Awesome hacking is an awesome collection of hacking tools. Its goal is to collect, classify and make awesome tools easy to find by humans, creating a toolset you can checkout with one command.

• Brakeman - A static analysis security vulnerability scanner for Ruby on Rails applications.

• Xortool - A tool to analyze multi-byte xor cipher.

• Pwntools - CTF framework and exploit development library.

• Docker Bench for Security - The Docker Bench for Security checks for all the automatable tests in the CIS Docker 1.6 Benchmark.

  docker pull diogomonica/docker-bench-security

• DVWA - Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable.

  docker pull citizenstig/dvwa

• Kali Linux - This Kali Linux Docker image provides a minimal base install of the latest version of the Kali Linux Rolling Distribution.

  docker pull kalilinux/kali-linux-docker

• OWASP Mutillidae II - OWASP Mutillidae II Web Pen-Test Practice Application.

  docker pull citizenstig/nowasp

• OWASP Railsgoat - A vulnerable version of Rails that follows the OWASP Top 10.

  docker pull owasp/railsgoat

• OWASP Security Shepherd - A web and mobile application security training platform.

  docker pull ismisepaul/securityshepherd

• OWASP WebGoat - A deliberately insecure Web Application.

  docker pull danmx/docker-owasp-webgoat

• OWASP ZAP - Current stable owasp zed attack proxy release in embedded docker container.

  docker pull owasp/zap2docker-stable

• Security Ninjas - An Open Source Application Security Training Program.

  docker pull opendns/security-ninjas

• Vulnerability as a service: Heartbleed - Vulnerability as a Service: CVE 2014-0160.

  docker pull hmlio/vaas-cve-2014-0160

• Vulnerability as a service: Shellshock - Vulnerability as a Service: CVE 2014-6271.

  docker pull hmlio/vaas-cve-2014-6271

• WPScan - WPScan is a black box WordPress vulnerability scanner.

  docker pull wpscanteam/wpscan

• Autospy - A digital forensics platform and graphical interface to The Sleuth Kit and other digital forensics tools.
• DFF - A Forensics Framework coming with command line and graphical interfaces. DFF can be used to investigate hard drives and volatile memory and create reports about user and system activities.
• Hadoop_framework - A prototype system that uses Hadoop to process hard drive images.
• Scalpel - An open source data carving tool.
• Sleuthkit - A library and collection of command line digital forensics tools.

• Dshell - A network forensic analysis framework.
• Passivedns - A network sniffer that logs all DNS server replies for use in a passive DNS setup.

• HxD - A hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size.

• Scapy - A python-based interactive packet manipulation program & library.

• ArchStrike - An Arch Linux repository for security professionals and enthusiasts.
• BackBox - Ubuntu-based distribution for penetration tests and security assessments.
• BlackArch - Arch Linux-based distribution for penetration testers and security researchers.
• BOSSLive - An Indian GNU/Linux distribution developed by CDAC and is customized to suit Indian's digital environment. It supports most of the Indian languages.
• DEFT Linux - Suite dedicated to incident response and digital forensics.
• Fedora Security Lab - A safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies in universities and other organizations.
• Kali - A Linux distribution designed for digital forensics and penetration testing.
• NST - Network Security Toolkit distribution.
• Ophcrack - A free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms.
• Parrot - Security GNU/Linux distribution designed with cloud pentesting and IoT security in mind.
• Pentoo - Security-focused livecd based on Gentoo.
• REMnux - Toolkit for assisting malware analysts with reverse-engineering malicious software.

• Androguard - Reverse engineering, Malware and goodware analysis of Android applications.

• Passivedns-client - Provides a library and a query tool for querying several passive DNS providers.

• Malboxes - Builds malware analysis Windows VMs so that you don't have to.

• PEview - A quick and easy way to view the structure and content of 32-bit Portable Executable (PE) and Component Object File Format (COFF) files.

• DNSChef - DNS proxy for Penetration Testers and Malware Analysts.

• Pig - A Linux packet crafting tool.

• Dripcap - Caffeinated Packet Analyzer.
• Dsniff - A collection of tools for network auditing and pentesting.
• Moloch - Moloch is a open source large scale full PCAP capturing, indexing and database system.
• NetworkMiner - A Network Forensic Analysis Tool (NFAT).
• Netsniff-ng - A Swiss army knife for your daily Linux network plumbing.
• OpenFPC  - OpenFPC is a set of scripts that combine to provide a lightweight full-packet network traffic recorder and buffering tool. Its design goal is to allow non-expert users to deploy a distributed network traffic recorder on COTS hardware while integrating into existing alert and log tools.
• PF_RING - PF_RING™ is a Linux kernel module and user-space framework that allows you to process packets at high-rates while providing you a consistent API for packet processing applications.
• Wireshark - A free and open-source packet analyzer.

• BeEF - The Browser Exploitation Framework Project.
• Fathomless - A collection of different programs for network red teaming.
• Metasploit Framework - Exploitation framework.
• Shellsploit - Let's you generate customized shellcodes, backdoors, injectors for various operating system. And let's you obfuscation every byte via encoders.
• SPARTA - Network Infrastructure Penetration Testing Tool.
• Zarp - Network Attack Tool.

• The Exploit Database - The official Exploit Database repository.

• Dnsenum - A perl script that enumerates DNS information.
• Dnsmap - Passive DNS network mapper.
• Dnsrecon - DNS Enumeration Script.
• SMBMap - A handy SMB enumeration tool.

• Netzob - Netzob is an opensource tool for reverse engineering, traffic generation and fuzzing of communication protocols.
• Zulu - A fuzzer designed for rapid prototyping that normally happens on a client engagement where something needs to be fuzzed within tight timescales.

• Mitmproxy - An interactive, SSL-capable man-in-the-middle proxy for HTTP with a console interface.
• Mitmsocks4j - Man in the Middle SOCKS Proxy for JAVA.

• HashCat - World's fastest and most advanced password recovery utility.
• Hob0Rules - Password cracking rules for Hashcat based on statistics and industry patterns.
• John the Ripper - A fast password cracker.

• Masscan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

• DET - (extensible) Data Exfiltration Toolkit (DET).
• Fireaway - Next Generation Firewall Audit and Bypass Tool.
• Mallory - HTTP/HTTPS proxy over SSH.
• Mimikatz - A little tool to play with Windows security.
• Pwnat - Punches holes in firewalls and NATs allowing any numbers of clients behind NATs to directly connect to a server behind a different NAT.
• Tgcd - A simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls.

• Sslstrip - A demonstration of the HTTPS stripping attacks.
• Sslstrip2 - SSLStrip version to defeat HSTS.
• SSLyze - SSL configuration scanner.
• Tls_prober - Fingerprint a server's SSL/TLS implementation.

• DVWA - Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable.
• OWASP Railsgoat - A vulnerable version of Rails that follows the OWASP Top 10.
• OWASP Security Shepherd - A web and mobile application security training platform.
• OWASP WebGoat - A deliberately insecure Web Application.
• RopeyTasks - Deliberately vulnerable web application.

• Arachni - Web Application Security Scanner Framework.
• Dvcs-ripper - Rip web accessible (distributed) version control systems.
• Nikto2 - Web application vulnerability scanner.
• NoSQLMap - Automated Mongo database and NoSQL web application exploitation tool.
• Paros - A Java based HTTP/HTTPS proxy for assessing web application vulnerability.
• SQLMap - Automatic SQL injection and database takeover tool.
• TPLMap - Automatic Server-Side Template Injection Detection and Exploitation Tool.
• W3af - Web application attack and audit framework.
• Wapiti - Web application vulnerability scanner.
• Weevely3 - Weaponized web shell.
• WPScan - WPScan is a black box WordPress vulnerability scanner.
• Zed Attack Proxy (ZAP) - The OWASP ZAP core project.

• Aircrack-ng - An 802.11 WEP and WPA-PSK keys cracking program.
• Kismet - Wireless network detector, sniffer, and IDS.
• Reaver - Brute force attack against Wifi Protected Setup.
• Wifite - Automated wireless attack tool.
• Wifiphisher - Automated phishing attacks against Wi-Fi networks.

• Duckhunt - Prevent RubberDucky (or other keystroke injection) attacks.

• BinText - A small, very fast and powerful text extractor.
• Edb - A cross platform x86/x86-64 debugger.
• Dex2jar - Tools to work with android .dex and java .class files.
• DotPeek - A free-of-charge .NET decompiler from JetBrains.
• Hopper - A OS X and Linux Disassembler/Decompiler for 32/64 bit Windows/Mac/Linux/iOS executables.
• IDA Free - The freeware version of IDA.
• IDA Pro - A Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger.
• Immunity Debugger - A powerful new way to write exploits and analyze malware.
• JAD - JAD Java Decompiler.
• JD-GUI - Aims to develop tools in order to decompile and analyze Java 5 “byte code” and the later versions.
• Medusa - A disassembler designed to be both modular and interactive.
• OllyDbg - An x86 debugger that emphasizes binary code analysis.
• PEDA - Python Exploit Development Assistance for GDB.
• Plasma - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
• Radare2 - Opensource, crossplatform reverse engineering framework.
• Voltron - An extensible debugger UI toolkit written in Python. It aims to improve the user experience of various debuggers (LLDB, GDB, VDB and WinDbg) by enabling the attachment of utility views that can retrieve and display data from the debugger host.
• WinDbg - Windows Driver Kit and WinDbg.
• WinHex - A hexadecimal editor, helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security.
• Unlinker - Unlinker is a tool that can rip functions out of Visual C++ compiled binaries and produce Visual C++ COFF object files.
• UPX - The Ultimate Packer for eXecutables.
• X64_dbg - An open-source x64/x32 debugger for windows.

• Whatsapp-phishing - Proof of principle code for running a phishing attack against the official Whatsapp Web client.

Every kind of contribution is really appreciated! Feature requests, suggestions, fixes or documentation contributions are welcome. Please send a patch with your contribution using Github pull requests or just get in touch with me.

Please send questions, comments, suggestions or rants to [email protected] (@jekil).