Hacking tools
Heramientas de hacking
Plataformas de bug bounty
HackerOne https://hackerone.com/
Intigriti https://www.intigriti.com/
Bugcrowd https://www.bugcrowd.com/
YesWeHack https://www.yeswehack.com/
Cheatsheets
Exploit notes https://exploit-notes.hdks.org/
Hideandsec https://hideandsec.sh/
Deep Hacking https://deephacking.tech/
Hacktricks https://book.hacktricks.wiki/en/index.html
PayloadsAllTheThings https://github.com/swisskyrepo/PayloadsAllTheThings.git
InternalAllTheThings https://github.com/swisskyrepo/InternalAllTheThings.git
HardwareAllTheThings https://github.com/swisskyrepo/HardwareAllTheThings.git
Advanced Bug Hunting Toolkit https://lostsec.xyz/
Awesome Bug Bounty Tools https://github.com/vavkamil/awesome-bugbounty-tools.git
Awesome Burp Extensions https://github.com/snoopysecurity/awesome-burp-extensions.git
Ordenadores
System76 https://system76.com/
Star Labs https://starlabs.systems/
Slimbook https://slimbook.com/
Tuxedo computers https://www.tuxedocomputers.com/index.php
Sistemas operativos
Kali Linux https://www.kali.org/
AutoBSPWM https://github.com/Justice-Reaper/AutoBspwmKali.git
Navegadores
Chrome https://www.google.com/intl/es/chrome/
Firefox https://www.firefox.com/es-ES/
Tor https://www.torproject.org/es/download/
VPNs
TorGuard https://torguard.net/
Mullvad https://mullvad.net/es
Correos electrónicos temporales
HouseHole https://github.com/TheCyberpunker/houseHole.git
Wifi
NetworkManager https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git
Airgeddon https://github.com/v1s1t0r1sh3r3/airgeddon.git
OpenBTS https://github.com/PentHertz/OpenBTS.git
Análisis de tráfico de red
Wireshark y Tshark https://gitlab.com/wireshark/wireshark.git
PCredz https://github.com/lgandx/PCredz.git
CredSLayer https://github.com/ShellCode33/CredSLayer.git
Android
Scrpy https://github.com/Genymobile/scrcpy.git
MobSF https://github.com/MobSF/Mobile-Security-Framework-MobSF.git
Custom roms
GrapheneOS https://grapheneos.org/
Informes
BlackStone https://github.com/micro-joan/BlackStone.git
SysReptor https://github.com/Syslifters/sysreptor.git
OSINT
SpiderFoot https://github.com/smicallef/spiderfoot.git
Recon-ng https://github.com/lanmaster53/recon-ng.git
TheHarvester https://github.com/laramies/theHarvester.git
IntelligenceX https://intelx.io/
Hunter.io https://hunter.io/
SnusBase https://snusbase.com/
Leak Lookup https://leak-lookup.com/
Breach Directory https://breachdirectory.org/
DeHashed https://dehashed.com/
Amass https://github.com/owasp-amass/amass.git
Phonebook https://phonebook.cz/
Subfinder https://github.com/projectdiscovery/subfinder.git
Verificar correos electrónicos
Emailrep.io https://emailrep.io/
Verify Email Address https://www.verifyemailaddress.org/
Email Checker https://email-checker.net/
Foros
Dark Forums https://darkforums.st/
Hack Forums https://hackforums.net/
Infraestructuras
Shodan https://www.shodan.io/
Fofa https://fofa.so/
ZoomEye https://www.zoomeye.ai/
Internet archive
TheTimeMachine https://github.com/anmolksachan/TheTimeMachine.git
WayBackupFinder https://github.com/anmolksachan/WayBackupFinder.git
WayBackLister https://github.com/anmolksachan/wayBackLister.git
Waybackurls https://github.com/tomnomnom/waybackurls.git
Wayback Machine https://web.archive.org/
Redes sociales
Sherlock https://github.com/sherlock-project/sherlock.git
Maigret https://github.com/soxoj/maigret.git
Identificación facial
PimEyes https://pimeyes.com/
Google dorking
Bug Bounty Search Engine https://nitinyadav00.github.io/Bug-Bounty-Search-Engine/
Subnetting
IPv4 Subnet Calculator https://www.site24x7.com/tools/ipv4-subnetcalculator.html
IPv6 Subnet Calculator https://www.site24x7.com/tools/ipv6-subnetcalculator.html
Reconocimiento
Masscan https://github.com/robertdavidgraham/masscan.git
Arp Scan https://github.com/royhills/arp-scan.git
Nmap https://github.com/nmap/nmap.git
Censys https://search.censys.io/
GetTopPorts https://github.com/Justice-Reaper/getTopPorts.git
Escáneres de vulnerabilidades
Nuclei https://github.com/projectdiscovery/nuclei.git
Nuclei Templates https://github.com/projectdiscovery/nuclei-templates.git
Nikto https://github.com/sullo/nikto.git
Proxies
Caido https://caido.io/
Burpsuite professional https://github.com/xiv3r/Burpsuite-Professional.git
Proxy manager
Diccionarios
Auto Wordlists https://github.com/carlospolop/Auto_Wordlists.git
SecLists https://github.com/danielmiessler/SecLists.git
Payloadbox https://github.com/orgs/payloadbox/repositories
Assetnote https://wordlists.assetnote.io/
OneListForAll https://github.com/six2dez/OneListForAll.git
Kaonashi https://github.com/kaonashi-passwords/Kaonashi.git
Weakpass https://weakpass.com/
JWT Secrets https://github.com/wallarm/jwt-secrets.git
Flask Unsign Wordlist https://github.com/Paradoxis/Flask-Unsign-Wordlist.git
Generar diccionarios
CeWL https://github.com/digininja/CeWL.git
Psudohash https://github.com/t3l3machus/psudohash.git
Undust https://github.com/t3l3machus/undust.py.git
Cupp https://github.com/Mebus/cupp.git
Dividir diccionarios
payloadSplitter https://github.com/Justice-Reaper/payloadSplitter.git
Fuerza bruta
Hydra https://github.com/vanhauser-thc/thc-hydra.git
Estenografía
Steg Cloak https://github.com/KuroLabs/stegcloak.git
Encoding y decoding
Boxentriq https://www.boxentriq.com/code-breaking/cipher-identifier
Dcode https://www.dcode.fr/cipher-identifier
Hackvertor https://github.com/portswigger/hackvertor
CyberChef https://gchq.github.io/CyberChef/
Chepy https://github.com/securisec/chepy.git
Ciphey https://github.com/bee-san/Ciphey.git
Regex
Regex Generator https://regex-generator.olafneumann.org/
Web
Identificar tecnologías web
WhatWeb https://github.com/urbanadventurer/WhatWeb.git
WAF
WhatWaf https://github.com/Ekultek/WhatWaf.git
Wafw00f https://github.com/EnableSecurity/wafw00f.git
Fuzzing
Feroxbuster https://github.com/epi052/feroxbuster.git
Dirsearch https://github.com/maurosoria/dirsearch.git
Ffuf https://github.com/ffuf/ffuf.git
Gobuster https://github.com/OJ/gobuster.git
Fuzzuli https://github.com/musana/fuzzuli.git
Bypasses
IpRangeGenerator https://github.com/Justice-Reaper/ipRangeGenerator.git
Random IP Address Header https://github.com/PortSwigger/random-ip-address-header.git
Encode IP https://github.com/PortSwigger/encode-ip.git
Ipfuscator https://github.com/dwisiswant0/ipfuscator.git
URL validation bypass https://portswigger.net/web-security/ssrf/url-validation-bypass-cheat-sheet
Recollapse https://github.com/0xacb/recollapse.git
GoByPASS401/403 https://github.com/slicingmelon/gobypass403.git
403 Bypasser https://github.com/PortSwigger/403-bypasser.git
NoMore403 https://github.com/devploit/nomore403.git
Bypass 403 https://github.com/v0rl0x/bypass-403-updated.git
Byp4xx https://github.com/lobuhi/byp4xx.git
Bypass Url Parser https://github.com/laluka/bypass-url-parser.git
Forbidden Buster https://github.com/Sn1r/Forbidden-Buster.git
GoNMF https://github.com/akinerkisa/GoNMF.git
CMS
WhatCMS https://whatcms.org/
CMSmap https://github.com/dionach/CMSmap.git
CMSeeK https://github.com/Tuhinshubhra/CMSeeK.git
DroopeScan https://github.com/SamJoan/droopescan.git
CMS Scanner https://github.com/PortSwigger/cms-scan.git
WPScan https://github.com/wpscanteam/wpscan.git
WPSeku https://github.com/andripwn/WPSeku.git
Wordpresscan https://github.com/swisskyrepo/Wordpresscan.git
JoomScan https://github.com/OWASP/joomscan.git
MoodleScan https://github.com/inc0d3/moodlescan.git
Frameworks de explotación del navegador
Toxssin https://github.com/t3l3machus/toxssin.git
Beef https://github.com/beefproject/beef.git
Mejoras generales para el escáner de Burpsuite
Active Scan ++ https://github.com/PortSwigger/active-scan-plus-plus.git
Error Message Checks https://github.com/PortSwigger/error-message-checks.git
Additional Scanner Checks https://github.com/PortSwigger/additional-scanner-checks.git
Collaborator Everywhere https://github.com/PortSwigger/collaborator-everywhere-v2.git
Backslash Powered Scanner https://github.com/PortSwigger/backslash-powered-scanner.git
Software Vulnerability Scanner https://github.com/PortSwigger/software-vulnerability-scanner.git
Utilidades adicionales para Burpsuite
Copy As Python Requests https://github.com/PortSwigger/copy-as-python-requests.git
Content Type Converter https://github.com/PortSwigger/content-type-converter.git
Herramientas de propósito general
Param Miner https://github.com/PortSwigger/param-miner.git
Collabfiltrator https://github.com/PortSwigger/collabfiltrator.git
Sign Saboteur https://github.com/PortSwigger/sign-saboteur.git
Vulnerabilidades
XXE
XXEinjector https://github.com/enjoiz/XXEinjector.git
XXExploiter https://github.com/luisfontes19/xxexploiter.git
Oxml XXE https://github.com/BuffaloWill/oxml_xxe.git
Docem https://github.com/whitel1st/docem.git
Clickjacking
Security Headers https://securityheaders.com/
Shcheck https://github.com/santoru/shcheck.git
Clickbandit https://portswigger.net/burp/documentation/desktop/tools/clickbandit
CORS
CORS* - Additional CORS Checks https://github.com/PortSwigger/additional-cors-checks.git
Trusted Domain CORS Scanner https://github.com/PortSwigger/trusted-domain-cors-scanner.git
CorsOne https://github.com/omranisecurity/CorsOne.git
CORScanner https://github.com/chenjj/CORScanner.git
CorsMe https://github.com/Shivangx01b/CorsMe.git
Corsy https://github.com/s0md3v/Corsy.git
C0rsPwn3r https://github.com/YaiYai8/C0rsPwn3r.git
of-CORS https://github.com/trufflesecurity/of-CORS.git
CSRF
CSRF Scanner https://github.com/PortSwigger/csrf-scanner.git
Bolt https://github.com/s0md3v/Bolt.git
XSRFProbe https://github.com/0xInfection/XSRFProbe.git
Project Forgery https://github.com/haqqibrahim/Project-Forgery.git
SQLI
Ghauri https://github.com/r0oth3x49/ghauri.git
Sqlmap https://github.com/sqlmapproject/sqlmap.git
SQLMap DNS Collaborator https://github.com/portswigger/sqlmap-dns-collaborator
Agartha https://github.com/PortSwigger/agartha.git
Loxs https://github.com/coffinxp/loxs.git
SQLI cheatsheet https://portswigger.net/web-security/sql-injection/cheat-sheet
XSS
Agartha https://github.com/PortSwigger/agartha.git
Docem https://github.com/whitel1st/docem.git
Dalfox https://github.com/hahwul/dalfox.git
XSSDynaGen https://github.com/Cybersecurity-Ethical-Hacker/xssdynagen.git
XSSuccessor https://github.com/Cybersecurity-Ethical-Hacker/xssuccessor.git
Loxs https://github.com/coffinxp/loxs.git
XSStrike https://github.com/s0md3v/XSStrike.git
XSSHunter Express https://github.com/mandatoryprogrammer/xsshunter-express.git
XXHunter https://xsshunter.trufflesecurity.com/app/#/
BXSSHunter https://bxsshunter.com/
XSSReport https://xss.report/
DOM Invader https://portswigger.net/burp/documentation/desktop/tools/dom-invader
XSS cheatsheet https://portswigger.net/web-security/cross-site-scripting/cheat-sheet
SSRF
SSRF Payload Generator https://github.com/cxosmo/ssrf-payload-generator.git
SSRF PayloadMaker https://github.com/deXwn/SSRF-PayloadMaker.git
SSRFmap https://github.com/swisskyrepo/SSRFmap.git
Command injection
Command injection attacker https://github.com/PortSwigger/command-injection-attacker.git
Agartha https://github.com/PortSwigger/agartha.git
Commix https://github.com/commixproject/commix.git
SSTI
TInjA https://github.com/Hackmanit/TInjA.git
Tplmap https://github.com/epinna/tplmap.git
SSTImap https://github.com/vladko312/SSTImap.git
Template Injection Table https://cheatsheet.hackmanit.de/template-injection-table/
Path traversal
LFITester https://github.com/kostas-pa/LFITester.git
Liffy https://github.com/mzfr/liffy.git
LFISuite https://github.com/D35m0nd142/LFISuite.git
Agartha https://github.com/PortSwigger/agartha.git
Loxs https://github.com/coffinxp/loxs.git
Panoptic https://github.com/lightos/Panoptic.git
Nginx Alias Traversal https://github.com/PortSwigger/nginx-alias-traversal.git
Psycho Path https://github.com/PortSwigger/psycho-path.git
Broken access control
Auth Analyzer https://github.com/PortSwigger/auth-analyzer.git
Autorize https://github.com/PortSwigger/autorize.git
WebSocket
WebSocket Turbo Intruder https://github.com/PortSwigger/websocket-turbo-intruder.git
Socket Sleuth https://github.com/PortSwigger/socket-sleuth.git
Insecure Deserealization
PHP
PHPGCC https://github.com/ambionics/phpggc.git
Java
Ysoserial https://github.com/frohoff/ysoserial.git
SerializationDumper https://github.com/NickstaDB/SerializationDumper.git
Information disclosure
Carpeta .git expuesta
Git Dumper https://github.com/arthaud/git-dumper.git
Git Cola https://github.com/git-cola/git-cola.git
Archivo phpinfo.php expuesto
Funciones PHP peligrosas https://gist.github.com/mccabe615/b0907514d34b2de088c4996933ea1720
Insecure File upload
Upload Bypass https://github.com/sAjibuu/Upload_Bypass.git
Fuxploider https://github.com/almandin/fuxploider.git
Upload Scanner https://github.com/PortSwigger/upload-scanner.git
File Upload Traverser https://github.com/PortSwigger/file-upload-traverser.git
Magic Byte Selector https://github.com/PortSwigger/magic-byte-selector.git
JWT
JWT Editor https://github.com/PortSwigger/jwt-editor.git
JWT4B https://github.com/PortSwigger/json-web-tokens.git
JWT Scanner https://github.com/PortSwigger/jwt-scanner.git
JOSEPH https://github.com/PortSwigger/json-web-token-attacker.git
JWT Tool https://github.com/ticarpi/jwt_tool.git
JWT Cracker https://github.com/brendan-rius/c-jwt-cracker.git
Jwt.io https://www.jwt.io/
Exploits
0day Archive https://0day-archive.fullhunt.io/
Sploitify https://sploitify.haxx.it/
Exploit Database https://www.exploit-db.com/
Exploit Database’s Binary Exploits https://gitlab.com/exploit-database/exploitdb-bin-sploits
Vulners https://vulners.com/
Shells
Reverse shell generator https://github.com/0dayCTF/reverse-shell-generator.git
Villain https://github.com/t3l3machus/Villain.git
Penelope https://github.com/brightio/penelope.git
Obtener una TTY interactiva en linux https://ironhackers.es/tutoriales/como-conseguir-tty-totalmente-interactiva/
ConPtyShell https://github.com/antonioCoco/ConPtyShell.git
Unix
Pspy https://github.com/DominicBreuker/pspy.git
Linux Exploit Suggester https://github.com/The-Z-Labs/linux-exploit-suggester.git
Linux Smart Enumeration https://github.com/diego-treitos/linux-smart-enumeration.git
LinPeas https://github.com/peass-ng/PEASS-ng/tree/master/linPEAS
Grype https://github.com/anchore/grype.git
GTFOBins https://gtfobins.github.io/
SuCrack https://github.com/hemp3l/sucrack.git
Windows
WinPeas https://github.com/peass-ng/PEASS-ng/tree/master/winPEAS
Lolbas https://lolbas-project.github.io/
WADComs https://wadcoms.github.io/
AdPeas https://github.com/61106960/adPEAS.git
Container breakout
Amicontained https://github.com/genuinetools/amicontained.git
Deepce https://github.com/stealthcopter/deepce.git
CDK https://github.com/cdk-team/CDK.git
Dumpear credenciales
LaZagne https://github.com/AlessandroZ/LaZagne.git
HackBrowserData https://github.com/moonD4rk/HackBrowserData.git
Hashes
Identificar
Hash Identifier https://hashes.com/en/tools/hash_identifier
Hash Identifier https://github.com/blackploit/hash-identifier.git
HashID https://github.com/psypanda/hashID.git
Haiti https://github.com/noraj/haiti.git
Crackear
Hashcat https://github.com/hashcat/hashcat.git
John the Ripper https://github.com/openwall/john.git
Wrappers
Hashcatalyst https://github.com/stealthsploit/Hashcatalyst.git
Reglas
OneRuleToRuleThemStill https://github.com/stealthsploit/OneRuleToRuleThemStill.git
Rainbow tables
Hashes https://hashes.com/en/decrypt/hash
CrackStation https://crackstation.net/
Weakpass https://weakpass.com/tools/lookup
Pivoting
Unix
Enumeración
Pivoting Enum https://github.com/S12cybersecurity/Pivoting_Enum.git
Tunneling
Ligolo-mp https://github.com/ttpreport/ligolo-mp.git