Penetration Testing & Hacking Tools List
Online Resources β Hacking Tools
Penetration Testing Resources
Metasploit Unleashed β Free Offensive Security Metasploit course.
Penetration Testing Execution Standard (PTES) β Documentation designed to provide a common language and scope for performing and reporting the results of a penetration test.
Open Web Application Security Project (OWASP) β Worldwide not-for-profit charitable organization focused on improving the security of especially Web-based and Application-layer software.
PENTEST-WIKI β Free online security knowledge library for pentesters and researchers.
Penetration Testing Framework (PTF) β Outline for performing penetration tests compiled as a general framework usable by vulnerability analysts and penetration testers alike.
XSS-Payloads β Ultimate resource for all things cross-site including payloads, tools, games, and documentation.
Open Source Security Testing Methodology Manual (OSSTMM) β Framework for providing test cases that result in verified facts on which to base decisions that impact an organizationβs security.
MITREβs Adversarial Tactics, Techniques & Common Knowledge (ATT&CK) β Curated knowledge base and model for cyber adversary behavior.
Exploit Development
Shellcode Tutorial β Tutorial on how to write shellcode.
Shellcode Examples β Shellcodes database.
Exploit Writing Tutorials β Tutorials on how to develop exploits.
OSINT Resources
OSINT Framework β Collection of various OSINT Hacking Tools broken out by category.
Intel Techniques β Collection of OSINT tools. The menu on the left can be used to navigate through the categories.
NetBootcamp OSINT Tools β Collection of OSINT links and custom Web interfaces to other services such as Facebook Graph Search and various paste sites.
WiGLE.net β Information about wireless networks worldwide, with user-friendly desktop and web applications.
Social Engineering Resources
Social Engineering Framework β the Information resource for social engineers.
Lock Picking Resources
Schuyler Towne channel β Lockpicking videos and security talks.
bosnianbill β More lockpicking videos.
/r/lockpicking β Resources for learning lockpicking, equipment recommendations.
Operating Systems
Security-related Operating Systems @ Rawsec β Penetration testing tools & Hacking Tools list Related Complete list of security operating systems.
Best Linux Penetration Testing Distributions @ CyberPunk β Description of main penetration testing distributions.
Security @ Distrowatch β Website dedicated to talking about, reviewing, and keeping up to date with open-source operating systems.
cuckoo β Open source automated malware analysis system.
Computer-Aided Investigative Environment (CAINE) β Italian GNU/Linux live distribution created as a digital forensics project.
Digital Evidence & Forensics Toolkit (DEFT) β Live CD for forensic analysis runnable without tampering or corrupting connected devices where the boot process takes place.
Tails β Live OS aimed at preserving privacy and anonymity.
Hacking Tools
Penetration Testing Distributions
Kali β GNU/Linux distribution designed for digital forensics and penetration testing Hacking Tools
ArchStrike β Arch GNU/Linux repository for security professionals and enthusiasts.
BlackArch β Arch GNU/Linux-based distribution with best Hacking Tools for penetration testers and security researchers.
Network Security Toolkit (NST) β Fedora-based bootable live operating system designed to provide easy access to best-of-breed open source network security applications.
Pentoo β Security-focused live CD based on Gentoo.
BackBox β Ubuntu-based distribution for penetration tests and security assessments.
Parrot β Distribution similar to Kali, with multiple architectures with 100 of Hacking Tools.
Buscador β GNU/Linux virtual machine that is pre-configured for online investigators.
Fedora Security Lab β provides a safe test environment to work on security auditing, forensics, system rescue, and teaching security testing methodologies.
The Pentesters Framework β Distro organized around the Penetration Testing Execution Standard (PTES), providing a curated collection of utilities that eliminates often unused toolchains.
AttifyOS β GNU/Linux distribution focused on tools useful during the Internet of Things (IoT) security assessments.
Docker for Penetration Testing
docker pull kalilinux/kali-linux-docker
official Kali Linuxdocker pull owasp/zap2docker-stable
β official OWASP ZAPdocker pull wpscanteam/wpscan
β official WPScandocker pull citizenstig/dvwa
β Damn Vulnerable Web Application (DVWA)docker pull wpscanteam/vulnerablewordpress
β Vulnerable WordPress Installationdocker pull hmlio/vaas-cve-2014-6271
β Vulnerability as a service: Shellshockdocker pull hmlio/vaas-cve-2014-0160
β Vulnerability as a service: Heartbleeddocker pull opendns/security-ninjas
β Security Ninjasdocker pull diogomonica/docker-bench-security
β Docker Bench for Securitydocker pull ismisepaul/securityshepherd
β OWASP Security Shepherddocker pull danmx/docker-owasp-webgoat
β OWASP WebGoat Project docker imagedocker-compose build && docker-compose up
β OWASP NodeGoatdocker pull citizenstig/nowasp
β OWASP Mutillidae II Web Pen-Test Practice Applicationdocker pull bkimminich/juice-shop
β OWASP Juice Shopdocker pull kalilinux/kali-linux-docker
β Kali Linux Docker Imagedocker pull phocean/msf
β docker-Metasploit
Multi-paradigm Frameworks
Metasploit β post-exploitation Hacking Tools for offensive security teams to help verify vulnerabilities and manage security assessments.
Armitage β Java-based GUI front-end for the Metasploit Framework.
Faraday β Multiuser integrated pentesting environment for red teams performing cooperative penetration tests, security audits, and risk assessments.
ExploitPack β Graphical tool for automating penetration tests that ships with many pre-packaged exploits.
Pupy β Cross-platform (Windows, Linux, macOS, Android) remote administration and post-exploitation tool,
Vulnerability Scanners
Nexpose β Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7.
Nessus β Commercial vulnerability management, configuration, and compliance assessment platform, sold by Tenable.
OpenVAS β Free software implementation of the popular Nessus vulnerability assessment system.
Vuls β Agentless vulnerability scanner for GNU/Linux and FreeBSD, written in Go.
Static Analyzers
Brakeman β Static analysis security vulnerability scanner for Ruby on Rails applications.
cppcheck β Extensible C/C++ static analyzer focused on finding bugs.
FindBugs β Free software static analyzer to look for bugs in Java code.
sobelow β Security-focused static analysis for the Phoenix Framework.
bandit β Security oriented static analyzer for Python code.
Web Scanners
Nikto β Noisy but fast black box web server and web application vulnerability scanner.
Arachni β Scriptable framework for evaluating the security of web applications.
w3af β Hacking Tools for Web application attack and audit framework.
Wapiti β Black box web application vulnerability scanner with built-in fuzzer.
SecApps β In-browser web application security testing suite.
WebReaver β Commercial, graphical web application vulnerability scanner designed for macOS.
WPScan β Hacking Tools of the Black box WordPress vulnerability scanner.
cms-explorer β Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running.
joomscan β one of the best Hacking Tools for Joomla vulnerability scanner.
ACSTIS β Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.
Network Tools
zmap β Open source network scanner that enables researchers to easily perform Internet-wide network studies.
nmap β Free security scanner for network exploration & security audits.
pig β one of the Hacking Tools forGNU/Linux packet crafting.
scanless β Utility for using websites to perform port scans on your behalf so as not to reveal your own IP.
tcpdump/libpcap β Common packet analyzer that runs under the command line.
Wireshark β Widely-used graphical, cross-platform network protocol analyzer.
Network-Tools.com β Website offering an interface to numerous basic network utilities like
ping
,traceroute
,whois
, and more.netsniff-ng β Swiss army knife for network sniffing.
Intercepter-NG β Multifunctional network toolkit.
SPARTA β Graphical interface offering scriptable, configurable access to existing network infrastructure scanning and enumeration tools.
dnschef β Highly configurable DNS proxy for pentesters.
DNSDumpster β one of the Hacking Tools for Online DNS recon and search service.
CloudFail β Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS.
dnsenum β Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack and then performs reverse look-ups on the results.
dnsmap β One of the Hacking Tools for Passive DNS network mapper.
dnsrecon β One of the Hacking Tools for DNS enumeration script.
dnstracer β Determines where a given DNS server gets its information from, and follows the chain of DNS servers.
passivedns-client β Library and query tool for querying several passive DNS providers.
passivedns β Network sniffer that logs all DNS server replies for use in a passive DNS setup.
Mass Scan β best Hacking Tools for TCP port scanner, spews SYN packets asynchronously, scanning the entire Internet in under 5 minutes.
Zarp β Network attack tool centered around the exploitation of local networks.
mitmproxy β Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
Morpheus β Automated ettercap TCP/IP Hacking Tools .
mallory β HTTP/HTTPS proxy over SSH.
SSH MITM β Intercept SSH connections with a proxy; all plaintext passwords and sessions are logged to disk.
Netzob β Reverse engineering, traffic generation and fuzzing of communication protocols.
DET β Proof of concept to perform data exfiltration using either single or multiple channel(s) at the same time.
pwnat β Punches holes in firewalls and NATs.
dsniff β Collection of tools for network auditing and pentesting.
tgcd β Simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls.
smbmap β Handy SMB enumeration tool.
scapy β Python-based interactive packet manipulation program & library.
Dshell β Network forensic analysis framework.
Debookee β Simple and powerful network traffic analyzer for macOS.
Dripcap β Caffeinated packet analyzer.
Printer Exploitation Toolkit (PRET) β Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features.
Praeda β Automated multi-function printer data harvester for gathering usable data during security assessments.
routersploit β Open source exploitation framework similar to Metasploit but dedicated to embedded devices.
evilgrade β Modular framework to take advantage of poor upgrade implementations by injecting fake updates.
XRay β Network (sub)domain discovery and reconnaissance automation tool.
Ettercap β Comprehensive, mature suite for machine-in-the-middle attacks.
BetterCAP β Modular, portable and easily extensible MITM framework.
CrackMapExec β A swiss army knife for pentesting networks.
impacket β A collection of Python classes for working with network protocols.
Wireless Network Hacking Tools
Aircrack-ng β Set of Penetration testing & Hacking Tools list for auditing wireless networks.
Kismet β Wireless network detector, sniffer, and IDS.
Reaver β Brute force attack against Wifi Protected Setup.
Wifite β Automated wireless attack tool.
Fluxion β Suite of automated social engineering-based WPA attacks.
Transport Layer Security Tools
SSLyze β Fast and comprehensive TLS/SSL configuration analyzer to help identify security misconfigurations.
tls_prober β Fingerprint a serverβs SSL/TLS implementation.
testssl.sh β Command-line tool which checks a serverβs service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws.
Web Exploitation
OWASP Zed Attack Proxy (ZAP) β Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.
Fiddler β Free cross-platform web debugging proxy with user-friendly companion tools.
Burp Suite β One of the Hacking Tools ntegrated platform for performing security testing of web applications.
autochrome β Easy to install a test browser with all the appropriate settings needed for web application testing with native Burp support, from NCCGroup.
Browser Exploitation Framework (BeEF) β Command and control server for delivering exploits to commandeered Web browsers.
Offensive Web Testing Framework (OWTF) β Python-based framework for pentesting Web applications based on the OWASP Testing Guide.
WordPress Exploit Framework β Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
WPSploit β Exploit WordPress-powered websites with Metasploit.
SQLmap β Automatic SQL injection and database takeover tool.
tplmap β Automatic server-side template injection and Web server takeover Hacking Tools.
weevely3 β Weaponized web shell.
Wappalyzer β Wappalyzer uncovers the technologies used on websites.
WhatWeb β Website fingerprinter.
BlindElephant β Web application fingerprinter.
wafw00f β Identifies and fingerprints Web Application Firewall (WAF) products.
fimap β Find, prepare, audit, exploit and even google automatically for LFI/RFI bugs.
Kadabra β Automatic LFI exploiter and scanner.
Kadimus β LFI scan and exploit tool.
liffy β LFI exploitation tool.
Commix β Automated all-in-one operating system command injection and exploitation tool.
DVCS Ripper β Rip web-accessible (distributed) version control systems: SVN/GIT/HG/BZR.
GitTools β One of the Hacking Tools that Automatically find and download Web-accessible
.git
repositories.sslstrip β One of the Hacking Tools Demonstration of the HTTPS stripping attacks.
sslstrip2 β SSLStrip version to defeat HSTS.
NoSQLmap β Automatic NoSQL injection and database takeover tool.
VHostScan β A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases, and dynamic default pages.
FuzzDB β Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
EyeWitness β Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible.
webscreenshot β A simple script to take screenshots of the list of websites.
Hex Editors
HexEdit.js β Browser-based hex editing.
Hexinator β Worldβs finest (proprietary, commercial) Hex Editor.
Frhed β Binary file editor for Windows.
0xED β Native macOS hex editor that supports plug-ins to display custom data types.
File Format Analysis Tools
Kaitai Struct β File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby.
Veles β Binary data visualization and analysis tool.
Hachoir β Python library to view and edit a binary stream as the tree of fields and tools for metadata extraction.
Defense Evasion Tools
Veil β Generate Metasploit payloads that bypass common anti-virus solutions.
shellsploit β Generates custom shellcode, backdoors, injectors, optionally obfuscates every byte via encoders.
Hyperion β Runtime encryptor for 32-bit portable executables (βPE
.exe
sβ).AntiVirus Evasion Tool (AVET) β Post-process exploits containing executable files targeted for Windows machines to avoid being recognized by antivirus software.
peCloak.py β Automates the process of hiding a malicious Windows executable from antivirus (AV) detection.
peCloakCapstone β Multi-platform fork of the peCloak.py automated malware antivirus evasion tool.
UniByAv β Simple obfuscator that takes raw shellcode and generates Anti-Virus friendly executables by using a brute-forcable, 32-bit XOR key.
Hash Cracking Hacking Tools
John the Ripper β One of the best Hacking Tools for Fast password cracker.
Hashcat β Another One of the Hacking Tools The more fast hash cracker.
CeWL β Generates custom wordlists by spidering a targetβs website and collecting unique words.
JWT Cracker β Simple HS256 JWT token brute force cracker.
Rar Crack β RAR brute force cracker.
BruteForce Wallet β Find the password of an encrypted wallet file (i.e.
wallet.dat
).
Windows Utilities
Sysinternals Suite β The Sysinternals Troubleshooting Utilities.
Windows Credentials Editor β Inspect logon sessions and add, change, list, and delete associated credentials, including Kerberos tickets.
mimikatz β Credentials extraction tool for Windows operating system.
PowerSploit β PowerShell Post-Exploitation Framework.
Windows Exploit Suggester β Detects potential missing patches on the target.
Responder β LLMNR, NBT-NS and MDNS poisoner.
Bloodhound β Graphical Active Directory trust relationship explorer.
Empire β Pure PowerShell post-exploitation agent.
Fibratus β Tool for exploration and tracing of the Windows kernel.
wePWNise β Generates architecture-independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software.
redsnarf β Post-exploitation tool for retrieving password hashes and credentials from Windows workstations, servers, and domain controllers.
Magic Unicorn β Shellcode generator for numerous attack vectors, including Microsoft Office macros, PowerShell, HTML applications (HTA), or
certutil
(using fake certificates).DeathStar β Python script that uses Empireβs RESTful API to automate gaining Domain Admin rights in Active Directory environments.
GNU/Linux Utilities
Linux Exploit Suggester β Heuristic reporting on potentially viable exploits for a given GNU/Linux system.
macOS Utilities
Bella β Pure Python post-exploitation data mining and remote administration tool for macOS.
DDoS Tools
LOIC β Open source network stress tool for Windows.
JS LOIC β JavaScript in-browser version of LOIC.
SlowLoris β DoS tool that uses low bandwidth on the attacking side.
HOIC β Updated version of Low Orbit Ion Cannon, has βboostersβ to get around common countermeasures.
T50 β Faster network stress tool.
UFONet β Abuses OSI layer 7 HTTP to create/manage βzombiesβ and to conduct different attacks using;
GET
/POST
, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.
Social Engineering Tools
Social Engineer Toolkit (SET) β Open source pentesting framework designed for social engineering featuring a number of custom attack vectors to make believable attacks quickly.
King Phisher β One of the Hacking Tools for Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content.
Evilginx β MITM attack framework used for phishing credentials and session cookies from any Web service.
wifiphisher β Automated phishing attacks against WiFi networks.
Catphish β Tool for phishing and corporate espionage written in Ruby.
Beelogger β Tool for generating keyloggers.
OSINT Tools
Maltego β One of the Hacking Tools and Proprietary software for open-source intelligence and forensics, from Paterva.
theHarvester β E-mail, subdomain, and people names harvester.
creepy β Geolocation OSINT tool.
metagoofil β Metadata harvester.
Google Hacking Database β Database of Google dorks; can be used for recon.
Google-dorks β Common Google dorks and others you probably donβt know.
GooDork β Command-line Google Dorking tool.
dork-cli β Command-line Google dork tool.
Censys β collects data on hosts and websites through daily ZMap and ZGrab scans.
Shodan β Worldβs first search engine for Internet-connected devices.
recon-ng β One of the Hacking Tools Full-featured Web Reconnaissance framework written in Python.
github-dorks β CLI tool to scan Github Repos/organizations for potential sensitive information leak.
vcsmap β Plugin-based tool to scan public version control systems for sensitive information.
Spiderfoot β Multi-source OSINT automation tool with a Web UI and report visualizations
BinGoo β GNU/Linux bash based Bing and Google Dorking Tool.
fast-recon β Perform Google dorks against a domain.
snitch β Information gathering via dorks.
Sn1per β one of the Hacking Tools for Automated Pentest Recon Scanner.
Threat Crowd β Search engine for threats.
Virus Total β VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.
DataSploit β OSINT visualizer utilizing Shodan, Censys, Clearbit, EmailHunter, FullContact, and Zoomeye behind the scenes.
AQUATONE β Subdomain discovery tool utilizing various open sources producing a report that can be used as input to other tools.
Intrigue β Automated OSINT & Attack Surface discovery framework with powerful API, UI, and CLI.
ZoomEye β Search engine for cyberspace that lets the user find specific network components.
Anonymity Tools
Tor β Free software and onion routed overlay network that helps you defend against traffic analysis.
OnionScan β One of the Hacking Tools for investigating the Dark Web by finding operational security issues introduced by Tor hidden service operators.
I2P β The Invisible Internet Project.
Nipe β Script to redirect all traffic from the machine to the Tor network.
What Every Browser Knows About You β Comprehensive detection page to test your own Web browserβs configuration for privacy and identity leaks.
Reverse Engineering Tools
Interactive Disassembler (IDA Pro) β Proprietary multi-processor disassembler and debugger for Windows, GNU/Linux, or macOS; also has a free version, IDA Free.
WDK/WinDbg β Windows Driver Kit and WinDbg.
OllyDbg β x86 debugger for Windows binaries that emphasizes binary code analysis.
Radare2 β Open source, cross-platform reverse engineering framework.
x64dbg β Open source x64/x32 debugger for windows.
Immunity Debugger β Powerful way to write exploits and analyze malware.
Evanβs Debugger β OllyDbg-like debugger for GNU/Linux.
Medusa β Open source, cross-platform interactive disassembler.
plasma β Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
peda β Python Exploit Development Assistance for GDB.
dnSpy β one of the Hacking Tools to reverse engineer .NET assemblies.
binwalk β Fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.
PyREBox β Python scriptable Reverse Engineering sandbox by Cisco-Talos.
Voltron β Extensible debugger UI toolkit written in Python.
Capstone β lightweight multi-platform, multi-architecture disassembly framework.
rVMI β Debugger on steroids; inspect userspace processes, kernel drivers, and preboot environments in a single tool.
Frida β Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
Physical Access Tools
LAN Turtle β Covert βUSB Ethernet Adapterβ that provides remote access, network intelligence gathering, and MITM capabilities when installed in a local network.
USB Rubber Ducky β Customizable keystroke injection attack platform masquerading as a USB thumb drive.
Poisontap β Siphons cookies, exposes internal (LAN-side) router and installs web backdoor on locked computers.
WiFi Pineapple β Wireless auditing and penetration testing platform.
Proxmark3 β RFID/NFC cloning, replay, and spoofing toolkit often used for analyzing and attacking proximity cards/readers, wireless keys/keyfobs, and more.
Side-channel Tools
ChipWhisperer β Complete open-source toolchain for side-channel power analysis and glitching attacks.
CTF Tools
ctf-tools β Collection of setup scripts to install various security research tools easily and quickly deployable to new machines.
Pwntools β Rapid exploit development framework built for use in CTFs.
RsaCtfTool β Decrypt data enciphered using weak RSA keys, and recover private keys from public keys using a variety of automated attacks.
Penetration Testing Report Templates
Public Pentesting Reports β Curated list of public penetration test reports released by several consulting firms and academic security groups.
Pentesting Report Template β testandverification.com template.
Pentesting Report Template β hitachi-systems-security.com template.
Pentesting Report Template β lucideus.com template.
Pentesting Report Template β crest-approved.org template.
Pentesting Report Template β pcisecuritystandards.org template.
Vulnerability Databases β Hacking Tools
Common Vulnerabilities and Exposures (CVE) β Dictionary of common names (i.e., CVE Identifiers) for publicly known security vulnerabilities.
National Vulnerability Database (NVD) β United States governmentβs National Vulnerability Database provides additional meta-data (CPE, CVSS scoring) of the standard CVE List along with a fine-grained search engine.
US-CERT Vulnerability Notes Database β Summaries, technical details, remediation information, and lists of vendors affected by software vulnerabilities, aggregated by the United States Computer Emergency Response Team (US-CERT).
Full-Disclosure β Public, vendor-neutral forum for a detailed discussion of vulnerabilities, often publishes details before many other sources.
Bugtraq (BID) β Software security bug identification database compiled from submissions to the SecurityFocus mailing Penetration testing tools list and other sources, operated by Symantec, Inc.
Exploit-DB β Non-profit project hosting exploits for software vulnerabilities, provided as a public service by Offensive Security.
Microsoft Security Bulletins β Announcements of security issues discovered in Microsoft software, published by the Microsoft Security Response Center (MSRC).
Microsoft Security Advisories β Archive of security advisories impacting Microsoft software.
Mozilla Foundation Security Advisories β Archive of security advisories impacting Mozilla software, including the Firefox Web Browser.
Packet Storm β Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry.
CXSecurity β Archive of published CVE and Bugtraq software vulnerabilities cross-referenced with a Google dork database for discovering the listed vulnerability.
SecuriTeam β Independent source of software vulnerability information.
Vulnerability Lab β Open forum for security advisories organized by category of exploit target.
Zero Day Initiative β Bug bounty program with the publicly accessible archive of published security advisories, operated by TippingPoint.
Vulners β Security database of software vulnerabilities.
Inj3ct0r (Onion service) β Exploit marketplace and vulnerability, information aggregator.
Open Source Vulnerability Database (OSVDB) β Historical archive of security vulnerabilities in computerized equipment, no longer adding to its vulnerability database as of April, 2016.Hacking Tools
HPI-VDB β Aggregator of cross-referenced software vulnerabilities offering free-of-charge API access, provided by the Hasso-Plattner Institute, Potsdam.Hacking Tools
Information Security Conferences β Hacking Tools
DEF CON β annual hacker convention in Las Vegas.
Black Hat β Annual security conference in Las Vegas.
BSides β Framework for organizing and holding security conferences.
CCC β Annual meeting of the international hacker scene in Germany.
DerbyCon β Annual hacker conference based in Louisville.
PhreakNIC β Technology conference held annually in middle Tennessee.
ShmooCon β Annual US East coast hacker convention.
CarolinaCon β Infosec conference, held annually in North Carolina.
CHCon β Christchurch Hacker Con, Only South Island of New Zealand hacker con.
SummerCon β One of the oldest hacker conventions, held during Summer.
Hack.lu β Annual conference held in Luxembourg.
Hackfest β Largest hacking conference in Canada.
HITB β Deep-knowledge security conference held in Malaysia and The Netherlands.
Troopers β Annual international IT Security event with workshops held in Heidelberg, Germany.
Hack3rCon β Annual US hacker conference.
ThotCon β Annual US hacker conference held in Chicago.
LayerOne β Annual US security conference held every spring in Los Angeles.
DeepSec β Security Conference in Vienna, Austria.
SkyDogCon β Technology conference in Nashville.
SECUINSIDE β Security Conference in Seoul.
DefCamp β Largest Security Conference in Eastern Europe, held annually in Bucharest, Romania.
AppSecUSA β Annual conference organized by OWASP.
BruCON β Annual security conference in Belgium.
Infosecurity Europe β Europeβs number one information security event, held in London, UK.
Nullcon β Annual conference in Delhi and Goa, India.
RSA Conference USA β Annual security conference in San Francisco, California, USA.
Swiss Cyber Storm β Annual security conference in Lucerne, Switzerland.
Virus Bulletin Conference β Annual conference going to be held in Denver, the USA for 2016.
Ekoparty β Largest Security Conference in Latin America, held annually in Buenos Aires, Argentina.
44Con β Annual Security Conference held in London.
BalCCon β Balkan Computer Congress, annually held in Novi Sad, Serbia.
FSec β FSec β Croatian Information Security Gathering in VaraΕΎdin, Croatia.
Information Security Magazines β Hacking Tools
2600: The Hacker Quarterly β American publication about technology and computer βunderground.β
Phrack Magazine β By far the longest-running hacker zine.
Awesome Lists β Hacking Tools β
Kali Linux Tools β List of Hacking tools present in Kali Linux.
SecTools β Top 125 Network Security Hacking Tools.
Pentest Cheat Sheets β Awesome Pentest Cheat Sheets.
C/C++ Programming β One of the main language for open source security tools.
.NET Programming β Software framework for Microsoft Windows platform development.
Shell Scripting β Command-line frameworks, toolkits, guides, and gizmos.
Ruby Programming by @dreikanter β The de-facto language for writing exploits.
Ruby Programming by @markets β The de-facto language for writing exploits.
Ruby Programming by @Sdogruyol β The de-facto language for writing exploits.
JavaScript Programming β In-browser development and scripting.
Node.js Programming by @sindresorhus β Curated list of delightful Node.js packages and resources.
Python tools for penetration testers β Lots of pentesting tools are written in Python.
Python Programming by @svaksha β General Python programming.
Python Programming by @vinta β General Python programming.
Android Security β Collection of Android security-related resources.
Awesome Awesomness β The List of the Lists.
AppSec β Resources for learning about application security.
CTFs β Capture The Flag frameworks, libraries, etc.
InfoSec Β§ Hacking challenges β Comprehensive directory of CTFs, wargames, hacking challenge websites, Penetration testing tools list practice lab exercises, and more.
Hacking β Tutorials, tools, and resources.
Honeypots β Honeypots, tools, components, and more.
Infosec β Information security resources for pentesting, forensics, and more.
Forensics β Free (mostly open-source) forensic analysis tools and resources.
Malware Analysis β Tools and resources for analysts.
PCAP Tools β Tools for processing network traffic.
Security β Software, libraries, documents, and other resources.
Awesome Lockpicking β Awesome guides, tools, and other resources about the security and compromise of locks, safes, and keys.
SecLists β Collection of multiple types of lists used during security assessments.
Security Talks β Curated list of security conferences.
OSINT β Awesome OSINT list containing great resources.
YARA β YARA rules, tools, and people.
Learn & practice For the OSCP.
Last updated
Was this helpful?