Skip to content

Hacking resources and cheat sheets. References, tools, scripts, tutorials, and other resources that help offensive and defensive security professionals.

Notifications You must be signed in to change notification settings

mEstrazulas/hacking-resources

 
 

Repository files navigation

Hacking cheat sheet and resources

All Contributors

List of hacking utilities. Resources that I consider useful and that I have been and continue to collect during my study.

Tools

Footprinting and reconnaissance

Competitive Intelligence Gathering

What did this company begin? How did it develop?
What are the company's plans?
What expert do opinions say about the company?

Enumerate people, emails,...

Email tracking tools

  • eMailTrackerPro: Trace an email using the email header.
  • Infoga: Infoga is a tool gathering email accounts informations (ip,hostname,country,...) from different public source (search engines, pgp key servers and shodan) and check if emails was leaked using haveibeenpwned.com API. Is a really simple tool, but very effective for the early stages of a penetration test or just to know the visibility of your company in the Internet.
  • Mailtrack: Know when your emails are opened.
  • PoliteMail

Extracting Metadata of Public Documents

  • Exiftool: ExifTool meta information reader/writer.
  • Metagoofil: Metadata harvester.
  • Opanda IExif: Is a professional Exif viewer in Windows / IE / Firefox, From a photographer's eye, It displays the image taken from digital camera and every item of EXIF data in the image from beginning to end.
  • Web Data Extractor: Web Data Extractor Pro is a web scraping tool specifically designed for mass-gathering of various data types. It can harvest URLs, phone and fax numbers, email addresses, as well as meta tag information and body text. Special feature of WDE Pro is custom extraction of structured data.

Extracting Website Links

  • Link Extractor: Very simple tool which allows scrapping all the links from any web page in Internet.
  • Netpeak Spider: Desktop tool for day-to-day SEO audit, fast issue check, comprehensive analysis, and website scraping.
  • Octoparse: Octoparse is a free, multi-award winning web scraping software to turn websites into structured data without coding.

Find TLD's domains

Footprinting

  • Bill Cipher: Information Gathering tool for a Website or IP address
  • FOCA
  • Maltego: Maltego is an open source intelligence (OSINT) and graphical link analysis tool for gathering and connecting information for investigative tasks.
  • OSINT Framework
  • OSRFramework: The Open Sources Research Framework is a AGPLv3+ project by i3visio focused on providing API and tools to perform more accurate online researches.
  • Raccoon: A high performance offensive security tool for reconnaissance and vulnerability scanning.
  • ReconDog: Reconnaissance Swiss Army Knife.
  • Recon-ng: Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.
  • Th3Inspector

IP geolocation lookup

Mirroring entire website

  • Cyotek: Copy websites locally for offline browsing
  • HTTrack WebSite Copier: Copy websites to your computer.
  • NCollector Studio
  • Social-Engineer Toolkit (SET): Is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly.
  • ShellPhish: Phishing Tool for Instagram, Facebook, Twitter, Snapchat, Github.napchat, Github.

Monitoring webpages for updates and changes

  • visualping: Monitor website changes… so you don't have to!
  • Website-Watcher: Monitor websites for new content and changes.

Monitoring website traffic of target company

Traceroute

Twitter

  • #onemilliontweetmap
  • Creepy: Creepy is a geolocation OSINT tool. Gathers geolocation related information from online sources, and allows for presentation on map, search filtering based on exact location and/or date, export in csv format or kml for further analysis in Google Maps.
  • First Tweet - Who Said It First on Twitter
  • foller.me: Twitter analytics application that gives you rich insights about any public Twitter profile. We gather near real-time data about topics, mentions, hashtags, followers, location and more!
  • Followerwonk: Help to explore and grow one's social graph by digging deeper into Twitter analytics.
  • Omnisci
  • tinfoleak: The most complete open-source tool for Twitter intelligence analysis.

Website footprinting

  • Burp Suite
  • Find Subdomains Online | Pentest-Tools.com
  • Wappalyzer: Identifies technologies on websites, including content management systems, ecommerce platforms, JavaScript frameworks, analytics tools and much more.
  • Website informer: Evaluates authority and popularity of websites you are visiting.
  • What's that site running? | Netcraft: Find out the infrastructure and technologies used by any site using results from our internet data mining.
  • Zaproxy: The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by a dedicated international team of volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications.
Website footprinting using spiders
  • ParseHub: Is a free and powerful web scraping tool. With our advanced web scraper, extracting data is as easy as clicking on the data you need.
  • SpiderFoot: Automates OSINT collection and helps you find what matters
  • Web Data Extractor: Is a web scraping tool specifically designed for mass-gathering of various data types. It can harvest URLs, phone and fax numbers, email addresses, as well as meta tag information and body text. Special feature of WDE Pro is custom extraction of structured data.
  • webscarab-ng: WebScarab-NG is a complete rewrite of the old WebScarab application, with a special focus on making the application more user-friendly.

Networks

  • Angry IP Scanner: Fast and friendly network scanner
  • Capsa Portable Network Analyzer: Monitor, Analyze, Troubleshoot your Wired & Wireless Network.
  • Colasoft Packet Builder: Colasoft Packet Builder enables creating custom network packets; users can use this tool to check their network protection against attacks and intruders. Colasoft Packet Builder includes a very powerful editing feature. Besides common HEX editing raw data, it features a Decoding Editor allowing users to edit specific protocol field values much easier.
  • hping: hping3 is a network tool able to send custom TCP/IP packets and to display target replies like ping do with ICMP replies. hping3 can handle fragmentation, and almost arbitrary packet size and content, using the command line interface.
  • HTTPort 3.SNFM: HTTPort allows you to bypass your HTTP proxy, which is blocking you from the Internet. With HTTPort you may use various Internet software from behind the proxy, ex. e-mail, instant messengers, P2P file sharing, ICQ, News, FTP, IRC, etc.
  • Megaping: MegaPing is the ultimate must-have toolkit that provides essential utilities for Information System specialists, system administrators, IT solution providers or individuals.
  • Metasploit Framework
  • Nav: Network Administration Visualized.
  • NetScanTools: NetScanTools Pro is an integrated collection of internet information gathering and network troubleshooting utilities for Network Professionals. Research IPv4 addresses, IPv6 addresses, hostnames, domain names, email addresses and URLs automatically** or with manual tools. It is designed for the Windows operating system GUI. **Automated tools are started interactively by the user. Include a promiscous detection scanner.
  • NetSurveyor: Is an 802.11 (WiFi) network discovery tool that gathers information about nearby wireless access points in real time and displays it in useful ways. Similar in purpose to NetStumbler, it includes many more features.
  • Network Topology Mapper: Network mapping software designed to automatically map your network.
  • Nmap: Nmap - the Network Mapper. Github mirror of official SVN repository.
  • Omnipeek Network Protocol Analyzer
  • Ostinato: Packet/Traffic Generator and Analyzer.
  • sparta: Network Infrastructure Penetration Testing Tool: NMap + hydra.
  • SteelCentral Packet Analyzer
  • Unicornscan
  • wireshark: Wireshark is a network traffic analyzer, or "sniffer", for Linux, macOS, *BSD and other Unix and Unix-like operating systems and for Windows. It uses Qt, a graphical user interface library, and libpcap and npcap as packet capture and filtering libraries.

Android

ARP

ARP Poisoning
  • Cain
  • Ettercap: Is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis.
Protection
  • ARP AntiSpoofer: A utility for detecting and resisting BIDIRECTIONAL ARP spoofing. It can anti-spoof for not only the local host, but also other hosts in the same subnet. It is as well a handy helper for gateways which don't work well with ARP.
  • ArpON: Is a Host-based solution that make the ARP standardized protocol secure in order to avoid the Man In The Middle (MITM) attack through the ARP spoofing, ARP cache poisoning or ARP poison routing attack.
  • arpstraw: Arp spoof detection tool.
  • shARP: An anti-ARP-spoofing application software that use active and passive scanning methods to detect and remove any ARP-spoofer from the network.
  • XArp – Advanced ARP Spoofing Detection: Is a security application that uses advanced techniques to detect ARP based attacks.

DHCP

DHCP starvation attack
  • DHCPig: DHCP exhaustion script written in python using scapy network library.
  • dhcpstarv: Is tool that implements DHCP starvation attack. It requests DHCP leases on specified interface, save them and renew on regular basis.
  • Gobbler
  • Hyenae: Is a highly flexible platform independent network packet generator. It allows you to reproduce several MITM, DoS and DDoS attack scenarios, comes with a clusterable remote daemon and an interactive attack assistant.
  • yersinia: A framework for layer 2 attacks.
Rogue DHCP attack

DoS

  • hping3: hping3 is a network tool able to send custom TCP/IP packets and to display target replies like ping do with ICMP replies. hping3 can handle fragmentation, and almost arbitrary packet size and content, using the command line interface.
  • High Orbit Ion Cannon (HOIC)
  • Low Orbit Ion Cannon (LOIC): An open source network stress tool, written in C#. Based on Praetox's LOIC project.
Protection

MAC address

MAC flood attack
  • macof: Flood a switched LAN with random MAC addresses.
  • yersinia: A framework for layer 2 attacks.
MAC Spoofing

Enumeration

  • Active Directory Explorer: Is an advanced Active Directory (AD) viewer and editor. You can use AD Explorer to easily navigate an AD database, define favorite locations, view object properties and attributes without having to open dialog boxes, edit permissions, view an object's schema, and execute sophisticated searches that you can save and re-execute.
  • Advanced IP Scanner: Reliable and free network scanner to analyse LAN. The program shows all network devices, gives you access to shared folders, provides remote control of computers (via RDP and Radmin), and can even remotely switch computers off. It is easy to use and runs as a portable edition. It should be the first choice for every network admin.
  • Amass: The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.
  • dig: Network admin tool for querying DNS servers.
  • dirsearch: Web path scanner.
  • dnsrecon: DNS Enumeration Script.
  • dnswalk: A DNS database debugger.
  • domained: Multi Tool Subdomain Enumeration.
  • Engineer's Toolset: Network software with over 60 must-have tools.
  • enum4linux: Is a Linux alternative to enum.exe for enumerating data from Windows and Samba hosts.
  • EyeWitness: EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
  • Global Network Inventory: Global Network Inventory is a powerful and flexible software and hardware inventory system that can be used as an audit scanner in an agent-free and zero deployment environments. If used as an audit scanner, it only requires full administrator rights to the remote computers you wish to scan. Global Network Inventory can audit remote computers and even network appliances, including switches, network printers, document centers, etc.
  • gobuster: Directory/File, DNS and VHost busting tool written in Go.
  • google-url-extractor.js: Small script that extracts all URLs from a Google search result.
  • httprobe: Take a list of domains and probe for working HTTP and HTTPS servers.
  • Hurricane Electric BGP Toolkit
  • jxplorer: Is a cross platform LDAP browser and editor. It is a standards compliant general purpose LDAP client that can be used to search, read and edit any standard LDAP directory, or any directory service with an LDAP or DSML interface.
  • Knock: Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist. It is designed to scan for DNS zone transfer and to try to bypass the wildcard DNS record automatically if it is enabled. Now knockpy supports queries to VirusTotal subdomains, you can setting the API_KEY within the config.json file.
  • LDAP Account Manager
  • LDAP Admin
  • LDAP Administrator
  • massdns: A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration).
  • NetBIOS Enumerator: This application was suggested to show how to use remote network support and how to deal with some other interesting web technics like SMB.
  • NetScanTools: NetScanTools Pro is an integrated collection of internet information gathering and network troubleshooting utilities for Network Professionals. Research IPv4 addresses, IPv6 addresses, hostnames, domain names, email addresses and URLs automatically** or with manual tools. It is designed for the Windows operating system GUI. **Automated tools are started interactively by the user.
  • Network Browser: NPM uses the SNMP protocol to send requests across your network and receive responses containing key configuration data, including system details and device failures. This is especially beneficial when dealing with large and dynamic networks using equipment from multiple vendors. Just provide a list of IP addresses or subnets along with SNMP credentials, and the NPM Network Sonar Wizard will automatically scan for devices.
  • Network Performance Monitor: Multi-vendor network monitoring that scales and expands with the needs of your network.
  • nmap-vulners: Identifies the used software for each found http port and builds CPEs for the identified versions.
  • nsauditor
  • nsec3map: A tool to enumerate the resource records of a DNS zone using its DNSSEC NSEC or NSEC3 chain
  • NSEarch (Nmap Script Engine Search): Minimal script to help find script into the nse database.
  • PsTools
  • RPCScan: Tool to communicate with RPC services and check misconfigurations on NFS shares
  • snmpcheck: Like to snmpwalk, snmpcheck permits to enumerate information via SNMP protocol.
  • SoftPerfect Network Scanner: Can ping computers, scan ports, discover shared folders and retrieve practically any information about network devices via WMI, SNMP, HTTP, SSH and PowerShell. It also scans for remote services, registry, files and performance counters; offers flexible filtering and display options and exports NetScan results to a variety of formats from XML to JSON.
  • subbrute: A DNS meta-query spider that enumerates DNS records, and subdomains.
  • subfinder: Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.
  • Sublist3r: Fast subdomains enumeration tool for penetration testers.
  • SuperEnum: This script does the basic enumeration of any open port along with screenshots.
  • SystemTools Hyena: Using the built-in Windows administration tools to manage a medium to large Windows network or Active Directory environment can be a challenge. Add multiple domains, hundreds or thousands of servers, workstations, and users, and before you know it, things can get out of hand. Hyena is designed to both simplify and centralize nearly all of the day-to-day management tasks, while providing new capabilities for system administration. This functionality is provided in a single, centralized, easy to use product. Used today by tens of thousands of system administrators worldwide, Hyena is the one tool that every administrator cannot afford to be without.
  • waybackurls: Fetch all the URLs that the Wayback Machine knows about for a domain.
  • wfuzz: Web application fuzzer.

Vulnerability Analysis

Vulnerability Scanning

  • GFI LanGuard
  • Nessus: Scanning for vulnerabilities in various operating systems. It consists of a daemon, nessusd, which performs the scan on the target system, and nessus, the client which displays the progress and reports on the status of the scans.
  • nikto: Nikto web server scanner.
  • OpenVAS: Is a full-featured vulnerability scanner. Its capabilities include unauthenticated testing, authenticated testing, various high level and low level Internet and industrial protocols, performance tuning for large-scale scans and a powerful internal programming language to implement any type of vulnerability test.
  • Vulnerability Scanning Tools by OWASP

Databases

  • CVE mitre: The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.
  • CWE mitre: is a community-developed list of software and hardware weakness types. It serves as a common language, a measuring stick for security tools, and as a baseline for weakness identification, mitigation, and prevention efforts.
  • National Vulnerability Database: The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
  • SecurityFocus

System hacking

  • DSInternals: The DSInternals project consists of these two parts: 1 - The DSInternals Framework exposes several internal features of Active Directory and can be used from any .NET application. The codebase has already been integrated into several 3rd party commercial products that use it in scenarios like Active Directory disaster recovery, identity management, cross-forest migrations and password strength auditing. 2 - The DSInternals PowerShell Module provides easy-to-use cmdlets that are built on top of the Framework.
  • Metasploit Framework
  • mimikatz: A little tool to play with Windows security.
  • MSFvenom Payload Creator (MSFPC): A quick way to generate various "basic" Meterpreter payloads via msfvenom (part of the Metasploit framework).
  • ntdsxtract: Active Directory forensic framework.
  • PEASS - Privilege Escalation Awesome Scripts SUITE (with colors): Here you will find privilege escalation tools for Windows and Linux/Unix and MacOS. These tools search for possible local privilege escalation paths that you could exploit and print them to you with nice colors so you can recognize the misconfigurations easily.
  • php-webshells: Common PHP webshells you might need for your Penetration Testing assignments or CTF challenges. Do not host the file(s) on your server!
  • PowerTools: PowerTools is a collection of PowerShell projects with a focus on offensive operations.
  • unicorn: Is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18.
  • Veil: Is a tool designed to generate metasploit payloads that bypass common anti-virus solutions.
  • venom: The script will use msfvenom (metasploit) to generate shellcode in diferent formats ( C# | python | ruby | dll | msi | hta-psh | docm | apk | macho | elf | deb | mp4 | etc ) injects the shellcode generated into one template (example: python) "the python funtion will execute the shellcode into ram" and uses compilers like gcc (gnu cross compiler) or mingw32 or pyinstaller to build the executable file.
  • wevtutil: Enables you to retrieve information about event logs and publishers. You can also use this command to install and uninstall event manifests, to run queries, and to export, archive, and clear logs.
  • WhiteWinterWolf's PHP web shell

Privilege Escalation / Post exploitation

  • BeRoot: Is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.
  • linpostexp: ux post exploitation enumeration and exploit checking tools.
  • meterpreter - getsystem
  • PowerSploit: A PowerShell Post-Exploitation Framework

Exploit databases

Logs

Password cracking / Login brute-forcer

  • Cain: Password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncover,…
  • hashcat: Password recovery utility, supporting five unique modes of attack for over 300 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and macOS, and has facilities to help enable distributed password cracking.
  • John the Ripper jumbo: Advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs.
  • L0phtCrack Password Auditor: Enforce strong passwords across your enterprise.
  • medusa: Medusa is a speedy, parallel, and modular, login brute-forcer.
  • RainbowCrack: Is a general propose implementation of Philippe Oechslin's faster time-memory trade-off technique. It crack hashes with rainbow tables.
  • Responder: Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
  • thc-hydra: Number one of the biggest security holes are passwords, as every password security study shows. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system.

Malwares

  • 4n4lDetector: It is a tool for analysis of Windows executable files, in order to quickly identify if this is or is not a malware. Most analyzes are based on the extraction of strings "ANSI" and "UNICODE" in disk, but also works with "Memory Dumps".
  • Indetectables Toolkit: Fundamental reverse/analysis/cracking toolkit.
  • M/Monit: Can monitor and manage distributed computer systems, conduct automatic maintenance and repair and execute meaningful causal actions in error situations.
  • obfuscation_detection: Collection of scripts to pinpoint obfuscated code.
  • Phantom-Evasion: Is an antivirus evasion tool written in python (both compatible with python and python3) capable to generate (almost) fully undetectable executable even with the most common x86 msfvenom payload.
  • Process Explorer: Ever wondered which program has a particular file or directory open? Now you can find out. Process Explorer shows you information about which handles and DLLs processes have opened or loaded.
  • Process Monitor: Is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity.
  • Shellter: Is a dynamic shellcode injection tool, and the first truly dynamic PE infector ever created.
  • ResourcesExtract: Is a small utility that scans dll/ocx/exe files and extract all resources (bitmaps, icons, cursors, AVI movies, HTML files, and more...) stored in them into the folder that you specify. You can use ResourcesExtract in user interface mode, or alternatively, you can run ResourcesExtract in command-line mode without displaying any user interface.
  • ProcDump: Is a command-line utility whose primary purpose is monitoring an application for CPU spikes and generating crash dumps during a spike that an administrator or developer can use to determine the cause of the spike. ProcDump also includes hung window monitoring (using the same definition of a window hang that Windows and Task Manager use), unhandled exception monitoring and can generate dumps based on the values of system performance counters. It also can serve as a general process dump utility that you can embed in other scripts.droid. TheFatRat Provides An Easy way to create Backdoors and Payload which can bypass most anti-virus.
  • SysAnalyzer: Is an open source application that was designed to give malcode analysts an automated tool to quickly collect, compare, and report on the actions a binary took while running on the system.
  • TheFatRat: Is an exploiting tool which compiles a malware with famous payload, and then the compiled malware can be executed on Linux , Windows , Mac and Android. TheFatRat Provides An Easy way to create Backdoors and Payload which can bypass most anti-virus.
  • Windows Sysinternals

Android

  • apkleaks: Scanning APK file for URIs, endpoints & secrets.
  • dexcalibur: Android reverse engineering tool focused on dynamic instrumentation automation. Powered by Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.

Databases

Debuggers

  • Immunity Debugger: Is a powerful new way to write exploits, analyze malware, and reverse engineer binary files. It builds on a solid user interface with function graphing, the industry's first heap analysis tool built specifically for heap creation, and a large and well supported Python API for easy extensibility.
  • OllyDbg: OllyDbg is a 32-bit assembler level analysing debugger for Microsoft® Windows®. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable.
  • WinDbg: Cn be used to debug kernel-mode and user-mode code, analyze crash dumps, and examine the CPU registers while the code executes.

Decompilers

  • Decompiler: Online decompiler.
  • Snowman: Snowman is a native code to C/C++ decompiler.

Dependencies

  • DependencyCheck: OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
  • Dependency Walker: Is a free utility that scans any 32-bit or 64-bit Windows module (exe, dll, ocx, sys, etc.) and builds a hierarchical tree diagram of all dependent modules. For each module found, it lists all the functions that are exported by that module, and which of those functions are actually being called by other modules. Another view displays the minimum set of required files, along with detailed information about each file including a full path to the file, base address, version numbers, machine type, debug information, and more.
  • Hakiri: Monitors Ruby apps for dependency and code security vulnerabilities.
  • RetireJS: There is a plethora of JavaScript libraries for use on the web and in node.js apps out there. This greatly simplifies, but we need to stay update on security fixes. "Using Components with Known Vulnerabilities" is now a part of the OWASP Top 10 and insecure libraries can pose a huge risk for your webapp. The goal of Retire.js is to help you detect use of version with known vulnerabilities.
  • snyk

Device drivers monitoring

Disassemblers

  • cutter: Free and Open Source Reverse Engineering Platform powered by rizin.
  • Ghidra Software Reverse Engineering Framework: This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python.
  • IDA Pro
  • Online Disassembler
  • radare2: UNIX-like reverse engineering framework and command-line toolset.

DNS monitoring

  • DNSQuerySniffer: Is a network sniffer utility that shows the DNS queries sent on your system. For every DNS query, the following information is displayed: Host Name, Port Number, Query ID, Request Type (A, AAAA, NS, MX, and so on), Request Time, Response Time, Duration, Response Code, Number of records, and the content of the returned DNS records.

File fingerprinting

  • HashCalc
  • HashMyFiles: Is small utility that allows you to calculate the MD5 and SHA1 hashes of one or more files in your system. You can easily copy the MD5/SHA1 hashes list into the clipboard, or save them into text/html/xml file.
  • HashTab
  • md5deep and hashdeep
  • mimikatz: A little tool to play with Windows security.

Files integrity monitoring

  • CSP File Integrity Checker: FIC delivers a simple yet powerful solution with its file monitoring and reporting capabilities. File monitoring is a critical part of the PCI data security standard to protect confidential (e.g. card-holder) information.
  • Netwrix Auditor
  • NNT Change Tracker: Includes context-based File Integrity Monitoring and File Whitelisting to assure all change activity is automatically analyzed and validated.
  • PA File Sight
  • Verisys: File integrity monitoring for Windows, Linux and network devices.
  • Wazuh

Network

  • Capsa Portable Network Analyzer: Capsa, a portable network performance analysis and diagnostics tool, provides tremendously powerful and comprehensive packet capture and analysis solution with an easy to use interface allowing both veteran and novice users the ability to protect and monitor networks in a critical business environment. Capsa aids in keeping you assessed of threats that may cause significant business outage.
  • CurrPorts: Is network monitoring software that displays the list of all currently opened TCP/IP and UDP ports on your local computer. For each port in the list, information about the process that opened the port is also displayed, including the process name, full path of the process, version information of the process (product name, file description, and so on), the time that the process was created, and the user that created it.
  • FakeNet: Is Windows network simulation tool designed for malware analysis. It redirects all traffic leaving a machine to the localhost (including hard-coded IP traffic and DNS traffic) and implements several protocols to ensure that malicious code continues to execute and can be observed by an analyst.
  • GFI LanGuard
  • INetSim: Is a software suite for simulating common internet services in a lab environment, e.g. for analyzing the network behaviour of unknown malware samples.
  • NetFlow Traffic Analyzer
  • Netfort
  • Port Monitor
  • PRTG Network Monitor
  • TCPView: Is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections.
  • Wireshark

Packers

  • ASPack: Is an advanced EXE packer created to compress Win32 executable files and to protect them against non-professional reverse engineering.
  • PEiD: Is an intuitive application that relies on its user-friendly interface to detect packers, cryptors and compilers found in PE executable files – its detection rate is higher than that of other similar tools since the app packs more than 600 different signatures in PE files.
  • macro_pack: The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.
  • RDG Packer Detector: Is a detector for packers, ciphers, compilers, packers, encoders, assemblers, installers.
  • UPX the Ultimate Packer for eXecutables: Is a free, portable, extendable, high-performance executable packer for several executable formats.

Portable Executable (PE) information

  • PE Explorer: Lets you open, view and edit a variety of different 32-bit Windows executable file types (also called PE files) ranging from the common, such as EXE, DLL and ActiveX Controls, to the less familiar types, such as SCR (Screensavers), CPL (Control Panel Applets), SYS, MSSTYLES, BPL, DPL and more (including executable files that run on MS Windows Mobile platform).
  • PeView: Provides a quick and easy way to view the structure and content of 32-bit Portable Executable (PE) and Component Object File Format (COFF) files. This PE/COFF file viewer displays header, section, directory, import table, export table, and resource information within EXE, DLL, OBJ, LIB, DBG, and other file types.
  • Portable Executable Scanner (pescan): Is a command line tool to scan portable executable (PE) files to identify how they were constructed.
  • Resource Hacker: Is a resource editor for 32bit and 64bit Windows® applications. It's both a resource compiler (for .rc files), and a decompiler - enabling viewing and editing of resources in executables (.exe; *.dll; .scr; etc) and compiled resource libraries (.res, *.mui). While Resource Hacker™ is primarily a GUI application, it also provides many options for compiling and decompiling resources from the command-line.

RATs

Scanners

  • Cuckoo: You can throw any suspicious file at it and in a matter of minutes Cuckoo will provide a detailed report outlining the behavior of the file when executed inside a realistic but isolated environment.
  • Hybrid Analysis: This tool allows sending a file to different scanners in parallel: VirusTotal, MetaDefender and CrowdStrike Falcon. Send samples.
  • jotti: Simple online scanner that returns the scan results of a number of antivirus scanners, as well as some basic information about the file. Send samples.
  • KIMS: KIMS was the first local and web multi scan of the world which last version came out on 2006 programed by Thor. In 2009 it began being developed to the new version by DSR!.
  • Malice.IO: VirusTotal Wanna Be - Now with 100% more Hipster.
  • NoDistribute
  • thor-av-multiscanner: Static analysis of malware using Docker. This software allows you to scan a file with different antivirus engines. Also, it allows obtaining information from a file; such as imported libraries, PE, hashes, etc.
  • Valkyrie Sandbox: Is a file verdict system. Different from traditional signature based malware detection techniques Valkyrie conducts several analysis using run-time behavior and hundreds of features from a file and based on analysis results can warn users against malware undetected by classic Anti-Virus products.
  • VirusTotal: Analyze suspicious files and URLs to detect types of malware, automatically share them with the security community. Displays information on static and dynamic analysis. Send samples.

Spyware

  • ACTIVTrack
  • Spytech SpyAgent: Allows you to monitor and record EVERYTHING users do on your computer - in total stealth. SpyAgent provides an unrivaled set of essential computer monitoring features, as well as website and application content filtering, chat client blocking, real-time activity alerts, and remote delivery of logs via email or FTP.
  • NetVizor
  • Power Spy: Is a computer activity monitoring software that allows you to secretly log all users on a PC while they are unaware. After the software is installed on the PC, you can remotely receive log reports on any device via email or FTP. You can check these reports as soon as you receive them or at any convenient time. You can also directly check logs using the log viewer on the monitored PC.
  • SoftActivity Monitor
  • Veriato Cerebral

String search

  • BinText: A small, very fast and powerful text extractor that will be of particular interest to programmers. It can extract text from any kind of file and includes the ability to find plain ASCII text, Unicode (double byte ANSI) text and Resource strings, providing useful information for each item in the optional "advanced" view mode. Its comprehensive filtering helps prevent unwanted text being listed. The gathered list can be searched and saved to a separate file as either a plain text file or in informative tabular format.
  • FireEye Labs Obfuscated String Solver: Automatically extract obfuscated strings from malware.
  • Strings

Virus

Windows registry monitoring

  • Autoruns for Windows: This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and when you start various built-in Windows applications like Internet Explorer, Explorer and media players. These programs and drivers include ones in your startup folder, Run, RunOnce, and other Registry keys. Autoruns reports Explorer shell extensions, toolbars, browser helper objects, Winlogon notifications, auto-start services, and much more. Autoruns goes way beyond other autostart utilities.
  • Registrar Registry Manager: Is an advanced and complete suite of tools that allows you to safely maintain your local registry as well as the registries on the systems of your network. Since many years, Registrar Registry Manager has been the expert's choice in registry management.
  • Registry Viewer
  • Reg Organizer: The utility allows you to remove unwanted programs from the system and search for traces of the uninstalled program. If there are “heavy” programs that run automatically on start-up in your Windows operating system, disabling them in an advanced startup manager can in some cases speed up the boot time and operation of your operating system. The disk cleanup feature frees up space on your system disk. And this is only part of features in the utility.
  • RegScanner: Is a small utility that allows you to scan the Registry, find the desired Registry values that match to the specified search criteria, and display them in one list. After finding the Registry values, you can easily jump to the right value in RegEdit, simply by double-clicking the desired Registry item. You can also export the found Registry values into a .reg file that can be used in RegEdit.
  • regshot: Regshot is an open-source (LGPL) registry compare utility that allows you to quickly take a snapshot of your registry and then compare it with a second one - done after doing system changes or installing a new software product.

Windows services monitoring

  • Advanced Windows Service Manager: Is the specialized software for smarter analysis of Windows Services. It offers many powerful and unique features which sets it apart from built-in Service Management Console as well as other similar softwares.
  • AnVir Task Manager: Control everything running on computer, remove Trojans, speed up computer.
  • Netwrix Service Monitor: Freeware service monitoring tool that enables you to monitor Windows services on your critical servers.
  • PA File Sight
  • Process Hacker
  • Service+
  • SrvMan: Windows Service Manager is a small tool that simplifies all common tasks related to Windows services. It can create services (both Win32 and Legacy Driver) without restarting Windows, delete existing services and change service configuration. It has both GUI and Command-line modes. It can also be used to run arbitrary Win32 applications as services (when such service is stopped, main application window is closed automatically).

Session hijacking

  • Burp Suite
  • bettercap: The Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM attacks.
  • netool toolki: MitM pentesting opensource toolkit.
  • OWASP ZAP: Is an integrated penetration testing tool for finding vulnerabilities in web applications. It offers automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. ZAP allows you to see all the requests you make to a web app and all the responses you receive from it. Among other things, it allows you to see AJAX calls that may not otherwise be outright visible. You can also set breakpoints, which allow you to change the requests and responses in real-time.
  • https://github.com/moxie0/sslstrip: A tool for exploiting Moxie Marlinspike's SSL "stripping" attack.
  • WebSploit Framework

Android

  • DroidSheep: Is an open-source Android application made by Corsin Camichel that allows you to intercept unprotected web-browser sessions using WiFi.
  • DroidSniff: Is an Android app for Security analysis in wireless networks and capturing facebook, twitter, linkedin and other accounts.rotected web-browser sessions using WiFi.
  • FaceNiff: Is an Android app that allows you to sniff and intercept web session profiles over the WiFi that your mobile is connected to. It is possible to hijack sessions only when WiFi is not using EAP, but it should work over any private networks (Open/WEP/WPA-PSK/WPA2-PSK). It's kind of like Firesheep for android. Maybe a bit easier to use (and it works on WPA2!).

Protection

Firewalls

Honeypots

  • awesome-honeypots: An awesome list of honeypot resources.
  • Honeyd Virtual Honeypot: Is a small daemon that creates virtual hosts on a network. The hosts can be configured to run arbitrary services, and their personality can be adapted so that they appear to be running certain operating systems. Honeyd enables a single host to claim multiple addresses - I have tested up to 65536 - on a LAN for network simulation. Honeyd improves cyber security by providing mechanisms for threat detection and assessment. It also deters adversaries by hiding real systems in the middle of virtual systems.
  • KFSensor: Acts as a honeypot, designed to attract and detect hackers and worms by simulating vulnerable system services and trojans.

IDS / IPS

  • Snort: Open Source Intrusion Prevention System (IPS) in the world. Snort IPS uses a series of rules that help define malicious network activity and uses those rules to find packets that match against them and generates alerts for users.
  • wazuh: Open source security platform based on OSSEC.

Inventory management

Patch

Trackers

  • ClearURLs: This extension will automatically remove tracking elements from URLs to help protect your privacy when browse through the Internet.
  • PixelBlock: Blocks people from tracking when you open their emails.
  • Privacy Badger: Automatically learns to block invisible trackers.
  • Ugly Email: Is an open-source Gmail extension for identifying and blocking email trackers.

Forensics

  • Autopsy: Autopsy® is the premier end-to-end open source digital forensics platform. Built by Basis Technology with the core features you expect in commercial forensic tools, Autopsy is a fast, thorough, and efficient hard drive investigation solution that evolves with your needs.
  • Volatility: An advanced memory forensics framework.

Social engineering

Phising

  • Social-Engineer Toolkit (SET): Is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly.
  • ShellPhish: Phishing Tool for Instagram, Facebook, Twitter, Snapchat, Github.napchat, Github.
Protection
Employees education
Phishing detection

Steganography

Image

  • CryptaPix
  • gifshuffle
  • OpenStego: Is a steganography application that provides two functionalities: a) Data Hiding: It can hide any data within an image file. b) Watermarking: Watermarking image files with an invisible signature. It can be used to detect unauthorized file copying.
  • QuickStego
  • SSuite Picsel

White Space

  • snow: Is used to conceal messages in ASCII text by appending whitespace to the end of lines. Because spaces and tabs are generally not visible in text viewers, the message is effectively hidden from casual observers. And if the built-in encryption is used, the message cannot be read even if it is detected.

Other directories

  • Hacking Tools: Tools for penetration testing and security audit.

OS distributions / Virtual machines

OS distributions

  • BlackArch Linux: BlackArch Linux is an Arch Linux-based penetration testing distribution for penetration testers and security researchers.
  • HoneyDrive: HoneyDrive is the premier honeypot Linux distro. It is a virtual appliance (OVA) with Xubuntu Desktop 12.04.4 LTS edition installed. It contains over 10 pre-installed and pre-configured honeypot software packages such as Kippo SSH honeypot, Dionaea and Amun malware honeypots, Honeyd low-interaction honeypot, Glastopf web honeypot and Wordpot, Conpot SCADA/ICS honeypot, Thug and PhoneyC honeyclients and more. Additionally it includes many useful pre-configured scripts and utilities to analyze, visualize and process the data it can capture, such as Kippo-Graph, Honeyd-Viz, DionaeaFR, an ELK stack and much more. Lastly, almost 90 well-known malware analysis, forensics and network monitoring related tools are also present in the distribution.
  • HuronOsint: Linux Distrubition for Osint (version 1.0). In Huron you will find fundamental tools like Maltego or Recon-NG ready to be used or, at least, after a minimum configuration process, a multitude of links to specialized search engines like Shodan, social networks, language tools, SW for image data processing and extraction (ExifTools), tools for the creation of idea maps, user name checkers, email anonymizers... But also tools that allow you to carry out research tasks safely (tracking blockers, Tor browser...) or assist you in the creation of reports and visualization of multimedia material.
  • Kali Linux: The Most Advanced Penetration Testing Distribution.
  • Parrot OS: Is a GNU/Linux distribution based on Debian and designed with Security and Privacy in mind. It includes a full portable laboratory for all kinds of cyber security operations, from pentesting to digital forensics and reverse engineering, but it also includes everything needed to develop your own software or keep your data secure.
  • Security Onion 2: Security Onion is a free and open source Linux distribution for threat hunting, enterprise security monitoring, and log management. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes! Security Onion includes Elasticsearch, Logstash, Kibana, Suricata, Zeek (formerly known as Bro), Wazuh, Stenographer, TheHive, Cortex, CyberChef, NetworkMiner, and many other security tools.

Virtual machines

Setup scripts

Vulnerable machines

Other links

Blogs

Bug bounty platforms

Challenges

Communities

  • Axial: Is a community of like minded nerds who focus on reverse engineering, malware analysis and general nerdery regarding to malware, at axial we also focus on various web attack vectors and techniques to leverage our OSINT skills which is accomplished by release of various blogs which range from extremely beginner to an intermediate level which also makes sure to demonstrate the techniques in a broader range, Axial also focuses on various open source based projects dedicated towards the afore mentioned domain, definitely aligning with the offensive, and defensive side of the information security domain.

Forums

Services

Telegram channels

  • crackslatinos (Spanish): Telegram channel about reverse engineering, created by Ricardo Narvaja.
  • Bug Bounty ES (Spanish): Telegram channel about bug bounty, created by DragonJar.

Bibliography / Tutorials / Conferences

Bug bounty

Articles

  • tbhm: The Bug Hunters Methodology.

Books

Conferences

Certifications

CEH (Certified Ethical Hacker)

Miscellaneous

  • skillset: Practice questions for different certifications.

Forensics

Books

Hacking web

Books

Malwares / Reverse Engineering

Articles

Books

Cheat sheets

Tutorials

Videotutorials

Miscellaneous

Articles

Cheat sheets

Networks

Articles

Cheat sheets

System hacking

Articles

Cheat sheet

Tutorials

Books

Social engineering

Books

Conferences

Programming

Books

Contributors

This repository follows the all-contributors specification. Contributions of any kind welcome!

License

© 2021 javierizquierdovera.com

Licensed under the Apache License, Version 2.0 (LICENSE-APACHE) or the MIT license (LICENSE-MIT), at your option.

SPDX-License-Identifier: (Apache-2.0 OR MIT)

About

Hacking resources and cheat sheets. References, tools, scripts, tutorials, and other resources that help offensive and defensive security professionals.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published