A curated collection of hacking, penetration testing, and AI red-teaming resources to make you better.
Let's make it the biggest resource repository for our community.
You are welcome to fork and contribute.
We also maintain a companion tools list β contributions welcome there too.
- π Learning the Skills
- π₯ YouTube Channels
- π― Sharpening Your Skills
- 𧬠Reverse Engineering, Buffer Overflow and Exploit Development
- β¬οΈ Privilege Escalation
- π΅οΈ OSINT
- π°οΈ Network Scanning / Reconnaissance
- π¦ Malware Analysis
- π€ AI Security / AI Red Teaming
- π Vulnerable Web Application
- π₯οΈ Vulnerable OS
- π₯ Exploits
- π¬ Forums
- π¬ Archived Security Conference Videos
- π₯ Online Communities
- π° Online News Sources
- π§ Linux Penetration Testing OS
| Name | Description |
|---|---|
| CS 642: Intro to Computer Security | academic content, full semester course, includes assigned readings, homework and github refs for exploit examples. NO VIDEO LECTURES. |
| CyberSec WTF | CyberSec WTF Web Hacking Challenges from Bounty write-ups |
| Cybrary | coursera style website, lots of user-contributed content, account required, content can be filtered by experience level |
| Free Cyber Security Training | Academic content, 8 full courses with videos from a quirky instructor sam, links to research, defcon materials and other recommended training/learning |
| Hak5 | podcast-style videos covering various topics, has a forum, "metasploit-minute" video series could be useful |
| Hopper's Roppers Security Training | Four free self-paced courses on Computing Fundamentals, Security, Capture the Flags, and a Practical Skills Bootcamp that help beginners build a strong base of foundational knowledge. Designed to prepare for students for whatever they need to learn next. |
| Mind Maps | Information Security related Mind Maps |
| MIT OCW 6.858 Computer Systems Security | academic content, well organized, full-semester course, includes assigned readings, lectures, videos, required lab files. |
| OWASP top 10 web security risks | free courseware, requires account |
| Seed Labs | academic content, well organized, featuring lab videos, tasks, needed code files, and recommended readings |
| TryHackMe | Designed prebuilt challenges which include virtual machines (VM) hosted in the cloud ready to be deployed |
| Name | Description | ||
|---|---|---|---|
| 0patch by ACROS Security | few videos, very short, specific to 0patch | ||
| BlackHat | features talks from the BlackHat conferences around the world | ||
| Christiaan008 | hosts a variety of videos on various security topics, disorganized | ||
| Companies | |||
| Detectify | very short videos, aimed at showing how to use Detictify scanner | ||
| Hak5 | see Hak5 above | ||
| Kaspersky Lab | lots of Kaspersky promos, some hidden cybersecurity gems | ||
| Metasploit | collection of medium length metasploit demos, ~25minutes each, instructional | ||
| ntop | network monitoring, packet analysis, instructional | ||
| nVisium | Some nVisum promos, a handful of instructional series on Rails vulns and web hacking | ||
| OpenNSM | network analysis, lots of TCPDUMP videos, instructional, | ||
| OWASP | see OWASP above | ||
| Rapid7 | brief videos, promotional/instructional, ~ 5 minutes | ||
| Securelist | brief videos, interviews discussing various cyber security topics | ||
| Segment Security | promo videos, non-instructional | ||
| SocialEngineerOrg | podcast-style, instructional, lengthy content ~1 hr each | ||
| Sonatype | lots of random videos, a good cluster of DevOps related content, large range of lengths, disorganized | ||
| SophosLabs | lots of brief, news-style content, "7 Deadly IT Sins" segment is of note | ||
| Sourcefire | lots of brief videos covering topics like botnets, DDoS ~5 minutes each | ||
| Station X | handful of brief videos, disorganized, unscheduled content updates | ||
| Synack | random, news-style videos, disorganized, non-instructional | ||
| TippingPoint Zero Day Initiative | very brief videos ~30 sec, somewhat instructional | ||
| Tripwire, Inc. | some tripwire demos, and random news-style videos, non-instructional | ||
| Vincent Yiu | handful of videos from a single hacker, instructional | ||
| Conferences | |||
| 44contv | in | ||
| MIT OCW 6.858 Computer Systems Security | Information security con based in London, lengthy instructional videos | ||
| BruCON Security Conference | security and hacker conference based in b\Belgium, lots of lengthy instructinoal videos | ||
| BSides Manchester | security and hacker con based in Mancheseter, lots of lengthy videos | ||
| BSidesAugusta | security con based in Augusta, Georgia, lots of lengthy instructional videos | ||
| CarolinaCon | security con based in North Carolina, associated with various 2600 chapters, lots of lengthy instructional content | ||
| Cort Johnson | a handful of lengthy con-style talks from Hack Secure Opensec 2017 | ||
| DevSecCon | lenghty con videos covering DevSecOps, making software more secure | ||
| Garage4Hackers - Information Security | a handful of lengthy videos, About section lacks description | ||
| HACKADAY | lots of random tech content, not strictly infosec, some instructional | ||
| Hack In The Box Security Conference | lengthy con-style instructional talks from an international security con | ||
| Hack in Paris | security con based in paris, features lots of instructional talks, slides can be difficult to see. | ||
| Hacklu | lots of lengthy con-style instructional videos | ||
| Hacktivity | lots of lengthy con-style instructional videos from a con in central/eastern europe | ||
| Hardwear.io | handful of lengthy con-style video, emphasis on hardware hacks | ||
| IEEE Symposium on Security and Privacy | content from the symposium; IEEE is a professional association based in the us, they also publish various journals | ||
| LASCON | lengthy con-style talks from an OWASP con held in Austin, TX | ||
| leHACK | leHACK is the oldest ( 2003 ), leading, security conference in Paris, FR | ||
| Marcus Niemietz | lots of instructional content, associated with HACKPRA, an offensive security course from an institute in Germany | ||
| Media.ccc.de | The real official channel of the chaos computer club, operated by the CCC VOC - tons of lengthy con-style vids | ||
| NorthSec | lengthy con-style talks from an applied security conference in Canada | ||
| Pancake Nopcode | channel of Radare2 whiz Sergi "pancake" Alvarez, Reverse Engineering Content | ||
| Psiinon | medium length instructional videos, for the OWASP Zed Attack Proxy | ||
| SJSU Infosec | handful of lengthy instructional videos from San Jose State university Infosec | ||
| Secappdev.org | tons of lengthy instructional lectures on Secure App Development | ||
| Security Fest | medium length con-style talks from a security festival in Sweden | ||
| SecurityTubeCons | an assortment of con-style talks from various cons including BlackHat and Shmoocon | ||
| ToorCon | handful of medium length con videos from con based in San Diego, CA | ||
| USENIX Enigma Conference | medium length "round table discussion with leading experts", content starts in 2016 | ||
| ZeroNights | a lot of con-style talks from international conference ZeroNights | ||
| News | |||
| 0x41414141 | Channel with couple challenges, well explained | ||
| Adrian Crenshaw | lots of lengthy con-style talks | ||
| Corey Nachreiner | security newsbites, 2.7K subscribers, 2-3 videos a week, no set schedule | ||
| BalCCon - Balkan Computer Congress | Long con-style talks from the Balkan Computer Congress, doesn't update regularly | ||
| danooct1 | lots of brief screenshot, how-to vids regarding malware, regular content updates, 186K followerss | ||
| DedSec | lots of brief screenshot how-to vids based in Kali, no recent posts. | ||
| DEFCON Conference | lots of lengthy con-style vids from the iconical DEFCON | ||
| DemmSec | lots of pen testing vids, somewhat irregular uploads, 44K followers | ||
| Derek Rook - CTF/Boot2root/wargames Walkthrough | lots of lengthy screenshot instructional vids, with | ||
| Don Does 30 | amateur pen-tester posting lots of brief screenshot vids regularly, 9K Followers | ||
| Error 404 Cyber News | short screen-shot videos with loud metal, no dialog, bi-weekly | ||
| Geeks Fort - KIF | lots of brief screenshot vids, no recent posts | ||
| GynvaelEN | Security streams from Google Researcher. Mainly about CTFs, computer security, programing and similar things. | ||
| HackerSploit | regular posts, medium length screenshot vids, with dialog | ||
| HACKING TUTORIALS | handful of brief screenshot vids, no recent posts. | ||
| iExplo1t | lots of screenshot vids aimed at novices, 5.7K Followers, no recent posts | ||
| JackkTutorials | lots of medium length instructional vids with some AskMe vids from the youtuber | ||
| John Hammond | Solves CTF problems. contains penTesting tips and tricks | ||
| LionSec | lots of brief screenshot instructional vids, no dialog | ||
| LiveOverflow | Lots of brief-to-medium instructional vids, covering things like buffer overflows and exploit writing, regular posts. | ||
| Metasploitation | lots of screenshot vids, little to no dialogue, all about using Metasploit, no recent vids. | ||
| NetSecNow | channel of pentesteruniversity.org, seems to post once a month, screenshot instructional vids | ||
| Open SecurityTraining | lots of lengthy lecture-style vids, no recent posts, but quality info. | ||
| Pentester Academy TV | lots of brief videos, very regular posting, up to +8 a week | ||
| Penetration Testing in Linux | DELETE | ||
| rwbnetsec | lots of medium length instructional videos covering tools from Kali 2.0, no recent posts. | ||
| Samy Kamkar's Applied Hacking | brief to medium length instructional vids from the creator of PoisonTap for the Raspberry Pi Zero, no recent content, last updated in 2016 | ||
| SecureNinjaTV | brief news bites, irregular posting, 18K followers | ||
| Security Weekly | regular updates, lengthy podcast-style interviews with industry pros | ||
| Seytonic | variety of DIY hacking tutorials, hardware hacks, regular updates | ||
| Shozab Haxor | lots of screenshot style instructional vids, regular updates, windows CLI tutorial | ||
| SSTec Tutorials | lots of brief screenshot vids, regular updates | ||
| Tradecraft Security Weekly | Want to learn about all of the latest security tools and techniques? | ||
| Troy Hunt | lone youtuber, medium length news videos, 16K followers, regular content | ||
| Waleed Jutt | lots of brief screenshot vids covering web security and game programming | ||
| webpwnized | lots of brief screenshot vids, some CTF walkthroughs | ||
| Zer0Mem0ry | lots of brief c++ security videos, programming intensive | ||
| LionSec | lots of brief screenshot instructional vids, no dialog | ||
| Adrian Crenshaw | lots of lengthy con-style talks | ||
| HackerSploit | regular posts, medium length screenshot vids, with dialog | ||
| Derek Rook - CTF/Boot2root/wargames Walkthrough | lots of lengthy screenshot instructional vids, with | ||
| Tradecraft Security Weekly | Want to learn about all of the latest security tools and techniques? | ||
| IPPSec | Hackthebox.eu retired machine vulnerable machine walkthroughs to help you learn both basic and advanced processes and techniques | ||
| The Daily Swig | Latest Cybersecurity News | ||
| Awesome Worldwide ITSec Specialists | curated index of non-English-speaking IT security YouTubers and creators | ||
| Name | Description |
|---|---|
| The cryptopals crypto challenges | A bunch of CTF challenges, all focused on cryptography. |
| Crackmes.one | This is a simple place where you can download crackmes to improve your reverse engineering skills. |
| CTFLearn | an account-based ctf site, where users can go in and solve a range of challenges |
| CTFs write-ups | a collection of writeups from various CTFs, organized by |
| CTF365 | account based ctf site, awarded by Kaspersky, MIT, T-Mobile |
| The enigma group | web application security training, account based, video tutorials |
| Exploit exercises | hosts 5 fulnerable virtual machines for you to attack, no account required |
| Google CTF | Source code of Google 2017, 2018 and 2019 CTF |
| Google CTF 2019 | 2019 edition of the Google CTF contest |
| Google's XSS game | XSS challenges, and potentially a chance to get paid! |
| Hack The Box | Pen testing labs hosting over 39 vulnerable machines with two additional added every month |
| Hacker test | similar to "hackthissite", no account required. |
| Hacksplaining | a clickthrough security informational site, very good for beginners. |
| hackburger.ee | hosts a number of web hacking challenges, account required |
| Hack this site! | an oldy but goodie, account required, users start at low levels and progress in difficulty |
| Lin.security | Practice your Linux privilege escalation |
| Over the wire | A CTF that's based on progressive levels for each lab, the users SSH in, no account recquired |
| Participating Challenge Sites | aims at creating a universal ranking for CTF participants |
| PentesterLab | hosts a variety of exercises as well as various "bootcamps" focused on specific activities |
| Pentest.training | lots of various labs/VMS for you to try and hack, registry is optional. |
| PicoCTF | CTF hosted by Carnegie Mellon, occurs yearly, account required. |
| pwnable.kr | Don't let the cartoon characters fool you, this is a serious CTF site that will teach you a lot, account required |
| pwnable.tw | hosts 27 challenges accompanied with writeups, account required |
| Ringzer0 Team | an account based CTF site, hosting over 272 challenges |
| ROP Emporium | Return Oriented Programming challenges |
| SmashTheStack | hosts various challenges, similar to OverTheWire, users must SSH into the machines and progress in levels |
| Vulnhub | site hosts a ton of different vulnerable Virtual Machine images, download and get hacking |
| websec.fr | Focused on web challenges, registration is optional. |
| tryhackme | Awesome platform to start learning cybersecurity, account is needed |
| webhacking.kr | lots of web security challenges are available, recommended for beginners. You need to solve a simple challenge to sign up. |
| Stripe CTF 2.0 | Past security contest where you can discover and exploit vulnerabilities in mock web applications. |
| Windows / Linux Local Privilege Escalation Workshop | Practice your Linux and Windows privilege escalation |
| Hacking Articles | CTF Brief Write up collection with a lot of screenshots good for begginers |
| Hacker101 CTF | CTF hosted by HackerOne, always online. You will receive invitations to some private programs on HackerOne platform as a reward. |
| Hacking Lab | European platform hosting lots of riddles, challenges and competitions |
| Portswigger Web Security Academy | Best free platform for learning web pentesting, account required |
| CTF 101 | Intro guide to CTFs covering common categories (crypto, forensics, web, pwn, RE) with worked examples |
| Hopper's Roppers CTF | Self-paced CTF course companion to the Hopper's Roppers training |
| HTB Writeups | The most comprehensive Hack The Box writeup collection with 500+ machines, 400+ challenges, ProLabs, Sherlocks, CTF events, and cheatsheets |
| Name | Description |
|---|---|
| A Course on Intermediate Level Linux Exploitation | as the title says, this course isn't for beginners |
| Binary hacking | 35 "no bullshit" binary videos along with other info |
| Corelan tutorials | detailed tutorial, lots of good information about memory |
| Exploit tutorials | a series of 9 exploit tutorials,also features a podcast |
| Exploit development | links to the forum's exploit dev posts, quality and post style will vary with each poster |
| flAWS challenge | Through a series of levels you'll learn about common mistakes and gotchas when using Amazon Web Services (AWS). |
| Introduction to ARM Assembly Basics | tons of tutorials from infosec pro Azeria, follow her on twitter |
| Introductory Intel x86 | 63 days of OS class materials, 29 classes, 24 instructors, no account required |
| Linux (x86) Exploit Development Series | blog post by sploitfun, has 3 different levels |
| Megabeets journey into Radare2 | one user's radare2 tutorials |
| Modern Binary Exploitation - CSCI 4968 | RE challenges, you can download the files or download the VM created by RPISEC specifically for challenges, also links to their home page with tons of infosec lectures |
| Recon.cx - reversing conference | the conference site contains recordings and slides of all talks!! |
| Reverse Engineering for Beginners | huge textbook, created by Dennis Yurichev, open-source |
| Reverse engineering reading list | a github collection of RE tools and books |
| Reverse Engineering challenges | collection of challenges from the writer of RE for Beginners |
| Reverse Engineering for Beginners (book site) | official site for Dennis Yurichev's book, all formats and source available |
| Reverse Engineering Malware 101 | intro course created by Malware Unicorn, complete with material and two VM's |
| Reverse Engineering Malware 102 | the sequel to RE101 |
| reversing.kr challenges | reverse engineering challenges varying in difficulty |
| Shell storm | Blog style collection with organized info about Rev. Engineering. |
| Shellcode Injection | a blog entry from a grad student at SDS Labs |
| Micro Corruption β Assembly | CTF designed to learn Assembly by practicing |
| Name | Description |
|---|---|
| A GUIDE TO LINUX PRIVILEGE ESCALATION | Basics of Linux privilege escalation |
| Abusing SUDO (Linux Privilege Escalation) | Abusing SUDO (Linux Privilege Escalation) |
| AutoLocalPrivilegeEscalation | automated scripts that downloads and compiles from exploitdb |
| Basic linux privilege escalation | basic linux exploitation, also covers Windows |
| Windows Local Privilege Escalation (HackTricks) | Comprehensive, up-to-date checklist of Windows privilege escalation vectors |
| Editing /etc/passwd File for Privilege Escalation | Editing /etc/passwd File for Privilege Escalation |
| Linux Privilege Escalation | Linux Privilege Escalation β Tradecraft Security Weekly (Video) |
| Linux Privilege Escalation Check Script | a simple linux PE check script |
| Linux Privilege Escalation Scripts | a list of PE checking scripts, some may have already been covered |
| Linux Privilege Escalation Using PATH Variable | Linux Privilege Escalation Using PATH Variable |
| Linux Privilege Escalation using Misconfigured NFS | Linux Privilege Escalation using Misconfigured NFS |
| Linux Privilege Escalation via Dynamically Linked Shared Object Library | How RPATH and Weak File Permissions can lead to a system compromise. |
| Local Linux Enumeration & Privilege Escalation Cheatsheet | good resources that could be compiled into a script |
| PEASS-ng (Privilege Escalation Awesome Scripts) | actively maintained privilege escalation enumeration scripts for Windows, Linux, and macOS |
| Linux Privilege Escalation (HackTricks) | extensive, maintained reference covering common Linux privilege escalation methods with examples |
| RootHelper | a tool that runs various enumeration scripts to check for privilege escalation |
| Unix privesc checker | a script that checks for PE vulnerabilities on a system |
| Windows exploits, mostly precompiled. | precompiled windows exploits, could be useful for reverse engineering too |
| Windows Privilege Escalation | collection of wiki pages covering Windows Privilege escalation |
| Windows privilege escalation checker | a list of topics that link to pentestlab.blog, all related to windows privilege escalation |
| Windows Privilege Escalation Fundamentals | collection of great info/tutorials, option to contribute to the creator through patreon, creator is an OSCP |
| Windows Privilege Escalation Guide | Windows Privilege Escalation Guide |
| Windows Privilege Escalation Methods for Pentesters | Windows Privilege Escalation Methods for Pentesters |
| Name | Description |
|---|---|
| theHarvester | E-mail, subdomain, host and people-name harvester using public sources |
| Maltego CE | Graph-based link-analysis platform for OSINT and forensics; Community Edition is free |
| Recon-ng | Full-featured web reconnaissance framework written in Python |
| SpiderFoot | Automated OSINT collection with 200+ modules and a web UI |
| Intel Techniques Tools | Michael Bazzell's hosted search tools for people, social, images, geo |
| Google Hacking Database | Exploit-DB's curated Google dorks database for recon |
| github-dorks | CLI tool to scan GitHub repos/orgs for sensitive information leaks |
| metagoofil | Extracts metadata from public documents (PDF, DOC, XLS) belonging to a target |
| Sherlock | Hunt usernames across 400+ social networks |
| Maigret | Sherlock-style username enumeration across 3000+ sites with profile-data extraction |
| Holehe | Check if an email is used on 120+ sites via password-reset flows |
| GHunt | OSINT toolkit for investigating Google accounts (Gmail, Drive, Calendar exposure) |
| Blackbird | Fast username and email OSINT search across 600+ services |
| h8mail | Email OSINT and breach-credential hunting (HIBP, Snusbase, Leak-Lookup integrations) |
| PhoneInfoga | Advanced OSINT framework for scanning international phone numbers |
| Photon | Fast web crawler that extracts URLs, emails, secrets, and intel for recon |
| Amass | OWASP project for in-depth attack-surface mapping and external asset discovery |
| Subfinder | Fast passive subdomain enumeration using public sources |
| cloud_enum | Enumerate public resources in AWS, Azure, and GCP for a target keyword |
| reconFTW | End-to-end recon automation chaining 50+ tools for subdomains, vulns, and OSINT |
| IntelOwl | OSINT solution that aggregates 100+ analyzers (threat intel, malware, observables) |
| OSINT Framework | Web-based directory of OSINT resources organised by data type |
| Bellingcat Online Investigation Toolkit | Bellingcat's curated, regularly updated toolkit and how-to guides |
| Have I Been Pwned | Check whether emails/usernames appear in known data breaches |
| Hunter.io | Find and verify professional email addresses tied to a domain |
| Carbon14 | OSINT tool for estimating the age of web pages from HTTP metadata |
| Name | Description |
|---|---|
| Malware traffic analysis | list of traffic analysis exercises |
| Malware Analysis - CSCI 4976 | another class from the folks at RPISEC, quality content |
| Name | Description |
|---|---|
| HTB AI Red Teamer Path | Hack The Box's offensive AI job-role path (built with Google). Modules on prompt injection, model privacy attacks, adversarial AI, supply chain, deployment threats. Hands-on labs against real systems. |
| Name | Description |
|---|---|
| OWASP Top 10 for LLM Applications | Canonical attack-class taxonomy: prompt injection, sensitive info disclosure, supply chain, model poisoning, excessive agency, system prompt leakage, and more. |
| OWASP ML Security Top 10 | Sibling project focused on attacks against ML pipelines. |
| MITRE ATLAS | Adversarial threat matrix for AI systems (16 tactics, 84 techniques, real-world case studies). The ATT&CK for AI. |
| Name | Description |
|---|---|
| Garak | Most mature open-source LLM vulnerability scanner. Probes for prompt injection, jailbreaks, data leakage, hallucination, toxicity. |
| PyRIT | Microsoft's Python Risk Identification Tool for generative AI; supports multi-turn attack orchestration. |
| Promptfoo | LLM red-team + eval framework with 100+ attack types. |
| DeepTeam | Red-team framework mapped to OWASP LLM Top 10; 50+ vulnerabilities, 20+ adversarial methods. |
| LLMFuzzer | Fuzzing framework specifically for LLM integrations. |
| promptmap | Prompt-injection vulnerability scanner. |
| Adversarial Robustness Toolbox (ART) | Linux Foundation library covering evasion, poisoning, extraction, and inference attacks across all major ML frameworks. |
| CleverHans | Classic library for crafting adversarial examples against image models. |
| AI Exploits (Protect AI) | Collection of real, working exploits for vulnerabilities found in AI/ML tools and platforms. |
| Name | Description |
|---|---|
| Gandalf (Lakera) | 7-level prompt-injection challenge; the "OverTheWire" of LLM hacking. |
| HackAPrompt | Competitive prompt-injection CTF; dataset of 600k+ real jailbreak submissions. |
| Dreadnode Crucible | Free open AI red-team CTF platform with challenges across many difficulties and domains. |
| 0DIN (Mozilla) | Gamified AI CTF training community on prompt injection and jailbreaking against interactive AI characters. |
| huntr | Bug bounty platform with an active AI/ML category targeting real models and CVEs. |
| Name | Description |
|---|---|
| Embrace The Red | Johann Rehberger's blog; deep, practical write-ups of real-world LLM and agent exploitation. |
| Simon Willison β prompt injection | Running commentary from the person who coined the term; tracks every novel technique. |
| 0DIN Blog | Disclosures and write-ups of real AI vulnerabilities from Mozilla's bug-bounty program. |
| Indirect Prompt Injection (Greshake et al.) | Canonical research repo for indirect prompt injection. |
| HackerOne x HTB AI Red Team CTF debrief | Lessons from 200+ players in a live LLM jailbreak CTF, mapped to OWASP LLM Top 10. |
| Name | Description |
|---|---|
| corca-ai/awesome-llm-security | Most-starred LLM security awesome list. |
| PromptLabs/Prompt-Hacking-Resources | Focused specifically on red teaming, jailbreaks, prompt injection. |
| jiep/offensive-ai-compilation | Offense-oriented curation: AI-powered attacks, plus attacks against AI. |
| Name | Description |
|---|---|
| Foot Printing with WhoIS/DNS records | a white paper from SANS |
| Google Dorks/Google Hacking | list of commands for google hacks, unleash the power of the world's biggest search engine |
| Name | Description |
|---|---|
| bWAPP | common buggy web app for hacking, great for beginners, lots of documentation |
| Damn Small Vulnerable Web | written in less than 100 lines of code, this web app has tons of vulns, great for teaching |
| Damn Vulnerable Web Application (DVWA) | PHP/MySQL web app for testing skills and tools |
| Google Gruyere | host of challenges on this cheesy web app |
| OWASP Broken Web Applications Project | hosts a collection of broken web apps |
| OWASP Hackademic Challenges project | web hacking challenges |
| OWASP Mutillidae II | another OWASP vulnerable app, lots of documentation. |
| OWASP Juice Shop | covers the OWASP top 10 vulns |
| WebGoat: A deliberately insecure Web Application | maintained by OWASP and designed to to teach web app security |
| Name | Description |
|---|---|
| General Test Environment Guidance | white paper from the pros at rapid7 |
| Metasploitable2 (Linux) | vulnerable OS, great for practicing hacking |
| Metasploitable3 [Installation] | the third installation of this vulnerable OS |
| Vulnhub | collection of tons of different vulnerable OS and challenges |
| Name | Description |
|---|---|
| BackBox | open source community project, promoting security in IT enivornments |
| BlackArch | Arch Linux based pentesting distro, compatible with Arch installs |
| Bugtraq | advanced GNU Linux pen-testing technology |
| Docker for pentest | Image with the more used tools to create a pentest environment easily and quickly. |
| Kali | the infamous pentesting distro from the folks at Offensive Security |
| LionSec Linux | pentesting OS based on Ubuntu |
| Parrot | Debian includes full portable lab for security, DFIR, and development |
| Pentoo | pentesting OS based on Gentoo |
| Name | Description |
|---|---|
| 0day.today | Easy to navigate database of exploits |
| Exploit Database | database of a wide variety exploits, CVE compliant archive |
| CXsecurity | Indie cybersecurity info managed by 1 person |
| Snyk Vulnerability DB | detailed info and remediation guidance for known vulns, also allows you to test your code |
| Name | Description |
|---|---|
| 0x00sec | hacker, malware, computer engineering, Reverse engineering |
| CODEBY.NET | hacker, WAPT, malware, computer engineering, Reverse engineering, forensics - russian based forum |
| Greysec | hacking and security forum |
| Hackforums | posting webstite for hacks/exploits/various discussion |
| Name | Description |
|---|---|
| InfoCon.org | hosts data from hundreds of cons |
| Irongeek | Website of Adrien Crenshaw, hosts a ton of info. |
| infocondb.org | a site that aims to catalog and cross-reference all hacker conferences. |
| Name | Description |
|---|---|
| Hacktoday | requires an account, covering all kinds of hacking topics |
| Hack+ | link requires telegram to be used |
| MPGH | community of MultiPlayerGameHacking |
| Name | Description |
|---|---|
| InfoSec | covers all the latest infosec topics |
| Hashes.com Hash Lookup | great place to lookup hashes against known cracked/leaked sets |
| Security Intell | covers all kinds of news, great intelligence resources |
| Threatpost | covers all the latest threats and breaches |
| Secjuice | |
| The Hacker News | features a daily stream of hack news, also has an app |
| Infostealers by Hudson Rock | all-around hub with news and publications about Infostealers |
Thanks to everyone who has contributed resources, fixes, and reviews.
Released under GPL-3.0.