Awesome Hacking Tools
A collection of awesome lists for hackers, pentesters & security researchers.
A curated list of awesome Hacking Tools. Your contributions are always welcome !
Awesome Repositories
A curated list of awesome malware analysis tools and resources
A collection of various awesome lists for hackers, pentesters and security researchers
A curated list of amazingly awesome OSINT
Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
Identify common parameters vulnerable to certain vulnerability classes (HUNT Scanner, availible for Burp Suite PRO and ZAProxy). Organize testing methodologies (currently avalible only inside of Burp Suite).
A curated list of awesome Security talks
The toolbox of open source scanners
It is a collection of multiple types of lists used during security assessments
Efficient and advanced man in the middle framework
Some setup scripts for security research tools.
PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.
Awesome custom projects / Scripts
A useful tool to play with Windows security including extracting plaintext passwords, kerberos tickets, etc.
The LAZY script will make your life easier, and of course faster.
XSStrike is a program which can fuzz and bruteforce parameters for XSS. It can also detect and bypass WAFs.
Exploitation tools
Browser Exploitation Framework (Beef)
Core Impact provides vulnerability assessment and penetration security testing throughout your organization.
The world’s most used penetration testing framework
Linux Security Tools
Full security solution for Linux Servers
kernel privilege escalation enumeration and exploitation framework
Security auditing tool for Linux, macOS, and UNIX-based systems.
Easy-to-use live forensics toolbox for Linux endpoints
Exploit Databases
Inj3ct0r is the ultimate database of exploits and vulnerabilities and a great resource for vulnerability researchers and security professionals.
Exploit Database
Exploits Database by Offensive Security
Iranian Exploit DataBase
Vulnerability & Exploit Database - Rapid7
MITM tools
MITM attacks against a network, manipulate HTTP, HTTPS and TCP traffic in realtime, sniff for credentials and much more.
GUI based tool for testing Web application security.
Ettercap is a comprehensive suite for man in the middle attacks
Man-in-the-middle attack framework used for phishing credentials and session cookies of any web service.
Framework for Man-In-The-Middle attacks
An interactive console program that allows traffic flows to be intercepted, inspected, modified and replayed
SQL Injection
Post explotation
Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised.
RSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.
Search Engine for Penetration Tester
Censys continually monitors every reachable server and device on the Internet, so you can search for and analyze them in real time
Shodan is the world's first search engine for Internet-connected devices.
Maps and database of 802.11 wireless networks, with statistics, submitted by wardrivers, netstumblers, and net huggers.
search engine for cyberspace that lets the user find specific network components(ip, services, etc.)
### Security Information and Event Management (SIEM)
Name
Description
----
----
AlienVault’s Open Source Security Information and Event Management (SIEM) product
Network Scanning Tools
Source Code Analysis Tools
Binary Analysis Tools
Collaboration tools
Open-source reporting and collaboration tool for InfoSec professionals
Linux privilege escalation
Last updated