Awesome Resources
Videos
Tools
Binary Exploitation
| Tool | Description |
|---|---|
| pwntools | CTF framework and exploit development library |
| afl | American fuzzy lop, a security-oriented fuzzer |
Cryptography
| Tool | Description |
|---|---|
| CyberChef | A web app for encryption, encoding, compression and data analysis. |
| Cryptii | A web app for encoding, decoding, and encryption. |
| CrackStation | A web app for password cracking. |
| Decodify | A web app for encoding, decoding, and encryption. |
| Enigma Machine | A web app for simulating the Enigma Machine. |
| PEMCrack | A web app for cracking PEM files. |
Digital Forensics
| Tool | Description |
|---|---|
| Wireshark | A network protocol analyzer, to analyze pcap or pcapng files. |
| Binwalk | A fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images. |
| Volatility | A memory forensics framework. |
| Autopsy | A digital forensics platform and graphical interface to The Sleuth Kit (TSK) and other digital forensics tools. |
| The Sleuth Kit | A collection of command line tools that allow you to investigate volume and file system data. |
| ExifTool | A platform-independent Perl library plus a command-line application for reading, writing and editing meta information in a wide variety of files. |
Steganography
| Tool | Description |
|---|---|
| Stegsolve | A steganography tool for analyzing images. |
| ZSteg | A steganography tool for analyzing images. |
| Sonic Visualiser | A tool for viewing and analyzing the contents of music audio files. |
| Snow | A tool for analyzing whitespace steganography. |
| stegextract | A tool for extracting hidden data from images. |
| SmartDeblur | A tool for deblurring images. |
Reverse Engineering
| Tool | Description |
|---|---|
| Ghidra | A free software reverse engineering (SRE) suite of tools developed by NSA. |
| IDA Pro | A commercial and most popular disassembler and debugger for Windows, Linux or macOS. |
| Radare2 | A free UNIX-like RE framework, and command-line toolset |
| Angr | A python framework for analyzing binaries. |
| Z3 | A theorem prover from Microsoft Research. |
| GDB | The GNU Project debugger. |
| ApkTool | A tool for reverse engineering Android apk files. |
| Frida | A dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers. |
Web Security
| Tool | Description |
|---|---|
| Burp Suite | A suite of tools for web security testing. |
| Postman | A platform for API testing |
| SQLmap | An open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. |
| fuff | A fast web fuzzer written in Go. |
| Gopherus | A tool for generating malicious gopher payloads. |
| ngrok | A tool for exposing local servers behind NATs and firewalls to the public internet over secure tunnels. |
| Nikto | An open source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. |
| OWASP ZAP | Intercepting proxy to replay, debug, and fuzz HTTP requests and responses. |
Misc
Bruteforcers
| Tool | Description |
|---|---|
| Hydra | A fast network logon cracker which support many different services. |
| John the Ripper | A fast password cracker, currently available for many flavors of Unix, macOS, Windows, DOS, BeOS, and OpenVMS. |
| Hashcat | A fast password recovery tool. |
Esotheric Languages
| Tool | Description |
|---|---|
| Brainfuck | A web app for running Brainfuck code. |