carpedm20 / awesome-hacking

Awesome Hacking -An Amazing Project A curated list of awesome Hacking. Inspired by awesome-machine-learning If you want to contribute to this list (please do), send me a pull request! For a list of free hacking books available for download, go here Table of Contents • System • Tutorials • Tools • Docker • General • Reverse Engineering • Tutorials • Tools • General • Web • Tools • General • Network • Tools • Forensic • Tools • Cryptography • Tools • Wargame • System • Reverse Engineering • Web • Cryptography • Bug bounty • CTF • Competition • General • OS • Online resources • Post exploitation • tools • ETC System Tutorials • Roppers Computing Fundamentals • Free, self-paced curriculum that builds a base of knowledge in computers and networking. Intended to build up a student with no prior technical knowledge to be confident in their ability to learn anything and continue their security education. Full text available as a gitbook. • Corelan Team's Exploit writing tutorial • Exploit Writing Tutorials for Pentesters • Understanding the basics of Linux Binary Exploitation • Shells • Missing Semester Tools • Metasploit A computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. • mimikatz - A little tool to play with Windows security • Hackers tools - Tutorial on tools. Docker Images for Penetration Testing & Security • official Kali Linux • - official OWASP ZAP • - official WPScan • - Official Metasploit • - Damn Vulnerable Web Application (DVWA) • - Vulnerable WordPress Installation • - Vulnerability as a service: Shellshock • - Vulnerability as a service: Heartbleed • - Security Ninjas • - Arch Linux Penetration Tester • - Docker Bench for Security • - OWASP Security Shepherd • - OWASP WebGoat Project docker image • - OWASP NodeGoat • - OWASP Mutillidae II Web Pen-Test Practice Application • - OWASP Juice Shop • - Docker Metasploit General • Exploit database - An ultimate archive of exploits and vulnerable software Reverse Engineering Tutorials • Begin RE: A Reverse Engineering Tutorial Workshop • Malware Analysis Tutorials: a Reverse Engineering Approach • Malware Unicorn Reverse Engineering Tutorial • Lena151: Reversing With Lena Tools Disassemblers and debuggers • IDA - IDA is a Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger • OllyDbg - A 32-bit assembler level analysing debugger for Windows • x64dbg - An open-source x64/x32 debugger for Windows • radare2 - A portable reversing framework • plasma - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code. • ScratchABit - Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API • Capstone • Ghidra - A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission Decompilers • JVM-based languages • Krakatau - the best decompiler I have used. Is able to decompile apps written in Scala and Kotlin into Java code. JD-GUI and Luyten have failed to do it fully. • JD-GUI • procyon • Luyten - one of the best, though a bit slow, hangs on some binaries and not very well maintained. • JAD - JAD Java Decompiler (closed-source, unmaintained) • JADX - a decompiler for Android apps. Not related to JAD. • .net-based languages • dotPeek - a free-of-charge .NET decompiler from JetBrains • ILSpy - an open-source .NET assembly browser and decompiler • dnSpy - .NET assembly editor, decompiler, and debugger • native code • Hopper - A OS X and Linux Disassembler/Decompiler for 32/64-bit Windows/Mac/Linux/iOS executables. • cutter - a decompiler based on radare2. • retdec • snowman • Hex-Rays • Python • uncompyle6 - decompiler for the over 20 releases and 20 years of CPython. Deobfuscators • de4dot - .NET deobfuscator and unpacker. • JS Beautifier • JS Nice - a web service guessing JS variables names and types based on the model derived from open source. Other • nudge4j - Java tool to let the browser talk to the JVM • dex2jar - Tools to work with Android .dex and Java .class files • androguard - Reverse engineering, malware and goodware analysis of Android applications • antinet - .NET anti-managed debugger and anti-profiler code • UPX - the Ultimate Packer (and unpacker) for eXecutables Execution logging and tracing • Wireshark - A free and open-source packet analyzer • tcpdump - A powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture • mitmproxy - An interactive, SSL-capable man-in-the-middle proxy for HTTP with a console interface • Charles Proxy - A cross-platform GUI web debugging proxy to view intercepted HTTP and HTTPS/SSL live traffic • usbmon - USB capture for Linux. • USBPcap - USB capture for Windows. • dynStruct - structures recovery via dynamic instrumentation. • drltrace - shared library calls tracing. Binary files examination and editing Hex editors • HxD - A hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size • WinHex - A hexadecimal editor, helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security • wxHexEditor • Synalize It/Hexinator - Other • Binwalk - Detects signatures, unpacks archives, visualizes entropy. • Veles - a visualizer for statistical properties of blobs. • Kaitai Struct - a DSL for creating parsers in a variety of programming languages. The Web IDE is particularly useful for reverse-engineering. • Protobuf inspector • DarunGrim - executable differ. • DBeaver - a DB editor. • Dependencies - a FOSS replacement to Dependency Walker. • PEview - A quick and easy way to view the structure and content of 32-bit Portable Executable (PE) and Component Object File Format (COFF) files • BinText - A small, very fast and powerful text extractor that will be of particular interest to programmers. General • Open…