# Awesome Resources For Learning Ethical Hacking & Pentesting ⚡️ [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome) ![Awesome Hacking](https://img.shields.io/badge/awesome-hacking-red.svg) ![Awesome community](https://img.shields.io/badge/awesome-community-green.svg) What I’m sharing here is a collection of some best resources about Hacking & Penetration Testing to make you learn faster! Let's make it the best resource repository for our community. ## Contents - [Books](#books) - [Online ](#online) - [Offline](#offline) - [Vulnerable Machines and Websites](#Vulnerable-machines-and-websites) - [Vulnerability Databases And Resources](#vulnerability-databases-and-resources) - [Malware Analysis](#malware-analysis) - [Linux Penetration Testing OS](#linux-penetration-testing-os) - [Courses](#courses) - [Workshop Playlists](#workshop-playlists) - [Security Talks and Conferences](#security-talks-and-conferences) - [YouTube Channels](#youtube-channels) - [Forums](#forums) **You are welcome to fork and contribute.** **Also you can find my writeups/tutorials on medium: @hussnainfareed :)** ## Books 1. The Hacker Playbook 2: Practical Guide To Penetration Testing 2. The Basics of Hacking and Penetration Testing, Second Edition: Ethical Hacking and Penetration Testing Made Easy 3. Breaking into Information Security: Learning the Ropes 101 4. Penetration Testing: A Hands-On Introduction to Hacking 5. Social Engineering: The Art of Human Hacking 6. Hacking: The Art of Exploitation, 2nd Edition 7. Web Hacking 101 8. OWASP Testing Guide (A must-read for web application developers and penetration testers) 9. The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws 10. The Basics of Web Hacking: Tools and Techniques to Attack the Web ## Learning Platforms to Sharpen Your Skills ### Online Name | Description ---- | ---- [CTF Hacker101](https://ctf.hacker101.com/) | The Hacker101 CTF is a game designed to let you learn to hack in a safe, rewarding environment. Hacker101 is a free educational site for hackers. [Hack The Box :: Penetration Testing Labs](https://www.hackthebox.eu) | An online platform to test and advance your skills in penetration testing and cyber security. Join today and start training in our online labs. [TryHackMe](https://tryhackme.com) | TryHackMe is an online platform that teaches cyber security through short, gamified real-world labs. [CTF365](https://ctf365.com/) | An account-based ctf site, awarded by Kaspersky, MIT, and T-Mobile. [Backdoor](https://backdoor.sdslabs.co) | Pen testing labs that have a space for beginners, a practice arena, and various competitions, account required. [Hack.me](https://hack.me/) | Lets you build/host/attack vulnerable web apps. [CTFLearn](https://ctflearn.com/) | An account-based ctf site, where users can go in and solve a range of challenges. [OWASP Vulnerable Web Applications Directory Project (Online)](https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project#tab=On-Line_apps) | List of online available vulnerable applications for learning purposes. [Pentestit labs](https://lab.pentestit.ru) | Hands-on Pentesting Labs (OSCP style) [Root-me.org](https://www.root-me.org) | Hundreds of challenges are available to train yourself in different and not simulated environments [Vulnhub.com](https://www.vulnhub.com) | Vulnerable By Design VMs for practical 'hands-on' experience in digital security [Windows / Linux Local Privilege Escalation Workshop](https://github.com/sagishahar/lpeworkshop) | Practice your Linux and Windows privilege escalation. [Hacking Articles](http://www.hackingarticles.in/ctf-challenges1/) | CTF Brief Write-up collection with a lot of screenshots good for beginners. [Rafay Hacking Articles, a great blog](http://www.rafayhackingarticles.net/) | Write up collections by Rafay Baloch. [PentesterLab](https://pentesterlab.com/) | 20$ signature, complete content basic to write exploits, web, android. [CyberSec WTF](https://cybersecurity.wtf/)| Emulated web pentesting challenges from bounty write-ups [Pentest-Ground](https://pentest-ground.com/) | Pentest Ground is a free playground with deliberately vulnerable web applications and network services. ### Off-Line Name | Description ---- | ---- [Damn Vulnerable Xebia Training Environment](https://github.com/davevs/dvxte) | Docker Container including several vulnerable web applications (DVWA, DVWServices, DVWSockets, WebGoat, Juiceshop, Railsgoat, django.NV, Buggy Bank, Mutilidae II and more) [OWASP Vulnerable Web Applications Directory Project (Offline)](https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project#tab=Off-Line_apps) | List of offline available vulnerable applications for learning purposes ## Vulnerable Machines/Websites 1. [FiringRange](https://public-firing-range.appspot.com/) ## Vulnerability Databases And Resources Vulnerability Databases are the first place to start your day as a security professional. Any new vulnerability detection is generally available through the public vulnerability databases. These databases are a big source of information for hackers to be able to understand and exploit/avoid/fix the vulnerability. * http://www.exploit-db.com/ * http://1337day.com/ * http://securityvulns.com/ * http://www.securityfocus.com/ * http://www.osvdb.org/ * http://www.securiteam.com/ * http://secunia.com/advisories/ * http://insecure.org/sploits_all.html * http://zerodayinitiative.com/advisories/published/ * http://nmrc.org/pub/index.html * http://web.nvd.nist.gov * http://www.vupen.com/english/security-advisories/ * http://www.vupen.com/blog/ * http://cvedetails.com/ * http://www.rapid7.com/vulndb/index.jsp * http://oval.mitre.org/ * http://sploitus.com/ * http://cxsecurity.com/ ### Malware Analysis Name | Description ---- | ---- [Malware traffic analysis](http://www.malware-traffic-analysis.net/) | list of traffic analysis exercises [Malware Analysis - CSCI 4976](https://github.com/RPISEC/Malware/blob/master/README.md) | another class from the folks at RPISEC, quality content [Bad Binaries] (https://www.badbinaries.com/) | walkthrough documents of malware traffic analysis exercises and some occasional malware analysis. ### Linux Penetration Testing OS Name | Description ---- | ----- [Kali](http://kali.org/) | the infamous pen-testing distro from the folks at Offensive Security [Parrot ](https://www.parrotsec.org/) | Debian includes a full portable lab for security, DFIR, and development [Android Tamer](https://androidtamer.com//) | Android Tamer is a Virtual / Live Platform for Android Security professionals. [BlackArch](https://blackarch.org/index.html) | Arch Linux-based pentesting distro, compatible with Arch installs [LionSec Linux](https://lionsec-linux.org/) | pentesting OS based on Ubuntu ## Courses 1. [Computer Systems Security, MIT](https://ocw.mit.edu/courses/6-858-computer-systems-security-fall-2014/) 2. [cisco's cources](https://www.netacad.com/courses/cybersecurity) 3.[cybrary](https://www.cybrary.it/catalog/cybersecurity/) 4.[hackers academy](https://hackersacademy.com/) For those who want to do CEH, the following links are for you. 2. [CBT Nuggets CEH Training](http://goo.gl/JuW85U) 3. [CEH Books](https://goo.gl/gjCBLK) 4. [Guide to Binary Exploitation](https://github.com/r0hi7/binexp) ## Workshops/Playlists 1. [Web Hacking](https://www.youtube.com/playlist?list=PLJM73L2pQRd4lXBZjsHAmeEqsn5pENXxN) 2. [Ethical Hacking, A Comprehensive Playlist covering almost everything](https://www.youtube.com/playlist?list=PLkRo97mCIn9lgvE7AskNsmwJVOlJX2zaI) ## Security Talks and Conferences 1. [InfoCon - Hacking Conference Archive](https://infocon.org/cons/) 2. [Curated list of Security Talks and Videos](https://github.com/PaulSec/awesome-sec-talks) 3. [Blackhat](https://www.youtube.com/user/BlackHatOfficialYT) 4. [Defcon](https://www.youtube.com/user/DEFCONConference) 5. [Security Tube](http://www.securitytube.net/) 6. [Kevin Mitnick: Live Hack at CeBIT](https://www.youtube.com/watch?v=Q7G3kKRdUl4) 7. [Ghost in the Cloud, Kevin Mitnick](https://www.youtube.com/watch?v=76yrWGzScgI) 8. [Kevin Mitnick | Talks at Google](https://www.youtube.com/watch?v=aUqes9QdLQ4) 9. [Complete Free Hacking Course: Go from Beginner to Expert Hacker Today](https://www.youtube.com/watch?v=7nF2BAfWUEg) ## YouTube Channels Now let’s get Towards YouTube Channel Links... These Channels are Shared By Hackers where They Upload their Video POCs.. Watching them u can actually understand how to demonstrate these types of attacks... 1. [LiveOverflow](https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w) 2. [Black Hat](https://www.youtube.com/channel/UCJ6q9Ie29ajGqKApbLqfBOg) 3. [Injector Pca](https://www.youtube.com/channel/UCRFG_j0cgLWtJOG6fl_-rxQ) 4. [Hisham Mir](https://www.youtube.com/channel/UCYTK8lk8oLLaA330rqd0qgA) 5. [Devil Killer](https://www.youtube.com/channel/UCwfYw-C2xqemqrXq0IKF_Mg) 6. [Suleman Malik](https://www.youtube.com/channel/UC59IHQcCmgNw4GIvsXeLnDQ) 7. [Dem0n](https://www.youtube.com/channel/UC_jNs1biBixcQeSUoJxvNLw) 8. [Frans Rosén](https://www.youtube.com/channel/UCV89UhUtxqwP0j4o9tMipsA) 9. [HackerOne](https://www.youtube.com/channel/UCsgzmECky2Q9lQMWzDwMhYw) 10. [ak1t4 machine](https://www.youtube.com/channel/UCaftcKRiJJW0AJHmR1E5MAQ) 11. [Shawar Khan](https://www.youtube.com/channel/UCPxJLZCoIRJHs1VebWeaByA) 12. [vulnerability0lab](https://www.youtube.com/channel/UC4QJ7X4nnkAYXsnFQpdytcA) 13. [Bugcrowd](https://www.youtube.com/channel/UCo1NHk_bgbAbDBc4JinrXww) 14. [Vijay Kumar](https://www.youtube.com/channel/UCs2NmJGRecw_huNzvQNf2_A) 15. [Web Development Tutorials](https://www.youtube.com/channel/UCS0y5e-AMsZO8GEFtKBAzkA) 16. [Jan Wikholm](https://www.youtube.com/channel/UCOQtLXVJduZ4-YUFOi5EzIA) 17. [Bhargav Tandel](https://www.youtube.com/channel/UCh5MTJLt3LYr_rkwcOQJNWg) 18. [ErrOr SquaD](https://www.youtube.com/channel/UCou-7r8Mk4oQcBmazxp5uwg) 19. [SecurityIdiots](https://www.youtube.com/channel/UCPPAYs04kwfXcHnerm_ueFw) 20. [Penetration Testing in Linux](https://www.youtube.com/channel/UC286ntgASMskhPIJQebJVvA) 21. [Hussnain Fareed](https://www.youtube.com/channel/UCbq5fgcqUz-PlMs3RCOUrXw) 22. [Null Byte](https://www.youtube.com/channel/UCgTNupxATBfWmfehv21ym-g) 23. [ZAID](https://www.youtube.com/user/zaidsabeeh) 24. [vabs tutorial](https://www.youtube.com/channel/UCa0wCQEB8CRKzjJV2GZ_EzA) 25. [the cyber mentor](https://www.youtube.com/channel/UC0ArlFuFYMpEewyRBzdLHiw) 26. [PwnFunction](https://www.youtube.com/channel/UCW6MNdOsqv2E9AjQkv9we7A) 27. [GetCyber](https://www.youtube.com/@GetCyber/videos) 28. [Loi Liang Yang](https://www.youtube.com/@LoiLiangYang) Any Channel Link Missing? Kindly add it in the Comments ### Forums Name | Description ---- | ---- [0x00sec](https://0x00sec.org/) | hacker, malware, computer engineering, Reverse engineering [Antichat](https://forum.antichat.ru/) | russian based forum [CODEBY.NET](https://codeby.net/) | hacker, WAPT, malware, computer engineering, Reverse engineering, forensics - russian based forum [EAST Exploit database](http://eastexploits.com/) | exploit DB for commercial exploits written for EAST Pentest Framework [Greysec](https://greysec.net) | hacking and security forum [Hackforums](https://hackforums.net/) | posting webstite for hacks/exploits/various discussion ### Contribution Your contributions and suggestions are heartily welcome. ([emoji key](https://allcontributors.org/docs/en/emoji-key)) # NOTE: All references are taken from the Internet and shared on the Internet xD Thanks to those who shared their opinion before that helped me learn 😉 if you have any questions, please ask in the comments. If you know about any good resource for beginners, please share it here.