Merge pull request #143 from meitar/compliance

Further "Awesome List" style guide compliance passes.
This commit is contained in:
Samar Dhwoj Acharya 2017-07-07 11:07:57 -05:00 committed by GitHub
commit 083fc14dff

View File

@ -11,7 +11,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
- [Online Resources](#online-resources)
- [Penetration Testing Resources](#penetration-testing-resources)
- [Exploit development](#exploit-development)
- [Open Sources Intelligence (OSINT) Resources](#osint-resources)
- [Open Source Intelligence (OSINT) Resources](#osint-resources)
- [Social Engineering Resources](#social-engineering-resources)
- [Lock Picking Resources](#lock-picking-resources)
- [Operating Systems](#operating-systems)
@ -27,10 +27,10 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
- [Hex Editors](#hex-editors)
- [Hash Cracking Tools](#hash-cracking-tools)
- [Windows Utils](#windows-utils)
- [Linux Utils](#linux-utils)
- [GNU/Linux Utils](#gnu-linux-utils)
- [DDoS Tools](#ddos-tools)
- [Social Engineering Tools](#social-engineering-tools)
- [OSInt Tools](#osint-tools)
- [OSINT Tools](#osint-tools)
- [Anonymity Tools](#anonymity-tools)
- [Reverse Engineering Tools](#reverse-engineering-tools)
- [Physical Access Tools](#physical-access-tools)
@ -71,7 +71,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
* [Voltron](https://github.com/snare/voltron) - Hacky debugger UI for hackers.
### OSINT Resources
* [OSINT Framework](http://osintframework.com/) - Collection of various OSInt tools broken out by category.
* [OSINT Framework](http://osintframework.com/) - Collection of various OSINT tools broken out by category.
* [Intel Techniques](https://inteltechniques.com/menu.html) - Collection of OSINT tools. Menu on the left can be used to navigate through the categories.
* [NetBootcamp OSINT Tools](http://netbootcamp.org/osinttools/) - Collection of OSINT links and custom Web interfaces to other services such as [Facebook Graph Search](http://netbootcamp.org/facebook.html) and [various paste sites](http://netbootcamp.org/pastesearch.html).
@ -86,36 +86,35 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
### Operating Systems
* [Security related Operating Systems @ Rawsec](http://rawsec.ml/en/security-related-os/) - Complete list of security related operating systems.
* [Best Linux Penetration Testing Distributions @ CyberPunk](https://n0where.net/best-linux-penetration-testing-distributions/) - Description of main penetration testing distributions.
* [Security @ Distrowatch](http://distrowatch.com/search.php?category=Security) - Website dedicated to talking about, reviewing and keeping up to date with open source operating systems.
* [Security @ Distrowatch](http://distrowatch.com/search.php?category=Security) - Website dedicated to talking about, reviewing, and keeping up to date with open source operating systems.
* [cuckoo](https://github.com/cuckoosandbox/cuckoo) - Open source automated malware analysis system.
* [CAINE](http://www.caine-live.net/) - Computer Aided INvestigative Environment is an Italian GNU/Linux live distribution created as a Digital Forensics project.
* [DEFT](http://www.deftlinux.net/) - Digital Evidence & Forensics Toolkit Live OS.
* [Computer Aided Investigative Environment (CAINE)](http://www.caine-live.net/) - Italian GNU/Linux live distribution created as a digital forensics project.
* [Digital Evidence & Forensics Toolkit (DEFT)](http://www.deftlinux.net/) - Live CD for forensic analysis runnable without tampering or corrupting connected devices where the boot process takes place.
* [Tails](https://tails.boum.org/) - Live OS aimed at preserving privacy and anonymity.
## Tools
### Penetration Testing Distributions
* [Kali](https://www.kali.org/) - Linux distribution designed for digital forensics and penetration testing.
* [ArchStrike](https://archstrike.org/) - Arch Linux repository for security professionals and enthusiasts.
* [BlackArch](https://www.blackarch.org/) - Arch Linux-based distribution for penetration testers and security researchers.
* [NST](http://networksecuritytoolkit.org/) - Network Security Toolkit distribution.
* [Pentoo](http://www.pentoo.ch/) - Security-focused livecd based on Gentoo.
* [Kali](https://www.kali.org/) - GNU/Linux distribution designed for digital forensics and penetration testing.
* [ArchStrike](https://archstrike.org/) - Arch GNU/Linux repository for security professionals and enthusiasts.
* [BlackArch](https://www.blackarch.org/) - Arch GNU/Linux-based distribution for penetration testers and security researchers.
* [Network Security Toolkit (NST)](http://networksecuritytoolkit.org/) - Fedora-based bootable live operating system designed to provide easy access to best-of-breed open source network security applications.
* [Pentoo](http://www.pentoo.ch/) - Security-focused live CD based on Gentoo.
* [BackBox](https://backbox.org/) - Ubuntu-based distribution for penetration tests and security assessments.
* [Parrot](https://www.parrotsec.org/) - Distribution similar to Kali, with multiple architecture.
* [Buscador](https://inteltechniques.com/buscador/) - Linux Virtual Machine that is pre-configured for online investigators.
* [Buscador](https://inteltechniques.com/buscador/) - GNU/Linux virtual machine that is pre-configured for online investigators.
* [Fedora Security Lab](https://labs.fedoraproject.org/en/security/) - Provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies.
* [The Pentesters Framework](https://github.com/trustedsec/ptf) - PTF attempts to install all of your penetration testing tools (latest and greatest), compile them, build them, and make it so that you can install/update your distribution on any machine. Everything is organized in a fashion that is cohesive to the Penetration Testing Execution Standard (PTES) and eliminates a lot of things that are hardly used.
* [The Pentesters Framework](https://github.com/trustedsec/ptf) - Distro organized around the Penetration Testing Execution Standard (PTES), providing a curated collection of utilities that eliminates often unused toolchains.
### Basic Penetration Testing Tools
* [Metasploit Framework](https://www.metasploit.com/) - World's most used penetration testing software.
* [ExploitPack](https://github.com/juansacco/exploitpack) - Graphical tool for penetration testing with a bunch of exploits.
* [BeeF](https://github.com/beefproject/beef) - The Browser Exploitation Framework Project.
* [faraday](https://github.com/infobyte/faraday) - Collaborative Penetration Test and Vulnerability Management Platform.
* [BeEF](https://github.com/beefproject/beef) - Command and control server for delivering exploits to commandeered Web browsers.
* [faraday](https://github.com/infobyte/faraday) - Collaborative penetration test and vulnerability management platform.
* [evilgrade](https://github.com/infobyte/evilgrade) - The update explotation framework.
* [commix](https://github.com/stasinopoulos/commix) - Automated All-in-One OS Command Injection and Exploitation Tool.
* [routersploit](https://github.com/reverse-shell/routersploit) - Automated penetration testing software for router.
* [redsnarf](https://github.com/nccgroup/redsnarf) - Post-exploitation tool for grabbing credentials.
* [Bella](https://github.com/Trietptm-on-Security/Bella) - Pure Python post-exploitation data mining & remote administration tool for Mac OS.
* [OWASP OWTF](https://www.owasp.org/index.php/OWASP_OWTF) - Offensive Web Testing Framework (OWTF), is an OWASP+PTES focused try to unite great tools and make pen testing more efficient.
* [Offensive Web Testing Framework (OWTF)](https://www.owasp.org/index.php/OWASP_OWTF) - Python-based framework for pentesting Web applications based on the OWASP Testing Guide.
### Docker for Penetration Testing
* `docker pull kalilinux/kali-linux-docker` [official Kali Linux](https://hub.docker.com/r/kalilinux/kali-linux-docker/)
@ -146,19 +145,19 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
* [WebReaver](http://www.webreaver.com/) - Web application vulnerability scanner for macOS.
* [DVCS Ripper](https://github.com/kost/dvcs-ripper) - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR.
* [arachni](https://github.com/Arachni/arachni) - Web Application Security Scanner Framework.
* [Vuls](https://github.com/future-architect/vuls) - Vulnerability scanner for Linux/FreeBSD, agentless, written in Go.
* [Vuls](https://github.com/future-architect/vuls) - Agentless vulnerability scanner for GNU/Linux and FreeBSD, written in Go.
* [Brakeman](https://github.com/presidentbeef/brakeman) - Static analysis security vulnerability scanner for Ruby on Rails applications.
* [sobelow](https://github.com/techgaun/sobelow) - Security-focused static analysis for the Phoenix Framework.
#### Network Tools
* [zmap](https://zmap.io/) - Open source network scanner that enables researchers to easily perform Internet-wide network studies.
* [nmap](https://nmap.org/) - Free security scanner for network exploration & security audits.
* [pig](https://github.com/rafael-santiago/pig) - Linux packet crafting tool.
* [pig](https://github.com/rafael-santiago/pig) - GNU/Linux packet crafting tool.
* [scanless](https://github.com/vesche/scanless) - Utility for using websites to perform port scans on your behalf so as not to reveal your own IP.
* [tcpdump/libpcap](http://www.tcpdump.org/) - Common packet analyzer that runs under the command line.
* [Wireshark](https://www.wireshark.org/) - Network protocol analyzer for Unix and Windows.
* [Network Tools](http://network-tools.com/) - Different network tools: ping, lookup, whois, etc.
* [netsniff-ng](https://github.com/netsniff-ng/netsniff-ng) - A Swiss army knife for for network sniffing.
* [netsniff-ng](https://github.com/netsniff-ng/netsniff-ng) - Swiss army knife for for network sniffing.
* [Intercepter-NG](http://sniff.su/) - Multifunctional network toolkit.
* [SPARTA](http://sparta.secforce.com/) - Network infrastructure penetration testing tool.
* [dnschef](https://github.com/iphelix/dnschef) - Highly configurable DNS proxy for pentesters.
@ -212,16 +211,16 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
* [tplmap](https://github.com/epinna/tplmap) - Automatic server-side template injection and Web server takeover tool.
* [weevely3](https://github.com/epinna/weevely3) - Weaponized web shell.
* [Wappalyzer](https://wappalyzer.com/) - Wappalyzer uncovers the technologies used on websites.
* [cms-explorer](https://code.google.com/archive/p/cms-explorer/) - Reveal the specific modules, plugins, components and themes that various CMS driven web sites are running.
* [joomscan](https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project) - Joomla CMS vulnerability scanner.
* [WhatWeb](https://github.com/urbanadventurer/WhatWeb) - Website Fingerprinter.
* [BlindElephant](http://blindelephant.sourceforge.net/) - Web Application Fingerprinter.
* [fimap](https://github.com/kurobeats/fimap) - Find, prepare, audit, exploit and even google automatically for LFI/RFI bugs.
* [cms-explorer](https://code.google.com/archive/p/cms-explorer/) - Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running.
* [joomscan](https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project) - Joomla vulnerability scanner.
* [WhatWeb](https://github.com/urbanadventurer/WhatWeb) - Website fingerprinter.
* [BlindElephant](http://blindelephant.sourceforge.net/) - Web application fingerprinter.
* [fimap](https://github.com/kurobeats/fimap) - Find, prepare, audit, exploit and even Google automatically for LFI/RFI bugs.
* [Kadabra](https://github.com/D35m0nd142/Kadabra) - Automatic LFI exploiter and scanner.
* [Kadimus](https://github.com/P0cL4bs/Kadimus) - LFI scan and exploit tool.
* [liffy](https://github.com/hvqzao/liffy) - LFI exploitation tool.
* [GitTools](https://github.com/internetwache/GitTools) - Automatically find and download Web-accessible `.git` repositories.
* [Commix](https://github.com/commixproject/commix) - Automated All-in-One OS command injection and exploitation tool.
* [Commix](https://github.com/commixproject/commix) - Automated all-in-one operating system command injection and exploitation tool.
### Hex Editors
* [HexEdit.js](https://hexed.it) - Browser-based hex editing.
@ -241,7 +240,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
### Windows Utils
* [Sysinternals Suite](https://technet.microsoft.com/en-us/sysinternals/bb842062) - The Sysinternals Troubleshooting Utilities.
* [Windows Credentials Editor](http://www.ampliasecurity.com/research/windows-credentials-editor/) - Security tool to list logon sessions and add, change, list and delete associated credentials.
* [mimikatz](http://blog.gentilkiwi.com/mimikatz) - Credentials extraction tool for Windows OS.
* [mimikatz](http://blog.gentilkiwi.com/mimikatz) - Credentials extraction tool for Windows operating system.
* [PowerSploit](https://github.com/PowerShellMafia/PowerSploit) - PowerShell Post-Exploitation Framework.
* [Windows Exploit Suggester](https://github.com/GDSSecurity/Windows-Exploit-Suggester) - Detects potential missing patches on the target.
* [Responder](https://github.com/SpiderLabs/Responder) - LLMNR, NBT-NS and MDNS poisoner.
@ -250,25 +249,25 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
* [Fibratus](https://github.com/rabbitstack/fibratus) - Tool for exploration and tracing of the Windows kernel.
* [wePWNise](https://labs.mwrinfosecurity.com/tools/wepwnise/) - Generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software.
### Linux Utils
* [Linux Exploit Suggester](https://github.com/PenturaLabs/Linux_Exploit_Suggester) - Linux Exploit Suggester; based on operating system release number.
### GNU/Linux Utils
* [Linux Exploit Suggester](https://github.com/PenturaLabs/Linux_Exploit_Suggester) - Heuristic reporting on potentially viable exploits for a given GNU/Linux system.
### DDoS Tools
* [LOIC](https://github.com/NewEraCracker/LOIC/) - Open source network stress tool for Windows.
* [JS LOIC](http://metacortexsecurity.com/tools/anon/LOIC/LOICv1.html) - JavaScript in-browser version of LOIC.
* [SlowLoris](https://github.com/gkbrk/slowloris) - DoS tool that uses low bandwidth on the attacking side.
* [HOIC](https://sourceforge.net/projects/high-orbit-ion-cannon/) - Updated version of Low Orbit Ion Cannon, has 'boosters' to get around common counter measures.
* [T50](https://sourceforge.net/projects/t50/) - The more fast network stress tool.
* [UFONet](https://github.com/epsylon/ufonet) - UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using; GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.
* [T50](https://sourceforge.net/projects/t50/) - Faster network stress tool.
* [UFONet](https://github.com/epsylon/ufonet) - Abuses OSI layer 7 HTTP to create/manage 'zombies' and to conduct different attacks using; `GET`/`POST`, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.
### Social Engineering Tools
* [SET](https://github.com/trustedsec/social-engineer-toolkit) - The Social-Engineer Toolkit from TrustedSec.
* [Social Engineer Toolkit (SET)](https://github.com/trustedsec/social-engineer-toolkit) - Open source pentesting framework designed for social engineering featuring a number of custom attack vectors to make believable attacks quickly.
* [King Phisher](https://github.com/securestate/king-phisher) - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content.
* [Evilginx](https://github.com/kgretzky/evilginx) - MITM attack framework used for phishing credentials and session cookies from any Web service.
* [wifiphisher](https://github.com/sophron/wifiphisher) - Automated phishing attacks against Wi-Fi networks.
* [wifiphisher](https://github.com/sophron/wifiphisher) - Automated phishing attacks against WiFi networks.
* [Catphish](https://github.com/ring0lab/catphish) - Tool for phishing and corporate espionage written in Ruby.
### OSInt Tools
### OSINT Tools
* [Maltego](http://www.paterva.com/web7/) - Proprietary software for open source intelligence and forensics, from Paterva.
* [theHarvester](https://github.com/laramies/theHarvester) - E-mail, subdomain and people names harvester.
* [creepy](https://github.com/ilektrojohn/creepy) - Geolocation OSINT tool.
@ -283,7 +282,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
* [github-dorks](https://github.com/techgaun/github-dorks) - CLI tool to scan github repos/organizations for potential sensitive information leak.
* [vcsmap](https://github.com/melvinsh/vcsmap) - Plugin-based tool to scan public version control systems for sensitive information.
* [Spiderfoot](http://www.spiderfoot.net/) - Multi-source OSINT automation tool with a Web UI and report visualizations
* [BinGoo](https://github.com/Hood3dRob1n/BinGoo) - Linux bash based Bing and Google Dorking Tool.
* [BinGoo](https://github.com/Hood3dRob1n/BinGoo) - GNU/Linux bash based Bing and Google Dorking Tool.
* [fast-recon](https://github.com/DanMcInerney/fast-recon) - Perform Google dorks against a domain.
* [snitch](https://github.com/Smaash/snitch) - Information gathering via dorks.
* [Sn1per](https://github.com/1N3/Sn1per) - Automated Pentest Recon Scanner.
@ -297,7 +296,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
* [Nipe](https://github.com/GouveaHeitor/nipe) - Script to redirect all traffic from the machine to the Tor network.
### Reverse Engineering Tools
* [IDA Pro](https://www.hex-rays.com/products/ida/) - Windows, Linux or macOS hosted multi-processor disassembler and debugger.
* [IDA Pro](https://www.hex-rays.com/products/ida/) - Windows, GNU/Linux or macOS hosted multi-processor disassembler and debugger.
* [IDA Free](https://www.hex-rays.com/products/ida/support/download_freeware.shtml) - The freeware version of IDA v5.0.
* [WDK/WinDbg](https://msdn.microsoft.com/en-us/windows/hardware/hh852365.aspx) - Windows Driver Kit and WinDbg.
* [OllyDbg](http://www.ollydbg.de/) - x86 debugger that emphasizes binary code analysis.