An awesome collection of curated Cyber Security resources(Books, Tutorials, Blogs, Podcasts
Footprinting and Reconnaissance
Repository | Description |
---|---|
Autopsy | Fast though an affordable incident response software. |
Bulkextractor | Forensic investigation tool for many tasks such as malware and intrusion. |
Media Acquistion | Visits that came from someone going to your site from organic search results. |
Toolsley | No-hassle tools that are for verifying, hashing, generating and identifying multiple formats of data files. |
Scanning Networks
Repository | Description |
---|---|
Nmap | A free and open source (license) utility for network discovery and security auditing. |
Wireshark | The world’s foremost and widely-used network protocol analyzer. |
TCPDUMP | A powerful command-line packet analyzer. |
Enumeration
Repository | Description |
---|---|
Network Map | Designed to rapidly scan large networks, but works fine against single hosts. |
Dracnmap | Dracnmap is designed to perform fast scaning with the utilizing script engine of nmap. |
Port scanning | Enables port scanning your entire network to determine which ports on your network are open and what services are running on them. |
Xerosploit | A pentesting toolkit whose goal is to perform man in the middle attacks for testing purposes. |
RED HAWK | |
ReconSpider | Framework for scanning IP Address, Emails, Websites, Organizations. |
Infoga – Email OSINT | A tool gathering email accounts informations from different public sources. |
ReconDog | Main Features = Wizard + CLA interface, extracts targets from STDIN (piped input) and act upon them. |
Striker | Recon & Vulnerability Scanning Suite. |
SecretFinder | Written to discover sensitive data like apikeys, accesstoken, authorizations, jwt in JavaScript files. |
Port Scanner | Converts an unordered list of ports on separate lines in a numerical order. |
Breacher | A script to find admin login pages and EAR vulnerabilites. |
Git-Secret | Go scripts for finding sensitive data like API key / some keywords in the github repository |
System Hacking
Repository | Description |
---|---|
Social Engineering ToolKit | An open-source penetration testing framework designed for social engineering. |
SocialFish | A program designed to know social media stats and information related to an account. |
HiddenEye | Multi-featured tool for human mistakes exploitation. |
Evilginx2 | A man-in-the-middle attack framework used for phishing login credentials along with session cookies. |
I-See_You | Tool to find the exact location of the users during social engineering or phishing engagements. |
SayCheese | Take webcam shots from target just sending a malicious link. |
QR Code Jacking | Port Forwarding using Ngrok or Serveo. |
BlackPhish | Super lightweight with many features and blazing fast speeds. |
Payload Creation
Repository | Description |
---|---|
The FatRat | Provides An Easy way to create Backdoors and Payload which can bypass most anti-virus. |
Brutal | Quickly create various powershell attack, virus attack and launch listener for a Human Interface Device. |
MSFvenom Payload Creator | A wrapper to generate multiple types of payloads, based on users choice. |
Venom Shellcode Generator | Built to take advantage of apache2 webserver to deliver payloads (LAN). |
Mob-Droid | Generate metasploit payloads in easy way without typing long commands and save your time. |
Enigma | Multiplatform payload dropper. |
Sniffing
Repository | Description |
---|---|
OpenVAS | A full-featured vulnerability scanner. |
Nikto | An Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items. |
Wapiti | Audit the security of your websites or web applications. |
Metasploit | Metasploit helps security teams do more than just verify vulnerabilities, manage security assessments. |
Maltego | Graphical link analysis tool for gathering and connecting information for investigative tasks. |
Canvas | Makes available hundreds of exploits, an automated exploitation system. |
Sn1per | An automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. |
Lazyrecon | Is intended to automate some tedious tasks of reconnaissance and information gathering. |
Osmedeus | Run the collection of awesome tools to reconnaissance and vulnerability scanning against the target. |
Reconness | Exploit the targets using one specific kind of vulnerability. |
IronWASP | Used for web application vulnerability testing. |
Social Engineering
Repository | Description |
---|---|
Awesome Social Engineering | List of awesome social engineering resources. |
Denial Of Service
Repository | Description |
---|---|
Asyncrone | Multifunction SYN Flood DDoS Weapon. |
UFOnet | Cryptographic -disruptive toolkit- that allows to perform DoS and DDoS attacks. |
GoldenEye | An HTTP DoS Test Tool. |
Session Hijacking
Repository | Description |
---|---|
Debinject | Inject malicious code into .debs |
Pixload | Set of tools for hiding backdoors creating/injecting payload into images. |
Evading IDS, Firewalls and Honeypots
Repository | Description |
---|---|
Bluetooth Honeypot | The system allows monitoring of attacks via a graphical user interface. |
Kippo | SSH honeypot designed to log brute force attacks. |
MushMush | The foundation is dedicated to the advancement and development of open source software. |
Formidable Honeypot | Easy, non-instrusive SPAM protection. |
Elastic Honey | A Simple Elasticsearch Honeypot. |
Honey Thing | A honeypot for Internet of TR-069 routers/devices. |
Hacking Web Applications
Repository | Description |
---|---|
Awesome Web Hacking | A collection of tools used for SQL Injections and hacking websites. |
WPScan | The WPScan WordPress Vulnerability Database is a database of WordPress vulnerabilities, plugin vulnerabilities and theme vulnerabilities |
PayloadsAllTheThings | A list of useful payloads and bypass for Web Application Security and Pentest/CTF. |
CS 253 Web Security | A comprehensive overview of web security. |
Beginner Web Application Hacking(The Cyber Mentor) | A full web hacking course for beginners. |
SQL Injection
Repository | Description |
---|---|
Sqlmap tool | Automates the process of detecting and exploiting SQL injection flaws. |
NoSqlMap | Audit for as well as automate injection attacks and exploit default configuration weaknesses in databases. |
Damn Small SQLi Scanner | SQL injection vulnerability scanner written in under 100 lines of code. |
Explo | A simple tool to describe web security issues in a human and machine readable format. |
Blisqy | Blind SQL injection on HTTP Headers and also exploitation of the same vulnerability. |
Leviathan | A mass audit toolkit which has wide range service discovery, brute force, etc. |
SQLScan | Quick web scanner for find an sql inject point on a website. |
Hacking Wireless Networks
Repository | Description |
---|---|
WiFi-Pumpkin | A powerful framework which allows and offers security researchers, to mount a wireless network to conduct MITM. |
pixiewps | Used to bruteforce offline the WPS PIN exploiting the low or non-existing entropy of some software implementations |
Bluetooth Honeypot GUI Framework. | Allows monitoring of attacks via a GUI that provides graphs, lists, a dashboard and further detailed analysis from log files. |
Fluxion | It’s a remake by Mr. SAGE with less bugs and more functionality. |
Wifiphisher | A Framework for conducting red team engagements or Wi-Fi security testing. |
Wifite | Designed to use all known methods for retrieving the password of a wireless access point (router). |
EvilTwin | A script to perform Evil Twin Attack, by getting credentials using a Fake page and Fake Access Point. |
Fastssh | Performs multi-threaded scan and brute force attack against SSH protocol using the most commonly credentials. |
Aircrack-ng | Aircrack- ng is a complete suite of tools to assess WiFi network security. |
Kismet | Kismet is a wireless network and device detector, sniffer, wardriving tool, and WIDS framework. |
Hacking Mobile Platforms
Repository | Description |
---|---|
android-security-awesome | A collection of android security related resources. |
Keydroid | Android Keylogger + Reverse Shell. |
MySMS | Script that generates an Android App to hack SMS through WAN. |
Lockphish (Grab target LOCK PIN) | The first tool (05/13/2020) for phishing attacks on the lock screen. |
DroidCam (Capture Image) | Generates different phishing links of wishing or custom sites which can grab victim’s front camera pictures. |
EvilApp (Hijack Session) | Script to generate Android App that can hijack autenticated sessions in cookies. |
HatCloud(Bypass CloudFlare for IP) | It makes bypass in CloudFlare for discover the real IP. |
Ghost(remotely access an Android device) | Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device. |
IoT Hacking
Repository | Description |
---|---|
Vehicle Security | A curated list about vehicle security, car hacking, and tinkering with the functionality of your car. |
Cryptography
Repository | Description |
---|---|
Awesome Cryptography | A curated list of cryptography resources and links. |
dCode | Toolkit website for decryption, ciphertexts, solve riddles, treasure hunts, etc. |
Capture The Flag (Beginner)
Repository | Description |
---|---|
CTFTime | List of CTF events to participate. |
Writeups | Best way to learn through writeups. |
CTF101 | Introduction to CTFs and Useful tools. |
Guide | Beginner’s Guide to CTF Field. |
PicoCTF | Beginner friendly CTF to compete. |
CryptoHack | Best free platform for learning modern cryptography. |
HackThisSite | Practice and expand your hacking skills. |
Cyber Talents | Hands-on practical scenariosin different cyber security fields. |
OverTheWire | Practice security concepts in the form of fun-filled games. |
OSINT (Open Source INTelligence)
Repository | Description |
---|---|
Awesome OSINT | A curated list of amazingly awesome open source intelligence tools and resources. |
Encryption
Repository | Description |
---|---|
LifeHacker | Guide for Beginners to learn encryption. |
Encryption For Business | Business Guide to Encryption |
USB Encryption | Guide to USB encryption. |
Encryption Tools | How to use Encryption Tools. |
Cipher Newsletter | Newsletter which will keep you updated. |
ExploitDB
Repository | Description |
---|---|
Exploit Database Website | The Exploit Database is a non-profit project that is provided as a public service by Offensive Security. |
ExploitDB Usage Examples | Kali Linux exploitDB usage examples. |
The Exploit Database Git Repository | This is an official repository of The Exploit Database, a project sponsored by Offensive Security. |
Exploits & Shellcodes | ExploitDB shellcodes. |
Papers | ExploitDB Papers. |
Leave a Reply