Hacking

Free, self-paced curriculum that builds a base of knowledge in computers and networking. Intended to build up a student with no prior technical knowledge to be confident in their ability to learn anything and continue their security education. Full text available as a gitbook.

A computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.

A little tool to play with Windows security

Tutorial on tools.

docker pull hmlio/vaas-cve-2014-6271 - Vulnerability as a service: Shellshock

docker pull hmlio/vaas-cve-2014-0160 - Vulnerability as a service: Heartbleed

An ultimate archive of exploits and vulnerable software

IDA is a Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger

A 32-bit assembler level analysing debugger for Windows

An open-source x64/x32 debugger for Windows

A portable reversing framework

Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.

Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API

A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission

the best decompiler I have used. Is able to decompile apps written in Scala and Kotlin into Java code. JD-GUI and Luyten have failed to do it fully.

Luyten - one of the best, though a bit slow, hangs on some binaries and not very well maintained.

JAD Java Decompiler (closed-source, unmaintained)

a decompiler for Android apps. Not related to JAD.

.NET deobfuscator and unpacker.

a web service guessing JS variables names and types based on the model derived from open source.

Java tool to let the browser talk to the JVM

Tools to work with Android .dex and Java .class files

Reverse engineering, malware and goodware analysis of Android applications

.NET anti-managed debugger and anti-profiler code

the Ultimate Packer (and unpacker) for eXecutables

A free and open-source packet analyzer

A powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture

An interactive, SSL-capable man-in-the-middle proxy for HTTP with a console interface

A cross-platform GUI web debugging proxy to view intercepted HTTP and HTTPS/SSL live traffic

USB capture for Linux.

USB capture for Windows.

structures recovery via dynamic instrumentation.

shared library calls tracing.

A hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size

A hexadecimal editor, helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security

/Hexinator -

Detects signatures, unpacks archives, visualizes entropy.

a visualizer for statistical properties of blobs.

a DSL for creating parsers in a variety of programming languages. The Web IDE is particularly useful for reverse-engineering.

executable differ.

a DB editor.

a FOSS replacement to Dependency Walker.

A quick and easy way to view the structure and content of 32-bit Portable Executable (PE) and Component Object File Format (COFF) files

A small, very fast and powerful text extractor that will be of particular interest to programmers.

Data gathering service that collects web info using OSINT. Provided info: IPv4 hosts, domains/whois, ports/banners/protocols, technologies, OS, AS, maintains huge SSL/TLS DB, and more... All the data is stored in its own database allowing get the data without scanning.

Automatic SQL injection and database takeover tool

Automated NoSQL database enumeration and web application exploitation tool.

base64 base85 md4,5 hash, sha1 hash encoding/decoding

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.

SubFinder is a subdomain discovery tool that discovers valid subdomains for any target using passive online sources.

A subdomains discovery tool that collects all possible subdomains from open source internet and validates them through various tools to provide accurate results.

Scriptable network authentication cracker

Full-featured C2 framework which silently persists on webserver via evil PHP oneliner

A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public

Analyze a site's Content-Security-Policy (CSP) to find bypasses and missing directives.

A web-crawling search engine that lets users search for various types of servers connected to the internet.

Internet scale portscanner.

an extensible key and secret validation tool for auditing active secrets against multiple SaaS vendors

Java, Android, Python, C# online decompiler.

An exhaustive checklist to assist in the source code security analysis of a node.js web service.

A Network Forensic Analysis Tool (NFAT)

A Java-based HTTP/HTTPS proxy for assessing web application vulnerability

A Linux packet crafting tool

really fast subdomains scanning service that has much greater opportunities than simple subs finder(works using OSINT).

A simple TCP/UDP protocol fuzzer.

a useful tool for exploring autonomous systems and all related info (CIDR, ASN, Org...)

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications

Man-in-the-middle SOCKS Proxy for Java

An SSH/SFTP man-in-the-middle tool that logs interactive sessions and passwords.

Nmap (Network Mapper) is a security scanner

An 802.11 WEP and WPA-PSK keys cracking program

A script to make Tor Network your default gateway.

Python Network Hacking Toolkit

Free program to jam all wifi clients in range

Free program for HTTP session hijacking attacks.

A Python tool and library for low level packet creation and manipulation

In-depth subdomain enumeration tool that performs scraping, recursive brute forcing, crawling of web archives, name altering and reverse DNS sweeping

Secure multithreaded packet sniffer

Discover internet-wide misconfigurations, using zgrab2 and others.

Extremely fast port scanner built with Rust, designed to scan all ports in a couple of seconds and utilizes nmap to perform port enumeration in a fraction of the time.

Extensible TCP/UDP proxy with GUI for traffic analysis & modification with SSL/TLS support.

A digital forensics platform and graphical interface to The Sleuth Kit and other digital forensics tools

A library and collection of command-line digital forensics tools

The shared technology within a suite of digital investigations products by Guidance Software

Malware hunting tool

Brazilian Federal Police Tool for Forensic Investigation

NTFS forensic image collector

CAINE is a Ubuntu-based app that offers a complete forensic environment that provides a graphical interface. This tool can be integrated into existing software tools as a module. It automatically extracts a timeline from RAM.

A tool to analyze multi-byte XOR cipher

A fast password cracker

Aircrack is 802.11 WEP and WPA-PSK keys cracking program.

Automated decryption tool using artificial intelligence & natural language processing.

Provide various pwn challenges regarding system security

This site tests your ability to Cracking & Reverse Code Engineering

(Korean)

(Korean)

The world first and largest community website for crackmes and reversemes.

a free, safe and legal training ground for hackers to test and expand their hacking skills

a free site to perform pentesting in a variety of different systems.

a website without logins or ads where you can solve password-riddles (so called hackits).

Website by an Austrian group. Lots of challenges taken from CTFs they participated in.

Hands-on cyber security training through real-world scenarios.

Europe's #1 ethical hacking and bug bounty program.

XSS Challenges

An Intelligent network of bots that fetch the latest InfoSec content.

All about CTF (Capture The Flag)

OS RE and rootkit development

Collection of cheat sheets useful for pentesting

A curated list of movies every hacker & cyberpunk must watch.

Free course designed to get a student crushing CTFs as quickly as possible. Teaches the mentality and skills required for crypto, forensics, and more. Full text available as a gitbook.

Complete list of security related operating systems

Description of main penetration testing distributions

Website dedicated to talking about, reviewing and keeping up to date with open source operating systems

A post exploitation framework for powershell and python.

A post exploitation tool that uses iron python to get past powershell restrictions.

A PowerShell post exploitation framework

Framework for Making Environmental Keyed Payloads

Top 125 Network Security Tools

Free course that teaches a beginner how security works in the real world. Learn security theory and execute defensive measures so that you are better prepared against threats online and in the physical world. Full text available as a gitbook.

A hands-on, wildly practical introduction to networking and making packets dance. No wasted time, no memorizing, just learning the fundamentals.

An open-source inventory of tools, resources, CTF platforms and Operating Systems about CyberSecurity. (Source)

The open-source encyclopedia of cybersecurity. GitHub Repository