π₯Platforms
HackTheBoxIndustry-leading penetration testing labs and certifications
TryHackMeBeginner-friendly guided rooms and learning paths
PortSwigger AcademyFree hands-on web security labs from the makers of Burp Suite
picoCTFCarnegie Mellon's beginner CTF competition platform
VulnHubDownloadable intentionally vulnerable VMs for practice
Proving GroundsOffensive Security realistic practice lab environment
CTFtimeCTF competition calendar, rankings and writeup archive
OverTheWireThe wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of fun-filled games.
πReferences & Cheatsheets
HackTricksComprehensive pentesting techniques and knowledge base
PayloadsAllTheThingsPayloads and bypasses for every web and system attack vector
GTFOBinsUnix binaries that can bypass restrictions and escalate privs
LOLBASLiving Off The Land Binaries, Scripts and Libraries for Windows
WADComsInteractive Windows/AD attack command cheatsheet
ExplainShellExplain every part of a shell command interactively
One-Lin3rOne-liners cheatsheet for shells, privesc and post-exploitation
πScanning & Enumeration
NmapThe gold standard network scanner - ports, services, OS detection
RustScanModern port scanner - scan 65k ports in seconds, pipe to Nmap
MasscanFastest internet-scale port scanner - 10M packets/sec
GobusterDirectory and DNS busting - Go-based speed and efficiency
FeroxbusterFast, recursive content discovery with auto-filter heuristics
FFUFFast web fuzzer for directories, files, parameters and headers
NiktoWeb server scanner for dangerous files, misconfigs and CVEs
enum4linux-ngRewritten enum4linux for Samba/Windows enumeration - Python 3
smbmapEnumerate SMB shares, permissions and execute commands remotely
ShodanSearch engine for internet-connected devices and services
SecListsThe ultimate wordlist collection for fuzzing and enumeration
πWeb Exploitation
Burp SuiteThe industry-standard web application security testing platform
OWASP ZAPOpen-source web app scanner - free alternative to Burp Suite
CaidoLightweight and fast HTTP proxy built for security testing
SQLMapAutomatic SQL injection detection and exploitation tool
XSStrikeAdvanced XSS detection and exploitation suite
NucleiFast vulnerability scanner using community-written YAML templates
wfuzzWeb application fuzzer for params, headers and authentication
dirsearchWeb path scanner with support for extensions, proxies and auth
JWT.ioJSON Web Token debugger, decoder and verifier
CyberChefBrowser-based data encoding, decoding and analysis swiss army knife
πPasswords & Cracking
HashcatWorld's fastest GPU-accelerated password cracker with rule support
John the RipperClassic multi-format password cracker with extensive format support
HydraFast network brute-forcer supporting 50+ protocols
MedusaSpeedy parallel network password cracker for common services
CrackStationOnline hash cracker with massive precomputed lookup tables
hashes.comOnline hash identifier and reverse lookup database
π§Privilege Escalation Β· Linux
linPEASLinux Privilege Escalation Awesome Script - automated enumeration
pspyMonitor Linux processes without root - catch cron jobs live
linux-exploit-suggesterSuggest local exploits based on kernel version and config
SUID3numEnumerate SUID/SGID binaries and check against known exploits
sudo_killerIdentify sudo rules misconfigurations and abusable sudo binaries
LinEnumShell script for enumerating key system info for privesc vectors
πͺWindows & Active Directory
winPEASWindows Privilege Escalation Awesome Script
adPEASAutomated PowerShell Active Directory enumeration tool
NetExecNetwork protocol attack and enumeration (CrackMapExec successor)
Evil-WinRMFull-featured WinRM shell with upload, download and more
KerbruteFast Kerberos user enumeration and password brute-force
RubeusC# toolset for raw Kerberos interaction and ticket abuse
CertipyActive Directory Certificate Services (ADCS) attack tool
GodPotatoDCOM privilege escalation - works on Windows 2012β2022
PrintSpooferExploit SeImpersonatePrivilege on Windows 10 and Server 2019
WatsonDetect missing patches and exploitable vulnerabilities on Windows
πTunneling & Pivoting
π£Shells & Payloads
RevShellsOnline reverse shell payload generator for all major languages
MSFvenom CheatsheetQuick reference for msfvenom payload generation and encoding
PHP Reverse ShellClassic PHP reverse shell by pentestmonkey
NishangPowerShell offensive security scripts and reverse shells
ChankroPHP disable_functions bypass using mail() and LD_PRELOAD
π¬Forensics & Steganography
Volatility 3Advanced memory forensics framework for RAM image analysis
BinwalkFirmware and binary file analysis - extract embedded files
ExifToolRead and write metadata in images, audio, video and documents
SteghideEmbed or extract data hidden inside JPEG and BMP images
zstegDetect steganography in PNG/BMP - LSB, pixel analysis and more
StegSolveImage steganography solver with bitplane and color channel views
foremostFile carving tool - recover files from raw disk images
AutopsyDigital forensics platform for disk and memory investigation
π°News & Exploits
Exploit DatabasePublic exploit archive maintained by Offensive Security
Packet StormSecurity research, exploits, tools and vulnerability advisories
CVE DetailsStructured CVE database with CVSS scores and affected products
NVDNIST National Vulnerability Database - official CVE reference
The Hacker NewsLatest cybersecurity news, data breaches and threat intelligence
πBlogs & Channels
IppSecHackTheBox machine walkthroughs and offensive security content
S4vitarSpanish-language pentesting, CTFs and cybersecurity training
John HammondCTF writeups, malware analysis and security education
LiveOverflowDeep technical security research and CTF walkthroughs
NahamSecBug bounty hunting, web hacking and recon techniques
XerosecCTF walkthroughs and cybersecurity content in Spanish
nonameCommunity-driven hacking and CTF content in Spanish
LenamVulNyx machine creator - Spanish security content and writeups
HackingArticlesIn-depth tutorials and writeups on pentesting techniques
DeepHackingSpanish-language deep dive security blog and tutorials
0xBENPentesting writeups, notes and methodology documentation
m3n0sd0n4ldVulNyx contributor - personal security research blog