Your first time on this page? Allow me to give some explanations.
A curated list of awesome Hacking tutorials, tools and resources
Here you can see meta information about this topic like the time we last updated this page, the original creator of the awesome list and a link to the original GitHub repository.
Thank you carpedm20 & contributors
View Topic on GitHub:
Search for resources by name or description.
Simply type in what you are looking for and the results will be filtered on the fly.
Further filter the resources on this page by type (repository/other resource), number of stars on GitHub and time of last commit in months.
Linux Binary Exploitation
A little tool to play with Windows security
Docker Images for Penetration Testing & Security
The OWASP ZAP core project
The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Disassemblers and debuggers
An open-source x64/x32 debugger for windows.
UNIX-like reverse engineering framework and command-line toolset
Plasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax.
Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API
Capstone disassembly/disassembler framework: Core (Arm, Arm64, BPF, EVM, M68K, M680X, MOS65xx, Mips, PPC, RISCV, Sparc, SystemZ, TMS320C64x, Web Assembly, X86, X86_64, XCore) + bindings.
Java decompiler, assembler, and disassembler
A standalone Java Decompiler GUI
An Open Source Java Decompiler Gui for Procyon
Dex to Java decompiler
.NET Decompiler with support for PDB generation, ReadyToRun, Metadata (&more) - cross-platform!
.NET debugger and assembly editor
Free and Open Source Reverse Engineering Platform powered by radare2
RetDec is a retargetable machine-code decompiler based on LLVM.
A cross-version Python bytecode decompiler
Free-of-charge standalone tool based on ReSharper's bundled decompiler. It can reliably decompile any .NET assembly into equivalent C# or IL code. It can create Visual Studio solutions based on the original binary files in a straight-forward way. [Proprietary] [Free]
A Dissassembler for MacOS and Linux. Has a Demo option for 30 minutes of productivity.
.NET deobfuscator and unpacker.
Get inside your JVM
Tools to work with android .dex and java .class files
.NET anti-managed debugger and anti-profiler code
Reverse engineering, malware and goodware analysis of Android applications
Execution logging and tracing
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
USB packet capture for Windows
Reverse engineering tool for automatic structure recovering and memory use analysis based on DynamoRIO and Capstone
Drltrace is a library calls tracer for Windows and Linux applications.
A network protocol analyzer. ![Open-Source Software][oss icon] ![Freeware][freeware icon]
A cross-platform GUI web debugging proxy to view intercepted HTTP and HTTPS/SSL live traffic
wxHexEditor official GIT repo
A hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size
A hexadecimal editor, helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security
Firmware Analysis Tool
Binary data analysis and visualization tool
🕵️ Tool to reverse-engineer Protocol Buffers with unknown definition
A patch analysis tool
Free universal database tool and SQL client
A rewrite of the old legacy software "depends.exe" in C# for Windows devs to troubleshoot dll load dependencies issues.
A quick and easy way to view the structure and content of 32-bit Portable Executable (PE) and Component Object File Format (COFF) files
Automatic SQL injection and database takeover tool
Automated NoSQL database enumeration and web application exploitation tool.
A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.
Scriptable network authentication cracker
Full-featured C2 framework which silently persists on webserver via evil PHP oneliner
A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public
Spyse is an OSINT search engine that provides fresh data about the entire web. All the data is stored in its own DB for instant access and interconnected with each other for flexible search.
base64 base85 md4,5 hash, sha1 hash encoding/decoding
More than 100 security checks for your Node.js API
A Linux packet crafting tool.
Man in the Middle SOCKS Proxy for JAVA
SSH man-in-the-middle tool
An engine to make Tor network your default gateway
Great packages that use Scapy
In-depth Attack Surface Mapping and Asset Discovery
Secure multithreaded packet sniffer
A Java-based HTTP/HTTPS proxy for assessing web application vulnerability
really fast subdomains scanning service that has much greater opportunities than simple subs finder(works using OSINT).
a useful tool for exploring autonomous systems and all related info (CIDR, ASN, Org...)
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.
A digital forensics platform and graphical interface to The Sleuth Kit and other digital forensics tools
The shared technology within a suite of digital investigations products by Guidance Software
Brazilian Federal Police Tool for Forensic Investigation
A tool to analyze multi-byte xor cipher
⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
A variety of wargames maintained by the SmashTheStack Community.
This site tests your ability to Cracking & Reverse Code Engineering
a website without logins or ads where you can solve password-riddles (so called hackits).
Website by an Austrian group. Lots of challenges taken from CTFs they participated in.
A list of interesting payloads, tips and tricks for bug bounty hunters.
Bug bounty - Earn Some Money
Collection of the cheat sheets useful for pentesting
🎬 A curated list of movies every hacker & cyberpunk must watch.
Complete list of security related operating systems
Description of main penetration testing distributions
Empire is a PowerShell and Python post-exploitation agent.
An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR
PowerSploit - A PowerShell Post-Exploitation Framework
Framework for Making Environmental Keyed Payloads (NO LONGER SUPPORTED)