2014-12-16 12:16:22 +00:00
# Awesome Hacking
2014-12-17 05:34:54 +00:00
A curated list of awesome Hacking. Inspired by [awesome-machine-learning ](https://github.com/josephmisiti/awesome-machine-learning/ )
2014-12-16 12:16:22 +00:00
2014-12-17 05:34:54 +00:00
If you want to contribute to this list (please do), send me a pull request or contact me [@carpedm20 ](https://www.twitter.com/carpedm20 )
For a list of free hacking books available for download, go [here ](https://github.com/josephmisiti/awesome-machine-learning/blob/master/books.md )
## Table of Contents
<!-- MarkdownTOC depth=4 -->
2014-12-16 12:16:22 +00:00
- [System ](#system )
2014-12-17 05:34:54 +00:00
- [Tutorials ](#system-tutorials )
- [Tools ](#system-tools )
2014-12-17 05:47:05 +00:00
- [General ](#system-general )
2014-12-17 05:34:54 +00:00
- [Reverse Engineering ](#reverse-engineering )
- [Tutorials ](#reverse-engineering-tutorials )
2014-12-16 12:16:22 +00:00
- [Tools ](#reverse-engineering-tools )
2014-12-17 05:47:05 +00:00
- [General ](#reverse-engineering-general )
2014-12-16 12:16:22 +00:00
- [Web ](#web )
2014-12-16 12:41:40 +00:00
- [Tutorials ](#web-tutorials )
2014-12-16 12:16:22 +00:00
- [Tools ](#web-tools )
- [Network ](#network )
- [Tutorials ](#network-tutorials )
- [Tools ](#network-tools )
2014-12-16 12:41:40 +00:00
- [Forensic ](#forensic )
2014-12-17 05:34:54 +00:00
- [Tutorials ](#forensic-tutorials )
- [Tools ](#forensic-tools )
2014-12-16 12:41:40 +00:00
- [Cryptography ](#cryptography )
2014-12-17 05:34:54 +00:00
- [Tutorials ](#cryptography-tutorials )
- [Tools ](#cryptography-tools )
2014-12-16 12:16:22 +00:00
- [Wargame ](#wargame )
2014-12-17 05:47:05 +00:00
- [System ](#wargame-system )
- [Reverse Engineering ](#wargame-reverse-engineering )
- [Web ](#wargame-web )
- [Network ](#wargame-network )
- [Forensic ](#wargame-forensic )
- [Cryptography ](#wargame-cryptography )
2014-12-17 05:34:54 +00:00
- [CTF ](#ctf )
- [Competition ](#ctf-competiton )
2014-12-17 05:58:50 +00:00
- [General ](#ctf-general )
- [General ](#general )
2014-12-17 05:34:54 +00:00
<!-- /MarkdownTOC -->
< a name = "system" / >
2014-12-16 12:22:09 +00:00
# System
2014-12-16 12:16:22 +00:00
2014-12-17 05:34:54 +00:00
< a name = "system-tutorial" / >
## Tutorials
* [Corelan Team's Exploit writing tutorial ](https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/ )
* [Exploit Writing Tutorials for Pentesters ](http://www.punter-infosec.com/exploit-writing-tutorials-for-pentesters/ )
< a name = "system-tools" / >
## Tools
* [Metasploit ](https://github.com/rapid7/metasploit-framework ) A computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.
* [mimikatz ](https://github.com/gentilkiwi/mimikatz ) - A little tool to play with Windows security
2014-12-16 12:16:22 +00:00
2014-12-17 05:47:05 +00:00
< a name = "system-general" / >
## General
* [Exploit database ](http://www.exploit-db.com/ ) - An ultimate archive of exploits and vulnerable software
2014-12-17 05:34:54 +00:00
< a name = "reverse-engineering" / >
2014-12-16 12:22:09 +00:00
# Reverse Engineering
2014-12-16 12:16:22 +00:00
2014-12-17 05:34:54 +00:00
< a name = "reverse-engineering-tutorial" / >
2014-12-16 12:22:09 +00:00
## Tutorials
2014-12-16 12:16:22 +00:00
* [Lenas Reversing for Newbies ](https://tuts4you.com/download.php?list.17 )
2014-12-17 05:34:54 +00:00
* [Malware Analysis Tutorials: a Reverse Engineering Approach ](http://fumalwareanalysis.blogspot.kr/p/malware-analysis-tutorials-reverse.html )
2014-12-16 12:16:22 +00:00
2014-12-17 05:34:54 +00:00
< a name = "reverse-engineering-tools" / >
2014-12-16 12:22:09 +00:00
## Tools
2014-12-17 05:34:54 +00:00
* [IDA ](https://www.hex-rays.com/products/ida/ ) - IDA is a Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger
* [OllyDbg ](http://www.ollydbg.de/ ) - A 32-bit assembler level analysing debugger for Windows
* [dex2jar ](https://code.google.com/p/dex2jar/ ) - Tools to work with android .dex and java .class files
* [JD-GUI ](http://jd.benow.ca/ ) - A standalone graphical utility that displays Java source codes of “.class” files
2014-12-17 06:23:14 +00:00
* [androguard ](https://code.google.com/p/androguard/ ) - Reverse engineering, Malware and goodware analysis of Android applications
2014-12-17 05:34:54 +00:00
* [JAD ](http://varaneckas.com/jad/ ) - JAD Java Decompiler
* [dotPeek ](https://www.jetbrains.com/decompiler/ ) - a free-of-charge .NET decompiler from JetBrains
* [UPX ](http://upx.sourceforge.net/ ) - the Ultimate Packer for eXecutables
2014-12-16 12:41:40 +00:00
2014-12-17 05:47:05 +00:00
< a name = "reverse-engineering-general" / >
## General
* [Open Malware ](http://www.offensivecomputing.net/ )
2014-12-17 05:34:54 +00:00
< a name = "web" / >
2014-12-16 12:22:09 +00:00
# Web
2014-12-17 05:34:54 +00:00
< a name = "web-tools" / >
2014-12-16 12:22:09 +00:00
## Tools
2014-12-17 06:05:50 +00:00
* [sqlmap ](https://github.com/sqlmapproject/sqlmap ) - Automatic SQL injection and database takeover tool
2014-12-16 12:41:40 +00:00
* [tools.web-max.ca ](http://tools.web-max.ca/encode_decode.php ) - base64 base85 md4,5 hash, sha1 hash encoding/decoding
2014-12-16 12:16:22 +00:00
2014-12-17 05:34:54 +00:00
< a name = "network" / >
2014-12-16 12:22:09 +00:00
# Network
2014-12-17 05:34:54 +00:00
< a name = "network-tools" / >
2014-12-16 12:22:09 +00:00
## Tools
2014-12-16 12:41:40 +00:00
* [Wireshark ](https://www.wireshark.org/ ) - A free and open-source packet analyzer
* [NetworkMiner ](http://www.netresec.com/?page=NetworkMiner ) - A Network Forensic Analysis Tool (NFAT)
2014-12-17 05:34:54 +00:00
* [tcpdump ](http://www.tcpdump.org/ ) - a powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture
2014-12-16 12:16:22 +00:00
* [Paros ](http://sourceforge.net/projects/paros/ ) - A Java based HTTP/HTTPS proxy for assessing web application vulnerability
2014-12-16 12:41:40 +00:00
* [ZAP ](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project ) - The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications
* [mitmproxy ](https://mitmproxy.org/ ) - An interactive, SSL-capable man-in-the-middle proxy for HTTP with a console interface
2014-12-16 12:16:22 +00:00
* [mitmsocks4j ](https://github.com/Akdeniz/mitmsocks4j ) - Man in the Middle SOCKS Proxy for JAVA
* [nmap ](http://nmap.org/ ) - Nmap (Network Mapper) is a security scanner
2014-12-17 05:58:50 +00:00
* [Aircrack-ng ](http://www.aircrack-ng.org/ ) - An 802.11 WEP and WPA-PSK keys cracking program
2014-12-16 12:16:22 +00:00
2014-12-17 05:34:54 +00:00
< a name = "forensic" / >
2014-12-16 12:41:40 +00:00
# Forensic
2014-12-17 05:34:54 +00:00
< a name = "forensic-tools" / >
2014-12-16 12:41:40 +00:00
## Tools
2014-12-17 06:05:50 +00:00
* [Autospy ](http://www.sleuthkit.org/autopsy/ ) - A digital forensics platform and graphical interface to [The Sleuth Kit ](http://www.sleuthkit.org/sleuthkit/index.php ) and other digital forensics tools
* [sleuthkit ](https://github.com/sleuthkit/sleuthkit ) - A library and collection of command line digital forensics tools
2014-12-17 05:34:54 +00:00
* [malzilla ](http://malzilla.sourceforge.net/ ) - Malware hunting tool
* [PEview ](http://wjradburn.com/software/ ) - a quick and easy way to view the structure and content of 32-bit Portable Executable (PE) and Component Object File Format (COFF) files
* [HxD ](http://mh-nexus.de/en/hxd/ ) - A hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size
* [WinHex ](http://www.winhex.com/winhex/ ) - A hexadecimal editor, helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security
* [BinText ](http://www.mcafee.com/kr/downloads/free-tools/bintext.aspx ) - A small, very fast and powerful text extractor that will be of particular interest to programmers
2014-12-16 12:41:40 +00:00
# Cryptography
2014-12-17 05:58:50 +00:00
### Tools
* [xortool ](https://github.com/hellman/xortool ) - A tool to analyze multi-byte xor cipher
* [John the Ripper ](http://www.openwall.com/john/ ) - A fast password cracker
2014-12-16 12:41:40 +00:00
2014-12-17 05:34:54 +00:00
< a name = "wargame" / >
2014-12-16 12:22:09 +00:00
# Wargame
2014-12-17 05:34:54 +00:00
< a name = "wargame-system" / >
2014-12-16 12:22:09 +00:00
## System
2014-12-16 12:41:40 +00:00
* [OverTheWire - Semtex ](http://overthewire.org/wargames/semtex/ )
* [OverTheWire - Vortex ](http://overthewire.org/wargames/vortex/ )
* [OverTheWire - Drifter ](http://overthewire.org/wargames/drifter/ )
* [pwnable.kr ](http://pwnable.kr/ ) - Provide various pwn challenges regarding system security
2014-12-17 05:34:54 +00:00
* [Exploit Exercises - Nebula ](https://exploit-exercises.com/nebula/ )
2014-12-16 12:41:40 +00:00
* [SmashTheStack ](http://smashthestack.org/ )
2014-12-16 12:16:22 +00:00
2014-12-17 05:34:54 +00:00
< a name = "wargame-reverse-engineering" / >
## Reverse Engineering
2014-12-16 12:41:40 +00:00
* [Reversing.kr ](http://www.reversing.kr/ ) - This site tests your ability to Cracking & Reverse Code Engineering
* [CodeEngn ](http://codeengn.com/challenges/ ) - (Korean)
2014-12-17 05:34:54 +00:00
* [simples.kr ](http://simples.kr/ ) - (Korean)
2014-12-16 12:16:22 +00:00
2014-12-17 05:34:54 +00:00
< a name = "wargame-web" / >
2014-12-16 12:22:09 +00:00
## Web
2014-12-16 12:16:22 +00:00
* [Hack This Site! ](https://www.hackthissite.org/ ) - a free, safe and legal training ground for hackers to test and expand their hacking skills
* [Webhacking.kr ](http://webhacking.kr/ )
2014-12-17 05:34:54 +00:00
< a name = "wargame-cryptography" / >
2014-12-16 12:41:40 +00:00
## Cryptography
* [OverTheWire - Krypton ](http://overthewire.org/wargames/krypton/ )
2014-12-16 12:22:09 +00:00
2014-12-17 05:34:54 +00:00
< a name = "ctf" / >
2014-12-16 12:22:09 +00:00
# CTF
2014-12-17 05:34:54 +00:00
< a name = "ctf-competition" / >
## Competition
2014-12-16 12:16:22 +00:00
* [DEF CON ](https://legitbs.net/ )
* [CSAW CTF ](https://ctf.isis.poly.edu/ )
2014-12-17 05:34:54 +00:00
* [hack.lu CTF ](http://hack.lu/ )
* [Pliad CTF ](http://www.plaidctf.com/ )
2014-12-17 05:47:05 +00:00
* [RuCTFe ](http://ructf.org/e/ )
* [Ghost in the Shellcode ](http://ghostintheshellcode.com/ )
* [PHD CTF ](http://phdays.com/ )
* [SECUINSIDE CTF ](http://secuinside.com/ )
* [Codegate CTF ](http://ctf.codegate.org/html/Main.html?lang=eng )
* [Boston Key Party CTF ](http://bostonkeyparty.net/ )
2014-12-17 05:34:54 +00:00
2014-12-17 05:58:50 +00:00
< a name = "ctf-general" / >
## General
2014-12-17 05:34:54 +00:00
* [CTFtime.org ](https://ctftime.org/ ) - All about CTF (Capture The Flag)
* [WeChall ](http://www.wechall.net/ )
2014-12-17 05:58:50 +00:00
* [CTF archives ](www.shell-storm.org/repo/CTF/ )
2014-12-17 06:05:50 +00:00
< a name = "etc" / >
# ETC
2014-12-17 05:58:50 +00:00
* [SecTools ](http://sectools.org/ ) - Top 125 Network Security Tools
* [BackTrack ](http://www.backtrack-linux.org/ )