A collection of hacking / penetration testing resources to make you better!
The developer of this repository has not created any items for sale yet. Need a bug fixed? Help with integration? A different license? Create a request here:
A collection of hacking / penetration testing resources to make you better!
Let's make it the biggest resource repository for our community.
You are welcome to fork and contribute.
We started a new tools list, come and contribute
Name | Description ---- | ----BadBinaries.com | a simple opendir full of quality docs and notes on a variety of security topics; good walkthroughs on malware trafic analysis and sysadmin stuff.CS 642: Intro to Computer Security | academic content, full semester course, includes assigned readings, homework and github refs for exploit examples. NO VIDEO LECTURES.CyberSec WTF | CyberSec WTF Web Hacking Challenges from Bounty write-upsCybrary | coursera style website, lots of user-contributed content, account required, content can be filtered by experience levelFree Cyber Security Training | Academic content, 8 full courses with videos from a quirky instructor sam, links to research, defcon materials and other recommended training/learningHak5 | podcast-style videos covering various topics, has a forum, "metasploit-minute" video series could be usefulHopper's Roppers Security Training | Four free self-paced courses on Computing Fundamentals, Security, Capture the Flags, and a Practical Skills Bootcamp that help beginners build a strong base of foundational knowledge. Designed to prepare for students for whatever they need to learn next.Learning Exploitation with Offensive Computer Security 2.0 | blog-style instruction, includes: slides, videos, homework, discussion. No login required.Mind Maps | Information Security related Mind MapsMIT OCW 6.858 Computer Systems Security | academic content, well organized, full-semester course, includes assigned readings, lectures, videos, required lab files.OffensiveComputerSecurity | academic content, full semester course including 27 lecture videos with slides and assign readingsOWASP top 10 web security risks | free courseware, requires accountSecurityTube | tube-styled content, "megaprimer" videos covering various topics, no readable content on site.Seed Labs | academic content, well organized, featuring lab videos, tasks, needed code files, and recommended readingsTryHackMe | Designed prebuilt challenges which include virtual machines (VM) hosted in the cloud ready to be deployed
Name | Description ---- | ----0patch by ACROS Security | few videos, very short, specific to 0patchBlackHat | features talks from the BlackHat conferences around the worldChristiaan008 | hosts a variety of videos on various security topics, disorganized |
Companies |Detectify | very short videos, aimed at showing how to use Detictify scannerHak5 | see Hak5 aboveKaspersky Lab | lots of Kaspersky promos, some hidden cybersecurity gemsMetasploit | collection of medium length metasploit demos, ~25minutes each, instructionalntop | network monitoring, packet analysis, instructionalnVisium | Some nVisum promos, a handful of instructional series on Rails vulns and web hackingOpenNSM | network analysis, lots of TCPDUMP videos, instructional,OWASP | see OWASP aboveRapid7 | brief videos, promotional/instructional, ~ 5 minutesSecurelist | brief videos, interviews discussing various cyber security topicsSegment Security | promo videos, non-instructionalSocialEngineerOrg | podcast-style, instructional, lengthy content ~1 hr eachSonatype | lots of random videos, a good cluster of DevOps related content, large range of lengths, disorganizedSophosLabs | lots of brief, news-style content, "7 Deadly IT Sins" segment is of noteSourcefire | lots of brief videos covering topics like botnets, DDoS ~5 minutes eachStation X | handful of brief videos, disorganized, unscheduled content updatesSynack | random, news-style videos, disorganized, non-instructionalTippingPoint Zero Day Initiative | very brief videos ~30 sec, somewhat instructionalTripwire, Inc. | some tripwire demos, and random news-style videos, non-instructionalVincent Yiu | handful of videos from a single hacker, instructional | Conferences |44contv | inMIT OCW 6.858 Computer Systems Security |Information security con based in London, lengthy instructional videosBruCON Security Conference | security and hacker conference based in b\Belgium, lots of lengthy instructinoal videosBSides Manchester | security and hacker con based in Mancheseter, lots of lengthy videosBSidesAugusta | security con based in Augusta, Georgia, lots of lengthy instructional videosCarolinaCon | security con based in North Carolina, associated with various 2600 chapters, lots of lengthy instructional contentCort Johnson | a handful of lengthy con-style talks from Hack Secure Opensec 2017DevSecCon | lenghty con videos covering DevSecOps, making software more secureGarage4Hackers - Information Security | a handful of lengthy videos, About section lacks descriptionHACKADAY | lots of random tech content, not strictly infosec, some instructionalHack In The Box Security Conference | lengthy con-style instructional talks from an international security conHack in Paris | security con based in paris, features lots of instructional talks, slides can be difficult to see.Hacklu | lots of lengthy con-style instructional videosHacktivity | lots of lengthy con-style instructional videos from a con in central/eastern europeHardwear.io | handful of lengthy con-style video, emphasis on hardware hacksIEEE Symposium on Security and Privacy | content from the symposium; IEEE is a professional association based in the us, they also publish various journalsLASCON | lengthy con-style talks from an OWASP con held in Austin, TXleHACK | leHACK is the oldest ( 2003 ), leading, security conference in Paris, FRMarcus Niemietz | lots of instructional content, associated with HACKPRA, an offensive security course from an institute in GermanyMedia.ccc.de | The real official channel of the chaos computer club, operated by the CCC VOC - tons of lengthy con-style vidsNorthSec | lengthy con-style talks from an applied security conference in CanadaPancake Nopcode | channel of Radare2 whiz Sergi "pancake" Alvarez, Reverse Engineering ContentPsiinon | medium length instructional videos, for the OWASP Zed Attack ProxySJSU Infosec | handful of lengthy instructional videos from San Jose State university InfosecSecappdev.org | tons of lengthy instructional lectures on Secure App DevelopmentSecurity Fest | medium length con-style talks from a security festival in SwedenSecurityTubeCons | an assortment of con-style talks from various cons including BlackHat and ShmooconToorCon | handful of medium length con videos from con based in San Diego, CAUSENIX Enigma Conference | medium length "round table discussion with leading experts", content starts in 2016ZeroNights | a lot of con-style talks from international conference ZeroNights | News |0x41414141 | Channel with couple challenges, well explainedAdrian Crenshaw | lots of lengthy con-style talksCorey Nachreiner | security newsbites, 2.7K subscribers, 2-3 videos a week, no set scheduleBalCCon - Balkan Computer Congress | Long con-style talks from the Balkan Computer Congress, doesn't update regularlydanooct1 | lots of brief screenshot, how-to vids regarding malware, regular content updates, 186K followerssDedSec | lots of brief screenshot how-to vids based in Kali, no recent posts.DEFCON Conference | lots of lengthy con-style vids from the iconical DEFCONDemmSec | lots of pen testing vids, somewhat irregular uploads, 44K followersDerek Rook - CTF/Boot2root/wargames Walkthrough | lots of lengthy screenshot instructional vids, withDon Does 30 | amateur pen-tester posting lots of brief screenshot vids regularly, 9K FollowersError 404 Cyber News | short screen-shot videos with loud metal, no dialog, bi-weeklyGeeks Fort - KIF | lots of brief screenshot vids, no recent postsGynvaelEN | Security streams from Google Researcher. Mainly about CTFs, computer security, programing and similar things.HackerSploit | regular posts, medium length screenshot vids, with dialogHACKING TUTORIALS | handful of brief screenshot vids, no recent posts.iExplo1t | lots of screenshot vids aimed at novices, 5.7K Followers, no recent postsJackkTutorials | lots of medium length instructional vids with some AskMe vids from the youtuberJohn Hammond | Solves CTF problems. contains penTesting tips and tricksLatest Hacking News | 10K followers, medium length screenshot videos, no recent releasesLionSec | lots of brief screenshot instructional vids, no dialogLiveOverflow | Lots of brief-to-medium instructional vids, covering things like buffer overflows and exploit writing, regular posts.Metasploitation | lots of screenshot vids, little to no dialogue, all about using Metasploit, no recent vids.NetSecNow | channel of pentesteruniversity.org, seems to post once a month, screenshot instructional vidsOpen SecurityTraining | lots of lengthy lecture-style vids, no recent posts, but quality info.Pentester Academy TV | lots of brief videos, very regular posting, up to +8 a weekPenetration Testing in Linux | DELETErwbnetsec | lots of medium length instructional videos covering tools from Kali 2.0, no recent posts.Samy Kamkar's Applied Hacking | brief to medium length instructional vids from the creator of PoisonTap for the Raspberry Pi Zero, no recent content, last updated in 2016SecureNinjaTV | brief news bites, irregular posting, 18K followersSecurity Weekly | regular updates, lengthy podcast-style interviews with industry prosSeytonic | variety of DIY hacking tutorials, hardware hacks, regular updatesShozab Haxor | lots of screenshot style instructional vids, regular updates, windows CLI tutorialSSTec Tutorials | lots of brief screenshot vids, regular updatesTradecraft Security Weekly | Want to learn about all of the latest security tools and techniques?Troy Hunt | lone youtuber, medium length news videos, 16K followers, regular contentWaleed Jutt | lots of brief screenshot vids covering web security and game programmingwebpwnized | lots of brief screenshot vids, some CTF walkthroughsZer0Mem0ry | lots of brief c++ security videos, programming intensiveLionSec | lots of brief screenshot instructional vids, no dialogAdrian Crenshaw | lots of lengthy con-style talksHackerSploit | regular posts, medium length screenshot vids, with dialogDerek Rook - CTF/Boot2root/wargames Walkthrough | lots of lengthy screenshot instructional vids, withTradecraft Security Weekly | Want to learn about all of the latest security tools and techniques?IPPSec | Hackthebox.eu retired machine vulnerable machine walkthroughs to help you learn both basic and advanced processes and techniques
Name | Description ---- | ----Backdoor | pen testing labs that have a space for beginners, a practice arena and various competitions, account requiredThe cryptopals crypto challenges | A bunch of CTF challenges, all focused on cryptography.Challenge Land | Ctf site with a twist, no simple sign-up, you have to solve a challengeto even get that far | a reverse engineering information Repo, started in 2003Crackmes.one | This is a simple place where you can download crackmes to improve your reverse engineering skills.CTFLearn | an account-based ctf site, where users can go in and solve a range of challengesCTFs write-ups | a collection of writeups from various CTFs, organized byCTF365 | account based ctf site, awarded by Kaspersky, MIT, T-MobileThe enigma group | web application security training, account based, video tutorialsExploit exercises | hosts 5 fulnerable virtual machines for you to attack, no account requiredGoogle CTF | Source code of Google 2017, 2018 and 2019 CTFGoogle CTF 2019 | 2019 edition of the Google CTF contestGoogle's XSS game | XSS challenges, and potentially a chance to get paid | Pen testing labs hosting over 39 vulnerable machines with two additional added every monthHacker test | similar to "hackthissite", no account required.Hacker Gateway | ctfs covering steganography, cryptography, and web challengs, account requiredHacksplaining | a clickthrough security informational site, very good for beginners.hackburger.ee | hosts a number of web hacking challenges, account requiredHack.me | lets you build/host/attack vulnerable web appsHack this site! | an oldy but goodie, account required, users start at low levels and progress in difficultyknock.xss.moe | XSS challenges, account required.Lin.security | Practice your Linux privilege escalationnoe.systems | Korean challenge site, requires an accountOver the wire | A CTF that's based on progressive levels for each lab, the users SSH in, no account recquiredParticipating Challenge Sites | aims at creating a universal ranking for CTF participantsPentesterLab | hosts a variety of exercises as well as various "bootcamps" focused on specific activitiesPentestit | acocunt based CTF site, users have to install open VPN and get credentialsPentest Practice | account based Pentest practice, free to sign up, but there's also a pay-as-you-go featurePentest.training | lots of various labs/VMS for you to try and hack, registry is optional.PicoCTF | CTF hosted by Carnegie Mellon, occurs yearly, account required.pwnable.kr | Don't let the cartoon characters fool you, this is a serious CTF site that will teach you a lot, account requiredpwnable.tw | hosts 27 challenges accompanied with writeups, account requiredRingzer0 Team | an account based CTF site, hosting over 272 challengesROP Emporium | Return Oriented Programming challengesSmashTheStack | hosts various challenges, similar to OverTheWire, users must SSH into the machines and progress in levelsShellter Labs | account based infosec labs, they aim at making these activities socialSolve Me | "yet another challenge", account required.Vulnhub | site hosts a ton of different vulnerable Virtual Machine images, download and get hackingwebsec.fr | Focused on web challenges, registration is optional.webhacking.kr | lots of web security challenges are available, recommended for beginners. You need to solve a simple challenge to sign up.Stereotyped Challenges | Challenges for web security professionals, account required.Stripe CTF 2.0 | Past security contest where you can discover and exploit vulnerabilities in mock web applications.Windows / Linux Local Privilege Escalation Workshop | Practice your Linux and Windows privilege escalationHacking Articles | CTF Brief Write up collection with a lot of screenshots good for beggainersHacker101 CTF | CTF hosted by HackerOne, always online. You will receive invitations to some private programs on HackerOne platform as a reward.Hacking Lab | European platform hosting lots of riddles, challenges and competitions
Name | Description ---- | ----A Course on Intermediate Level Linux Exploitation | as the title says, this course isn't for beginnersAnalysis and exploitation (unprivileged) | huge collection of RE information, organized by type.Binary hacking | 35 "no bullshit" binary videos along with other infoBuffer Overflow Exploitation Megaprimer for Linux | Collection of Linux Rev. Engineering videosCorelan tutorials | detailed tutorial, lots of good information about memoryExploit tutorials | a series of 9 exploit tutorials,also features a podcastExploit development | links to the forum's exploit dev posts, quality and post style will vary with each posterflAWS challenge | Through a series of levels you'll learn about common mistakes and gotchas when using Amazon Web Services (AWS).Introduction to ARM Assembly Basics | tons of tutorials from infosec pro Azeria, follow her on twitterIntroductory Intel x86 | 63 days of OS class materials, 29 classes, 24 instructors, no account requiredLena's Reversing for Newbies (Complete) | listing of a lengthy resource by Lena, aimed at being a courseLinux (x86) Exploit Development Series | blog post by sploitfun, has 3 different levelsMegabeets journey into Radare2 | one user's radare2 tutorialsModern Binary Exploitation - CSCI 4968 | RE challenges, you can download the files or download the VM created by RPISEC specifically for challenges, also links to their home page with tons of infosec lecturesRecon.cx - reversing conference | the conference site contains recordings and slides of all talks!! Reverse Engineering for Beginners | huge textbook, created by Dennis Yurichev, open-sourceReverse engineering reading list | a github collection of RE tools and booksReverse Engineering challenges | collection of challenges from the writer of RE for BeginnersReverse Engineering for beginners (GitHub project) | github for the aboveReverse Engineering Malware 101 | intro course created by Malware Unicorn, complete with material and two VM'sReverse Engineering Malware 102 | the sequel to RE101reversing.kr challenges | reverse engineering challenges varying in difficultyShell storm | Blog style collection with organized info about Rev. Engineering.Shellcode Injection | a blog entry from a grad student at SDS LabsMicro Corruption — Assembly | CTF designed to learn Assembly by practicing
Name | Description ---- | ----4 Ways get linux privilege escalation | shows different examples of PEA GUIDE TO LINUX PRIVILEGE ESCALATION | Basics of Linux privilege escalationAbusing SUDO (Linux Privilege Escalation) | Abusing SUDO (Linux Privilege Escalation)AutoLocalPrivilegeEscalation | automated scripts that downloads and compiles from exploitdbBasic linux privilege escalation | basic linux exploitation, also covers WindowsCommon Windows Privilege Escalation Vectors | Common Windows Privilege Escalation VectorsEditing /etc/passwd File for Privilege Escalation | Editing /etc/passwd File for Privilege EscalationLinux Privilege Escalation | Linux Privilege Escalation – Tradecraft Security Weekly (Video)Linux Privilege Escalation Check Script | a simple linux PE check scriptLinux Privilege Escalation Scripts | a list of PE checking scripts, some may have already been coveredLinux Privilege Escalation Using PATH Variable | Linux Privilege Escalation Using PATH VariableLinux Privilege Escalation using Misconfigured NFS | Linux Privilege Escalation using Misconfigured NFSLinux Privilege Escalation via Dynamically Linked Shared Object Library | How RPATH and Weak File Permissions can lead to a system compromise.Local Linux Enumeration & Privilege Escalation Cheatsheet | good resources that could be compiled into a scriptOSCP - Windows Priviledge Escalation | Common Windows Priviledge EscalationPrivilege escalation for Windows and Linux | covers a couple different exploits for Windows and LinuxPrivilege escalation linux with live example | covers a couple common PE methods in linuxReach the root | discusses a process for linux privilege exploitationRootHelper | a tool that runs various enumeration scripts to check for privilege escalationUnix privesc checker | a script that checks for PE vulnerabilities on a systemWindows exploits, mostly precompiled. | precompiled windows exploits, could be useful for reverse engineering tooWindows Privilege Escalation | collection of wiki pages covering Windows Privilege escalationWindows Privilege Escalation | Notes on Windows Privilege EscalationWindows privilege escalation checker | a list of topics that link to pentestlab.blog, all related to windows privilege escalationWindows Privilege Escalation Fundamentals | collection of great info/tutorials, option to contribute to the creator through patreon, creator is an OSCPWindows Privilege Escalation Guide | Windows Privilege Escalation GuideWindows Privilege Escalation Methods for Pentesters | Windows Privilege Escalation Methods for Pentesters
Name | Description ---- | ----Malware traffic analysis | list of traffic analysis exercisesMalware Analysis - CSCI 4976 | another class from the folks at RPISEC, quality contentBad Binaries | walkthrough documents of malware traffic analysis exercises and some occasional malware analysis.
Name | Description ---- | ----Foot Printing with WhoIS/DNS records | a white paper from SANSGoogle Dorks/Google Hacking | list of commands for google hacks, unleash the power of the world's biggest search engine
Name | Description ---- | ----bWAPP | common buggy web app for hacking, great for beginners, lots of documentationDamn Small Vulnerable Web | written in less than 100 lines of code, this web app has tons of vulns, great for teachingDamn Vulnerable Web Application (DVWA) | PHP/MySQL web app for testing skills and toolsGoogle Gruyere | host of challenges on this cheesy web appOWASP Broken Web Applications Project | hosts a collection of broken web appsOWASP Hackademic Challenges project | web hacking challengesOWASP Mutillidae II | another OWASP vulnerable app, lots of documentation.OWASP Juice Shop | covers the OWASP top 10 vulnsWebGoat: A deliberately insecure Web Application | maintained by OWASP and designed to to teach web app security
Name | Description ---- | ----General Test Environment Guidance | white paper from the pros at rapid7Metasploitable2 (Linux) | vulnerable OS, great for practicing hackingMetasploitable3 [Installation] | the third installation of this vulnerable OSVulnhub | collection of tons of different vulnerable OS and challenges
Name | Description ---- | -----Android Tamer | Android Tamer is a Virtual / Live Platform for Android Security professionals.BackBox | open source community project, promoting security in IT enivornmentsBlackArch | Arch Linux based pentesting distro, compatible with Arch installsBugtraq | advanced GNU Linux pen-testing technologyKali | the infamous pentesting distro from the folks at Offensive SecurityLionSec Linux | pentesting OS based on UbuntuParrot | Debian includes full portable lab for security, DFIR, and developmentPentoo | pentesting OS based on Gentoo
Name | Description ---- | ----0day.today | Easy to navigate database of exploitsExploit Database | database of a wide variety exploits, CVE compliant archiveCXsecurity | Indie cybersecurity info managed by 1 personSnyk Vulnerability DB | detailed info and remediation guidance for known vulns, also allows you to test your code
Name | Description ---- | ----0x00sec | hacker, malware, computer engineering, Reverse engineeringAntichat | russian based forumCODEBY.NET | hacker, WAPT, malware, computer engineering, Reverse engineering, forensics - russian based forumEAST Exploit database | exploit DB for commercial exploits written for EAST Pentest FrameworkGreysec | hacking and security forumHackforums | posting webstite for hacks/exploits/various discussion4Hat Day | brazilian based hacker forumCaveiraTech | brazilian based, general hacker forum
Name | Description ---- | ----InfoCon.org | hosts data from hundreds of consIrongeek | Website of Adrien Crenshaw, hosts a ton of info.infocondb.org | a site that aims to catalog and cross-reference all hacker conferences.
Name | Description ---- | ----InfoSec | covers all the latest infosec topicsRecent Hash Leaks | great place to lookup hashesSecurity Intell | covers all kinds of news, great intelligence resourcesThreatpost | covers all the latest threats and breachesSecjuiceThe Hacker News | features a daily stream of hack news, also has an app