Footprinting π¦Άπ» and Reconnaissance π΅π»ββοΈ
| Repository |
Description |
| Autopsy |
Fast though an affordable incident response software. |
| Bulkextractor |
Forensic investigation tool for many tasks such as malware and intrusion. |
| Media Acquistion |
Visits that came from someone going to your site from organic search results. |
| Toolsley |
No-hassle tools that are for verifying, hashing, generating and identifying multiple formats of data files. |
Scanning Networks π
| Repository |
Description |
| Nmap |
A free and open source (license) utility for network discovery and security auditing. |
| Wireshark |
The worldβs foremost and widely-used network protocol analyzer. |
| TCPDUMP |
A powerful command-line packet analyzer. |
Enumeration π
| Repository |
Description |
| Network Map |
Designed to rapidly scan large networks, but works fine against single hosts. |
| Dracnmap |
Dracnmap is designed to perform fast scaning with the utilizing script engine of nmap. |
| Port scanning |
Enables port scanning your entire network to determine which ports on your network are open and what services are running on them. |
| Xerosploit |
A pentesting toolkit whose goal is to perform man in the middle attacks for testing purposes. |
| RED HAWK |
|
| ReconSpider |
Framework for scanning IP Address, Emails, Websites, Organizations. |
| Infoga - Email OSINT |
A tool gathering email accounts informations from different public sources. |
| ReconDog |
Main Features = Wizard + CLA interface, extracts targets from STDIN (piped input) and act upon them. |
| Striker |
Recon & Vulnerability Scanning Suite. |
| SecretFinder |
Written to discover sensitive data like apikeys, accesstoken, authorizations, jwt in JavaScript files. |
| Port Scanner |
Converts an unordered list of ports on separate lines in a numerical order. |
| Breacher |
A script to find admin login pages and EAR vulnerabilites. |
| Git-Secret |
Go scripts for finding sensitive data like API key / some keywords in the github repository |
System Hacking π§πΌβπ»
| Repository |
Description |
| Social Engineering ToolKit |
An open-source penetration testing framework designed for social engineering. |
| SocialFish |
A program designed to know social media stats and information related to an account. |
| HiddenEye |
Multi-featured tool for human mistakes exploitation. |
| Evilginx2 |
A man-in-the-middle attack framework used for phishing login credentials along with session cookies. |
| I-See_You |
Tool to find the exact location of the users during social engineering or phishing engagements. |
| SayCheese |
Take webcam shots from target just sending a malicious link. |
| QR Code Jacking |
Port Forwarding using Ngrok or Serveo. |
| BlackPhish |
Super lightweight with many features and blazing fast speeds. |
Payload Creation π¦
| Repository |
Description |
| The FatRat |
Provides An Easy way to create Backdoors and Payload which can bypass most anti-virus. |
| Brutal |
Quickly create various powershell attack, virus attack and launch listener for a Human Interface Device. |
| MSFvenom Payload Creator |
A wrapper to generate multiple types of payloads, based on users choice. |
| Venom Shellcode Generator |
Built to take advantage of apache2 webserver to deliver payloads (LAN). |
| Mob-Droid |
Generate metasploit payloads in easy way without typing long commands and save your time. |
| Enigma |
Multiplatform payload dropper. |
Sniffing πΆ
| Repository |
Description |
| OpenVAS |
A full-featured vulnerability scanner. |
| Nikto |
An Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items. |
| Wapiti |
Audit the security of your websites or web applications. |
| Metasploit |
Metasploit helps security teams do more than just verify vulnerabilities, manage security assessments. |
| Maltego |
Graphical link analysis tool for gathering and connecting information for investigative tasks. |
| Canvas |
Makes available hundreds of exploits, an automated exploitation system. |
| Sn1per |
An automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. |
| Lazyrecon |
Is intended to automate some tedious tasks of reconnaissance and information gathering. |
| Osmedeus |
Run the collection of awesome tools to reconnaissance and vulnerability scanning against the target. |
| Reconness |
Exploit the targets using one specific kind of vulnerability. |
| IronWASP |
Used for web application vulnerability testing. |
Social Engineering π±
Denial Of Service π
| Repository |
Description |
| Asyncrone |
Multifunction SYN Flood DDoS Weapon. |
| UFOnet |
Cryptographic -disruptive toolkit- that allows to perform DoS and DDoS attacks. |
| GoldenEye |
An HTTP DoS Test Tool. |
Session Hijacking π½
| Repository |
Description |
| Debinject |
Inject malicious code into .debs |
| Pixload |
Set of tools for hiding backdoors creating/injecting payload into images. |
Evading IDS, Firewalls and Honeypots π
| Repository |
Description |
| Bluetooth Honeypot |
The system allows monitoring of attacks via a graphical user interface. |
| Kippo |
SSH honeypot designed to log brute force attacks. |
| MushMush |
The foundation is dedicated to the advancement and development of open source software. |
| Formidable Honeypot |
Easy, non-instrusive SPAM protection. |
| Elastic Honey |
A Simple Elasticsearch Honeypot. |
| Honey Thing |
A honeypot for Internet of TR-069 routers/devices. |
Hacking Web Applications π§πΌβπ»
SQL Injection π
| Repository |
Description |
| Sqlmap tool |
Automates the process of detecting and exploiting SQL injection flaws. |
| NoSqlMap |
Audit for as well as automate injection attacks and exploit default configuration weaknesses in databases. |
| Damn Small SQLi Scanner |
SQL injection vulnerability scanner written in under 100 lines of code. |
| Explo |
A simple tool to describe web security issues in a human and machine readable format. |
| Blisqy |
Blind SQL injection on HTTP Headers and also exploitation of the same vulnerability. |
| Leviathan |
A mass audit toolkit which has wide range service discovery, brute force, etc. |
| SQLScan |
Quick web scanner for find an sql inject point on a website. |
Hacking Wireless Networks πΈ
| Repository |
Description |
| WiFi-Pumpkin |
A powerful framework which allows and offers security researchers, to mount a wireless network to conduct MITM. |
| pixiewps |
Used to bruteforce offline the WPS PIN exploiting the low or non-existing entropy of some software implementations |
| Bluetooth Honeypot GUI Framework. |
Allows monitoring of attacks via a GUI that provides graphs, lists, a dashboard and further detailed analysis from log files. |
| Fluxion |
It's a remake by Mr. SAGE with less bugs and more functionality. |
| Wifiphisher |
A Framework for conducting red team engagements or Wi-Fi security testing. |
| Wifite |
Designed to use all known methods for retrieving the password of a wireless access point (router). |
| EvilTwin |
A script to perform Evil Twin Attack, by getting credentials using a Fake page and Fake Access Point. |
| Fastssh |
Performs multi-threaded scan and brute force attack against SSH protocol using the most commonly credentials. |
| Aircrack-ng |
Aircrack- ng is a complete suite of tools to assess WiFi network security. |
| Kismet |
Kismet is a wireless network and device detector, sniffer, wardriving tool, and WIDS framework. |
Hacking Mobile Platforms π±
IoT Hacking π€
| Repository |
Description |
| Vehicle Security |
A curated list about vehicle security, car hacking, and tinkering with the functionality of your car. |
Cryptography π
| Repository |
Description |
| Awesome Cryptography |
A curated list of cryptography resources and links. |
| dCode |
Toolkit website for decryption, ciphertexts, solve riddles, treasure hunts, etc. |
Capture The Flag (Beginner) π©
| Repository |
Description |
| CTFTime |
List of CTF events to participate. |
| Writeups |
Best way to learn through writeups. |
| CTF101 |
Introduction to CTFs and Useful tools. |
| Guide |
Beginner's Guide to CTF Field. |
| PicoCTF |
Beginner friendly CTF to compete. |
| CryptoHack |
Best free platform for learning modern cryptography. |
| HackThisSite |
Practice and expand your hacking skills. |
| Cyber Talents |
Hands-on practical scenariosin different cyber security fields. |
| OverTheWire |
Practice security concepts in the form of fun-filled games. |
OSINT (Open Source INTelligence)
| Repository |
Description |
| Awesome OSINT |
A curated list of amazingly awesome open source intelligence tools and resources. |
Encryption π
ExploitDB
Awesome-CyberSec-Resources copied to clipboard
theepiccode
theepiccode