41:40 +00:00
* [tools.web-max.ca ](http://tools.web-max.ca/encode_decode.php ) - base64 base85 md4,5 hash, sha1 hash encoding/decoding
2018-06-25 06:53:43 +00:00
* [VHostScan ](https://github.com/codingo/VHostScan ) - A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
* [SubFinder ](https://github.com/subfinder/subfinder ) - SubFinder is a subdomain discovery tool that discovers valid subdomains for any target using passive online sources.
2014-12-16 12:16:22 +00:00
2014-12-16 12:22:09 +00:00
# Network
## Tools
2014-12-16 12:41:40 +00:00
* [Wireshark ](https://www.wireshark.org/ ) - A free and open-source packet analyzer
* [NetworkMiner ](http://www.netresec.com/?page=NetworkMiner ) - A Network Forensic Analysis Tool (NFAT)
2017-03-27 10:14:36 +00:00
* [tcpdump ](http://www.tcpdump.org/ ) - A powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture
* [Paros ](http://sourceforge.net/projects/paros/ ) - A Java-based HTTP/HTTPS proxy for assessing web application vulnerability
2016-03-13 18:52:18 +00:00
* [pig ](https://github.com/rafael-santiago/pig ) - A Linux packet crafting tool
2014-12-16 12:41:40 +00:00
* [ZAP ](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project ) - The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications
* [mitmproxy ](https://mitmproxy.org/ ) - An interactive, SSL-capable man-in-the-middle proxy for HTTP with a console interface
2017-03-27 10:14:36 +00:00
* [mitmsocks4j ](https://github.com/Akdeniz/mitmsocks4j ) - Man-in-the-middle SOCKS Proxy for Java
2018-06-15 20:49:06 +00:00
* [ssh-mitm ](https://github.com/jtesta/ssh-mitm ) - An SSH/SFTP man-in-the-middle tool that logs interactive sessions and passwords.
2015-11-14 03:33:25 +00:00
* [nmap ](https://nmap.org/ ) - Nmap (Network Mapper) is a security scanner
2014-12-17 05:58:50 +00:00
* [Aircrack-ng ](http://www.aircrack-ng.org/ ) - An 802.11 WEP and WPA-PSK keys cracking program
2017-03-27 10:14:36 +00:00
* [Charles Proxy ](https://charlesproxy.com ) - A cross-platform GUI web debugging proxy to view intercepted HTTP and HTTPS/SSL live traffic
2018-08-30 00:34:39 +00:00
* [Nipe ](https://github.com/GouveaHeitor/nipe ) - A script to make Tor Network your default gateway.
2017-09-16 16:19:53 +00:00
* [Habu ](https://github.com/portantier/habu ) - Python Network Hacking Toolkit
2017-10-22 19:31:04 +00:00
* [Wifi Jammer ](https://n0where.net/wifijammer/ ) - Free program to jam all wifi clients in range
* [Firesheep ](https://codebutler.github.io/firesheep/ ) - Free program for HTTP session hijacking attacks.
2018-05-02 16:54:03 +00:00
* [Scapy ](https://github.com/secdev/scapy ) - A Python tool and library for low level packet creation and manipulation
2018-07-26 01:36:48 +00:00
* [Amass ](https://github.com/OWASP/Amass ) - In-depth subdomain enumeration tool that performs scraping, recursive brute forcing, crawling of web archives, name altering and reverse DNS sweeping
2014-12-17 05:58:50 +00:00
2014-12-16 12:16:22 +00:00
2014-12-16 12:41:40 +00:00
# Forensic
## Tools
2018-05-11 00:34:07 +00:00
* [Autopsy ](http://www.sleuthkit.org/autopsy/ ) - A digital forensics platform and graphical interface to [The Sleuth Kit ](http://www.sleuthkit.org/sleuthkit/index.php ) and other digital forensics tools
2017-03-27 10:14:36 +00:00
* [sleuthkit ](https://github.com/sleuthkit/sleuthkit ) - A library and collection of command-line digital forensics tools
* [EnCase ](https://www.guidancesoftware.com/products/Pages/encase-forensic/overview.aspx ) - The shared technology within a suite of digital investigations products by Guidance Software
2014-12-17 05:34:54 +00:00
* [malzilla ](http://malzilla.sourceforge.net/ ) - Malware hunting tool
2017-03-27 10:14:36 +00:00
* [PEview ](http://wjradburn.com/software/ ) - A quick and easy way to view the structure and content of 32-bit Portable Executable (PE) and Component Object File Format (COFF) files
2014-12-17 05:34:54 +00:00
* [HxD ](http://mh-nexus.de/en/hxd/ ) - A hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size
* [WinHex ](http://www.winhex.com/winhex/ ) - A hexadecimal editor, helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security
* [BinText ](http://www.mcafee.com/kr/downloads/free-tools/bintext.aspx ) - A small, very fast and powerful text extractor that will be of particular interest to programmers
2014-12-16 12:41:40 +00:00
# Cryptography
2014-12-17 05:58:50 +00:00
### Tools
2017-03-27 10:14:36 +00:00
* [xortool ](https://github.com/hellman/xortool ) - A tool to analyze multi-byte XOR cipher
2014-12-17 05:58:50 +00:00
* [John the Ripper ](http://www.openwall.com/john/ ) - A fast password cracker
2014-12-17 06:28:59 +00:00
* [Aircrack ](http://www.aircrack-ng.org/ ) - Aircrack is 802.11 WEP and WPA-PSK keys cracking program.
2014-12-17 05:58:50 +00:00
2014-12-16 12:41:40 +00:00
2014-12-16 12:22:09 +00:00
# Wargame
## System
2014-12-16 12:41:40 +00:00
* [OverTheWire - Semtex ](http://overthewire.org/wargames/semtex/ )
* [OverTheWire - Vortex ](http://overthewire.org/wargames/vortex/ )
* [OverTheWire - Drifter ](http://overthewire.org/wargames/drifter/ )
* [pwnable.kr ](http://pwnable.kr/ ) - Provide various pwn challenges regarding system security
2014-12-17 05:34:54 +00:00
* [Exploit Exercises - Nebula ](https://exploit-exercises.com/nebula/ )
2014-12-16 12:41:40 +00:00
* [SmashTheStack ](http://smashthestack.org/ )
2014-12-16 12:16:22 +00:00
2014-12-17 05:34:54 +00:00
## Reverse Engineering
2014-12-16 12:41:40 +00:00
* [Reversing.kr ](http://www.reversing.kr/ ) - This site tests your ability to Cracking & Reverse Code Engineering
* [CodeEngn ](http://codeengn.com/challenges/ ) - (Korean)
2014-12-17 05:34:54 +00:00
* [simples.kr ](http://simples.kr/ ) - (Korean)
2016-05-14 15:19:50 +00:00
* [Crackmes.de ](http://crackmes.de/ ) - The world first and largest community website for crackmes and reversemes.
2014-12-16 12:16:22 +00:00
2014-12-16 12:22:09 +00:00
## Web
2014-12-16 12:16:22 +00:00
* [Hack This Site! ](https://www.hackthissite.org/ ) - a free, safe and legal training ground for hackers to test and expand their hacking skills
2018-03-30 08:47:33 +00:00
* [Hack The Box ](https://www.hackthebox.eu ) - a free site to perform pentesting in a variety of different systems.
2014-12-16 12:16:22 +00:00
* [Webhacking.kr ](http://webhacking.kr/ )
2015-11-14 03:33:25 +00:00
* [0xf.at ](https://0xf.at/ ) - a website without logins or ads where you can solve password-riddles (so called hackits).
2018-05-30 18:10:05 +00:00
* [Gruyere ](https://google-gruyere.appspot.com/ )
* [Others ](https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project#tab=On-Line_apps )
2014-12-16 12:16:22 +00:00
2014-12-16 12:41:40 +00:00
## Cryptography
* [OverTheWire - Krypton ](http://overthewire.org/wargames/krypton/ )
2017-10-28 11:33:18 +00:00
## Bug bounty
2018-05-11 00:34:07 +00:00
* [Awesome bug bounty resources by EdOverflow ](https://github.com/EdOverflow/bugbounty-cheatsheet )
2014-12-16 12:22:09 +00:00
# CTF
2014-12-17 05:34:54 +00:00
## Competition
2014-12-16 12:16:22 +00:00
* [DEF CON ](https://legitbs.net/ )
* [CSAW CTF ](https://ctf.isis.poly.edu/ )
2014-12-17 05:34:54 +00:00
* [hack.lu CTF ](http://hack.lu/ )
* [Pliad CTF ](http://www.plaidctf.com/ )
2014-12-17 05:47:05 +00:00
* [RuCTFe ](http://ructf.org/e/ )
* [Ghost in the Shellcode ](http://ghostintheshellcode.com/ )
2015-11-14 03:33:25 +00:00
* [PHD CTF ](http://www.phdays.com/ )
2014-12-17 05:47:05 +00:00
* [SECUINSIDE CTF ](http://secuinside.com/ )
* [Codegate CTF ](http://ctf.codegate.org/html/Main.html?lang=eng )
* [Boston Key Party CTF ](http://bostonkeyparty.net/ )
2018-06-23 21:29:38 +00:00
* [ZeroDays CTF ](https://zerodays.ie/ )
* [Insomni’ hack ](https://insomnihack.ch/ )
2019-03-15 19:30:12 +00:00
* [Pico CTF ](https://picoctf.com/ )
2018-10-02 06:48:47 +00:00
* [prompt(1) to win ](http://prompt.ml/ ) - XSS Challeges
2014-12-17 05:34:54 +00:00
2014-12-17 05:58:50 +00:00
## General
2017-05-23 03:08:18 +00:00
* [Hack+ ](http://hack.plus ) - An Intelligent network of bots that fetch the latest InfoSec content.
2014-12-17 05:34:54 +00:00
* [CTFtime.org ](https://ctftime.org/ ) - All about CTF (Capture The Flag)
* [WeChall ](http://www.wechall.net/ )
2015-11-14 03:33:25 +00:00
* [CTF archives (shell-storm) ](http://shell-storm.org/repo/CTF/ )
2016-11-01 01:45:58 +00:00
* [Rookit Arsenal ](https://amzn.com/144962636X ) - OS RE and rootkit development
2017-03-05 22:56:33 +00:00
* [Pentest Cheat Sheets ](https://github.com/coreb1t/awesome-pentest-cheat-sheets ) - Collection of cheat sheets useful for pentesting
2018-05-11 00:34:07 +00:00
* [Movies For Hackers ](https://github.com/k4m4/movies-for-hackers ) - A curated list of movies every hacker & cyberpunk must watch.
2014-12-17 05:58:50 +00:00
2017-02-15 20:02:46 +00:00
# OS
2017-02-22 19:56:03 +00:00
## Online resources
2017-02-15 20:02:46 +00:00
* [Security related Operating Systems @ Rawsec ](http://rawsec.ml/en/security-related-os/ ) - Complete list of security related operating systems
* [Best Linux Penetration Testing Distributions @ CyberPunk ](https://n0where.net/best-linux-penetration-testing-distributions/ ) - Description of main penetration testing distributions
2017-02-15 20:22:46 +00:00
* [Security @ Distrowatch ](http://distrowatch.com/search.php?category=Security ) - Website dedicated to talking about, reviewing and keeping up to date with open source operating systems
2017-02-15 20:02:46 +00:00
2014-12-17 06:05:50 +00:00
# ETC
2014-12-17 05:58:50 +00:00
* [SecTools ](http://sectools.org/ ) - Top 125 Network Security Tools