mirror of
https://github.com/enaqx/awesome-pentest.git
synced 2025-01-25 05:36:48 -05:00
Merge pull request #143 from meitar/compliance
Further "Awesome List" style guide compliance passes.
This commit is contained in:
commit
083fc14dff
73
README.md
73
README.md
@ -11,7 +11,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
- [Online Resources](#online-resources)
|
||||
- [Penetration Testing Resources](#penetration-testing-resources)
|
||||
- [Exploit development](#exploit-development)
|
||||
- [Open Sources Intelligence (OSINT) Resources](#osint-resources)
|
||||
- [Open Source Intelligence (OSINT) Resources](#osint-resources)
|
||||
- [Social Engineering Resources](#social-engineering-resources)
|
||||
- [Lock Picking Resources](#lock-picking-resources)
|
||||
- [Operating Systems](#operating-systems)
|
||||
@ -27,10 +27,10 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
- [Hex Editors](#hex-editors)
|
||||
- [Hash Cracking Tools](#hash-cracking-tools)
|
||||
- [Windows Utils](#windows-utils)
|
||||
- [Linux Utils](#linux-utils)
|
||||
- [GNU/Linux Utils](#gnu-linux-utils)
|
||||
- [DDoS Tools](#ddos-tools)
|
||||
- [Social Engineering Tools](#social-engineering-tools)
|
||||
- [OSInt Tools](#osint-tools)
|
||||
- [OSINT Tools](#osint-tools)
|
||||
- [Anonymity Tools](#anonymity-tools)
|
||||
- [Reverse Engineering Tools](#reverse-engineering-tools)
|
||||
- [Physical Access Tools](#physical-access-tools)
|
||||
@ -71,7 +71,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
* [Voltron](https://github.com/snare/voltron) - Hacky debugger UI for hackers.
|
||||
|
||||
### OSINT Resources
|
||||
* [OSINT Framework](http://osintframework.com/) - Collection of various OSInt tools broken out by category.
|
||||
* [OSINT Framework](http://osintframework.com/) - Collection of various OSINT tools broken out by category.
|
||||
* [Intel Techniques](https://inteltechniques.com/menu.html) - Collection of OSINT tools. Menu on the left can be used to navigate through the categories.
|
||||
* [NetBootcamp OSINT Tools](http://netbootcamp.org/osinttools/) - Collection of OSINT links and custom Web interfaces to other services such as [Facebook Graph Search](http://netbootcamp.org/facebook.html) and [various paste sites](http://netbootcamp.org/pastesearch.html).
|
||||
|
||||
@ -86,36 +86,35 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
### Operating Systems
|
||||
* [Security related Operating Systems @ Rawsec](http://rawsec.ml/en/security-related-os/) - Complete list of security related operating systems.
|
||||
* [Best Linux Penetration Testing Distributions @ CyberPunk](https://n0where.net/best-linux-penetration-testing-distributions/) - Description of main penetration testing distributions.
|
||||
* [Security @ Distrowatch](http://distrowatch.com/search.php?category=Security) - Website dedicated to talking about, reviewing and keeping up to date with open source operating systems.
|
||||
* [Security @ Distrowatch](http://distrowatch.com/search.php?category=Security) - Website dedicated to talking about, reviewing, and keeping up to date with open source operating systems.
|
||||
* [cuckoo](https://github.com/cuckoosandbox/cuckoo) - Open source automated malware analysis system.
|
||||
* [CAINE](http://www.caine-live.net/) - Computer Aided INvestigative Environment is an Italian GNU/Linux live distribution created as a Digital Forensics project.
|
||||
* [DEFT](http://www.deftlinux.net/) - Digital Evidence & Forensics Toolkit Live OS.
|
||||
* [Computer Aided Investigative Environment (CAINE)](http://www.caine-live.net/) - Italian GNU/Linux live distribution created as a digital forensics project.
|
||||
* [Digital Evidence & Forensics Toolkit (DEFT)](http://www.deftlinux.net/) - Live CD for forensic analysis runnable without tampering or corrupting connected devices where the boot process takes place.
|
||||
* [Tails](https://tails.boum.org/) - Live OS aimed at preserving privacy and anonymity.
|
||||
|
||||
## Tools
|
||||
### Penetration Testing Distributions
|
||||
* [Kali](https://www.kali.org/) - Linux distribution designed for digital forensics and penetration testing.
|
||||
* [ArchStrike](https://archstrike.org/) - Arch Linux repository for security professionals and enthusiasts.
|
||||
* [BlackArch](https://www.blackarch.org/) - Arch Linux-based distribution for penetration testers and security researchers.
|
||||
* [NST](http://networksecuritytoolkit.org/) - Network Security Toolkit distribution.
|
||||
* [Pentoo](http://www.pentoo.ch/) - Security-focused livecd based on Gentoo.
|
||||
* [Kali](https://www.kali.org/) - GNU/Linux distribution designed for digital forensics and penetration testing.
|
||||
* [ArchStrike](https://archstrike.org/) - Arch GNU/Linux repository for security professionals and enthusiasts.
|
||||
* [BlackArch](https://www.blackarch.org/) - Arch GNU/Linux-based distribution for penetration testers and security researchers.
|
||||
* [Network Security Toolkit (NST)](http://networksecuritytoolkit.org/) - Fedora-based bootable live operating system designed to provide easy access to best-of-breed open source network security applications.
|
||||
* [Pentoo](http://www.pentoo.ch/) - Security-focused live CD based on Gentoo.
|
||||
* [BackBox](https://backbox.org/) - Ubuntu-based distribution for penetration tests and security assessments.
|
||||
* [Parrot](https://www.parrotsec.org/) - Distribution similar to Kali, with multiple architecture.
|
||||
* [Buscador](https://inteltechniques.com/buscador/) - Linux Virtual Machine that is pre-configured for online investigators.
|
||||
* [Buscador](https://inteltechniques.com/buscador/) - GNU/Linux virtual machine that is pre-configured for online investigators.
|
||||
* [Fedora Security Lab](https://labs.fedoraproject.org/en/security/) - Provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies.
|
||||
* [The Pentesters Framework](https://github.com/trustedsec/ptf) - PTF attempts to install all of your penetration testing tools (latest and greatest), compile them, build them, and make it so that you can install/update your distribution on any machine. Everything is organized in a fashion that is cohesive to the Penetration Testing Execution Standard (PTES) and eliminates a lot of things that are hardly used.
|
||||
* [The Pentesters Framework](https://github.com/trustedsec/ptf) - Distro organized around the Penetration Testing Execution Standard (PTES), providing a curated collection of utilities that eliminates often unused toolchains.
|
||||
|
||||
### Basic Penetration Testing Tools
|
||||
* [Metasploit Framework](https://www.metasploit.com/) - World's most used penetration testing software.
|
||||
* [ExploitPack](https://github.com/juansacco/exploitpack) - Graphical tool for penetration testing with a bunch of exploits.
|
||||
* [BeeF](https://github.com/beefproject/beef) - The Browser Exploitation Framework Project.
|
||||
* [faraday](https://github.com/infobyte/faraday) - Collaborative Penetration Test and Vulnerability Management Platform.
|
||||
* [BeEF](https://github.com/beefproject/beef) - Command and control server for delivering exploits to commandeered Web browsers.
|
||||
* [faraday](https://github.com/infobyte/faraday) - Collaborative penetration test and vulnerability management platform.
|
||||
* [evilgrade](https://github.com/infobyte/evilgrade) - The update explotation framework.
|
||||
* [commix](https://github.com/stasinopoulos/commix) - Automated All-in-One OS Command Injection and Exploitation Tool.
|
||||
* [routersploit](https://github.com/reverse-shell/routersploit) - Automated penetration testing software for router.
|
||||
* [redsnarf](https://github.com/nccgroup/redsnarf) - Post-exploitation tool for grabbing credentials.
|
||||
* [Bella](https://github.com/Trietptm-on-Security/Bella) - Pure Python post-exploitation data mining & remote administration tool for Mac OS.
|
||||
* [OWASP OWTF](https://www.owasp.org/index.php/OWASP_OWTF) - Offensive Web Testing Framework (OWTF), is an OWASP+PTES focused try to unite great tools and make pen testing more efficient.
|
||||
* [Offensive Web Testing Framework (OWTF)](https://www.owasp.org/index.php/OWASP_OWTF) - Python-based framework for pentesting Web applications based on the OWASP Testing Guide.
|
||||
|
||||
### Docker for Penetration Testing
|
||||
* `docker pull kalilinux/kali-linux-docker` [official Kali Linux](https://hub.docker.com/r/kalilinux/kali-linux-docker/)
|
||||
@ -146,19 +145,19 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
* [WebReaver](http://www.webreaver.com/) - Web application vulnerability scanner for macOS.
|
||||
* [DVCS Ripper](https://github.com/kost/dvcs-ripper) - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR.
|
||||
* [arachni](https://github.com/Arachni/arachni) - Web Application Security Scanner Framework.
|
||||
* [Vuls](https://github.com/future-architect/vuls) - Vulnerability scanner for Linux/FreeBSD, agentless, written in Go.
|
||||
* [Vuls](https://github.com/future-architect/vuls) - Agentless vulnerability scanner for GNU/Linux and FreeBSD, written in Go.
|
||||
* [Brakeman](https://github.com/presidentbeef/brakeman) - Static analysis security vulnerability scanner for Ruby on Rails applications.
|
||||
* [sobelow](https://github.com/techgaun/sobelow) - Security-focused static analysis for the Phoenix Framework.
|
||||
|
||||
#### Network Tools
|
||||
* [zmap](https://zmap.io/) - Open source network scanner that enables researchers to easily perform Internet-wide network studies.
|
||||
* [nmap](https://nmap.org/) - Free security scanner for network exploration & security audits.
|
||||
* [pig](https://github.com/rafael-santiago/pig) - Linux packet crafting tool.
|
||||
* [pig](https://github.com/rafael-santiago/pig) - GNU/Linux packet crafting tool.
|
||||
* [scanless](https://github.com/vesche/scanless) - Utility for using websites to perform port scans on your behalf so as not to reveal your own IP.
|
||||
* [tcpdump/libpcap](http://www.tcpdump.org/) - Common packet analyzer that runs under the command line.
|
||||
* [Wireshark](https://www.wireshark.org/) - Network protocol analyzer for Unix and Windows.
|
||||
* [Network Tools](http://network-tools.com/) - Different network tools: ping, lookup, whois, etc.
|
||||
* [netsniff-ng](https://github.com/netsniff-ng/netsniff-ng) - A Swiss army knife for for network sniffing.
|
||||
* [netsniff-ng](https://github.com/netsniff-ng/netsniff-ng) - Swiss army knife for for network sniffing.
|
||||
* [Intercepter-NG](http://sniff.su/) - Multifunctional network toolkit.
|
||||
* [SPARTA](http://sparta.secforce.com/) - Network infrastructure penetration testing tool.
|
||||
* [dnschef](https://github.com/iphelix/dnschef) - Highly configurable DNS proxy for pentesters.
|
||||
@ -212,16 +211,16 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
* [tplmap](https://github.com/epinna/tplmap) - Automatic server-side template injection and Web server takeover tool.
|
||||
* [weevely3](https://github.com/epinna/weevely3) - Weaponized web shell.
|
||||
* [Wappalyzer](https://wappalyzer.com/) - Wappalyzer uncovers the technologies used on websites.
|
||||
* [cms-explorer](https://code.google.com/archive/p/cms-explorer/) - Reveal the specific modules, plugins, components and themes that various CMS driven web sites are running.
|
||||
* [joomscan](https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project) - Joomla CMS vulnerability scanner.
|
||||
* [WhatWeb](https://github.com/urbanadventurer/WhatWeb) - Website Fingerprinter.
|
||||
* [BlindElephant](http://blindelephant.sourceforge.net/) - Web Application Fingerprinter.
|
||||
* [fimap](https://github.com/kurobeats/fimap) - Find, prepare, audit, exploit and even google automatically for LFI/RFI bugs.
|
||||
* [cms-explorer](https://code.google.com/archive/p/cms-explorer/) - Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running.
|
||||
* [joomscan](https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project) - Joomla vulnerability scanner.
|
||||
* [WhatWeb](https://github.com/urbanadventurer/WhatWeb) - Website fingerprinter.
|
||||
* [BlindElephant](http://blindelephant.sourceforge.net/) - Web application fingerprinter.
|
||||
* [fimap](https://github.com/kurobeats/fimap) - Find, prepare, audit, exploit and even Google automatically for LFI/RFI bugs.
|
||||
* [Kadabra](https://github.com/D35m0nd142/Kadabra) - Automatic LFI exploiter and scanner.
|
||||
* [Kadimus](https://github.com/P0cL4bs/Kadimus) - LFI scan and exploit tool.
|
||||
* [liffy](https://github.com/hvqzao/liffy) - LFI exploitation tool.
|
||||
* [GitTools](https://github.com/internetwache/GitTools) - Automatically find and download Web-accessible `.git` repositories.
|
||||
* [Commix](https://github.com/commixproject/commix) - Automated All-in-One OS command injection and exploitation tool.
|
||||
* [Commix](https://github.com/commixproject/commix) - Automated all-in-one operating system command injection and exploitation tool.
|
||||
|
||||
### Hex Editors
|
||||
* [HexEdit.js](https://hexed.it) - Browser-based hex editing.
|
||||
@ -241,7 +240,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
### Windows Utils
|
||||
* [Sysinternals Suite](https://technet.microsoft.com/en-us/sysinternals/bb842062) - The Sysinternals Troubleshooting Utilities.
|
||||
* [Windows Credentials Editor](http://www.ampliasecurity.com/research/windows-credentials-editor/) - Security tool to list logon sessions and add, change, list and delete associated credentials.
|
||||
* [mimikatz](http://blog.gentilkiwi.com/mimikatz) - Credentials extraction tool for Windows OS.
|
||||
* [mimikatz](http://blog.gentilkiwi.com/mimikatz) - Credentials extraction tool for Windows operating system.
|
||||
* [PowerSploit](https://github.com/PowerShellMafia/PowerSploit) - PowerShell Post-Exploitation Framework.
|
||||
* [Windows Exploit Suggester](https://github.com/GDSSecurity/Windows-Exploit-Suggester) - Detects potential missing patches on the target.
|
||||
* [Responder](https://github.com/SpiderLabs/Responder) - LLMNR, NBT-NS and MDNS poisoner.
|
||||
@ -250,25 +249,25 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
* [Fibratus](https://github.com/rabbitstack/fibratus) - Tool for exploration and tracing of the Windows kernel.
|
||||
* [wePWNise](https://labs.mwrinfosecurity.com/tools/wepwnise/) - Generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software.
|
||||
|
||||
### Linux Utils
|
||||
* [Linux Exploit Suggester](https://github.com/PenturaLabs/Linux_Exploit_Suggester) - Linux Exploit Suggester; based on operating system release number.
|
||||
### GNU/Linux Utils
|
||||
* [Linux Exploit Suggester](https://github.com/PenturaLabs/Linux_Exploit_Suggester) - Heuristic reporting on potentially viable exploits for a given GNU/Linux system.
|
||||
|
||||
### DDoS Tools
|
||||
* [LOIC](https://github.com/NewEraCracker/LOIC/) - Open source network stress tool for Windows.
|
||||
* [JS LOIC](http://metacortexsecurity.com/tools/anon/LOIC/LOICv1.html) - JavaScript in-browser version of LOIC.
|
||||
* [SlowLoris](https://github.com/gkbrk/slowloris) - DoS tool that uses low bandwidth on the attacking side.
|
||||
* [HOIC](https://sourceforge.net/projects/high-orbit-ion-cannon/) - Updated version of Low Orbit Ion Cannon, has 'boosters' to get around common counter measures.
|
||||
* [T50](https://sourceforge.net/projects/t50/) - The more fast network stress tool.
|
||||
* [UFONet](https://github.com/epsylon/ufonet) - UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using; GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.
|
||||
* [T50](https://sourceforge.net/projects/t50/) - Faster network stress tool.
|
||||
* [UFONet](https://github.com/epsylon/ufonet) - Abuses OSI layer 7 HTTP to create/manage 'zombies' and to conduct different attacks using; `GET`/`POST`, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.
|
||||
|
||||
### Social Engineering Tools
|
||||
* [SET](https://github.com/trustedsec/social-engineer-toolkit) - The Social-Engineer Toolkit from TrustedSec.
|
||||
* [Social Engineer Toolkit (SET)](https://github.com/trustedsec/social-engineer-toolkit) - Open source pentesting framework designed for social engineering featuring a number of custom attack vectors to make believable attacks quickly.
|
||||
* [King Phisher](https://github.com/securestate/king-phisher) - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content.
|
||||
* [Evilginx](https://github.com/kgretzky/evilginx) - MITM attack framework used for phishing credentials and session cookies from any Web service.
|
||||
* [wifiphisher](https://github.com/sophron/wifiphisher) - Automated phishing attacks against Wi-Fi networks.
|
||||
* [wifiphisher](https://github.com/sophron/wifiphisher) - Automated phishing attacks against WiFi networks.
|
||||
* [Catphish](https://github.com/ring0lab/catphish) - Tool for phishing and corporate espionage written in Ruby.
|
||||
|
||||
### OSInt Tools
|
||||
### OSINT Tools
|
||||
* [Maltego](http://www.paterva.com/web7/) - Proprietary software for open source intelligence and forensics, from Paterva.
|
||||
* [theHarvester](https://github.com/laramies/theHarvester) - E-mail, subdomain and people names harvester.
|
||||
* [creepy](https://github.com/ilektrojohn/creepy) - Geolocation OSINT tool.
|
||||
@ -283,7 +282,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
* [github-dorks](https://github.com/techgaun/github-dorks) - CLI tool to scan github repos/organizations for potential sensitive information leak.
|
||||
* [vcsmap](https://github.com/melvinsh/vcsmap) - Plugin-based tool to scan public version control systems for sensitive information.
|
||||
* [Spiderfoot](http://www.spiderfoot.net/) - Multi-source OSINT automation tool with a Web UI and report visualizations
|
||||
* [BinGoo](https://github.com/Hood3dRob1n/BinGoo) - Linux bash based Bing and Google Dorking Tool.
|
||||
* [BinGoo](https://github.com/Hood3dRob1n/BinGoo) - GNU/Linux bash based Bing and Google Dorking Tool.
|
||||
* [fast-recon](https://github.com/DanMcInerney/fast-recon) - Perform Google dorks against a domain.
|
||||
* [snitch](https://github.com/Smaash/snitch) - Information gathering via dorks.
|
||||
* [Sn1per](https://github.com/1N3/Sn1per) - Automated Pentest Recon Scanner.
|
||||
@ -297,7 +296,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
* [Nipe](https://github.com/GouveaHeitor/nipe) - Script to redirect all traffic from the machine to the Tor network.
|
||||
|
||||
### Reverse Engineering Tools
|
||||
* [IDA Pro](https://www.hex-rays.com/products/ida/) - Windows, Linux or macOS hosted multi-processor disassembler and debugger.
|
||||
* [IDA Pro](https://www.hex-rays.com/products/ida/) - Windows, GNU/Linux or macOS hosted multi-processor disassembler and debugger.
|
||||
* [IDA Free](https://www.hex-rays.com/products/ida/support/download_freeware.shtml) - The freeware version of IDA v5.0.
|
||||
* [WDK/WinDbg](https://msdn.microsoft.com/en-us/windows/hardware/hh852365.aspx) - Windows Driver Kit and WinDbg.
|
||||
* [OllyDbg](http://www.ollydbg.de/) - x86 debugger that emphasizes binary code analysis.
|
||||
|
Loading…
Reference in New Issue
Block a user