/Awesome-CyberSec-Resources

An awesome collection of curated Cyber Security resources(Books, Tutorials, Blogs, Podcasts, ...)

MIT LicenseMIT

Banner

theepiccode

image

Footprinting 🦢🏻 and Reconnaissance πŸ•΅πŸ»β€β™‚οΈ

Repository Description
Autopsy Fast though an affordable incident response software.
Bulkextractor Forensic investigation tool for many tasks such as malware and intrusion.
Media Acquistion Visits that came from someone going to your site from organic search results.
Toolsley No-hassle tools that are for verifying, hashing, generating and identifying multiple formats of data files.

Scanning Networks πŸ”

Repository Description
Nmap A free and open source (license) utility for network discovery and security auditing.
Wireshark The world’s foremost and widely-used network protocol analyzer.
TCPDUMP A powerful command-line packet analyzer.

Enumeration πŸ“–

Repository Description
Network Map Designed to rapidly scan large networks, but works fine against single hosts.
Dracnmap Dracnmap is designed to perform fast scaning with the utilizing script engine of nmap.
Port scanning Enables port scanning your entire network to determine which ports on your network are open and what services are running on them.
Xerosploit A pentesting toolkit whose goal is to perform man in the middle attacks for testing purposes.
RED HAWK
ReconSpider Framework for scanning IP Address, Emails, Websites, Organizations.
Infoga - Email OSINT A tool gathering email accounts informations from different public sources.
ReconDog Main Features = Wizard + CLA interface, extracts targets from STDIN (piped input) and act upon them.
Striker Recon & Vulnerability Scanning Suite.
SecretFinder Written to discover sensitive data like apikeys, accesstoken, authorizations, jwt in
Zeebsploit enumeration and information disclosure tool.
JavaScript files.
Port Scanner Converts an unordered list of ports on separate lines in a numerical order.
Breacher A script to find admin login pages and EAR vulnerabilites.
Git-Secret Go scripts for finding sensitive data like API key / some keywords in the github repository

System Hacking πŸ§‘πŸΌβ€πŸ’»

Repository Description
Social Engineering ToolKit An open-source penetration testing framework designed for social engineering.
SocialFish A program designed to know social media stats and information related to an account.
HiddenEye Multi-featured tool for human mistakes exploitation.
Evilginx2 A man-in-the-middle attack framework used for phishing login credentials along with session cookies.
I-See_You Tool to find the exact location of the users during social engineering or phishing engagements.
SayCheese Take webcam shots from target just sending a malicious link.
QR Code Jacking Port Forwarding using Ngrok or Serveo.
BlackPhish Super lightweight with many features and blazing fast speeds.

Payload Creation πŸ“¦

Repository Description
The FatRat Provides An Easy way to create Backdoors and Payload which can bypass most anti-virus.
Brutal Quickly create various powershell attack, virus attack and launch listener for a Human Interface Device.
MSFvenom Payload Creator A wrapper to generate multiple types of payloads, based on users choice.
Venom Shellcode Generator Built to take advantage of apache2 webserver to deliver payloads (LAN).
Mob-Droid Generate metasploit payloads in easy way without typing long commands and save your time.
Enigma Multiplatform payload dropper.

Sniffing 🐢

Repository Description
OpenVAS A full-featured vulnerability scanner.
Nikto An Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items.
Wapiti Audit the security of your websites or web applications.
Metasploit Metasploit helps security teams do more than just verify vulnerabilities, manage security assessments.
Maltego Graphical link analysis tool for gathering and connecting information for investigative tasks.
Canvas Makes available hundreds of exploits, an automated exploitation system.
Sn1per An automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities.
Lazyrecon Is intended to automate some tedious tasks of reconnaissance and information gathering.
Osmedeus Run the collection of awesome tools to reconnaissance and vulnerability scanning against the target.
Reconness Exploit the targets using one specific kind of vulnerability.
IronWASP Used for web application vulnerability testing.

Social Engineering πŸ“±

Repository Description
Awesome Social Engineering List of awesome social engineering resources.

Denial Of Service πŸ› 

Repository Description
Asyncrone Multifunction SYN Flood DDoS Weapon.
UFOnet Cryptographic -disruptive toolkit- that allows to perform DoS and DDoS attacks.
GoldenEye An HTTP DoS Test Tool.

Session Hijacking πŸ’½

Repository Description
Debinject Inject malicious code into .debs
Pixload Set of tools for hiding backdoors creating/injecting payload into images.

Evading IDS, Firewalls and Honeypots 🐝

Repository Description
Bluetooth Honeypot The system allows monitoring of attacks via a graphical user interface.
Kippo SSH honeypot designed to log brute force attacks.
MushMush The foundation is dedicated to the advancement and development of open source software.
Formidable Honeypot Easy, non-instrusive SPAM protection.
Elastic Honey A Simple Elasticsearch Honeypot.
Honey Thing A honeypot for Internet of TR-069 routers/devices.

Hacking Web Applications πŸ§‘πŸΌβ€πŸ’»

Repository Description
Awesome Web Hacking A collection of tools used for SQL Injections and hacking websites.
WPScan The WPScan WordPress Vulnerability Database is a database of WordPress vulnerabilities, plugin vulnerabilities and theme vulnerabilities
PayloadsAllTheThings A list of useful payloads and bypass for Web Application Security and Pentest/CTF.
CS 253 Web Security A comprehensive overview of web security.
Beginner Web Application Hacking(The Cyber Mentor) A full web hacking course for beginners.

SQL Injection πŸ’‰

Repository Description
Sqlmap tool Automates the process of detecting and exploiting SQL injection flaws.
NoSqlMap Audit for as well as automate injection attacks and exploit default configuration weaknesses in databases.
Damn Small SQLi Scanner SQL injection vulnerability scanner written in under 100 lines of code.
Explo A simple tool to describe web security issues in a human and machine readable format.
Blisqy Blind SQL injection on HTTP Headers and also exploitation of the same vulnerability.
Leviathan A mass audit toolkit which has wide range service discovery, brute force, etc.
SQLScan Quick web scanner for find an sql inject point on a website.

Hacking Wireless Networks πŸ•Έ

Repository Description
WiFi-Pumpkin A powerful framework which allows and offers security researchers, to mount a wireless network to conduct MITM.
pixiewps Used to bruteforce offline the WPS PIN exploiting the low or non-existing entropy of some software implementations
Bluetooth Honeypot GUI Framework. Allows monitoring of attacks via a GUI that provides graphs, lists, a dashboard and further detailed analysis from log files.
Fluxion It's a remake by Mr. SAGE with less bugs and more functionality.
Wifiphisher A Framework for conducting red team engagements or Wi-Fi security testing.
Wifite Designed to use all known methods for retrieving the password of a wireless access point (router).
EvilTwin A script to perform Evil Twin Attack, by getting credentials using a Fake page and Fake Access Point.
Fastssh Performs multi-threaded scan and brute force attack against SSH protocol using the most commonly credentials.
Aircrack-ng Aircrack- ng is a complete suite of tools to assess WiFi network security.
Kismet Kismet is a wireless network and device detector, sniffer, wardriving tool, and WIDS framework.

Hacking Mobile Platforms πŸ“±

Repository Description
android-security-awesome A collection of android security related resources.
Keydroid Android Keylogger + Reverse Shell.
MySMS Script that generates an Android App to hack SMS through WAN.
Lockphish (Grab target LOCK PIN) The first tool (05/13/2020) for phishing attacks on the lock screen.
DroidCam (Capture Image) Generates different phishing links of wishing or custom sites which can grab victim's front camera pictures.
EvilApp (Hijack Session) Script to generate Android App that can hijack autenticated sessions in cookies.
HatCloud(Bypass CloudFlare for IP) It makes bypass in CloudFlare for discover the real IP.
Ghost(remotely access an Android device) Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device.

IoT Hacking πŸ€–

Repository Description
Vehicle Security A curated list about vehicle security, car hacking, and tinkering with the functionality of your car.

Cryptography πŸ”’

Repository Description
Awesome Cryptography A curated list of cryptography resources and links.
dCode Toolkit website for decryption, ciphertexts, solve riddles, treasure hunts, etc.

Capture The Flag (Beginner) 🚩

Repository Description
CTFTime List of CTF events to participate.
Writeups Best way to learn through writeups.
CTF101 Introduction to CTFs and Useful tools.
Guide Beginner's Guide to CTF Field.
PicoCTF Beginner friendly CTF to compete.
CryptoHack Best free platform for learning modern cryptography.
HackThisSite Practice and expand your hacking skills.
Cyber Talents Hands-on practical scenariosin different cyber security fields.
OverTheWire Practice security concepts in the form of fun-filled games.

OSINT (Open Source INTelligence)

Repository Description
Awesome OSINT A curated list of amazingly awesome open source intelligence tools and resources.

Encryption πŸ”’

Repository Description
LifeHacker Guide for Beginners to learn encryption.
Encryption For Business Business Guide to Encryption
USB Encryption Guide to USB encryption.
Encryption Tools How to use Encryption Tools.
Cipher Newsletter Newsletter which will keep you updated.

ExploitDB

Repository Description
Exploit Database Website The Exploit Database is a non-profit project that is provided as a public service by Offensive Security.
ExploitDB Usage Examples Kali Linux exploitDB usage examples.
The Exploit Database Git Repository This is an official repository of The Exploit Database, a project sponsored by Offensive Security.
Exploits & Shellcodes ExploitDB shellcodes.
Papers ExploitDB Papers.