Convert Figma logo to code with AI

carpedm20 logoawesome-hacking

A curated list of awesome Hacking tutorials, tools and resources

12,798
1,534
12,798
26
View on GitHub

Top Related Projects

vitalysim's avatar

Awesome-Hacking-Resources

15,126

A collection of hacking / penetration testing resources to make you better!

Hack-with-Github's avatar

Awesome-Hacking

82,548

A collection of various awesome lists for hackers, pentesters and security researchers

sbilly's avatar

awesome-security

12,192

A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.

enaqx's avatar

awesome-pentest

21,358

A collection of awesome penetration testing resources, tools and other shiny things

qazbnm456's avatar

awesome-web-security

11,253

🐶 A curated list of Web Security materials and resources.

infoslack's avatar

awesome-web-hacking

5,721

A list of web application security

Quick Overview

The carpedm20/awesome-hacking repository is a curated list of hacking tools, resources, and references. It serves as a comprehensive collection of information for cybersecurity professionals, ethical hackers, and enthusiasts. The repository covers various aspects of hacking, including penetration testing, vulnerability assessment, and security research.

Pros

  • Extensive collection of resources covering multiple areas of hacking and cybersecurity
  • Regularly updated with new tools and information
  • Well-organized structure, making it easy to find specific topics or resources
  • Community-driven project with contributions from various experts in the field

Cons

  • May overwhelm beginners due to the vast amount of information
  • Some listed tools or resources may become outdated over time
  • Lacks detailed explanations or tutorials for using the listed tools
  • Potential for misuse if the information falls into the wrong hands

Note: As this is not a code library, the code example and quick start sections have been omitted.

Competitor Comparisons

vitalysim logo

Awesome-Hacking-Resources

15,126

A collection of hacking / penetration testing resources to make you better!

Pros of Awesome-Hacking-Resources

  • More comprehensive and detailed categorization of resources
  • Includes a wider range of topics, such as reverse engineering and social engineering
  • Regularly updated with new content and resources

Cons of Awesome-Hacking-Resources

  • Less focused on specific tools and more on general resources
  • May be overwhelming for beginners due to the sheer volume of information
  • Lacks a clear rating system for the quality of resources

Code Comparison

While both repositories are primarily curated lists of resources, they don't contain significant code samples. However, here's a comparison of their README structures:

Awesome-Hacking:

# Awesome Hacking

- [Awesome Hacking](#awesome-hacking)
    - [System](#system)
    - [Reverse Engineering](#reverse-engineering)
    - [Web](#web)
    - [Network](#network)

Awesome-Hacking-Resources:

# Awesome Hacking Resources

## Table of Contents
 * [Learning the Skills](#learning-the-skills)
 * [Tools](#tools)
 * [Conferences and Events](#conferences-and-events)
 * [Information Security Magazines](#information-security-magazines)

Both repositories use a similar structure for organizing their content, but Awesome-Hacking-Resources provides a more detailed table of contents and categorization.

Hack-with-Github logo

Awesome-Hacking

82,548

A collection of various awesome lists for hackers, pentesters and security researchers

Pros of Awesome-Hacking

  • More comprehensive and regularly updated with a wider range of hacking resources
  • Better organized with clear categories and subcategories
  • Includes a dedicated section for CTF resources and tools

Cons of Awesome-Hacking

  • May be overwhelming for beginners due to the sheer volume of information
  • Less focus on specific programming languages used in hacking

Code Comparison

While both repositories are primarily curated lists of resources, they don't contain significant code samples. However, here's a comparison of their README structures:

Awesome-Hacking:

# Awesome Hacking

A collection of awesome lists for hackers, pentesters & security researchers.

## Table of Contents

- [Awesome Hacking](#awesome-hacking)
    - [CTF Tools](#ctf-tools)
    - [Reverse Engineering](#reverse-engineering)
    - [Web Hacking](#web-hacking)
    ...

awesome-hacking:

# Awesome Hacking [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)

A curated list of awesome Hacking tutorials, tools and resources.

- [Awesome Hacking](#awesome-hacking)
    - [System](#system)
    - [Reverse Engineering](#reverse-engineering)
    - [Web](#web)
    ...

Both repositories follow a similar structure, but Awesome-Hacking has a more detailed and organized table of contents.

sbilly logo

awesome-security

12,192

A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.

Pros of awesome-security

  • More comprehensive coverage of security topics, including network security, web security, and cryptography
  • Better organization with clear categorization of resources
  • More frequent updates and contributions from the community

Cons of awesome-security

  • Less focus on offensive security techniques compared to awesome-hacking
  • May be overwhelming for beginners due to the extensive list of resources

Code comparison

While both repositories are curated lists and don't contain actual code, they differ in their structure and organization. Here's a comparison of their README.md files:

awesome-security:

# awesome-security

- [Network](#network)
  - [Scanning / Pentesting](#scanning--pentesting)
  - [Monitoring / Logging](#monitoring--logging)
- [Web](#web)
  - [Web Security](#web-security)

awesome-hacking:

# Awesome Hacking

- [System](#system)
- [Reverse Engineering](#reverse-engineering)
- [Web](#web)
- [Network](#network)

The awesome-security repository has a more detailed and hierarchical structure, while awesome-hacking uses a flatter organization.

enaqx logo

awesome-pentest

21,358

A collection of awesome penetration testing resources, tools and other shiny things

Pros of awesome-pentest

  • More comprehensive and regularly updated with a wider range of penetration testing tools and resources
  • Better organized into clear categories, making it easier to find specific tools or information
  • Includes more detailed descriptions for many of the listed resources

Cons of awesome-pentest

  • May be overwhelming for beginners due to the sheer volume of information
  • Lacks some of the more general hacking resources found in awesome-hacking

Code comparison

While both repositories are primarily curated lists of resources rather than code repositories, they do contain some markdown formatting. Here's a brief comparison of their list structures:

awesome-pentest:

- [Category Name](#category-name)
  - [Subcategory Name](#subcategory-name)
    - [Tool Name](https://toollink.com) - Brief description of the tool.

awesome-hacking:

## Category Name
* [Tool Name](https://toollink.com)
* [Resource Name](https://resourcelink.com)

The awesome-pentest repository uses a more structured approach with nested categories and includes brief descriptions, while awesome-hacking opts for a simpler, flatter structure without descriptions.

qazbnm456 logo

awesome-web-security

11,253

🐶 A curated list of Web Security materials and resources.

Pros of awesome-web-security

  • More focused and specialized content specifically for web security
  • Regularly updated with recent contributions
  • Well-organized structure with clear categories and subcategories

Cons of awesome-web-security

  • Limited scope compared to the broader hacking topics covered in awesome-hacking
  • Fewer resources for general cybersecurity and non-web-related hacking techniques
  • May lack some advanced or niche topics found in the more comprehensive awesome-hacking list

Code comparison

While both repositories are curated lists and don't contain significant code, they do use markdown formatting. Here's a brief comparison of their README.md structures:

awesome-web-security:

# Awesome Web Security [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)

A curated list of Web Security materials and resources.

Needless to say, most of the resources listed here are for educational purposes only.

[...]

awesome-hacking:

# Awesome Hacking [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)

A curated list of awesome Hacking tutorials, tools and resources. Inspired by [awesome-machine-learning](https://github.com/josephmisiti/awesome-machine-learning/)

[...]

Both use similar formatting for their titles and descriptions, with awesome-hacking explicitly mentioning its inspiration.

infoslack logo

awesome-web-hacking

5,721

A list of web application security

Pros of awesome-web-hacking

  • More focused and specialized content specifically for web hacking
  • Better organized structure with clear categories for different aspects of web hacking
  • Includes sections on bug bounty programs and CTF resources

Cons of awesome-web-hacking

  • Less comprehensive overall, with fewer resources compared to awesome-hacking
  • Limited coverage of non-web-related hacking topics
  • May not be as frequently updated as awesome-hacking

Code comparison

While both repositories are primarily curated lists of resources rather than containing actual code, they do have some structural differences in their README files:

awesome-web-hacking:

## Tools
- [Burp Suite](https://portswigger.net/burp/) - An integrated platform for performing security testing of web applications.
- [OWASP ZAP](https://www.zaproxy.org/) - The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

awesome-hacking:

### Network
* [Wireshark](https://www.wireshark.org/) - A free and open-source packet analyzer.
* [NetworkMiner](http://www.netresec.com/?page=NetworkMiner) - A Network Forensic Analysis Tool (NFAT).

Both repositories use similar Markdown formatting for their lists, but awesome-web-hacking tends to provide more detailed descriptions for each tool or resource listed.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

Awesome Hacking -An Amazing Project Awesome

A curated list of awesome Hacking. Inspired by awesome-machine-learning

If you want to contribute to this list (please do), send me a pull request!

For a list of free hacking books available for download, go here

Table of Contents

System

Tutorials

Tools

  • Metasploit A computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.
  • mimikatz - A little tool to play with Windows security
  • Hackers tools - Tutorial on tools.

Docker Images for Penetration Testing & Security

General

Reverse Engineering

Tutorials

Tools

Disassemblers and debuggers

  • IDA - IDA is a Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger
  • OllyDbg - A 32-bit assembler level analysing debugger for Windows
  • x64dbg - An open-source x64/x32 debugger for Windows
  • radare2 - A portable reversing framework
  • plasma - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
  • ScratchABit - Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API
  • Capstone
  • Ghidra - A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission

Decompilers

  • JVM-based languages

  • Krakatau - the best decompiler I have used. Is able to decompile apps written in Scala and Kotlin into Java code. JD-GUI and Luyten have failed to do it fully.

  • JD-GUI

  • procyon

    • Luyten - one of the best, though a bit slow, hangs on some binaries and not very well maintained.

  • JAD - JAD Java Decompiler (closed-source, unmaintained)

  • JADX - a decompiler for Android apps. Not related to JAD.

  • .net-based languages

    • dotPeek - a free-of-charge .NET decompiler from JetBrains
    • ILSpy - an open-source .NET assembly browser and decompiler
    • dnSpy - .NET assembly editor, decompiler, and debugger

  • native code

  • Python

    • uncompyle6 - decompiler for the over 20 releases and 20 years of CPython.

Deobfuscators

  • de4dot - .NET deobfuscator and unpacker.
  • JS Beautifier
  • JS Nice - a web service guessing JS variables names and types based on the model derived from open source.

Other

  • nudge4j - Java tool to let the browser talk to the JVM
  • dex2jar - Tools to work with Android .dex and Java .class files
  • androguard - Reverse engineering, malware and goodware analysis of Android applications
  • antinet - .NET anti-managed debugger and anti-profiler code
  • UPX - the Ultimate Packer (and unpacker) for eXecutables

Execution logging and tracing

  • Wireshark - A free and open-source packet analyzer
  • tcpdump - A powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture
  • mitmproxy - An interactive, SSL-capable man-in-the-middle proxy for HTTP with a console interface
  • Charles Proxy - A cross-platform GUI web debugging proxy to view intercepted HTTP and HTTPS/SSL live traffic
  • usbmon - USB capture for Linux.
  • USBPcap - USB capture for Windows.
  • dynStruct - structures recovery via dynamic instrumentation.
  • drltrace - shared library calls tracing.

Binary files examination and editing

Hex editors

  • HxD - A hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size
  • WinHex - A hexadecimal editor, helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security
  • wxHexEditor
  • Synalize It/Hexinator -

Other

  • Binwalk - Detects signatures, unpacks archives, visualizes entropy.
  • Veles - a visualizer for statistical properties of blobs.
  • Kaitai Struct - a DSL for creating parsers in a variety of programming languages. The Web IDE is particularly useful for reverse-engineering.
  • Protobuf inspector
  • DarunGrim - executable differ.
  • DBeaver - a DB editor.
  • Dependencies - a FOSS replacement to Dependency Walker.
  • PEview - A quick and easy way to view the structure and content of 32-bit Portable Executable (PE) and Component Object File Format (COFF) files
  • BinText - A small, very fast and powerful text extractor that will be of particular interest to programmers.

General

Web

Tools

  • Spyse - Data gathering service that collects web info using OSINT. Provided info: IPv4 hosts, domains/whois, ports/banners/protocols, technologies, OS, AS, maintains huge SSL/TLS DB, and more... All the data is stored in its own database allowing get the data without scanning.
  • sqlmap - Automatic SQL injection and database takeover tool
  • NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.
  • tools.web-max.ca - base64 base85 md4,5 hash, sha1 hash encoding/decoding
  • VHostScan - A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
  • SubFinder - SubFinder is a subdomain discovery tool that discovers valid subdomains for any target using passive online sources.
  • Findsubdomains - A subdomains discovery tool that collects all possible subdomains from open source internet and validates them through various tools to provide accurate results.
  • badtouch - Scriptable network authentication cracker
  • PhpSploit - Full-featured C2 framework which silently persists on webserver via evil PHP oneliner
  • Git-Scanner - A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public
  • CSP Scanner - Analyze a site's Content-Security-Policy (CSP) to find bypasses and missing directives.
  • Shodan - A web-crawling search engine that lets users search for various types of servers connected to the internet.
  • masscan - Internet scale portscanner.
  • Keyscope - an extensible key and secret validation tool for auditing active secrets against multiple SaaS vendors
  • Decompiler.com - Java, Android, Python, C# online decompiler.

General

  • Strong node.js - An exhaustive checklist to assist in the source code security analysis of a node.js web service.

Network

Tools

  • NetworkMiner - A Network Forensic Analysis Tool (NFAT)
  • Paros - A Java-based HTTP/HTTPS proxy for assessing web application vulnerability
  • pig - A Linux packet crafting tool
  • findsubdomains - really fast subdomains scanning service that has much greater opportunities than simple subs finder(works using OSINT).
  • cirt-fuzzer - A simple TCP/UDP protocol fuzzer.
  • ASlookup - a useful tool for exploring autonomous systems and all related info (CIDR, ASN, Org...)
  • ZAP - The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications
  • mitmsocks4j - Man-in-the-middle SOCKS Proxy for Java
  • ssh-mitm - An SSH/SFTP man-in-the-middle tool that logs interactive sessions and passwords.
  • nmap - Nmap (Network Mapper) is a security scanner
  • Aircrack-ng - An 802.11 WEP and WPA-PSK keys cracking program
  • Nipe - A script to make Tor Network your default gateway.
  • Habu - Python Network Hacking Toolkit
  • Wifi Jammer - Free program to jam all wifi clients in range
  • Firesheep - Free program for HTTP session hijacking attacks.
  • Scapy - A Python tool and library for low level packet creation and manipulation
  • Amass - In-depth subdomain enumeration tool that performs scraping, recursive brute forcing, crawling of web archives, name altering and reverse DNS sweeping
  • sniffglue - Secure multithreaded packet sniffer
  • Netz - Discover internet-wide misconfigurations, using zgrab2 and others.
  • RustScan - Extremely fast port scanner built with Rust, designed to scan all ports in a couple of seconds and utilizes nmap to perform port enumeration in a fraction of the time.
  • PETEP - Extensible TCP/UDP proxy with GUI for traffic analysis & modification with SSL/TLS support.

Forensic

Tools

  • Autopsy - A digital forensics platform and graphical interface to The Sleuth Kit and other digital forensics tools
  • sleuthkit - A library and collection of command-line digital forensics tools
  • EnCase - The shared technology within a suite of digital investigations products by Guidance Software
  • malzilla - Malware hunting tool
  • IPED - Indexador e Processador de Evidências Digitais - Brazilian Federal Police Tool for Forensic Investigation
  • CyLR - NTFS forensic image collector
  • CAINE- CAINE is a Ubuntu-based app that offers a complete forensic environment that provides a graphical interface. This tool can be integrated into existing software tools as a module. It automatically extracts a timeline from RAM.

Cryptography

Tools

  • xortool - A tool to analyze multi-byte XOR cipher
  • John the Ripper - A fast password cracker
  • Aircrack - Aircrack is 802.11 WEP and WPA-PSK keys cracking program.
  • Ciphey - Automated decryption tool using artificial intelligence & natural language processing.

Wargame

System

Reverse Engineering

  • Reversing.kr - This site tests your ability to Cracking & Reverse Code Engineering
  • CodeEngn - (Korean)
  • simples.kr - (Korean)
  • Crackmes.de - The world first and largest community website for crackmes and reversemes.

Web

  • Hack This Site! - a free, safe and legal training ground for hackers to test and expand their hacking skills
  • Hack The Box - a free site to perform pentesting in a variety of different systems.
  • Webhacking.kr
  • 0xf.at - a website without logins or ads where you can solve password-riddles (so called hackits).
  • fuzzy.land - Website by an Austrian group. Lots of challenges taken from CTFs they participated in.
  • Gruyere
  • Others
  • TryHackMe - Hands-on cyber security training through real-world scenarios.

Cryptography

Bug bounty

Bug bounty - Earn Some Money

CTF

Competition

General

OS

Online resources

Post exploitation

tools

  • empire - A post exploitation framework for powershell and python.
  • silenttrinity - A post exploitation tool that uses iron python to get past powershell restrictions.
  • PowerSploit - A PowerShell post exploitation framework
  • ebowla - Framework for Making Environmental Keyed Payloads

ETC

  • SecTools - Top 125 Network Security Tools
  • Roppers Security Fundamentals - Free course that teaches a beginner how security works in the real world. Learn security theory and execute defensive measures so that you are better prepared against threats online and in the physical world. Full text available as a gitbook.
  • Roppers Practical Networking - A hands-on, wildly practical introduction to networking and making packets dance. No wasted time, no memorizing, just learning the fundamentals.
  • Rawsec's CyberSecurity Inventory - An open-source inventory of tools, resources, CTF platforms and Operating Systems about CyberSecurity. (Source)
  • The Cyberclopaedia - The open-source encyclopedia of cybersecurity. GitHub Repository