# Awesome Hacking Tools **A collection of awesome lists for hackers, pentesters & security researchers.** A curated list of awesome Hacking Tools. Your contributions are always welcome ! ### MITM tools Name | Description ---- | ---- [Burp Suite](https://portswigger.net/burp) | GUI based tool for testing Web application security. [mitmproxy](https://mitmproxy.org/) | An interactive console program that allows traffic flows to be intercepted, inspected, modified and replayed [Ettercap](https://ettercap.github.io/ettercap/) | Ettercap is a comprehensive suite for man in the middle attacks [BetterCAP](https://www.bettercap.org/) | MITM attacks against a network, manipulate HTTP, HTTPS and TCP traffic in realtime, sniff for credentials and much more. ### SQL Injection Name | Description ---- | ---- [SQLmap](http://sqlmap.org/) | Automatic SQL injection and database takeover tool [SQLninja](http://sqlninja.sourceforge.net/) | SQL Server injection & takeover tool ### Source Code Analysis Tools Name | Description ---- | ---- [Retire.js](http://retirejs.github.io/retire.js/) | detecting the use of JavaScript libraries with known vulnerabilities [pyup](https://pyup.io/) | Automated Security and Dependency Updates [RIPS](https://www.ripstech.com/) | PHP Security Analysis [Snyk](https://snyk.io/) | find & fix vulnerabilities in dependencies, supports various languages ### Linux Security Tools Name | Description ---- | ---- [DefenseMatrix](https://github.com/K4YT3X/DefenseMatrix) | Full security solution for Linux Servers ### Exploit Databases Name | Description ---- | ---- [0day](http://0day.today/) | Inj3ct0r is the ultimate database of exploits and vulnerabilities and a great resource for vulnerability researchers and security professionals. [cxsecurity](http://cxsecurity.com/exploit) | Exploit Database [exploit-db](https://www.exploit-db.com/) | Exploits Database by Offensive Security [iedb](http://iedb.ir/) | Iranian Exploit DataBase [rapid7](https://rapid7.com/db) | Vulnerability & Exploit Database - Rapid7 ### Exploitation tools Name | Description ---- | ---- [Metasploit](https://www.metasploit.com/) | The world’s most used penetration testing framework [BeEF](http://beefproject.com/) | Browser Exploitation Framework (Beef) [Core Impact](https://www.coresecurity.com/core-impact) | Core Impact provides vulnerability assessment and penetration security testing throughout your organization. ### Search Engine for Penetration Tester Name | Description ---- | ---- [Shodan](http://shodan.io/) | Shodan is the world's first search engine for Internet-connected devices. [Zoomeye](https://www.zoomeye.org/) | search engine for cyberspace that lets the user find specific network components(ip, services, etc.) [Censys](https://www.censys.io/) | Censys continually monitors every reachable server and device on the Internet, so you can search for and analyze them in real time ### Awesome Repositories Repository | Description ---- | ---- [Xerosploit](https://github.com/LionSec/xerosploit) | Efficient and advanced man in the middle framework [HUNT Proxy Extension](https://github.com/bugcrowd/HUNT) | Identify common parameters vulnerable to certain vulnerability classes (HUNT Scanner, availible for Burp Suite PRO and ZAProxy). Organize testing methodologies (currently avalible only inside of Burp Suite). ### Awesome custom projects / Scripts Name | Description ---- | ----