A collection of awesome lists for hackers, pentesters & security researchers.
A curated list of awesome Hacking Tools. Your contributions are always welcome !
Repository
Description
Awesome Malware Analysis
A curated list of awesome malware analysis tools and resources
Awesome-Hacking
A collection of various awesome lists for hackers, pentesters and security researchers
Awesome-osint
A curated list of amazingly awesome OSINT
Code examples for Penetration Testing
this is The CODE, but very simple and light. No VIDEO/AUDIO/TEXT lectures
fuzzdb
Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
HUNT Proxy Extension
Identify common parameters vulnerable to certain vulnerability classes (HUNT Scanner, availible for Burp Suite PRO and ZAProxy). Organize testing methodologies (currently avalible only inside of Burp Suite).
List of Sec talks/videos
A curated list of awesome Security talks
Scanners-Box
The toolbox of open source scanners
SecLists
It is a collection of multiple types of lists used during security assessments
Xerosploit
Efficient and advanced man in the middle framework
ctf-tools
Some setup scripts for security research tools.
PENTEST-WIKI
PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.
Awesome custom projects / Scripts
Name
Description
mimikatz
A useful tool to play with Windows security including extracting plaintext passwords, kerberos tickets, etc.
LAZY script v2.1.3
The LAZY script will make your life easier, and of course faster.
XSStrike
XSStrike is a program which can fuzz and bruteforce parameters for XSS. It can also detect and bypass WAFs.
SubFinder
Subdomain discovery tool for use on web application engagements. SubFinder is a subdomain discovery tool that discovers valid subdomains for any target using passive online sources.
VHostScan
A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
Name
Description
BeEF
Browser Exploitation Framework (Beef)
Core Impact
Core Impact provides vulnerability assessment and penetration security testing throughout your organization.
Metasploit
The world’s most used penetration testing framework
Name
Description
DefenseMatrix
Full security solution for Linux Servers
Kernelpop
kernel privilege escalation enumeration and exploitation framework
Lynis
Security auditing tool for Linux, macOS, and UNIX-based systems.
linux-explorer
Easy-to-use live forensics toolbox for Linux endpoints
Katoolin
Automatically install all Kali linux tools in distros like Ubuntu
Name
Description
0day
Inj3ct0r is the ultimate database of exploits and vulnerabilities and a great resource for vulnerability researchers and security professionals.
cxsecurity
Exploit Database
exploit-db
Exploits Database by Offensive Security
iedb
Iranian Exploit DataBase
rapid7
Vulnerability & Exploit Database - Rapid7
Name
Description
malice.io
Open source version of VirusTotal that anyone can use at any scale from an independent researcher to a fortune 500 company.
Name
Description
BetterCAP
MITM attacks against a network, manipulate HTTP, HTTPS and TCP traffic in realtime, sniff for credentials and much more.
Burp Suite
GUI based tool for testing Web application security.
Ettercap
Ettercap is a comprehensive suite for man in the middle attacks
Evilginx
Man-in-the-middle attack framework used for phishing credentials and session cookies of any web service.
MITMf
Framework for Man-In-The-Middle attacks
mitmproxy
An interactive console program that allows traffic flows to be intercepted, inspected, modified and replayed
Name
Description
SQLmap
Automatic SQL injection and database takeover tool
SQLninja
SQL Server injection & takeover tool
SQLiv
Massive SQL injection scanner
Name
Description
Portia
Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised.
RSPET
RSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.
Search Engine for Penetration Tester
Name
Description
Spyse
Spyse collects valuable data from all open source internet and stores it in its own database to provide instant access to the data.
Censys
Censys continually monitors every reachable server and device on the Internet, so you can search for and analyze them in real time
Shodan
Shodan is the world's first search engine for Internet-connected devices.
WiGLE
Maps and database of 802.11 wireless networks, with statistics, submitted by wardrivers, netstumblers, and net huggers.
Zoomeye
search engine for cyberspace that lets the user find specific network components(ip, services, etc.)
Security Information and Event Management (SIEM)
Name
Description
OSSIM
AlienVault’s Open Source Security Information and Event Management (SIEM) product
Name
Description
NMAP
The industry standard in network/port scanning. Widely used.
Wireshark
A versatile and feature-packed packet sniffing/analysis tool.
Source Code Analysis Tools
Name
Description
pyup
Automated Security and Dependency Updates
RIPS
PHP Security Analysis
Retire.js
detecting the use of JavaScript libraries with known vulnerabilities
Snyk
find & fix vulnerabilities in dependencies, supports various languages
Name
Description
BinNavi
BinNavi is a binary analysis IDE that allows to inspect, navigate, edit and annotate control flow graphs and call graphs of disassembled code
Radare2
Radare2 is a reverse engineering suite which includes a complete toolkit for reverse enigneering needs.
Name
Description
LinEnum
Scripted Local Linux Enumeration & Privilege Escalation Checks
CVE-2017-5123
Linux Kernel 4.14.0-rc4+ - 'waitid()' Local Privilege Escalation
Oracle Privilege Escalation via Deserialization
CVE-2018-3004 Oracle Privilege Escalation via Deserialization
linux-exploit-suggester
The tool is meant to assist the security analyst in his testing for privilege escalation opportunities on Linux machine
BeRoot Project
BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.
yodo: Local Privilege Escalation
yodo proves how easy it is to become root via limited sudo permissions, via dirty COW or using Pa(th)zuzu.
Name
Description
Dradis
Open-source reporting and collaboration tool for InfoSec professionals