6.1 KiB
6.1 KiB
Awesome Hacking Tools
A collection of awesome lists for hackers, pentesters & security researchers.
A curated list of awesome Hacking Tools. Your contributions are always welcome !
Awesome Repositories
| Repository | Description |
|---|---|
| Awesome Malware Analysis | A curated list of awesome malware analysis tools and resources |
| Awesome-Hacking | A collection of various awesome lists for hackers, pentesters and security researchers |
| fuzzdb | Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery. |
| HUNT Proxy Extension | Identify common parameters vulnerable to certain vulnerability classes (HUNT Scanner, availible for Burp Suite PRO and ZAProxy). Organize testing methodologies (currently avalible only inside of Burp Suite). |
| List of Sec talks/videos | A curated list of awesome Security talks |
| SecLists | It is a collection of multiple types of lists used during security assessments |
| Xerosploit | Efficient and advanced man in the middle framework |
| ctf-tools | Some setup scripts for security research tools. |
| PENTEST-WIKI | PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others. |
Awesome custom projects / Scripts
| Name | Description |
|---|---|
| mimikatz | A useful tool to play with Windows security including extracting plaintext passwords, kerberos tickets, etc. |
| LAZY script v2.1.3 | The LAZY script will make your life easier, and of course faster. |
Exploitation tools
| Name | Description |
|---|---|
| BeEF | Browser Exploitation Framework (Beef) |
| Core Impact | Core Impact provides vulnerability assessment and penetration security testing throughout your organization. |
| Metasploit | The world’s most used penetration testing framework |
Linux Security Tools
| Name | Description |
|---|---|
| DefenseMatrix | Full security solution for Linux Servers |
Exploit Databases
| Name | Description |
|---|---|
| 0day | Inj3ct0r is the ultimate database of exploits and vulnerabilities and a great resource for vulnerability researchers and security professionals. |
| cxsecurity | Exploit Database |
| exploit-db | Exploits Database by Offensive Security |
| iedb | Iranian Exploit DataBase |
| rapid7 | Vulnerability & Exploit Database - Rapid7 |
MITM tools
| Name | Description |
|---|---|
| BetterCAP | MITM attacks against a network, manipulate HTTP, HTTPS and TCP traffic in realtime, sniff for credentials and much more. |
| Burp Suite | GUI based tool for testing Web application security. |
| Ettercap | Ettercap is a comprehensive suite for man in the middle attacks |
| MITMf | Framework for Man-In-The-Middle attacks |
| mitmproxy | An interactive console program that allows traffic flows to be intercepted, inspected, modified and replayed |
SQL Injection
| Name | Description |
|---|---|
| SQLmap | Automatic SQL injection and database takeover tool |
| SQLninja | SQL Server injection & takeover tool |
Post explotation
| Name | Description |
|---|---|
| Portia | Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised. |
Search Engine for Penetration Tester
| Name | Description |
|---|---|
| Censys | Censys continually monitors every reachable server and device on the Internet, so you can search for and analyze them in real time |
| Shodan | Shodan is the world's first search engine for Internet-connected devices. |
| WiGLE | Maps and database of 802.11 wireless networks, with statistics, submitted by wardrivers, netstumblers, and net huggers. |
| Zoomeye | search engine for cyberspace that lets the user find specific network components(ip, services, etc.) |
Security Information and Event Management (SIEM)
| Name | Description |
|---|---|
| OSSIM | AlienVault’s Open Source Security Information and Event Management (SIEM) product |
Network Scanning Tools
| Name | Description |
|---|---|
| NMAP | The industry standard in network/port scanning. Widely used. |
| Wireshark | A versatile and feature-packed packet sniffing/analysis tool. |
Source Code Analysis Tools
| Name | Description |
|---|---|
| pyup | Automated Security and Dependency Updates |
| RIPS | PHP Security Analysis |
| Retire.js | detecting the use of JavaScript libraries with known vulnerabilities |
| Snyk | find & fix vulnerabilities in dependencies, supports various languages |
Binary Analysis Tools
| Name | Description |
|---|---|
| BinNavi | BinNavi is a binary analysis IDE that allows to inspect, navigate, edit and annotate control flow graphs and call graphs of disassembled code |
| Radare2 | Radare2 is a reverse engineering suite which includes a complete toolkit for reverse enigneering needs. |
Collaboration tools
| Name | Description |
|---|---|
| Dradis | Open-source reporting and collaboration tool for InfoSec professionals |