Submit your favorite resources for free.

Submit
LogoHackDB

Search

Search the directory

Find red teaming, penetration testing, and ethical hacking resources in seconds.

image of Zero Day Initiative
Vulnerability Intelligence
Visit Website

Zero Day Initiative

Details

Zero Day Initiative publishes advisories on vulnerabilities discovered by their researchers, providing details and links to vendor fixes.

Vulnerability Intelligence
image of Zero-Point Security Courses
Training
Visit Website

Zero-Point Security Courses

Details

Zero-Point Security offers specialized training courses in various cybersecurity domains, enhancing practical skills for professionals.

TrainingCertifications
Screenshot of ZigStrike
Exploit DevelopmentRed Team Operations
Visit Website

ZigStrike

Details

ZigStrike is a shellcode loader with injection techniques and anti-sandbox features, using compile-time capabilities for shellcode allocation.

Internal
image of ZoomEye
Reconnaissance
Visit Website

ZoomEye

Details

ZoomEye is a cyberspace search engine for discovering and analyzing internet-connected devices, offering tools for asset discovery and vulnerability analysis.

External
image of angr
Reverse EngineeringExploit Development
Visit Website

angr

Details

angr is a platform-agnostic binary analysis framework for reverse engineering and vulnerability research.

Static Analysis
image of asleap
Wireless Security
Visit Website

asleap

Details

asleap is a tool to recover LEAP/PPTP passwords, demonstrating a deficiency in Cisco LEAP networks using dictionary or captured packet analysis.

WirelessBruteforce
image of bbot
Bug BountyReconnaissanceApplication Security
Visit Website

bbot

Details

A recursive internet scanner for hackers, designed to automate Recon, Bug Bounties, and ASM with a focus on comprehensive subdomain enumeration.

Bug BountyOSINTWeb
image of bettercap
Wireless Security
Visit Website

bettercap

Details

bettercap is a powerful, modular framework for network reconnaissance and MITM attacks over WiFi, Bluetooth LE, and Ethernet networks.

Wireless
image of claudleak
AI SecurityApplication SecurityReconnaissance
Visit Website

claudleak

Details

Hunt for AI coding artifacts containing secrets by scanning public GitHub repositories for leaked credentials in AI coding tool configuration files.

AIStatic Analysis
image of cloud-audit
Cloud Security
Visit Website

cloud-audit

Details

AWS security scanner with attack chain detection. 47 checks, Terraform remediation for every finding, scan diff. Free. pip install cloud-audit

Cloud
image of crAPI
API Security
Visit Website

crAPI

Details

crAPI is a completely ridiculous API vulnerable by design, built on a microservices architecture, designed to help understand API security risks.

APITraining
image of crt.sh
Reconnaissance
Visit Website

crt.sh

Details

crt.sh is a Certificate Transparency (CT) log search tool that allows users to find SSL/TLS certificates issued for specific domains or organizations.

OSINT