Penetration Testing Tools

• Penetration Testing Distributions;
• Docker for Penetration Testing;
• Multi-paradigm Frameworks;
• Vulnerability Scanners;
• Static Analyzers;
• Web Scanners;
• Network Tools;
• Wireless Network Hacking Tools;
• Transport Layer Security Tools;
• Web Exploitation;
• Hex Editors;
• File Format Analysis Tools;
• Defense Evasion Tools;
• Hash Cracking Hacking Tools;
• Windows Utilities;
• DDoS Tools;
• Social Engineering Tools;
• OSINT Tools;
• Anonymity Tools;
• Reverse Engineering Tools;
• CTF Tools.

  • Metasploit Unleashed – Free Offensive Security Metasploit course.
  • Penetration Testing Execution Standard (PTES) – Documentation designed to provide a common language and scope for performing and reporting the results of a penetration test.
  • Open Web Application Security Project (OWASP) – Worldwide not-for-profit charitable organization focused on improving the security of mainly Web-based and Application-layer software.
  • PENTEST-WIKI – Free online security knowledge library for pen-testers and researchers.
  • Penetration Testing Framework (PTF) – Outline for performing penetration tests compiled as a general framework usable by vulnerability analysts and penetration testers alike.
  • XSS-Payloads – Ultimate resource for all things cross-site including payloads, tools, games, and documentation.
  • Open Source Security Testing Methodology Manual (OSSTMM) – Framework for providing test cases that result in verified facts on which to base decisions that impact an organization’s security.
  • MITRE’s Adversarial Tactics, Techniques & Common Knowledge (ATT&CK) – Curated knowledge base and model for cyber adversary behavior.

Exploit Development

Operating Systems

Best Penetration Testing Tools

Penetration Testing Distributions

  • Kali – GNU/Linux distribution designed for digital forensics and Penetration testing tools.
  • ArchStrike – Arch GNU/Linux repository for security professionals and enthusiasts.
  • BlackArch – Arch GNU/Linux-based distribution with the best Hacking Tools for penetration testers and security researchers.
  • Network Security Toolkit (NST) – Fedora-based bootable live operating system designed to provide easy access to best-of-breed open-source network security applications.
  • Pentoo – Security-focused live CD based on Gentoo.
  • BackBox – Ubuntu-based distribution for penetration tests and security assessments.
  • Parrot – Distribution similar to Kali, with multiple architectures with 100 Hacking Tools.
  • Buscador – GNU/Linux virtual machine that is pre-configured for online investigators.
  • Fedora Security Lab – Provides a safe test environment to work on security auditing, forensics, system rescue, and teaching security testing methodologies.
  • The Pentesters Framework – Distro is organized around the Penetration Testing Execution Standard (PTES), providing a curated collection of utilities that eliminates often unused toolchains.
  • AttifyOS – GNU/Linux distribution focused on tools useful during Internet of Things (IoT) security assessments.

Docker For Penetration Testing

  • docker pull kalilinux/kali-linux-docker official Kali Linux
  • docker pull owasp/zap2docker-stable – official OWASP ZAP
  • docker pull wpscanteam/wpscan – official WPScan
  • docker pull citizenstig/dvwa – Damn Vulnerable Web Application (DVWA)
  • docker pull wpscanteam/vulnerablewordpress – Vulnerable WordPress Installation
  • docker pull hmlio/vaas-cve-2014-6271 – Vulnerability as a service: Shellshock
  • docker pull hmlio/vaas-cve-2014-0160 – Vulnerability as a service: Heartbleed
  • docker pull opendns/security-ninjas – Security Ninjas
  • docker pull diogomonica/docker-bench-security – Docker Bench for Security
  • docker pull ismisepaul/securityshepherd – OWASP Security Shepherd
  • docker pull danmx/docker-owasp-webgoat – OWASP WebGoat Project docker image
  • docker-compose build && docker-compose up – OWASP NodeGoat
  • docker pull citizenstig/nowasp – OWASP Mutillidae II Web Pen-Test Practice Application
  • docker pull bkimminich/juice-shop – OWASP Juice Shop
  • docker pull kalilinux/kali-linux-docker – Kali Linux Docker Image
  • docker pull phocean/msf – docker-Metasploit

Multi-Paradigm Frameworks

  • Metasploit – post-exploitation Hacking Tools for offensive security teams to help verify vulnerabilities and manage security assessments.
  • Armitage – Java-based GUI front-end for the Metasploit Framework.
  • Faraday – Multiuser integrated pentesting environment for red teams performing cooperative penetration tests, security audits, and risk assessments.
  • ExploitPack – Graphical tool for automating penetration tests that ship with many pre-packaged exploits.
  • Pupy – Cross-platform (Windows, Linux, macOS, Android) remote administration and post-exploitation tool,

Vulnerability Scanners

  • Nexpose – Commercial vulnerability and risk management assessment engine integrated with Metasploit, sold by Rapid7.
  • Nessus – Commercial vulnerability management, configuration, and compliance assessment platform, sold by Tenable.
  • OpenVAS – Free software implementation of the popular Nessus vulnerability assessment system.
  • Vuls – Agentless vulnerability scanner for GNU/Linux and FreeBSD, written in Go.

Static Analyzers

  • Brakeman – Static analysis security vulnerability scanner for Ruby on Rails applications.
  • cppcheck – Extensible C/C++ static analyzer focused on finding bugs.
  • FindBugs – Free software static analyzer to look for bugs in Java code.
  • sobelow – Security-focused static analysis for the Phoenix Framework.
  • bandit – Security-oriented static analyzer for python code.

Web Scanners

  • Nikto – Noisy but fast black box web server and web application vulnerability scanner.
  • Arachni – Scriptable framework for evaluating the security of web applications.
  • w3af – Hacking Tools for Web application attack and audit framework.
  • Wapiti – Black box web application vulnerability scanner with built-in fuzzer.
  • SecApps – In-browser web application security testing suite.
  • WebReaver – Commercial, graphical web application vulnerability scanner designed for macOS.
  • WPScan – Hacking Tools of Black Box WordPress vulnerability scanner.
  • cms-explorer – Reveal the specific modules, plugins, components, and themes that various websites powered by content management systems are running.
  • joomscan – one of the best Hacking Tools for Joomla vulnerability scanner.
  • ACSTIS – Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.

Network Tools

  • zmap – Open source network scanner that enables researchers to easily perform Internet-wide network studies.
  • Nmap – Free security scanner for network exploration & security audits.
  • pig – one of the Hacking Tools for GNU/Linux packet crafting.
  • scanless – Utility for using websites to perform port scans on your behalf so as not to reveal your own IP.
  • tcpdump/libpcap – Common packet analyzer that runs under the command line.
  • Wireshark – Widely-used graphical, cross-platform network protocol analyzer.
  • Network-Tools.com – Website offering an interface to numerous basic network utilities like pingtraceroutewhois, and more.
  • netsniff-ng – Swiss army knife for network sniffing.
  • Intercepter-NG – Multifunctional network toolkit.
  • SPARTA – Graphical interface offering scriptable, configurable access to existing network infrastructure scanning and enumeration tools.
  • dnschef – Highly configurable DNS proxy for pentesters.
  • DNSDumpster – one of the Hacking Tools for Online DNS recon and search service.
  • CloudFail – Unmask server IP addresses are hidden behind Cloudflare by searching old database records and detecting misconfigured DNS.
  • dnsenum – Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results.
  • dnsmap – One of the Hacking Tools for Passive DNS network mapper.
  • dnsrecon – One of the Hacking Tools for DNS enumeration script.
  • dnstracer – Determines where a given DNS server gets its information from, and follows the chain of DNS servers.
  • passivedns-client – Library and query tool for querying several passive DNS providers.
  • passivedns – Network sniffer that logs all DNS server replies for use in a passive DNS setup.
  • Mass Scan – best Hacking Tool for TCP port scanners, spews SYN packets asynchronously, scanning the entire Internet in under 5 minutes.
  • Zarp – Network attack tool centered around the exploitation of local networks.
  • mitmproxy – Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
  • Morpheus – Automated ettercap TCP/IP Hacking Tools.
  • mallory – HTTP/HTTPS proxy over SSH.
  • SSH MITM – Intercept SSH connections with a proxy; all plaintext passwords and sessions are logged to disk.
  • Netzob – Reverse engineering, traffic generation, and fuzzing of communication protocols.
  • DET – Proof of concept to perform data exfiltration using either single or multiple channel(s) at the same time.
  • pwnat – Punches holes in firewalls and NATs.
  • dsniff – Collection of tools for network auditing and pentesting.
  • tgcd – Simple Unix network utility to extend the accessibility of TCP/IP-based network services beyond firewalls.
  • smbmap – Handy SMB enumeration tool.
  • scapy – Python-based interactive packet manipulation program & library.
  • Dshell – Network forensic analysis framework.
  • Debookee – Simple and powerful network traffic analyzer for macOS.
  • Dripcap – Caffeinated packet analyzer.
  • Printer Exploitation Toolkit (PRET) – Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features.
  • Praeda – Automated multi-function printer data harvester for gathering usable data during security assessments.
  • routersploit – Open source exploitation framework similar to Metasploit but dedicated to embedded devices.
  • evilgrade – Modular framework to take advantage of poor upgrade implementations by injecting fake updates.
  • XRay – Network (sub)domain discovery and reconnaissance automation tool.
  • Ettercap – Comprehensive, mature suite for machine-in-the-middle attacks.
  • BetterCAP – Modular, portable, and easily extensible MITM framework.
  • CrackMapExec – A swiss army knife for pentesting networks.
  • impacket – A collection of Python classes for working with network protocols.

Wireless Network Hacking Tools

  • Aircrack-ng – Set of Penetration testing & Hacking Tools list for auditing wireless networks.
  • Kismet – Wireless network detector, sniffer, and IDS.
  • Reaver – Brute force attack against WiFi Protected Setup.
  • Wifite – Automated wireless attack tool.
  • Fluxion – Suite of automated social engineering-based WPA attacks.

Transport Layer Security Tools

  • SSLyze – Fast and comprehensive TLS/SSL configuration analyzer to help identify security misconfigurations.
  • tls_prober – Fingerprint a server’s SSL/TLS implementation.
  • testssl.sh – Command line tool that checks a server’s service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws.

Web Exploitation

  • OWASP Zed Attack Proxy (ZAP) – Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.
  • Fiddler – Free cross-platform web debugging proxy with user-friendly companion tools.
  • Burp Suite – One of the Hacking Tools integrated platforms for performing security testing of web applications.
  • autochrome – Easy to install a test browser with all the appropriate settings needed for web application testing with native Burp support, from NCCGroup.
  • Browser Exploitation Framework (BeEF) – Command and control server for delivering exploits to commandeered Web browsers.
  • Offensive Web Testing Framework (OWTF) – Python-based framework for pentesting Web applications based on the OWASP Testing Guide.
  • WordPress Exploit Framework – Ruby framework for developing and using modules that aid in the penetration testing of WordPress-powered websites and systems.
  • WPSploit – Exploit WordPress-powered websites with Metasploit.
  • SQLmap – Automatic SQL injection and database takeover tool.
  • tplmap – Automatic server-side template injection and Web server takeover Hacking Tools.
  • weevely3 – Weaponized web shell.
  • Wappalyzer – Wappalyzer uncovers the technologies used on websites.
  • WhatWeb – Website fingerprinter.
  • BlindElephant – Web application fingerprinter.
  • wafw00f – Identifies and fingerprints Web Application Firewall (WAF) products.
  • fimap – Find, prepare, audit, exploit, and even Google automatically for LFI/RFI bugs.
  • Kadabra – Automatic LFI exploiter and scanner.
  • Kadimus – LFI scan and exploit tool.
  • liffy – LFI exploitation tool.
  • Commix – Automated all-in-one operating system command injection and exploitation tool.
  • DVCS Ripper – Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR.
  • GitTools – One of the Hacking Tools that Automatically find and download Web-accessible .git repositories.
  • sslstrip –
    One of the Hacking Tools Demonstration of the HTTPS stripping attacks.
  • sslstrip2 – SSLStrip version to defeat HSTS.
  • NoSQLmap – Automatic NoSQL injection and database takeover tool.
  • VHostScan – A virtual host scanner that performs reverse lookups, can be used with pivot tools, and detects catch-all scenarios, aliases, and dynamic default pages.
  • FuzzDB – Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
  • EyeWitness – Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible.
  • webscreenshot – A simple script to take screenshots of the list of websites.

Hex Editors

  • HexEdit.js – Browser-based hex editing.
  • Hexinator – World’s finest (proprietary, commercial) Hex Editor.
  • Frhed – Binary file editor for Windows.
  • 0xED – Native macOS hex editor that supports plug-ins to display custom data types.

File Format Analysis Tools

  • Kaitai Struct – File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby.
  • Veles – Binary data visualization and analysis tool.
  • Hachoir – Python library to view and edit a binary stream as the tree of fields and tools for metadata extraction.

Defense Evasion Tools

  • Veil – Generate Metasploit payloads that bypass common anti-virus solutions.
  • shellsploit – Generates custom shellcode, backdoors, and injectors, and optionally obfuscates every byte via encoders.
  • Hyperion – Runtime encryptor for 32-bit portable executables (“PE .exes”).
  • AntiVirus Evasion Tool (AVET) – Post-process exploits containing executable files targeted for Windows machines to avoid being recognized by antivirus software.
  • peCloakCapstone – Multi-platform fork of the peCloak.py automated malware antivirus evasion tool.
  • peCloak.py – Automates the process of hiding a malicious Windows executable from antivirus (AV) detection.
  • UniByAv – Simple obfuscator that takes raw shellcode and generates Anti-Virus executables by using a brute-force, 32-bit XOR key.

Hash Cracking Hacking Tools

  • John the Ripper – One of the best Hacking Tools for Fast password crackers.
  • Hashcat – Another One of the Hacking Tools The fast hash cracker.
  • CeWL – Generates custom wordlists by spidering a target’s website and collecting unique words.
  • JWT Cracker – Simple HS256 JWT token brute force cracker.
  • Rar Crack – RAR bruteforce cracker.
  • BruteForce Wallet – Find the password of an encrypted wallet file (i.e. wallet.dat).

Windows Utilities

  • Sysinternals Suite – The Sysinternals Troubleshooting Utilities.
  • Windows Credentials Editor – Inspect logon sessions and add, change, list, and delete associated credentials, including Kerberos tickets.
  • mimikatz – Credentials extraction tool for the Windows operating system.
  • PowerSploit – PowerShell Post-Exploitation Framework.
  • Windows Exploit Suggester – Detects potential missing patches on the target.
  • Responder – LLMNR, NBT-NS and MDNS poisoner.
  • Bloodhound – Graphical Active Directory trust relationship explorer.
  • Empire – Pure PowerShell post-exploitation agent.
  • Fibratus – Tool for exploration and tracing of the Windows kernel.
  • wePWNise – Generates architecture-independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software.
  • redsnarf – Post-exploitation tool for retrieving password hashes and credentials from Windows workstations, servers, and domain controllers.
  • Magic Unicorn – Shellcode generator for numerous attack vectors, including Microsoft Office macros, PowerShell, HTML applications (HTA), or certutil (using fake certificates).
  • DeathStar – Python script that uses Empire’s RESTful API to automate gaining Domain Admin rights in Active Directory environments.

GNU/Linux Utilities

MacOS Utilities

  • Bella – Pure Python post-exploitation data mining and remote administration tool for macOS.

DDoS Tools

  • LOIC – Open source network stress tool for Windows.
  • JS LOIC – JavaScript in-browser version of LOIC.
  • SlowLoris – DoS tool that uses low bandwidth on the attacking side.
  • HOIC – Updated version of Low Orbit Ion Cannon, has ‘boosters’ to get around common countermeasures.
  • T50 – Faster network stress tool.
  • UFONet – Abuses OSI layer 7 HTTP to create/manage ‘zombies’ and to conduct different attacks using; GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.

Social Engineering Tools

  • Social Engineer Toolkit (SET) – Open source pentesting framework designed for social engineering featuring a number of custom attack vectors to make believable attacks quickly.
  • King Phisher – One of the Hacking Tools for Phishing campaign toolkits used for creating and managing multiple simultaneous phishing attacks with custom email and server content.
  • Evilginx – MITM attack framework used for phishing credentials and session cookies from any Web service.
  • wifiphisher – Automated phishing attacks against WiFi networks.
  • Catphish – Tool for phishing and corporate espionage written in Ruby.
  • Beelogger – Tool for generating keylooger.

OSINT Tools

  • Maltego – One of the Hacking Tools and Proprietary software for open-source intelligence and forensics, from Paterva.
  • theHarvester – E-mail, subdomain, and people name harvester.
  • creepy – Geolocation OSINT tool.
  • metagoofil – Metadata harvester.
  • Google Hacking Database – Database of Google dorks; can be used for recon.
  • Google-dorks – Common Google dorks and others you probably don’t know.
  • GooDork – Command line Google Dorking tool.
  • dork-cli – Command line Google dork tool.
  • Censys – Collects data on hosts and websites through daily ZMap and ZGrab scans.
  • Shodan – World’s first search engine for Internet-connected devices.
  • recon-ng – One of the Hacking Tools Full-featured Web Reconnaissance framework written in Python.
  • github-dorks – CLI tool to scan Github repos/organizations for potentially sensitive information leak.
  • vcsmap – Plugin-based tool to scan public version control systems for sensitive information.
  • Spiderfoot – Multi-source OSINT automation tool with a Web UI and report visualizations
  • BinGoo – GNU/Linux bash-based Bing and Google Dorking Tool.
  • fast-recon – Perform Google dorks against a domain.
  • snitch – Information gathering via dorks.
  • Sn1per – ons of the Hacking Tools for Automated Pentest Recon Scanner.
  • Threat Crowd – Search engine for threats.
  • Virus Total – VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.
  • DataSploit – OSINT visualizer utilizing Shodan, Censys, Clearbit, EmailHunter, FullContact, and Zoomeye behind the scenes.
  • AQUATONE – Subdomain discovery tool utilizing various open sources producing a report that can be used as input to other tools.
  • Intrigue – Automated OSINT & Attack Surface discovery framework with powerful API, UI, and CLI.
  • ZoomEye – Search engine for cyberspace that lets the user find specific network components.

Anonymity Tools

  • Tor – Free software and onion-routed overlay network that helps you defend against traffic analysis.
  • OnionScan – One of the Hacking Tools for investigating the Dark Web by finding operational security issues introduced by Tor hidden service operators.
  • I2P – The Invisible Internet Project.
  • Nipe – Script to redirect all traffic from the machine to the Tor network.
  • What Every Browser Knows About You – Comprehensive detection page to test your own Web browser’s configuration for privacy and identity leaks.
  • VPN – A virtual private network masks your real IP address and physical location replacing it with that of the server you connect to.

Reverse Engineering Tools

  • Interactive Disassembler (IDA Pro) – Proprietary multi-processor disassembler and debugger for Windows, GNU/Linux, or macOS; also has a free version, IDA Free.
  • OllyDbg – x86 debugger for Windows binaries that emphasizes binary code analysis.
  • Radare2 – Open source, cross-platform reverse engineering framework.
  • x64dbg – Open source x64/x32 debugger for windows.
  • Immunity Debugger – Powerful way to write exploits and analyze malware.
  • Evan’s Debugger – OllyDbg-like debugger for GNU/Linux.
  • Medusa – Open source, cross-platform interactive disassembler.
  • plasma – Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
  • peda – Python Exploit Development Assistance for GDB.
  • dnSpy – one of the Hacking Tools to reverse engineer .NET assemblies.
  • binwalk – Fast, easy-to-use tool for analyzing, reverse engineering, and extracting firmware images.
  • PyREBox – Python scriptable Reverse Engineering sandbox by Cisco-Talos.
  • Voltron – Extensible debugger UI toolkit written in Python.
  • Capstone – Lightweight multi-platform, multi-architecture disassembly framework.
  • rVMI – Debugger on steroids; inspect userspace processes, kernel drivers, and preboot environments in a single tool.
  • Frida – Dynamic instrumentation toolkit for developers, reverse engineers, and security researchers.

Physical Access Tools

  • LAN Turtle – Covert “USB Ethernet Adapter” that provides remote access, network intelligence gathering, and MITM capabilities when installed in a local network.
  • USB Rubber Ducky – Customizable keystroke injection attack platform masquerading as a USB thumb drive.
  • Poisontap – Siphons cookies, exposes internal (LAN-side) routers, and installs web backdoors on locked computers.
  • WiFi Pineapple – Wireless auditing and penetration testing platform.
  • Proxmark3 – RFID/NFC cloning, replay, and spoofing toolkit often used for analyzing and attacking proximity cards/readers, wireless keys/keyfobs, and more.

Side-Channel Tools

  • ChipWhisperer – Complete open-source toolchain for side-channel power analysis and glitching attacks.

CTF Tools

  • ctf-tools – Collection of setup scripts to install various security research tools easily and quickly deployable to new machines.
  • Pwntools – Rapid exploit development framework built for use in CTFs.
  • RsaCtfTool – Decrypt data enciphered using weak RSA keys, and recover private keys from public keys using a variety of automated attacks.

Penetration Testing Report Templates

Vulnerability Databases – Hacking Tools

  • Common Vulnerabilities and Exposures (CVE) – Dictionary of common names (i.e., CVE Identifiers) for publicly known security vulnerabilities.
  • National Vulnerability Database (NVD) – The United States government’s National Vulnerability Database provides additional meta-data (CPE, CVSS scoring) of the standard CVE List and a fine-grained search engine.
  • US-CERT Vulnerability Notes Database – Summaries, technical details, remediation information, and lists of vendors affected by software vulnerabilities, aggregated by the United States Computer Emergency Response Team (US-CERT).
  • Full-Disclosure – Public, vendor-neutral forum for a detailed discussion of vulnerabilities, often publishes details before many other sources.
  • Bugtraq (BID) – Software security bug identification database compiled from submissions to the SecurityFocus mailing Penetration testing tools list and other sources, operated by Symantec, Inc.
  • Exploit-DB – Non-profit project hosting exploits for software vulnerabilities, provided as a public service by Offensive Security.
  • Microsoft Security Bulletins – Announcements of security issues discovered in Microsoft software, published by the Microsoft Security Response Center (MSRC).
  • Microsoft Security Advisories – Archive of security advisories impacting Microsoft software.
  • Mozilla Foundation Security Advisories – Archive of security advisories impacting Mozilla software, including the Firefox Web Browser.
    • Packet Storm – Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry.
  • CXSecurity – Archive of published CVE and Bugtraq software vulnerabilities cross-referenced with a Google dork database for discovering the listed vulnerability.
  • SecuriTeam – Independent source of software vulnerability information.
  • Vulnerability Lab – Open forum for security advisories organized by category of exploit target.
  • Zero Day Initiative – Bug bounty program with the publicly accessible archive of published security advisories, operated by TippingPoint.
  • Vulners – Security database of software vulnerabilities.
  • Inj3ct0r (Onion service) – Exploit marketplace and vulnerability information, aggregator.
  • Open Source Vulnerability Database (OSVDB) – Historical archive of security vulnerabilities in computerized equipment, no longer adding to its vulnerability database as of April 2016.Hacking Tools
  • HPI-VDB – Aggregator of cross-referenced software vulnerabilities offering free-of-charge API access, provided by the Hasso-Plattner Institute, Potsdam.Hacking Tools

Security Courses – Best Penetration Testing Tools

Information Security Conferences

  • DEF CON – Annual hacker convention in Las Vegas.
  • Black Hat – Annual security conference in Las Vegas.
  • BSides – Framework for organizing and holding security conferences.
  • CCC – Annual meeting of the international hacker scene in Germany.
  • DerbyCon – Annual hacker conference based in Louisville.
  • PhreakNIC – Technology conference held annually in middle Tennessee.
  • ShmooCon – Annual US East Coast hacker convention.
  • Carolina – Infosec conference, held annually in North Carolina.
  • CHCon – Christchurch Hacker Con, the Only South Island of New Zealand hacker con.
  • SummerCon – One of the oldest hacker conventions, held during Summer.
  • Hack.lu – Annual conference held in Luxembourg.
  • Hackfest – Largest hacking conference in Canada.
  • HITB – Deep-knowledge security conference held in Malaysia and The Netherlands.
  • Troopers – Annual international IT Security event with workshops held in Heidelberg, Germany.
  • Hack3rCon – Annual US hacker conference.
  • ThotCon – Annual US hacker conference held in Chicago.
  • LayerOne – Annual US security conference held every spring in Los Angeles.
  • DeepSec – Security Conference in Vienna, Austria.
  • SkyDogCon – Technology conference in Nashville.
  • SECUINSIDE – Security Conference in Seoul.
  • DefCamp – Largest Security Conference in Eastern Europe, held annually in Bucharest, Romania.
  • AppSecUSA – Annual conference organized by OWASP.
  • BruCON – Annual security conference in Belgium.
  • Infosecurity Europe – Europe’s number one information security event, held in London, UK.
  • Nullcon – Annual conference in Delhi and Goa, India.
  • RSA Conference USA – Annual security conference in San Francisco, California, USA.
  • Swiss Cyber Storm – Annual security conference in Lucerne, Switzerland.
  • Virus Bulletin Conference – Annual conference going to be held in Denver, USA for 2016.
  • Ekoparty – Largest Security Conference in Latin America, held annually in Buenos Aires, Argentina.
  • 44Con – Annual Security Conference held in London.
  • BalCCon – Balkan Computer Congress, annually held in Novi Sad, Serbia.
  • FSec – FSec – Croatian Information Security Gathering in Varaždin, Croatia.

Information Security Magazines

Awesome Lists Of Best Penetration Testing Tools