Hacking tools
Heramientas de hacking
Plataformas de bug bounty
HackerOne https://hackerone.com
Intigriti https://www.intigriti.com
Bugcrowd https://www.bugcrowd.com
YesWeHack https://www.yeswehack.com
Blogs
Deep Hacking https://deephacking.tech
SocRadar https://socradar.io/blog
Hackaday https://hackaday.com
The Hacker News https://thehackernews.com
El Lado Del Mal https://www.elladodelmal.com
Foros
Hack Forums https://hackforums.net
Dark Forums https://darkforums.st
Hack Forums https://hackforums.net
BreachStars https://breachstars.io
Cracking.org https://cracking.org
CraxPro https://craxpro.io
Leakbase https://leakbase.la
Valid Market https://validmarket.io
Cheatsheets
Exploit notes https://exploit-notes.hdks.org
Hideandsec https://hideandsec.sh
Hacktricks https://book.hacktricks.wiki/en/index.html
PayloadsAllTheThings https://github.com/swisskyrepo/PayloadsAllTheThings.git
InternalAllTheThings https://github.com/swisskyrepo/InternalAllTheThings.git
HardwareAllTheThings https://github.com/swisskyrepo/HardwareAllTheThings.git
Advanced Bug Hunting Toolkit https://lostsec.xyz
Awesome Bug Bounty Tools https://github.com/vavkamil/awesome-bugbounty-tools.git
Awesome Burp Extensions https://github.com/snoopysecurity/awesome-burp-extensions.git
Reddit Hacking Wiki https://www.reddit.com/r/hacking/wiki/index
Ordenadores
System76 https://system76.com
Star Labs https://starlabs.systems
Slimbook https://slimbook.com
Tuxedo computers https://www.tuxedocomputers.com/index.php
Sistemas operativos
Kali Linux https://www.kali.org
AutoBSPWM https://github.com/Justice-Reaper/AutoBspwmKali.git
Navegadores
Chrome https://www.google.com/intl/es/chrome
Firefox https://www.firefox.com/es-ES
Tor https://www.torproject.org/es/download
IA
CAI https://github.com/aliasrobotics/cai.git
Hacktricks AI https://www.hacktricks.ai/
Claude https://claude.ai
DeepSeek https://chat.deepseek.com
ChatGPT https://chatgpt.com
VPNs
TorGuard https://torguard.net
Mullvad https://mullvad.net/es
Correos electrónicos temporales
HouseHole https://github.com/TheCyberpunker/houseHole.git
Internxt https://internxt.com/es/temporary-email
Números de teléfono temporales
Crypton.sh https://crypton.sh
Silent.link https://silent.link
Wifi
NetworkManager https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git
Airgeddon https://github.com/v1s1t0r1sh3r3/airgeddon.git
OpenBTS https://github.com/PentHertz/OpenBTS.git
Análisis de tráfico de red
Wireshark y Tshark https://gitlab.com/wireshark/wireshark.git
PCredz https://github.com/lgandx/PCredz.git
CredSLayer https://github.com/ShellCode33/CredSLayer.git
Android
Scrpy https://github.com/Genymobile/scrcpy.git
MobSF https://github.com/MobSF/Mobile-Security-Framework-MobSF.git
Custom roms
GrapheneOS https://grapheneos.org
Cloud
Prowler https://github.com/prowler-cloud/prowler.git
Informes
BlackStone https://github.com/micro-joan/BlackStone.git
SysReptor https://github.com/Syslifters/sysreptor.git
OSINT
SpiderFoot https://github.com/smicallef/spiderfoot.git
Recon-ng https://github.com/lanmaster53/recon-ng.git
TheHarvester https://github.com/laramies/theHarvester.git
IntelligenceX https://intelx.io
UserSearch https://usersearch.ai
Hunter.io https://hunter.io
SnusBase https://snusbase.com
Leak Lookup https://leak-lookup.com
Leakpeek https://leakpeek.com
Breach Directory https://breachdirectory.org
DeHashed https://dehashed.com
Amass https://github.com/owasp-amass/amass.git
Phonebook https://phonebook.cz
Subfinder https://github.com/projectdiscovery/subfinder.git
PhoneInfoga https://github.com/sundowndev/phoneinfoga.git
Holehe https://github.com/megadose/holehe.git
TrufflePiggie https://github.com/W4RRR/trufflepiggie.git
Verificar correos electrónicos
Emailrep.io https://emailrep.io
Verify Email Address https://www.verifyemailaddress.org
Email Checker https://email-checker.net
Infraestructuras
Shodan https://www.shodan.io
Fofa https://fofa.so
ZoomEye https://www.zoomeye.ai
Internet archive
TheTimeMachine https://github.com/anmolksachan/TheTimeMachine.git
WayBackupFinder https://github.com/anmolksachan/WayBackupFinder.git
WayBackLister https://github.com/anmolksachan/wayBackLister.git
Waybackurls https://github.com/tomnomnom/waybackurls.git
OSINT Wayback Collector https://github.com/Frib1t/osint-wayback-collector.git
Wayback Machine https://web.archive.org
Redes sociales
Social Analyzer https://github.com/qeeqbox/social-analyzer.git
Sherlock https://github.com/sherlock-project/sherlock.git
Maigret https://github.com/soxoj/maigret.git
Identificación facial
PimEyes https://pimeyes.com
Google dorking
Bug Bounty Search Engine https://nitinyadav00.github.io/Bug-Bounty-Search-Engine
Dork Search https://dorksearch.com
Dork Query https://sproffes.github.io/DorkQuery
Subnetting
IPv4 Subnet Calculator https://www.site24x7.com/tools/ipv4-subnetcalculator.html
IPv6 Subnet Calculator https://www.site24x7.com/tools/ipv6-subnetcalculator.html
Reconocimiento
Masscan https://github.com/robertdavidgraham/masscan.git
Arp Scan https://github.com/royhills/arp-scan.git
Nmap https://github.com/nmap/nmap.git
RustScan https://github.com/bee-san/RustScan.git
Censys https://search.censys.io
GetTopPorts https://github.com/Justice-Reaper/getTopPorts.git
Escáneres de vulnerabilidades
Xray https://github.com/chaitin/xray.git
Nuclei https://github.com/projectdiscovery/nuclei.git
Nuclei Templates https://github.com/projectdiscovery/nuclei-templates.git
Nikto https://github.com/sullo/nikto.git
Proxies
Caido https://caido.io
Burpsuite professional https://github.com/xiv3r/Burpsuite-Professional.git
Proxy manager
Gestión y aislamiento de sesiones
PwnFox https://addons.mozilla.org/es-ES/firefox/addon/pwnfox
PwnFox For Chromium https://github.com/PortSwigger/pwnfox-for-chromium.git
Diccionarios
Auto Wordlists https://github.com/carlospolop/Auto_Wordlists.git
SecLists https://github.com/danielmiessler/SecLists.git
Payloadbox https://github.com/orgs/payloadbox/repositories
Assetnote https://wordlists.assetnote.io
OneListForAll https://github.com/six2dez/OneListForAll.git
Kaonashi https://github.com/kaonashi-passwords/Kaonashi.git
Weakpass https://weakpass.com
JWT Secrets https://github.com/wallarm/jwt-secrets.git
GraphQL Wordlist https://github.com/Escape-Technologies/graphql-wordlist.git
Flask Unsign Wordlist https://github.com/Paradoxis/Flask-Unsign-Wordlist.git
Generar diccionarios
CeWL https://github.com/digininja/CeWL.git
Psudohash https://github.com/t3l3machus/psudohash.git
Undust https://github.com/t3l3machus/undust.py.git
Cupp https://github.com/Mebus/cupp.git
Dividir diccionarios
payloadSplitter https://github.com/Justice-Reaper/payloadSplitter.git
Fuerza bruta
Hydra https://github.com/vanhauser-thc/thc-hydra.git
Estenografía
Steg Cloak https://github.com/KuroLabs/stegcloak.git
Encoding y decoding
Boxentriq https://www.boxentriq.com/code-breaking/cipher-identifier
Dcode https://www.dcode.fr/cipher-identifier
Hackvertor https://github.com/portswigger/hackvertor
CyberChef https://gchq.github.io/CyberChef
Chepy https://github.com/securisec/chepy.git
Ciphey https://github.com/bee-san/Ciphey.git
Regex
Regex Generator https://regex-generator.olafneumann.org
Web
Identificar tecnologías web
WhatWeb https://github.com/urbanadventurer/WhatWeb.git
WAF
WhatWaf https://github.com/Ekultek/WhatWaf.git
Wafw00f https://github.com/EnableSecurity/wafw00f.git
Fuzzing
Feroxbuster https://github.com/epi052/feroxbuster.git
Dirsearch https://github.com/maurosoria/dirsearch.git
Ffuf https://github.com/ffuf/ffuf.git
Gobuster https://github.com/OJ/gobuster.git
Fuzzuli https://github.com/musana/fuzzuli.git
Análisis de código JavaScript
JS Miner https://github.com/PortSwigger/js-miner.git
JS Link Finder https://github.com/PortSwigger/js-link-finder.git
Enumeración de parámetros
GAP (Get All Parameters, Links, and Words) https://github.com/PortSwigger/get-all-parameters.git
Bypasses
IpRangeGenerator https://github.com/Justice-Reaper/ipRangeGenerator.git
Random IP Address Header https://github.com/PortSwigger/random-ip-address-header.git
Encode IP https://github.com/PortSwigger/encode-ip.git
Ipfuscator https://github.com/dwisiswant0/ipfuscator.git
URL validation bypass https://portswigger.net/web-security/ssrf/url-validation-bypass-cheat-sheet
Recollapse https://github.com/0xacb/recollapse.git
GoByPASS401/403 https://github.com/slicingmelon/gobypass403.git
403 Bypasser https://github.com/PortSwigger/403-bypasser.git
NoMore403 https://github.com/devploit/nomore403.git
Bypass 403 https://github.com/v0rl0x/bypass-403-updated.git
Byp4xx https://github.com/lobuhi/byp4xx.git
Bypass Url Parser https://github.com/laluka/bypass-url-parser.git
Forbidden Buster https://github.com/Sn1r/Forbidden-Buster.git
GoNMF https://github.com/akinerkisa/GoNMF.git
CMS
WhatCMS https://whatcms.org
CMSmap https://github.com/dionach/CMSmap.git
CMSeeK https://github.com/Tuhinshubhra/CMSeeK.git
DroopeScan https://github.com/SamJoan/droopescan.git
CMS Scanner https://github.com/PortSwigger/cms-scan.git
WPScan https://github.com/wpscanteam/wpscan.git
WPSeku https://github.com/andripwn/WPSeku.git
Wordpresscan https://github.com/swisskyrepo/Wordpresscan.git
JoomScan https://github.com/OWASP/joomscan.git
MoodleScan https://github.com/inc0d3/moodlescan.git
Frameworks de explotación del navegador
Toxssin https://github.com/t3l3machus/toxssin.git
Beef https://github.com/beefproject/beef.git
Mejoras generales para el escáner de Burpsuite
Active Scan ++ https://github.com/PortSwigger/active-scan-plus-plus.git
Error Message Checks https://github.com/PortSwigger/error-message-checks.git
Additional Scanner Checks https://github.com/PortSwigger/additional-scanner-checks.git
Collaborator Everywhere https://github.com/PortSwigger/collaborator-everywhere-v2.git
Backslash Powered Scanner https://github.com/PortSwigger/backslash-powered-scanner.git
Software Vulnerability Scanner https://github.com/PortSwigger/software-vulnerability-scanner.git
Retire.js https://github.com/PortSwigger/retire-js.git
Utilidades adicionales para Burpsuite
Copy As Python Requests https://github.com/PortSwigger/copy-as-python-requests.git
Content Type Converter https://github.com/PortSwigger/content-type-converter.git
PDF Render https://github.com/PortSwigger/pdf-render.git
Herramientas de propósito general
Param Miner https://github.com/PortSwigger/param-miner.git
Sign Saboteur https://github.com/PortSwigger/sign-saboteur.git
Turbo Intruder https://github.com/PortSwigger/turbo-intruder.git
Vulnerabilidades
XXE
XXEinjector https://github.com/enjoiz/XXEinjector.git
XXExploiter https://github.com/luisfontes19/xxexploiter.git
Oxml XXE https://github.com/BuffaloWill/oxml_xxe.git
Docem https://github.com/whitel1st/docem.git
Clickjacking
Security Headers https://securityheaders.com
Shcheck https://github.com/santoru/shcheck.git
Clickbandit https://portswigger.net/burp/documentation/desktop/tools/clickbandit
CORS
CORS* - Additional CORS Checks https://github.com/PortSwigger/additional-cors-checks.git
Trusted Domain CORS Scanner https://github.com/PortSwigger/trusted-domain-cors-scanner.git
CorsOne https://github.com/omranisecurity/CorsOne.git
CORScanner https://github.com/chenjj/CORScanner.git
CorsMe https://github.com/Shivangx01b/CorsMe.git
Corsy https://github.com/s0md3v/Corsy.git
C0rsPwn3r https://github.com/YaiYai8/C0rsPwn3r.git
of-CORS https://github.com/trufflesecurity/of-CORS.git
CSRF
CSRF Scanner https://github.com/PortSwigger/csrf-scanner.git
Bolt https://github.com/s0md3v/Bolt.git
XSRFProbe https://github.com/0xInfection/XSRFProbe.git
Project Forgery https://github.com/haqqibrahim/Project-Forgery.git
SQLI
Ghauri https://github.com/r0oth3x49/ghauri.git
Sqlmap https://github.com/sqlmapproject/sqlmap.git
SQLMap DNS Collaborator https://github.com/portswigger/sqlmap-dns-collaborator
Agartha https://github.com/PortSwigger/agartha.git
HBSQLI https://github.com/SAPT01/HBSQLI.git
Loxs https://github.com/coffinxp/loxs.git
SQLI cheatsheet https://portswigger.net/web-security/sql-injection/cheat-sheet
XSS
Agartha https://github.com/PortSwigger/agartha.git
Docem https://github.com/whitel1st/docem.git
Dalfox https://github.com/hahwul/dalfox.git
XSSDynaGen https://github.com/Cybersecurity-Ethical-Hacker/xssdynagen.git
XSSuccessor https://github.com/Cybersecurity-Ethical-Hacker/xssuccessor.git
Loxs https://github.com/coffinxp/loxs.git
XSStrike https://github.com/s0md3v/XSStrike.git
XSSHunter Express https://github.com/mandatoryprogrammer/xsshunter-express.git
XXHunter https://xsshunter.trufflesecurity.com/app/#
BXSSHunter https://bxsshunter.com
XSSReport https://xss.report
DOM Invader https://portswigger.net/burp/documentation/desktop/tools/dom-invader
XSS cheatsheet https://portswigger.net/web-security/cross-site-scripting/cheat-sheet
SSRF
SSRF Payload Generator https://github.com/cxosmo/ssrf-payload-generator.git
SSRF PayloadMaker https://github.com/deXwn/SSRF-PayloadMaker.git
SSRFmap https://github.com/swisskyrepo/SSRFmap.git
Command injection
Command injection attacker https://github.com/PortSwigger/command-injection-attacker.git
Agartha https://github.com/PortSwigger/agartha.git
Commix https://github.com/commixproject/commix.git
SSTI
TInjA https://github.com/Hackmanit/TInjA.git
Tplmap https://github.com/epinna/tplmap.git
SSTImap https://github.com/vladko312/SSTImap.git
Template Injection Table https://cheatsheet.hackmanit.de/template-injection-table
Path traversal
LFITester https://github.com/kostas-pa/LFITester.git
Liffy https://github.com/mzfr/liffy.git
LFISuite https://github.com/D35m0nd142/LFISuite.git
Agartha https://github.com/PortSwigger/agartha.git
Loxs https://github.com/coffinxp/loxs.git
Panoptic https://github.com/lightos/Panoptic.git
Nginx Alias Traversal https://github.com/PortSwigger/nginx-alias-traversal.git
Psycho Path https://github.com/PortSwigger/psycho-path.git
Broken access control
Auth Analyzer https://github.com/PortSwigger/auth-analyzer.git
Autorize https://github.com/PortSwigger/autorize.git
WebSocket
WebSocket Turbo Intruder https://github.com/PortSwigger/websocket-turbo-intruder.git
Socket Sleuth https://github.com/PortSwigger/socket-sleuth.git
Insecure Deserealization
PHP
PHPGCC https://github.com/ambionics/phpggc.git
Java
YSoSerial https://github.com/frohoff/ysoserial.git
SerializationDumper https://github.com/NickstaDB/SerializationDumper.git
Marshalsec https://github.com/frohoff/marshalsec.git
Freddy Deserialization Bug Finder https://github.com/PortSwigger/freddy-deserialization-bug-finder.git
.NET
YSoSerial.Net https://github.com/pwntester/ysoserial.net.git
Freddy Deserialization Bug Finder https://github.com/PortSwigger/freddy-deserialization-bug-finder.git
Information disclosure
TruffleHog https://github.com/trufflesecurity/trufflehog.git
TruffleHog Integration https://github.com/PortSwigger/trufflehog-integration.git
Carpeta .git expuesta
Git Dumper https://github.com/arthaud/git-dumper.git
Git Cola https://github.com/git-cola/git-cola.git
Archivo phpinfo.php expuesto
Funciones PHP peligrosas https://gist.github.com/mccabe615/b0907514d34b2de088c4996933ea1720
Insecure File upload
Upload Bypass https://github.com/sAjibuu/Upload_Bypass.git
Fuxploider https://github.com/almandin/fuxploider.git
Upload Scanner https://github.com/PortSwigger/upload-scanner.git
File Upload Traverser https://github.com/PortSwigger/file-upload-traverser.git
Magic Byte Selector https://github.com/PortSwigger/magic-byte-selector.git
JWT
JWT Editor https://github.com/PortSwigger/jwt-editor.git
JWT4B https://github.com/PortSwigger/json-web-tokens.git
JWT Scanner https://github.com/PortSwigger/jwt-scanner.git
JOSEPH https://github.com/PortSwigger/json-web-token-attacker.git
JWT Tool https://github.com/ticarpi/jwt_tool.git
JWT Cracker https://github.com/brendan-rius/c-jwt-cracker.git
Jwt.io https://www.jwt.io
GraphQL
GraphQL Voyager https://apis.guru/graphql-voyager
InQL https://github.com/PortSwigger/inql.git
GQLSpection https://github.com/doyensec/GQLSpection.git
Clairvoyance https://github.com/nikitastupin/clairvoyance.git
CrackQL https://github.com/nicholasaleks/CrackQL.git
Graphw00f https://github.com/dolevf/graphw00f.git
GraphQL Threat Matrix https://github.com/nicholasaleks/graphql-threat-matrix.git
GraphQL Cop https://github.com/dolevf/graphql-cop.git
GraphCrawler https://github.com/gsmith257-cyber/GraphCrawler.git
GraphQL Path Enum https://gitlab.com/dee-see/graphql-path-enum.git
Graphinder https://github.com/Escape-Technologies/graphinder.git
NoSQLI
NoSQLI Scanner https://github.com/PortSwigger/nosqli-scanner.git
NoSQLI Attack Suite https://github.com/Justice-Reaper/NoSQLI-Attack-Suite.git
Race conditions
Raceocat https://github.com/JavanXD/Raceocat.git
H2SpaceX https://github.com/nxenon/h2spacex.git
APIs
OpenAPI Parser https://github.com/PortSwigger/openapi-parser.git
API Exporter https://github.com/PortSwigger/api-exporter.git
Exfiltrar datos
ICMP Exfil https://github.com/Frib1t/ICMP-Exfil.git
Collabfiltrator https://github.com/PortSwigger/collabfiltrator.git
Exploits
0day Archive https://0day-archive.fullhunt.io
Sploitify https://sploitify.haxx.it
Exploit Database https://www.exploit-db.com
Exploit Database’s Binary Exploits https://gitlab.com/exploit-database/exploitdb-bin-sploits
Vulners https://vulners.com
Shells
Reverse shell generator https://github.com/0dayCTF/reverse-shell-generator.git
Villain https://github.com/t3l3machus/Villain.git
Penelope https://github.com/brightio/penelope.git
Obtener una TTY interactiva en linux https://ironhackers.es/tutoriales/como-conseguir-tty-totalmente-interactiva
ConPtyShell https://github.com/antonioCoco/ConPtyShell.git
Unix
Pspy https://github.com/DominicBreuker/pspy.git
Linux Exploit Suggester https://github.com/The-Z-Labs/linux-exploit-suggester.git
Linux Smart Enumeration https://github.com/diego-treitos/linux-smart-enumeration.git
LinPeas https://github.com/peass-ng/PEASS-ng/tree/master/linPEAS
Grype https://github.com/anchore/grype.git
GTFOBins https://gtfobins.github.io
SuCrack https://github.com/hemp3l/sucrack.git
Windows
WinPeas https://github.com/peass-ng/PEASS-ng/tree/master/winPEAS
Lolbas https://lolbas-project.github.io
WADComs https://wadcoms.github.io
AdPeas https://github.com/61106960/adPEAS.git
Container breakout
Amicontained https://github.com/genuinetools/amicontained.git
Deepce https://github.com/stealthcopter/deepce.git
CDK https://github.com/cdk-team/CDK.git
Dumpear credenciales
LaZagne https://github.com/AlessandroZ/LaZagne.git
HackBrowserData https://github.com/moonD4rk/HackBrowserData.git
Hashes
Identificar
Hash Identifier https://hashes.com/en/tools/hash_identifier
Hash Identifier https://github.com/blackploit/hash-identifier.git
HashID https://github.com/psypanda/hashID.git
Haiti https://github.com/noraj/haiti.git
Crackear
KrakenHashes https://github.com/ZerkerEOD/krakenhashes.git
Hashcat https://github.com/hashcat/hashcat.git
John the Ripper https://github.com/openwall/john.git
Wrappers
Hashcatalyst https://github.com/stealthsploit/Hashcatalyst.git
Reglas
OneRuleToRuleThemStill https://github.com/stealthsploit/OneRuleToRuleThemStill.git
Rainbow tables
Hashes https://hashes.com/en/decrypt/hash
CrackStation https://crackstation.net
Weakpass https://weakpass.com/tools/lookup
Pivoting
Unix
Enumeración
Pivoting Enum https://github.com/S12cybersecurity/Pivoting_Enum.git
Tunneling
Ligolo-mp https://github.com/ttpreport/ligolo-mp.git