awesome-pentest/README.md

Awesome Penetration Testing

A collection of awesome penetration testing resources

This project is supported by Netsparker Web Application Security Scanner

• Online Resources
  • Penetration Testing Resources
  • Exploit development
  • Open Sources Intelligence (OSINT) Resources
  • Social Engineering Resources
  • Lock Picking Resources
  • Operating Systems
• Tools
  • Penetration Testing Distributions
  • Basic Penetration Testing Tools
  • Docker for Penetration Testing
  • Vulnerability Scanners
  • Network Tools
  • Wireless Network Tools
  • SSL Analysis Tools
  • Web Exploitation
  • Hex Editors
  • Hash Cracking Tools
  • Windows Utils
  • Linux Utils
  • DDoS Tools
  • Social Engineering Tools
  • OSInt Tools
  • Anonymity Tools
  • Reverse Engineering Tools
  • Physical Access Tools
  • CTF Tools
• Books
  • Penetration Testing Books
  • Hackers Handbook Series
  • Defensive Development
  • Network Analysis Books
  • Reverse Engineering Books
  • Malware Analysis Books
  • Windows Books
  • Social Engineering Books
  • Lock Picking Books
  • Defcon Suggested Reading
• Vulnerability Databases
• Security Courses
• Information Security Conferences
• Information Security Magazines
• Awesome Lists
• Contribution
• License

Online Resources

Penetration Testing Resources

• Metasploit Unleashed - Free Offensive Security Metasploit course
• PTES - Penetration Testing Execution Standard
• OWASP - Open Web Application Security Project
• PENTEST-WIKI - A free online security knowledge library for pentesters / researchers.
• Vulnerability Assessment Framework - Penetration Testing Framework.
• XSS-Payloads - Ultimate resource for all things cross-site including payloads, tools, games and documentation.

Exploit development

• Shellcode Tutorial - Tutorial on how to write shellcode
• Shellcode Examples - Shellcodes database
• Exploit Writing Tutorials - Tutorials on how to develop exploits
• shellsploit - New Generation Exploit Development Kit
• Voltron - A hacky debugger UI for hackers

OSINT Resources

• OSINT Framework - Collection of various OSInt tools broken out by category.
• Intel Techniques - A collection of OSINT tools. Menu on the left can be used to navigate through the categories.
• NetBootcamp OSINT Tools - A collection of OSINT links and custom Web interfaces to other services such as Facebook Graph Search and various paste sites.

Social Engineering Resources

• Social Engineering Framework - An information resource for social engineers

Lock Picking Resources

• Schuyler Towne channel - Lockpicking videos and security talks
• bosnianbill - More lockpicking videos
• /r/lockpicking - Resources for learning lockpicking, equipment recommendations.

Operating Systems

• Security related Operating Systems @ Rawsec - Complete list of security related operating systems
• Best Linux Penetration Testing Distributions @ CyberPunk - Description of main penetration testing distributions
• Security @ Distrowatch - Website dedicated to talking about, reviewing and keeping up to date with open source operating systems
• cuckoo - Cuckoo Sandbox is a malware analysis system
• CAINE - (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a Digital Forensics project
• DEFT - Digital Evidence & Forensics Toolkit Live OS
• Tails - Live OS aimed at preserving privacy and anonymity

Tools

Penetration Testing Distributions

• Kali - A Linux distribution designed for digital forensics and penetration testing
• ArchStrike - An Arch Linux repository for security professionals and enthusiasts
• BlackArch - Arch Linux-based distribution for penetration testers and security researchers
• NST - Network Security Toolkit distribution
• Pentoo - Security-focused livecd based on Gentoo
• BackBox - Ubuntu-based distribution for penetration tests and security assessments
• Parrot - A distribution similar to Kali, with multiple architecture
• Buscador - A Linux Virtual Machine that is pre-configured for online investigators
• Fedora Security Lab - Provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies.
• The Pentesters Framework - PTF attempts to install all of your penetration testing tools (latest and greatest), compile them, build them, and make it so that you can install/update your distribution on any machine. Everything is organized in a fashion that is cohesive to the Penetration Testing Execution Standard (PTES) and eliminates a lot of things that are hardly used.

Basic Penetration Testing Tools

• Metasploit Framework - World's most used penetration testing software
• ExploitPack - Graphical tool for penetration testing with a bunch of exploits
• BeeF - The Browser Exploitation Framework Project
• faraday - Collaborative Penetration Test and Vulnerability Management Platform
• evilgrade - The update explotation framework
• commix - Automated All-in-One OS Command Injection and Exploitation Tool
• routersploit - Automated penetration testing software for router
• redsnarf - Post-exploitation tool for grabbing credentials
• Bella - Bella is a pure Python post-exploitation data mining & remote administration tool for Mac OS.

Docker for Penetration Testing

• docker pull kalilinux/kali-linux-docker official Kali Linux
• docker pull owasp/zap2docker-stable - official OWASP ZAP
• docker pull wpscanteam/wpscan - official WPScan
• docker pull citizenstig/dvwa - Damn Vulnerable Web Application (DVWA)
• docker pull wpscanteam/vulnerablewordpress - Vulnerable WordPress Installation
• docker pull hmlio/vaas-cve-2014-6271 - Vulnerability as a service: Shellshock
• docker pull hmlio/vaas-cve-2014-0160 - Vulnerability as a service: Heartbleed
• docker pull opendns/security-ninjas - Security Ninjas
• docker pull diogomonica/docker-bench-security - Docker Bench for Security
• docker pull ismisepaul/securityshepherd - OWASP Security Shepherd
• docker pull danmx/docker-owasp-webgoat - OWASP WebGoat Project docker image
• docker-compose build && docker-compose up - OWASP NodeGoat
• docker pull citizenstig/nowasp - OWASP Mutillidae II Web Pen-Test Practice Application
• docker pull bkimminich/juice-shop - OWASP Juice Shop
• docker pull kalilinux/kali-linux-docker - Kali Linux Docker Image
• docker pull remnux/metasploit - docker-metasploit

Vulnerability Scanners

• Nexpose - Vulnerability Management & Risk Management Software
• Nessus - Vulnerability, configuration, and compliance assessment
• Nikto - Web application vulnerability scanner
• OpenVAS - Open Source vulnerability scanner and manager
• Secapps - Integrated web application security testing environment
• w3af - Web application attack and audit framework
• Wapiti - Web application vulnerability scanner
• WebReaver - Web application vulnerability scanner for Mac OS X
• DVCS Ripper - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR
• arachni - Web Application Security Scanner Framework
• Vuls - Vulnerability scanner for Linux/FreeBSD, agentless, written in Go

Network Tools

• zmap - Open-source network scanner that enables researchers to easily perform Internet-wide network studies
• nmap - Free Security Scanner For Network Exploration & Security Audits
• pig - A Linux packet crafting tool
• tcpdump/libpcap - A common packet analyzer that runs under the command line
• Wireshark - A network protocol analyzer for Unix and Windows
• Network Tools - Different network tools: ping, lookup, whois, etc
• netsniff-ng - A Swiss army knife for for network sniffing
• Intercepter-NG - a multifunctional network toolkit
• SPARTA - Network Infrastructure Penetration Testing Tool
• dnschef - A highly configurable DNS proxy for pentesters
• DNSDumpster - Online DNS recon and search service
• dnsenum - Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results
• dnsmap - Passive DNS network mapper
• dnsrecon - DNS Enumeration Script
• dnstracer - Determines where a given DNS server gets its information from, and follows the chain of DNS servers
• passivedns-client - Provides a library and a query tool for querying several passive DNS providers
• passivedns - A network sniffer that logs all DNS server replies for use in a passive DNS setup
• Mass Scan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
• Zarp - Zarp is a network attack tool centered around the exploitation of local networks
• mitmproxy - An interactive SSL-capable intercepting HTTP proxy for penetration testers and software developers
• Morpheus - automated ettercap TCP/IP Hijacking tool
• mallory - HTTP/HTTPS proxy over SSH
• Netzob - Reverse engineering, traffic generation and fuzzing of communication protocols
• DET - DET is a proof of concept to perform Data Exfiltration using either single or multiple channel(s) at the same time
• pwnat - punches holes in firewalls and NATs
• dsniff - a collection of tools for network auditing and pentesting
• tgcd - a simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls
• smbmap - a handy SMB enumeration tool
• scapy - a python-based interactive packet manipulation program & library
• Dshell - Network forensic analysis framework
• Debookee (MAC OS X) - Intercept traffic from any device on your network
• Dripcap - Caffeinated packet analyzer
• PRET - Printer Exploitation Toolkit offers commands useful for printer attacks and fuzzing

Wireless Network Tools

• Aircrack-ng - a set of tools for auditing wireless network
• Kismet - Wireless network detector, sniffer, and IDS
• Reaver - Brute force attack against Wifi Protected Setup
• Wifite - Automated wireless attack tool

SSL Analysis Tools

• SSLyze - SSL configuration scanner
• sslstrip - a demonstration of the HTTPS stripping attacks
• sslstrip2 - SSLStrip version to defeat HSTS
• tls_prober - fingerprint a server's SSL/TLS implementation

Web exploitation

• OWASP Zed Attack Proxy - Penetration testing tool for web applications
• Burp Suite - An integrated platform for performing security testing of web applications
• autochrome - Easy to install a test browser with all the appropriate setting needed for web application testing with native Burp support, from NCCGroup.
• WPScan - Black box WordPress vulnerability scanner
• Wordpress Exploit Framework - A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
• WPSploit - WPSploit - Exploiting Wordpress With Metasploit
• SQLmap - Automatic SQL injection and database takeover tool
• tplmap - Automatic server-side template injection and Web server takeover tool
• weevely3 - Weaponized web shell
• Wappalyzer - Wappalyzer uncovers the technologies used on websites
• cms-explorer - CMS Explorer is designed to reveal the the specific modules, plugins, components and themes that various CMS driven web sites are running.
• joomscan - Joomla CMS scanner
• WhatWeb - Website Fingerprinter
• BlindElephant - Web Application Fingerprinter
• fimap - Find, prepare, audit, exploit and even google automatically for LFI/RFI bugs
• Kadabra - Automatic LFI exploiter and scanner
• Kadimus - LFI scan and exploit tool
• liffy - LFI exploitation tool
• GitTools - Automatically find and download Web-accessible .git repositories
• Commix - Automated All-in-One OS command injection and exploitation tool

Hex Editors

• HexEdit.js - Browser-based hex editing
• Hexinator (commercial) - World's finest Hex Editor

File Format Analysis Tools

• Kaitai Struct - File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby
• Veles - Binary data visualization and analysis tool
• Hachoir - Python library to view and edit a binary stream as tree of fields and tools for metadata extraction

Hash Cracking Tools

• John the Ripper - Fast password cracker
• Hashcat - The more fast hash cracker
• CeWL - Generates custom wordlists by spidering a target's website and collecting unique words

Windows Utils

• Sysinternals Suite - The Sysinternals Troubleshooting Utilities
• Windows Credentials Editor - security tool to list logon sessions and add, change, list and delete associated credentials
• mimikatz - Credentials extraction tool for Windows OS
• PowerSploit - A PowerShell Post-Exploitation Framework
• Windows Exploit Suggester - Detects potential missing patches on the target
• Responder - A LLMNR, NBT-NS and MDNS poisoner
• Bloodhound - A graphical Active Directory trust relationship explorer
• Empire - A pure PowerShell post-exploitation agent
• Fibratus - Tool for exploration and tracing of the Windows kernel
• wePWNise - Generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software

Linux Utils

• Linux Exploit Suggester - Linux Exploit Suggester; based on operating system release number.

DDoS Tools

• LOIC - An open source network stress tool for Windows
• JS LOIC - JavaScript in-browser version of LOIC
• SlowLoris - DoS tool that uses low bandwidth on the attacking side
• HOIC - Updated version of Low Orbit Ion Cannon, has 'boosters' to get around common counter measures
• T50 - The more fast network stress tool
• UFONet - UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using; GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.

Social Engineering Tools

• SET - The Social-Engineer Toolkit from TrustedSec
• King Phisher - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content
• Evilginx - MITM attack framework used for phishing credentials and session cookies from any Web service
• wifiphisher - Automated phishing attacks against Wi-Fi networks

OSInt Tools

• Maltego - Proprietary software for open source intelligence and forensics, from Paterva.
• theHarvester - E-mail, subdomain and people names harvester
• creepy - A geolocation OSINT tool
• metagoofil - Metadata harvester
• Google Hacking Database - a database of Google dorks; can be used for recon
• Google-dorks - Common google dorks and others you prolly don't know
• GooDork - Command line go0gle dorking tool
• dork-cli - Command-line Google dork tool.
• Censys - Collects data on hosts and websites through daily ZMap and ZGrab scans
• Shodan - Shodan is the world's first search engine for Internet-connected devices
• recon-ng - A full-featured Web Reconnaissance framework written in Python
• github-dorks - CLI tool to scan github repos/organizations for potential sensitive information leak
• vcsmap - A plugin-based tool to scan public version control systems for sensitive information
• Spiderfoot - multi-source OSINT automation tool with a Web UI and report visualizations
• BinGoo - A Linux bash based Bing and Google Dorking Tool
• fast-recon - Does some google dorks against a domain
• snitch - information gathering via dorks
• Sn1per - Automated Pentest Recon Scanner
• Threat Crowd - A search engine for threats
• Virus Total - VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.
• DataSploit - OSINT visualizer utilizing Shodan, Censys, Clearbit, EmailHunter, FullContact, and Zoomeye behind the scenes.

Anonymity Tools

• Tor - The free software for enabling onion routing online anonymity
• I2P - The Invisible Internet Project
• Nipe - Script to redirect all traffic from the machine to the Tor network.

Reverse Engineering Tools

• IDA Pro - A Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger
• IDA Free - The freeware version of IDA v5.0
• WDK/WinDbg - Windows Driver Kit and WinDbg
• OllyDbg - An x86 debugger that emphasizes binary code analysis
• Radare2 - Opensource, crossplatform reverse engineering framework
• x64_dbg - An open-source x64/x32 debugger for windows
• Immunity Debugger - A powerful new way to write exploits and analyze malware
• Evan's Debugger - OllyDbg-like debugger for Linux
• Medusa disassembler - An open source interactive disassembler
• plasma - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code
• peda - Python Exploit Development Assistance for GDB
• dnSpy - dnSpy is a tool to reverse engineer .NET assemblies

Physical Access Tools

• LAN Turtle - a covert "USB Ethernet Adapter" that provides remote access, network intelligence gathering, and MITM capabilities when installed in a local network.
• USB Rubber Ducky - customizable keystroke injection attack platform masquerading as a USB thumbdrive
• Poisontap - siphons cookies, exposes internal (LAN-side) router and installs web backdoor on locked computers

CTF Tools

• Pwntools - Rapid exploit development framework built for use in CTFs
• RsaCtfTool - Decrypt data enciphered using weak RSA keys, and recover private keys from public keys using a variety of automated attacks

Books

Penetration Testing Books

• The Art of Exploitation by Jon Erickson, 2008
• Metasploit: The Penetration Tester's Guide by David Kennedy et al., 2011
• Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman, 2014
• Rtfm: Red Team Field Manual by Ben Clark, 2014
• The Hacker Playbook by Peter Kim, 2014
• The Basics of Hacking and Penetration Testing by Patrick Engebretson, 2013
• Professional Penetration Testing by Thomas Wilhelm, 2013
• Advanced Penetration Testing for Highly-Secured Environments by Lee Allen, 2012
• Violent Python by TJ O'Connor, 2012
• Fuzzing: Brute Force Vulnerability Discovery by Michael Sutton et al., 2007
• Black Hat Python: Python Programming for Hackers and Pentesters by Justin Seitz, 2014
• Penetration Testing: Procedures & Methodologies by EC-Council, 2010
• Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp, 2010
• Advanced Persistent Threat Hacking: The Art and Science of Hacking Any Organization by Tyler Wrightson, 2014
• Bug Hunter's Diary by Tobias Klein, 2011

Hackers Handbook Series

• The Database Hacker's Handbook, David Litchfield et al., 2005
• The Shellcoders Handbook by Chris Anley et al., 2007
• The Mac Hacker's Handbook by Charlie Miller & Dino Dai Zovi, 2009
• The Web Application Hackers Handbook by D. Stuttard, M. Pinto, 2011
• iOS Hackers Handbook by Charlie Miller et al., 2012
• Android Hackers Handbook by Joshua J. Drake et al., 2014
• The Browser Hackers Handbook by Wade Alcorn et al., 2014
• The Mobile Application Hackers Handbook by Dominic Chell et al., 2015
• Car Hacker's Handbook by Craig Smith, 2016

Defensive Development

• Holistic Info-Sec for Web Developers (Fascicle 0)
• Holistic Info-Sec for Web Developers (Fascicle 1)

Network Analysis Books

• Nmap Network Scanning by Gordon Fyodor Lyon, 2009
• Practical Packet Analysis by Chris Sanders, 2011
• Wireshark Network Analysis by by Laura Chappell & Gerald Combs, 2012
• Network Forensics: Tracking Hackers through Cyberspace by Sherri Davidoff & Jonathan Ham, 2012

Reverse Engineering Books

• Reverse Engineering for Beginners by Dennis Yurichev
• Hacking the Xbox by Andrew Huang, 2003
• The IDA Pro Book by Chris Eagle, 2011
• Practical Reverse Engineering by Bruce Dang et al., 2014
• Gray Hat Hacking The Ethical Hacker's Handbook by Daniel Regalado et al., 2015

Malware Analysis Books

• Practical Malware Analysis by Michael Sikorski & Andrew Honig, 2012
• The Art of Memory Forensics by Michael Hale Ligh et al., 2014
• Malware Analyst's Cookbook and DVD by Michael Hale Ligh et al., 2010

Windows Books

• Windows Internals by Mark Russinovich et al., 2012

Social Engineering Books

• The Art of Deception by Kevin D. Mitnick & William L. Simon, 2002
• The Art of Intrusion by Kevin D. Mitnick & William L. Simon, 2005
• Ghost in the Wires by Kevin D. Mitnick & William L. Simon, 2011
• No Tech Hacking by Johnny Long & Jack Wiles, 2008
• Social Engineering: The Art of Human Hacking by Christopher Hadnagy, 2010
• Unmasking the Social Engineer: The Human Element of Security by Christopher Hadnagy, 2014
• Social Engineering in IT Security: Tools, Tactics, and Techniques by Sharon Conheady, 2014

Lock Picking Books

• Practical Lock Picking by Deviant Ollam, 2012
• Keys to the Kingdom by Deviant Ollam, 2012
• CIA Lock Picking Field Operative Training Manual
• Lock Picking: Detail Overkill by Solomon
• Eddie the Wire books

Defcon Suggested Reading

• Defcon Suggested Reading

Vulnerability Databases

• NVD - US National Vulnerability Database
• CERT - US Computer Emergency Readiness Team
• OSVDB - Open Sourced Vulnerability Database
• Bugtraq - Symantec SecurityFocus
• Exploit-DB - Offensive Security Exploit Database
• Fulldisclosure - Full Disclosure Mailing List
• MS Bulletin - Microsoft Security Bulletin
• MS Advisory - Microsoft Security Advisories
• Inj3ct0r - Inj3ct0r Exploit Database
• Packet Storm - Packet Storm Global Security Resource
• SecuriTeam - Securiteam Vulnerability Information
• CXSecurity - CSSecurity Bugtraq List
• Vulnerability Laboratory - Vulnerability Research Laboratory
• ZDI - Zero Day Initiative
• Vulners - Security database of software vulnerabilities

Security Courses

• Offensive Security Training - Training from BackTrack/Kali developers
• SANS Security Training - Computer Security Training & Certification
• Open Security Training - Training material for computer security classes
• CTF Field Guide - everything you need to win your next CTF competition
• ARIZONA CYBER WARFARE RANGE - 24x7 live fire exercises for beginners through real world operations; capability for upward progression into the real world of cyber warfare.
• Cybrary - Free courses in ethical hacking and advanced penetration testing. Advanced penetration testing courses are based on the book 'Penetration Testing for Highly Secured Enviroments'.
• Computer Security Student - Many free tutorials, great for beginners, $10/mo membership unlocks all content
• European Union Agency for Network and Information Security - ENISA Cyber Security Training material

Information Security Conferences

• DEF CON - An annual hacker convention in Las Vegas
• Black Hat - An annual security conference in Las Vegas
• BSides - A framework for organising and holding security conferences
• CCC - An annual meeting of the international hacker scene in Germany
• DerbyCon - An annual hacker conference based in Louisville
• PhreakNIC - A technology conference held annually in middle Tennessee
• ShmooCon - An annual US east coast hacker convention
• CarolinaCon - An infosec conference, held annually in North Carolina
• CHCon - Christchurch Hacker Con, Only South Island of New Zealand hacker con
• SummerCon - One of the oldest hacker conventions, held during Summer
• Hack.lu - An annual conference held in Luxembourg
• Hackfest - Largest hacking conference in Canada
• HITB - Deep-knowledge security conference held in Malaysia and The Netherlands
• Troopers - Annual international IT Security event with workshops held in Heidelberg, Germany
• Hack3rCon - An annual US hacker conference
• ThotCon - An annual US hacker conference held in Chicago
• LayerOne - An annual US security conference held every spring in Los Angeles
• DeepSec - Security Conference in Vienna, Austria
• SkyDogCon - A technology conference in Nashville
• SECUINSIDE - Security Conference in Seoul
• DefCamp - Largest Security Conference in Eastern Europe, held anually in Bucharest, Romania
• AppSecUSA - An annual conference organised by OWASP
• BruCON - An annual security conference in Belgium
• Infosecurity Europe - Europe's number one information security event, held in London, UK
• Nullcon - An annual conference in Delhi and Goa, India
• RSA Conference USA - An annual security conference in San Francisco, California, USA
• Swiss Cyber Storm - An annual security conference in Lucerne, Switzerland
• Virus Bulletin Conference - An annual conference going to be held in Denver, USA for 2016
• Ekoparty - Largest Security Conference in Latin America, held annually in Buenos Aires, Argentina
• 44Con - Annual Security Conference held in London
• BalCCon - Balkan Computer Congress, annualy held in Novi Sad, Serbia
• FSec - FSec - Croatian Information Security Gathering in Varaždin, Croatia

Information Security Magazines

• 2600: The Hacker Quarterly - An American publication about technology and computer "underground"
• Phrack Magazine - By far the longest running hacker zine

Awesome Lists

• Kali Linux Tools - List of tools present in Kali Linux
• SecTools - Top 125 Network Security Tools
• Pentest Cheat Sheets - Awesome Pentest Cheat Sheets
• C/C++ Programming - One of the main language for open source security tools
• .NET Programming - A software framework for Microsoft Windows platform development
• Shell Scripting - Command-line frameworks, toolkits, guides and gizmos
• Ruby Programming by @dreikanter - The de-facto language for writing exploits
• Ruby Programming by @markets - The de-facto language for writing exploits
• Ruby Programming by @Sdogruyol - The de-facto language for writing exploits
• JavaScript Programming - In-browser development and scripting
• Node.js Programming by @sindresorhus - A curated list of delightful Node.js packages and resources
• Python tools for penetration testers - Lots of pentesting tools are written in Python
• Python Programming by @svaksha - General Python programming
• Python Programming by @vinta - General Python programming
• Android Security - A collection of android security related resources
• Awesome Awesomness - The List of the Lists
• AppSec - Resources for learning about application security
• CTFs - Capture The Flag frameworks, libraries, etc
• InfoSec § Hacking challenges - Comprehensive directory of CTFs, wargames, hacking challenge websites, pentest practice lab exercises, and more
• Hacking - Tutorials, tools, and resources
• Honeypots - Honeypots, tools, components, and more
• Infosec - Information security resources for pentesting, forensics, and more
• Malware Analysis - Tools and resources for analysts
• PCAP Tools - Tools for processing network traffic
• Security - Software, libraries, documents, and other resources
• Awesome List - A curated list of awesome lists
• SecLists - Collection of multiple types of lists used during security assessments
• Security Talks - A curated list of security conferences

Contribution

Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Please check the Contributing Guidelines for more details.

License

This work is licensed under a Creative Commons Attribution 4.0 International License