================= Awesome Hacking ================= Awesome hacking is a curated list of **hacking tools** for hackers, pentesters and security researchers. Its goal is to collect, classify and make awesome tools easy to find by humans, creating a **toolset** you can checkout and update with one command. This is not only a curated list, it is also a complete and updated toolset you can download with one-command! You can download all the tools with the following command:: git clone --recursive https://github.com/jekil/awesome-hacking.git To update it run the following command:: git pull Every kind of **contribution** is really appreciated! Follow the `contribute `_. *If you enjoy this work, please keep it alive contributing or just sharing it!* - `@jekil `_ .. contents:: Table of Contents :depth: 2 :backlinks: entry CTF Tools ========= - `CTFd `_ - CTF in a can. Easily modifiable and has everything you need to run a jeopardy style CTF. - `CTForge `_ - The framework developed by the hacking team from University of Venice to easily host jeopardy and attack-defense CTF security competitions. It provides the software components for running the game, namely the website and the checkbot (optional). - `FBCTF `_ - Platform to host Capture the Flag competitions. - `LibreCTF `_ - CTF in a box. Minimal setup required. - `Mellivora `_ - A CTF engine written in PHP. - `NightShade `_ - A simple security CTF framework. - `OneGadget `_ - A tool for you easy to find the one gadget RCE in libc.so.6. - `Pwntools `_ - CTF framework and exploit development library. - `Scorebot `_ - Platform for CTFs by Legitbs (Defcon). - `V0lt `_ - Security CTF Toolkit. Code Auditing ============= Static Analysis --------------- - `Brakeman `_ - A static analysis security vulnerability scanner for Ruby on Rails applications. - `Dr. Taint `_ - A very WIP DynamoRIO module built on the Dr. Memory Framework to implement taint analysis on ARM. - `Gosec `_ - Inspects source code for security problems by scanning the Go AST. - `STACK `_ - A static checker for identifying unstable code. - `ShellCheck `_ - A static analysis tool for shell scripts. Cryptography ============ - `FeatherDuster `_ - An automated, modular cryptanalysis tool. - `RSATool `_ - Generate private key with knowledge of p and q. - `Xortool `_ - A tool to analyze multi-byte xor cipher. Docker ====== - `DVWA `_ - Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable. - `Docker Bench for Security `_ - The Docker Bench for Security checks for all the automatable tests in the CIS Docker 1.6 Benchmark. - `Kali Linux `_ - This Kali Linux Docker image provides a minimal base install of the latest version of the Kali Linux Rolling Distribution. - `Metasploit `_ - Metasploit Framework penetration testing software (unofficial docker). - `OWASP Juice Shop `_ - An intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws. - `OWASP Mutillidae II `_ - OWASP Mutillidae II Web Pen-Test Practice Application. - `OWASP NodeGoat `_ - An environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them. - `OWASP Railsgoat `_ - A vulnerable version of Rails that follows the OWASP Top 10. - `OWASP Security Shepherd `_ - A web and mobile application security training platform. - `OWASP WebGoat `_ - A deliberately insecure Web Application. - `OWASP ZAP `_ - Current stable owasp zed attack proxy release in embedded docker container. - `Security Ninjas `_ - An Open Source Application Security Training Program. - `SpamScope `_ - SpamScope (Fast Advanced Spam Analysis Tool) Elasticsearch. - `Vulnerability as a service: Heartbleed `_ - Vulnerability as a Service: CVE 2014-0160. - `Vulnerability as a service: Shellshock `_ - Vulnerability as a Service: CVE 2014-6271. - `Vulnerable WordPress Installation `_ - Vulnerable WordPress Installation. - `WPScan `_ - WPScan is a black box WordPress vulnerability scanner. Forensics ========= File Forensics -------------- - `Autopsy `_ - A digital forensics platform and graphical interface to The Sleuth Kit and other digital forensics tools. - `DFF `_ - A Forensics Framework coming with command line and graphical interfaces. DFF can be used to investigate hard drives and volatile memory and create reports about user and system activities. - `Docker Explorer `_ - A tool to help forensicate offline docker acquisitions. - `Hadoop_framework `_ - A prototype system that uses Hadoop to process hard drive images. - `OSXCollector `_ - A forensic evidence collection & analysis toolkit for OS X. - `RegRipper3.0 `_ - Alternative to RegRipper - `RegRippy `_ - A framework for reading and extracting useful forensics data from Windows registry hives. It is an alternative to RegRipper developed in modern Python 3. - `Scalpel `_ - An open source data carving tool. - `Shellbags `_ - Investigate NT_USER.dat files. - `SlackPirate `_ - Slack Enumeration and Extraction Tool - extract sensitive information from a Slack Workspace. - `Sleuthkit `_ - A library and collection of command line digital forensics tools. - `TVS_extractor `_ - Extracts TeamViewer screen captures. - `Telegram-extractor `_ - Python3 scripts to analyse the data stored in Telegram. - `Truehunter `_ - The goal of Truehunter is to detect encrypted containers using a fast and memory efficient approach without any external dependencies for ease of portability. Image Forensics --------------- - `Depix `_ - Recovers passwords from pixelized screenshots. Incident Response ----------------- - `Hunter `_ - A threat hunting / data analysis environment based on Python, Pandas, PySpark and Jupyter Notebook. - `Loki `_ - Simple IOC and Incident Response Scanner. - `Panorama `_ - It was made to generate a wide report about Windows systems, support and tested on Windows XP SP2 and up. - `Snoopdigg `_ - Simple utility to ease the process of collecting evidence to find infections. Live Analysis ------------- - `OS X Auditor `_ - OS X Auditor is a free Mac OS X computer forensics tool. - `Windows-event-forwarding `_ - A repository for using windows event forwarding for incident detection and response. Memory Forensics ---------------- - `Rekall `_ - Memory analysis framework developed by Google. - `Volatility `_ - Volatility is the world's most widely used framework for extracting digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer visibility into the runtime state of the system. The framework is intended to introduce people to the techniques and complexities associated with extracting digital artifacts from volatile memory samples and provide a platform for further work into this exciting area of research. Misc ---- - `Diffy `_ - A digital forensics and incident response (DFIR) tool developed by Netflix's Security Intelligence and Response Team (SIRT). Allows a forensic investigator to quickly scope a compromise across cloud instances during an incident, and triage those instances for followup actions. - `HxD `_ - A hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size. - `Libfvde `_ - Library and tools to access FileVault Drive Encryption (FVDE) encrypted volumes. - `Mass_archive `_ - A basic tool for pushing a web page to multiple archiving services at once. Mobile ------ - `Android Forensic Toolkit `_ - Allows you to extract SMS records, call history, photos, browsing history, and password from an Android phone. - `Android backup extractor `_ - Utility to extract and repack Android backups created with adb backup (ICS+). Largely based on BackupManagerService.java from AOSP. - `Mem `_ - Tool used for dumping memory from Android devices. - `Snoopdroid `_ - Extract packages from an Android device. - `WhatsApp Media Decrypt `_ - Decrypt WhatsApp encrypted media files. - `iLEAPP `_ - iOS Logs, Events, And Plist Parser. - `iOSbackup `_ - A Pyhotn 3 class that reads and extracts files from a password-encrypted iOS backup created by iTunes on Mac and Windows. Compatible with iOS 13. Network Forensics ----------------- - `Dnslog `_ - Minimalistic DNS logging tool. - `Dshell `_ - A network forensic analysis framework. - `Passivedns `_ - A network sniffer that logs all DNS server replies for use in a passive DNS setup. - `Website Evidence Collector `_ - The tool Website Evidence Collector (WEC) automates the website evidence collection of storage and transfer of personal data. Hardware Hacking ================ Computer -------- - `Kbd-audio `_ - Tools for capturing and analysing keyboard input paired with microphone capture. - `LimeSDR-Mini `_ - The LimeSDR-Mini board provides a hardware platform for developing and prototyping high-performance and logic-intensive digital and RF designs using Altera’s MAX10 FPGA and Lime Microsystems transceiver. - `NSA-B-GONE `_ - Thinkpad X220 board that disconnects the webcam and microphone data lines. Intelligence ============ - `Attackintel `_ - A python script to query the MITRE ATT&CK API for tactics, techniques, mitigations, & detection methods for specific threat groups. - `Dnstwist `_ - Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation. - `IntelOwl `_ - Analyze files, domains, IPs in multiple ways from a single API at scale. - `MISP-maltego `_ - Set of Maltego transforms to inferface with a MISP Threat Sharing instance, and also to explore the whole MITRE ATT&CK dataset. - `Shodan-seeker `_ - Command-line tool using Shodan API. Generates and downloads CSV results, diffing of historic scanning results, alerts and monitoring of specific ports/IPs, etc. - `VIA4CVE `_ - An aggregator of the known vendor vulnerabilities database to support the expansion of information with CVEs. - `Yeti `_ - Your Everyday Threat Intelligence. - `n6 `_ - Automated handling of data feeds for security teams. Library ======= C - - `Libdnet `_ - Provides a simplified, portable interface to several low-level networking routines, including network address manipulation, kernel arp cache and route table lookup and manipulation, network firewalling, network interface lookup and manipulation, IP tunnelling, and raw IP packet and Ethernet frame transmission. Go -- - `Garble `_ - Obfuscate Go builds. Java ---- - `Libsignal-service-java `_ - A Java/Android library for communicating with the Signal messaging service. Python ------ - `Amodem `_ - Audio MODEM Communication Library in Python. - `Dpkt `_ - Fast, simple packet creation / parsing, with definitions for the basic TCP/IP protocols. - `Pcapy `_ - A Python extension module that interfaces with the libpcap packet capture library. Pcapy enables python scripts to capture packets on the network. Pcapy is highly effective when used in conjunction with a packet-handling package such as Impacket, which is a collection of Python classes for constructing and dissecting network packets. - `Plyara `_ - Parse YARA rules and operate over them more easily. - `PyBFD `_ - Python interface to the GNU Binary File Descriptor (BFD) library. - `PyPDF2 `_ - A utility to read and write PDFs with Python. - `Pynids `_ - A python wrapper for libnids, a Network Intrusion Detection System library offering sniffing, IP defragmentation, TCP stream reassembly and TCP port scan detection. Let your own python routines examine network conversations. - `Pypcap `_ - This is a simplified object-oriented Python wrapper for libpcap. - `Pyprotect `_ - A lightweight python code protector, makes your python project harder to reverse engineer. - `Python-idb `_ - Pure Python parser and analyzer for IDA Pro database files (.idb). - `Python-ptrace `_ - Python binding of ptrace library. - `RDPY `_ - RDPY is a pure Python implementation of the Microsoft RDP (Remote Desktop Protocol) protocol (client and server side). - `Scapy `_ - A python-based interactive packet manipulation program & library. Ruby ---- - `Secureheaders `_ - Security related headers all in one gem. Live CD - Distributions ======================= - `Android Tamer `_ - Virtual / Live Platform for Android Security professionals. - `ArchStrike `_ - An Arch Linux repository for security professionals and enthusiasts. - `BOSSLive `_ - An Indian GNU/Linux distribution developed by CDAC and is customized to suit Indian's digital environment. It supports most of the Indian languages. - `BackBox `_ - Ubuntu-based distribution for penetration tests and security assessments. - `BlackArch `_ - Arch Linux-based distribution for penetration testers and security researchers. - `DEFT Linux `_ - Suite dedicated to incident response and digital forensics. - `Fedora Security Lab `_ - A safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies in universities and other organizations. - `Kali `_ - A Linux distribution designed for digital forensics and penetration testing. - `NST `_ - Network Security Toolkit distribution. - `Ophcrack `_ - A free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms. - `Parrot `_ - Security GNU/Linux distribution designed with cloud pentesting and IoT security in mind. - `Pentoo `_ - Security-focused livecd based on Gentoo. - `REMnux `_ - Toolkit for assisting malware analysts with reverse-engineering malicious software. Malware ======= Dynamic Analysis ---------------- - `Androguard `_ - Reverse engineering, Malware and goodware analysis of Android applications. - `CAPEv2 `_ - Malware Configuration And Payload Extraction. - `Cuckoo Sandbox `_ - An automated dynamic malware analysis system. - `CuckooDroid `_ - Automated Android Malware Analysis with Cuckoo Sandbox. - `DECAF `_ - Short for Dynamic Executable Code Analysis Framework, is a binary analysis platform based on QEMU. - `DRAKVUF Sandbox `_ - DRAKVUF Sandbox is an automated black-box malware analysis system with DRAKVUF engine under the hood, which does not require an agent on guest OS. - `DroidBox `_ - Dynamic analysis of Android apps. - `Hooker `_ - An opensource project for dynamic analyses of Android applications. - `Jsunpack-n `_ - Emulates browser functionality when visiting a URL. - `LiSa `_ - Sandbox for automated Linux malware analysis. - `Magento-malware-scanner `_ - A collection of rules and samples to detect Magento malware. - `Malzilla `_ - Web pages that contain exploits often use a series of redirects and obfuscated code to make it more difficult for somebody to follow. MalZilla is a useful program for use in exploring malicious pages. It allows you to choose your own user agent and referrer, and has the ability to use proxies. It shows you the full source of webpages and all the HTTP headers. It gives you various decoders to try and deobfuscate javascript aswell. - `Panda `_ - Platform for Architecture-Neutral Dynamic Analysis. - `ProbeDroid `_ - A dynamic binary instrumentation kit targeting on Android(Lollipop) 5.0 and above. - `PyEMU `_ - Fully scriptable IA-32 emulator, useful for malware analysis. - `PyWinSandbox `_ - Python Windows Sandbox library. Create a new Windows Sandbox machine, control it with a simple RPyC interface. - `Pyrebox `_ - Python scriptable Reverse Engineering Sandbox, a Virtual Machine instrumentation and inspection framework based on QEMU. - `Qiling `_ - Advanced Binary Emulation framework. - `Speakeasy `_ - A portable, modular, binary emulator designed to emulate Windows kernel and user mode malware. - `Uitkyk `_ - Runtime memory analysis framework to identify Android malware. - `WScript Emulator `_ - Emulator/tracer of the Windows Script Host functionality. Honeypot -------- - `Amun `_ - Amun was the first python-based low-interaction honeypot, following the concepts of Nepenthes but extending it with more sophisticated emulation and easier maintenance. - `Basic-auth-pot `_ - HTTP Basic Authentication honeyPot. - `Bluepot `_ - Bluetooth Honeypot. - `CitrixHoneypot `_ - Detect and log CVE-2019-19781 scan and exploitation attempts. - `Conpot `_ - ICS/SCADA honeypot. - `Cowrie `_ - SSH honeypot, based on Kippo. - `Dionaea `_ - Honeypot designed to trap malware. - `Django-admin-honeypot `_ - A fake Django admin login screen to log and notify admins of attempted unauthorized access. - `ESPot `_ - An Elasticsearch honeypot written in NodeJS, to capture every attempts to exploit CVE-2014-3120. - `Elastichoney `_ - A Simple Elasticsearch Honeypot. - `Endlessh `_ - An SSH tarpit that very slowly sends an endless, random SSH banner. It keeps SSH clients locked up for hours or even days at a time. The purpose is to put your real SSH server on another port and then let the script kiddies get stuck in this tarpit instead of bothering a real server. - `Glastopf `_ - Web Application Honeypot. - `Glutton `_ - All eating honeypot. - `HFish `_ - A cross platform honeypot platform developed based on golang, which has been meticulously built for enterprise security. - `Heralding `_ - Sometimes you just want a simple honeypot that collects credentials, nothing more. Heralding is that honeypot! Currently the following protocols are supported: ftp, telnet, ssh, rdp, http, https, pop3, pop3s, imap, imaps, smtp, vnc, postgresql and socks5. - `HonTel `_ - A Honeypot for Telnet service. Basically, it is a Python v2.x application emulating the service inside the chroot environment. Originally it has been designed to be run inside the Ubuntu/Debian environment, though it could be easily adapted to run inside any Linux environment. - `HoneyPy `_ - A low to medium interaction honeypot. - `HoneyTrap `_ - Advanced Honeypot framework. - `Honeyd `_ - Create a virtual honeynet. - `Honeypot `_ - Low interaction honeypot that displays real time attacks. - `Honeything `_ - A honeypot for Internet of TR-069 things. It's designed to act as completely a modem/router that has RomPager embedded web server and supports TR-069 (CWMP) protocol. - `HonnyPotter `_ - A WordPress login honeypot for collection and analysis of failed login attempts. - `Kippo `_ - A medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker. - `Kippo-graph `_ - Visualize statistics from a Kippo SSH honeypot. - `MHN `_ - Multi-snort and honeypot sensor management, uses a network of VMs, small footprint SNORT installations, stealthy dionaeas, and a centralized server for management. - `MTPot `_ - Open Source Telnet Honeypot. - `Maildb `_ - Python Web App to Parse and Track Email and http Pcap Files. - `Mailoney `_ - A SMTP Honeypot I wrote just to have fun learning Python. - `Miniprint `_ - A medium interaction printer honeypot. - `Mnemosyne `_ - A normalizer for honeypot data; supports Dionaea. - `MongoDB-HoneyProxy `_ - A honeypot proxy for mongodb. When run, this will proxy and log all traffic to a dummy mongodb server. - `MysqlPot `_ - A mysql honeypot, still very very early stage. - `NoSQLPot `_ - The NoSQL Honeypot Framework. - `Nodepot `_ - A nodejs web application honeypot. - `OWASP-Honeypot `_ - An open source software in Python language which designed for creating honeypot and honeynet in an easy and secure way. - `OpenCanary `_ - A daemon that runs several canary versions of services that alerts when a service is (ab)used. - `Phoneyc `_ - Pure Python honeyclient implementation. - `Phpmyadmin_honeypot `_ - A simple and effective phpMyAdmin honeypot. - `Servletpot `_ - Web application Honeypot. - `Shadow Daemon `_ - A modular Web Application Firewall / High-Interaction Honeypot for PHP, Perl & Python apps. - `Shiva `_ - Spam Honeypot with Intelligent Virtual Analyzer, is an open but controlled relay Spam Honeypot (SpamPot), built on top of Lamson Python framework, with capability of collecting and analyzing all spam thrown at it. - `Smart-honeypot `_ - PHP Script demonstrating a smart honey pot. - `Snare `_ - Super Next generation Advanced Reactive honEypot - `SpamScope `_ - Fast Advanced Spam Analysis Tool. - `StrutsHoneypot `_ - Struts Apache 2 based honeypot as well as a detection module for Apache 2 servers. - `T-Pot `_ - The All In One Honeypot Platform. - `Tango `_ - Honeypot Intelligence with Splunk. - `Tanner `_ - A remote data analysis and classification service to evaluate HTTP requests and composing the response then served by SNARE. TANNER uses multiple application vulnerability type emulation techniques when providing responses for SNARE. In addition, TANNER provides Dorks for SNARE powering its luring capabilities. - `Thug `_ - Low interaction honeyclient, for investigating malicious websites. - `Twisted-honeypots `_ - SSH, FTP and Telnet honeypots based on Twisted. - `Wetland `_ - A high interaction SSH honeypot. - `Wordpot `_ - A WordPress Honeypot. - `Wp-smart-honeypot `_ - WordPress plugin to reduce comment spam with a smarter honeypot. Intelligence ------------ - `CobaltStrikeParser `_ - Python parser for CobaltStrike Beacon's configuration. - `Cobaltstrike `_ - Code and yara rules to detect and analyze Cobalt Strike. - `MISP Modules `_ - Modules for expansion services, import and export in MISP. - `Passivedns-client `_ - Provides a library and a query tool for querying several passive DNS providers. - `Pybeacon `_ - A collection of scripts for dealing with Cobalt Strike beacons in Python. - `Rt2jira `_ - Convert RT tickets to JIRA tickets. Ops --- - `Al-khaser `_ - Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection. - `BASS `_ - BASS Automated Signature Synthesizer. - `CSCGuard `_ - Protects and logs suspicious and malicious usage of .NET CSC.exe and Runtime C# Compilation. - `CapTipper `_ - A python tool to analyze, explore and revive HTTP malicious traffic. - `FLARE `_ - A fully customizable, Windows-based security distribution for malware analysis, incident response, penetration testing, etc. - `FakeNet-NG `_ - A next generation dynamic network analysis tool for malware analysts and penetration testers. It is open source and designed for the latest versions of Windows. - `Google-play-crawler `_ - Google-play-crawler is simply Java tool for searching android applications on GooglePlay, and also downloading them. - `Googleplay-api `_ - An unofficial Python API that let you search, browse and download Android apps from Google Play (formerly Android Market). - `Grimd `_ - Fast dns proxy that can run anywhere, built to black-hole internet advertisements and malware servers. - `Hidden