rhetenor/awesome-awesomeness
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
862b240c90a9bccce579388e075561631b8fbc77
awesome-awesomeness/html/hacking.html
Jonas Zeunert 2d63fe63cd Restructure with Makefile + add html output
2024-04-20 19:22:54 +02:00

653 lines
29 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<h1 id="awesome-hacking--an-amazing-project-awesome">Awesome Hacking -An
Amazing Project <a href="https://github.com/sindresorhus/awesome"><img
src="https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg"
alt="Awesome" /></a></h1>
<p>A curated list of awesome Hacking. Inspired by <a
href="https://github.com/josephmisiti/awesome-machine-learning/">awesome-machine-learning</a></p>
<p>If you want to contribute to this list (please do), send me a pull
request!</p>
<p>For a list of free hacking books available for download, go <a
href="https://github.com/Hack-with-Github/Free-Security-eBooks">here</a></p>
<h2 id="table-of-contents">Table of Contents</h2>
<!-- MarkdownTOC depth=4 -->
<ul>
<li><a href="#system">System</a>
<ul>
<li><a href="#tutorials">Tutorials</a></li>
<li><a href="#tools">Tools</a></li>
<li><a
href="#docker-images-for-penetration-testing--security">Docker</a></li>
<li><a href="#general">General</a></li>
</ul></li>
<li><a href="#reverse-engineering">Reverse Engineering</a>
<ul>
<li><a href="#tutorials-1">Tutorials</a></li>
<li><a href="#tools-1">Tools</a></li>
<li><a href="#general-1">General</a></li>
</ul></li>
<li><a href="#web">Web</a>
<ul>
<li><a href="#tools-2">Tools</a></li>
<li><a href="#general-2">General</a></li>
</ul></li>
<li><a href="#network">Network</a>
<ul>
<li><a href="#tools-3">Tools</a></li>
</ul></li>
<li><a href="#forensic">Forensic</a>
<ul>
<li><a href="#tools-4">Tools</a></li>
</ul></li>
<li><a href="#cryptography">Cryptography</a>
<ul>
<li><a href="#tools-5">Tools</a></li>
</ul></li>
<li><a href="#wargame">Wargame</a>
<ul>
<li><a href="#system-1">System</a></li>
<li><a href="#reverse-engineering-1">Reverse Engineering</a></li>
<li><a href="#web-1">Web</a></li>
<li><a href="#cryptography-1">Cryptography</a></li>
<li><a href="#bug-bounty">Bug bounty</a></li>
</ul></li>
<li><a href="#ctf">CTF</a>
<ul>
<li><a href="#competition">Competition</a></li>
<li><a href="#general-2">General</a></li>
</ul></li>
<li><a href="#os">OS</a>
<ul>
<li><a href="#online-resources">Online resources</a></li>
</ul></li>
<li><a href="#post-exploitation">Post exploitation</a>
<ul>
<li><a href="#tools-6">tools</a></li>
</ul></li>
<li><a href="#etc">ETC</a></li>
</ul>
<!-- /MarkdownTOC -->
<h1 id="system">System</h1>
<h2 id="tutorials">Tutorials</h2>
<ul>
<li><a href="https://www.roppers.org/courses/fundamentals">Roppers
Computing Fundamentals</a>
<ul>
<li>Free, self-paced curriculum that builds a base of knowledge in
computers and networking. Intended to build up a student with no prior
technical knowledge to be confident in their ability to learn anything
and continue their security education. Full text available as a <a
href="https://www.hoppersroppers.org/fundamentals/">gitbook</a>.</li>
</ul></li>
<li><a
href="https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/">Corelan
Teams Exploit writing tutorial</a></li>
<li><a
href="http://web.archive.org/web/20140916085343/http://www.punter-infosec.com/exploit-writing-tutorials-for-pentesters/">Exploit
Writing Tutorials for Pentesters</a></li>
<li><a href="https://github.com/r0hi7/BinExp">Understanding the basics
of Linux Binary Exploitation</a></li>
<li><a
href="https://www.youtube.com/playlist?list=PLyzOVJj3bHQuloKGG59rS43e29ro7I57J">Shells</a></li>
<li><a href="https://missing.csail.mit.edu/2020/course-shell/">Missing
Semester</a></li>
</ul>
<h2 id="tools">Tools</h2>
<ul>
<li><a
href="https://github.com/rapid7/metasploit-framework">Metasploit</a> A
computer security project that provides information about security
vulnerabilities and aids in penetration testing and IDS signature
development.</li>
<li><a href="https://github.com/gentilkiwi/mimikatz">mimikatz</a> - A
little tool to play with Windows security</li>
<li><a
href="https://www.youtube.com/playlist?list=PLyzOVJj3bHQuiujH1lpn8cA9dsyulbYRv">Hackers
tools</a> - Tutorial on tools.</li>
</ul>
<h3 id="docker-images-for-penetration-testing-security">Docker Images
for Penetration Testing &amp; Security</h3>
<ul>
<li><code>docker pull kalilinux/kali-linux-docker</code> <a
href="https://hub.docker.com/r/kalilinux/kali-last-release/">official
Kali Linux</a></li>
<li><code>docker pull owasp/zap2docker-stable</code> - <a
href="https://github.com/zaproxy/zaproxy">official OWASP ZAP</a></li>
<li><code>docker pull wpscanteam/wpscan</code> - <a
href="https://hub.docker.com/r/wpscanteam/wpscan/">official
WPScan</a></li>
<li><code>docker pull metasploitframework/metasploit-framework</code> -
<a
href="https://hub.docker.com/r/metasploitframework/metasploit-framework/">Official
Metasploit</a></li>
<li><code>docker pull citizenstig/dvwa</code> - <a
href="https://hub.docker.com/r/citizenstig/dvwa/">Damn Vulnerable Web
Application (DVWA)</a></li>
<li><code>docker pull wpscanteam/vulnerablewordpress</code> - <a
href="https://hub.docker.com/r/wpscanteam/vulnerablewordpress/">Vulnerable
WordPress Installation</a></li>
<li><code>docker pull hmlio/vaas-cve-2014-6271</code> - <a
href="https://hub.docker.com/r/hmlio/vaas-cve-2014-6271/">Vulnerability
as a service: Shellshock</a></li>
<li><code>docker pull hmlio/vaas-cve-2014-0160</code> - <a
href="https://hub.docker.com/r/hmlio/vaas-cve-2014-0160/">Vulnerability
as a service: Heartbleed</a></li>
<li><code>docker pull opendns/security-ninjas</code> - <a
href="https://hub.docker.com/r/opendns/security-ninjas/">Security
Ninjas</a></li>
<li><code>docker pull noncetonic/archlinux-pentest-lxde</code> - <a
href="https://hub.docker.com/r/noncetonic/archlinux-pentest-lxde">Arch
Linux Penetration Tester</a></li>
<li><code>docker pull diogomonica/docker-bench-security</code> - <a
href="https://hub.docker.com/r/diogomonica/docker-bench-security/">Docker
Bench for Security</a></li>
<li><code>docker pull ismisepaul/securityshepherd</code> - <a
href="https://hub.docker.com/r/ismisepaul/securityshepherd/">OWASP
Security Shepherd</a></li>
<li><code>docker pull danmx/docker-owasp-webgoat</code> - <a
href="https://hub.docker.com/r/danmx/docker-owasp-webgoat/">OWASP
WebGoat Project docker image</a></li>
<li><code>docker pull vulnerables/web-owasp-nodegoat</code> - <a
href="https://github.com/owasp/nodegoat#option-3---run-nodegoat-on-docker">OWASP
NodeGoat</a></li>
<li><code>docker pull citizenstig/nowasp</code> - <a
href="https://hub.docker.com/r/citizenstig/nowasp/">OWASP Mutillidae II
Web Pen-Test Practice Application</a></li>
<li><code>docker pull bkimminich/juice-shop</code> - <a
href="https://github.com/bkimminich/juice-shop#docker-container--">OWASP
Juice Shop</a></li>
<li><code>docker pull phocean/msf</code> - <a
href="https://hub.docker.com/r/phocean/msf/">Docker Metasploit</a></li>
</ul>
<h2 id="general">General</h2>
<ul>
<li><a href="https://www.exploit-db.com/">Exploit database</a> - An
ultimate archive of exploits and vulnerable software</li>
</ul>
<h1 id="reverse-engineering">Reverse Engineering</h1>
<h2 id="tutorials-1">Tutorials</h2>
<ul>
<li><a href="https://www.begin.re/the-workshop">Begin RE: A Reverse
Engineering Tutorial Workshop</a></li>
<li><a
href="http://fumalwareanalysis.blogspot.kr/p/malware-analysis-tutorials-reverse.html">Malware
Analysis Tutorials: a Reverse Engineering Approach</a></li>
<li><a href="https://malwareunicorn.org/workshops/re101.html#0">Malware
Unicorn Reverse Engineering Tutorial</a></li>
<li><a href="https://archive.org/details/lena151">Lena151: Reversing
With Lena</a></li>
</ul>
<h2 id="tools-1">Tools</h2>
<h3 id="disassemblers-and-debuggers">Disassemblers and debuggers</h3>
<ul>
<li><a href="https://www.hex-rays.com/products/ida/">IDA</a> - IDA is a
Windows, Linux or Mac OS X hosted multi-processor disassembler and
debugger</li>
<li><a href="http://www.ollydbg.de/">OllyDbg</a> - A 32-bit assembler
level analysing debugger for Windows</li>
<li><a href="https://github.com/x64dbg/x64dbg">x64dbg</a> - An
open-source x64/x32 debugger for Windows</li>
<li><a href="https://github.com/radare/radare2">radare2</a> - A portable
reversing framework</li>
<li><a href="https://github.com/joelpx/plasma">plasma</a> - Interactive
disassembler for x86/ARM/MIPS. Generates indented pseudo-code with
colored syntax code.</li>
<li><a href="https://github.com/pfalcon/ScratchABit">ScratchABit</a> -
Easily retargetable and hackable interactive disassembler with
IDAPython-compatible plugin API</li>
<li><a href="https://github.com/aquynh/capstone">Capstone</a></li>
<li><a href="https://ghidra-sre.org/">Ghidra</a> - A software reverse
engineering (SRE) suite of tools developed by NSAs Research Directorate
in support of the Cybersecurity mission</li>
</ul>
<h3 id="decompilers">Decompilers</h3>
<ul>
<li><p>JVM-based languages</p></li>
<li><p><a href="https://github.com/Storyyeller/Krakatau">Krakatau</a> -
the best decompiler I have used. Is able to decompile apps written in
Scala and Kotlin into Java code. JD-GUI and Luyten have failed to do it
fully.</p></li>
<li><p><a
href="https://github.com/java-decompiler/jd-gui">JD-GUI</a></p></li>
<li><p><a
href="https://bitbucket.org/mstrobel/procyon/wiki/Java%20Decompiler">procyon</a></p>
<ul>
<li><a href="https://github.com/deathmarine/Luyten">Luyten</a> - one of
the best, though a bit slow, hangs on some binaries and not very well
maintained.</li>
</ul></li>
<li><p><a href="http://varaneckas.com/jad/">JAD</a> - JAD Java
Decompiler (closed-source, unmaintained)</p></li>
<li><p><a href="https://github.com/skylot/jadx">JADX</a> - a decompiler
for Android apps. Not related to JAD.</p></li>
<li><p>.net-based languages</p>
<ul>
<li><a href="https://www.jetbrains.com/decompiler/">dotPeek</a> - a
free-of-charge .NET decompiler from JetBrains</li>
<li><a href="https://github.com/icsharpcode/ILSpy/">ILSpy</a> - an
open-source .NET assembly browser and decompiler</li>
<li><a href="https://github.com/0xd4d/dnSpy">dnSpy</a> - .NET assembly
editor, decompiler, and debugger</li>
</ul></li>
<li><p>native code</p>
<ul>
<li><a href="https://www.hopperapp.com">Hopper</a> - A OS X and Linux
Disassembler/Decompiler for 32/64-bit Windows/Mac/Linux/iOS
executables.</li>
<li><a href="https://github.com/radareorg/cutter">cutter</a> - a
decompiler based on radare2.</li>
<li><a href="https://github.com/avast-tl/retdec">retdec</a></li>
<li><a href="https://github.com/yegord/snowman">snowman</a></li>
<li><a
href="https://www.hex-rays.com/products/decompiler/">Hex-Rays</a></li>
</ul></li>
<li><p>Python</p>
<ul>
<li><a href="https://github.com/rocky/python-uncompyle6">uncompyle6</a>
- decompiler for the over 20 releases and 20 years of CPython.</li>
</ul></li>
</ul>
<h3 id="deobfuscators">Deobfuscators</h3>
<ul>
<li><a href="https://github.com/0xd4d/de4dot">de4dot</a> - .NET
deobfuscator and unpacker.</li>
<li><a href="https://github.com/beautify-web/js-beautify">JS
Beautifier</a></li>
<li><a href="http://jsnice.org/">JS Nice</a> - a web service guessing JS
variables names and types based on the model derived from open
source.</li>
</ul>
<h3 id="other">Other</h3>
<ul>
<li><a href="https://github.com/lorenzoongithub/nudge4j">nudge4j</a> -
Java tool to let the browser talk to the JVM</li>
<li><a href="https://github.com/pxb1988/dex2jar">dex2jar</a> - Tools to
work with Android .dex and Java .class files</li>
<li><a href="https://code.google.com/p/androguard/">androguard</a> -
Reverse engineering, malware and goodware analysis of Android
applications</li>
<li><a href="https://github.com/0xd4d/antinet">antinet</a> - .NET
anti-managed debugger and anti-profiler code</li>
<li><a href="http://upx.sourceforge.net/">UPX</a> - the Ultimate Packer
(and unpacker) for eXecutables</li>
</ul>
<h3 id="execution-logging-and-tracing">Execution logging and
tracing</h3>
<ul>
<li><a href="https://www.wireshark.org/">Wireshark</a> - A free and
open-source packet analyzer</li>
<li><a href="http://www.tcpdump.org/">tcpdump</a> - A powerful
command-line packet analyzer; and libpcap, a portable C/C++ library for
network traffic capture</li>
<li><a href="https://github.com/mitmproxy/mitmproxy">mitmproxy</a> - An
interactive, SSL-capable man-in-the-middle proxy for HTTP with a console
interface</li>
<li><a href="https://charlesproxy.com">Charles Proxy</a> - A
cross-platform GUI web debugging proxy to view intercepted HTTP and
HTTPS/SSL live traffic</li>
<li><a
href="https://www.kernel.org/doc/Documentation/usb/usbmon.txt">usbmon</a>
- USB capture for Linux.</li>
<li><a href="https://github.com/desowin/usbpcap">USBPcap</a> - USB
capture for Windows.</li>
<li><a href="https://github.com/ampotos/dynStruct">dynStruct</a> -
structures recovery via dynamic instrumentation.</li>
<li><a href="https://github.com/mxmssh/drltrace">drltrace</a> - shared
library calls tracing.</li>
</ul>
<h3 id="binary-files-examination-and-editing">Binary files examination
and editing</h3>
<h4 id="hex-editors">Hex editors</h4>
<ul>
<li><a href="http://mh-nexus.de/en/hxd/">HxD</a> - A hex editor which,
additionally to raw disk editing and modifying of main memory (RAM),
handles files of any size</li>
<li><a href="http://www.winhex.com/winhex/">WinHex</a> - A hexadecimal
editor, helpful in the realm of computer forensics, data recovery,
low-level data processing, and IT security</li>
<li><a href="https://github.com/EUA/wxHexEditor">wxHexEditor</a></li>
<li><a href="https://www.synalysis.net/">Synalize It</a>/<a
href="https://hexinator.com/">Hexinator</a> -</li>
</ul>
<h4 id="other-1">Other</h4>
<ul>
<li><a href="https://github.com/ReFirmLabs/binwalk">Binwalk</a> -
Detects signatures, unpacks archives, visualizes entropy.</li>
<li><a href="https://github.com/codilime/veles">Veles</a> - a visualizer
for statistical properties of blobs.</li>
<li><a href="https://github.com/kaitai-io/kaitai_struct">Kaitai
Struct</a> - a DSL for creating parsers in a variety of programming
languages. The Web IDE is particularly useful for
reverse-engineering.</li>
<li><a href="https://github.com/jmendeth/protobuf-inspector">Protobuf
inspector</a></li>
<li><a href="https://github.com/ohjeongwook/DarunGrim">DarunGrim</a> -
executable differ.</li>
<li><a href="https://github.com/dbeaver/dbeaver">DBeaver</a> - a DB
editor.</li>
<li><a href="https://github.com/lucasg/Dependencies">Dependencies</a> -
a FOSS replacement to Dependency Walker.</li>
<li><a href="http://wjradburn.com/software/">PEview</a> - A quick and
easy way to view the structure and content of 32-bit Portable Executable
(PE) and Component Object File Format (COFF) files</li>
<li><a
href="https://web.archive.org/web/http://www.mcafee.com/kr/downloads/free-tools/bintext.aspx">BinText</a>
- A small, very fast and powerful text extractor that will be of
particular interest to programmers.</li>
</ul>
<h2 id="general-1">General</h2>
<ul>
<li><a href="http://www.offensivecomputing.net/">Open Malware</a></li>
</ul>
<h1 id="web">Web</h1>
<h2 id="tools-2">Tools</h2>
<ul>
<li><a href="https://spyse.com/">Spyse</a> - Data gathering service that
collects web info using OSINT. Provided info: IPv4 hosts, domains/whois,
ports/banners/protocols, technologies, OS, AS, maintains huge SSL/TLS
DB, and more… All the data is stored in its own database allowing get
the data without scanning.</li>
<li><a href="https://github.com/sqlmapproject/sqlmap">sqlmap</a> -
Automatic SQL injection and database takeover tool</li>
<li><a href="https://github.com/codingo/NoSQLMap">NoSQLMap</a> -
Automated NoSQL database enumeration and web application exploitation
tool.</li>
<li><a
href="http://tools.web-max.ca/encode_decode.php">tools.web-max.ca</a> -
base64 base85 md4,5 hash, sha1 hash encoding/decoding</li>
<li><a href="https://github.com/codingo/VHostScan">VHostScan</a> - A
virtual host scanner that performs reverse lookups, can be used with
pivot tools, detect catch-all scenarios, aliases and dynamic default
pages.</li>
<li><a href="https://github.com/subfinder/subfinder">SubFinder</a> -
SubFinder is a subdomain discovery tool that discovers valid subdomains
for any target using passive online sources.</li>
<li><a href="https://findsubdomains.com/">Findsubdomains</a> - A
subdomains discovery tool that collects all possible subdomains from
open source internet and validates them through various tools to provide
accurate results.</li>
<li><a href="https://github.com/kpcyrd/badtouch">badtouch</a> -
Scriptable network authentication cracker</li>
<li><a href="https://github.com/nil0x42/phpsploit">PhpSploit</a> -
Full-featured C2 framework which silently persists on webserver via evil
PHP oneliner</li>
<li><a href="https://github.com/HightechSec/git-scanner">Git-Scanner</a>
- A tool for bug hunting or pentesting for targeting websites that have
open <code>.git</code> repositories available in public</li>
<li><a href="https://cspscanner.com/">CSP Scanner</a> - Analyze a sites
Content-Security-Policy (CSP) to find bypasses and missing
directives.</li>
<li><a href="https://www.shodan.io/">Shodan</a> - A web-crawling search
engine that lets users search for various types of servers connected to
the internet.</li>
<li><a href="https://github.com/robertdavidgraham/masscan">masscan</a> -
Internet scale portscanner.</li>
<li><a href="https://github.com/SpectralOps/keyscope">Keyscope</a> - an
extensible key and secret validation tool for auditing active secrets
against multiple SaaS vendors</li>
<li><a href="https://www.decompiler.com/">Decompiler.com</a> - Java,
Android, Python, C# online decompiler.</li>
</ul>
<h2 id="general-2">General</h2>
<ul>
<li><a href="https://github.com/jesusprubio/strong-node">Strong
node.js</a> - An exhaustive checklist to assist in the source code
security analysis of a node.js web service.</li>
</ul>
<h1 id="network">Network</h1>
<h2 id="tools-3">Tools</h2>
<ul>
<li><a
href="http://www.netresec.com/?page=NetworkMiner">NetworkMiner</a> - A
Network Forensic Analysis Tool (NFAT)</li>
<li><a href="http://sourceforge.net/projects/paros/">Paros</a> - A
Java-based HTTP/HTTPS proxy for assessing web application
vulnerability</li>
<li><a href="https://github.com/rafael-santiago/pig">pig</a> - A Linux
packet crafting tool</li>
<li><a href="https://findsubdomains.com">findsubdomains</a> - really
fast subdomains scanning service that has much greater opportunities
than simple subs finder(works using OSINT).</li>
<li><a href="http://www.cirt.dk/">cirt-fuzzer</a> - A simple TCP/UDP
protocol fuzzer.</li>
<li><a href="https://aslookup.com/">ASlookup</a> - a useful tool for
exploring autonomous systems and all related info (CIDR, ASN, Org…)</li>
<li><a
href="https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project">ZAP</a>
- The Zed Attack Proxy (ZAP) is an easy to use integrated penetration
testing tool for finding vulnerabilities in web applications</li>
<li><a href="https://github.com/Akdeniz/mitmsocks4j">mitmsocks4j</a> -
Man-in-the-middle SOCKS Proxy for Java</li>
<li><a href="https://github.com/jtesta/ssh-mitm">ssh-mitm</a> - An
SSH/SFTP man-in-the-middle tool that logs interactive sessions and
passwords.</li>
<li><a href="https://nmap.org/">nmap</a> - Nmap (Network Mapper) is a
security scanner</li>
<li><a href="http://www.aircrack-ng.org/">Aircrack-ng</a> - An 802.11
WEP and WPA-PSK keys cracking program</li>
<li><a href="https://github.com/GouveaHeitor/nipe">Nipe</a> - A script
to make Tor Network your default gateway.</li>
<li><a href="https://github.com/portantier/habu">Habu</a> - Python
Network Hacking Toolkit</li>
<li><a href="https://n0where.net/wifijammer/">Wifi Jammer</a> - Free
program to jam all wifi clients in range</li>
<li><a href="https://codebutler.github.io/firesheep/">Firesheep</a> -
Free program for HTTP session hijacking attacks.</li>
<li><a href="https://github.com/secdev/awesome-scapy">Scapy</a> - A
Python tool and library for low level packet creation and
manipulation</li>
<li><a href="https://github.com/OWASP/Amass">Amass</a> - In-depth
subdomain enumeration tool that performs scraping, recursive brute
forcing, crawling of web archives, name altering and reverse DNS
sweeping</li>
<li><a href="https://github.com/kpcyrd/sniffglue">sniffglue</a> - Secure
multithreaded packet sniffer</li>
<li><a href="https://github.com/spectralops/netz">Netz</a> - Discover
internet-wide misconfigurations, using zgrab2 and others.</li>
<li><a href="https://github.com/rustscan/rustscan">RustScan</a> -
Extremely fast port scanner built with Rust, designed to scan all ports
in a couple of seconds and utilizes nmap to perform port enumeration in
a fraction of the time.</li>
<li><a href="https://github.com/Warxim/petep">PETEP</a> - Extensible
TCP/UDP proxy with GUI for traffic analysis &amp; modification with
SSL/TLS support.</li>
</ul>
<h1 id="forensic">Forensic</h1>
<h2 id="tools-4">Tools</h2>
<ul>
<li><a href="http://www.sleuthkit.org/autopsy/">Autopsy</a> - A digital
forensics platform and graphical interface to <a
href="http://www.sleuthkit.org/sleuthkit/index.php">The Sleuth Kit</a>
and other digital forensics tools</li>
<li><a href="https://github.com/sleuthkit/sleuthkit">sleuthkit</a> - A
library and collection of command-line digital forensics tools</li>
<li><a
href="https://www.guidancesoftware.com/products/Pages/encase-forensic/overview.aspx">EnCase</a>
- The shared technology within a suite of digital investigations
products by Guidance Software</li>
<li><a href="http://malzilla.sourceforge.net/">malzilla</a> - Malware
hunting tool</li>
<li><a href="https://servicos.dpf.gov.br/ferramentas/IPED/">IPED -
Indexador e Processador de Evidências Digitais</a> - Brazilian Federal
Police Tool for Forensic Investigation</li>
<li><a href="https://github.com/orlikoski/CyLR">CyLR</a> - NTFS forensic
image collector</li>
<li><a href="https://www.caine-live.net/">CAINE</a>- CAINE is a
Ubuntu-based app that offers a complete forensic environment that
provides a graphical interface. This tool can be integrated into
existing software tools as a module. It automatically extracts a
timeline from RAM.</li>
</ul>
<h1 id="cryptography">Cryptography</h1>
<h3 id="tools-5">Tools</h3>
<ul>
<li><a href="https://github.com/hellman/xortool">xortool</a> - A tool to
analyze multi-byte XOR cipher</li>
<li><a href="http://www.openwall.com/john/">John the Ripper</a> - A fast
password cracker</li>
<li><a href="http://www.aircrack-ng.org/">Aircrack</a> - Aircrack is
802.11 WEP and WPA-PSK keys cracking program.</li>
<li><a href="https://github.com/ciphey/ciphey">Ciphey</a> - Automated
decryption tool using artificial intelligence &amp; natural language
processing.</li>
</ul>
<h1 id="wargame">Wargame</h1>
<h2 id="system-1">System</h2>
<ul>
<li><a href="http://overthewire.org/wargames/semtex/">OverTheWire -
Semtex</a></li>
<li><a href="http://overthewire.org/wargames/vortex/">OverTheWire -
Vortex</a></li>
<li><a href="http://overthewire.org/wargames/drifter/">OverTheWire -
Drifter</a></li>
<li><a href="http://pwnable.kr/">pwnable.kr</a> - Provide various pwn
challenges regarding system security</li>
<li><a href="https://exploit-exercises.com/nebula/">Exploit Exercises -
Nebula</a></li>
<li><a href="http://smashthestack.org/">SmashTheStack</a></li>
<li><a href="https://www.hacking-lab.com/">HackingLab</a></li>
</ul>
<h2 id="reverse-engineering-1">Reverse Engineering</h2>
<ul>
<li><a href="http://www.reversing.kr/">Reversing.kr</a> - This site
tests your ability to Cracking &amp; Reverse Code Engineering</li>
<li><a href="http://codeengn.com/challenges/">CodeEngn</a> -
(Korean)</li>
<li><a href="http://simples.kr/">simples.kr</a> - (Korean)</li>
<li><a href="http://crackmes.de/">Crackmes.de</a> - The world first and
largest community website for crackmes and reversemes.</li>
</ul>
<h2 id="web-1">Web</h2>
<ul>
<li><a href="https://www.hackthissite.org/">Hack This Site!</a> - a
free, safe and legal training ground for hackers to test and expand
their hacking skills</li>
<li><a href="https://www.hackthebox.eu">Hack The Box</a> - a free site
to perform pentesting in a variety of different systems.</li>
<li><a href="http://webhacking.kr/">Webhacking.kr</a></li>
<li><a href="https://0xf.at/">0xf.at</a> - a website without logins or
ads where you can solve password-riddles (so called hackits).</li>
<li><a href="https://fuzzy.land/">fuzzy.land</a> - Website by an
Austrian group. Lots of challenges taken from CTFs they participated
in.</li>
<li><a href="https://google-gruyere.appspot.com/">Gruyere</a></li>
<li><a
href="https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project#tab=On-Line_apps">Others</a></li>
<li><a href="https://tryhackme.com/">TryHackMe</a> - Hands-on cyber
security training through real-world scenarios.</li>
</ul>
<h2 id="cryptography-1">Cryptography</h2>
<ul>
<li><a href="http://overthewire.org/wargames/krypton/">OverTheWire -
Krypton</a></li>
</ul>
<h2 id="bug-bounty">Bug bounty</h2>
<ul>
<li><a href="https://github.com/EdOverflow/bugbounty-cheatsheet">Awesome
bug bounty resources by EdOverflow</a></li>
</ul>
<h2 id="bug-bounty---earn-some-money">Bug bounty - Earn Some Money</h2>
<ul>
<li><a href="https://www.bugcrowd.com/">Bugcrowd</a></li>
<li><a href="https://www.hackerone.com/start-hacking">Hackerone</a></li>
<li><a href="https://www.intigriti.com/">Intigriti</a> Europes #1
ethical hacking and bug bounty program.</li>
</ul>
<h1 id="ctf">CTF</h1>
<h2 id="competition">Competition</h2>
<ul>
<li><a href="https://legitbs.net/">DEF CON</a></li>
<li><a href="https://ctf.isis.poly.edu/">CSAW CTF</a></li>
<li><a href="http://hack.lu/">hack.lu CTF</a></li>
<li><a href="http://www.plaidctf.com/">Pliad CTF</a></li>
<li><a href="http://ructf.org/e/">RuCTFe</a></li>
<li><a href="http://ghostintheshellcode.com/">Ghost in the
Shellcode</a></li>
<li><a href="http://www.phdays.com/">PHD CTF</a></li>
<li><a href="http://secuinside.com/">SECUINSIDE CTF</a></li>
<li><a href="http://ctf.codegate.org/html/Main.html?lang=eng">Codegate
CTF</a></li>
<li><a href="http://bostonkeyparty.net/">Boston Key Party CTF</a></li>
<li><a href="https://zerodays.ie/">ZeroDays CTF</a></li>
<li><a href="https://insomnihack.ch/">Insomnihack</a></li>
<li><a href="https://picoctf.com/">Pico CTF</a></li>
<li><a href="http://prompt.ml/">prompt(1) to win</a> - XSS
Challenges</li>
<li><a href="https://www.hackthebox.eu/">HackTheBox</a></li>
</ul>
<h2 id="general-3">General</h2>
<ul>
<li><a href="http://hack.plus">Hack+</a> - An Intelligent network of
bots that fetch the latest InfoSec content.</li>
<li><a href="https://ctftime.org/">CTFtime.org</a> - All about CTF
(Capture The Flag)</li>
<li><a href="http://www.wechall.net/">WeChall</a></li>
<li><a href="http://shell-storm.org/repo/CTF/">CTF archives
(shell-storm)</a></li>
<li><a href="https://amzn.com/144962636X">Rookit Arsenal</a> - OS RE and
rootkit development</li>
<li><a
href="https://github.com/coreb1t/awesome-pentest-cheat-sheets">Pentest
Cheat Sheets</a> - Collection of cheat sheets useful for pentesting</li>
<li><a href="https://github.com/k4m4/movies-for-hackers">Movies For
Hackers</a> - A curated list of movies every hacker &amp; cyberpunk must
watch.</li>
<li><a href="https://www.roppers.org/courses/ctf">Roppers CTF
Fundamentals Course</a> - Free course designed to get a student crushing
CTFs as quickly as possible. Teaches the mentality and skills required
for crypto, forensics, and more. Full text available as a <a
href="https://www.hoppersroppers.org/ctf/">gitbook</a>.</li>
</ul>
<h1 id="os">OS</h1>
<h2 id="online-resources">Online resources</h2>
<ul>
<li><a href="https://inventory.raw.pm/operating_systems.html">Security
related Operating Systems @ Rawsec</a> - Complete list of security
related operating systems</li>
<li><a
href="https://n0where.net/best-linux-penetration-testing-distributions/">Best
Linux Penetration Testing Distributions @ CyberPunk</a> - Description of
main penetration testing distributions</li>
<li><a
href="http://distrowatch.com/search.php?category=Security">Security @
Distrowatch</a> - Website dedicated to talking about, reviewing and
keeping up to date with open source operating systems</li>
</ul>
<h1 id="post-exploitation">Post exploitation</h1>
<h2 id="tools-6">tools</h2>
<ul>
<li><a href="https://github.com/EmpireProject/Empire">empire</a> - A
post exploitation framework for powershell and python.</li>
<li><a
href="https://github.com/byt3bl33d3r/SILENTTRINITY">silenttrinity</a> -
A post exploitation tool that uses iron python to get past powershell
restrictions.</li>
<li><a
href="https://github.com/PowerShellMafia/PowerSploit">PowerSploit</a> -
A PowerShell post exploitation framework</li>
<li><a href="https://github.com/Genetic-Malware/Ebowla">ebowla</a> -
Framework for Making Environmental Keyed Payloads</li>
</ul>
<h1 id="etc">ETC</h1>
<ul>
<li><a href="http://sectools.org/">SecTools</a> - Top 125 Network
Security Tools</li>
<li><a href="https://www.roppers.org/courses/security">Roppers Security
Fundamentals</a> - Free course that teaches a beginner how security
works in the real world. Learn security theory and execute defensive
measures so that you are better prepared against threats online and in
the physical world. Full text available as a <a
href="https://www.hoppersroppers.org/security/">gitbook</a>.</li>
<li><a href="https://www.roppers.org/courses/networking">Roppers
Practical Networking</a> - A hands-on, wildly practical introduction to
networking and making packets dance. No wasted time, no memorizing, just
learning the fundamentals.</li>
<li><a href="https://inventory.raw.pm/">Rawsecs CyberSecurity
Inventory</a> - An open-source inventory of tools, resources, CTF
platforms and Operating Systems about CyberSecurity. (<a
href="https://gitlab.com/rawsec/rawsec-cybersecurity-list">Source</a>)</li>
<li><a href="https://cr0mll.github.io/cyberclopaedia/">The
Cyberclopaedia</a> - The open-source encyclopedia of cybersecurity. <a
href="https://github.com/cr0mll/cyberclopaedia">GitHub
Repository</a></li>
</ul>
Reference in New Issue View Git Blame Copy Permalink