Awesome-Hacking-Resources/tools.md

# Awesome Hacking Tools

**A collection of awesome lists for hackers, pentesters & security researchers.**

A curated list of awesome Hacking Tools. Your contributions are always welcome !

### Awesome Repositories
Repository | Description
---- | ----
[fuzzdb](https://github.com/fuzzdb-project/fuzzdb) | Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
[HUNT Proxy Extension](https://github.com/bugcrowd/HUNT) | Identify common parameters vulnerable to certain vulnerability classes (HUNT Scanner, availible for Burp Suite PRO and ZAProxy). Organize testing methodologies (currently avalible only inside of Burp Suite).
[SecLists](https://github.com/danielmiessler/SecLists) | It is a collection of multiple types of lists used during security assessments
[Xerosploit](https://github.com/LionSec/xerosploit)   |     Efficient and advanced man in the middle framework
[ctf-tools](https://github.com/zardus/ctf-tools) | Some setup scripts for security research tools. 

### Awesome custom projects / Scripts
Name | Description
---- | ----
[mimikatz](https://github.com/gentilkiwi/mimikatz) | A useful tool to play with Windows security including extracting plaintext passwords, kerberos tickets, etc.

### Exploitation tools
Name | Description
---- | ----
[BeEF](http://beefproject.com/) | Browser Exploitation Framework (Beef)
[Core Impact](https://www.coresecurity.com/core-impact) | Core Impact provides vulnerability assessment and penetration security testing throughout your organization.
[Metasploit](https://www.metasploit.com/) | The world’s most used penetration testing framework

### Linux Security Tools
Name | Description
---- | ----
[DefenseMatrix](https://github.com/K4YT3X/DefenseMatrix) | Full security solution for Linux Servers 

### Exploit Databases
Name | Description
---- | ----
[0day](http://0day.today/) | Inj3ct0r is the ultimate database of exploits and vulnerabilities and a great resource for vulnerability researchers and security professionals. 
[cxsecurity](http://cxsecurity.com/exploit) | Exploit Database
[exploit-db](https://www.exploit-db.com/) | Exploits Database by Offensive Security
[iedb](http://iedb.ir/) | Iranian Exploit DataBase
[rapid7](https://rapid7.com/db) | Vulnerability & Exploit Database - Rapid7

### MITM tools
Name | Description
---- | ----
[BetterCAP](https://www.bettercap.org/) | MITM attacks against a network, manipulate HTTP, HTTPS and TCP traffic in realtime, sniff for credentials and much more.
[Burp Suite](https://portswigger.net/burp) | GUI based tool for testing Web application security.
[Ettercap](https://ettercap.github.io/ettercap/) | Ettercap is a comprehensive suite for man in the middle attacks
[mitmproxy](https://mitmproxy.org/) | An interactive console program that allows traffic flows to be intercepted, inspected, modified and replayed

### SQL Injection
Name | Description
---- | ----
[SQLmap](http://sqlmap.org/) | Automatic SQL injection and database takeover tool
[SQLninja](http://sqlninja.sourceforge.net/) | SQL Server injection & takeover tool

### Search Engine for Penetration Tester
Name | Description
---- | ----
[Censys](https://www.censys.io/) | Censys continually monitors every reachable server and device on the Internet, so you can search for and analyze them in real time
[Shodan](http://shodan.io/) | Shodan is the world's first search engine for Internet-connected devices.
[Zoomeye](https://www.zoomeye.org/) | search engine for cyberspace that lets the user find specific network components(ip, services, etc.)
### Security Information and Event Management (SIEM)
Name | Description
---- | ----
[OSSIM](https://www.alienvault.com/products/ossim) | AlienVault’s Open Source Security Information and Event Management (SIEM) product

### Source Code Analysis Tools
Name | Description
---- | ----
[pyup](https://pyup.io/) | Automated Security and Dependency Updates
[RIPS](https://www.ripstech.com/) | PHP Security Analysis
[Retire.js](http://retirejs.github.io/retire.js/) | detecting the use of JavaScript libraries with known vulnerabilities
[Snyk](https://snyk.io/) | find & fix vulnerabilities in dependencies, supports various languages

### Binary Analysis Tools
Name | Description
---- | ----
[BinNavi](https://github.com/google/binnavi) | BinNavi is a binary analysis IDE that allows to inspect, navigate, edit and annotate control flow graphs and call graphs of disassembled code

### Collaboration tools
Name | Description
---- | ----
[Dradis](https://dradisframework.com/ce/) | Open-source reporting and collaboration tool for InfoSec professionals
-												Add tools.md

Creating tools.md to add links and resources for tools and frameworks #11
											
										
										
											2017-10-15 18:06:33 +00:00
+								# Awesome Hacking Tools
 								**A collection of awesome lists for hackers, pentesters & security researchers.**
 								A curated list of awesome Hacking Tools. Your contributions are always welcome !
-												FIX alphabetical order
											
										
										
											2017-10-19 18:20:25 +00:00
+								### Awesome Repositories
 								Repository | Description
-												Added MITM tools

											
										
										
											2017-10-15 19:18:58 +00:00
+								---- | ----
-												Delete duplicate Awesome Repos section

Unify the Awasome Repositories section in tools.md
											
										
										
											2017-10-21 23:22:12 +00:00
+								[fuzzdb](https://github.com/fuzzdb-project/fuzzdb) | Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
-												FIX alphabetical order
											
										
										
											2017-10-19 18:20:25 +00:00
+								[HUNT Proxy Extension](https://github.com/bugcrowd/HUNT) | Identify common parameters vulnerable to certain vulnerability classes (HUNT Scanner, availible for Burp Suite PRO and ZAProxy). Organize testing methodologies (currently avalible only inside of Burp Suite).
-												Delete duplicate Awesome Repos section

Unify the Awasome Repositories section in tools.md
											
										
										
											2017-10-21 23:22:12 +00:00
+								[SecLists](https://github.com/danielmiessler/SecLists) | It is a collection of multiple types of lists used during security assessments
-												FIX alphabetical order
											
										
										
											2017-10-19 18:20:25 +00:00
+								[Xerosploit](https://github.com/LionSec/xerosploit)   |     Efficient and advanced man in the middle framework
-												Update tools.md

Add ctf-tools
											
										
										
											2017-10-22 15:53:08 +00:00
+								[ctf-tools](https://github.com/zardus/ctf-tools) | Some setup scripts for security research tools.
-												Add tools.md

Creating tools.md to add links and resources for tools and frameworks #11
											
										
										
											2017-10-15 18:06:33 +00:00
-												FIX alphabetical order
											
										
										
											2017-10-19 18:20:25 +00:00
+								### Awesome custom projects / Scripts
-												New tools

											
										
										
											2017-10-16 15:32:41 +00:00
+								Name | Description
 								---- | ----
-												Added Lena's tutorials and a few tools such as BinNavi

											
										
										
											2017-10-20 22:05:33 +00:00
+								[mimikatz](https://github.com/gentilkiwi/mimikatz) | A useful tool to play with Windows security including extracting plaintext passwords, kerberos tickets, etc.
-												New tools

											
										
										
											2017-10-16 15:32:41 +00:00
-												FIX alphabetical order
											
										
										
											2017-10-19 18:20:25 +00:00
+								### Exploitation tools
-												Added Source Code Analysis and Linux Security Tools
											
										
										
											2017-10-17 06:59:08 +00:00
+								Name | Description
 								---- | ----
-												FIX alphabetical order
											
										
										
											2017-10-19 18:20:25 +00:00
+								[BeEF](http://beefproject.com/) | Browser Exploitation Framework (Beef)
 								[Core Impact](https://www.coresecurity.com/core-impact) | Core Impact provides vulnerability assessment and penetration security testing throughout your organization.
 								[Metasploit](https://www.metasploit.com/) | The world’s most used penetration testing framework
-												Added Source Code Analysis and Linux Security Tools
											
										
										
											2017-10-17 06:59:08 +00:00
 								### Linux Security Tools
 								Name | Description
 								---- | ----
 								[DefenseMatrix](https://github.com/K4YT3X/DefenseMatrix) | Full security solution for Linux Servers
-												Add Exploit Databases
											
										
										
											2017-10-19 18:40:55 +00:00
+								### Exploit Databases
 								Name | Description
 								---- | ----
 								[0day](http://0day.today/) | Inj3ct0r is the ultimate database of exploits and vulnerabilities and a great resource for vulnerability researchers and security professionals.
 								[cxsecurity](http://cxsecurity.com/exploit) | Exploit Database
 								[exploit-db](https://www.exploit-db.com/) | Exploits Database by Offensive Security
 								[iedb](http://iedb.ir/) | Iranian Exploit DataBase
 								[rapid7](https://rapid7.com/db) | Vulnerability & Exploit Database - Rapid7
-												FIX alphabetical order
											
										
										
											2017-10-19 18:20:25 +00:00
+								### MITM tools
-												New tools

											
										
										
											2017-10-16 15:32:41 +00:00
+								Name | Description
 								---- | ----
-												FIX alphabetical order
											
										
										
											2017-10-19 18:20:25 +00:00
+								[BetterCAP](https://www.bettercap.org/) | MITM attacks against a network, manipulate HTTP, HTTPS and TCP traffic in realtime, sniff for credentials and much more.
 								[Burp Suite](https://portswigger.net/burp) | GUI based tool for testing Web application security.
 								[Ettercap](https://ettercap.github.io/ettercap/) | Ettercap is a comprehensive suite for man in the middle attacks
 								[mitmproxy](https://mitmproxy.org/) | An interactive console program that allows traffic flows to be intercepted, inspected, modified and replayed
 								### SQL Injection
 								Name | Description
 								---- | ----
 								[SQLmap](http://sqlmap.org/) | Automatic SQL injection and database takeover tool
 								[SQLninja](http://sqlninja.sourceforge.net/) | SQL Server injection & takeover tool
-												New tools

											
										
										
											2017-10-16 15:32:41 +00:00
-												Added new training links and Search engines to tools.md

											
										
										
											2017-10-19 13:25:43 +00:00
+								### Search Engine for Penetration Tester
 								Name | Description
 								---- | ----
-												FIX alphabetical order
											
										
										
											2017-10-19 18:20:25 +00:00
+								[Censys](https://www.censys.io/) | Censys continually monitors every reachable server and device on the Internet, so you can search for and analyze them in real time
-												Added new training links and Search engines to tools.md

											
										
										
											2017-10-19 13:25:43 +00:00
+								[Shodan](http://shodan.io/) | Shodan is the world's first search engine for Internet-connected devices.
 								[Zoomeye](https://www.zoomeye.org/) | search engine for cyberspace that lets the user find specific network components(ip, services, etc.)
-												Update tools.md

Add Collaboration and  SIEM tools
											
										
										
											2017-10-23 06:36:06 +00:00
+								### Security Information and Event Management (SIEM)
 								Name | Description
 								---- | ----
 								[OSSIM](https://www.alienvault.com/products/ossim) | AlienVault’s Open Source Security Information and Event Management (SIEM) product
-												Added new training links and Search engines to tools.md

											
										
										
											2017-10-19 13:25:43 +00:00
-												FIX alphabetical order
											
										
										
											2017-10-19 18:20:25 +00:00
+								### Source Code Analysis Tools
-												Add tools.md

Creating tools.md to add links and resources for tools and frameworks #11
											
										
										
											2017-10-15 18:06:33 +00:00
+								Name | Description
 								---- | ----
-												Added Lena's tutorials and a few tools such as BinNavi

											
										
										
											2017-10-20 22:05:33 +00:00
+								[pyup](https://pyup.io/) | Automated Security and Dependency Updates
-												FIX alphabetical order
											
										
										
											2017-10-19 18:20:25 +00:00
+								[RIPS](https://www.ripstech.com/) | PHP Security Analysis
 								[Retire.js](http://retirejs.github.io/retire.js/) | detecting the use of JavaScript libraries with known vulnerabilities
 								[Snyk](https://snyk.io/) | find & fix vulnerabilities in dependencies, supports various languages
-												Added Lena's tutorials and a few tools such as BinNavi

											
										
										
											2017-10-20 22:05:33 +00:00
 								### Binary Analysis Tools
 								Name | Description
 								---- | ----
-												Delete duplicate Awesome Repos section

Unify the Awasome Repositories section in tools.md
											
										
										
											2017-10-21 23:22:12 +00:00
+								[BinNavi](https://github.com/google/binnavi) | BinNavi is a binary analysis IDE that allows to inspect, navigate, edit and annotate control flow graphs and call graphs of disassembled code
-												Update tools.md

Add Collaboration and  SIEM tools
											
										
										
											2017-10-23 06:36:06 +00:00
 								### Collaboration tools
 								Name | Description
 								---- | ----
 								[Dradis](https://dradisframework.com/ce/) | Open-source reporting and collaboration tool for InfoSec professionals