Awesome Hacking Resources

Hunt down social media accounts by username across social networks

🕵️‍♂️ Collect a dossier on a person by username from 3000+ sites

Test your prompts, agents, and RAGs. Red teaming/pentesting/vulnerability scanning for AI. Compare performance of GPT, Claude, Gemini, DeepSeek, and more. Simple declarative configs with command line and CI/CD integration. Used by OpenAI and Anthropic.

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

🕵️‍♂️ Offensive Google framework.

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Information gathering framework for phone numbers

E-mails, subdomains and names Harvester - OSINT

In-depth attack surface mapping and asset discovery

Fast passive subdomain enumeration tool.

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Incredibly fast crawler designed for OSINT.

holehe allows you to check if the mail is used on different sites like twitter, instagram and will retrieve information on sites with the forgotten password function.

WebGoat is a deliberately insecure application

the LLM vulnerability scanner

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

An OSINT tool to search for accounts by username and email in social networks.

An adversarial example library for constructing attacks, building defenses, and benchmarking both

Adversarial Robustness Toolbox (ART) - Python Library for Machine Learning Security - Evasion, Poisoning, Extraction, Inference - Red and Blue Teams

Course materials for Modern Binary Exploitation by RPISEC

Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.

Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities.

Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email

Google CTF

IntelOwl: manage your Threat Intelligence at scale

Course materials for Malware Analysis by RPISEC

Find leaked secrets via github search

A list of Reverse Engineering articles, books, and papers

Red Teaming & Pentesting checklists for various engagements

New ways of breaking app-integrated LLMs

Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.

Windows / Linux Local Privilege Escalation Workshop

Windows exploits, mostly precompiled. Not being updated. Check https://github.com/SecWiki/windows-kernel-exploits instead.

DeepTeam is a framework to red team LLMs and AI agents.

linuxprivchecker.py -- a Linux Privilege Escalation Check Script

A collection of real world AI/ML exploits for responsibly disclosed vulnerabilities

Metadata harvester

a security scanner for custom LLM applications

A Course on Intermediate Level Linux Exploitation

Damn Small Vulnerable Web

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

A list of curated resources for people interested in AI Red Teaming, Jailbreaking, and Prompt Injection

A Bash script that downloads and unzips scripts that will aid with privilege escalation on a Linux system.

An automated script that download potential exploit for linux kernel from exploitdb, and compile them automatically

🧠 LLMFuzzer - Fuzzing Framework for Large Language Models 🧠 LLMFuzzer is the first open-source fuzzing framework specifically designed for Large Language Models (LLMs), especially for their integrations in applications via LLM APIs. 🚀💥

the main hackademic code repository

OWASP Broken Web Applications Project

The most comprehensive Hack The Box writeup collection - 500+ machines, 400+ challenges, interactive knowledge graph, skill trees, attack path diagrams, ProLabs, Sherlocks, OSCP/CPTS/CRTO prep. Browse: momenbasel.github.io/htb-writeups

OSINT dating tool for web pages

The Python Risk Identification Tool for generative AI (PyRIT) is an open source framework built to empower security professionals and engineers to proactively identify risks in generative AI systems.