# Awesome Cyber Security

[![Awesome]
(https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e88
29/media/badge.svg)](https://github.com/sindresorhus/awesome)

A collection of awesome software, libraries, documents, books, resources and cool

stuff about security.

Inspired by [Awesome Security](https://github.com/sbilly/awesome-security) and

[Herman Slatman](https://github.com/hslatman).

Thanks to all [contributors](https://github.com/fabionoth/awesome-cyber-

security/graphs/contributors), you're awesome and wouldn't be possible without you!
The goal is to build a categorized community-driven collection of very well-known
resources.

List links and description

* [Cert and alerts](#cert)
* [Certification](#certification)
* [Organizations](#org)
* [Informatives and Blogs](#blogs)
* [CTF, Training L3g@l and G@mes](#training)
* [Non-legal Cyber activism](#hackactivism)
* [IT Hacking list](#ithack)
* [AT Hacking list](#athack)
* [Courses and Guides Sites](#courses)
* [OS - Operation Systens](#os)
* [Tools](#os)

### <a name="cert"></a>CERT and alerts

| Link | Description |
| ------ | ------ |
| [CERT-EU - Latest News](https://cert.europa.eu/cert/filteredition/en/CERT-
LatestNews.html) |(Latest News) Computer emergency response Tean for the EU (Europe
Union) institutions, bodies and agencies |
| [CERT-US - ALERTS](https://www.us-cert.gov/ncas/alerts) | (Alerts) US-CERT United
States Computer Emergency Readiness Team |
| [ICS-CERT-US - Alerts](https://ics-cert.us-cert.gov/alerts) | An ICS-CERT Alert
is intended to provide timely notification to critical infrastructure owners and
operators concerning threats or activity with the potential to impact critical
infrastructure computing networks.|

### <a name="certification"></a>Certification

| Link | Description |
| ------ | ------- |
| [CEH - Certified Ethical Hacker](https://www.eccouncil.org/programs/certified-
ethical-hacker-ceh/) | A Certified Ethical Hacker is a skilled professional who
understands and knows how to look for weaknesses and vulnerabilities in target
systems and uses the same knowledge and tools as a malicious hacker, but in a
lawful and legitimate manner to assess the security posture of a target system(s).
The CEH credential certifies individuals in the specific network security
discipline of Ethical Hacking from a vendor-neutral perspective. |
| [CISSP - CERTIFIED INFORMATION SYSTEMS SECURITY PROFESSIONAL]
(https://www.isc2.org/Certifications/CISSP) | The Certified Information Systems
Security Professional (CISSP) is an information security certification for security
analysts. |
| [CompTIA Security +](https://certification.comptia.org/certifications/security) |
CompTIA Security+ is a global certification that validates the baseline skills you
need to perform core security functions and pursue an IT security career. |
| [GPEN - GIAC Penetration Tester](https://www.giac.org/certification/penetration-
tester-gpen) | The GPEN certification is for security personnel whose job duties
involve assessing target networks and systems to find security vulnerabilities.
Certification objectives include penetration-testing methodologies, the legal
issues surrounding penetration testing and how to properly conduct a penetration
test as well as best practice technical and non-technical techniques specific to
conduct a penetration test.|
| [PWK - Penetration Testing Training with Kali Linux](https://www.offensive-
security.com/information-security-training/penetration-testing-training-kali-
linux/)| Penetration Testing with Kali (PWK) is a self-paced, online course that
introduces students to the latest ethical hacking tools and techniques. |
| [OSCP - Offensive Security Certified Professional](https://www.offensive-
security.com/information-security-certifications/oscp-offensive-security-certified-
professional/) |The Offensive Security Certified Professional (OSCP) is the
companion certification for our Penetration Testing with Kali Linux training course
and is the world’s first completely hands-on offensive information security
certification. The OSCP challenges the students to prove they have a clear and
practical understanding of the penetration testing process and life-cycle through
an arduous twenty-four (24) hour certification exam. |

### <a name="org"></a>Organizations

| Link | Description |
| ------ | ------ |
| [CIS Centor for Internet Security](https://www.cisecurity.org/)|CIS® (Center for
Internet Security, Inc.) is a forward-thinking, non-profit entity that harnesses
the power of a global IT community to safeguard private and public organizations
against cyber threats. |
| [CVE - Common Vulnerabilities and Exposures](https://cve.mitre.org) | CVE® is a
list of entries—each containing an identification number, a description, and at
least one public reference—for publicly known cybersecurity vulnerabilities.|
| [No more ransomware](https://www.nomoreransom.org/) | Need Help unlocking your
digital life without paying your attackers? |
| [Owasp](https://www.owasp.org) | Open Web Application Security Project |
| [ZeroDayInitiative](http://www.zerodayinitiative.com/advisories/published/) |
(Alerts) Zero Day Iniciative |

### <a name="blogs"></a>Informatives and blogs

| Link | Description |
| ------ | ------ |
| [EffectHacking](http://www.effecthacking.com/) | Blog |
| [ICS Sans](https://ics.sans.org) | Sans Industrial Control Systems blog |
| [GBHackers on Security](https://gbhackers.com/) | Security blog |
| [Google Security Blog](https://security.googleblog.com/) | Google Security Blog |
| [g0tmi1k Blog](https://blog.g0tmi1k.com/) | Hacker blog |
| [Hacker Security](https://hackersec.com/) | Hacker security News and Blog |
| [HelpNetSecurity](https://www.helpnetsecurity.com/) | Help Net Security |
| [Security Focus](https://www.securityfocus.com/) | Security Focus |
| [SecurityWeek](http://www.securityweek.com/) | Internet and Enterprise Security
News, Insights e Analysis |
| [Security art Work](https://www.securityartwork.es/en/) | Security art Work |
| [Security Affairs](http://securityaffairs.co/wordpress/) | Copyright 2015
Security Affairs by Pierluigi Paganini All Right Reserved. |
| [The Hacker News](http://thehackernews.com) | The Hacker News Security in a
Serius Way |
| [Virus Guides](http://virusguides.com/) | Powered by Knowledge |
| [Malwaretech](https://www.malwaretech.com/) | News about Malware |
| [WeLiveSecurity](https://www.welivesecurity.com/) | News, Views, and insight from
the ESET security comunity |

### <a name="training"></a>CTF, Training L3g@l and G@mes

| Link | Description |
| ------ | ------ |
| [BetterMotherFucking CTF](https://github.com/qmemcpy/bettermotherfuckingctf) |
MotherfuckingCTF inspired platform. But better. |
| [CTF365](https://ctf365.com/) | CTF Praticing |
| [FBCTF](https://github.com/facebook/fbctf) | Facebook Capture the Flag |
| [Hacker Experience](https://hackerexperience.com/) | Game of Hacker Experience |
| [Hackflag](https://hackaflag.com.br) | Brazilian Hackflag |
| [Hacking-LAB](https://www.hacking-lab.com/) | Hacking-Lab is an online ethical
hacking, computer network and security challenge platform, dedicated to finding and
educating cyber security talents. |
| [HackTheBox](https://hackthebox.eu) | Pen-testing Labs |
| [OtherWire](http://overthewire.org/wargames/) | The wargames offered by the
OverTheWire community can help you to learn and practice security concepts in the
form of fun-filled games. |
| [Open Security Training](http://opensecuritytraining.info/Training.html) |
OpenSecurityTraining.info is dedicated to sharing training material for computer
security classes, on any topic, that are at least one day long.|
| [Pwnable.kr](http://pwnable.kr/) | 'pwnable.kr' is a non-commercial wargame site
which provides various pwn challenges regarding system exploitation. |
| [Trailofbits Github](https://trailofbits.github.io/ctf/) | CTF Field Guide |
| [Shellter](https://shellterlabs.com) | Social Network focused on information
security |

### <a name="hackactivism"></a>Non-legal Cyber activism

| Link | Description |
| ------ | ------ |
| [Zone-H](http://zone-h.org/) | List of sites attacked by unethical Hackers |
| [WikiLeaks](https://wikileaks.org/) | WikiLeaks is a multi-national media
organization and associated library. |

### <a name="ithack"></a>IT Hacking list

| Link | Description |
| ------ | ------ |
| [Google Hacking Database](https://www.exploit-db.com/google-hacking-database/) |
Google Hackgin Database |
| [Metasploit](https://www.metasploit.com/) | Metasploit penetration testing
software |

### <a name="athack"></a>AT Hacking list

| Link | Description |
| ------ | ------ |
| [Shodan](https://www.shodan.io) | Open ports in A.T |
| [Critifence](http://www.critifence.com/default-password-database/) | Default
Password database of A.T |

### <a name="courses"></a>Courses and Guides Sites

| Link | Description |
| ----- | ------ |
| [Cybrary](https://www.cybrary.it/) | Free and Open Source Cyber Security Learning
|
| [O Tao do Desenvolvimento Seguro](https://github.com/forkd/seguranca) | [PT-BR]
Safe Development Guide |
### <a name="os"></a>OS - Operation Systens
| Link | Description |
| ------ | ------ |
| [BackBoxLinux](https://backbox.org/download) | BackBox Linux is a penetration
testing and security assessment oriented Linux distro.. |
| [BlackArckLinux](https://blackarch.org/index.html) | BlackArch Linux is an Arch
Linux-based penetration testing distribution for penetration testers and security
researchers. The repository contains 1925 tools. You can install tools individually
or in groups. BlackArch Linux is compatible with existing Arch installs. |
| [Kali](https://www.kali.org/) | Penetration Testing Destribution OS |
| [ParrotSec](https://www.parrotsec.org/index.php) | Parrot Security Operating
System is a Penetration Testing & Forensics Distro dedicated to Ethical Hackers &
Cyber Security Professionals.|
| [QubesOS](https://www.qubes-os.org/) | Qubes OS is a security-oriented operating
system (OS). The OS is the software that runs all the other programs on a computer.
Some examples of popular OSes are Microsoft Windows, Mac OS X, Android, and iOS.
Qubes is free and open-source software (FOSS). |
| [Samurai Web Tester Framework](http://www.samurai-wtf.org/) | Web Tester OS |
| [PENTOOS](http://www.pentoo.ch/) | Pentoo is a security-focused livecd based on
Gentoo |
| [Vulnhub](https://www.vulnhub.com/) | OS with vulnerabilities for pentests |

### <a name="tools"></a>Tools

| Link | Description |
| ------ | ------ |
| [Find Sec Bugs](https://find-sec-bugs.github.io/) | The FindBugs plugin for
security audits of Java Web Applications. |
| [Sonarqube](https://www.sonarqube.org/) | Static Code Reviewer |
| [PunkSPIDER](https://www.punkspider.org) | A global web application vulnerability
search engine. |
| [Metasploit Framework](https://www.metasploit.com/) | Pentest Framework used by
Kali Linux. |
| [NMap](https://nmap.org/) | Nmap "Network Mapper" is a free and open source
utility for network discovery and security auditing. |
| [Netcat](http://netcat.sourceforge.net/) | Netcat is a featured networking
utility which reads and writes data across network connections, using the TCP/IP
protocol. |i
| [Sonarqube](https://www.sonarqube.org/) | Static Code Reviewer |
| [TCPDump](https://www.tcpdump.org/tcpdump_man.html) | Tcpdump prints out a
description of the contents of packets on a network interface that match the
boolean expression; |
| [OSSEC](https://www.ossec.net/) | OSSEC is a multplatform, opensource and free
HIDS |
| [Wazuh](https://wazuh.com) | Wazun is a open source enterprise-ready security
monitoring solution for threat detection, integrity monitorying, incident response
and compliance. |
| [w3af](http://w3af.org/) | Web Application Attack And Audit Framework |
| [Wireshark](https://www.wireshark.org/) | Wireshark is the world’s foremost and
widely-used network protocol analyzer |