Table of Contents
- Reverse Engineering
- Post exploitation
- Corelan Team’s Exploit writing tutorial
- Exploit Writing Tutorials for Pentesters
- Understanding the basics of Linux Binary Exploitation
- Metasploit A computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.
- mimikatz — A little tool to play with Windows security
Docker Images for Penetration Testing & Security
docker pull kalilinux/kali-linux-dockerofficial Kali Linux
docker pull owasp/zap2docker-stable— official OWASP ZAP
docker pull wpscanteam/wpscan— official WPScan
docker pull pandrew/metasploit— docker-metasploit
docker pull citizenstig/dvwa— Damn Vulnerable Web Application (DVWA)
docker pull wpscanteam/vulnerablewordpress— Vulnerable WordPress Installation
docker pull hmlio/vaas-cve-2014-6271— Vulnerability as a service: Shellshock
docker pull hmlio/vaas-cve-2014-0160— Vulnerability as a service: Heartbleed
docker pull opendns/security-ninjas— Security Ninjas
docker pull usertaken/archlinux-pentest-lxde— Arch Linux Penetration Tester
docker pull diogomonica/docker-bench-security— Docker Bench for Security
docker pull ismisepaul/securityshepherd— OWASP Security Shepherd
docker pull danmx/docker-owasp-webgoat— OWASP WebGoat Project docker image
docker-compose build && docker-compose up— OWASP NodeGoat
docker pull citizenstig/nowasp— OWASP Mutillidae II Web Pen-Test Practice Application
docker pull bkimminich/juice-shop— OWASP Juice Shop
- Exploit database — An ultimate archive of exploits and vulnerable software
Disassemblers and debuggers
- IDA — IDA is a Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger
- OllyDbg — A 32-bit assembler level analysing debugger for Windows
- x64dbg — An open-source x64/x32 debugger for Windows
- radare2 — A portable reversing framework
- plasma — Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
- ScratchABit — Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API
- JVM-based languages
- Krakatau — the best decompiler I have used. Is able to decompile apps written in Scala and Kotlin into Java code. JD-GUI and Luyten have failed to do it fully.
- Luyten — one of the best, though a bit slow, hangs on some binaries and not very well maintained.
- JAD — JAD Java Decompiler (closed-source, unmaintained)
- JADX — a decompiler for Android apps. Not related to JAD.
- .net-based languages
- native code
- de4dot — .NET deobfuscator and unpacker.
- JS Beautifier
- JS Nice — a web service guessing JS variables names and types based on the model derived from open source.
- nudge4j — Java tool to let the browser talk to the JVM
- dex2jar — Tools to work with Android .dex and Java .class files
- androguard — Reverse engineering, malware and goodware analysis of Android applications
- antinet — .NET anti-managed debugger and anti-profiler code
- UPX — the Ultimate Packer (and unpacker) for eXecutables
Execution logging and tracing
- Wireshark — A free and open-source packet analyzer
- tcpdump — A powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture
- mitmproxy — An interactive, SSL-capable man-in-the-middle proxy for HTTP with a console interface
- Charles Proxy — A cross-platform GUI web debugging proxy to view intercepted HTTP and HTTPS/SSL live traffic
- usbmon — USB capture for Linux.
- USBPcap — USB capture for Windows.
- dynStruct — structures recovery via dynamic instrumentation.
- drltrace — shared library calls tracing.
Binary files examination and editing
- HxD — A hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size
- WinHex — A hexadecimal editor, helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security
- Synalize It/Hexinator —
- Binwalk — Detects signatures, unpacks archives, visualizes entropy.
- Veles — a visualizer for statistical properties of blobs.
- Kaitai Struct — a DSL for creating parsers in a variety of programming languages. The Web IDE is particulary useful fir reverse-engineering.
- Protobuf inspector
- DarunGrim — executable differ.
- DBeaver — a DB editor.
- Dependencies — a FOSS replacement to Dependency Walker.
- PEview — A quick and easy way to view the structure and content of 32-bit Portable Executable (PE) and Component Object File Format (COFF) files
- BinText — A small, very fast and powerful text extractor that will be of particular interest to programmers.
- sqlmap — Automatic SQL injection and database takeover tool
- NoSQLMap — Automated NoSQL database enumeration and web application exploitation tool.
- tools.web-max.ca — base64 base85 md4,5 hash, sha1 hash encoding/decoding
- VHostScan — A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
- SubFinder — SubFinder is a subdomain discovery tool that discovers valid subdomains for any target using passive online sources.
- badtouch — Scriptable network authentication cracker
- Strong node.js — An exhaustive checklist to assist in the source code security analysis of a node.js web service.
- NetworkMiner — A Network Forensic Analysis Tool (NFAT)
- Paros — A Java-based HTTP/HTTPS proxy for assessing web application vulnerability
- pig — A Linux packet crafting tool
- ZAP — The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications
- mitmsocks4j — Man-in-the-middle SOCKS Proxy for Java
- ssh-mitm — An SSH/SFTP man-in-the-middle tool that logs interactive sessions and passwords.
- nmap — Nmap (Network Mapper) is a security scanner
- Aircrack-ng — An 802.11 WEP and WPA-PSK keys cracking program
- Nipe — A script to make Tor Network your default gateway.
- Habu — Python Network Hacking Toolkit
- Wifi Jammer — Free program to jam all wifi clients in range
- Firesheep — Free program for HTTP session hijacking attacks.
- Scapy — A Python tool and library for low level packet creation and manipulation
- Amass — In-depth subdomain enumeration tool that performs scraping, recursive brute forcing, crawling of web archives, name altering and reverse DNS sweeping
- sniffglue — Secure multithreaded packet sniffer
- Autopsy — A digital forensics platform and graphical interface to The Sleuth Kit and other digital forensics tools
- sleuthkit — A library and collection of command-line digital forensics tools
- EnCase — The shared technology within a suite of digital investigations products by Guidance Software
- malzilla — Malware hunting tool
- xortool — A tool to analyze multi-byte XOR cipher
- John the Ripper — A fast password cracker
- Aircrack — Aircrack is 802.11 WEP and WPA-PSK keys cracking program.
- OverTheWire — Semtex
- OverTheWire — Vortex
- OverTheWire — Drifter
- pwnable.kr — Provide various pwn challenges regarding system security
- Exploit Exercises — Nebula
- Reversing.kr — This site tests your ability to Cracking & Reverse Code Engineering
- CodeEngn — (Korean)
- simples.kr — (Korean)
- Crackmes.de — The world first and largest community website for crackmes and reversemes.
- Hack This Site! — a free, safe and legal training ground for hackers to test and expand their hacking skills
- Hack The Box — a free site to perform pentesting in a variety of different systems.
- 0xf.at — a website without logins or ads where you can solve password-riddles (so called hackits).
Bug bounty — Earn Some Money
- DEF CON
- CSAW CTF
- hack.lu CTF
- Pliad CTF
- Ghost in the Shellcode
- PHD CTF
- SECUINSIDE CTF
- Codegate CTF
- Boston Key Party CTF
- ZeroDays CTF
- Pico CTF
- prompt(1) to win — XSS Challeges
- Hack+ — An Intelligent network of bots that fetch the latest InfoSec content.
- CTFtime.org — All about CTF (Capture The Flag)
- CTF archives (shell-storm)
- Rookit Arsenal — OS RE and rootkit development
- Pentest Cheat Sheets — Collection of cheat sheets useful for pentesting
- Movies For Hackers — A curated list of movies every hacker & cyberpunk must watch.
- Security related Operating Systems @ Rawsec — Complete list of security related operating systems
- Best Linux Penetration Testing Distributions @ CyberPunk — Description of main penetration testing distributions
- Security @ Distrowatch — Website dedicated to talking about, reviewing and keeping up to date with open source operating systems
- empire — A post exploitation framework for powershell and python.
- silenttrinity — A post exploitation tool that uses iron python to get past powershell restrictions.
- SecTools — Top 125 Network Security Tools