A comprehensive, professionally curated collection of cybersecurity tools, frameworks, resources, and learning materials for penetration testers, red teamers, security researchers, and defensive practitioners. Organized by category with detailed descriptions for easy discovery and learning.
This repository provides a meticulously organized collection of 400+ cybersecurity resources across 30+ categories, from offensive security tools to defensive frameworks. Whether you're starting your journey in cybersecurity or looking for specialized advanced tools, you'll find curated recommendations with clear descriptions of each tool's purpose and capabilities.
Key Features:
- β Tool-focused - Primarily GitHub repositories and open-source projects
- β Resource-rich - Learning platforms, databases, and documentation
- β Well-organized - 30+ categories with modular structure
- β Professional descriptions - Each entry includes detailed context
- β Actively maintained - Regular updates and community contributions welcome
New to security? Start here with the most fundamental and widely-used tools:
- Nmap - The standard network discovery and enumeration tool. Essential for any security professional.
- Amass - OWASP's comprehensive attack surface mapping and asset discovery platform.
- SpiderFoot - Automated OSINT collection and intelligence gathering.
- Metasploit Framework - The industry standard penetration testing framework with thousands of exploits.
- PayloadsAllTheThings - Essential payload collection for web application testing and exploitation.
- PortSwigger Academy - Learn web security with interactive labs (free tier available).
- OWASP Top 10 Tools - Resources for the most critical web vulnerabilities.
- Ghidra - NSA's powerful reverse engineering framework for binary analysis.
- Radare2 - UNIX-like reverse engineering framework.
- Zeek - Network security monitor for threat detection and analysis.
- Suricata - High-performance IDS/IPS/NSM engine.
- Vulhub - Pre-built vulnerable environments for hands-on practice.
- HackTheBox - Interactive platform for learning and practicing hacking skills.
- TryHackMe - Beginner-friendly security training platform.
| Category | Purpose | Tools |
|---|---|---|
| Core Frameworks | Comprehensive exploitation and penetration testing platforms | View All - Metasploit, Empire, Sliver, Mythic |
| Payloads & Exploitation | Payload collections, exploitation techniques, and post-exploitation tools | View All - PayloadsAllTheThings, PEASS-ng |
| Reconnaissance & OSINT | Intelligence gathering and open-source information collection | View All - Amass, SpiderFoot, theHarvester, Sherlock |
| Network Scanning | Port scanning, network enumeration, and discovery tools | View All - Nmap, RustScan, Masscan, ZMap |
| Web Security & Fuzzing | Web application testing, vulnerability discovery, and fuzzing | View All - XSStrike, Corsy, Gobuster, FuzzDB |
| Exploit Development | Reverse engineering, binary analysis, and exploit development | View All - Pwntools, Ghidra, Radare2, Pwndbg |
| Credential Attacks | Password cracking, credential testing, and authentication bypass | View All - Hate_Crack, Gocrack, JWT Cracker |
| Command & Control | C2 frameworks for post-exploitation communications | View All - TrevorC2, Dnscat2, Sliver, Empire |
| Red Team Operations | Automated exploitation, red team toolkits, and operational frameworks | View All - Osmedeus, AutoRecon, Sn1per |
| Active Directory | Windows domain exploitation and lateral movement | View All - CrackMapExec, Impacket, NoPac |
| Category | Purpose | Tools |
|---|---|---|
| Cloud & Container Security | Vulnerability scanning for cloud infrastructure and containers | View All - Trivy, CloudHunter, Docker Bench |
| Malware Analysis & Forensics | Memory forensics, malware analysis, and incident response | View All - Volatility, Ghidra, FLARE-VM |
| Threat Hunting & Detection | Network monitoring, threat detection, and security monitoring | View All - Zeek, Suricata, Osquery, CrowdSec |
| Vulnerability Scanning | Automated vulnerability discovery and assessment | View All - Nuclei, Tsunami, Vuls |
| MITM & Traffic Analysis | Network traffic interception and analysis | View All - Mitmproxy, Stenographer, Ngrep |
| SSL/TLS & Crypto Analysis | Certificate and encryption protocol testing | View All - TestSSL.sh, SSLyze, Cipherscan |
| DevSecOps & Code Security | Secret detection, code analysis, and secure development | View All - Gitleaks, CodeQL, Shhgit |
| Category | Purpose | Tools |
|---|---|---|
| Wireless & Hardware | RF security, hardware hacking, and wireless testing | View All - MagSpoof, Flipper Zero, IMSI-catcher |
| Rootkits & Kernel | Advanced kernel-level malware and rootkit development | View All - Diamorphine, Reptile, R77 Rootkit |
| AI & Automation | AI-powered security tools and automated analysis | View All - PentestGPT, Pentest AI Agents |
| Category | Purpose | Resources |
|---|---|---|
| Learning Platforms | Training courses and educational platforms | View All - Hackers Arise, NetworkChuck, David Bombal |
| Knowledge Bases | Comprehensive security guides and references | View All - PortSwigger Academy, Internal All The Things |
| Labs & Practice | Vulnerable environments for hands-on practice | View All - Vulhub, Metasploitable3, OWASP Shepherd |
| Cheat Sheets | Quick reference guides and command collections | View All - SecLists, PayloadsAllTheThings, PEASS-ng |
| CVE Databases | Vulnerability repositories and exploit collections | View All - Exploit-DB, NVD, OpenCVE |
| OSINT Resources | OSINT tools, databases, and reconnaissance platforms | View All - Censys, Shodan, ZoomEye |
| Threat Intelligence | Security news, advisories, and threat research | View All - CyberNews, Vulnu |
| GitHub Security | GitHub-specific security advisories and tools | View All - GitHub Security Lab, CodeQL |
| Standards & Frameworks | Security frameworks, standards, and governance | View All - CISA, NSA, ISO Standards |
Tools (30+ categories):
- Core Frameworks & Platforms
- Payloads, Exploitation & Post-Exploitation
- Reconnaissance & OSINT
- Network Scanning & Enumeration
- Web Security & Fuzzing
- Exploit Development & Reverse Engineering
- Credential Attacks & Cracking
- Command & Control (C2)
- Cloud & Container Security
- Malware Analysis & Forensics
- Threat Hunting & Detection
- Vulnerability Scanners
- MITM & Traffic Analysis
- Red Team Toolkits & Automation
- Active Directory & Lateral Movement
- SSL / TLS / Crypto Analysis
- DevSecOps & Code Security
- AI & Automation in Security
- Wireless / Hardware / RF
- Rootkits & Kernel-Level
- Labs, Practice & Vulnerable Apps
- Cheat Sheets & Knowledge
Resources & Learning (15+ categories):
- Learning Platforms & Courses
- Knowledge Bases & Cheatsheets
- Pentesting & Offensive Security Tools Docs
- Awesome Lists
- Exploits, CVEs & Vulnerability Databases
- OSINT & Reconnaissance Resources
- Forensics & Incident Response Resources
- Standards, Frameworks & Governance
- Threat Intelligence & Security News
- GitHub Security & Advisories
- AI, Automation & Modern Security Resources
- DevOps, Infra & Engineering
- Detection Engineering & Rules
- Research & Academic Sources
- Misc / Low-Level / Systems
Focus on exploitation, persistence, and evasion:
- Foundation β Nmap + Metasploit + Burp Suite
- Recon β Amass + SpiderFoot + theHarvester
- Exploitation β PayloadsAllTheThings + Exploit-DB
- Post-Exploitation β CrackMapExec + Impacket + Empire
- Advanced β C2 Frameworks (Sliver, Mythic) + Custom Malware Development
Key Resources: Red Team Toolkits | Active Directory | Rootkits
Focus on detection, analysis, and defense:
- Foundation β Zeek + Suricata + Osquery
- Malware Analysis β Volatility + Ghidra + FLARE-VM
- Threat Hunting β CrowdSec + Maltrail
- SIEM/Detection β Detection Engineering with YARA rules
- Advanced β Incident Response + Forensics
Key Resources: Threat Hunting | Malware Forensics | Detection Engineering
Focus on analysis, reverse engineering, and research:
- Foundation β Ghidra + Radare2 + GDB
- Binary Analysis β Pwntools + Pwndbg + Capstone
- Vulnerability Research β Finding and analyzing CVEs
- Proof-of-Concept β Exploit development techniques
- Advanced β Kernel exploitation + Hardware hacking
Key Resources: Exploit Development | Labs & Practice | Research Sources
Start with fundamentals and build progressively:
- Learn Basics β Networking + Linux fundamentals
- First Tools β Nmap + Burp Suite + VulnHub
- Web Security β PortSwigger Academy labs
- CTF Competitions β HackTheBox + TryHackMe
- Specialization β Choose your area of interest
Key Resources: Learning Platforms | Knowledge Bases | Labs & Practice
- Web Application Security β Web Security & Fuzzing + Knowledge Bases + Exploits/CVEs
- Network Security β Network Scanning + Threat Hunting + SSL/TLS Analysis
- Reverse Engineering β Exploit Development + Malware Forensics + Labs
- Cloud Security β Cloud & Container Security + DevSecOps
- OSINT β Reconnaissance & OSINT + OSINT Resources
- For Quick Lookup β Use the Quick Start section or role-based roadmaps
- For Deep Dives β Navigate to specific category documentation in
/docfolder - For Learning β Check learning platforms and practice labs
- For Reference β Use cheat sheets and knowledge bases
- For Research β Consult CVE databases, academic sources, and threat intelligence
Contributions are welcome! Please read CONTRIBUTING.md for guidelines on:
- Adding new tools (must be open-source and actively maintained)
- Improving descriptions and documentation
- Reporting dead links
- Organizing resources by category
This project is licensed under the MIT License. See LICENSE file for details.
Don't try to use everything. That's a trap.
- Start with: Nmap + Metasploit + Burp (not listed but essential)
- Add recon: Amass + SpiderFoot
- Add exploitation: PayloadsAllTheThings
- Then specialize:
- π΄ Red Team β C2 + AD tools + Red Team Toolkits
- π΅ Blue Team β Zeek + Suricata + Volatility
- π£ Research β Ghidra + pwntools + Exploit-DB
- Found a broken link? β Open an issue with the URL and category
- Have a tool suggestion? β Create a pull request with the tool details
- Questions about content? β Check existing issues or create a new discussion
Last Updated: 2026 | Maintained by: Security Community | PRs Welcome