A curated list of awesome Hacking. Inspired by awesome-machine-learning
If you want to contribute to this list (please do), send me a pull request or contact me @carpedm20
For a list of free hacking books available for download, go here
# System ## Tutorials * [Corelan Team's Exploit writing tutorial](https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/) * [Exploit Writing Tutorials for Pentesters](http://www.punter-infosec.com/exploit-writing-tutorials-for-pentesters/) ## Tools * [Metasploit](https://github.com/rapid7/metasploit-framework) A computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. * [mimikatz](https://github.com/gentilkiwi/mimikatz) - A little tool to play with Windows security ## General * [Exploit database](https://www.exploit-db.com/) - An ultimate archive of exploits and vulnerable software # Reverse Engineering ## Tutorials * [Lenas Reversing for Newbies](https://tuts4you.com/download.php?list.17) * [Malware Analysis Tutorials: a Reverse Engineering Approach](http://fumalwareanalysis.blogspot.kr/p/malware-analysis-tutorials-reverse.html) ## Tools * [IDA](https://www.hex-rays.com/products/ida/) - IDA is a Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger * [OllyDbg](http://www.ollydbg.de/) - A 32-bit assembler level analysing debugger for Windows * [x64dbg](http://x64dbg.com/) - An open-source x64/x32 debugger for Windows * [dex2jar](https://github.com/pxb1988/dex2jar) - Tools to work with android .dex and java .class files * [JD-GUI](http://jd.benow.ca/) - A standalone graphical utility that displays Java source codes of “.class” files * [procyon](https://bitbucket.org/mstrobel/procyon/wiki/Java%20Decompiler) - A modern open-source Java decompiler * [androguard](https://code.google.com/p/androguard/) - Reverse engineering, Malware and goodware analysis of Android applications * [JAD](http://varaneckas.com/jad/) - JAD Java Decompiler (closed-source, unmaintained) * [dotPeek](https://www.jetbrains.com/decompiler/) - a free-of-charge .NET decompiler from JetBrains * [UPX](http://upx.sourceforge.net/) - the Ultimate Packer for eXecutables * [radare2](https://github.com/radare/radare2) - A portable reversing framework * [plasma](https://github.com/joelpx/plasma) - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code. * [Hopper](https://www.hopperapp.com) - A OS X and Linux Disassembler/Decompiler for 32/64 bit Windows/Mac/Linux/iOS executables. ## General * [Open Malware](http://www.offensivecomputing.net/) # Web ## Tools * [sqlmap](https://github.com/sqlmapproject/sqlmap) - Automatic SQL injection and database takeover tool * [tools.web-max.ca](http://tools.web-max.ca/encode_decode.php) - base64 base85 md4,5 hash, sha1 hash encoding/decoding # Network ## Tools * [Wireshark](https://www.wireshark.org/) - A free and open-source packet analyzer * [NetworkMiner](http://www.netresec.com/?page=NetworkMiner) - A Network Forensic Analysis Tool (NFAT) * [tcpdump](http://www.tcpdump.org/) - a powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture * [Paros](http://sourceforge.net/projects/paros/) - A Java based HTTP/HTTPS proxy for assessing web application vulnerability * [pig](https://github.com/rafael-santiago/pig) - A Linux packet crafting tool * [ZAP](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project) - The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications * [mitmproxy](https://mitmproxy.org/) - An interactive, SSL-capable man-in-the-middle proxy for HTTP with a console interface * [mitmsocks4j](https://github.com/Akdeniz/mitmsocks4j) - Man in the Middle SOCKS Proxy for JAVA * [nmap](https://nmap.org/) - Nmap (Network Mapper) is a security scanner * [Aircrack-ng](http://www.aircrack-ng.org/) - An 802.11 WEP and WPA-PSK keys cracking program * [Charles Proxy](https://charlesproxy.com) - A cross platform GUI web debugging proxy to view intercepted HTTP and HTTPS/SSL live traffic. # Forensic ## Tools * [Autospy](http://www.sleuthkit.org/autopsy/) - A digital forensics platform and graphical interface to [The Sleuth Kit](http://www.sleuthkit.org/sleuthkit/index.php) and other digital forensics tools * [sleuthkit](https://github.com/sleuthkit/sleuthkit) - A library and collection of command line digital forensics tools * [EnCase](https://www.guidancesoftware.com/products/Pages/encase-forensic/overview.aspx) - the shared technology within a suite of digital investigations products by Guidance Software * [malzilla](http://malzilla.sourceforge.net/) - Malware hunting tool * [PEview](http://wjradburn.com/software/) - a quick and easy way to view the structure and content of 32-bit Portable Executable (PE) and Component Object File Format (COFF) files * [HxD](http://mh-nexus.de/en/hxd/) - A hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size * [WinHex](http://www.winhex.com/winhex/) - A hexadecimal editor, helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security * [BinText](http://www.mcafee.com/kr/downloads/free-tools/bintext.aspx) - A small, very fast and powerful text extractor that will be of particular interest to programmers- xortool - A tool to analyze multi-byte xor cipher
- John the Ripper - A fast password cracker
- Aircrack - Aircrack is 802.11 WEP and WPA-PSK keys cracking program.