Ethical Hacker Prep
Classified Archives

The Arsenal

Elite-grade operational resources.
Rare tools, C2 frameworks, and 0-day archives.

Essential

VX-Underground

The largest collection of malware source code, papers, and samples.

MalwareCode
Get Files
Essential

Sliver C2

A cross-platform (Go) adversary emulation/red team framework.

C2Red Team
Get Files
Essential

Havoc C2

Modern, malleable C2 framework used by advanced red teams.

C2Modern
Get Files

Brute Ratel (Knowledge)

Documentation and leaks regarding the advanced Red Team C2.

C2Advanced
Get Files

Frida

Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.

MobileHooking
Get Files

Objection

Runtime mobile exploration toolkit, powered by Frida.

MobileiOSAndroid
Get Files

MobSF

Mobile Security Framework (MobSF) is an automated pen-testing framework.

MobileStaticDynamic
Get Files

Drozer

Comprehensive security audit framework for Android.

AndroidAudit
Get Files

Apktool

A tool for reverse engineering 3rd party, closed, binary Android apps.

AndroidRE
Get Files

JADX

Dex to Java decompiler.

AndroidDecompiler
Get Files

QARK

Quick Android Review Kit.

AndroidScanner
Get Files

ScoutSuite

Multi-Cloud Security Auditing Tool.

AWSAzureGCP
Get Files

Prowler

AWS Security Best Practices Assessment.

AWSAudit
Get Files

CloudMapper

Visualize and analyze AWS environments.

AWSVis
Get Files

CloudSplaining

AWS IAM assessment tool.

AWSIAM
Get Files

Pacu

AWS exploitation framework.

AWSExploit
Get Files

Cloud Custodian

Rules engine for cloud account management.

CloudGovernance
Get Files

GCP IAM Audit

Tool to audit GCP IAM.

GCPAudit
Get Files

Binwalk

Firmware analysis tool.

FirmwareIoT
Get Files

RouterSploit

Exploitation framework for embedded devices.

IoTRouter
Get Files

Firmwalker

Script for searching extracted firmware file systems.

Firmware
Get Files

KillerBee

ZigBee assessment framework.

ZigBeeRadio
Get Files

HackRF Tools

Tools for HackRF SDR.

SDRRadio
Get Files

SecLists: Passwords

Common Password lists (10k, 1M, Top 500).

Passwords
Get Files

SecLists: Usernames

Names, reserved words, admin users.

Usernames
Get Files

SecLists: Fuzzing

SQLi, XSS, LFI payloads for fuzzing.

FuzzingPayloads
Get Files

SecLists: Discovery

DNS, Web Content, File Systems.

ReconDNS
Get Files

Jhaddix Wordlists

Content discovery lists by Jason Haddix.

WebRecon
Get Files

RAFT Wordlists

Response Analysis of Fuzzing Targets lists.

WebFuzzing
Get Files

Mimikatz

Golden Ticket, Silver Ticket, Pass-the-Hash.

ADCreds
Get Files

Rubeus

C# toolset for raw Kerberos interaction.

ADKerberos
Get Files

Seatbelt

Safety checks for offensive operators.

ADRecon
Get Files

SharpHound

BloodHound collector written in C#.

ADRecon
Get Files

PowerView

PowerShell tool to gain network situational awareness.

ADPowerShell
Get Files

ADPEASS

Active Directory Privilege Escalation Awesome Scripts Suite.

ADPrivEsc
Get Files

Burp Suite Pro (Trial)

The leading web security testing software.

WebProxy
Get Files

OWASP ZAP

Used by thousands of pentesters to find security vulnerabilities.

WebProxy
Get Files

FFuF

Fast web fuzzer written in Go.

FuzzingGo
Get Files

Gobuster

Directory/File, DNS and VHost busting tool written in Go.

FuzzingGo
Get Files

Feroxbuster

A fast, simple, recursive content discovery tool written in Rust.

FuzzingRust
Get Files

Dirsearch

Web path scanner.

ScannerPython
Get Files

Arjun

HTTP parameter discovery suite.

WebParams
Get Files

Volatility

Advanced memory forensics framework.

ForensicsMemory
Get Files

Autopsy

Digital forensics platform.

ForensicsGUI
Get Files

Ghidra

SRE suite of tools developed by NSA.

RENSA
Get Files

IDA Free

The binary code analysis tool.

REDisassembler
Get Files

CyberChef

The Cyber Swiss Army Knife.

CryptoUtils
Get Files

PHP Security Cheat Sheet

PHP security best practices.

PHPWeb
Get Files

Java Security Cheat Sheet

Java security best practices.

JavaWeb
Get Files

Python Security Cheat Sheet

Python security best practices.

PythonWeb
Get Files

SQL Injection Cheat Sheet

Detailed SQLi vectors.

SQLiWeb
Get Files

XXE Cheat Sheet

XML External Entity prevention.

XXEWeb
Get Files

Covenant

.NET post-exploitation framework.

C2.NET
Get Files

Merlin

Cross-platform post-exploitation HTTP/2 Command & Control.

C2GoHTTP2
Get Files

Mythic

Collaborative C2 framework.

C2Multi-User
Get Files

Uber 2016 Breach

Analysis of the Uber 2016 data breach.

Case Study
Get Files

Equifax Breach Report

GAO report on Equifax.

Case Study
Get Files

Capital One Breach

Technical analysis of the SSRF attack.

Case Study
Get Files

EternalBlue (MS17-010)

Exploit for SMBv1 vulnerability.

SMBFamous
Get Files

Log4Shell (POC)

Proof of concept for Log4j vulnerability.

Log4jJava
Get Files

Dirty COW

Privilege escalation vulnerability in the Linux Kernel.

LinuxKernel
Get Files

John the Ripper

Fast password cracker.

Cracking
Get Files

Hashcat

World's fastest and most advanced password recovery utility.

CrackingGPU
Get Files

Hydra

Parallelized login cracker which supports numerous protocols.

Cracking
Get Files

Medusa

Speedy, parallel, and modular login brute-forcer.

Cracking
Get Files

Patator

Multi-purpose brute-forcer.

Cracking
Get Files