Awesome CyberSec Resources

Big Banner

An awesome collection of curated Cyber Security resources(Books, Tutorials, Blogs, Podcasts


Footprinting and Reconnaissance

RepositoryDescription
AutopsyFast though an affordable incident response software.
BulkextractorForensic investigation tool for many tasks such as malware and intrusion.
Media AcquistionVisits that came from someone going to your site from organic search results.
ToolsleyNo-hassle tools that are for verifying, hashing, generating and identifying multiple formats of data files.

Scanning Networks

RepositoryDescription
NmapA free and open source (license) utility for network discovery and security auditing.
WiresharkThe world’s foremost and widely-used network protocol analyzer.
TCPDUMPA powerful command-line packet analyzer.

Enumeration

RepositoryDescription
Network MapDesigned to rapidly scan large networks, but works fine against single hosts.
DracnmapDracnmap is designed to perform fast scaning with the utilizing script engine of nmap.
Port scanningEnables port scanning your entire network to determine which ports on your network are open and what services are running on them.
XerosploitA pentesting toolkit whose goal is to perform man in the middle attacks for testing purposes.
RED HAWK
ReconSpiderFramework for scanning IP Address, Emails, Websites, Organizations.
Infoga – Email OSINTA tool gathering email accounts informations from different public sources.
ReconDogMain Features = Wizard + CLA interface, extracts targets from STDIN (piped input) and act upon them.
StrikerRecon & Vulnerability Scanning Suite.
SecretFinderWritten to discover sensitive data like apikeys, accesstoken, authorizations, jwt in JavaScript files.
Port ScannerConverts an unordered list of ports on separate lines in a numerical order.
BreacherA script to find admin login pages and EAR vulnerabilites.
Git-SecretGo scripts for finding sensitive data like API key / some keywords in the github repository

System Hacking

RepositoryDescription
Social Engineering ToolKitAn open-source penetration testing framework designed for social engineering.
SocialFishA program designed to know social media stats and information related to an account.
HiddenEyeMulti-featured tool for human mistakes exploitation.
Evilginx2A man-in-the-middle attack framework used for phishing login credentials along with session cookies.
I-See_YouTool to find the exact location of the users during social engineering or phishing engagements.
SayCheeseTake webcam shots from target just sending a malicious link.
QR Code JackingPort Forwarding using Ngrok or Serveo.
BlackPhishSuper lightweight with many features and blazing fast speeds.

Payload Creation

RepositoryDescription
The FatRatProvides An Easy way to create Backdoors and Payload which can bypass most anti-virus.
BrutalQuickly create various powershell attack, virus attack and launch listener for a Human Interface Device.
MSFvenom Payload CreatorA wrapper to generate multiple types of payloads, based on users choice.
Venom Shellcode GeneratorBuilt to take advantage of apache2 webserver to deliver payloads (LAN).
Mob-DroidGenerate metasploit payloads in easy way without typing long commands and save your time.
EnigmaMultiplatform payload dropper.

Sniffing

RepositoryDescription
OpenVASA full-featured vulnerability scanner.
NiktoAn Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items.
WapitiAudit the security of your websites or web applications.
MetasploitMetasploit helps security teams do more than just verify vulnerabilities, manage security assessments.
MaltegoGraphical link analysis tool for gathering and connecting information for investigative tasks.
CanvasMakes available hundreds of exploits, an automated exploitation system.
Sn1perAn automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities.
LazyreconIs intended to automate some tedious tasks of reconnaissance and information gathering.
OsmedeusRun the collection of awesome tools to reconnaissance and vulnerability scanning against the target.
ReconnessExploit the targets using one specific kind of vulnerability.
IronWASPUsed for web application vulnerability testing.

Social Engineering

RepositoryDescription
Awesome Social EngineeringList of awesome social engineering resources.

Denial Of Service

RepositoryDescription
AsyncroneMultifunction SYN Flood DDoS Weapon.
UFOnetCryptographic -disruptive toolkit- that allows to perform DoS and DDoS attacks.
GoldenEyeAn HTTP DoS Test Tool.

Session Hijacking

RepositoryDescription
DebinjectInject malicious code into .debs
PixloadSet of tools for hiding backdoors creating/injecting payload into images.

Evading IDS, Firewalls and Honeypots

RepositoryDescription
Bluetooth HoneypotThe system allows monitoring of attacks via a graphical user interface.
KippoSSH honeypot designed to log brute force attacks.
MushMushThe foundation is dedicated to the advancement and development of open source software.
Formidable HoneypotEasy, non-instrusive SPAM protection.
Elastic HoneyA Simple Elasticsearch Honeypot.
Honey ThingA honeypot for Internet of TR-069 routers/devices.

Hacking Web Applications

RepositoryDescription
Awesome Web HackingA collection of tools used for SQL Injections and hacking websites.
WPScanThe WPScan WordPress Vulnerability Database is a database of WordPress vulnerabilities, plugin vulnerabilities and theme vulnerabilities
PayloadsAllTheThingsA list of useful payloads and bypass for Web Application Security and Pentest/CTF.
CS 253 Web SecurityA comprehensive overview of web security.
Beginner Web Application Hacking(The Cyber Mentor)A full web hacking course for beginners.

SQL Injection

RepositoryDescription
Sqlmap toolAutomates the process of detecting and exploiting SQL injection flaws.
NoSqlMapAudit for as well as automate injection attacks and exploit default configuration weaknesses in databases.
Damn Small SQLi ScannerSQL injection vulnerability scanner written in under 100 lines of code.
ExploA simple tool to describe web security issues in a human and machine readable format.
BlisqyBlind SQL injection on HTTP Headers and also exploitation of the same vulnerability.
LeviathanA mass audit toolkit which has wide range service discovery, brute force, etc.
SQLScanQuick web scanner for find an sql inject point on a website.

Hacking Wireless Networks

RepositoryDescription
WiFi-PumpkinA powerful framework which allows and offers security researchers, to mount a wireless network to conduct MITM.
pixiewpsUsed to bruteforce offline the WPS PIN exploiting the low or non-existing entropy of some software implementations
Bluetooth Honeypot GUI Framework.Allows monitoring of attacks via a GUI that provides graphs, lists, a dashboard and further detailed analysis from log files.
FluxionIt’s a remake by Mr. SAGE with less bugs and more functionality.
WifiphisherA Framework for conducting red team engagements or Wi-Fi security testing.
WifiteDesigned to use all known methods for retrieving the password of a wireless access point (router).
EvilTwinA script to perform Evil Twin Attack, by getting credentials using a Fake page and Fake Access Point.
FastsshPerforms multi-threaded scan and brute force attack against SSH protocol using the most commonly credentials.
Aircrack-ngAircrack- ng is a complete suite of tools to assess WiFi network security.
KismetKismet is a wireless network and device detector, sniffer, wardriving tool, and WIDS framework.

Hacking Mobile Platforms

RepositoryDescription
android-security-awesomeA collection of android security related resources.
KeydroidAndroid Keylogger + Reverse Shell.
MySMSScript that generates an Android App to hack SMS through WAN.
Lockphish (Grab target LOCK PIN)The first tool (05/13/2020) for phishing attacks on the lock screen.
DroidCam (Capture Image)Generates different phishing links of wishing or custom sites which can grab victim’s front camera pictures.
EvilApp (Hijack Session)Script to generate Android App that can hijack autenticated sessions in cookies.
HatCloud(Bypass CloudFlare for IP)It makes bypass in CloudFlare for discover the real IP.
Ghost(remotely access an Android device)Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device.

IoT Hacking 

RepositoryDescription
Vehicle SecurityA curated list about vehicle security, car hacking, and tinkering with the functionality of your car.

Cryptography 

RepositoryDescription
Awesome CryptographyA curated list of cryptography resources and links.
dCodeToolkit website for decryption, ciphertexts, solve riddles, treasure hunts, etc.

Capture The Flag (Beginner) 

RepositoryDescription
CTFTimeList of CTF events to participate.
WriteupsBest way to learn through writeups.
CTF101Introduction to CTFs and Useful tools.
GuideBeginner’s Guide to CTF Field.
PicoCTFBeginner friendly CTF to compete.
CryptoHackBest free platform for learning modern cryptography.
HackThisSitePractice and expand your hacking skills.
Cyber TalentsHands-on practical scenariosin different cyber security fields.
OverTheWirePractice security concepts in the form of fun-filled games.

OSINT (Open Source INTelligence)

RepositoryDescription
Awesome OSINTA curated list of amazingly awesome open source intelligence tools and resources.

Encryption

RepositoryDescription
LifeHackerGuide for Beginners to learn encryption.
Encryption For BusinessBusiness Guide to Encryption
USB EncryptionGuide to USB encryption.
Encryption ToolsHow to use Encryption Tools.
Cipher NewsletterNewsletter which will keep you updated.

ExploitDB

RepositoryDescription
Exploit Database WebsiteThe Exploit Database is a non-profit project that is provided as a public service by Offensive Security.
ExploitDB Usage ExamplesKali Linux exploitDB usage examples.
The Exploit Database Git RepositoryThis is an official repository of The Exploit Database, a project sponsored by Offensive Security.
Exploits & ShellcodesExploitDB shellcodes.
PapersExploitDB Papers.