“The truth is revealed by removing things that stand in its light, an art not unlike sculpture, in which the artist creates, not by building, but by hacking away.” - Alan Watts

Welcome to the Hacking section of Liberty tools! Hacking should be used to increase your knowledge and harden your defenses. Please use these tools responsibly.

Anonymity #

• BinGoo - GNU/Linux bash based Bing and Google Dorking Tool.

• Censys - Collects data on hosts and websites through daily ZMap and ZGrab scans.

• creepy - Geolocation OSINT tool.

• dork-cli - Command line Google dork tool.

• Fast-recon - Perform Google dorks against a domain.

• GooDork - Command line Google dorking tool.

• Google Hacking Database - Database of Google dorks; can be used for recon.

• Google-dorks - Common Google dorks and others you probably don’t know.

• I2P - The Invisible Internet Project.

• Maltego - One of the Hacking Tools and Proprietary software for open source intelligence and forensics, from Paterva.

• metagoofil - Metadata harvester.

• Nipe - Script to redirect all traffic from the machine to the Tor network.

• OnionScan - One of the Hacking Tools for investigating the Dark Web by finding operational security issues introduced by Tor hidden service operators.

• recon-ng - One of the Hacking Tools Full-featured Web Reconnaissance framework written in Python.

• snitch - Information gathering via dorks.

• Spiderfoot - Multi-source OSINT automation tool with a Web UI and report visualizations.

• theHarvester - E-mail, subdomain and people names harvester.

• Tor - Free software and onion routed overlay network that helps you defend against traffic analysis.

• Virus Total - VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.

• What Every Browser Knows About You - Comprehensive detection page to test your own Web browser’s configuration for privacy and identity leaks.

• ZoomEye - Search engine for cyberspace that lets the user find specific network components.

Bug Bounty Platforms #

• Bugcrowd List - List of many companies that provide bug bounties.

CTF(Capture the flag) #

• Ctf-tools - Collection of setup scripts to install various security research tools easily and quickly deployable to new machines.

• Pwntools - Rapid exploit development framework built for use in CTFs.

• RsaCtfTool - Decrypt data enciphered using weak RSA keys, and recover private keys from public keys using a variety of automated attacks.

DDoS #

• HOIC - Updated version of Low Orbit Ion Cannon, has ‘boosters’ to get around common counter measures.

• JS LOIC - JavaScript in-browser version of LOIC.

• LOIC - Open source network stress tool for Windows.

• SlowLoris - DoS tool that uses low bandwidth on the attacking side.

• T50 - Faster network stress tool.

• UFONet - Abuses OSI layer 7 HTTP to create/manage ‘zombies’ and to conduct different attacks using; GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.

Defense Evasion #

• AntiVirus Evasion Tool (AVET) - Post-process exploits containing executable files targeted for Windows machines to avoid being recognized by antivirus software.

• Hyperion - Runtime encryptor for 32-bit portable executables (“PE .exes”).

• PeCloak.py - Automates the process of hiding a malicious Windows executable from antivirus (AV) detection.

• PeCloakCapstone - Multi-platform fork of the peCloak.py automated malware antivirus evasion tool.

• UniByAv - Simple obfuscator that takes raw shellcode and generates Anti-Virus friendly executables by using a brute-forcable, 32-bit XOR key.

• Veil - Generate metasploit payloads that bypass common anti-virus solutions.

Defcon Suggested Reading #

• Defcon Suggested Reading

Email Spoofing #

• SpoofBox - Offers email, SMS, Phone spoofing and lots of other tools. Not a free service. Can also be used to look up phone numbers.

Exploit Development #

• Exploit Writing Tutorials - Tutorials on how to develop exploits.

• Shellcode Examples - Shellcodes database.

• Shellcode Tutorial - Tutorial on how to write shellcode.

File Format Analysis #

• Hachoir - Python library to view and edit a binary stream as tree of fields and tools for metadata extraction.

• Kaitai Struct - File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby.

• Veles - Binary data visualization and analysis tool.

Forensics #

• Autopsy - Full suite of open source forensics tools.

• CAINE - CAINE is Linux Live CD that contains a wealth of digital forensic tools. Features include a user-friendly GUI, semi-automated report creation and tools for Mobile Forensics, Network Forensics, Data Recovery and more.

• FTK Imager - Open Source Disk imaging tool.

• Paladin Forensic Suite - Live Ubuntu distro with lots of tools. Open source with free and paid versions.

• SIFT Workstation - The SIFT Workstation is a collection of free and open-source incident response and forensic tools designed to perform detailed digital forensic examinations in a variety of settings, all built inside an Ubuntu VM.

• SMART - Open source sampling of many proprietary forensics tools.

GNU/Linux Utilities #

• Linux Exploit Suggester - Heuristic reporting on potentially viable exploits for a given GNU/Linux system.

Hacking Focused OSINT #

• AQUATONE - Subdomain discovery tool utilizing various open sources producing a report that can be used as input to other tools.

• BinGoo - GNU/Linux bash based Bing and Google Dorking Tool.

• Censys - Collects data on hosts and websites through daily ZMap and ZGrab scans.

• creepy - Geolocation OSINT tool.

• DataSploit - OSINT visualizer utilizing Shodan, Censys, Clearbit, EmailHunter, FullContact, and Zoomeye behind the scenes.

• dork-cli - Command line Google dork tool.

• Fast-recon - Perform Google dorks against a domain.

• GooDork - Command line Google dorking tool.

• Google Hacking Database - Database of Google dorks; can be used for recon.

• Google-dorks - Common Google dorks and others you probably don’t know.

• github-dorks - CLI tool to scan Github repos/organizations for potential sensitive information leak.

• Intrigue - Automated OSINT & Attack Surface discovery framework with powerful API, UI and CLI.

• Maltego - One of the Hacking Tools and Proprietary software for open source intelligence and forensics, from Paterva.

• metagoofil - Metadata harvester.

• recon-ng - One of the Hacking Tools Full-featured Web Reconnaissance framework written in Python.

• Shodan - World’s first search engine for Internet-connected devices.

• snitch - Information gathering via dorks.

• Sn1per - One of the Hacking Tools for Automated Pentest Recon Scanner.

• Spiderfoot - Multi-source OSINT automation tool with a Web UI and report visualizations.

• Threat Crowd - Search engine for threats.

• theHarvester - E-mail, subdomain and people names harvester.

• vcsmap - Plugin-based tool to scan public version control systems for sensitive information.

• Virus Total - VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.

• What Every Browser Knows About You - Comprehensive detection page to test your own Web browser’s configuration for privacy and identity leaks.

• ZoomEye - Search engine for cyberspace that lets the user find specific network components.

Hacking Conventions #

• 44Con - Annual Security Conference held in London.

• AppSecUSA - Annual conference organized by OWASP.

• BalCCon - Balkan Computer Congress, annually held in Novi Sad, Serbia.

• Black Hat - Annual security conference in Las Vegas.

• BruCON - Annual security conference in Belgium.

• CarolinaCon - Infosec conference, held annually in North Carolina.

• CCC - Annual meeting of the international hacker scene in Germany.

• CHCon - Christchurch Hacker Con, Only South Island of New Zealand hacker con.

• DeepSec - Security Conference in Vienna, Austria.

• DefCamp - Largest Security Conference in Eastern Europe, held annually in Bucharest, Romania.

• DEF CON - Annual hacker convention in Las Vegas. Known for having a left wing bias.

• Ekoparty - Largest Security Conference in Latin America, held annually in Buenos Aires, Argentina.

• FSec - FSec - Croatian Information Security Gathering in Varaždin, Croatia.

• Hack3rCon - Annual US hacker conference.

• Hack.lu - Annual conference held in Luxembourg.

• Hackfest - Largest hacking conference in Canada.

• HITB - Deep-knowledge security conference held in Malaysia and The Netherlands.

• Hacking In The Box - Deep-knowledge security conference held in Malaysia and The Netherlands.

• Infosecurity Europe - Europe’s number one information security event, held in London, UK.

• LayerOne - Annual US security conference held every spring in Los Angeles.

• Nullcon - Annual conference in Delhi and Goa, India.

• PhreakNIC - Technology conference held annually in middle Tennessee.

• RSA Conference USA - Annual security conference in San Francisco, California, USA.

• ShmooCon - Annual US East coast hacker convention.

• SkyDogCon - Technology conference in Nashville.

• SummerCon - One of the oldest hacker conventions, held during Summer.

• Swiss Cyber Storm - Annual security conference in Lucerne, Switzerland.

• ThotCon - Annual US hacker conference held in Chicago.

• Troopers - Annual international IT Security event with workshops held in Heidelberg, Germany.

• Virus Bulletin Conference - Annual conference going to be held in Denver, USA for 2016.

Hash Cracking #

• BruteForce Wallet - Find the password of an encrypted wallet file (i.e. wallet.dat).

• CeWL - Generates custom wordlists by spidering a target’s website and collecting unique words.

• Hashcat - Another One of the Hacking Tools The more fast hash cracker.

• John the Ripper - One of the best Hacking Tools for Fast password cracker.

• JWT Cracker - Simple HS256 JWT token brute force cracker.

• Rar Crack - RAR bruteforce cracker.

Hex Editors #

• 0xED – Native macOS hex editor that supports plug-ins to display custom data types.

• Frhed – Binary file editor for Windows.

• HexEdit.js – Browser-based hex editing.

• Hexinator – World’s finest (proprietary, commercial) Hex Editor.

Information Security Magazines #

• 2600: The Hacker Quarterly – American publication about technology and computer “underground.”

• Phrack Magazine – By far the longest running hacker zine.

• Unredacted Magazine - The official magazine from Michael Bazzell author of Extreme Privacy.

Lock Picking Resources #

• Awesome Lockpicking – Awesome guides, tools, and other resources about the security and compromise of locks, safes, and keys.

• Bosnianbill – More lockpicking videos.

• Schuyler Towne channel – Lockpicking videos and security talks.

• /r/lockpicking – Resources for learning lockpicking, equipment recommendations.

macOS Utilities #

• Bella – Pure Python post-exploitation data mining and remote administration tool for macOS.

Multi-paradigm Frameworks #

• Armitage – Java-based GUI front-end for the Metasploit Framework.

• ExploitPack – Graphical tool for automating penetration tests that ships with many pre-packaged exploits.

• Faraday – Multiuser integrated pentesting environment for red teams performing cooperative penetration tests, security audits, and risk assessments.

• Metasploit – Post exploitation Hacking Tools for offensive security teams to help verify vulnerabilities and manage security assessments.

• Pupy – Cross-platform (Windows, Linux, macOS, Android) remote administration and post-exploitation tool.

Network Tools #

• BetterCAP – Modular, portable and easily extensible MITM framework.

• CloudFail – Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS.

• CrackMapExec – A swiss army knife for pentesting networks.

• Debookee – Simple and powerful network traffic analyzer for macOS.

• DET – Proof of concept to perform data exfiltration using either single or multiple channel(s) at the same time.

• Dgcd – Simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls.

• Dnsmap – One of the Hacking Tools for Passive DNS network mapper.

• Dnsrecon – One of the Hacking Tools for DNS enumeration script.

• Dnschef – Highly configurable DNS proxy for pentesters.

• Dnsenum – Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results.

• Dnstracer – Determines where a given DNS server gets its information from, and follows the chain of DNS servers.

• DNSDumpster – One of the Hacking Tools for Online DNS recon and search service.

• Dshell – Network forensic analysis framework.

• Dsniff – Collection of tools for network auditing and pentesting.

• Dripcap – Caffeinated packet analyzer.

• Evilgrade – Modular framework to take advantage of poor upgrade implementations by injecting fake updates.

• Ettercap – Comprehensive, mature suite for machine-in-the-middle attacks.

• Impacket – A collection of Python classes for working with network protocols.

• Intercepter-NG – Multifunctional network toolkit.

• Mass Scan – Best Hacking Tools for TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

• Mallory – HTTP/HTTPS proxy over SSH.

• Mitmproxy – Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

• Morpheus – Automated ettercap TCP/IP Hacking Tools.

• Netsniff-ng – Swiss army knife for network sniffing.

• Network-Tools.com – Website offering an interface to numerous basic network utilities like ping, traceroute, whois, and more.

• Nmap – Free security scanner for network exploration & security audits.

• Passivedns – Network sniffer that logs all DNS server replies for use in a passive DNS setup.

• Passivedns-client – Library and query tool for querying several passive DNS providers.

• Pig – One of the Hacking Tools for GNU/Linux packet crafting.

• Pwnat – Punches holes in firewalls and NATs.

• Praeda – Automated multi-function printer data harvester for gathering usable data during security assessments.

• Printer Exploitation Toolkit (PRET) – Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features.

• Routersploit – Open source exploitation framework similar to Metasploit but dedicated to embedded devices.

• Scanless – Utility for using websites to perform port scans on your behalf so as not to reveal your own IP.

• Scapy – Python-based interactive packet manipulation program & library.

• SPARTA – Graphical interface offering scriptable, configurable access to existing network infrastructure scanning and enumeration tools.

• SSH MITM – Intercept SSH connections with a proxy; all plaintext passwords and sessions are logged to disk.

• Tcpdump/libpcap – Common packet analyzer that runs under the command line.

• Wireshark – Widely-used graphical, cross-platform network protocol analyzer.

• XRay – Network (sub)domain discovery and reconnaissance automation tool.

• Zarp – Network attack tool centered around the exploitation of local networks.

• Zmap – Open source network scanner that enables researchers to easily perform Internet-wide network studies.

Operating Systems #

• Best Linux Penetration Testing Distributions @ CyberPunk – Description of main penetration testing distributions.

• Cuckoo – Open source automated malware analysis system.

• Computer Aided Investigative Environment (CAINE) – Italian GNU/Linux live distribution created as a digital forensics project.

• CSILinux - CSI’s mission is to equip you with the most advanced tools in digital forensics, OSINT, and incident response.

• Digital Evidence & Forensics Toolkit (DEFT) – Live CD for forensic analysis runnable without tampering or corrupting connected devices where the boot process takes place.

• Security related Operating Systems @ Rawsec – Penetration testing tools & Hacking Tools list Related Complete list of security operating systems.

• Security @ Distrowatch – Website dedicated to talking about, reviewing, and keeping up to date with open source operating systems.

• Tails – Live OS aimed at preserving privacy and anonymity.

Physical Hacking Tools #

• Anof-cyber/APTRS - APTRS (Automated Penetration Testing Reporting System) is an automated reporting tool in Python and Django. The tool allows Penetration testers to create a report directly without using the Traditional Docx file. It also provides an approach to keeping track of the projects and vulnerabilities.

• Canarytokens.org - Canarytokens are a free, quick, painless way to help defenders discover they’ve been breached by having attackers announce themselves. These are digital honeypots you can configure on your own network.

• Flipperzero.one - Flipper Zero is a portable multi-tool for pentesters and geeks in a toy-like body. It loves hacking digital stuff, such as radio protocols, access control systems, hardware and more. It’s fully open-source and customizable, so you can extend it in whatever way you like. Check out more firmware options here

• Hak5.org - Sells many hacking for wifi pentesting, hotplug attacks, implants, remote access field kits and more. Breakdown of multiple tools

• LAN Turtle – Covert “USB Ethernet Adapter” that provides remote access, network intelligence gathering, and MITM capabilities when installed in a local network.

• Poisontap – Siphons cookies, exposes internal (LAN-side) router and installs web backdoor on locked computers.

• USB Rubber Ducky – Customizable keystroke injection attack platform masquerading as a USB thumbdrive.

• WiFi Pineapple – Wireless auditing and penetration testing platform.

Penetration Testing Resources #

Pentest Tools #

• Metasploit Unleashed - Free Offensive Security Metasploit course.

• MITRE’s Adversarial Tactics, Techniques & Common Knowledge (ATT&CK) – Curated knowledge base and model for cyber adversary behavior.

• Open Source Security Testing Methodology Manual (OSSTMM) – Framework for providing test cases that result in verified facts on which to base decisions that impact an organization’s security.

• Open Web Application Security Project (OWASP) – Worldwide not-for-profit charitable organization focused on improving the security of especially Web-based and Application-layer software.

• Penetration Testing Execution Standard (PTES) – Documentation designed to provide a common language and scope for performing and reporting the results of a penetration test.

• Penetration Testing Framework (PTF) – Outline for performing penetration tests compiled as a general framework usable by vulnerability analysts and penetration testers alike.

• PENTEST-WIKI – Free online security knowledge library for pentesters and researchers.

• Security related Operating Systems @ Rawsec – Penetration testing tools & Hacking Tools list Related Complete list of security operating systems.

• Shellcode Examples – Shellcodes database.

• Shellcode Tutorial – Tutorial on how to write shellcode.

• XSS-Payloads – Ultimate resource for all things cross-site including payloads, tools, games and documentation.

Penetration Testing Distributions #

• ArchStrike – Arch GNU/Linux repository for security professionals and enthusiasts.

• AttifyOS – GNU/Linux distribution focused on tools useful during Internet of Things (IoT) security assessments.

• BackBox – Ubuntu-based distribution for penetration tests and security assessments.

• BlackArch – Arch GNU/Linux-based distribution with best Hacking Tools for penetration testers and security researchers.

• Fedora Security Lab – Provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies.

• Kali – GNU/Linux distribution designed for digital forensics and penetration testing Hacking Tools.

• Network Security Toolkit (NST) – Fedora-based bootable live operating system designed to provide easy access to best-of-breed open source network security applications.

• Parrot – Distribution similar to Kali, with multiple architectures with 100 of Hacking Tools.

• Pentoo – Security-focused live CD based on Gentoo.

• The Pentesters Framework – Distro organized around the Penetration Testing Execution Standard (PTES), providing a curated collection of utilities that eliminates often unused toolchains.

Docker for Penetration Testing #

• docker pull kalilinux/kali-linux-docker
• docker pull owasp/zap2docker-stable
• docker pull wpscanteam/wpscan
• docker pull citizenstig/dvwa
• docker pull wpscanteam/vulnerablewordpress
• docker pull hmlio/vaas-cve-2014-6271
• docker pull hmlio/vaas-cve-2014-0160
• docker pull opendns/security-ninjas
• docker pull diogomonica/docker-bench-security
• docker pull ismisepaul/securityshepherd
• docker pull danmx/docker-owasp-webgoat
• docker-compose build && docker-compose up
• docker pull citizenstig/nowasp
• docker pull bkimminich/juice-shop
• docker pull phocean/msf

Penetration Testing Report Templates #

• Pentesting Report Template – lucideus.com template.

• Pentesting Report Template – pcisecuritystandards.org template.

• Public Pentesting Reports – Curated list of public penetration test reports released by several consulting firms and academic security groups.

Ransomware Recovery #

• Nomoreransom - Help detect what kind of ransomware encryption you’re affected by and free tools to unlock it, in many but not all cases.

Reverse Engineering Tools #

• Binwalk – Fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.

• Capstone – Lightweight multi-platform, multi-architecture disassembly framework.

• dnSpy – One of the Hacking Tools to reverse engineer .NET assemblies.

• Evan’s Debugger – OllyDbg-like debugger for GNU/Linux.

• Frida – Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.

• Immunity Debugger – Powerful way to write exploits and analyze malware.

• Interactive Disassembler (IDA Pro) – Proprietary multi-processor disassembler and debugger for Windows, GNU/Linux, or macOS; also has a free version, IDA Free.

• Medusa – Open source, cross-platform interactive disassembler.

• OllyDbg – x86 debugger for Windows binaries that emphasizes binary code analysis.

• Peda – Python Exploit Development Assistance for GDB.

• Plasma – Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.

• PyREBox – Python scriptable Reverse Engineering sandbox by Cisco-Talos.

• Radare2 – Open source, crossplatform reverse engineering framework.

• rVMI – Debugger on steroids; inspect userspace processes, kernel drivers, and preboot environments in a single tool.

• Voltron – Extensible debugger UI toolkit written in Python.

• WDK/WinDbg – Windows Driver Kit and WinDbg.

• x64dbg – Open source x64/x32 debugger for windows.

Security Courses #

• ARIZONA CYBER WARFARE RANGE – 24×7 live fire exercises for beginners through real world operations; capability for upward progression into the real world of cyber warfare.

• Computer Security Student – Many free tutorials, great for beginners, $10/mo membership unlocks all content.

• CTF Field Guide – Everything you need to win your next CTF competition.

• Cybrary – Free courses in ethical hacking and advanced penetration testing. Advanced penetration testing courses are based on the book ‘Penetration Testing for Highly-Secured Environments’.

• European Union Agency for Network and Information Security – ENISA Cyber Security Training material.

• Offensive Security Training – Training from BackTrack/Kali developers.

• Open Security Training – Training material for computer security classes.

• SANS Security Training – Computer Security Training & Certification.

Side-channel Tools #

• ChipWhisperer – Complete open-source toolchain for side-channel power analysis and glitching attacks.

Social Engineering #

• Beelogger – Tool for generating keylooger.

• Catphish – Tool for phishing and corporate espionage written in Ruby.

• Evilginx – MITM attack framework used for phishing credentials and session cookies from any Web service.

• King Phisher – One of the Hacking Tools for Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content.

• Social Engineer Toolkit (SET) – Open source pentesting framework designed for social engineering featuring a number of custom attack vectors to make believable attacks quickly.

• Social Engineering Framework – Information resource for social engineers.

• wifiphisher – Automated phishing attacks against WiFi networks.

Static Analyzers #

• Bandit – Security oriented static analyser for python code.

• Brakeman – Static analysis security vulnerability scanner for Ruby on Rails applications.

• Cppcheck – Extensible C/C++ static analyzer focused on finding bugs.

• FindBugs – Free software static analyzer to look for bugs in Java code.

• Sobelow – Security-focused static analysis for the Phoenix Framework.

Transport Layer Security Tools #

• SSLyze – Fast and comprehensive TLS/SSL configuration analyzer to help identify security mis-configurations.

• TLS Prober – Fingerprint a server’s SSL/TLS implementation.

• Testssl.sh – Command line tool which checks a server’s service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws.

Tools, Lists, Tutorials etc. #

• AD Exploit guides - Detailed guide on methods to exploit Active Directory.

• Android Security – Collection of Android security-related resources.

• AppSec – Resources for learning about application security.

• Awesome Awesomness – The List of the Lists.

• C/C++ Programming – One of the main language for open source security tools.

• CTFs – Capture The Flag frameworks, libraries, etc.

• Exploit Writing Tutorials – Tutorials on how to develop exploits.

• Forensics – Free (mostly open source) forensic analysis tools and resources.

• GB Hackers Tools List - Massive list of Tools.

• Hackerone Tools List - Massive list of Tools.

• Hacking – Tutorials, tools, and resources.

• Honeypots – Honeypots, tools, components, and more.

• InfoSec § Hacking challenges – Comprehensive directory of CTFs, wargames, hacking challenge websites, Penetration testing tools list practice lab exercises, and more.

• Infosec – Information security resources for pentesting, forensics, and more.

• JavaScript Programming – In-browser development and scripting.

• Kali Linux Tools – List of Hacking tools present in Kali Linux.

• Malware Analysis – Tools and resources for analysts.

• Node.js Programming – Curated list of delightful Node.js packages and resources.

• PCAP Tools – Tools for processing network traffic.

• Penetration Testing Cheat Sheets – Awesome Pentest Cheat Sheets.

• Pivoting and Tunneling Guide - Detailed guide on methods to exploit.

• Python Programming 1 – General Python programming.

• Python Programming 2 – General Python programming.

• Python tools for penetration testers – Lots of pentesting tools are written in Python.

• Ruby Programming 1 – The de-facto language for writing exploits.

• Ruby Programming 2 – The de-facto

Virtual Machines Labs #

• CFTtime - Free capture the flag hacking games.

• MindMaps - Massive list of smaller sites that provide individual hacking challenges.

• Pentesterlab - Free and paid Pentesting training with labs.

• Sadcloud - Sadcloud is a tool for spinning up insecure AWS infrastructure with Terraform.

• Vulnerability Hub - Free Virtual machines to hack, provided by the community.

• Vulnmachines - A place to learn and improve penetration testing/ethical hacking skills for FREE. The labs consist of 100+ real world scenarios to practice the latest exploits and cutting edge hacking techniques.

Vulnerability Databases #

• Bugtraq (BID) – Software security bug identification database compiled from submissions to the SecurityFocus mailing list and other sources, operated by Symantec, Inc.

• Common Vulnerabilities and Exposures (CVE) – Dictionary of common names (i.e., CVE Identifiers) for publicly known security vulnerabilities.

• CXSecurity – Archive of published CVE and Bugtraq software vulnerabilities cross-referenced with a Google dork database for discovering the listed vulnerability.

• Exploit-DB – Non-profit project hosting exploits for software vulnerabilities, provided as a public service by Offensive Security.

• Full-Disclosure – Public, vendor-neutral forum for detailed discussion of vulnerabilities, often publishes details before many other sources.

• Inj3ct0r (Onion service) – Exploit marketplace and vulnerability information aggregator.

• Microsoft Security Advisories – Archive of security advisories impacting Microsoft software.

• Microsoft Security Bulletins – Announcements of security issues discovered in Microsoft software, published by the Microsoft Security Response Center (MSRC).

• Mozilla Foundation Security Advisories – Archive of security advisories impacting Mozilla software, including the Firefox Web Browser.

• National Vulnerability Database (NVD) – United States government’s National Vulnerability Database provides additional meta-data (CPE, CVSS scoring) of the standard CVE List along with a fine-grained search engine.

• Packet Storm – Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry.

• SecuriTeam – Independent source of software vulnerability information.

• US-CERT Vulnerability Notes Database – Summaries, technical details, remediation information, and lists of vendors affected by software vulnerabilities, aggregated by the United States Computer Emergency Response Team (US-CERT).

• Vulnerability Lab – Open forum for security advisories organized by category of exploit target.

• Vulners – Security database of software vulnerabilities.

• Zero Day Initiative – Bug bounty program with the publicly accessible archive of published security advisories, operated by TippingPoint.

Vulnerability Scanners #

• Nexpose – Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7.

• Nessus – Commercial vulnerability management, configuration, and compliance assessment platform, sold by Tenable. Free for under 25 devices.

• OpenVAS – Free open source software implementation of the popular Nessus vulnerability assessment system.

• Vuls – Agentless vulnerability scanner for GNU/Linux and FreeBSD, written in Go.

Web Exploitation #

• Autochrome – Easy to install a test browser with all the appropriate setting needed for web application testing with native Burp support, from NCCGroup.

• BlindElephant – Web application fingerprinter.

• Browser Exploitation Framework (BeEF) – Command and control server for delivering exploits to commandeered Web browsers.

• Burp Suite – One of the Hacking Tools integrated platform for performing security testing of web applications.

• Commix – Automated all-in-one operating system command injection and exploitation tool.

• DVCS Ripper – Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR.

• EyeWitness – Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible.

• Fiddler – Free cross-platform web debugging proxy with user-friendly companion tools.

• Fimap – Find, prepare, audit, exploit and even Google automatically for LFI/RFI bugs.

• FuzzDB – Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

• GitTools – One of the Hacking Tools that Automatically find and download Web accessible .git repositories.

• Kadabra – Automatic LFI exploiter and scanner.

• Kadimus – LFI scan and exploit tool.

• Liffy – LFI exploitation tool.

• NoSQLmap – Automatic NoSQL injection and database takeover tool.

• Offensive Web Testing Framework (OWTF) – Python-based framework for pentesting Web applications based on the OWASP Testing Guide.

• Sslstrip – One of the Hacking Tools Demonstration of the HTTPS stripping attacks.

• Sslstrip2 – SSLStrip version to defeat HSTS.

• sqlmap – Automatic SQL injection and database takeover tool.

• Tplmap – Automatic server-side template injection and Web server takeover Hacking Tools.

• VHostScan – A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.

• Weevely3 – Weaponized web shell.

• Webscreenshot – A simple script to take screenshots of list of websites.

• WhatWeb – Website fingerprinter.

• Wappalyzer – Wappalyzer uncovers the technologies used on websites.

• wafw00f – Identifies and fingerprints Web Application Firewall (WAF) products.

• WordPress Exploit Framework – Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.

• WPSploit – Exploit WordPress-powered websites with Metasploit.

Web Scanners #

• Arachni – Scriptable framework for evaluating the security of web applications.

• Cms-explorer – Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running.

• Nikto – Noisy but fast black box web server and web application vulnerability scanner.

• SecApps – In-browser web application security testing suite.

• WebReaver – Commercial, graphical web application vulnerability scanner designed for macOS.

• w3af – Hacking Tools for Web application attack and audit framework.

• WPScan – Hacking Tools of Black box WordPress vulnerability scanner.

• Wapiti – Black box web application vulnerability scanner with built-in fuzzer.

• Joomscan – One of the best Hacking Tools for Joomla vulnerability scanner.

• ACSTIS – Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.

Windows Utilities #

• Bloodhound – Graphical Active Directory trust relationship explorer.

• DeathStar – Python script that uses Empire’s RESTful API to automate gaining Domain Admin rights in Active Directory environments.

• Empire – Pure PowerShell post-exploitation agent.

• Fibratus – Tool for exploration and tracing of the Windows kernel.

• Magic Unicorn – Shellcode generator for numerous attack vectors, including Microsoft Office macros, PowerShell, HTML applications (HTA), or certutil (using fake certificates).

• Mimikatz – Credentials extraction tool for Windows operating system.

• PowerSploit – PowerShell Post-Exploitation Framework.

• redsnarf – Post-exploitation tool for retrieving password hashes and credentials from Windows workstations, servers, and domain controllers.

• Responder – LLMNR, NBT-NS and MDNS poisoner.

• Sysinternals Suite – The Sysinternals Troubleshooting Utilities.

• wePWNise – Generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software.

• Windows Credentials Editor – Inspect logon sessions and add, change, list, and delete associated credentials, including Kerberos tickets.

• Windows Exploit Suggester – Detects potential missing patches on the target.

Wireless Network Hacking #

• Aircrack-ng – Set of Penetration testing & Hacking Tools list for auditing wireless networks.

• Fluxion – Suite of automated social engineering based WPA attacks.

• Kismet – Wireless network detector, sniffer, and IDS.

• Reaver – Brute force attack against WiFi Protected Setup.

• Wifite – Automated wireless attack tool.