Track Awesome Hacking Updates Weekly

A curated list of awesome Hacking tutorials, tools and resources

🏠 Home · 🔍 Search · 🔥 Feed · 📮 Subscribe · ❤️ Sponsor · 😺 carpedm20/awesome-hacking · ⭐ 11K · 🏷️ Security

[ Daily / Weekly / Overview ]

Dec 25 - Dec 31, 2023

Tools / Other

• PETEP (⭐97) - Extensible TCP/UDP proxy with GUI for traffic analysis & modification with SSL/TLS support.

tools / Other

• The Cyberclopaedia - The open-source encyclopedia of cybersecurity. GitHub Repository (⭐150)

Sep 25 - Oct 01, 2023

Tutorials

• Roppers Computing Fundamentals
  • Free, self-paced curriculum that builds a base of knowledge in computers and networking. Intended to build up a student with no prior technical knowledge to be confident in their ability to learn anything and continue their security education. Full text available as a gitbook.

Bug bounty - Earn Some Money / Other

• Intigriti Europe's #1 ethical hacking and bug bounty program.

General / Other

• Roppers CTF Fundamentals Course - Free course designed to get a student crushing CTFs as quickly as possible. Teaches the mentality and skills required for crypto, forensics, and more. Full text available as a gitbook.

tools / Other

• Roppers Security Fundamentals - Free course that teaches a beginner how security works in the real world. Learn security theory and execute defensive measures so that you are better prepared against threats online and in the physical world. Full text available as a gitbook.

• Roppers Practical Networking - A hands-on, wildly practical introduction to networking and making packets dance. No wasted time, no memorizing, just learning the fundamentals.

Jul 03 - Jul 09, 2023

Docker Images for Penetration Testing & Security

• docker pull kalilinux/kali-linux-docker official Kali Linux

Tools / Other

• Shodan - A web-crawling search engine that lets users search for various types of servers connected to the internet.

• masscan (⭐22k) - Internet scale portscanner.

• Keyscope (⭐369) - an extensible key and secret validation tool for auditing active secrets against multiple SaaS vendors

• CyLR (⭐579) - NTFS forensic image collector

• CAINE- CAINE is a Ubuntu-based app that offers a complete forensic environment that provides a graphical interface. This tool can be integrated into existing software tools as a module. It automatically extracts a timeline from RAM.

Feb 28 - Mar 06, 2022

Online resources / Other

• Security related Operating Systems @ Rawsec - Complete list of security related operating systems

tools / Other

• Rawsec's CyberSecurity Inventory - An open-source inventory of tools, resources, CTF platforms and Operating Systems about CyberSecurity. (Source)

Oct 18 - Oct 24, 2021

Tools / Other

• Decompiler.com - Java, Android, Python, C# online decompiler.

Oct 04 - Oct 10, 2021

Web / Other

• TryHackMe - Hands-on cyber security training through real-world scenarios.

May 24 - May 30, 2021

Tools / Other

• Netz (⭐360) - Discover internet-wide misconfigurations, using zgrab2 and others.

Feb 15 - Feb 21, 2021

Tools / Other

• CSP Scanner - Analyze a site's Content-Security-Policy (CSP) to find bypasses and missing directives.

• RustScan (⭐11k) - Extremely fast port scanner built with Rust, designed to scan all ports in a couple of seconds and utilizes nmap to perform port enumeration in a fraction of the time.

Nov 09 - Nov 15, 2020

Tutorials

• Exploit Writing Tutorials for Pentesters

• Lena151: Reversing With Lena

Docker Images for Penetration Testing & Security

• docker pull metasploitframework/metasploit-framework - Official Metasploit

• docker pull noncetonic/archlinux-pentest-lxde - Arch Linux Penetration Tester

Oct 26 - Nov 01, 2020

Disassemblers and debuggers

• Ghidra - A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission

Oct 05 - Oct 11, 2020

Binary files examination and editing / Other

• Kaitai Struct (⭐3.7k) - a DSL for creating parsers in a variety of programming languages. The Web IDE is particularly useful for reverse-engineering.

Tools / Other

• Git-Scanner (⭐320) - A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public

Competition / Other

• prompt(1) to win - XSS Challenges

Aug 31 - Sep 06, 2020

Tools / Other

• PhpSploit (⭐2.1k) - Full-featured C2 framework which silently persists on webserver via evil PHP oneliner

Aug 10 - Aug 16, 2020

Tools / Other

• Ciphey (⭐15k) - Automated decryption tool using artificial intelligence & natural language processing.

Aug 03 - Aug 09, 2020

Docker Images for Penetration Testing & Security

• docker pull vulnerables/web-owasp-nodegoat - OWASP NodeGoat (⭐1.8k)

Jun 22 - Jun 28, 2020

Tutorials

• Begin RE: A Reverse Engineering Tutorial Workshop

• Malware Unicorn Reverse Engineering Tutorial

May 25 - May 31, 2020

Tutorials

• Shells

• Missing Semester

Tools

• Hackers tools - Tutorial on tools.

Apr 13 - Apr 19, 2020

Tools / Other

• Scapy (⭐167) - A Python tool and library for low level packet creation and manipulation

Nov 18 - Nov 24, 2019

Tools / Other

• Spyse - Data gathering service that collects web info using OSINT. Provided info: IPv4 hosts, domains/whois, ports/banners/protocols, technologies, OS, AS, maintains huge SSL/TLS DB, and more... All the data is stored in its own database allowing get the data without scanning.

• Findsubdomains - A subdomains discovery tool that collects all possible subdomains from open source internet and validates them through various tools to provide accurate results.

Oct 21 - Oct 27, 2019

Competition / Other

• HackTheBox

tools / Other

• ebowla (⭐717) - Framework for Making Environmental Keyed Payloads

Oct 14 - Oct 20, 2019

Tools / Other

• IPED - Indexador e Processador de Evidências Digitais - Brazilian Federal Police Tool for Forensic Investigation

System / Other

• HackingLab

Oct 07 - Oct 13, 2019

Web / Other

• fuzzy.land - Website by an Austrian group. Lots of challenges taken from CTFs they participated in.

Sep 09 - Sep 15, 2019

Tools / Other

• findsubdomains - really fast subdomains scanning service that has much greater opportunities than simple subs finder(works using OSINT).

• cirt-fuzzer - A simple TCP/UDP protocol fuzzer.

• ASlookup - a useful tool for exploring autonomous systems and all related info (CIDR, ASN, Org...)

Aug 12 - Aug 18, 2019

tools / Other

• PowerSploit (⭐11k) - A PowerShell post exploitation framework

Jun 17 - Jun 23, 2019

Decompilers

• JD-GUI (⭐13k)

• Python
  • uncompyle6 (⭐3.4k) - decompiler for the over 20 releases and 20 years of CPython.

Binary files examination and editing / Hex editors

• Synalize It/Hexinator -

Competition / Other

• Pico CTF

Mar 11 - Mar 17, 2019

General / Other

• Strong node.js (⭐490) - An exhaustive checklist to assist in the source code security analysis of a node.js web service.

Nov 12 - Nov 18, 2018

Tools / Other

• badtouch (⭐371) - Scriptable network authentication cracker

• sniffglue (⭐997) - Secure multithreaded packet sniffer

Oct 29 - Nov 04, 2018

Bug bounty - Earn Some Money / Other

• Bugcrowd

• Hackerone

Oct 15 - Oct 21, 2018

Disassemblers and debuggers

• x64dbg (⭐42k) - An open-source x64/x32 debugger for Windows

• Capstone (⭐6.8k)

Decompilers

• JVM-based languages

• Krakatau (⭐1.9k) - the best decompiler I have used. Is able to decompile apps written in Scala and Kotlin into Java code. JD-GUI and Luyten have failed to do it fully.

• procyon
  • Luyten (⭐4.9k) - one of the best, though a bit slow, hangs on some binaries and not very well maintained.

• JAD - JAD Java Decompiler (closed-source, unmaintained)

• JADX (⭐38k) - a decompiler for Android apps. Not related to JAD.

• .net-based languages
  • dotPeek - a free-of-charge .NET decompiler from JetBrains
  • ILSpy (⭐19k) - an open-source .NET assembly browser and decompiler
  • dnSpy (⭐25k) - .NET assembly editor, decompiler, and debugger

• native code
  • Hopper - A OS X and Linux Disassembler/Decompiler for 32/64-bit Windows/Mac/Linux/iOS executables.
  • cutter - a decompiler based on radare2.
  • retdec (⭐7.6k)
  • snowman (⭐2.3k)
  • Hex-Rays

Deobfuscators

• de4dot (⭐6.6k) - .NET deobfuscator and unpacker.

• JS Beautifier (⭐8.3k)

• JS Nice - a web service guessing JS variables names and types based on the model derived from open source.

Other

• nudge4j (⭐154) - Java tool to let the browser talk to the JVM

• dex2jar (⭐12k) - Tools to work with Android .dex and Java .class files

• androguard - Reverse engineering, malware and goodware analysis of Android applications

• antinet (⭐289) - .NET anti-managed debugger and anti-profiler code

• UPX - the Ultimate Packer (and unpacker) for eXecutables

Execution logging and tracing

• Wireshark - A free and open-source packet analyzer

• tcpdump - A powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture

• mitmproxy (⭐33k) - An interactive, SSL-capable man-in-the-middle proxy for HTTP with a console interface

• Charles Proxy - A cross-platform GUI web debugging proxy to view intercepted HTTP and HTTPS/SSL live traffic

• usbmon - USB capture for Linux.

• USBPcap (⭐840) - USB capture for Windows.

• dynStruct (⭐309) - structures recovery via dynamic instrumentation.

• drltrace (⭐365) - shared library calls tracing.

Binary files examination and editing / Hex editors

• HxD - A hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size

• WinHex - A hexadecimal editor, helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security

• wxHexEditor (⭐515)

Binary files examination and editing / Other

• Binwalk (⭐9.9k) - Detects signatures, unpacks archives, visualizes entropy.

• Veles (⭐1k) - a visualizer for statistical properties of blobs.

• Protobuf inspector (⭐862)

• DarunGrim (⭐359) - executable differ.

• DBeaver (⭐35k) - a DB editor.

• Dependencies (⭐7.6k) - a FOSS replacement to Dependency Walker.

• PEview - A quick and easy way to view the structure and content of 32-bit Portable Executable (PE) and Component Object File Format (COFF) files

• BinText - A small, very fast and powerful text extractor that will be of particular interest to programmers.

Oct 08 - Oct 14, 2018

tools / Other

• empire (⭐7.2k) - A post exploitation framework for powershell and python.

• silenttrinity (⭐2.1k) - A post exploitation tool that uses iron python to get past powershell restrictions.

Oct 01 - Oct 07, 2018

Docker Images for Penetration Testing & Security

• docker pull phocean/msf - Docker Metasploit

Aug 27 - Sep 02, 2018

Tools / Other

• Nipe (⭐1.8k) - A script to make Tor Network your default gateway.

Jul 23 - Jul 29, 2018

Tools / Other

• Amass (⭐11k) - In-depth subdomain enumeration tool that performs scraping, recursive brute forcing, crawling of web archives, name altering and reverse DNS sweeping

Jun 25 - Jul 01, 2018

Tools / Other

• NoSQLMap (⭐2.7k) - Automated NoSQL database enumeration and web application exploitation tool.

• VHostScan (⭐1.1k) - A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.

• SubFinder (⭐8.7k) - SubFinder is a subdomain discovery tool that discovers valid subdomains for any target using passive online sources.

Jun 18 - Jun 24, 2018

Competition / Other

• ZeroDays CTF

• Insomni’hack

Jun 11 - Jun 17, 2018

Tools / Other

• ssh-mitm (⭐1.6k) - An SSH/SFTP man-in-the-middle tool that logs interactive sessions and passwords.

May 28 - Jun 03, 2018

Web / Other

• Gruyere

• Others

May 07 - May 13, 2018

Tools / Other

• Autopsy - A digital forensics platform and graphical interface to The Sleuth Kit and other digital forensics tools

Bug bounty / Other

• Awesome bug bounty resources by EdOverflow (⭐5.4k)

General / Other

• Movies For Hackers (⭐10k) - A curated list of movies every hacker & cyberpunk must watch.

Apr 30 - May 06, 2018

Tutorials

• Understanding the basics of Linux Binary Exploitation (⭐1.2k)

Mar 26 - Apr 01, 2018

Web / Other

• Hack The Box - a free site to perform pentesting in a variety of different systems.

Oct 16 - Oct 22, 2017

Tools / Other

• Wifi Jammer - Free program to jam all wifi clients in range

• Firesheep - Free program for HTTP session hijacking attacks.

Sep 11 - Sep 17, 2017

Tools / Other

• Habu (⭐836) - Python Network Hacking Toolkit

May 22 - May 28, 2017

General / Other

• Hack+ - An Intelligent network of bots that fetch the latest InfoSec content.

Mar 27 - Apr 02, 2017

Tools / Other

• Paros - A Java-based HTTP/HTTPS proxy for assessing web application vulnerability

• mitmsocks4j (⭐31) - Man-in-the-middle SOCKS Proxy for Java

• sleuthkit (⭐2.4k) - A library and collection of command-line digital forensics tools

• EnCase - The shared technology within a suite of digital investigations products by Guidance Software

• xortool (⭐1.3k) - A tool to analyze multi-byte XOR cipher

Feb 27 - Mar 05, 2017

General / Other

• Pentest Cheat Sheets (⭐3.6k) - Collection of cheat sheets useful for pentesting

Feb 13 - Feb 19, 2017

Online resources / Other

• Best Linux Penetration Testing Distributions @ CyberPunk - Description of main penetration testing distributions

• Security @ Distrowatch - Website dedicated to talking about, reviewing and keeping up to date with open source operating systems

Jan 30 - Feb 05, 2017

Disassemblers and debuggers

• ScratchABit (⭐390) - Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API

Jan 02 - Jan 08, 2017

Docker Images for Penetration Testing & Security

• docker pull owasp/zap2docker-stable - official OWASP ZAP (⭐12k)

• docker pull wpscanteam/wpscan - official WPScan

• docker pull citizenstig/dvwa - Damn Vulnerable Web Application (DVWA)

• docker pull wpscanteam/vulnerablewordpress - Vulnerable WordPress Installation

• docker pull hmlio/vaas-cve-2014-6271 - Vulnerability as a service: Shellshock

• docker pull hmlio/vaas-cve-2014-0160 - Vulnerability as a service: Heartbleed

• docker pull opendns/security-ninjas - Security Ninjas

• docker pull diogomonica/docker-bench-security - Docker Bench for Security

• docker pull ismisepaul/securityshepherd - OWASP Security Shepherd

• docker pull danmx/docker-owasp-webgoat - OWASP WebGoat Project docker image

• docker pull citizenstig/nowasp - OWASP Mutillidae II Web Pen-Test Practice Application

• docker pull bkimminich/juice-shop - OWASP Juice Shop (⭐9k)

Oct 31 - Nov 06, 2016

General / Other

• Rookit Arsenal - OS RE and rootkit development

Jun 27 - Jul 03, 2016

Disassemblers and debuggers

• plasma (⭐3k) - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.

May 09 - May 15, 2016

Reverse Engineering / Other

• Crackmes.de - The world first and largest community website for crackmes and reversemes.

Mar 07 - Mar 13, 2016

Tools / Other

• pig (⭐452) - A Linux packet crafting tool

Nov 16 - Nov 22, 2015

General

• Exploit database - An ultimate archive of exploits and vulnerable software

Tools / Other

• nmap - Nmap (Network Mapper) is a security scanner

Web / Other

• 0xf.at - a website without logins or ads where you can solve password-riddles (so called hackits).

Competition / Other

• PHD CTF

General / Other

• CTF archives (shell-storm)

Oct 12 - Oct 18, 2015

Disassemblers and debuggers

• radare2 (⭐19k) - A portable reversing framework

Dec 22 - Dec 28, 2014

Tutorials

• Corelan Team's Exploit writing tutorial

• Malware Analysis Tutorials: a Reverse Engineering Approach

Tools

• Metasploit (⭐32k) A computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.

• mimikatz (⭐18k) - A little tool to play with Windows security

Disassemblers and debuggers

• IDA - IDA is a Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger

• OllyDbg - A 32-bit assembler level analysing debugger for Windows

General / Other

• Open Malware

• CTFtime.org - All about CTF (Capture The Flag)

• WeChall

Tools / Other

• sqlmap (⭐29k) - Automatic SQL injection and database takeover tool

• tools.web-max.ca - base64 base85 md4,5 hash, sha1 hash encoding/decoding

• NetworkMiner - A Network Forensic Analysis Tool (NFAT)

• ZAP - The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications

• Aircrack-ng - An 802.11 WEP and WPA-PSK keys cracking program

• malzilla - Malware hunting tool

• John the Ripper - A fast password cracker

• Aircrack - Aircrack is 802.11 WEP and WPA-PSK keys cracking program.

System / Other

• OverTheWire - Semtex

• OverTheWire - Vortex

• OverTheWire - Drifter

• pwnable.kr - Provide various pwn challenges regarding system security

• Exploit Exercises - Nebula

• SmashTheStack

Reverse Engineering / Other

• Reversing.kr - This site tests your ability to Cracking & Reverse Code Engineering

• CodeEngn - (Korean)

• simples.kr - (Korean)

Web / Other

• Hack This Site! - a free, safe and legal training ground for hackers to test and expand their hacking skills

• Webhacking.kr

Cryptography / Other

• OverTheWire - Krypton

Competition / Other

• DEF CON

• CSAW CTF

• hack.lu CTF

• Pliad CTF

• RuCTFe

• Ghost in the Shellcode

• SECUINSIDE CTF

• Codegate CTF

• Boston Key Party CTF

tools / Other

• SecTools - Top 125 Network Security Tools