Footprinting 🦶🏻 and Reconnaissance 🕵🏻♂️
| Repository | Description |
|---|---|
| Autopsy | Fast though an affordable incident response software. |
| Bulkextractor | Forensic investigation tool for many tasks such as malware and intrusion. |
| Media Acquistion | Visits that came from someone going to your site from organic search results. |
| Toolsley | No-hassle tools that are for verifying, hashing, generating and identifying multiple formats of data files. |
Scanning Networks 🔍
| Repository | Description |
|---|---|
| Nmap | A free and open source (license) utility for network discovery and security auditing. |
| Wireshark | The world’s foremost and widely-used network protocol analyzer. |
| TCPDUMP | A powerful command-line packet analyzer. |
Enumeration 📖
| Repository | Description |
|---|---|
| Network Map | Designed to rapidly scan large networks, but works fine against single hosts. |
| Dracnmap | Dracnmap is designed to perform fast scaning with the utilizing script engine of nmap. |
| Port scanning | Enables port scanning your entire network to determine which ports on your network are open and what services are running on them. |
| Xerosploit | A pentesting toolkit whose goal is to perform man in the middle attacks for testing purposes. |
| RED HAWK | |
| ReconSpider | Framework for scanning IP Address, Emails, Websites, Organizations. |
| Infoga - Email OSINT | A tool gathering email accounts informations from different public sources. |
| ReconDog | Main Features = Wizard + CLA interface, extracts targets from STDIN (piped input) and act upon them. |
| Striker | Recon & Vulnerability Scanning Suite. |
| SecretFinder | Written to discover sensitive data like apikeys, accesstoken, authorizations, jwt in |
| Zeebsploit | enumeration and information disclosure tool. |
| JavaScript files. | |
| Port Scanner | Converts an unordered list of ports on separate lines in a numerical order. |
| Breacher | A script to find admin login pages and EAR vulnerabilites. |
| Git-Secret | Go scripts for finding sensitive data like API key / some keywords in the github repository |
System Hacking 🧑🏼💻
| Repository | Description |
|---|---|
| Social Engineering ToolKit | An open-source penetration testing framework designed for social engineering. |
| SocialFish | A program designed to know social media stats and information related to an account. |
| HiddenEye | Multi-featured tool for human mistakes exploitation. |
| Evilginx2 | A man-in-the-middle attack framework used for phishing login credentials along with session cookies. |
| I-See_You | Tool to find the exact location of the users during social engineering or phishing engagements. |
| SayCheese | Take webcam shots from target just sending a malicious link. |
| QR Code Jacking | Port Forwarding using Ngrok or Serveo. |
| BlackPhish | Super lightweight with many features and blazing fast speeds. |
Payload Creation 📦
| Repository | Description |
|---|---|
| The FatRat | Provides An Easy way to create Backdoors and Payload which can bypass most anti-virus. |
| Brutal | Quickly create various powershell attack, virus attack and launch listener for a Human Interface Device. |
| MSFvenom Payload Creator | A wrapper to generate multiple types of payloads, based on users choice. |
| Venom Shellcode Generator | Built to take advantage of apache2 webserver to deliver payloads (LAN). |
| Mob-Droid | Generate metasploit payloads in easy way without typing long commands and save your time. |
| Enigma | Multiplatform payload dropper. |
Sniffing 🐶
| Repository | Description |
|---|---|
| OpenVAS | A full-featured vulnerability scanner. |
| Nikto | An Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items. |
| Wapiti | Audit the security of your websites or web applications. |
| Metasploit | Metasploit helps security teams do more than just verify vulnerabilities, manage security assessments. |
| Maltego | Graphical link analysis tool for gathering and connecting information for investigative tasks. |
| Canvas | Makes available hundreds of exploits, an automated exploitation system. |
| Sn1per | An automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. |
| Lazyrecon | Is intended to automate some tedious tasks of reconnaissance and information gathering. |
| Osmedeus | Run the collection of awesome tools to reconnaissance and vulnerability scanning against the target. |
| Reconness | Exploit the targets using one specific kind of vulnerability. |
| IronWASP | Used for web application vulnerability testing. |
Social Engineering 📱
| Repository | Description |
|---|---|
| Awesome Social Engineering | List of awesome social engineering resources. |
Denial Of Service 🛠
| Repository | Description |
|---|---|
| Asyncrone | Multifunction SYN Flood DDoS Weapon. |
| UFOnet | Cryptographic -disruptive toolkit- that allows to perform DoS and DDoS attacks. |
| GoldenEye | An HTTP DoS Test Tool. |
Session Hijacking 💽
| Repository | Description |
|---|---|
| Debinject | Inject malicious code into .debs |
| Pixload | Set of tools for hiding backdoors creating/injecting payload into images. |
Evading IDS, Firewalls and Honeypots 🐝
| Repository | Description |
|---|---|
| Bluetooth Honeypot | The system allows monitoring of attacks via a graphical user interface. |
| Kippo | SSH honeypot designed to log brute force attacks. |
| MushMush | The foundation is dedicated to the advancement and development of open source software. |
| Formidable Honeypot | Easy, non-instrusive SPAM protection. |
| Elastic Honey | A Simple Elasticsearch Honeypot. |
| Honey Thing | A honeypot for Internet of TR-069 routers/devices. |
Hacking Web Applications 🧑🏼💻
| Repository | Description |
|---|---|
| Awesome Web Hacking | A collection of tools used for SQL Injections and hacking websites. |
| WPScan | The WPScan WordPress Vulnerability Database is a database of WordPress vulnerabilities, plugin vulnerabilities and theme vulnerabilities |
| PayloadsAllTheThings | A list of useful payloads and bypass for Web Application Security and Pentest/CTF. |
| CS 253 Web Security | A comprehensive overview of web security. |
| Beginner Web Application Hacking(The Cyber Mentor) | A full web hacking course for beginners. |
SQL Injection 💉
| Repository | Description |
|---|---|
| Sqlmap tool | Automates the process of detecting and exploiting SQL injection flaws. |
| NoSqlMap | Audit for as well as automate injection attacks and exploit default configuration weaknesses in databases. |
| Damn Small SQLi Scanner | SQL injection vulnerability scanner written in under 100 lines of code. |
| Explo | A simple tool to describe web security issues in a human and machine readable format. |
| Blisqy | Blind SQL injection on HTTP Headers and also exploitation of the same vulnerability. |
| Leviathan | A mass audit toolkit which has wide range service discovery, brute force, etc. |
| SQLScan | Quick web scanner for find an sql inject point on a website. |
Hacking Wireless Networks 🕸
| Repository | Description |
|---|---|
| WiFi-Pumpkin | A powerful framework which allows and offers security researchers, to mount a wireless network to conduct MITM. |
| pixiewps | Used to bruteforce offline the WPS PIN exploiting the low or non-existing entropy of some software implementations |
| Bluetooth Honeypot GUI Framework. | Allows monitoring of attacks via a GUI that provides graphs, lists, a dashboard and further detailed analysis from log files. |
| Fluxion | It's a remake by Mr. SAGE with less bugs and more functionality. |
| Wifiphisher | A Framework for conducting red team engagements or Wi-Fi security testing. |
| Wifite | Designed to use all known methods for retrieving the password of a wireless access point (router). |
| EvilTwin | A script to perform Evil Twin Attack, by getting credentials using a Fake page and Fake Access Point. |
| Fastssh | Performs multi-threaded scan and brute force attack against SSH protocol using the most commonly credentials. |
| Aircrack-ng | Aircrack- ng is a complete suite of tools to assess WiFi network security. |
| Kismet | Kismet is a wireless network and device detector, sniffer, wardriving tool, and WIDS framework. |
Hacking Mobile Platforms 📱
| Repository | Description |
|---|---|
| android-security-awesome | A collection of android security related resources. |
| Keydroid | Android Keylogger + Reverse Shell. |
| MySMS | Script that generates an Android App to hack SMS through WAN. |
| Lockphish (Grab target LOCK PIN) | The first tool (05/13/2020) for phishing attacks on the lock screen. |
| DroidCam (Capture Image) | Generates different phishing links of wishing or custom sites which can grab victim's front camera pictures. |
| EvilApp (Hijack Session) | Script to generate Android App that can hijack autenticated sessions in cookies. |
| HatCloud(Bypass CloudFlare for IP) | It makes bypass in CloudFlare for discover the real IP. |
| Ghost(remotely access an Android device) | Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device. |
IoT Hacking 🤖
| Repository | Description |
|---|---|
| Vehicle Security | A curated list about vehicle security, car hacking, and tinkering with the functionality of your car. |
Cryptography 🔒
| Repository | Description |
|---|---|
| Awesome Cryptography | A curated list of cryptography resources and links. |
| dCode | Toolkit website for decryption, ciphertexts, solve riddles, treasure hunts, etc. |
Capture The Flag (Beginner) 🚩
| Repository | Description |
|---|---|
| CTFTime | List of CTF events to participate. |
| Writeups | Best way to learn through writeups. |
| CTF101 | Introduction to CTFs and Useful tools. |
| Guide | Beginner's Guide to CTF Field. |
| PicoCTF | Beginner friendly CTF to compete. |
| CryptoHack | Best free platform for learning modern cryptography. |
| HackThisSite | Practice and expand your hacking skills. |
| Cyber Talents | Hands-on practical scenariosin different cyber security fields. |
| OverTheWire | Practice security concepts in the form of fun-filled games. |
OSINT (Open Source INTelligence)
| Repository | Description |
|---|---|
| Awesome OSINT | A curated list of amazingly awesome open source intelligence tools and resources. |
Encryption 🔒
| Repository | Description |
|---|---|
| LifeHacker | Guide for Beginners to learn encryption. |
| Encryption For Business | Business Guide to Encryption |
| USB Encryption | Guide to USB encryption. |
| Encryption Tools | How to use Encryption Tools. |
| Cipher Newsletter | Newsletter which will keep you updated. |
ExploitDB
| Repository | Description |
|---|---|
| Exploit Database Website | The Exploit Database is a non-profit project that is provided as a public service by Offensive Security. |
| ExploitDB Usage Examples | Kali Linux exploitDB usage examples. |
| The Exploit Database Git Repository | This is an official repository of The Exploit Database, a project sponsored by Offensive Security. |
| Exploits & Shellcodes | ExploitDB shellcodes. |
| Papers | ExploitDB Papers. |