Awesome Hacking -An
Amazing Project 
A curated list of awesome Hacking. Inspired by awesome-machine-learning
If you want to contribute to this list (please do), send me a pull
request!
For a list of free hacking books available for download, go here
Table of Contents
System
Tutorials
- Metasploit A
computer security project that provides information about security
vulnerabilities and aids in penetration testing and IDS signature
development.
- mimikatz - A
little tool to play with Windows security
- Hackers
tools - Tutorial on tools.
Docker Images
for Penetration Testing & Security
General
Reverse Engineering
Tutorials
Disassemblers and debuggers
- IDA - IDA is a
Windows, Linux or Mac OS X hosted multi-processor disassembler and
debugger
- OllyDbg - A 32-bit assembler
level analysing debugger for Windows
- x64dbg - An
open-source x64/x32 debugger for Windows
- radare2 - A portable
reversing framework
- plasma - Interactive
disassembler for x86/ARM/MIPS. Generates indented pseudo-code with
colored syntax code.
- ScratchABit -
Easily retargetable and hackable interactive disassembler with
IDAPython-compatible plugin API
- Capstone
- Ghidra - A software reverse
engineering (SRE) suite of tools developed by NSA’s Research Directorate
in support of the Cybersecurity mission
Decompilers
JVM-based languages
Krakatau -
the best decompiler I have used. Is able to decompile apps written in
Scala and Kotlin into Java code. JD-GUI and Luyten have failed to do it
fully.
JD-GUI
procyon
- Luyten - one of
the best, though a bit slow, hangs on some binaries and not very well
maintained.
JAD - JAD Java
Decompiler (closed-source, unmaintained)
JADX - a decompiler
for Android apps. Not related to JAD.
.net-based languages
- dotPeek - a
free-of-charge .NET decompiler from JetBrains
- ILSpy - an
open-source .NET assembly browser and decompiler
- dnSpy - .NET assembly
editor, decompiler, and debugger
native code
Python
- uncompyle6
- decompiler for the over 20 releases and 20 years of CPython.
Deobfuscators
- de4dot - .NET
deobfuscator and unpacker.
- JS
Beautifier
- JS Nice - a web service guessing JS
variables names and types based on the model derived from open
source.
Other
- nudge4j -
Java tool to let the browser talk to the JVM
- dex2jar - Tools to
work with Android .dex and Java .class files
- androguard -
Reverse engineering, malware and goodware analysis of Android
applications
- antinet - .NET
anti-managed debugger and anti-profiler code
- UPX - the Ultimate Packer
(and unpacker) for eXecutables
Execution logging and
tracing
- Wireshark - A free and
open-source packet analyzer
- tcpdump - A powerful
command-line packet analyzer; and libpcap, a portable C/C++ library for
network traffic capture
- mitmproxy - An
interactive, SSL-capable man-in-the-middle proxy for HTTP with a console
interface
- Charles Proxy - A
cross-platform GUI web debugging proxy to view intercepted HTTP and
HTTPS/SSL live traffic
- usbmon
- USB capture for Linux.
- USBPcap - USB
capture for Windows.
- dynStruct -
structures recovery via dynamic instrumentation.
- drltrace - shared
library calls tracing.
Binary files examination
and editing
Hex editors
- HxD - A hex editor which,
additionally to raw disk editing and modifying of main memory (RAM),
handles files of any size
- WinHex - A hexadecimal
editor, helpful in the realm of computer forensics, data recovery,
low-level data processing, and IT security
- wxHexEditor
- Synalize It/Hexinator -
Other
- Binwalk -
Detects signatures, unpacks archives, visualizes entropy.
- Veles - a visualizer
for statistical properties of blobs.
- Kaitai
Struct - a DSL for creating parsers in a variety of programming
languages. The Web IDE is particularly useful for
reverse-engineering.
- Protobuf
inspector
- DarunGrim -
executable differ.
- DBeaver - a DB
editor.
- Dependencies -
a FOSS replacement to Dependency Walker.
- PEview - A quick and
easy way to view the structure and content of 32-bit Portable Executable
(PE) and Component Object File Format (COFF) files
- BinText
- A small, very fast and powerful text extractor that will be of
particular interest to programmers.
General
Web
- Spyse - Data gathering service that
collects web info using OSINT. Provided info: IPv4 hosts, domains/whois,
ports/banners/protocols, technologies, OS, AS, maintains huge SSL/TLS
DB, and more… All the data is stored in its own database allowing get
the data without scanning.
- sqlmap -
Automatic SQL injection and database takeover tool
- NoSQLMap -
Automated NoSQL database enumeration and web application exploitation
tool.
- tools.web-max.ca -
base64 base85 md4,5 hash, sha1 hash encoding/decoding
- VHostScan - A
virtual host scanner that performs reverse lookups, can be used with
pivot tools, detect catch-all scenarios, aliases and dynamic default
pages.
- SubFinder -
SubFinder is a subdomain discovery tool that discovers valid subdomains
for any target using passive online sources.
- Findsubdomains - A
subdomains discovery tool that collects all possible subdomains from
open source internet and validates them through various tools to provide
accurate results.
- badtouch -
Scriptable network authentication cracker
- PhpSploit -
Full-featured C2 framework which silently persists on webserver via evil
PHP oneliner
- Git-Scanner
- A tool for bug hunting or pentesting for targeting websites that have
open
.git repositories available in public
- CSP Scanner - Analyze a site’s
Content-Security-Policy (CSP) to find bypasses and missing
directives.
- Shodan - A web-crawling search
engine that lets users search for various types of servers connected to
the internet.
- masscan -
Internet scale portscanner.
- Keyscope - an
extensible key and secret validation tool for auditing active secrets
against multiple SaaS vendors
- Decompiler.com - Java,
Android, Python, C# online decompiler.
General
- Strong
node.js - An exhaustive checklist to assist in the source code
security analysis of a node.js web service.
Network
- NetworkMiner - A
Network Forensic Analysis Tool (NFAT)
- Paros - A
Java-based HTTP/HTTPS proxy for assessing web application
vulnerability
- pig - A Linux
packet crafting tool
- findsubdomains - really
fast subdomains scanning service that has much greater opportunities
than simple subs finder(works using OSINT).
- cirt-fuzzer - A simple TCP/UDP
protocol fuzzer.
- ASlookup - a useful tool for
exploring autonomous systems and all related info (CIDR, ASN, Org…)
- ZAP
- The Zed Attack Proxy (ZAP) is an easy to use integrated penetration
testing tool for finding vulnerabilities in web applications
- mitmsocks4j -
Man-in-the-middle SOCKS Proxy for Java
- ssh-mitm - An
SSH/SFTP man-in-the-middle tool that logs interactive sessions and
passwords.
- nmap - Nmap (Network Mapper) is a
security scanner
- Aircrack-ng - An 802.11
WEP and WPA-PSK keys cracking program
- Nipe - A script
to make Tor Network your default gateway.
- Habu - Python
Network Hacking Toolkit
- Wifi Jammer - Free
program to jam all wifi clients in range
- Firesheep -
Free program for HTTP session hijacking attacks.
- Scapy - A
Python tool and library for low level packet creation and
manipulation
- Amass - In-depth
subdomain enumeration tool that performs scraping, recursive brute
forcing, crawling of web archives, name altering and reverse DNS
sweeping
- sniffglue - Secure
multithreaded packet sniffer
- Netz - Discover
internet-wide misconfigurations, using zgrab2 and others.
- RustScan -
Extremely fast port scanner built with Rust, designed to scan all ports
in a couple of seconds and utilizes nmap to perform port enumeration in
a fraction of the time.
- PETEP - Extensible
TCP/UDP proxy with GUI for traffic analysis & modification with
SSL/TLS support.
Forensic
- Autopsy - A digital
forensics platform and graphical interface to The Sleuth Kit
and other digital forensics tools
- sleuthkit - A
library and collection of command-line digital forensics tools
- EnCase
- The shared technology within a suite of digital investigations
products by Guidance Software
- malzilla - Malware
hunting tool
- IPED -
Indexador e Processador de Evidências Digitais - Brazilian Federal
Police Tool for Forensic Investigation
- CyLR - NTFS forensic
image collector
- CAINE- CAINE is a
Ubuntu-based app that offers a complete forensic environment that
provides a graphical interface. This tool can be integrated into
existing software tools as a module. It automatically extracts a
timeline from RAM.
Cryptography
- xortool - A tool to
analyze multi-byte XOR cipher
- John the Ripper - A fast
password cracker
- Aircrack - Aircrack is
802.11 WEP and WPA-PSK keys cracking program.
- Ciphey - Automated
decryption tool using artificial intelligence & natural language
processing.
Wargame
System
Reverse Engineering
- Reversing.kr - This site
tests your ability to Cracking & Reverse Code Engineering
- CodeEngn -
(Korean)
- simples.kr - (Korean)
- Crackmes.de - The world first and
largest community website for crackmes and reversemes.
Web
- Hack This Site! - a
free, safe and legal training ground for hackers to test and expand
their hacking skills
- Hack The Box - a free site
to perform pentesting in a variety of different systems.
- Webhacking.kr
- 0xf.at - a website without logins or
ads where you can solve password-riddles (so called hackits).
- fuzzy.land - Website by an
Austrian group. Lots of challenges taken from CTFs they participated
in.
- Gruyere
- Others
- TryHackMe - Hands-on cyber
security training through real-world scenarios.
Cryptography
Bug bounty
Bug bounty - Earn Some Money
CTF
Competition
General
OS
Online resources
Post exploitation
- empire - A
post exploitation framework for powershell and python.
- silenttrinity -
A post exploitation tool that uses iron python to get past powershell
restrictions.
- PowerSploit -
A PowerShell post exploitation framework
- ebowla -
Framework for Making Environmental Keyed Payloads
ETC