awesome-hacking/README.md

192 lines
8.2 KiB
Markdown
Raw Normal View History

2014-12-16 12:16:22 +00:00
# Awesome Hacking
2014-12-17 05:34:54 +00:00
A curated list of awesome Hacking. Inspired by [awesome-machine-learning](https://github.com/josephmisiti/awesome-machine-learning/)
2014-12-16 12:16:22 +00:00
2014-12-17 05:34:54 +00:00
If you want to contribute to this list (please do), send me a pull request or contact me [@carpedm20](https://www.twitter.com/carpedm20)
For a list of free hacking books available for download, go [here](https://github.com/josephmisiti/awesome-machine-learning/blob/master/books.md)
## Table of Contents
<!-- MarkdownTOC depth=4 -->
2014-12-16 12:16:22 +00:00
- [System](#system)
2014-12-17 05:34:54 +00:00
- [Tutorials](#system-tutorials)
- [Tools](#system-tools)
2014-12-17 05:47:05 +00:00
- [General](#system-general)
2014-12-17 05:34:54 +00:00
- [Reverse Engineering](#reverse-engineering)
- [Tutorials](#reverse-engineering-tutorials)
2014-12-16 12:16:22 +00:00
- [Tools](#reverse-engineering-tools)
2014-12-17 05:47:05 +00:00
- [General](#reverse-engineering-general)
2014-12-16 12:16:22 +00:00
- [Web](#web)
2014-12-16 12:41:40 +00:00
- [Tutorials](#web-tutorials)
2014-12-16 12:16:22 +00:00
- [Tools](#web-tools)
- [Network](#network)
- [Tutorials](#network-tutorials)
- [Tools](#network-tools)
2014-12-16 12:41:40 +00:00
- [Forensic](#forensic)
2014-12-17 05:34:54 +00:00
- [Tutorials](#forensic-tutorials)
- [Tools](#forensic-tools)
2014-12-16 12:41:40 +00:00
- [Cryptography](#cryptography)
2014-12-17 05:34:54 +00:00
- [Tutorials](#cryptography-tutorials)
- [Tools](#cryptography-tools)
2014-12-16 12:16:22 +00:00
- [Wargame](#wargame)
2014-12-17 05:47:05 +00:00
- [System](#wargame-system)
- [Reverse Engineering](#wargame-reverse-engineering)
- [Web](#wargame-web)
- [Network](#wargame-network)
- [Forensic](#wargame-forensic)
- [Cryptography](#wargame-cryptography)
2014-12-17 05:34:54 +00:00
- [CTF](#ctf)
- [Competition](#ctf-competiton)
2014-12-17 05:58:50 +00:00
- [General](#ctf-general)
- [General](#general)
2014-12-17 05:34:54 +00:00
<!-- /MarkdownTOC -->
<a name="system" />
2014-12-16 12:22:09 +00:00
# System
2014-12-16 12:16:22 +00:00
2014-12-17 05:34:54 +00:00
<a name="system-tutorial" />
## Tutorials
* [Corelan Team's Exploit writing tutorial](https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/)
* [Exploit Writing Tutorials for Pentesters](http://www.punter-infosec.com/exploit-writing-tutorials-for-pentesters/)
<a name="system-tools" />
## Tools
* [Metasploit](https://github.com/rapid7/metasploit-framework) A computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.
* [mimikatz](https://github.com/gentilkiwi/mimikatz) - A little tool to play with Windows security
2014-12-16 12:16:22 +00:00
2014-12-17 05:47:05 +00:00
<a name="system-general" />
## General
* [Exploit database](http://www.exploit-db.com/) - An ultimate archive of exploits and vulnerable software
2014-12-17 05:34:54 +00:00
<a name="reverse-engineering" />
2014-12-16 12:22:09 +00:00
# Reverse Engineering
2014-12-16 12:16:22 +00:00
2014-12-17 05:34:54 +00:00
<a name="reverse-engineering-tutorial" />
2014-12-16 12:22:09 +00:00
## Tutorials
2014-12-16 12:16:22 +00:00
* [Lenas Reversing for Newbies](https://tuts4you.com/download.php?list.17)
2014-12-17 05:34:54 +00:00
* [Malware Analysis Tutorials: a Reverse Engineering Approach](http://fumalwareanalysis.blogspot.kr/p/malware-analysis-tutorials-reverse.html)
2014-12-16 12:16:22 +00:00
2014-12-17 05:34:54 +00:00
<a name="reverse-engineering-tools" />
2014-12-16 12:22:09 +00:00
## Tools
2014-12-17 05:34:54 +00:00
* [IDA](https://www.hex-rays.com/products/ida/) - IDA is a Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger
* [OllyDbg](http://www.ollydbg.de/) - A 32-bit assembler level analysing debugger for Windows
* [dex2jar](https://code.google.com/p/dex2jar/) - Tools to work with android .dex and java .class files
* [JD-GUI](http://jd.benow.ca/) - A standalone graphical utility that displays Java source codes of “.class” files
2014-12-17 06:23:14 +00:00
* [androguard](https://code.google.com/p/androguard/) - Reverse engineering, Malware and goodware analysis of Android applications
2014-12-17 05:34:54 +00:00
* [JAD](http://varaneckas.com/jad/) - JAD Java Decompiler
* [dotPeek](https://www.jetbrains.com/decompiler/) - a free-of-charge .NET decompiler from JetBrains
* [UPX](http://upx.sourceforge.net/) - the Ultimate Packer for eXecutables
2014-12-16 12:41:40 +00:00
2014-12-17 05:47:05 +00:00
<a name="reverse-engineering-general" />
## General
* [Open Malware](http://www.offensivecomputing.net/)
2014-12-17 05:34:54 +00:00
<a name="web" />
2014-12-16 12:22:09 +00:00
# Web
2014-12-17 05:34:54 +00:00
<a name="web-tools" />
2014-12-16 12:22:09 +00:00
## Tools
2014-12-17 06:05:50 +00:00
* [sqlmap](https://github.com/sqlmapproject/sqlmap) - Automatic SQL injection and database takeover tool
2014-12-16 12:41:40 +00:00
* [tools.web-max.ca](http://tools.web-max.ca/encode_decode.php) - base64 base85 md4,5 hash, sha1 hash encoding/decoding
2014-12-16 12:16:22 +00:00
2014-12-17 05:34:54 +00:00
<a name="network" />
2014-12-16 12:22:09 +00:00
# Network
2014-12-17 05:34:54 +00:00
<a name="network-tools" />
2014-12-16 12:22:09 +00:00
## Tools
2014-12-16 12:41:40 +00:00
* [Wireshark](https://www.wireshark.org/) - A free and open-source packet analyzer
* [NetworkMiner](http://www.netresec.com/?page=NetworkMiner) - A Network Forensic Analysis Tool (NFAT)
2014-12-17 05:34:54 +00:00
* [tcpdump](http://www.tcpdump.org/) - a powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture
2014-12-16 12:16:22 +00:00
* [Paros](http://sourceforge.net/projects/paros/) - A Java based HTTP/HTTPS proxy for assessing web application vulnerability
2014-12-16 12:41:40 +00:00
* [ZAP](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project) - The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications
* [mitmproxy](https://mitmproxy.org/) - An interactive, SSL-capable man-in-the-middle proxy for HTTP with a console interface
2014-12-16 12:16:22 +00:00
* [mitmsocks4j](https://github.com/Akdeniz/mitmsocks4j) - Man in the Middle SOCKS Proxy for JAVA
* [nmap](http://nmap.org/) - Nmap (Network Mapper) is a security scanner
2014-12-17 05:58:50 +00:00
* [Aircrack-ng](http://www.aircrack-ng.org/) - An 802.11 WEP and WPA-PSK keys cracking program
2014-12-16 12:16:22 +00:00
2014-12-17 05:34:54 +00:00
<a name="forensic" />
2014-12-16 12:41:40 +00:00
# Forensic
2014-12-17 05:34:54 +00:00
<a name="forensic-tools" />
2014-12-16 12:41:40 +00:00
## Tools
2014-12-17 06:05:50 +00:00
* [Autospy](http://www.sleuthkit.org/autopsy/) - A digital forensics platform and graphical interface to [The Sleuth Kit](http://www.sleuthkit.org/sleuthkit/index.php) and other digital forensics tools
* [sleuthkit](https://github.com/sleuthkit/sleuthkit) - A library and collection of command line digital forensics tools
2014-12-17 05:34:54 +00:00
* [malzilla](http://malzilla.sourceforge.net/) - Malware hunting tool
* [PEview](http://wjradburn.com/software/) - a quick and easy way to view the structure and content of 32-bit Portable Executable (PE) and Component Object File Format (COFF) files
* [HxD](http://mh-nexus.de/en/hxd/) - A hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size
* [WinHex](http://www.winhex.com/winhex/) - A hexadecimal editor, helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security
* [BinText](http://www.mcafee.com/kr/downloads/free-tools/bintext.aspx) - A small, very fast and powerful text extractor that will be of particular interest to programmers
2014-12-16 12:41:40 +00:00
# Cryptography
2014-12-17 05:58:50 +00:00
### Tools
* [xortool](https://github.com/hellman/xortool) - A tool to analyze multi-byte xor cipher
* [John the Ripper](http://www.openwall.com/john/) - A fast password cracker
2014-12-16 12:41:40 +00:00
2014-12-17 05:34:54 +00:00
<a name="wargame" />
2014-12-16 12:22:09 +00:00
# Wargame
2014-12-17 05:34:54 +00:00
<a name="wargame-system" />
2014-12-16 12:22:09 +00:00
## System
2014-12-16 12:41:40 +00:00
* [OverTheWire - Semtex](http://overthewire.org/wargames/semtex/)
* [OverTheWire - Vortex](http://overthewire.org/wargames/vortex/)
* [OverTheWire - Drifter](http://overthewire.org/wargames/drifter/)
* [pwnable.kr](http://pwnable.kr/) - Provide various pwn challenges regarding system security
2014-12-17 05:34:54 +00:00
* [Exploit Exercises - Nebula](https://exploit-exercises.com/nebula/)
2014-12-16 12:41:40 +00:00
* [SmashTheStack](http://smashthestack.org/)
2014-12-16 12:16:22 +00:00
2014-12-17 05:34:54 +00:00
<a name="wargame-reverse-engineering" />
## Reverse Engineering
2014-12-16 12:41:40 +00:00
* [Reversing.kr](http://www.reversing.kr/) - This site tests your ability to Cracking & Reverse Code Engineering
* [CodeEngn](http://codeengn.com/challenges/) - (Korean)
2014-12-17 05:34:54 +00:00
* [simples.kr](http://simples.kr/) - (Korean)
2014-12-16 12:16:22 +00:00
2014-12-17 05:34:54 +00:00
<a name="wargame-web" />
2014-12-16 12:22:09 +00:00
## Web
2014-12-16 12:16:22 +00:00
* [Hack This Site!](https://www.hackthissite.org/) - a free, safe and legal training ground for hackers to test and expand their hacking skills
* [Webhacking.kr](http://webhacking.kr/)
2014-12-17 05:34:54 +00:00
<a name="wargame-cryptography" />
2014-12-16 12:41:40 +00:00
## Cryptography
* [OverTheWire - Krypton](http://overthewire.org/wargames/krypton/)
2014-12-16 12:22:09 +00:00
2014-12-17 05:34:54 +00:00
<a name="ctf" />
2014-12-16 12:22:09 +00:00
# CTF
2014-12-17 05:34:54 +00:00
<a name="ctf-competition" />
## Competition
2014-12-16 12:16:22 +00:00
* [DEF CON](https://legitbs.net/)
* [CSAW CTF](https://ctf.isis.poly.edu/)
2014-12-17 05:34:54 +00:00
* [hack.lu CTF](http://hack.lu/)
* [Pliad CTF](http://www.plaidctf.com/)
2014-12-17 05:47:05 +00:00
* [RuCTFe](http://ructf.org/e/)
* [Ghost in the Shellcode](http://ghostintheshellcode.com/)
* [PHD CTF](http://phdays.com/)
* [SECUINSIDE CTF](http://secuinside.com/)
* [Codegate CTF](http://ctf.codegate.org/html/Main.html?lang=eng)
* [Boston Key Party CTF](http://bostonkeyparty.net/)
2014-12-17 05:34:54 +00:00
2014-12-17 05:58:50 +00:00
<a name="ctf-general" />
## General
2014-12-17 05:34:54 +00:00
* [CTFtime.org](https://ctftime.org/) - All about CTF (Capture The Flag)
* [WeChall](http://www.wechall.net/)
2014-12-17 05:58:50 +00:00
* [CTF archives](www.shell-storm.org/repo/CTF/)
2014-12-17 06:05:50 +00:00
<a name="etc" />
# ETC
2014-12-17 05:58:50 +00:00
* [SecTools](http://sectools.org/) - Top 125 Network Security Tools
* [BackTrack](http://www.backtrack-linux.org/)