Welcome to the Hacker Arsenal Tookit (HaRT)! This repo aims to provide a comprehensive collection of tools and resources for cyber/information security professionals and hacking enthusiasts!
CrackMapExec - Enumerating logged on users, spidering SMB shares, executing psexec style attacks, auto-injecting Mimikatz/Shellcode/DLL’s into memory using Powershell, dumping the NTDS.dit, etc
Linikatz — Mimikatz et al on UNIX
NetExec - Post-exploitation tool that helps automate assessing the security of large Active Directory networks.
Vulnerable-AD — Create a vulnerable AD that allows you to test most AD attacks
Awesome Command Control - Collection of Command & Control (C2) frameworks, tools and resources for post-exploitation and red teaming assignments.
Periscope — Adversarial Operations Toolkit including C2, stagers, agents, ephemeral infrastructure, phishing engine, and automation
Aerospace Hacking Tools - Space-related cybersecurity tools
SatDump - A generic satellite data processing software.
SatIntel - OSINT tool for Satellites; Extract telemetry, receive orbital predictions, and parse TLEs
Satellite Hacking Workshop - Files for Aerospace Cybersecurity: Satellite Hacking Workshop
Ai Prompt Examples — Examples of Ai Prompts
HackBot — AI-powered cybersecurity chatbot designed to answer cybersecurity-related queries, conduct code analysis, and scan analysis.
LLM Prompt Library — Manipulation Prompts for various LLMs such as GPT-4, Claude, Llama2, Falcon, Bard, etc
Sn1per - Attack Surface Management Platform
Fingerprint BioSec - Fingerprint Pattern Recognition
Modern Binary Exploitation — x86 reverse engineering, vulnerability analysis, and Linux-based userland binary exploitation, protections (Canaries, DEP, ASLR, RELRO, Fortify Source, etc.) and techniques used to defeat them, kernel-land and Windows-based exploitation.
ExtractBitlockerKeys - Script to automatically extract the bitlocker recovery keys from a domain.
Blackbox Protobuf - Extension for decoding and modifying arbitrary protobuf messages without the protobuf type definition.
Burp Suite for Pentesters — Cheat sheet for Bug Bounty Hunters and penetration testers to hunt vulnerabilities from P4 to P1 solely and completely with "BurpSuite."
AutoHack OS (Linux) VM — Automotive Pentesting/Car Hacking; Github
Hacker Hiring Discord — Curated List of Hacker Discord Servers with Hiring Channels
DealsForMeals - Help low-income families with finding the best deals; eliminates sorting through dozens of websites of individual food banks, and shortens the distance from accessible food
Cloud CTF Tools — Cloud CTF Docker Container
CTFd Platform — CTFs as you need them; Hosting — CTFd.io
CTF Writeups — Writeups of CTFs
Hack The Vote Challenge Repo — 48hr Jeopardy-style Capture The Flag (CTF)
HorQRux Tool — Splitting a QR code into seven fragments
NoiseFest Challenge Repo — PCAPs and prompts from GreyNoise's 2023 CTF at NoiseFest
No More Secrets Tool — Command line tool that recreates the famous data decryption effect seen in the 1992 movie Sneakers.
Red-Team Village CTF DC31 2023 Challenge Repo — Secure Terminal CTF Challenges for DC31 Red Team Village
Trace Labs OSINT Search Party CTF Participation Guide — Flag categories for Trace Labs OSINT Search Party CTF events
CloudFoxable — Create a vulnerable by-design AWS penetration testing playground
Cloud CTF tools — Cloud CTF Docker Container
Infosec Events — List of cyber-infosec-hacker related events.
AttackGen — Generates tailored incident response scenarios based on user-selected threat actor groups and your organization's details.
Awesome README - Curated list of awesome READMEs
Contracts - Collection of potentially useful pentest contract templates
CyberChef - App for encoding XOR and Base64, AES, DES and Blowfish, creating binary and hexdumps, compression and decompression of data, calculating hashes and checksums, IPv6 and X.509 parsing, changing character encodings, etc
Data-OSINT — List of data breach acquisition websites
Data Broker Opt-Out List — List of opt-out's for data brokers
AthenaOS (Arch) Docker - AthenaOS Pentesting
AutoHack OS (Linux) VM — Automotive Pentesting/Car Hacking; Github
BackTrack (Linux) VM - Kali before Kali
BlackArch (Arch) Docker - BlackArch Pentesting
ControlThings (Linux) VM - ControlThings ICS/OT/SCADA
Kali (Debian) VM - Kali Liunx Pentesting
Kali Purple (Debian) VM - Kali Purple - Red/Blue Team
Kali Nethunter (Android) Mobile - Kali but Android
ParrotOS (Debian) Docker - ParrotOS Pentesting
Security Onion 2.4 (Debian) Docker - Security Onion SIEM
Hacker Discords — Curated List of Hacker Discord Servers
Drone Hacking Workshop - Files and Programs for UAV and Drone Cybersecurity Workshop
DroneXtract - DroneXtract is a digital forensics suite for DJI drones
Artifacts - Digital Forensics Artifact Repository
dfdatetime - Provides date and time objects to preserve accuracy and precision.
DroneXtract - DroneXtract is a digital forensics suite for DJI drones
Hindsight - Web browser forensics for Google Chrome/Chromium
Libyal - ollection of libraries to access various data formats, such as the OLE Compound File or NT File System
Painless Peek — Browser extension to make it easier to more safely view traumatic imagery.
Synoposis - Tool to review browser history files by providing a high-level “synopsis” of key information.
Unfurl - Extract and Visualize Data from URLs
90-Day Cybersecurity Study Plan — Resources for learning topics such as Net+, Sec+, Linux, Python, Traffic Analysis, Git, ELK, AWS, Azure, and Hacking
Awesome-Cyber — List of cybersecurity tools for red, blue, and purple team operations.
CatSalad Social Media List - List of Cyber/Infosec/Hacker social media to follow
Cybersec Content Creators and Free Learning Resources — Curated List of Cybersec Content Creators & Free Learning Resources
Cybersecurity Resources — Library of various cybersecurity resources
Defcon Parrot - Curated Lists of Tools, DCGs, Dates, etc
Exploit Notes — Sticky notes for pentesting, bug bounty, and CTF
Free Tech Resources - Cybersecurity Content Creators & Free Learning Resources
Hack with GitHub — Open Source Hacking Tools database
Hacker Social Media — Hacker Social Media & Cotent Creators
Knowledge Book Cyber Weapons Dump - Collection of Scripts
Mindmap — Mindmaps for cyber security technologies, methodologies, courses, and certifications
Offensive Bookmarks — Collection of bookmarks for penetration testers, bug bounty hunters, malware developers, reverse engineers and anyone interested in infosec topics.
Public Pentesting Reports - List of public penetration test reports published by several consulting firms and academic security groups.
Awesome README - Curated list of awesome READMEs
RepoHunt - Hunt github repositories by keywords
Grippy - Open-source engine for automating the download of file
DoS-Army - Collection of scripts from the early 00's used by anon, fancy bear, and LuLzec
ControlThings (Linux) VM - ControlThings ICS/OT/SCADA
DEFCON ICS Village YouTube - DEFCON ICS Village
Industrial ICS/OT Cybersecurity — List of resources for industrial (ICS/OT) cybersecurity
Intro to ICS/OT Cybersecurity — ICS/OT Intro Course Resources
NMAP & SHODAN ICS/OT Quickstart Guides — Quick start Nmap & SHODAN guides for ICS/OT assets
SHODAN ICS/OT Quickstart Guide — Quick start SHODAN guides for ICS/OT assets
ELFEN - Automated Linux Malware Analysis Sandbox
Malware Source Code - Collection of malware source code for a variety of platforms in an array of different programming languages.
RPISEC Malware Analysis Materials — Malware analysis through readings and hands-on, real-world samples
VX-API - Collection of various malicious functionality to aid in malware development
VXUG-Papers - Research code & papers from members of vx-underground.
Metateta — Automated Tool For Scanning And Exploiting Network Protocols Using Metasploit
Rapid7 Metasploitable3 — VM that is built from the ground up with a large amount of security vulnerabilities.
ScubaGear — Automation to assess the state of your M365 tenant against CISA's baselines
Fake New Detection - Evaluate sources for misinfo using ML models
Android PIN Bruteforce - Unlock an Android phone (or device) by bruteforcing the lockscreen PIN.
Awesome Mobile Security - Collection of useful android and iOS security related stuff
Nessusploitable — Parses .nessus files for exploitable vulnerabilities and outputs a report
5head — A wrapper of network pentest toolsets within a portable and modular scripting platform that allows repeatable tasks.
Alfred — Find social media accounts based on inputs
Awesome Intelligence — Curated list of Open-Source Intelligence (OSINT) Resources
Counter OSINT Guide - Comprehensive Counter OSINT and privacy guide for Runet and CIS
Discord OSINT — Resources to conduct research and OSINT investigations on Discord accounts
Geolocation OSINT — Geolocation challenge resources
Maigret - Collect a dossier on a person by username from thousands of sites
Mailcat - Find email addresses by nickname using API/SMTP checking methods without user notification
Marple - Collect links to profiles by username through search engines and analyze with various plugins
Obsidian OSINT Templates - Templates are suggestions of how the Obsidian notetaking tool can be used during an OSINT investigatio
OSINT - Collections of tools and methods created to aid in OSINT collection
OSINT Summit 2023 Resources - List of resources presented during the 2023 Sans OSINTSummit
OSINT Namecheckers List - List of tools to search accounts by username
OSINT Tools - OSINT open-source tools catalog
SatIntel - OSINT tool for Satellites; Extract telemetry, receive orbital predictions, and parse TLEs
TheScrapper - Scrape emails, phone numbers and social media accounts from a website.
Trace Labs OSINT Search Party CTF — Flag categories for Trace Labs OSINT Search Party CTF events
WhatsMyName - Username enumeration on various websites.
WiGLE — Wireless Geographic Logging Engine
YaSeeker - Yandex OSINT tool
Utilisec Packet Captures — Packet captures for playing with Wireshark and other sniffers
Panalyzer - Password list character frequency analyzer that can output hashcat masks
OpenSquat — Detect phishing domains and domain squatting; Searches for newly registered domains that impersonate legitimate domains on a daily basis.
Phishing Pot — Collection of phishing samples for researchers and detection developers.
It Was All A Dream - (CVE-2021-34527) Python Scanner; Scan entire subnets for hosts vulnerable to the PrintNightmare RCE
Privilage Escalation from 1 to 0 Workshop — HACKTRICK'18 Privilege escalation Workshop
Enterprise Purple Teaming — Purple Team Resources for Enterprise Purple Teaming
Fake Ransomware — Non-destructive but ANNOYING ransomware lookalike for use with red team exercises.
RSACTFTool — RSA Multi-Attack Tool is a utility designed to decipher data from weak public keys and recover the corresponding private key.
AttackGen — Generates tailored incident response scenarios based on user-selected threat actor groups and your organization's details.
Awesome-Hacker-Search-Engines - Curated list of search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
Search Engines for Pentesters — Assorted Pentest Search Engines
SMBmap - SMB Enumeration Tool
Cyber Threat Hunting — Collection of resources for Threat Hunters
Threat Intelligence Discord Bot - Gets updates from various clearnet domains and ransomware threat actor domains
Username Anarchy - Tool for generating usernames during a pentest
bing-ip2host - Bing.com web scraper that discovers websites by IP address
Nuke-Net - VERY VERY over powered and ridiculous web crawler that is very very noisy
Puncia - Subdomain & Exploit Hunter powered by AI
WhatWeb - Identifies websites. Recognises content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices.
Awesome-Web-Hacking - List is for anyone wishing to learn about web application security but no starting point.
H5SC - Collection of HTML5 related XSS attack vectors
HTTPLeaks - Enumerate all possible ways, a website can leak HTTP requests. In one single HTML file.
URLCrazy - Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage.
802.11-Lazy - 802.11 auditing in GUI format using aircrack-ng
Kismet — Kismet and related tools and libraries for wireless monitoring, transmitting, and auditing.
Wifishark — Red-Team profile for Wireshark
Wifi Exploitation Framework (WEF) — Offensive framework to audit 802.11 networks and protocols with different types of attacks for WPA/WPA2 and WEP, automated hash cracking, and much more. Tested and supported in Kali Linux, Parrot OS and Arch Linux.
WiGLE — Wireless Geographic Logging Engine
Wireless Pentesting Cheat Sheet — Cheat Sheet for OSWP Examination by Offensive Security and Wifi Cracking
Wifishark — Red-Team profile for Wireshark
Nerdlist — Passwords more likely to be used by sysadmins and the folk with access