Resources

The most advanced penetration testing distribution. 600+ tools pre-installed for security research, forensics, and reverse engineering.

The world's most popular network protocol analyzer. Capture and interactively browse live network traffic.

The world's most used penetration testing framework. Find vulnerabilities, develop exploits, and validate security.

Industry-standard web application security testing toolkit. Intercept, modify, and replay HTTP requests.

The network mapper. Port scanning, service detection, OS fingerprinting, and scripting engine for network discovery.

Free and open-source web application security scanner. Automated scanning plus manual testing tools for finding vulnerabilities.

The cyber Swiss Army knife. A web app for encoding, decoding, encryption, compression, data analysis, and more.

Advanced GPU-based password recovery tool. Supports over 300 hash types and multiple attack modes.

NSA's open-source software reverse engineering framework. Disassembly, decompilation, and binary analysis for multiple platforms.

Learn cybersecurity through hands-on exercises and labs. Guided learning paths from beginner to advanced, all in the browser.

Practice hacking on realistic vulnerable machines. Challenges, CTFs, and pro labs for all skill levels.

Free online training for web application security. Interactive labs covering SQL injection, XSS, CSRF, and more from the makers of Burp Suite.

Free and premium cybersecurity training platform. Courses on ethical hacking, incident response, forensics, and certification prep.

Free introductory cybersecurity courses from SANS Institute. Operating systems, networking, and system administration fundamentals.

The definitive guide to finding and exploiting web application vulnerabilities. Covers every major attack vector with real-world examples and techniques.

Goes beyond tool usage to explain the fundamentals of C programming, networking, and exploitation from the ground up. Includes a bootable Linux environment.

Comprehensive guide to the Metasploit Framework. From basic exploitation to advanced post-exploitation techniques, written by the project's core developers.

Christopher Hadnagy's deep dive into how social engineering works. Psychology, manipulation techniques, and how to defend against the human attack vector.

Kevin Mitnick's autobiography. The true story of the world's most wanted hacker — social engineering, FBI chases, and life as a fugitive. A cybersecurity page-turner.

The perfect platform for building a portable hacking lab. Run Kali Linux, set up network monitors, or build custom security tools on a $60 single-board computer.

Hak5's wireless auditing platform. Rogue access points, man-in-the-middle attacks, and WiFi reconnaissance in a pocket-sized device built for pen testers.

Hak5's keystroke injection tool disguised as a USB flash drive. Automate attacks with DuckyScript payloads that execute in seconds when plugged into any computer.

The portable multi-tool for pentesters and geeks. Sub-GHz radio, RFID, NFC, infrared, and GPIO in one pocket-sized device. The Swiss Army knife of wireless hacking.

The foundational cybersecurity certification. Covers network security, threats, vulnerabilities, and security operations. Industry-recognized entry point.

EC-Council's ethical hacking certification. Covers reconnaissance, scanning, enumeration, exploitation, and reporting methodologies.

The gold standard for penetration testers. 24-hour hands-on exam requiring real exploitation of vulnerable machines. Proves you can actually hack.

Certified Information Systems Security Professional. The most globally recognized certification for experienced security practitioners and managers.

The world's largest and most famous underground hacking conference. Held annually in Las Vegas. Talks, villages, CTFs, and 30,000 hackers under one roof.

Reddit's premier information security community. Curated technical content on vulnerabilities, exploits, tools, and research. No memes, just signal.

Community forum for Hack The Box users. Discuss challenges, share writeups (after retirement), and connect with other security enthusiasts worldwide.