Slide 1
Most trusted JOB oriented professional program
DevOps Certified Professional (DCP)

Take your first step into the world of DevOps with this course, which will help you to learn about the methodologies and tools used to develop, deploy, and operate high-quality software.

Slide 2
DevOps to DevSecOps – Learn the evolution
DevSecOps Certified Professional (DSOCP)

Learn to automate security into a fast-paced DevOps environment using various open-source tools and scripts.

Slide 2
Get certified in the new tech skill to rule the industry
Site Reliability Engineering (SRE) Certified Professional

A method of measuring and achieving reliability through engineering and operations work – developed by Google to manage services.

Slide 2
Master the art of DevOps
Master in DevOps Engineering (MDE)

Get enrolled for the most advanced and only course in the WORLD which can make you an expert and proficient Architect in DevOps, DevSecOps and Site Reliability Engineering (SRE) principles together.

Slide 2
Gain expertise and certified yourself
Azure DevOps Solutions Expert

Learn about the DevOps services available on Azure and how you can use them to make your workflow more efficient.

Slide 3
Learn and get certified
AWS Certified DevOps Professional

Learn about the DevOps services offered by AWS and how you can use them to make your workflow more efficient.

previous arrow
next arrow

Top & Best 201 Hacking & Penetration Testing Tools Collection

Spread the Knowledge
Pentesters arsenal tools

  🔸 Sandcat Browser – a penetration-oriented browser with plenty of advanced functionality already built in.
  🔸 Metasploit – tool and framework for pentesting system, web and many more, contains a lot a ready to use exploit.
  🔸 Burp Suite – tool for testing web app security, intercepting proxy to replay, inject, scan and fuzz.
  🔸 OWASP Zed Attack Proxy – intercepting proxy to replay, inject, scan and fuzz HTTP requests.
  🔸 w3af – is a Web Application Attack and Audit Framework.
  🔸 mitmproxy – an interactive TLS-capable intercepting HTTP proxy for penetration testers.
  🔸 Nikto2 – web server scanner which performs comprehensive tests against web servers for multiple items.
  🔸 sqlmap – tool that automates the process of detecting and exploiting SQL injection flaws.
  🔸 Recon-ng – is a full-featured Web Reconnaissance framework written in Python.
  🔸 AutoRecon – is a network reconnaissance tool which performs automated enumeration of services.
  🔸 Faraday – an Integrated Multiuser Pentest Environment.
  🔸 Photon – incredibly fast crawler designed for OSINT.
  🔸 XSStrike – most advanced XSS detection suite.
  🔸 Sn1per – automated pentest framework for offensive security experts.
  🔸 vuls – is an agent-less vulnerability scanner for Linux, FreeBSD, and other.
  🔸 tsunami – is a general purpose network security scanner with an extensible plugin system.
  🔸 aquatone – a tool for domain flyovers.
  🔸 BillCipher – information gathering tool for a website or IP address.
  🔸 WhatWaf – detect and bypass web application firewalls and protection systems.
  🔸 Corsy – CORS misconfiguration scanner.
  🔸 Raccoon – is a high performance offensive security tool for reconnaissance and vulnerability scanning.
  🔸 dirhunt – find web directories without bruteforce.
  🔸 John The Ripper – is a fast password cracker, currently available for many flavors of Unix, Windows, and other.
  🔸 hashcat – world’s fastest and most advanced password recovery utility.
  🔸 p0f – is a tool to identify the players behind any incidental TCP/IP communications.
  🔸 ssh_scan – a prototype SSH configuration and policy scanner.
  🔸 LeakLooker – find open databases – powered by Binaryedge.io
  🔸 exploitdb – searchable archive from The Exploit Database.
  🔸 getsploit – is a command line utility for searching and downloading exploits.
  🔸 ctf-tools – some setup scripts for security research tools.
  🔸 pwntools – CTF framework and exploit development library.
  🔸 security-tools – collection of small security tools created mostly in Python. CTFs, pentests and so on.
  🔸 pentestpackage – is a package of Pentest scripts.
  🔸 python-pentest-tools – python tools for penetration testers.
  🔸 fuzzdb – dictionary of attack patterns and primitives for black-box application fault injection.
  🔸 AFL – is a free software fuzzer maintained by Google.
  🔸 AFL++ – is AFL with community patches.
  🔸 syzkaller – is an unsupervised, coverage-guided kernel fuzzer.
  🔸 pwndbg – exploit development and reverse engineering with GDB made easy.
  🔸 GDB PEDA – Python Exploit Development Assistance for GDB.
  🔸 IDA – multi-processor disassembler and debugger useful for reverse engineering malware.
  🔸 radare2 – framework for reverse-engineering and analyzing binaries.
  🔸 routersploit – exploitation framework for embedded devices.
  🔸 Ghidra – is a software reverse engineering (SRE) framework.
  🔸 Vulnreport – open-source pentesting management and automation platform by Salesforce Product Security.
  🔸 Mentalist – is a graphical tool for custom wordlist generation.
  🔸 archerysec – vulnerability assessment and management helps to perform scans and manage vulnerabilities.
  🔸 Osmedeus – fully automated offensive security tool for reconnaissance and vulnerability scanning.
  🔸 beef – the browser exploitation framework project.
  🔸 AutoSploit – automated mass exploiter.
  🔸 SUDO_KILLER – is a tool to identify and exploit sudo rules’ misconfigurations and vulnerabilities.
  🔸 yara – the pattern matching swiss knife.
  🔸 mimikatz – a little tool to play with Windows security.
  🔸 sherlock – hunt down social media accounts by username across social networks.
  🔸 OWASP Threat Dragon – is a tool used to create threat model diagrams and to record possible threats.

▪️ Pentests bookmarks collection

  🔸 PTES – the penetration testing execution standard.
  🔸 Pentests MindMap – amazing mind map with vulnerable apps and systems.
  🔸 WebApps Security Tests MindMap – incredible mind map for WebApps security tests.
  🔸 Brute XSS – master the art of Cross Site Scripting.
  🔸 XSS cheat sheet – contains many vectors that can help you bypass WAFs and filters.
  🔸 Offensive Security Bookmarks – security bookmarks collection, all things that author need to pass OSCP.
  🔸 Awesome Pentest Cheat Sheets – collection of the cheat sheets useful for pentesting.
  🔸 Awesome Hacking by HackWithGithub – awesome lists for hackers, pentesters and security researchers.
  🔸 Awesome Hacking by carpedm20 – a curated list of awesome hacking tutorials, tools and resources.
  🔸 Awesome Hacking Resources – collection of hacking/penetration testing resources to make you better.
  🔸 Awesome Pentest – collection of awesome penetration testing resources, tools and other shiny things.
  🔸 Awesome-Hacking-Tools – is a curated list of awesome Hacking Tools.
  🔸 Hacking Cheat Sheet – author hacking and pentesting notes.
  🔸 blackhat-arsenal-tools – official Black Hat arsenal security tools repository.
  🔸 Penetration Testing and WebApp Cheat Sheets – the complete list of Infosec related cheat sheets.
  🔸 Cyber Security Resources – includes thousands of cybersecurity-related references and resources.
  🔸 Pentest Bookmarks – there are a LOT of pentesting blogs.
  🔸 Cheatsheet-God – Penetration Testing Reference Bank – OSCP/PTP & PTX Cheatsheet.
  🔸 ThreatHunter-Playbook – to aid the development of techniques and hypothesis for hunting campaigns.
  🔸 Beginner-Network-Pentesting – notes for beginner network pentesting course.
  🔸 OSCPRepo – is a list of resources that author have been gathering in preparation for the OSCP.
  🔸 PayloadsAllTheThings – a list of useful payloads and bypass for Web Application Security and Pentest/CTF.
  🔸 payloads – git all the Payloads! A collection of web attack payloads.
  🔸 command-injection-payload-list – command injection payload list.
  🔸 Awesome Shodan Search Queries – great search queries to plug into Shodan.
  🔸 AwesomeXSS – is a collection of Awesome XSS resources.
  🔸 php-webshells – common php webshells.
  🔸 Pentesting Tools Cheat Sheet – a quick reference high level overview for typical penetration testing.
  🔸 OWASP Cheat Sheet Series – is a collection of high value information on specific application security topics.
  🔸 OWASP dependency-check – is an open source solution the OWASP Top 10 2013 entry.
  🔸 OWASP ProActive Controls – OWASP Top 10 Proactive Controls 2018.
  🔸 PENTESTING-BIBLE – hacking & penetration testing & red team & cyber security resources.
  🔸 pentest-wiki – is a free online security knowledge library for pentesters/researchers.
  🔸 DEF CON Media Server – great stuff from DEFCON.
  🔸 Awesome Malware Analysis – a curated list of awesome malware analysis tools and resources.
  🔸 SQL Injection Cheat Sheet – detailed technical stuff about the many different variants of the SQL Injection.
  🔸 Entersoft Knowledge Base – great and detailed reference about vulnerabilities.
  🔸 HTML5 Security Cheatsheet – a collection of HTML5 related XSS attack vectors.
  🔸 XSS String Encoder – for generating XSS code to check your input validation filters against XSS.
  🔸 GTFOBins – list of Unix binaries that can be exploited by an attacker to bypass local security restrictions.
  🔸 Guifre Ruiz Notes – collection of security, system, network and pentest cheatsheets.
  🔸 SSRF Tips – a collection of SSRF Tips.
  🔸 shell-storm repo CTF – great archive of CTFs.
  🔸 ctf – CTF (Capture The Flag) writeups, code snippets, notes, scripts.
  🔸 My-CTF-Web-Challenges – collection of CTF Web challenges.
  🔸 MSTG – The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security testing.
  🔸 Internal-Pentest-Playbook – notes on the most common things for an Internal Network Penetration Test.
  🔸 KeyHacks – shows quick ways in which API keys leaked by a bug bounty program can be checked.
  🔸 securitum/research – various Proof of Concepts of security research performed by Securitum.
  🔸 public-pentesting-reports – is a list of public pentest reports released by several consulting security groups.
  🔸 awesome-bug-bounty – is a comprehensive curated list of available Bug Bounty.
  🔸 bug-bounty-reference – is a list of bug bounty write-ups.
  🔸 Awesome-Bugbounty-Writeups – is a curated list of bugbounty writeups.
  🔸 Bug bounty writeups – list of bug bounty writeups (2012-2020).
  🔸 hackso.me – a great journey into security.

▪️ Backdoors/exploits

  🔸 PHP-backdoors – a collection of PHP backdoors. For educational or testing purposes only.

▪️ Wordlists and Weak passwords

  🔸 Weakpass – for any kind of bruteforce find wordlists or unleash the power of them all at once!
  🔸 Hashes.org – is a free online hash resolving service incorporating many unparalleled techniques.
  🔸 SecLists – collection of multiple types of lists used during security assessments, collected in one place.
  🔸 Probable-Wordlists – sorted by probability originally created for password generation and testing.
  🔸 skullsecurity passwords – password dictionaries and leaked passwords repository.
  🔸 Polish PREMIUM Dictionary – official dictionary created by the team on the forum bezpieka.org.* 1
  🔸 
statistically-likely-usernames – wordlists for creating statistically likely username lists.

▪️ Bounty platforms

  🔸 YesWeHack – bug bounty platform with infosec jobs.
  🔸 Openbugbounty – allows any security researcher reporting a vulnerability on any website.
  🔸 hackerone – global hacker community to surface the most relevant security issues.
  🔸 bugcrowd – crowdsourced cybersecurity for the enterprise.
  🔸 Crowdshield – crowdsourced security & bug bounty management.
  🔸 Synack – crowdsourced security & bug bounty programs, crowd security intelligence platform, and more.
  🔸 Hacktrophy – bug bounty platform.

▪️ Web Training Apps (local installation)

  🔸 OWASP-VWAD – comprehensive and well maintained registry of all known vulnerable web applications.
  🔸 DVWA – PHP/MySQL web application that is damn vulnerable.
  🔸 metasploitable2 – vulnerable web application amongst security researchers.
  🔸 metasploitable3 – is a VM that is built from the ground up with a large amount of security vulnerabilities.
  🔸 DSVW – is a deliberately vulnerable web application written in under 100 lines of code.
  🔸 OWASP Mutillidae II – free, open source, deliberately vulnerable web-application.
  🔸 OWASP Juice Shop Project – the most bug-free vulnerable application in existence.
  🔸 OWASP Node js Goat Project – OWASP Top 10 security risks apply to web apps developed using Node.js.
  🔸 juicy-ctf – run Capture the Flags and Security Trainings with OWASP Juice Shop.
  🔸 SecurityShepherd – web and mobile application security training platform.
  🔸 Security Ninjas – open source application security training program.
  🔸 hackazon – a modern vulnerable web app.
  🔸 dvna – damn vulnerable NodeJS application.
  🔸 django-DefectDojo – is an open-source application vulnerability correlation and security orchestration tool.
  🔸 Google Gruyere – web application exploits and defenses.
  🔸 Bodhi – is a playground focused on learning the exploitation of client-side web vulnerabilities.
  🔸 Websploit – single vm lab with the purpose of combining several vulnerable appliations in one environment.
  🔸 vulhub – pre-built Vulnerable Environments based on docker-compose.
  🔸 CloudGoat 2 – the new & improved “Vulnerable by Design” AWS deployment tool.
  🔸 secDevLabs – is a laboratory for learning secure web development in a practical manner.
  🔸 CORS-vulnerable-Lab – sample vulnerable code and its exploit code.
  🔸 RootTheBox – a Game of Hackers (CTF Scoreboard & Game Manager).
  🔸 KONTRA – application security training (OWASP Top Web & Api).

▪️ Labs (ethical hacking platforms/trainings/CTFs)

  🔸 Offensive Security – true performance-based penetration testing training for over a decade.
  🔸 Hack The Box – online platform allowing you to test your penetration testing skills.
  🔸 Hacking-Lab – online ethical hacking, computer network and security challenge platform.
  🔸 pwnable.kr – non-commercial wargame site which provides various pwn challenges.
  🔸 Pwnable.tw – is a wargame site for hackers to test and expand their binary exploiting skills.
  🔸 picoCTF – is a free computer security game targeted at middle and high school students.
  🔸 CTFlearn – is an online platform built to help ethical hackers learn and practice their cybersecurity knowledge.
  🔸 ctftime – CTF archive and a place, where you can get some another CTF-related info.
  🔸 Silesia Security Lab – high quality security testing services.
  🔸 Practical Pentest Labs – pentest lab, take your Hacking skills to the next level.
  🔸 Root Me – the fast, easy, and affordable way to train your hacking skills.
  🔸 rozwal.to – a great platform to train your pentesting skills.
  🔸 TryHackMe – learning Cyber Security made easy.
  🔸 hackxor – is a realistic web application hacking game, designed to help players of all abilities develop their skills.
  🔸 Hack Yourself First – it’s full of nasty app sec holes.
  🔸 OverTheWire – can help you to learn and practice security concepts in the form of fun-filled games.
  🔸 Wizard Labs – is an online Penetration Testing Lab.
  🔸 PentesterLab – provides vulnerable systems that can be used to test and understand vulnerabilities.
  🔸 RingZer0 – tons of challenges designed to test and improve your hacking skills.
  🔸 try2hack – several security-oriented challenges for your entertainment.
  🔸 Ubeeri – preconfigured lab environments.
  🔸 Pentestit – emulate IT infrastructures of real companies for legal pen testing and improving pentest skills.
  🔸 Microcorruption – reversal challenges done in the web interface.
  🔸 Crackmes – download crackmes to help improve your reverse engineering skills.
  🔸 DomGoat – DOM XSS security learning and practicing platform.
  🔸 Stereotyped Challenges – upgrade your web hacking techniques today!
  🔸 Vulnhub – allows anyone to gain practical ‘hands-on’ experience in digital security.
  🔸 W3Challs – is a penetration testing training platform, which offers various computer challenges.
  🔸 RingZer0 CTF – offers you tons of challenges designed to test and improve your hacking skills.
  🔸 Hack.me – a platform where you can build, host and share vulnerable web apps for educational purposes.
  🔸 HackThis! – discover how hacks, dumps and defacements are performed and secure your website.
  🔸 Enigma Group WebApp Training – these challenges cover the exploits listed in the OWASP Top 10 Project.
  🔸 Reverse Engineering Challenges – challenges, exercises, problems and tasks – by level, by type, and more.
  🔸 0x00sec – the home of the Hacker – Malware, Reverse Engineering, and Computer Science.
  🔸 We Chall – there are exist a lots of different challenge types.
  🔸 Hacker Gateway – is the go-to place for hackers who want to test their skills.
  🔸 Hacker101 – is a free class for web security.
  🔸 contained.af – a stupid game for learning about containers, capabilities, and syscalls.
  🔸 flAWS challenge! – a series of levels you’ll learn about common mistakes and gotchas when using AWS.
  🔸 CyberSec WTF – provides web hacking challenges derived from bounty write-ups.
  🔸 CTF Challenge – CTF Web App challenges.
  🔸 gCTF – most of the challenges used in the Google CTF 2017.
  🔸 Hack This Site – is a free, safe and legal training ground for hackers.
  🔸 Attack & Defense – is a browser-based cloud labs.
  🔸 Cryptohack – a fun platform for learning modern cryptography.
  🔸 Cryptopals – the cryptopals crypto challenges.

▪️ CTF platforms

  🔸 fbctf – platform to host Capture the Flag competitions.
  🔸 ctfscoreboard – scoreboard for Capture The Flag competitions.

▪️ Other resources

  🔸 Bugcrowd University – open source education content for the researcher community.
  🔸 OSCPRepo – a list of resources and scripts that I have been gathering in preparation for the OSCP.
  🔸 OWASP Top 10: Real-World Examples – test your web apps with real-world examples (two-part series).
  🔸 phrack.org – an awesome collection of articles from several respected hackers and other thinkers.
  🔸 Practical-Ethical-Hacking-Resources – compilation of resources from TCM’s Udemy Course.

Your daily knowledge and news  [TOC]

Your daily knowledge and news  [TOC]

▪️ RSS Readers

  🔸 Feedly – organize, read and share what matters to you.
  🔸 Inoreader – similar to feedly with a support for filtering what you fetch from rss.

▪️ IRC Channels

  🔸 #hackerspaces – hackerspace IRC channels.

▪️ Security

  🔸 The Hacker News – leading news source dedicated to promoting awareness for security experts and hackers.
  🔸 Latest Hacking News – provides the latest hacking news, exploits and vulnerabilities for ethical hackers.
  🔸 Security Newsletter – security news as a weekly digest (email notifications).
  🔸 Google Online Security Blog – the latest news and insights from Google on security and safety on the Internet.
  🔸 Qualys Blog – expert network security guidance and news.
  🔸 DARKReading – connecting the Information Security Community.
  🔸 Darknet – latest hacking tools, hacker news, cybersecurity best practices, ethical hacking & pen-testing.
  🔸 publiclyDisclosed – public disclosure watcher who keeps you up to date about the recently disclosed bugs.
  🔸 Reddit – Hacking – a subreddit dedicated to hacking and hackers.
  🔸 Packet Storm – information security services, news, files, tools, exploits, advisories and whitepapers.
  🔸 Sekurak – about security, penetration tests, vulnerabilities and many others (PL/EN).
  🔸 nf.sec – basic aspects and mechanisms of Linux operating system security (PL).

Reference

Rajesh Kumar
Latest posts by Rajesh Kumar (see all)