Submit your favorite resources for free.

Submit
HackDB logoHackDB

Items

Browse all items

Browse all offensive security tools, platforms, and services in one place.

image of claudleak
AI SecurityApplication SecurityReconnaissance
Visit Website

claudleak

Details

Hunt for AI coding artifacts containing secrets by scanning public GitHub repositories for leaked credentials in AI coding tool configuration files.

AIStatic Analysis
image of cloud-audit
Cloud Security
Visit Website

cloud-audit

Details

AWS security scanner with attack chain detection. 47 checks, Terraform remediation for every finding, scan diff. Free. pip install cloud-audit

Cloud
image of crAPI
API Security
Visit Website

crAPI

Details

crAPI is a completely ridiculous API vulnerable by design, built on a microservices architecture, designed to help understand API security risks.

APITraining
image of crt.sh
Reconnaissance
Visit Website

crt.sh

Details

crt.sh is a Certificate Transparency (CT) log search tool that allows users to find SSL/TLS certificates issued for specific domains or organizations.

OSINT
image of disclose.io
Bug BountyReporting
Visit Website

disclose.io

Details

Open-source tools and resources for vulnerability disclosure, promoting safe harbor and standardized practices for hackers and organizations.

Bug BountyReport
image of dnstwist
Social EngineeringReconnaissance
Visit Website

dnstwist

Details

dnstwist is a phishing domain scanner that finds lookalike domains adversaries can use to attack you, helping to identify potential threats.

PhishingOSINT
image of donut
Reverse EngineeringExploit Development
Visit Website

donut

Details

Donut generates position-independent shellcode to load .NET Assemblies, PE files, VBScript, and other Windows payloads from memory.

Internal
image of eCPPT Certification
CertificationsTraining
Visit Website

eCPPT Certification

Details

The eCPPT certification validates practical penetration testing skills, covering reconnaissance, web app testing, exploit development, and Active Directory.

CertificationsTraining
image of ffuf
Application SecurityReconnaissance
Visit Website

ffuf

Details

ffuf is a fast web fuzzer written in Go, designed for content discovery and web application security testing.

WebBug BountyExternal
image of garak
AI Security
Visit Website

garak

Details

Garak is an LLM vulnerability scanner that probes for weaknesses like prompt injection, data leakage, hallucination, and toxicity.

AI
image of graphw00f
API Security
Visit Website

graphw00f

Details

Graphw00f is a GraphQL server engine fingerprinting tool. It identifies backend technologies and security defenses by analyzing unique endpoint responses.

API
image of hashcat
Infrastructure Security
Visit Website

hashcat

Details

World's fastest password recovery utility, supporting CPUs, GPUs, and hardware accelerators on Linux, Windows, and macOS.

WirelessInternalExternalBruteforce