Awesome Cyber Security
May 11, 2026 · View on GitHub
A collection of awesome software, libraries, documents, books, resources, and cool stuff about security.
Inspired by Awesome Security and Herman Slatman.
Thanks to all contributors. You're awesome. This wouldn't be possible without you! The goal is to build a categorized, community-driven collection of very well-known resources.
List links and description
- Cert and alerts
- Certification
- Organizations
- Informatives and Blogs
- CTF, Training L3g@l and G@mes
- Non-legal Cyber activism
- IT Hacking list
- OT Hacking list
- Courses and Guides Sites
- OS - Operation Systens
- Tools
CERT and alerts
| Link | Description |
|---|---|
| CERT-EU - Latest News | (Latest News) Computer emergency response Tean for the EU (Europe Union) institutions, bodies, and agencies |
| CERT-US - ALERTS | (Alerts) US-CERT United States Computer Emergency Readiness Team |
| ICS-CERT-US - Alerts | An ICS-CERT Alert is intended to provide timely notification to critical infrastructure owners and operators concerning threats or activity with the potential to impact critical infrastructure computing networks. |
Certification
| Link | Description |
|---|---|
| CEH - Certified Ethical Hacker | A Certified Ethical Hacker is a skilled professional who understands and knows how to look for weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner to assess the security posture of a target system(s). The CEH credential certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective. |
| CISSP - CERTIFIED INFORMATION SYSTEMS SECURITY PROFESSIONAL | The Certified Information Systems Security Professional (CISSP) is an information security certification for security analysts. |
| CompTIA Security + | CompTIA Security+ is a global certification that validates the baseline skills you need to perform core security functions and pursue an IT security career. |
| GPEN - GIAC Penetration Tester | The GPEN certification is for security personnel whose job duties involve assessing target networks and systems to find security vulnerabilities. Certification objectives include penetration-testing methodologies, the legal issues surrounding penetration testing and how to properly conduct a penetration test as well as best practice technical and non-technical techniques specific to conduct a penetration test. |
| PWK - Penetration Testing Training with Kali Linux | Penetration Testing with Kali (PWK) is a self-paced, online course that introduces students to the latest ethical hacking tools and techniques. |
| PNPT - Practical Network Penetration Tester | PNPT certification is an intermediate-level penetration testing exam experience. Students will have five (5) full days to complete the assessment and an additional two (2) days to write a professional report. |
| PENT - Professional Penetration Tester | PENT is a zero to hero style instructor-led cybersecurity course to equip students to learn professional penetration testing & vulnerability assessment skills by building lab networks to practice network and application enumeration scanning, exploitation, privilege escalation, and lateral movement skills. |
| OSCP - Offensive Security Certified Professional | The Offensive Security Certified Professional (OSCP) is the companion certification for our Penetration Testing with Kali Linux training course and is the world’s first completely hands-on offensive information security certification. The OSCP challenges the students to prove they have a clear and practical understanding of the penetration testing process and life-cycle through an arduous twenty-four (24) hour certification exam. |
Organizations
| Link | Description |
|---|---|
| CIS Center for Internet Security | CIS® (Center for Internet Security, Inc.) is a forward-thinking, non-profit entity that harnesses the power of a global IT community to safeguard private and public organizations against cyber threats. |
| CVE - Common Vulnerabilities and Exposures | CVE® is a list of entries—each containing an identification number, a description, and at least one public reference—for publicly known cybersecurity vulnerabilities. |
| No more ransomware | Need Help unlocking your digital life without paying your attackers? |
| OWASP | Open Web Application Security Project |
| ZeroDayInitiative | (Alerts) Zero Day Initiative |
| National Vulnerability Database | U.S. government repository of standards-based vulnerability management data. |
| MITRE ATT&CK | Globally accessible knowledge base of adversary tactics and techniques based on real-world observations of cybersecurity threats. |
| Electronic Frontier Foundation | Nonprofit organization defending civil liberties in the digital world. |
Informatives and blogs
| Link | Description |
|---|---|
| Mandiant Research Blogs | Advesary and threat Research oriented cybersecurity blogs |
| Elastic Security Labs Blogs | Cybersecurity Research oriented blogs |
| DarkRelay Security Labs Blogs | Cybersecurity blogs |
| EffectHacking | Blog |
| ICS Sans | Sans Industrial Control Systems blog |
| GBHackers on Security | Security blog |
| Google Security Blog | Google Security Blog |
| g0tmi1k Blog | Hacker blog |
| Hacker Security | Hacker security News and Blog |
| HelpNetSecurity | Help Net Security |
| Security Focus | Security Focus |
| SecurityWeek | Internet and Enterprise Security News, Insights e Analysis |
| Security art Work | Security art Work |
| Security Affairs | Copyright 2015 Security Affairs by Pierluigi Paganini All Right Reserved. |
| The Hacker News | The Hacker News Security in a Serius Way |
| Virus Guides | Powered by Knowledge |
| Malwaretech | News about Malware |
| WeLiveSecurity | News, Views, and insight from the ESET security community |
| Virtual Dispersive Networking | Virtual Dispersive Networking for Cyber Security Blog |
| Advisory Week | Security Advisories published by major vendors this week |
| InfoStealers by Hudson Rock | The all-around Infostealer malware hub with recent news and publications |
| SecOps Bit By Bit: Roadmap for First-Time CTOs and Startup Founders | This book is a compilation of best practices for evaluating weak spots in a product and company, and fostering a robust security culture |
CTF, Training L3g@l and G@mes
| Link | Description |
|---|---|
| BetterMotherFucking CTF | MotherfuckingCTF inspired platform. But better. |
| CTF365 | CTF Practicing |
| FBCTF | Facebook Capture the Flag |
| Hacker Experience | Game of Hacker Experience |
| Hackflag | Brazilian Hackflag |
| Hacking-LAB | Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. |
| HackTheBox | Pen-testing Labs |
| Over The Wire | The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of fun-filled games. |
| Open Security Training | OpenSecurityTraining.info is dedicated to sharing training material for computer security classes, on any topic, that are at least one day long. |
| Pwnable.kr | 'pwnable.kr' is a non-commercial wargame site which provides various pwn challenges regarding system exploitation. |
| Trailofbits Github | CTF Field Guide |
| Shellter | Social Network focused on information security |
| CyberPython | Practical cyber security challenges with own research |
| OSS – OopsSec Store | Self-hosted CTF platform with intentionally vulnerable e-commerce application. Quick setup with npx create-oss-store. |
Non-legal Cyber activism
| Link | Description |
|---|---|
| Zone-H | List of sites attacked by unethical Hackers |
| WikiLeaks | WikiLeaks is a multi-national media organization and associated library. |
IT Hacking DB list
| Link | Description |
|---|---|
| Google Hacking Database | Google Hacking Database (GHDB) |
AT Hacking list
| Link | Description |
|---|---|
| Shodan | Open ports in A.T |
| Critifence | Default Password database of A.T |
Courses and Guides Sites
| Link | Description |
|---|---|
| Cybrary | Free and Open Source Cyber Security Learning |
| O Tao do Desenvolvimento Seguro | [PT-BR] Safe Development Guide |
| Guru99 | Website with guides and a Free Ethical Hacking Course |
| PortSwigger Labs | Free learning resources focused on web and API security only |
| DarkRelay Security Labs | Free & paid cybersecurity trainings with certifications |
| LabEx | Free & paid cybersecurity hands-on labs |
| Offensive CyberSec Cheat Sheet | A comprehensive and accessible cheat sheet for offensive cybersecurity commands and tools. |
OS - Operation Systens
| Link | Description |
|---|---|
| BackBoxLinux | BackBox Linux is a penetration testing and security assessment-oriented Linux distro. |
| BlackArchLinux | BlackArch Linux is an Arch Linux-based penetration testing distribution for penetration testers and security researchers. The repository contains 1925 tools. You can install tools individually or in groups. BlackArch Linux is compatible with existing Arch installs. |
| Kali | Penetration Testing Distribution OS |
| Kali Purple | Kali OS but for Defense |
| ParrotSec | Parrot Security Operating System is a Penetration Testing & Forensics Distro dedicated to Ethical Hackers & Cyber Security Professionals. |
| QubesOS | Qubes OS is a security-oriented operating system (OS). The OS is the software that runs all the other programs on a computer. Some examples of popular OSes are Microsoft Windows, Mac OS X, Android, and iOS. Qubes is free and open-source software (FOSS). |
| Samurai Web Tester Framework | Web Tester OS |
| PENTOOS | Pentoo is a security-focused livecd based on Gentoo |
| Vulnhub | OS with vulnerabilities for pentests |
Tools
| Link | Description |
|---|---|
| Beelzebub | A secure low code honeypot framework, leveraging AI for System Virtualization. |
| CrackStation | Uses lookup tables to crack password hashes. |
| CrowdSec | Collaborative IPS/IDS, analyzes visitor behavior & adapts responses. |
| Find Sec Bugs | Security audits plugin for Java Web Applications. |
| Ghidra | NSA reverse engineering tool. |
| ghidraMCP | Autonomous reverse engineering with Ghidra using Model Context Protocol. |
| Hudson Rock | Infostealer malware exposure checker. |
| Metasploit Framework | Pentesting framework used by Kali Linux. |
| Netcat | Networking utility for TCP/IP protocol. |
| NMap | Network discovery and security auditing tool. |
| OSSEC | Multiplatform open-source HIDS. |
| OWASP ZAP | Open-source MITM proxy for security testing. |
| Pareto Security | Open-source systray app for basic security hygiene on Linux/Mac/Wins desktops. |
| Pixee | Finds security & performance issues in code and creates merge-ready pull requests. |
| PunkSPIDER | Web application vulnerability search engine. |
| Vulert | Vulert secures software by detecting vulnerabilities in open-source dependencies—without accessing your code. It supports Js, PHP, Java, Python, and more. |
| rengine | reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process |
| Sonarqube | Static code reviewer. |
| Stellastra | Email authentication and security issues scanner. |
| TCPDump | Network packet analysis tool. |
| UUSEC WAF | Industry-leading free, high-performance, AI and semantic technology Web Application Firewall. |
| w3af | Web Application Attack and Audit Framework. |
| Wazuh | Security monitoring solution for threat detection and compliance. |
| Wireshark | Network protocol analyzer. |
| Zeek | Network security monitoring tool. |
| zeek2es | Converts Zeek logs to Elastic/OpenSearch. |
| subdomainradar | All-in-one recon platform: 50+ data sources for subdomain discovery, port & vulnerability scans, screenshots, and API access |
| leakradar | Instant search across 2 B+ plain-text info-stealer credentials; email, domain, metadata queries, monitoring & API |
| AzureFox | Azure attack-path and privilege-chaining CLI for surfacing high-impact paths, usable pivots, and trust boundaries to break. |
Books
| Link | Description |
|---|---|
| The Security Engineer Handbook | a small book on how to make it in a security team, as part of a broader organization |