Awesome Hacking Tools
A collection of awesome lists for hackers, pentesters & security researchers.
A curated list of awesome Hacking Tools. Your contributions are always welcome !
Awesome Repositories
Repository |
Description |
fuzzdb |
Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery. |
HUNT Proxy Extension |
Identify common parameters vulnerable to certain vulnerability classes (HUNT Scanner, availible for Burp Suite PRO and ZAProxy). Organize testing methodologies (currently avalible only inside of Burp Suite). |
SecLists |
It is a collection of multiple types of lists used during security assessments |
Xerosploit |
Efficient and advanced man in the middle framework |
ctf-tools |
Some setup scripts for security research tools. |
Awesome custom projects / Scripts
Name |
Description |
mimikatz |
A useful tool to play with Windows security including extracting plaintext passwords, kerberos tickets, etc. |
Exploitation tools
Name |
Description |
BeEF |
Browser Exploitation Framework (Beef) |
Core Impact |
Core Impact provides vulnerability assessment and penetration security testing throughout your organization. |
Metasploit |
The world’s most used penetration testing framework |
Linux Security Tools
Name |
Description |
DefenseMatrix |
Full security solution for Linux Servers |
Exploit Databases
Name |
Description |
0day |
Inj3ct0r is the ultimate database of exploits and vulnerabilities and a great resource for vulnerability researchers and security professionals. |
cxsecurity |
Exploit Database |
exploit-db |
Exploits Database by Offensive Security |
iedb |
Iranian Exploit DataBase |
rapid7 |
Vulnerability & Exploit Database - Rapid7 |
MITM tools
Name |
Description |
BetterCAP |
MITM attacks against a network, manipulate HTTP, HTTPS and TCP traffic in realtime, sniff for credentials and much more. |
Burp Suite |
GUI based tool for testing Web application security. |
Ettercap |
Ettercap is a comprehensive suite for man in the middle attacks |
MITMf |
Framework for Man-In-The-Middle attacks |
mitmproxy |
An interactive console program that allows traffic flows to be intercepted, inspected, modified and replayed |
SQL Injection
Name |
Description |
SQLmap |
Automatic SQL injection and database takeover tool |
SQLninja |
SQL Server injection & takeover tool |
Search Engine for Penetration Tester
Name |
Description |
Censys |
Censys continually monitors every reachable server and device on the Internet, so you can search for and analyze them in real time |
Shodan |
Shodan is the world's first search engine for Internet-connected devices. |
Zoomeye |
search engine for cyberspace that lets the user find specific network components(ip, services, etc.) |
Security Information and Event Management (SIEM)
Name |
Description |
OSSIM |
AlienVault’s Open Source Security Information and Event Management (SIEM) product |
Network Scanning Tools
Name |
Description |
NMAP |
The industry standard in network/port scanning. Widely used. |
Wireshark |
A versatile and feature-packed packet sniffing/analysis tool. |
Source Code Analysis Tools
Name |
Description |
pyup |
Automated Security and Dependency Updates |
RIPS |
PHP Security Analysis |
Retire.js |
detecting the use of JavaScript libraries with known vulnerabilities |
Snyk |
find & fix vulnerabilities in dependencies, supports various languages |
Binary Analysis Tools
Name |
Description |
BinNavi |
BinNavi is a binary analysis IDE that allows to inspect, navigate, edit and annotate control flow graphs and call graphs of disassembled code |
Radare2 |
Radare2 is a reverse engineering suite which includes a complete toolkit for reverse enigneering needs. |
Collaboration tools
Name |
Description |
Dradis |
Open-source reporting and collaboration tool for InfoSec professionals |