Awesome Hacking Tools
A collection of awesome lists for hackers, pentesters & security researchers.
A curated list of awesome Hacking Tools. Your contributions are always welcome !
Awesome Repositories
Repository
Description
HUNT Proxy Extension
Identify common parameters vulnerable to certain vulnerability classes (HUNT Scanner, availible for Burp Suite PRO and ZAProxy). Organize testing methodologies (currently avalible only inside of Burp Suite).
Xerosploit
Efficient and advanced man in the middle framework
Awesome custom projects / Scripts
Exploitation tools
Name
Description
BeEF
Browser Exploitation Framework (Beef)
Core Impact
Core Impact provides vulnerability assessment and penetration security testing throughout your organization.
Metasploit
The world’ s most used penetration testing framework
Linux Security Tools
Name
Description
DefenseMatrix
Full security solution for Linux Servers
Exploit Databases
Name
Description
0day
Inj3ct0r is the ultimate database of exploits and vulnerabilities and a great resource for vulnerability researchers and security professionals.
cxsecurity
Exploit Database
exploit-db
Exploits Database by Offensive Security
iedb
Iranian Exploit DataBase
rapid7
Vulnerability & Exploit Database - Rapid7
MITM tools
Name
Description
BetterCAP
MITM attacks against a network, manipulate HTTP, HTTPS and TCP traffic in realtime, sniff for credentials and much more.
Burp Suite
GUI based tool for testing Web application security.
Ettercap
Ettercap is a comprehensive suite for man in the middle attacks
mitmproxy
An interactive console program that allows traffic flows to be intercepted, inspected, modified and replayed
SQL Injection
Name
Description
SQLmap
Automatic SQL injection and database takeover tool
SQLninja
SQL Server injection & takeover tool
Search Engine for Penetration Tester
Name
Description
Censys
Censys continually monitors every reachable server and device on the Internet, so you can search for and analyze them in real time
Shodan
Shodan is the world's first search engine for Internet-connected devices.
Zoomeye
search engine for cyberspace that lets the user find specific network components(ip, services, etc.)
Censys
Censys continually monitors every reachable server and device on the Internet, so you can search for and analyze them in real time
Awesome Repositories
Repository
Description
Xerosploit
Efficient and advanced man in the middle framework
SecLists
It is a collection of multiple types of lists used during security assessments
HUNT Proxy Extension
Identify common parameters vulnerable to certain vulnerability classes (HUNT Scanner, availible for Burp Suite PRO and ZAProxy). Organize testing methodologies (currently avalible only inside of Burp Suite).
fuzzdb
Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
Source Code Analysis Tools
Name
Description
RIPS
PHP Security Analysis
Retire.js
detecting the use of JavaScript libraries with known vulnerabilities
Snyk
find & fix vulnerabilities in dependencies, supports various languages
pyup
Automated Security and Dependency Updates