From 132b1f79ad5909264a88c1da701693872e660a85 Mon Sep 17 00:00:00 2001 From: Meitar M Date: Sat, 1 Jul 2017 20:29:37 -0400 Subject: [PATCH 01/44] Add Frhed. (The hex editor section is sort of lacking right now.) --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 4ff7861..d32b804 100644 --- a/README.md +++ b/README.md @@ -222,6 +222,7 @@ A collection of awesome penetration testing resources #### Hex Editors * [HexEdit.js](https://hexed.it) - Browser-based hex editing * [Hexinator](https://hexinator.com/) (commercial) - World's finest Hex Editor +* [Frhed](http://frhed.sourceforge.net/) - Binary file editor for Windows. #### File Format Analysis Tools * [Kaitai Struct](http://kaitai.io/) - File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby From 065df08263038c9b0b6c57524088dcaf8ec21640 Mon Sep 17 00:00:00 2001 From: Meitar M Date: Sun, 2 Jul 2017 14:18:45 -0400 Subject: [PATCH 02/44] Add WiFi Pineapple to Physical Access Tools section. --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index d32b804..5c30b92 100644 --- a/README.md +++ b/README.md @@ -310,6 +310,7 @@ A collection of awesome penetration testing resources * [LAN Turtle](https://lanturtle.com/) - a covert "USB Ethernet Adapter" that provides remote access, network intelligence gathering, and MITM capabilities when installed in a local network. * [USB Rubber Ducky](http://usbrubberducky.com/) - customizable keystroke injection attack platform masquerading as a USB thumbdrive * [Poisontap](https://samy.pl/poisontap/) - siphons cookies, exposes internal (LAN-side) router and installs web backdoor on locked computers +* [WiFi Pineapple](https://www.wifipineapple.com/) - Wireless auditing and penetration testing platform. #### CTF Tools * [Pwntools](https://github.com/Gallopsled/pwntools) - Rapid exploit development framework built for use in CTFs From 38e34cdb1a727f9d44b4a007e81424fd8fbe9f31 Mon Sep 17 00:00:00 2001 From: Samar Dhwoj Acharya Date: Mon, 3 Jul 2017 01:09:02 -0500 Subject: [PATCH 03/44] add brakeman --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 5c30b92..0e81721 100644 --- a/README.md +++ b/README.md @@ -145,6 +145,7 @@ A collection of awesome penetration testing resources * [DVCS Ripper](https://github.com/kost/dvcs-ripper) - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR * [arachni](https://github.com/Arachni/arachni) - Web Application Security Scanner Framework * [Vuls](https://github.com/future-architect/vuls) - Vulnerability scanner for Linux/FreeBSD, agentless, written in Go +* [Brakeman](https://github.com/presidentbeef/brakeman) - A static analysis security vulnerability scanner for Ruby on Rails applications #### Network Tools * [zmap](https://zmap.io/) - Open-source network scanner that enables researchers to easily perform Internet-wide network studies From b667e06b81a9d379f0aa751e886b9a373d562af4 Mon Sep 17 00:00:00 2001 From: Duncan Ogilvie Date: Mon, 3 Jul 2017 08:36:05 +0200 Subject: [PATCH 04/44] x64_dbg -> x64dbg --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0e81721..8573d71 100644 --- a/README.md +++ b/README.md @@ -299,7 +299,7 @@ A collection of awesome penetration testing resources * [WDK/WinDbg](https://msdn.microsoft.com/en-us/windows/hardware/hh852365.aspx) - Windows Driver Kit and WinDbg * [OllyDbg](http://www.ollydbg.de/) - An x86 debugger that emphasizes binary code analysis * [Radare2](http://rada.re/r/index.html) - Opensource, crossplatform reverse engineering framework -* [x64_dbg](http://x64dbg.com/) - An open-source x64/x32 debugger for windows +* [x64dbg](http://x64dbg.com/) - An open-source x64/x32 debugger for windows * [Immunity Debugger](http://debugger.immunityinc.com/) - A powerful new way to write exploits and analyze malware * [Evan's Debugger](http://www.codef00.com/projects#debugger) - OllyDbg-like debugger for Linux * [Medusa disassembler](https://github.com/wisk/medusa) - An open source interactive disassembler From e265e3bf4dcc967496ecb102f9decdf44be93159 Mon Sep 17 00:00:00 2001 From: "Sachin S. Kamath" Date: Tue, 4 Jul 2017 10:27:48 +0530 Subject: [PATCH 05/44] Add OWTF to list of tools --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 8573d71..8c4fd7e 100644 --- a/README.md +++ b/README.md @@ -114,6 +114,7 @@ A collection of awesome penetration testing resources * [routersploit](https://github.com/reverse-shell/routersploit) - Automated penetration testing software for router * [redsnarf](https://github.com/nccgroup/redsnarf) - Post-exploitation tool for grabbing credentials * [Bella](https://github.com/Trietptm-on-Security/Bella) - Bella is a pure Python post-exploitation data mining & remote administration tool for Mac OS. +* [OWASP OWTF](https://www.owasp.org/index.php/OWASP_OWTF) - Offensive Web Testing Framework (OWTF), is an OWASP+PTES focused try to unite great tools and make pen testing more efficient. #### Docker for Penetration Testing * `docker pull kalilinux/kali-linux-docker` [official Kali Linux](https://hub.docker.com/r/kalilinux/kali-linux-docker/) From 0765f513d0fa567d37729b2335141598c451d9c9 Mon Sep 17 00:00:00 2001 From: Meitar M Date: Wed, 5 Jul 2017 21:51:54 -0400 Subject: [PATCH 06/44] Add `ctf-tools`, quick installations of various pentest utils. --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 8c4fd7e..a21fcd7 100644 --- a/README.md +++ b/README.md @@ -315,6 +315,7 @@ A collection of awesome penetration testing resources * [WiFi Pineapple](https://www.wifipineapple.com/) - Wireless auditing and penetration testing platform. #### CTF Tools +* [ctf-tools](https://github.com/zardus/ctf-tools) - a collection of setup scripts to install various security research tools easily and quickly deployable to new machines. * [Pwntools](https://github.com/Gallopsled/pwntools) - Rapid exploit development framework built for use in CTFs * [RsaCtfTool](https://github.com/sourcekris/RsaCtfTool) - Decrypt data enciphered using weak RSA keys, and recover private keys from public keys using a variety of automated attacks From b40bbe39634b1047660d4044d874caa96eedc072 Mon Sep 17 00:00:00 2001 From: Meitar M Date: Thu, 6 Jul 2017 00:29:02 -0400 Subject: [PATCH 07/44] First round of making this list awesome compliant, for #86. This commit is a first-pass attempt at adhering to the style guide of the Awesome List contribution guidelines at https://github.com/sindresorhus/awesome/blob/master/pull_request_template.md Specificaly, I have: * added a succinct description of the project/theme at top of README. * added the awesome badge on the right side of the list heading. * titled the table of contents `Contents`. * moved the `CONTRIBUTING.md` file to the expected filesystem path. * capitalized the first word of link descriptions, when present. * added trailing periods to link descriptions, when not present. * removed the "A" and "An" prepositions from link descriptions. * removed the Travis CI build status badge. * matched the heading levels to the style guide's recommendations. --- .github/CONTRIBUTING.md | 29 -- CONTRIBUTING.md | 45 +++ README.md | 620 ++++++++++++++++++++-------------------- 3 files changed, 352 insertions(+), 342 deletions(-) delete mode 100644 .github/CONTRIBUTING.md create mode 100644 CONTRIBUTING.md diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md deleted file mode 100644 index 0d99365..0000000 --- a/.github/CONTRIBUTING.md +++ /dev/null @@ -1,29 +0,0 @@ -# Contribution Guidelines - -## Table of Contents - -- [Adding to this list](#adding-to-this-list) -- [Updating your Pull Request](#updating-your-pull-request) - -## Adding to this list - -Please ensure your pull request adheres to the following guidelines: - -- Search previous suggestions before making a new one, as yours may be a duplicate. -- Make sure the submission is useful before submitting. -- Make an individual pull request for each suggestion. -- Use [title-casing](http://titlecapitalization.com) (AP style). -- Use the following format: `[List Name](link) - Optional Description`. -- Optional descriptions are useful when the name itself is not descriptive. -- Link additions should be added to the bottom of the relevant category. -- New categories or improvements to the existing categorization are welcome. -- Check your spelling and grammar. -- Make sure your text editor is set to remove trailing whitespace. -- The pull request and commit should have a useful title. -- The body of your commit message should contain a link to the repository. - -## Updating your Pull Request - -Sometimes, a maintainer of an awesome list will ask you to edit your Pull Request before it is included. This is normally due to spelling errors or because your PR didn't make any useful addition. - -[Here](https://github.com/RichardLitt/docs/blob/master/amending-a-commit-guide.md) is a write up on how to change a Pull Request, and the different ways you can do that. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..5af64df --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,45 @@ +# Contribution Guidelines + +**Your pull request should have a useful title. Please carefully read everything in [Adding to this list](#adding-to-this-list).** + +## Table of Contents + +- [Adding to this list](#adding-to-this-list) +- [Creating your own awesome list](#creating-your-own-awesome-list) +- [Adding something to an awesome list](#adding-something-to-an-awesome-list) +- [Updating your Pull Request](#updating-your-pull-request) + +## Adding to this list + +Please ensure your pull request adheres to the following guidelines: + +- Search previous suggestions before making a new one, as yours may be a duplicate. +- Make sure the item you are adding is useful (and, you know, awesome) before submitting. +- Make an individual pull request for each suggestion. +- Use [title-casing](http://titlecapitalization.com) (AP style). +- Use the following format: `[Item Name](link)` +- Link additions should be added to the bottom of the relevant category. +- New categories or improvements to the existing categorization are welcome. +- Check your spelling and grammar. +- Make sure your text editor is set to remove trailing whitespace. +- The pull request and commit should have a useful title. +- The body of your commit message should contain a link to the repository. + +Thank you for your suggestions! + +## Adding something to an awesome list + +If you have something awesome to contribute to an awesome list, this is how you do it. + +You'll need a [GitHub account](https://github.com/join)! + +1. Access the awesome list's GitHub page. For example: https://github.com/sindresorhus/awesome +2. Click on the `readme.md` file: ![Step 2 Click on Readme.md](https://cloud.githubusercontent.com/assets/170270/9402920/53a7e3ea-480c-11e5-9d81-aecf64be55eb.png) +3. Now click on the edit icon. ![Step 3 - Click on Edit](https://cloud.githubusercontent.com/assets/170270/9402927/6506af22-480c-11e5-8c18-7ea823530099.png) +4. You can start editing the text of the file in the in-browser editor. Make sure you follow guidelines above. You can use [GitHub Flavored Markdown](https://help.github.com/articles/github-flavored-markdown/). ![Step 4 - Edit the file](https://cloud.githubusercontent.com/assets/170270/9402932/7301c3a0-480c-11e5-81f5-7e343b71674f.png) +5. Say why you're proposing the changes, and then click on "Propose file change". ![Step 5 - Propose Changes](https://cloud.githubusercontent.com/assets/170270/9402937/7dd0652a-480c-11e5-9138-bd14244593d5.png) +6. Submit the [pull request](https://help.github.com/articles/using-pull-requests/)! + +## Updating your Pull Request + +Sometimes, a maintainer of this list will ask you to edit your Pull Request before it is included. This is normally due to spelling errors or because your PR didn't match the awesome-* list guidelines. [Here is a write up on how to change a Pull Request](https://github.com/RichardLitt/docs/blob/master/amending-a-commit-guide.md), and the different ways you can do that. diff --git a/README.md b/README.md index a21fcd7..12d19fb 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,12 @@ -### **Awesome Penetration Testing** [![Links Check](https://travis-ci.org/enaqx/awesome-pentest.svg?branch=master)](https://travis-ci.org/enaqx/awesome-pentest) +# Awesome Penetration Testing [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome) [![Creative Commons License](http://i.creativecommons.org/l/by/4.0/88x31.png)](https://creativecommons.org/licenses/by/4.0/) +> A collection of awesome penetration testing resources. -A collection of awesome penetration testing resources +[Penetration testing](https://en.wikipedia.org/wiki/Penetration_test) is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities. -[This project is supported by Netsparker Web Application Security Scanner](https://www.netsparker.com/?utm_source=github.com&utm_content=awesome+penetration+testing&utm_medium=referral&utm_campaign=generic+advert) +Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Please check the [Contributing Guidelines](CONTRIBUTING.md) for more details. This work is licensed under a [Creative Commons Attribution 4.0 International License](http://creativecommons.org/licenses/by/4.0/) +## Contents - [Online Resources](#online-resources) - [Penetration Testing Resources](#penetration-testing-resources) @@ -53,70 +55,71 @@ A collection of awesome penetration testing resources - [License](#license) -### Online Resources -#### Penetration Testing Resources -* [Metasploit Unleashed](https://www.offensive-security.com/metasploit-unleashed/) - Free Offensive Security Metasploit course -* [PTES](http://www.pentest-standard.org/) - Penetration Testing Execution Standard -* [OWASP](https://www.owasp.org/index.php/Main_Page) - Open Web Application Security Project -* [PENTEST-WIKI](https://github.com/nixawk/pentest-wiki) - A free online security knowledge library for pentesters / researchers. +## Online Resources + +### Penetration Testing Resources +* [Metasploit Unleashed](https://www.offensive-security.com/metasploit-unleashed/) - Free Offensive Security Metasploit course. +* [PTES](http://www.pentest-standard.org/) - Penetration Testing Execution Standard. +* [OWASP](https://www.owasp.org/index.php/Main_Page) - Open Web Application Security Project. +* [PENTEST-WIKI](https://github.com/nixawk/pentest-wiki) - Free online security knowledge library for pentesters / researchers. * [Vulnerability Assessment Framework](http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html) - Penetration Testing Framework. * [XSS-Payloads](http://www.xss-payloads.com) - Ultimate resource for all things cross-site including payloads, tools, games and documentation. -#### Exploit development -* [Shellcode Tutorial](http://www.vividmachines.com/shellcode/shellcode.html) - Tutorial on how to write shellcode -* [Shellcode Examples](http://shell-storm.org/shellcode/) - Shellcodes database -* [Exploit Writing Tutorials](https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/) - Tutorials on how to develop exploits -* [shellsploit](https://github.com/b3mb4m/shellsploit-framework) - New Generation Exploit Development Kit -* [Voltron](https://github.com/snare/voltron) - A hacky debugger UI for hackers +### Exploit development +* [Shellcode Tutorial](http://www.vividmachines.com/shellcode/shellcode.html) - Tutorial on how to write shellcode. +* [Shellcode Examples](http://shell-storm.org/shellcode/) - Shellcodes database. +* [Exploit Writing Tutorials](https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/) - Tutorials on how to develop exploits. +* [shellsploit](https://github.com/b3mb4m/shellsploit-framework) - New Generation Exploit Development Kit. +* [Voltron](https://github.com/snare/voltron) - Hacky debugger UI for hackers. -#### OSINT Resources +### OSINT Resources * [OSINT Framework](http://osintframework.com/) - Collection of various OSInt tools broken out by category. -* [Intel Techniques](https://inteltechniques.com/menu.html) - A collection of OSINT tools. Menu on the left can be used to navigate through the categories. -* [NetBootcamp OSINT Tools](http://netbootcamp.org/osinttools/) - A collection of OSINT links and custom Web interfaces to other services such as [Facebook Graph Search](http://netbootcamp.org/facebook.html) and [various paste sites](http://netbootcamp.org/pastesearch.html). +* [Intel Techniques](https://inteltechniques.com/menu.html) - Collection of OSINT tools. Menu on the left can be used to navigate through the categories. +* [NetBootcamp OSINT Tools](http://netbootcamp.org/osinttools/) - Collection of OSINT links and custom Web interfaces to other services such as [Facebook Graph Search](http://netbootcamp.org/facebook.html) and [various paste sites](http://netbootcamp.org/pastesearch.html). -#### Social Engineering Resources -* [Social Engineering Framework](http://www.social-engineer.org/framework/general-discussion/) - An information resource for social engineers +### Social Engineering Resources +* [Social Engineering Framework](http://www.social-engineer.org/framework/general-discussion/) - Information resource for social engineers. -#### Lock Picking Resources -* [Schuyler Towne channel](https://www.youtube.com/user/SchuylerTowne/) - Lockpicking videos and security talks -* [bosnianbill](https://www.youtube.com/user/bosnianbill) - More lockpicking videos +### Lock Picking Resources +* [Schuyler Towne channel](https://www.youtube.com/user/SchuylerTowne/) - Lockpicking videos and security talks. +* [bosnianbill](https://www.youtube.com/user/bosnianbill) - More lockpicking videos. * [/r/lockpicking](https://www.reddit.com/r/lockpicking) - Resources for learning lockpicking, equipment recommendations. -#### Operating Systems -* [Security related Operating Systems @ Rawsec](http://rawsec.ml/en/security-related-os/) - Complete list of security related operating systems -* [Best Linux Penetration Testing Distributions @ CyberPunk](https://n0where.net/best-linux-penetration-testing-distributions/) - Description of main penetration testing distributions -* [Security @ Distrowatch](http://distrowatch.com/search.php?category=Security) - Website dedicated to talking about, reviewing and keeping up to date with open source operating systems -* [cuckoo](https://github.com/cuckoosandbox/cuckoo) - An open source automated malware analysis system -* [CAINE](http://www.caine-live.net/) - (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a Digital Forensics project -* [DEFT](http://www.deftlinux.net/) - Digital Evidence & Forensics Toolkit Live OS -* [Tails](https://tails.boum.org/) - Live OS aimed at preserving privacy and anonymity +### Operating Systems +* [Security related Operating Systems @ Rawsec](http://rawsec.ml/en/security-related-os/) - Complete list of security related operating systems. +* [Best Linux Penetration Testing Distributions @ CyberPunk](https://n0where.net/best-linux-penetration-testing-distributions/) - Description of main penetration testing distributions. +* [Security @ Distrowatch](http://distrowatch.com/search.php?category=Security) - Website dedicated to talking about, reviewing and keeping up to date with open source operating systems. +* [cuckoo](https://github.com/cuckoosandbox/cuckoo) - Open source automated malware analysis system. +* [CAINE](http://www.caine-live.net/) - Computer Aided INvestigative Environment is an Italian GNU/Linux live distribution created as a Digital Forensics project. +* [DEFT](http://www.deftlinux.net/) - Digital Evidence & Forensics Toolkit Live OS. +* [Tails](https://tails.boum.org/) - Live OS aimed at preserving privacy and anonymity. -### Tools -#### Penetration Testing Distributions -* [Kali](https://www.kali.org/) - A Linux distribution designed for digital forensics and penetration testing -* [ArchStrike](https://archstrike.org/) - An Arch Linux repository for security professionals and enthusiasts -* [BlackArch](https://www.blackarch.org/) - Arch Linux-based distribution for penetration testers and security researchers -* [NST](http://networksecuritytoolkit.org/) - Network Security Toolkit distribution -* [Pentoo](http://www.pentoo.ch/) - Security-focused livecd based on Gentoo -* [BackBox](https://backbox.org/) - Ubuntu-based distribution for penetration tests and security assessments -* [Parrot](https://www.parrotsec.org/) - A distribution similar to Kali, with multiple architecture -* [Buscador](https://inteltechniques.com/buscador/) - A Linux Virtual Machine that is pre-configured for online investigators +## Tools +### Penetration Testing Distributions +* [Kali](https://www.kali.org/) - Linux distribution designed for digital forensics and penetration testing. +* [ArchStrike](https://archstrike.org/) - Arch Linux repository for security professionals and enthusiasts. +* [BlackArch](https://www.blackarch.org/) - Arch Linux-based distribution for penetration testers and security researchers. +* [NST](http://networksecuritytoolkit.org/) - Network Security Toolkit distribution. +* [Pentoo](http://www.pentoo.ch/) - Security-focused livecd based on Gentoo. +* [BackBox](https://backbox.org/) - Ubuntu-based distribution for penetration tests and security assessments. +* [Parrot](https://www.parrotsec.org/) - Distribution similar to Kali, with multiple architecture. +* [Buscador](https://inteltechniques.com/buscador/) - Linux Virtual Machine that is pre-configured for online investigators. * [Fedora Security Lab](https://labs.fedoraproject.org/en/security/) - Provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies. * [The Pentesters Framework](https://github.com/trustedsec/ptf) - PTF attempts to install all of your penetration testing tools (latest and greatest), compile them, build them, and make it so that you can install/update your distribution on any machine. Everything is organized in a fashion that is cohesive to the Penetration Testing Execution Standard (PTES) and eliminates a lot of things that are hardly used. -#### Basic Penetration Testing Tools -* [Metasploit Framework](https://www.metasploit.com/) - World's most used penetration testing software -* [ExploitPack](https://github.com/juansacco/exploitpack) - Graphical tool for penetration testing with a bunch of exploits -* [BeeF](https://github.com/beefproject/beef) - The Browser Exploitation Framework Project -* [faraday](https://github.com/infobyte/faraday) - Collaborative Penetration Test and Vulnerability Management Platform -* [evilgrade](https://github.com/infobyte/evilgrade) - The update explotation framework -* [commix](https://github.com/stasinopoulos/commix) - Automated All-in-One OS Command Injection and Exploitation Tool -* [routersploit](https://github.com/reverse-shell/routersploit) - Automated penetration testing software for router -* [redsnarf](https://github.com/nccgroup/redsnarf) - Post-exploitation tool for grabbing credentials -* [Bella](https://github.com/Trietptm-on-Security/Bella) - Bella is a pure Python post-exploitation data mining & remote administration tool for Mac OS. +### Basic Penetration Testing Tools +* [Metasploit Framework](https://www.metasploit.com/) - World's most used penetration testing software. +* [ExploitPack](https://github.com/juansacco/exploitpack) - Graphical tool for penetration testing with a bunch of exploits. +* [BeeF](https://github.com/beefproject/beef) - The Browser Exploitation Framework Project. +* [faraday](https://github.com/infobyte/faraday) - Collaborative Penetration Test and Vulnerability Management Platform. +* [evilgrade](https://github.com/infobyte/evilgrade) - The update explotation framework. +* [commix](https://github.com/stasinopoulos/commix) - Automated All-in-One OS Command Injection and Exploitation Tool. +* [routersploit](https://github.com/reverse-shell/routersploit) - Automated penetration testing software for router. +* [redsnarf](https://github.com/nccgroup/redsnarf) - Post-exploitation tool for grabbing credentials. +* [Bella](https://github.com/Trietptm-on-Security/Bella) - Pure Python post-exploitation data mining & remote administration tool for Mac OS. * [OWASP OWTF](https://www.owasp.org/index.php/OWASP_OWTF) - Offensive Web Testing Framework (OWTF), is an OWASP+PTES focused try to unite great tools and make pen testing more efficient. -#### Docker for Penetration Testing +### Docker for Penetration Testing * `docker pull kalilinux/kali-linux-docker` [official Kali Linux](https://hub.docker.com/r/kalilinux/kali-linux-docker/) * `docker pull owasp/zap2docker-stable` - [official OWASP ZAP](https://github.com/zaproxy/zaproxy) * `docker pull wpscanteam/wpscan` - [official WPScan](https://hub.docker.com/r/wpscanteam/wpscan/) @@ -134,193 +137,193 @@ A collection of awesome penetration testing resources * `docker pull kalilinux/kali-linux-docker` - [Kali Linux Docker Image](https://www.kali.org/news/official-kali-linux-docker-images/) * `docker pull remnux/metasploit` - [docker-metasploit](https://hub.docker.com/r/remnux/metasploit/) -#### Vulnerability Scanners -* [Nexpose](https://www.rapid7.com/products/nexpose/) - Vulnerability Management & Risk Management Software -* [Nessus](http://www.tenable.com/products/nessus-vulnerability-scanner) - Vulnerability, configuration, and compliance assessment -* [Nikto](https://cirt.net/nikto2) - Web application vulnerability scanner -* [OpenVAS](http://www.openvas.org/) - Open Source vulnerability scanner and manager -* [Secapps](https://secapps.com/) - Integrated web application security testing environment -* [w3af](https://github.com/andresriancho/w3af) - Web application attack and audit framework -* [Wapiti](http://wapiti.sourceforge.net/) - Web application vulnerability scanner -* [WebReaver](http://www.webreaver.com/) - Web application vulnerability scanner for Mac OS X +### Vulnerability Scanners +* [Nexpose](https://www.rapid7.com/products/nexpose/) - Vulnerability management & risk management software. +* [Nessus](http://www.tenable.com/products/nessus-vulnerability-scanner) - Vulnerability, configuration, and compliance assessment. +* [Nikto](https://cirt.net/nikto2) - Web application vulnerability scanner. +* [OpenVAS](http://www.openvas.org/) - Open Source vulnerability scanner and manager. +* [Secapps](https://secapps.com/) - Integrated web application security testing environment. +* [w3af](https://github.com/andresriancho/w3af) - Web application attack and audit framework. +* [Wapiti](http://wapiti.sourceforge.net/) - Web application vulnerability scanner. +* [WebReaver](http://www.webreaver.com/) - Web application vulnerability scanner for macOS. * [DVCS Ripper](https://github.com/kost/dvcs-ripper) - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR * [arachni](https://github.com/Arachni/arachni) - Web Application Security Scanner Framework * [Vuls](https://github.com/future-architect/vuls) - Vulnerability scanner for Linux/FreeBSD, agentless, written in Go -* [Brakeman](https://github.com/presidentbeef/brakeman) - A static analysis security vulnerability scanner for Ruby on Rails applications +* [Brakeman](https://github.com/presidentbeef/brakeman) - Static analysis security vulnerability scanner for Ruby on Rails applications. -#### Network Tools -* [zmap](https://zmap.io/) - Open-source network scanner that enables researchers to easily perform Internet-wide network studies -* [nmap](https://nmap.org/) - Free Security Scanner For Network Exploration & Security Audits -* [pig](https://github.com/rafael-santiago/pig) - A Linux packet crafting tool -* [scanless](https://github.com/vesche/scanless) - Utility for using websites to perform port scans on your behalf so as not to reveal your own IP -* [tcpdump/libpcap](http://www.tcpdump.org/) - A common packet analyzer that runs under the command line -* [Wireshark](https://www.wireshark.org/) - A network protocol analyzer for Unix and Windows -* [Network Tools](http://network-tools.com/) - Different network tools: ping, lookup, whois, etc -* [netsniff-ng](https://github.com/netsniff-ng/netsniff-ng) - A Swiss army knife for for network sniffing -* [Intercepter-NG](http://sniff.su/) - a multifunctional network toolkit -* [SPARTA](http://sparta.secforce.com/) - Network Infrastructure Penetration Testing Tool -* [dnschef](https://github.com/iphelix/dnschef) - A highly configurable DNS proxy for pentesters -* [DNSDumpster](https://dnsdumpster.com/) - Online DNS recon and search service +### Network Tools +* [zmap](https://zmap.io/) - Open source network scanner that enables researchers to easily perform Internet-wide network studies. +* [nmap](https://nmap.org/) - Free security scanner for network exploration & security audits. +* [pig](https://github.com/rafael-santiago/pig) - Linux packet crafting tool. +* [scanless](https://github.com/vesche/scanless) - Utility for using websites to perform port scans on your behalf so as not to reveal your own IP. +* [tcpdump/libpcap](http://www.tcpdump.org/) - Common packet analyzer that runs under the command line. +* [Wireshark](https://www.wireshark.org/) - Network protocol analyzer for Linux, macOS, and Windows. +* [Network Tools](http://network-tools.com/) - Different network tools: ping, lookup, whois, etc. +* [netsniff-ng](https://github.com/netsniff-ng/netsniff-ng) - Swiss army knife for network sniffing. +* [Intercepter-NG](http://sniff.su/) - Multifunctional network toolkit. +* [SPARTA](http://sparta.secforce.com/) - Network infrastructure Penetration testing tool. +* [dnschef](https://github.com/iphelix/dnschef) - Highly configurable DNS proxy for pentesters. +* [DNSDumpster](https://dnsdumpster.com/) - Online DNS recon and search service. * [CloudFail](https://github.com/m0rtem/CloudFail) - Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS. -* [dnsenum](https://github.com/fwaeytens/dnsenum/) - Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results -* [dnsmap](https://github.com/makefu/dnsmap/) - Passive DNS network mapper -* [dnsrecon](https://github.com/darkoperator/dnsrecon/) - DNS Enumeration Script -* [dnstracer](http://www.mavetju.org/unix/dnstracer.php) - Determines where a given DNS server gets its information from, and follows the chain of DNS servers -* [passivedns-client](https://github.com/chrislee35/passivedns-client) - Provides a library and a query tool for querying several passive DNS providers -* [passivedns](https://github.com/gamelinux/passivedns) - A network sniffer that logs all DNS server replies for use in a passive DNS setup +* [dnsenum](https://github.com/fwaeytens/dnsenum/) - Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results. +* [dnsmap](https://github.com/makefu/dnsmap/) - Passive DNS network mapper. +* [dnsrecon](https://github.com/darkoperator/dnsrecon/) - DNS enumeration script. +* [dnstracer](http://www.mavetju.org/unix/dnstracer.php) - Determines where a given DNS server gets its information from, and follows the chain of DNS servers. +* [passivedns-client](https://github.com/chrislee35/passivedns-client) - Library and query tool for querying several passive DNS providers. +* [passivedns](https://github.com/gamelinux/passivedns) - Network sniffer that logs all DNS server replies for use in a passive DNS setup. * [Mass Scan](https://github.com/robertdavidgraham/masscan) - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. -* [Zarp](https://github.com/hatRiot/zarp) - Zarp is a network attack tool centered around the exploitation of local networks -* [mitmproxy](https://github.com/mitmproxy/mitmproxy) - An interactive SSL-capable intercepting HTTP proxy for penetration testers and software developers -* [Morpheus](https://github.com/r00t-3xp10it/morpheus) - automated ettercap TCP/IP Hijacking tool -* [mallory](https://github.com/justmao945/mallory) - HTTP/HTTPS proxy over SSH -* [SSH MITM](https://github.com/jtesta/ssh-mitm) - intercept SSH connections with a proxy; all plaintext passwords and sessions are logged to disk -* [Netzob](https://github.com/netzob/netzob) - Reverse engineering, traffic generation and fuzzing of communication protocols -* [DET](https://github.com/sensepost/DET) - DET is a proof of concept to perform Data Exfiltration using either single or multiple channel(s) at the same time -* [pwnat](https://github.com/samyk/pwnat) - punches holes in firewalls and NATs -* [dsniff](https://www.monkey.org/~dugsong/dsniff/) - a collection of tools for network auditing and pentesting -* [tgcd](http://tgcd.sourceforge.net/) - a simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls -* [smbmap](https://github.com/ShawnDEvans/smbmap) - a handy SMB enumeration tool -* [scapy](https://github.com/secdev/scapy) - a python-based interactive packet manipulation program & library -* [Dshell](https://github.com/USArmyResearchLab/Dshell) - Network forensic analysis framework -* [Debookee (MAC OS X)](http://www.iwaxx.com/debookee/) - Intercept traffic from any device on your network -* [Dripcap](https://github.com/dripcap/dripcap) - Caffeinated packet analyzer -* [PRET](https://github.com/RUB-NDS/PRET) - Printer Exploitation Toolkit offers commands useful for printer attacks and fuzzing -* [Praeda](http://h.foofus.net/?page_id=218) - Automated multi-function printer data harvester for gathering usable data during security assessments +* [Zarp](https://github.com/hatRiot/zarp) - Network attack tool centered around the exploitation of local networks. +* [mitmproxy](https://github.com/mitmproxy/mitmproxy) - Interactive SSL-capable intercepting HTTP proxy for penetration testers and software developers. +* [Morpheus](https://github.com/r00t-3xp10it/morpheus) - Automated ettercap TCP/IP Hijacking tool. +* [mallory](https://github.com/justmao945/mallory) - HTTP/HTTPS proxy over SSH. +* [SSH MITM](https://github.com/jtesta/ssh-mitm) - Intercept SSH connections with a proxy; all plaintext passwords and sessions are logged to disk. +* [Netzob](https://github.com/netzob/netzob) - Reverse engineering, traffic generation and fuzzing of communication protocols. +* [DET](https://github.com/sensepost/DET) - Proof of concept to perform data exfiltration using either single or multiple channel(s) at the same time. +* [pwnat](https://github.com/samyk/pwnat) - Punches holes in firewalls and NATs. +* [dsniff](https://www.monkey.org/~dugsong/dsniff/) - Collection of tools for network auditing and pentesting. +* [tgcd](http://tgcd.sourceforge.net/) - Simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls. +* [smbmap](https://github.com/ShawnDEvans/smbmap) - Handy SMB enumeration tool. +* [scapy](https://github.com/secdev/scapy) - Python-based interactive packet manipulation program & library. +* [Dshell](https://github.com/USArmyResearchLab/Dshell) - Network forensic analysis framework. +* [Debookee (macOS)](http://www.iwaxx.com/debookee/) - Intercept traffic from any device on your network. +* [Dripcap](https://github.com/dripcap/dripcap) - Caffeinated packet analyzer. +* [PRET](https://github.com/RUB-NDS/PRET) - Printer Exploitation Toolkit offers commands useful for printer attacks and fuzzing. +* [Praeda](http://h.foofus.net/?page_id=218) - Automated multi-function printer data harvester for gathering usable data during security assessments. -#### Wireless Network Tools -* [Aircrack-ng](http://www.aircrack-ng.org/) - a set of tools for auditing wireless network -* [Kismet](https://kismetwireless.net/) - Wireless network detector, sniffer, and IDS -* [Reaver](https://code.google.com/archive/p/reaver-wps) - Brute force attack against Wifi Protected Setup -* [Wifite](https://github.com/derv82/wifite) - Automated wireless attack tool +### Wireless Network Tools +* [Aircrack-ng](http://www.aircrack-ng.org/) - Set of tools for auditing wireless networks. +* [Kismet](https://kismetwireless.net/) - Wireless network detector, sniffer, and IDS. +* [Reaver](https://code.google.com/archive/p/reaver-wps) - Brute force attack against WiFi Protected Setup. +* [Wifite](https://github.com/derv82/wifite) - Automated wireless attack tool. -#### SSL Analysis Tools -* [SSLyze](https://github.com/nabla-c0d3/sslyze) - SSL configuration scanner -* [sslstrip](https://www.thoughtcrime.org/software/sslstrip/) - a demonstration of the HTTPS stripping attacks -* [sslstrip2](https://github.com/LeonardoNve/sslstrip2) - SSLStrip version to defeat HSTS -* [tls_prober](https://github.com/WestpointLtd/tls_prober) - fingerprint a server's SSL/TLS implementation +### SSL Analysis Tools +* [SSLyze](https://github.com/nabla-c0d3/sslyze) - SSL configuration scanner. +* [sslstrip](https://www.thoughtcrime.org/software/sslstrip/) - Demonstration of the HTTPS stripping attacks. +* [sslstrip2](https://github.com/LeonardoNve/sslstrip2) - SSLStrip version to defeat HSTS. +* [tls_prober](https://github.com/WestpointLtd/tls_prober) - Fingerprint a server's SSL/TLS implementation. -#### Web exploitation -* [OWASP Zed Attack Proxy](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project) - Penetration testing tool for web applications -* [Burp Suite](https://portswigger.net/burp/) - An integrated platform for performing security testing of web applications +### Web exploitation +* [OWASP Zed Attack Proxy](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project) - Penetration testing tool for web applications. +* [Burp Suite](https://portswigger.net/burp/) - Integrated platform for performing security testing of web applications. * [autochrome](https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/march/autochrome/) - Easy to install a test browser with all the appropriate setting needed for web application testing with native Burp support, from NCCGroup. -* [WPScan](https://wpscan.org/) - Black box WordPress vulnerability scanner -* [Wordpress Exploit Framework](https://github.com/rastating/wordpress-exploit-framework) - A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. -* [WPSploit](https://github.com/espreto/wpsploit) - WPSploit - Exploiting Wordpress With Metasploit -* [SQLmap](http://sqlmap.org/) - Automatic SQL injection and database takeover tool -* [tplmap](https://github.com/epinna/tplmap) - Automatic server-side template injection and Web server takeover tool -* [weevely3](https://github.com/epinna/weevely3) - Weaponized web shell -* [Wappalyzer](https://wappalyzer.com/) - Wappalyzer uncovers the technologies used on websites -* [cms-explorer](https://code.google.com/archive/p/cms-explorer/) - CMS Explorer is designed to reveal the the specific modules, plugins, components and themes that various CMS driven web sites are running. -* [joomscan](https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project) - Joomla CMS scanner -* [WhatWeb](https://github.com/urbanadventurer/WhatWeb) - Website Fingerprinter -* [BlindElephant](http://blindelephant.sourceforge.net/) - Web Application Fingerprinter -* [fimap](https://github.com/kurobeats/fimap) - Find, prepare, audit, exploit and even google automatically for LFI/RFI bugs -* [Kadabra](https://github.com/D35m0nd142/Kadabra) - Automatic LFI exploiter and scanner -* [Kadimus](https://github.com/P0cL4bs/Kadimus) - LFI scan and exploit tool -* [liffy](https://github.com/hvqzao/liffy) - LFI exploitation tool -* [GitTools](https://github.com/internetwache/GitTools) - Automatically find and download Web-accessible `.git` repositories -* [Commix](https://github.com/commixproject/commix) - Automated All-in-One OS command injection and exploitation tool +* [WPScan](https://wpscan.org/) - Black box WordPress vulnerability scanner. +* [Wordpress Exploit Framework](https://github.com/rastating/wordpress-exploit-framework) - Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. +* [WPSploit](https://github.com/espreto/wpsploit) - Exploit WordPress-powered websites with Metasploit. +* [SQLmap](http://sqlmap.org/) - Automatic SQL injection and database takeover tool. +* [tplmap](https://github.com/epinna/tplmap) - Automatic server-side template injection and Web server takeover tool. +* [weevely3](https://github.com/epinna/weevely3) - Weaponized web shell. +* [Wappalyzer](https://wappalyzer.com/) - Wappalyzer uncovers the technologies used on websites. +* [cms-explorer](https://code.google.com/archive/p/cms-explorer/) - Reveal the specific modules, plugins, components and themes that various CMS driven web sites are running. +* [joomscan](https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project) - Joomla CMS vulnerability scanner. +* [WhatWeb](https://github.com/urbanadventurer/WhatWeb) - Website Fingerprinter. +* [BlindElephant](http://blindelephant.sourceforge.net/) - Web Application Fingerprinter. +* [fimap](https://github.com/kurobeats/fimap) - Find, prepare, audit, exploit and even google automatically for LFI/RFI bugs. +* [Kadabra](https://github.com/D35m0nd142/Kadabra) - Automatic LFI exploiter and scanner. +* [Kadimus](https://github.com/P0cL4bs/Kadimus) - LFI scan and exploit tool. +* [liffy](https://github.com/hvqzao/liffy) - LFI exploitation tool. +* [GitTools](https://github.com/internetwache/GitTools) - Automatically find and download Web-accessible `.git` repositories. +* [Commix](https://github.com/commixproject/commix) - Automated All-in-One OS command injection and exploitation tool. -#### Hex Editors -* [HexEdit.js](https://hexed.it) - Browser-based hex editing -* [Hexinator](https://hexinator.com/) (commercial) - World's finest Hex Editor +### Hex Editors +* [HexEdit.js](https://hexed.it) - Browser-based hex editing. +* [Hexinator](https://hexinator.com/) - World's finest (proprietary, commercial) Hex Editor. * [Frhed](http://frhed.sourceforge.net/) - Binary file editor for Windows. -#### File Format Analysis Tools -* [Kaitai Struct](http://kaitai.io/) - File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby -* [Veles](https://codisec.com/veles/) - Binary data visualization and analysis tool -* [Hachoir](http://hachoir3.readthedocs.io/) - Python library to view and edit a binary stream as tree of fields and tools for metadata extraction +### File Format Analysis Tools +* [Kaitai Struct](http://kaitai.io/) - File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby. +* [Veles](https://codisec.com/veles/) - Binary data visualization and analysis tool. +* [Hachoir](http://hachoir3.readthedocs.io/) - Python library to view and edit a binary stream as tree of fields and tools for metadata extraction. -#### Hash Cracking Tools -* [John the Ripper](http://www.openwall.com/john/) - Fast password cracker -* [Hashcat](http://hashcat.net/hashcat/) - The more fast hash cracker -* [CeWL](https://digi.ninja/projects/cewl.php) - Generates custom wordlists by spidering a target's website and collecting unique words +### Hash Cracking Tools +* [John the Ripper](http://www.openwall.com/john/) - Fast password cracker. +* [Hashcat](http://hashcat.net/hashcat/) - The more fast hash cracker. +* [CeWL](https://digi.ninja/projects/cewl.php) - Generates custom wordlists by spidering a target's website and collecting unique words. -#### Windows Utils -* [Sysinternals Suite](https://technet.microsoft.com/en-us/sysinternals/bb842062) - The Sysinternals Troubleshooting Utilities -* [Windows Credentials Editor](http://www.ampliasecurity.com/research/windows-credentials-editor/) - security tool to list logon sessions and add, change, list and delete associated credentials -* [mimikatz](http://blog.gentilkiwi.com/mimikatz) - Credentials extraction tool for Windows OS -* [PowerSploit](https://github.com/PowerShellMafia/PowerSploit) - A PowerShell Post-Exploitation Framework -* [Windows Exploit Suggester](https://github.com/GDSSecurity/Windows-Exploit-Suggester) - Detects potential missing patches on the target -* [Responder](https://github.com/SpiderLabs/Responder) - A LLMNR, NBT-NS and MDNS poisoner -* [Bloodhound](https://github.com/adaptivethreat/Bloodhound/wiki) - A graphical Active Directory trust relationship explorer -* [Empire](https://www.powershellempire.com/) - A pure PowerShell post-exploitation agent -* [Fibratus](https://github.com/rabbitstack/fibratus) - Tool for exploration and tracing of the Windows kernel -* [wePWNise](https://labs.mwrinfosecurity.com/tools/wepwnise/) - Generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software +### Windows Utils +* [Sysinternals Suite](https://technet.microsoft.com/en-us/sysinternals/bb842062) - The Sysinternals Troubleshooting Utilities. +* [Windows Credentials Editor](http://www.ampliasecurity.com/research/windows-credentials-editor/) - Security tool to list logon sessions and add, change, list and delete associated credentials. +* [mimikatz](http://blog.gentilkiwi.com/mimikatz) - Credentials extraction tool for Windows OS. +* [PowerSploit](https://github.com/PowerShellMafia/PowerSploit) - PowerShell Post-Exploitation Framework. +* [Windows Exploit Suggester](https://github.com/GDSSecurity/Windows-Exploit-Suggester) - Detects potential missing patches on the target. +* [Responder](https://github.com/SpiderLabs/Responder) - LLMNR, NBT-NS and MDNS poisoner. +* [Bloodhound](https://github.com/adaptivethreat/Bloodhound/wiki) - Graphical Active Directory trust relationship explorer. +* [Empire](https://www.powershellempire.com/) - Pure PowerShell post-exploitation agent. +* [Fibratus](https://github.com/rabbitstack/fibratus) - Tool for exploration and tracing of the Windows kernel. +* [wePWNise](https://labs.mwrinfosecurity.com/tools/wepwnise/) - Generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software. -#### Linux Utils +### Linux Utils * [Linux Exploit Suggester](https://github.com/PenturaLabs/Linux_Exploit_Suggester) - Linux Exploit Suggester; based on operating system release number. -#### DDoS Tools -* [LOIC](https://github.com/NewEraCracker/LOIC/) - An open source network stress tool for Windows -* [JS LOIC](http://metacortexsecurity.com/tools/anon/LOIC/LOICv1.html) - JavaScript in-browser version of LOIC -* [SlowLoris](https://github.com/gkbrk/slowloris) - DoS tool that uses low bandwidth on the attacking side -* [HOIC](https://sourceforge.net/projects/high-orbit-ion-cannon/) - Updated version of Low Orbit Ion Cannon, has 'boosters' to get around common counter measures -* [T50](https://sourceforge.net/projects/t50/) - The more fast network stress tool +### DDoS Tools +* [LOIC](https://github.com/NewEraCracker/LOIC/) - Open source network stress tool for Windows. +* [JS LOIC](http://metacortexsecurity.com/tools/anon/LOIC/LOICv1.html) - JavaScript in-browser version of LOIC. +* [SlowLoris](https://github.com/gkbrk/slowloris) - DoS tool that uses low bandwidth on the attacking side. +* [HOIC](https://sourceforge.net/projects/high-orbit-ion-cannon/) - Updated version of Low Orbit Ion Cannon, has 'boosters' to get around common counter measures. +* [T50](https://sourceforge.net/projects/t50/) - The more fast network stress tool. * [UFONet](https://github.com/epsylon/ufonet) - UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using; GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc. -#### Social Engineering Tools -* [SET](https://github.com/trustedsec/social-engineer-toolkit) - The Social-Engineer Toolkit from TrustedSec -* [King Phisher](https://github.com/securestate/king-phisher) - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content -* [Evilginx](https://github.com/kgretzky/evilginx) - MITM attack framework used for phishing credentials and session cookies from any Web service -* [wifiphisher](https://github.com/sophron/wifiphisher) - Automated phishing attacks against Wi-Fi networks -* [Catphish](https://github.com/ring0lab/catphish) - A tool for phishing and corporate espionage written in Ruby. +### Social Engineering Tools +* [SET](https://github.com/trustedsec/social-engineer-toolkit) - The Social-Engineer Toolkit from TrustedSec. +* [King Phisher](https://github.com/securestate/king-phisher) - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content. +* [Evilginx](https://github.com/kgretzky/evilginx) - MITM attack framework used for phishing credentials and session cookies from any Web service. +* [wifiphisher](https://github.com/sophron/wifiphisher) - Automated phishing attacks against Wi-Fi networks. +* [Catphish](https://github.com/ring0lab/catphish) - Tool for phishing and corporate espionage written in Ruby. -#### OSInt Tools +### OSInt Tools * [Maltego](http://www.paterva.com/web7/) - Proprietary software for open source intelligence and forensics, from Paterva. -* [theHarvester](https://github.com/laramies/theHarvester) - E-mail, subdomain and people names harvester -* [creepy](https://github.com/ilektrojohn/creepy) - A geolocation OSINT tool -* [metagoofil](https://github.com/laramies/metagoofil) - Metadata harvester -* [Google Hacking Database](https://www.exploit-db.com/google-hacking-database/) - a database of Google dorks; can be used for recon -* [Google-dorks](https://github.com/JohnTroony/Google-dorks) - Common google dorks and others you prolly don't know -* [GooDork](https://github.com/k3170makan/GooDork) - Command line go0gle dorking tool -* [dork-cli](https://github.com/jgor/dork-cli) - Command-line Google dork tool. -* [Censys](https://www.censys.io/) - Collects data on hosts and websites through daily ZMap and ZGrab scans -* [Shodan](https://www.shodan.io/) - Shodan is the world's first search engine for Internet-connected devices -* [recon-ng](https://bitbucket.org/LaNMaSteR53/recon-ng) - A full-featured Web Reconnaissance framework written in Python -* [github-dorks](https://github.com/techgaun/github-dorks) - CLI tool to scan github repos/organizations for potential sensitive information leak -* [vcsmap](https://github.com/melvinsh/vcsmap) - A plugin-based tool to scan public version control systems for sensitive information -* [Spiderfoot](http://www.spiderfoot.net/) - multi-source OSINT automation tool with a Web UI and report visualizations -* [BinGoo](https://github.com/Hood3dRob1n/BinGoo) - A Linux bash based Bing and Google Dorking Tool -* [fast-recon](https://github.com/DanMcInerney/fast-recon) - Does some google dorks against a domain -* [snitch](https://github.com/Smaash/snitch) - information gathering via dorks -* [Sn1per](https://github.com/1N3/Sn1per) - Automated Pentest Recon Scanner -* [Threat Crowd](https://www.threatcrowd.org/) - A search engine for threats +* [theHarvester](https://github.com/laramies/theHarvester) - E-mail, subdomain and people names harvester. +* [creepy](https://github.com/ilektrojohn/creepy) - Geolocation OSINT tool. +* [metagoofil](https://github.com/laramies/metagoofil) - Metadata harvester. +* [Google Hacking Database](https://www.exploit-db.com/google-hacking-database/) - Database of Google dorks; can be used for recon. +* [Google-dorks](https://github.com/JohnTroony/Google-dorks) - Common Google dorks and others you prolly don't know. +* [GooDork](https://github.com/k3170makan/GooDork) - Command line Google dorking tool. +* [dork-cli](https://github.com/jgor/dork-cli) - Command line Google dork tool. +* [Censys](https://www.censys.io/) - Collects data on hosts and websites through daily ZMap and ZGrab scans. +* [Shodan](https://www.shodan.io/) - World's first search engine for Internet-connected devices. +* [recon-ng](https://bitbucket.org/LaNMaSteR53/recon-ng) - Full-featured Web Reconnaissance framework written in Python. +* [github-dorks](https://github.com/techgaun/github-dorks) - CLI tool to scan github repos/organizations for potential sensitive information leak. +* [vcsmap](https://github.com/melvinsh/vcsmap) - Plugin-based tool to scan public version control systems for sensitive information. +* [Spiderfoot](http://www.spiderfoot.net/) - Multi-source OSINT automation tool with a Web UI and report visualizations +* [BinGoo](https://github.com/Hood3dRob1n/BinGoo) - Linux bash based Bing and Google Dorking Tool. +* [fast-recon](https://github.com/DanMcInerney/fast-recon) - Perform Google dorks against a domain. +* [snitch](https://github.com/Smaash/snitch) - Information gathering via dorks. +* [Sn1per](https://github.com/1N3/Sn1per) - Automated Pentest Recon Scanner. +* [Threat Crowd](https://www.threatcrowd.org/) - Search engine for threats. * [Virus Total](https://www.virustotal.com/) - VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware. * [DataSploit](https://github.com/upgoingstar/datasploit) - OSINT visualizer utilizing Shodan, Censys, Clearbit, EmailHunter, FullContact, and Zoomeye behind the scenes. -#### Anonymity Tools +### Anonymity Tools * [Tor](https://www.torproject.org/) - The free software for enabling onion routing online anonymity * [I2P](https://geti2p.net/en/) - The Invisible Internet Project * [Nipe](https://github.com/GouveaHeitor/nipe) - Script to redirect all traffic from the machine to the Tor network. -#### Reverse Engineering Tools -* [IDA Pro](https://www.hex-rays.com/products/ida/) - A Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger -* [IDA Free](https://www.hex-rays.com/products/ida/support/download_freeware.shtml) - The freeware version of IDA v5.0 -* [WDK/WinDbg](https://msdn.microsoft.com/en-us/windows/hardware/hh852365.aspx) - Windows Driver Kit and WinDbg -* [OllyDbg](http://www.ollydbg.de/) - An x86 debugger that emphasizes binary code analysis -* [Radare2](http://rada.re/r/index.html) - Opensource, crossplatform reverse engineering framework -* [x64dbg](http://x64dbg.com/) - An open-source x64/x32 debugger for windows -* [Immunity Debugger](http://debugger.immunityinc.com/) - A powerful new way to write exploits and analyze malware -* [Evan's Debugger](http://www.codef00.com/projects#debugger) - OllyDbg-like debugger for Linux -* [Medusa disassembler](https://github.com/wisk/medusa) - An open source interactive disassembler -* [plasma](https://github.com/joelpx/plasma) - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code -* [peda](https://github.com/longld/peda) - Python Exploit Development Assistance for GDB -* [dnSpy](https://github.com/0xd4d/dnSpy) - dnSpy is a tool to reverse engineer .NET assemblies +### Reverse Engineering Tools +* [IDA Pro](https://www.hex-rays.com/products/ida/) - Windows, Linux or macOS hosted multi-processor disassembler and debugger. +* [IDA Free](https://www.hex-rays.com/products/ida/support/download_freeware.shtml) - The freeware version of IDA v5.0. +* [WDK/WinDbg](https://msdn.microsoft.com/en-us/windows/hardware/hh852365.aspx) - Windows Driver Kit and WinDbg. +* [OllyDbg](http://www.ollydbg.de/) - x86 debugger that emphasizes binary code analysis. +* [Radare2](http://rada.re/r/index.html) - Open source, crossplatform reverse engineering framework. +* [x64dbg](http://x64dbg.com/) - Open source x64/x32 debugger for windows. +* [Immunity Debugger](http://debugger.immunityinc.com/) - Powerful way to write exploits and analyze malware. +* [Evan's Debugger](http://www.codef00.com/projects#debugger) - OllyDbg-like debugger for Linux. +* [Medusa disassembler](https://github.com/wisk/medusa) - Open source interactive disassembler. +* [plasma](https://github.com/joelpx/plasma) - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code. +* [peda](https://github.com/longld/peda) - Python Exploit Development Assistance for GDB. +* [dnSpy](https://github.com/0xd4d/dnSpy) - Tool to reverse engineer .NET assemblies. -#### Physical Access Tools -* [LAN Turtle](https://lanturtle.com/) - a covert "USB Ethernet Adapter" that provides remote access, network intelligence gathering, and MITM capabilities when installed in a local network. -* [USB Rubber Ducky](http://usbrubberducky.com/) - customizable keystroke injection attack platform masquerading as a USB thumbdrive -* [Poisontap](https://samy.pl/poisontap/) - siphons cookies, exposes internal (LAN-side) router and installs web backdoor on locked computers +### Physical Access Tools +* [LAN Turtle](https://lanturtle.com/) - Covert "USB Ethernet Adapter" that provides remote access, network intelligence gathering, and MITM capabilities when installed in a local network. +* [USB Rubber Ducky](http://usbrubberducky.com/) - Customizable keystroke injection attack platform masquerading as a USB thumbdrive. +* [Poisontap](https://samy.pl/poisontap/) - Siphons cookies, exposes internal (LAN-side) router and installs web backdoor on locked computers. * [WiFi Pineapple](https://www.wifipineapple.com/) - Wireless auditing and penetration testing platform. -#### CTF Tools -* [ctf-tools](https://github.com/zardus/ctf-tools) - a collection of setup scripts to install various security research tools easily and quickly deployable to new machines. -* [Pwntools](https://github.com/Gallopsled/pwntools) - Rapid exploit development framework built for use in CTFs -* [RsaCtfTool](https://github.com/sourcekris/RsaCtfTool) - Decrypt data enciphered using weak RSA keys, and recover private keys from public keys using a variety of automated attacks +### CTF Tools +* [ctf-tools](https://github.com/zardus/ctf-tools) - Collection of setup scripts to install various security research tools easily and quickly deployable to new machines. +* [Pwntools](https://github.com/Gallopsled/pwntools) - Rapid exploit development framework built for use in CTFs. +* [RsaCtfTool](https://github.com/sourcekris/RsaCtfTool) - Decrypt data enciphered using weak RSA keys, and recover private keys from public keys using a variety of automated attacks. -### Books -#### Penetration Testing Books +## Books +### Penetration Testing Books * [The Art of Exploitation by Jon Erickson, 2008](https://www.nostarch.com/hacking2.htm) * [Metasploit: The Penetration Tester's Guide by David Kennedy et al., 2011](https://www.nostarch.com/metasploit) * [Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman, 2014](https://www.nostarch.com/pentesting) @@ -337,7 +340,7 @@ A collection of awesome penetration testing resources * [Advanced Persistent Threat Hacking: The Art and Science of Hacking Any Organization by Tyler Wrightson, 2014](http://www.amazon.com/Advanced-Persistent-Threat-Hacking-Organization/dp/0071828362) * [Bug Hunter's Diary by Tobias Klein, 2011](https://www.nostarch.com/bughunter) -#### Hackers Handbook Series +### Hackers Handbook Series * [The Database Hacker's Handbook, David Litchfield et al., 2005](http://www.wiley.com/WileyCDA/WileyTitle/productCd-0764578014.html) * [The Shellcoders Handbook by Chris Anley et al., 2007](http://www.wiley.com/WileyCDA/WileyTitle/productCd-047008023X.html) * [The Mac Hacker's Handbook by Charlie Miller & Dino Dai Zovi, 2009](http://www.wiley.com/WileyCDA/WileyTitle/productCd-0470395362.html) @@ -348,33 +351,33 @@ A collection of awesome penetration testing resources * [The Mobile Application Hackers Handbook by Dominic Chell et al., 2015](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118958500.html) * [Car Hacker's Handbook by Craig Smith, 2016](https://www.nostarch.com/carhacking) -#### Defensive Development +### Defensive Development * [Holistic Info-Sec for Web Developers (Fascicle 0)](https://leanpub.com/holistic-infosec-for-web-developers) * [Holistic Info-Sec for Web Developers (Fascicle 1)](https://leanpub.com/holistic-infosec-for-web-developers-fascicle1-vps-network-cloud-webapplications) -#### Network Analysis Books +### Network Analysis Books * [Nmap Network Scanning by Gordon Fyodor Lyon, 2009](https://nmap.org/book/) * [Practical Packet Analysis by Chris Sanders, 2011](https://www.nostarch.com/packet2.htm) * [Wireshark Network Analysis by by Laura Chappell & Gerald Combs, 2012](https://www.amazon.com/Wireshark-Network-Analysis-Second-Certified/dp/1893939944) * [Network Forensics: Tracking Hackers through Cyberspace by Sherri Davidoff & Jonathan Ham, 2012](http://www.amazon.com/Network-Forensics-Tracking-Hackers-Cyberspace-ebook/dp/B008CG8CYU/) -#### Reverse Engineering Books +### Reverse Engineering Books * [Reverse Engineering for Beginners by Dennis Yurichev](http://beginners.re/) * [Hacking the Xbox by Andrew Huang, 2003](https://www.nostarch.com/xbox.htm) * [The IDA Pro Book by Chris Eagle, 2011](https://www.nostarch.com/idapro2.htm) * [Practical Reverse Engineering by Bruce Dang et al., 2014](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118787315.html) * [Gray Hat Hacking The Ethical Hacker's Handbook by Daniel Regalado et al., 2015](http://www.amazon.com/Hacking-Ethical-Hackers-Handbook-Edition/dp/0071832386) -#### Malware Analysis Books +### Malware Analysis Books * [Practical Malware Analysis by Michael Sikorski & Andrew Honig, 2012](https://www.nostarch.com/malware) * [The Art of Memory Forensics by Michael Hale Ligh et al., 2014](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118825098.html) * [Malware Analyst's Cookbook and DVD by Michael Hale Ligh et al., 2010](http://www.wiley.com/WileyCDA/WileyTitle/productCd-0470613033.html) -#### Windows Books +### Windows Books * [Windows Internals by Mark Russinovich et al., 2012](http://www.amazon.com/Windows-Internals-Part-Developer-Reference/dp/0735648735/) -#### Social Engineering Books +### Social Engineering Books * [The Art of Deception by Kevin D. Mitnick & William L. Simon, 2002](http://www.wiley.com/WileyCDA/WileyTitle/productCd-0471237124.html) * [The Art of Intrusion by Kevin D. Mitnick & William L. Simon, 2005](http://www.wiley.com/WileyCDA/WileyTitle/productCd-0764569597.html) * [Ghost in the Wires by Kevin D. Mitnick & William L. Simon, 2011](http://www.hachettebookgroup.com/titles/kevin-mitnick/ghost-in-the-wires/9780316134477/) @@ -383,118 +386,109 @@ A collection of awesome penetration testing resources * [Unmasking the Social Engineer: The Human Element of Security by Christopher Hadnagy, 2014](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118608577.html) * [Social Engineering in IT Security: Tools, Tactics, and Techniques by Sharon Conheady, 2014](https://www.mhprofessional.com/product.php?isbn=0071818464) -#### Lock Picking Books +### Lock Picking Books * [Practical Lock Picking by Deviant Ollam, 2012](https://www.elsevier.com/books/practical-lock-picking/ollam/978-1-59749-989-7) * [Keys to the Kingdom by Deviant Ollam, 2012](https://www.elsevier.com/books/keys-to-the-kingdom/ollam/978-1-59749-983-5) * [CIA Lock Picking Field Operative Training Manual](https://www.scribd.com/doc/7207/CIA-Lock-Picking-Field-Operative-Training-Manual) * [Lock Picking: Detail Overkill by Solomon](https://www.dropbox.com/s/y39ix9u9qpqffct/Lockpicking%20Detail%20Overkill.pdf?dl=0) * [Eddie the Wire books](https://www.dropbox.com/sh/k3z4dm4vyyojp3o/AAAIXQuwMmNuCch_StLPUYm-a?dl=0) -#### Defcon Suggested Reading +### Defcon Suggested Reading * [Defcon Suggested Reading](https://www.defcon.org/html/links/book-list.html) -### Vulnerability Databases -* [NVD](https://nvd.nist.gov/) - US National Vulnerability Database -* [CERT](https://www.us-cert.gov/) - US Computer Emergency Readiness Team -* [OSVDB](https://blog.osvdb.org/) - Open Sourced Vulnerability Database -* [Bugtraq](http://www.securityfocus.com/) - Symantec SecurityFocus -* [Exploit-DB](https://www.exploit-db.com/) - Offensive Security Exploit Database -* [Fulldisclosure](http://seclists.org/fulldisclosure/) - Full Disclosure Mailing List -* [MS Bulletin](https://technet.microsoft.com/en-us/security/bulletins) - Microsoft Security Bulletin -* [MS Advisory](https://technet.microsoft.com/en-us/security/advisories) - Microsoft Security Advisories -* [Inj3ct0r](http://www.1337day.com/) - Inj3ct0r Exploit Database -* [Packet Storm](https://packetstormsecurity.com/) - Packet Storm Global Security Resource -* [SecuriTeam](http://www.securiteam.com/) - Securiteam Vulnerability Information -* [CXSecurity](http://cxsecurity.com/) - CSSecurity Bugtraq List -* [Vulnerability Laboratory](http://www.vulnerability-lab.com/) - Vulnerability Research Laboratory -* [ZDI](http://www.zerodayinitiative.com/) - Zero Day Initiative -* [Vulners](https://vulners.com) - Security database of software vulnerabilities +## Vulnerability Databases +* [NVD](https://nvd.nist.gov/) - US National Vulnerability Database. +* [CERT](https://www.us-cert.gov/) - US Computer Emergency Readiness Team. +* [OSVDB](https://blog.osvdb.org/) - Open Sourced Vulnerability Database. +* [Bugtraq](http://www.securityfocus.com/) - Symantec SecurityFocus. +* [Exploit-DB](https://www.exploit-db.com/) - Offensive Security Exploit Database. +* [Fulldisclosure](http://seclists.org/fulldisclosure/) - Full Disclosure Mailing List. +* [MS Bulletin](https://technet.microsoft.com/en-us/security/bulletins) - Microsoft Security Bulletin. +* [MS Advisory](https://technet.microsoft.com/en-us/security/advisories) - Microsoft Security Advisories. +* [Inj3ct0r](http://www.1337day.com/) - Inj3ct0r Exploit Database. +* [Packet Storm](https://packetstormsecurity.com/) - Packet Storm Global Security Resource. +* [SecuriTeam](http://www.securiteam.com/) - Securiteam Vulnerability Information. +* [CXSecurity](http://cxsecurity.com/) - CSSecurity Bugtraq List. +* [Vulnerability Laboratory](http://www.vulnerability-lab.com/) - Vulnerability Research Laboratory. +* [ZDI](http://www.zerodayinitiative.com/) - Zero Day Initiative. +* [Vulners](https://vulners.com) - Security database of software vulnerabilities. -### Security Courses -* [Offensive Security Training](https://www.offensive-security.com/information-security-training/) - Training from BackTrack/Kali developers -* [SANS Security Training](http://www.sans.org/) - Computer Security Training & Certification -* [Open Security Training](http://opensecuritytraining.info/) - Training material for computer security classes -* [CTF Field Guide](https://trailofbits.github.io/ctf/) - everything you need to win your next CTF competition +## Security Courses +* [Offensive Security Training](https://www.offensive-security.com/information-security-training/) - Training from BackTrack/Kali developers. +* [SANS Security Training](http://www.sans.org/) - Computer Security Training & Certification. +* [Open Security Training](http://opensecuritytraining.info/) - Training material for computer security classes. +* [CTF Field Guide](https://trailofbits.github.io/ctf/) - Everything you need to win your next CTF competition. * [ARIZONA CYBER WARFARE RANGE](http://azcwr.org/) - 24x7 live fire exercises for beginners through real world operations; capability for upward progression into the real world of cyber warfare. * [Cybrary](http://cybrary.it) - Free courses in ethical hacking and advanced penetration testing. Advanced penetration testing courses are based on the book 'Penetration Testing for Highly Secured Enviroments'. -* [Computer Security Student](http://computersecuritystudent.com) - Many free tutorials, great for beginners, $10/mo membership unlocks all content -* [European Union Agency for Network and Information Security](https://www.enisa.europa.eu/topics/trainings-for-cybersecurity-specialists/online-training-material) - ENISA Cyber Security Training material +* [Computer Security Student](http://computersecuritystudent.com) - Many free tutorials, great for beginners, $10/mo membership unlocks all content. +* [European Union Agency for Network and Information Security](https://www.enisa.europa.eu/topics/trainings-for-cybersecurity-specialists/online-training-material) - ENISA Cyber Security Training material. -### Information Security Conferences -* [DEF CON](https://www.defcon.org/) - An annual hacker convention in Las Vegas -* [Black Hat](http://www.blackhat.com/) - An annual security conference in Las Vegas -* [BSides](http://www.securitybsides.com/) - A framework for organising and holding security conferences -* [CCC](https://events.ccc.de/congress/) - An annual meeting of the international hacker scene in Germany -* [DerbyCon](https://www.derbycon.com/) - An annual hacker conference based in Louisville -* [PhreakNIC](http://phreaknic.info/) - A technology conference held annually in middle Tennessee -* [ShmooCon](http://shmoocon.org/) - An annual US east coast hacker convention -* [CarolinaCon](http://www.carolinacon.org/) - An infosec conference, held annually in North Carolina -* [CHCon](https://2016.chcon.nz/) - Christchurch Hacker Con, Only South Island of New Zealand hacker con -* [SummerCon](http://www.summercon.org/) - One of the oldest hacker conventions, held during Summer -* [Hack.lu](https://2016.hack.lu/) - An annual conference held in Luxembourg -* [Hackfest](https://hackfest.ca) - Largest hacking conference in Canada -* [HITB](https://conference.hitb.org/) - Deep-knowledge security conference held in Malaysia and The Netherlands -* [Troopers](https://www.troopers.de) - Annual international IT Security event with workshops held in Heidelberg, Germany -* [Hack3rCon](http://hack3rcon.org/) - An annual US hacker conference -* [ThotCon](http://thotcon.org/) - An annual US hacker conference held in Chicago -* [LayerOne](http://www.layerone.org/) - An annual US security conference held every spring in Los Angeles -* [DeepSec](https://deepsec.net/) - Security Conference in Vienna, Austria -* [SkyDogCon](http://www.skydogcon.com/) - A technology conference in Nashville -* [SECUINSIDE](http://secuinside.com) - Security Conference in [Seoul](https://en.wikipedia.org/wiki/Seoul) -* [DefCamp](http://def.camp/) - Largest Security Conference in Eastern Europe, held anually in Bucharest, Romania -* [AppSecUSA](https://2016.appsecusa.org/) - An annual conference organised by OWASP -* [BruCON](http://brucon.org) - An annual security conference in Belgium -* [Infosecurity Europe](http://www.infosecurityeurope.com/) - Europe's number one information security event, held in London, UK -* [Nullcon](http://nullcon.net/website/) - An annual conference in Delhi and Goa, India -* [RSA Conference USA](https://www.rsaconference.com/) - An annual security conference in San Francisco, California, USA -* [Swiss Cyber Storm](https://www.swisscyberstorm.com/) - An annual security conference in Lucerne, Switzerland -* [Virus Bulletin Conference](https://www.virusbulletin.com/conference/index) - An annual conference going to be held in Denver, USA for 2016 -* [Ekoparty](http://www.ekoparty.org) - Largest Security Conference in Latin America, held annually in Buenos Aires, Argentina -* [44Con](https://44con.com/) - Annual Security Conference held in London -* [BalCCon](https://www.balccon.org) - Balkan Computer Congress, annualy held in Novi Sad, Serbia -* [FSec](http://fsec.foi.hr) - FSec - Croatian Information Security Gathering in Varaždin, Croatia +## Information Security Conferences +* [DEF CON](https://www.defcon.org/) - Annual hacker convention in Las Vegas. +* [Black Hat](http://www.blackhat.com/) - Annual security conference in Las Vegas. +* [BSides](http://www.securitybsides.com/) - Framework for organising and holding security conferences. +* [CCC](https://events.ccc.de/congress/) - Annual meeting of the international hacker scene in Germany. +* [DerbyCon](https://www.derbycon.com/) - Annual hacker conference based in Louisville. +* [PhreakNIC](http://phreaknic.info/) - Technology conference held annually in middle Tennessee. +* [ShmooCon](http://shmoocon.org/) - Annual US East coast hacker convention. +* [CarolinaCon](http://www.carolinacon.org/) - Infosec conference, held annually in North Carolina. +* [CHCon](https://2016.chcon.nz/) - Christchurch Hacker Con, Only South Island of New Zealand hacker con. +* [SummerCon](http://www.summercon.org/) - One of the oldest hacker conventions, held during Summer. +* [Hack.lu](https://2016.hack.lu/) - Annual conference held in Luxembourg. +* [Hackfest](https://hackfest.ca) - Largest hacking conference in Canada. +* [HITB](https://conference.hitb.org/) - Deep-knowledge security conference held in Malaysia and The Netherlands. +* [Troopers](https://www.troopers.de) - Annual international IT Security event with workshops held in Heidelberg, Germany. +* [Hack3rCon](http://hack3rcon.org/) - Annual US hacker conference. +* [ThotCon](http://thotcon.org/) - Annual US hacker conference held in Chicago. +* [LayerOne](http://www.layerone.org/) - Annual US security conference held every spring in Los Angeles. +* [DeepSec](https://deepsec.net/) - Security Conference in Vienna, Austria. +* [SkyDogCon](http://www.skydogcon.com/) - Technology conference in Nashville. +* [SECUINSIDE](http://secuinside.com) - Security Conference in [Seoul](https://en.wikipedia.org/wiki/Seoul). +* [DefCamp](http://def.camp/) - Largest Security Conference in Eastern Europe, held anually in Bucharest, Romania. +* [AppSecUSA](https://2016.appsecusa.org/) - Annual conference organised by OWASP. +* [BruCON](http://brucon.org) - Annual security conference in Belgium. +* [Infosecurity Europe](http://www.infosecurityeurope.com/) - Europe's number one information security event, held in London, UK. +* [Nullcon](http://nullcon.net/website/) - Annual conference in Delhi and Goa, India. +* [RSA Conference USA](https://www.rsaconference.com/) - Annual security conference in San Francisco, California, USA. +* [Swiss Cyber Storm](https://www.swisscyberstorm.com/) - Annual security conference in Lucerne, Switzerland. +* [Virus Bulletin Conference](https://www.virusbulletin.com/conference/index) - Annual conference going to be held in Denver, USA for 2016. +* [Ekoparty](http://www.ekoparty.org) - Largest Security Conference in Latin America, held annually in Buenos Aires, Argentina. +* [44Con](https://44con.com/) - Annual Security Conference held in London. +* [BalCCon](https://www.balccon.org) - Balkan Computer Congress, annualy held in Novi Sad, Serbia. +* [FSec](http://fsec.foi.hr) - FSec - Croatian Information Security Gathering in Varaždin, Croatia. -### Information Security Magazines -* [2600: The Hacker Quarterly](https://www.2600.com/Magazine/DigitalEditions) - An American publication about technology and computer "underground" -* [Phrack Magazine](http://www.phrack.org/) - By far the longest running hacker zine +## Information Security Magazines +* [2600: The Hacker Quarterly](https://www.2600.com/Magazine/DigitalEditions) - American publication about technology and computer "underground." +* [Phrack Magazine](http://www.phrack.org/) - By far the longest running hacker zine. -### Awesome Lists -* [Kali Linux Tools](http://tools.kali.org/tools-listing) - List of tools present in Kali Linux -* [SecTools](http://sectools.org/) - Top 125 Network Security Tools -* [Pentest Cheat Sheets](https://github.com/coreb1t/awesome-pentest-cheat-sheets) - Awesome Pentest Cheat Sheets -* [C/C++ Programming](https://github.com/fffaraz/awesome-cpp) - One of the main language for open source security tools -* [.NET Programming](https://github.com/quozd/awesome-dotnet) - A software framework for Microsoft Windows platform development -* [Shell Scripting](https://github.com/alebcay/awesome-shell) - Command-line frameworks, toolkits, guides and gizmos -* [Ruby Programming by @dreikanter](https://github.com/dreikanter/ruby-bookmarks) - The de-facto language for writing exploits -* [Ruby Programming by @markets](https://github.com/markets/awesome-ruby) - The de-facto language for writing exploits -* [Ruby Programming by @Sdogruyol](https://github.com/Sdogruyol/awesome-ruby) - The de-facto language for writing exploits -* [JavaScript Programming](https://github.com/sorrycc/awesome-javascript) - In-browser development and scripting -* [Node.js Programming by @sindresorhus](https://github.com/sindresorhus/awesome-nodejs) - A curated list of delightful Node.js packages and resources -* [Python tools for penetration testers](https://github.com/dloss/python-pentest-tools) - Lots of pentesting tools are written in Python -* [Python Programming by @svaksha](https://github.com/svaksha/pythonidae) - General Python programming -* [Python Programming by @vinta](https://github.com/vinta/awesome-python) - General Python programming -* [Android Security](https://github.com/ashishb/android-security-awesome) - A collection of android security related resources -* [Awesome Awesomness](https://github.com/bayandin/awesome-awesomeness) - The List of the Lists -* [AppSec](https://github.com/paragonie/awesome-appsec) - Resources for learning about application security -* [CTFs](https://github.com/apsdehal/awesome-ctf) - Capture The Flag frameworks, libraries, etc -* [InfoSec § Hacking challenges](https://github.com/AnarchoTechNYC/meta/wiki/InfoSec#hacking-challenges) - Comprehensive directory of CTFs, wargames, hacking challenge websites, pentest practice lab exercises, and more -* [Hacking](https://github.com/carpedm20/awesome-hacking) - Tutorials, tools, and resources -* [Honeypots](https://github.com/paralax/awesome-honeypots) - Honeypots, tools, components, and more -* [Infosec](https://github.com/onlurking/awesome-infosec) - Information security resources for pentesting, forensics, and more -* [Forensics](https://github.com/Cugu/awesome-forensics) - Free (mostly open source) forensic analysis tools and resources -* [Malware Analysis](https://github.com/rshipp/awesome-malware-analysis) - Tools and resources for analysts -* [PCAP Tools](https://github.com/caesar0301/awesome-pcaptools) - Tools for processing network traffic -* [Security](https://github.com/sbilly/awesome-security) - Software, libraries, documents, and other resources +## Awesome Lists +* [Kali Linux Tools](http://tools.kali.org/tools-listing) - List of tools present in Kali Linux. +* [SecTools](http://sectools.org/) - Top 125 Network Security Tools. +* [Pentest Cheat Sheets](https://github.com/coreb1t/awesome-pentest-cheat-sheets) - Awesome Pentest Cheat Sheets. +* [C/C++ Programming](https://github.com/fffaraz/awesome-cpp) - One of the main language for open source security tools. +* [.NET Programming](https://github.com/quozd/awesome-dotnet) - Software framework for Microsoft Windows platform development. +* [Shell Scripting](https://github.com/alebcay/awesome-shell) - Command-line frameworks, toolkits, guides and gizmos. +* [Ruby Programming by @dreikanter](https://github.com/dreikanter/ruby-bookmarks) - The de-facto language for writing exploits. +* [Ruby Programming by @markets](https://github.com/markets/awesome-ruby) - The de-facto language for writing exploits. +* [Ruby Programming by @Sdogruyol](https://github.com/Sdogruyol/awesome-ruby) - The de-facto language for writing exploits. +* [JavaScript Programming](https://github.com/sorrycc/awesome-javascript) - In-browser development and scripting. +* [Node.js Programming by @sindresorhus](https://github.com/sindresorhus/awesome-nodejs) - Curated list of delightful Node.js packages and resources. +* [Python tools for penetration testers](https://github.com/dloss/python-pentest-tools) - Lots of pentesting tools are written in Python. +* [Python Programming by @svaksha](https://github.com/svaksha/pythonidae) - General Python programming. +* [Python Programming by @vinta](https://github.com/vinta/awesome-python) - General Python programming. +* [Android Security](https://github.com/ashishb/android-security-awesome) - Collection of Android security related resources. +* [Awesome Awesomness](https://github.com/bayandin/awesome-awesomeness) - The List of the Lists. +* [AppSec](https://github.com/paragonie/awesome-appsec) - Resources for learning about application security. +* [CTFs](https://github.com/apsdehal/awesome-ctf) - Capture The Flag frameworks, libraries, etc. +* [InfoSec § Hacking challenges](https://github.com/AnarchoTechNYC/meta/wiki/InfoSec#hacking-challenges) - Comprehensive directory of CTFs, wargames, hacking challenge websites, pentest practice lab exercises, and more. +* [Hacking](https://github.com/carpedm20/awesome-hacking) - Tutorials, tools, and resources. +* [Honeypots](https://github.com/paralax/awesome-honeypots) - Honeypots, tools, components, and more. +* [Infosec](https://github.com/onlurking/awesome-infosec) - Information security resources for pentesting, forensics, and more. +* [Forensics](https://github.com/Cugu/awesome-forensics) - Free (mostly open source) forensic analysis tools and resources. +* [Malware Analysis](https://github.com/rshipp/awesome-malware-analysis) - Tools and resources for analysts. +* [PCAP Tools](https://github.com/caesar0301/awesome-pcaptools) - Tools for processing network traffic. +* [Security](https://github.com/sbilly/awesome-security) - Software, libraries, documents, and other resources. * [Awesome Lockpicking](https://github.com/meitar/awesome-lockpicking) - Awesome guides, tools, and other resources about the security and compromise of locks, safes, and keys. -* [Awesome List](https://github.com/sindresorhus/awesome) - A curated list of awesome lists -* [SecLists](https://github.com/danielmiessler/SecLists) - Collection of multiple types of lists used during security assessments -* [Security Talks](https://github.com/PaulSec/awesome-sec-talks) - A curated list of security conferences - -### Contribution -Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Please check the [Contributing Guidelines](.github/CONTRIBUTING.md) for more details. - -### License - -[![Creative Commons License](http://i.creativecommons.org/l/by/4.0/88x31.png)](https://creativecommons.org/licenses/by/4.0/) - -This work is licensed under a [Creative Commons Attribution 4.0 International License](http://creativecommons.org/licenses/by/4.0/) +* [Awesome List](https://github.com/sindresorhus/awesome) - Curated list of awesome lists. +* [SecLists](https://github.com/danielmiessler/SecLists) - Collection of multiple types of lists used during security assessments. +* [Security Talks](https://github.com/PaulSec/awesome-sec-talks) - Curated list of security conferences. From 9fb37de33afafaf813f443ce0277582a391c3b31 Mon Sep 17 00:00:00 2001 From: Samar Dhwoj Acharya Date: Wed, 5 Jul 2017 23:37:46 -0500 Subject: [PATCH 08/44] add sobelow - phoenix framework static analyzer --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index a21fcd7..46587c0 100644 --- a/README.md +++ b/README.md @@ -147,6 +147,7 @@ A collection of awesome penetration testing resources * [arachni](https://github.com/Arachni/arachni) - Web Application Security Scanner Framework * [Vuls](https://github.com/future-architect/vuls) - Vulnerability scanner for Linux/FreeBSD, agentless, written in Go * [Brakeman](https://github.com/presidentbeef/brakeman) - A static analysis security vulnerability scanner for Ruby on Rails applications +* [sobelow](https://github.com/techgaun/sobelow) - Security-focused static analysis for the Phoenix Framework #### Network Tools * [zmap](https://zmap.io/) - Open-source network scanner that enables researchers to easily perform Internet-wide network studies From 7adf2fb0df02271e5c0854b184c05693bac3068f Mon Sep 17 00:00:00 2001 From: Meitar M Date: Thu, 6 Jul 2017 00:39:03 -0400 Subject: [PATCH 09/44] Add periods for link descriptions that were missing them. --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 12d19fb..50f15be 100644 --- a/README.md +++ b/README.md @@ -146,9 +146,9 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [w3af](https://github.com/andresriancho/w3af) - Web application attack and audit framework. * [Wapiti](http://wapiti.sourceforge.net/) - Web application vulnerability scanner. * [WebReaver](http://www.webreaver.com/) - Web application vulnerability scanner for macOS. -* [DVCS Ripper](https://github.com/kost/dvcs-ripper) - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR -* [arachni](https://github.com/Arachni/arachni) - Web Application Security Scanner Framework -* [Vuls](https://github.com/future-architect/vuls) - Vulnerability scanner for Linux/FreeBSD, agentless, written in Go +* [DVCS Ripper](https://github.com/kost/dvcs-ripper) - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR. +* [arachni](https://github.com/Arachni/arachni) - Web Application Security Scanner Framework. +* [Vuls](https://github.com/future-architect/vuls) - Vulnerability scanner for Linux/FreeBSD, agentless, written in Go. * [Brakeman](https://github.com/presidentbeef/brakeman) - Static analysis security vulnerability scanner for Ruby on Rails applications. ### Network Tools From b742364f12f14f58773a5d878b1f91336cf780be Mon Sep 17 00:00:00 2001 From: Meitar M Date: Thu, 6 Jul 2017 00:41:15 -0400 Subject: [PATCH 10/44] Remove duplicated linkback to Awesome List origin (it's a badge now). --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 50f15be..fa92eb0 100644 --- a/README.md +++ b/README.md @@ -489,6 +489,5 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [PCAP Tools](https://github.com/caesar0301/awesome-pcaptools) - Tools for processing network traffic. * [Security](https://github.com/sbilly/awesome-security) - Software, libraries, documents, and other resources. * [Awesome Lockpicking](https://github.com/meitar/awesome-lockpicking) - Awesome guides, tools, and other resources about the security and compromise of locks, safes, and keys. -* [Awesome List](https://github.com/sindresorhus/awesome) - Curated list of awesome lists. * [SecLists](https://github.com/danielmiessler/SecLists) - Collection of multiple types of lists used during security assessments. * [Security Talks](https://github.com/PaulSec/awesome-sec-talks) - Curated list of security conferences. From 8a2bfb965b7615ef4e7482c695a329044ee0e1a7 Mon Sep 17 00:00:00 2001 From: Meitar M Date: Thu, 6 Jul 2017 01:03:37 -0400 Subject: [PATCH 11/44] Make grammar consistent: "command-line" -> "command line" and so on. This commit tidies some minor issues with pull request #141, namely: * fix style guide compliance from accidental reversion during merge. * add a period to the last sentence of the introduction paragraph. * make the table of contents's content match the headings in the doc. * consistently spell open source without a dashed word ("open-source"). --- README.md | 30 ++++++++++++++---------------- 1 file changed, 14 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index c617371..ef4a534 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ [Penetration testing](https://en.wikipedia.org/wiki/Penetration_test) is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities. -Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Please check the [Contributing Guidelines](CONTRIBUTING.md) for more details. This work is licensed under a [Creative Commons Attribution 4.0 International License](http://creativecommons.org/licenses/by/4.0/) +Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Please check the [Contributing Guidelines](CONTRIBUTING.md) for more details. This work is licensed under a [Creative Commons Attribution 4.0 International License](http://creativecommons.org/licenses/by/4.0/). ## Contents @@ -51,8 +51,6 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea - [Information Security Conferences](#information-security-conferences) - [Information Security Magazines](#information-security-magazines) - [Awesome Lists](#awesome-lists) -- [Contribution](#contribution) -- [License](#license) ## Online Resources @@ -153,18 +151,18 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [sobelow](https://github.com/techgaun/sobelow) - Security-focused static analysis for the Phoenix Framework. #### Network Tools -* [zmap](https://zmap.io/) - Open-source network scanner that enables researchers to easily perform Internet-wide network studies -* [nmap](https://nmap.org/) - Free Security Scanner For Network Exploration & Security Audits -* [pig](https://github.com/rafael-santiago/pig) - A Linux packet crafting tool -* [scanless](https://github.com/vesche/scanless) - Utility for using websites to perform port scans on your behalf so as not to reveal your own IP -* [tcpdump/libpcap](http://www.tcpdump.org/) - A common packet analyzer that runs under the command line -* [Wireshark](https://www.wireshark.org/) - A network protocol analyzer for Unix and Windows -* [Network Tools](http://network-tools.com/) - Different network tools: ping, lookup, whois, etc -* [netsniff-ng](https://github.com/netsniff-ng/netsniff-ng) - A Swiss army knife for for network sniffing -* [Intercepter-NG](http://sniff.su/) - a multifunctional network toolkit -* [SPARTA](http://sparta.secforce.com/) - Network Infrastructure Penetration Testing Tool -* [dnschef](https://github.com/iphelix/dnschef) - A highly configurable DNS proxy for pentesters -* [DNSDumpster](https://dnsdumpster.com/) - Online DNS recon and search service +* [zmap](https://zmap.io/) - Open source network scanner that enables researchers to easily perform Internet-wide network studies. +* [nmap](https://nmap.org/) - Free security scanner for network exploration & security audits. +* [pig](https://github.com/rafael-santiago/pig) - Linux packet crafting tool. +* [scanless](https://github.com/vesche/scanless) - Utility for using websites to perform port scans on your behalf so as not to reveal your own IP. +* [tcpdump/libpcap](http://www.tcpdump.org/) - Common packet analyzer that runs under the command line. +* [Wireshark](https://www.wireshark.org/) - Network protocol analyzer for Unix and Windows. +* [Network Tools](http://network-tools.com/) - Different network tools: ping, lookup, whois, etc. +* [netsniff-ng](https://github.com/netsniff-ng/netsniff-ng) - A Swiss army knife for for network sniffing. +* [Intercepter-NG](http://sniff.su/) - Multifunctional network toolkit. +* [SPARTA](http://sparta.secforce.com/) - Network infrastructure penetration testing tool. +* [dnschef](https://github.com/iphelix/dnschef) - Highly configurable DNS proxy for pentesters. +* [DNSDumpster](https://dnsdumpster.com/) - Online DNS recon and search service. * [CloudFail](https://github.com/m0rtem/CloudFail) - Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS. * [dnsenum](https://github.com/fwaeytens/dnsenum/) - Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results. * [dnsmap](https://github.com/makefu/dnsmap/) - Passive DNS network mapper. @@ -468,7 +466,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Pentest Cheat Sheets](https://github.com/coreb1t/awesome-pentest-cheat-sheets) - Awesome Pentest Cheat Sheets. * [C/C++ Programming](https://github.com/fffaraz/awesome-cpp) - One of the main language for open source security tools. * [.NET Programming](https://github.com/quozd/awesome-dotnet) - Software framework for Microsoft Windows platform development. -* [Shell Scripting](https://github.com/alebcay/awesome-shell) - Command-line frameworks, toolkits, guides and gizmos. +* [Shell Scripting](https://github.com/alebcay/awesome-shell) - Command line frameworks, toolkits, guides and gizmos. * [Ruby Programming by @dreikanter](https://github.com/dreikanter/ruby-bookmarks) - The de-facto language for writing exploits. * [Ruby Programming by @markets](https://github.com/markets/awesome-ruby) - The de-facto language for writing exploits. * [Ruby Programming by @Sdogruyol](https://github.com/Sdogruyol/awesome-ruby) - The de-facto language for writing exploits. From 266aad7120c665a360ea73d10d31f2ebc4abd14f Mon Sep 17 00:00:00 2001 From: Meitar M Date: Thu, 6 Jul 2017 01:53:54 -0400 Subject: [PATCH 12/44] Remove "A" at beginning of link description. (Missed from before.) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ef4a534..9468f22 100644 --- a/README.md +++ b/README.md @@ -158,7 +158,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [tcpdump/libpcap](http://www.tcpdump.org/) - Common packet analyzer that runs under the command line. * [Wireshark](https://www.wireshark.org/) - Network protocol analyzer for Unix and Windows. * [Network Tools](http://network-tools.com/) - Different network tools: ping, lookup, whois, etc. -* [netsniff-ng](https://github.com/netsniff-ng/netsniff-ng) - A Swiss army knife for for network sniffing. +* [netsniff-ng](https://github.com/netsniff-ng/netsniff-ng) - Swiss army knife for for network sniffing. * [Intercepter-NG](http://sniff.su/) - Multifunctional network toolkit. * [SPARTA](http://sparta.secforce.com/) - Network infrastructure penetration testing tool. * [dnschef](https://github.com/iphelix/dnschef) - Highly configurable DNS proxy for pentesters. From 6ac7727def9320917a3d4934b4ddcce132665bfb Mon Sep 17 00:00:00 2001 From: Meitar M Date: Fri, 7 Jul 2017 01:31:27 -0400 Subject: [PATCH 13/44] Further "Awesome List" style guide compliance passes. This commit focuses on terminological consistency, including: * Use consistent capitalization for abbreviations (OSInt -> OSINT). * Consistently expand ambiguous phrases (OS -> operating system). * Settle on standard names (Wi-Fi -> WiFi, etc.) where a mix was used. * Expand acronyms in item titles when doing so shortens the description. * Replace descriptions that merely expanded acronyms with actual text. * Remove duplicate items that have more than one URL (Commix project). * Do not Title Case description text when description is simply prose. --- README.md | 71 +++++++++++++++++++++++++++---------------------------- 1 file changed, 35 insertions(+), 36 deletions(-) diff --git a/README.md b/README.md index 9468f22..10331d4 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea - [Online Resources](#online-resources) - [Penetration Testing Resources](#penetration-testing-resources) - [Exploit development](#exploit-development) - - [Open Sources Intelligence (OSINT) Resources](#osint-resources) + - [Open Source Intelligence (OSINT) Resources](#osint-resources) - [Social Engineering Resources](#social-engineering-resources) - [Lock Picking Resources](#lock-picking-resources) - [Operating Systems](#operating-systems) @@ -27,10 +27,10 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea - [Hex Editors](#hex-editors) - [Hash Cracking Tools](#hash-cracking-tools) - [Windows Utils](#windows-utils) - - [Linux Utils](#linux-utils) + - [GNU/Linux Utils](#gnu-linux-utils) - [DDoS Tools](#ddos-tools) - [Social Engineering Tools](#social-engineering-tools) - - [OSInt Tools](#osint-tools) + - [OSINT Tools](#osint-tools) - [Anonymity Tools](#anonymity-tools) - [Reverse Engineering Tools](#reverse-engineering-tools) - [Physical Access Tools](#physical-access-tools) @@ -71,7 +71,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Voltron](https://github.com/snare/voltron) - Hacky debugger UI for hackers. ### OSINT Resources -* [OSINT Framework](http://osintframework.com/) - Collection of various OSInt tools broken out by category. +* [OSINT Framework](http://osintframework.com/) - Collection of various OSINT tools broken out by category. * [Intel Techniques](https://inteltechniques.com/menu.html) - Collection of OSINT tools. Menu on the left can be used to navigate through the categories. * [NetBootcamp OSINT Tools](http://netbootcamp.org/osinttools/) - Collection of OSINT links and custom Web interfaces to other services such as [Facebook Graph Search](http://netbootcamp.org/facebook.html) and [various paste sites](http://netbootcamp.org/pastesearch.html). @@ -86,36 +86,35 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea ### Operating Systems * [Security related Operating Systems @ Rawsec](http://rawsec.ml/en/security-related-os/) - Complete list of security related operating systems. * [Best Linux Penetration Testing Distributions @ CyberPunk](https://n0where.net/best-linux-penetration-testing-distributions/) - Description of main penetration testing distributions. -* [Security @ Distrowatch](http://distrowatch.com/search.php?category=Security) - Website dedicated to talking about, reviewing and keeping up to date with open source operating systems. +* [Security @ Distrowatch](http://distrowatch.com/search.php?category=Security) - Website dedicated to talking about, reviewing, and keeping up to date with open source operating systems. * [cuckoo](https://github.com/cuckoosandbox/cuckoo) - Open source automated malware analysis system. -* [CAINE](http://www.caine-live.net/) - Computer Aided INvestigative Environment is an Italian GNU/Linux live distribution created as a Digital Forensics project. -* [DEFT](http://www.deftlinux.net/) - Digital Evidence & Forensics Toolkit Live OS. +* [Computer Aided Investigative Environment (CAINE)](http://www.caine-live.net/) - Italian GNU/Linux live distribution created as a digital forensics project. +* [Digital Evidence & Forensics Toolkit (DEFT)](http://www.deftlinux.net/) - Live CD for forensic analysis runnable without tampering or corrupting connected devices where the boot process takes place. * [Tails](https://tails.boum.org/) - Live OS aimed at preserving privacy and anonymity. ## Tools ### Penetration Testing Distributions -* [Kali](https://www.kali.org/) - Linux distribution designed for digital forensics and penetration testing. -* [ArchStrike](https://archstrike.org/) - Arch Linux repository for security professionals and enthusiasts. -* [BlackArch](https://www.blackarch.org/) - Arch Linux-based distribution for penetration testers and security researchers. -* [NST](http://networksecuritytoolkit.org/) - Network Security Toolkit distribution. -* [Pentoo](http://www.pentoo.ch/) - Security-focused livecd based on Gentoo. +* [Kali](https://www.kali.org/) - GNU/Linux distribution designed for digital forensics and penetration testing. +* [ArchStrike](https://archstrike.org/) - Arch GNU/Linux repository for security professionals and enthusiasts. +* [BlackArch](https://www.blackarch.org/) - Arch GNU/Linux-based distribution for penetration testers and security researchers. +* [Network Security Toolkit (NST)](http://networksecuritytoolkit.org/) - Fedora-based bootable live operating system designed to provide easy access to best-of-breed open source network security applications. +* [Pentoo](http://www.pentoo.ch/) - Security-focused live CD based on Gentoo. * [BackBox](https://backbox.org/) - Ubuntu-based distribution for penetration tests and security assessments. * [Parrot](https://www.parrotsec.org/) - Distribution similar to Kali, with multiple architecture. -* [Buscador](https://inteltechniques.com/buscador/) - Linux Virtual Machine that is pre-configured for online investigators. +* [Buscador](https://inteltechniques.com/buscador/) - GNU/Linux virtual machine that is pre-configured for online investigators. * [Fedora Security Lab](https://labs.fedoraproject.org/en/security/) - Provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies. -* [The Pentesters Framework](https://github.com/trustedsec/ptf) - PTF attempts to install all of your penetration testing tools (latest and greatest), compile them, build them, and make it so that you can install/update your distribution on any machine. Everything is organized in a fashion that is cohesive to the Penetration Testing Execution Standard (PTES) and eliminates a lot of things that are hardly used. +* [The Pentesters Framework](https://github.com/trustedsec/ptf) - Distro organized around the Penetration Testing Execution Standard (PTES), providing a curated collection of utilities that eliminates often unused toolchains. ### Basic Penetration Testing Tools * [Metasploit Framework](https://www.metasploit.com/) - World's most used penetration testing software. * [ExploitPack](https://github.com/juansacco/exploitpack) - Graphical tool for penetration testing with a bunch of exploits. -* [BeeF](https://github.com/beefproject/beef) - The Browser Exploitation Framework Project. -* [faraday](https://github.com/infobyte/faraday) - Collaborative Penetration Test and Vulnerability Management Platform. +* [BeEF](https://github.com/beefproject/beef) - Command and control server for delivering exploits to commandeered Web browsers. +* [faraday](https://github.com/infobyte/faraday) - Collaborative penetration test and vulnerability management platform. * [evilgrade](https://github.com/infobyte/evilgrade) - The update explotation framework. -* [commix](https://github.com/stasinopoulos/commix) - Automated All-in-One OS Command Injection and Exploitation Tool. * [routersploit](https://github.com/reverse-shell/routersploit) - Automated penetration testing software for router. * [redsnarf](https://github.com/nccgroup/redsnarf) - Post-exploitation tool for grabbing credentials. * [Bella](https://github.com/Trietptm-on-Security/Bella) - Pure Python post-exploitation data mining & remote administration tool for Mac OS. -* [OWASP OWTF](https://www.owasp.org/index.php/OWASP_OWTF) - Offensive Web Testing Framework (OWTF), is an OWASP+PTES focused try to unite great tools and make pen testing more efficient. +* [Offensive Web Testing Framework (OWTF)](https://www.owasp.org/index.php/OWASP_OWTF) - Python-based framework for pentesting Web applications based on the OWASP Testing Guide. ### Docker for Penetration Testing * `docker pull kalilinux/kali-linux-docker` [official Kali Linux](https://hub.docker.com/r/kalilinux/kali-linux-docker/) @@ -146,14 +145,14 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [WebReaver](http://www.webreaver.com/) - Web application vulnerability scanner for macOS. * [DVCS Ripper](https://github.com/kost/dvcs-ripper) - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR. * [arachni](https://github.com/Arachni/arachni) - Web Application Security Scanner Framework. -* [Vuls](https://github.com/future-architect/vuls) - Vulnerability scanner for Linux/FreeBSD, agentless, written in Go. +* [Vuls](https://github.com/future-architect/vuls) - Agentless vulnerability scanner for GNU/Linux and FreeBSD, written in Go. * [Brakeman](https://github.com/presidentbeef/brakeman) - Static analysis security vulnerability scanner for Ruby on Rails applications. * [sobelow](https://github.com/techgaun/sobelow) - Security-focused static analysis for the Phoenix Framework. #### Network Tools * [zmap](https://zmap.io/) - Open source network scanner that enables researchers to easily perform Internet-wide network studies. * [nmap](https://nmap.org/) - Free security scanner for network exploration & security audits. -* [pig](https://github.com/rafael-santiago/pig) - Linux packet crafting tool. +* [pig](https://github.com/rafael-santiago/pig) - GNU/Linux packet crafting tool. * [scanless](https://github.com/vesche/scanless) - Utility for using websites to perform port scans on your behalf so as not to reveal your own IP. * [tcpdump/libpcap](http://www.tcpdump.org/) - Common packet analyzer that runs under the command line. * [Wireshark](https://www.wireshark.org/) - Network protocol analyzer for Unix and Windows. @@ -212,16 +211,16 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [tplmap](https://github.com/epinna/tplmap) - Automatic server-side template injection and Web server takeover tool. * [weevely3](https://github.com/epinna/weevely3) - Weaponized web shell. * [Wappalyzer](https://wappalyzer.com/) - Wappalyzer uncovers the technologies used on websites. -* [cms-explorer](https://code.google.com/archive/p/cms-explorer/) - Reveal the specific modules, plugins, components and themes that various CMS driven web sites are running. -* [joomscan](https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project) - Joomla CMS vulnerability scanner. -* [WhatWeb](https://github.com/urbanadventurer/WhatWeb) - Website Fingerprinter. -* [BlindElephant](http://blindelephant.sourceforge.net/) - Web Application Fingerprinter. -* [fimap](https://github.com/kurobeats/fimap) - Find, prepare, audit, exploit and even google automatically for LFI/RFI bugs. +* [cms-explorer](https://code.google.com/archive/p/cms-explorer/) - Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running. +* [joomscan](https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project) - Joomla vulnerability scanner. +* [WhatWeb](https://github.com/urbanadventurer/WhatWeb) - Website fingerprinter. +* [BlindElephant](http://blindelephant.sourceforge.net/) - Web application fingerprinter. +* [fimap](https://github.com/kurobeats/fimap) - Find, prepare, audit, exploit and even Google automatically for LFI/RFI bugs. * [Kadabra](https://github.com/D35m0nd142/Kadabra) - Automatic LFI exploiter and scanner. * [Kadimus](https://github.com/P0cL4bs/Kadimus) - LFI scan and exploit tool. * [liffy](https://github.com/hvqzao/liffy) - LFI exploitation tool. * [GitTools](https://github.com/internetwache/GitTools) - Automatically find and download Web-accessible `.git` repositories. -* [Commix](https://github.com/commixproject/commix) - Automated All-in-One OS command injection and exploitation tool. +* [Commix](https://github.com/commixproject/commix) - Automated all-in-one operating system command injection and exploitation tool. ### Hex Editors * [HexEdit.js](https://hexed.it) - Browser-based hex editing. @@ -241,7 +240,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea ### Windows Utils * [Sysinternals Suite](https://technet.microsoft.com/en-us/sysinternals/bb842062) - The Sysinternals Troubleshooting Utilities. * [Windows Credentials Editor](http://www.ampliasecurity.com/research/windows-credentials-editor/) - Security tool to list logon sessions and add, change, list and delete associated credentials. -* [mimikatz](http://blog.gentilkiwi.com/mimikatz) - Credentials extraction tool for Windows OS. +* [mimikatz](http://blog.gentilkiwi.com/mimikatz) - Credentials extraction tool for Windows operating system. * [PowerSploit](https://github.com/PowerShellMafia/PowerSploit) - PowerShell Post-Exploitation Framework. * [Windows Exploit Suggester](https://github.com/GDSSecurity/Windows-Exploit-Suggester) - Detects potential missing patches on the target. * [Responder](https://github.com/SpiderLabs/Responder) - LLMNR, NBT-NS and MDNS poisoner. @@ -250,25 +249,25 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Fibratus](https://github.com/rabbitstack/fibratus) - Tool for exploration and tracing of the Windows kernel. * [wePWNise](https://labs.mwrinfosecurity.com/tools/wepwnise/) - Generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software. -### Linux Utils -* [Linux Exploit Suggester](https://github.com/PenturaLabs/Linux_Exploit_Suggester) - Linux Exploit Suggester; based on operating system release number. +### GNU/Linux Utils +* [Linux Exploit Suggester](https://github.com/PenturaLabs/Linux_Exploit_Suggester) - Heuristic reporting on potentially viable exploits for a given GNU/Linux system. ### DDoS Tools * [LOIC](https://github.com/NewEraCracker/LOIC/) - Open source network stress tool for Windows. * [JS LOIC](http://metacortexsecurity.com/tools/anon/LOIC/LOICv1.html) - JavaScript in-browser version of LOIC. * [SlowLoris](https://github.com/gkbrk/slowloris) - DoS tool that uses low bandwidth on the attacking side. * [HOIC](https://sourceforge.net/projects/high-orbit-ion-cannon/) - Updated version of Low Orbit Ion Cannon, has 'boosters' to get around common counter measures. -* [T50](https://sourceforge.net/projects/t50/) - The more fast network stress tool. -* [UFONet](https://github.com/epsylon/ufonet) - UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using; GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc. +* [T50](https://sourceforge.net/projects/t50/) - Faster network stress tool. +* [UFONet](https://github.com/epsylon/ufonet) - Abuses OSI layer 7 HTTP to create/manage 'zombies' and to conduct different attacks using; `GET`/`POST`, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc. ### Social Engineering Tools -* [SET](https://github.com/trustedsec/social-engineer-toolkit) - The Social-Engineer Toolkit from TrustedSec. +* [Social Engineer Toolkit (SET)](https://github.com/trustedsec/social-engineer-toolkit) - Open source pentesting framework designed for social engineering featuring a number of custom attack vectors to make believable attacks quickly. * [King Phisher](https://github.com/securestate/king-phisher) - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content. * [Evilginx](https://github.com/kgretzky/evilginx) - MITM attack framework used for phishing credentials and session cookies from any Web service. -* [wifiphisher](https://github.com/sophron/wifiphisher) - Automated phishing attacks against Wi-Fi networks. +* [wifiphisher](https://github.com/sophron/wifiphisher) - Automated phishing attacks against WiFi networks. * [Catphish](https://github.com/ring0lab/catphish) - Tool for phishing and corporate espionage written in Ruby. -### OSInt Tools +### OSINT Tools * [Maltego](http://www.paterva.com/web7/) - Proprietary software for open source intelligence and forensics, from Paterva. * [theHarvester](https://github.com/laramies/theHarvester) - E-mail, subdomain and people names harvester. * [creepy](https://github.com/ilektrojohn/creepy) - Geolocation OSINT tool. @@ -283,7 +282,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [github-dorks](https://github.com/techgaun/github-dorks) - CLI tool to scan github repos/organizations for potential sensitive information leak. * [vcsmap](https://github.com/melvinsh/vcsmap) - Plugin-based tool to scan public version control systems for sensitive information. * [Spiderfoot](http://www.spiderfoot.net/) - Multi-source OSINT automation tool with a Web UI and report visualizations -* [BinGoo](https://github.com/Hood3dRob1n/BinGoo) - Linux bash based Bing and Google Dorking Tool. +* [BinGoo](https://github.com/Hood3dRob1n/BinGoo) - GNU/Linux bash based Bing and Google Dorking Tool. * [fast-recon](https://github.com/DanMcInerney/fast-recon) - Perform Google dorks against a domain. * [snitch](https://github.com/Smaash/snitch) - Information gathering via dorks. * [Sn1per](https://github.com/1N3/Sn1per) - Automated Pentest Recon Scanner. @@ -297,7 +296,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Nipe](https://github.com/GouveaHeitor/nipe) - Script to redirect all traffic from the machine to the Tor network. ### Reverse Engineering Tools -* [IDA Pro](https://www.hex-rays.com/products/ida/) - Windows, Linux or macOS hosted multi-processor disassembler and debugger. +* [IDA Pro](https://www.hex-rays.com/products/ida/) - Windows, GNU/Linux or macOS hosted multi-processor disassembler and debugger. * [IDA Free](https://www.hex-rays.com/products/ida/support/download_freeware.shtml) - The freeware version of IDA v5.0. * [WDK/WinDbg](https://msdn.microsoft.com/en-us/windows/hardware/hh852365.aspx) - Windows Driver Kit and WinDbg. * [OllyDbg](http://www.ollydbg.de/) - x86 debugger that emphasizes binary code analysis. From d2825614c3cfd9b7bbdf73d8e5383151c909a789 Mon Sep 17 00:00:00 2001 From: Meitar M Date: Fri, 7 Jul 2017 22:18:09 -0400 Subject: [PATCH 14/44] Reorganize Vulnerability Scanners section, add subheadings. This commit provides more detail and context for the vulnerability scanners section. It groups Web Scanners into its own subheading, and moves scanning tools from the Web Exploitation section into this section as these tools do not actually focus on *exploiting* websites. Additionally, Static Analyzers are grouped, two new static analyzers (cppcheck and FindBugs) have been added, and commercial tools are appropriately described as such. --- README.md | 36 ++++++++++++++++++++++-------------- 1 file changed, 22 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 10331d4..eefed6c 100644 --- a/README.md +++ b/README.md @@ -20,6 +20,8 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea - [Basic Penetration Testing Tools](#basic-penetration-testing-tools) - [Docker for Penetration Testing](#docker-for-penetration-testing) - [Vulnerability Scanners](#vulnerability-scanners) + - [Static Analyzers](#static-analyzers) + - [Web Scanners](#web-scanners) - [Network Tools](#network-tools) - [Wireless Network Tools](#wireless-network-tools) - [SSL Analysis Tools](#ssl-analysis-tools) @@ -135,20 +137,28 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * `docker pull remnux/metasploit` - [docker-metasploit](https://hub.docker.com/r/remnux/metasploit/) ### Vulnerability Scanners -* [Nexpose](https://www.rapid7.com/products/nexpose/) - Vulnerability management & risk management software. -* [Nessus](http://www.tenable.com/products/nessus-vulnerability-scanner) - Vulnerability, configuration, and compliance assessment. -* [Nikto](https://cirt.net/nikto2) - Web application vulnerability scanner. -* [OpenVAS](http://www.openvas.org/) - Open Source vulnerability scanner and manager. -* [Secapps](https://secapps.com/) - Integrated web application security testing environment. -* [w3af](https://github.com/andresriancho/w3af) - Web application attack and audit framework. -* [Wapiti](http://wapiti.sourceforge.net/) - Web application vulnerability scanner. -* [WebReaver](http://www.webreaver.com/) - Web application vulnerability scanner for macOS. -* [DVCS Ripper](https://github.com/kost/dvcs-ripper) - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR. -* [arachni](https://github.com/Arachni/arachni) - Web Application Security Scanner Framework. +* [Nexpose](https://www.rapid7.com/products/nexpose/) - Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7. +* [Nessus](https://www.tenable.com/products/nessus-vulnerability-scanner) - Commercial vulnerability management, configuration, and compliance assessment platform, sold by Tenable. +* [OpenVAS](http://www.openvas.org/) - Free software implementation of the popular Nessus vulnerability assessment system. * [Vuls](https://github.com/future-architect/vuls) - Agentless vulnerability scanner for GNU/Linux and FreeBSD, written in Go. + +#### Static Analyzers * [Brakeman](https://github.com/presidentbeef/brakeman) - Static analysis security vulnerability scanner for Ruby on Rails applications. +* [cppcheck](http://cppcheck.sourceforge.net/) - Extensible C/C++ static analyzer focused on finding bugs. +* [FindBugs](http://findbugs.sourceforge.net/) - Free software static analyzer to look for bugs in Java code. * [sobelow](https://github.com/techgaun/sobelow) - Security-focused static analysis for the Phoenix Framework. +#### Web Scanners +* [Nikto](https://cirt.net/nikto2) - Noisy but fast black box web server and web application vulnerability scanner. +* [Arachni](http://www.arachni-scanner.com/) - Scriptable framework for evaluating the security of web applications. +* [w3af](https://github.com/andresriancho/w3af) - Web application attack and audit framework. +* [Wapiti](http://wapiti.sourceforge.net/) - Black box web application vulnerability scanner with built-in fuzzer. +* [SecApps](https://secapps.com/) - In-browser web application security testing suite. +* [WebReaver](https://www.webreaver.com/) - Commercial, graphical web application vulnerability scanner designed for macOS. +* [WPScan](https://wpscan.org/) - Black box WordPress vulnerability scanner. +* [cms-explorer](https://code.google.com/archive/p/cms-explorer/) - Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running. +* [joomscan](https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project) - Joomla vulnerability scanner. + #### Network Tools * [zmap](https://zmap.io/) - Open source network scanner that enables researchers to easily perform Internet-wide network studies. * [nmap](https://nmap.org/) - Free security scanner for network exploration & security audits. @@ -204,23 +214,21 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [OWASP Zed Attack Proxy](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project) - Penetration testing tool for web applications. * [Burp Suite](https://portswigger.net/burp/) - Integrated platform for performing security testing of web applications. * [autochrome](https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/march/autochrome/) - Easy to install a test browser with all the appropriate setting needed for web application testing with native Burp support, from NCCGroup. -* [WPScan](https://wpscan.org/) - Black box WordPress vulnerability scanner. * [Wordpress Exploit Framework](https://github.com/rastating/wordpress-exploit-framework) - Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. * [WPSploit](https://github.com/espreto/wpsploit) - Exploit WordPress-powered websites with Metasploit. * [SQLmap](http://sqlmap.org/) - Automatic SQL injection and database takeover tool. * [tplmap](https://github.com/epinna/tplmap) - Automatic server-side template injection and Web server takeover tool. * [weevely3](https://github.com/epinna/weevely3) - Weaponized web shell. * [Wappalyzer](https://wappalyzer.com/) - Wappalyzer uncovers the technologies used on websites. -* [cms-explorer](https://code.google.com/archive/p/cms-explorer/) - Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running. -* [joomscan](https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project) - Joomla vulnerability scanner. * [WhatWeb](https://github.com/urbanadventurer/WhatWeb) - Website fingerprinter. * [BlindElephant](http://blindelephant.sourceforge.net/) - Web application fingerprinter. * [fimap](https://github.com/kurobeats/fimap) - Find, prepare, audit, exploit and even Google automatically for LFI/RFI bugs. * [Kadabra](https://github.com/D35m0nd142/Kadabra) - Automatic LFI exploiter and scanner. * [Kadimus](https://github.com/P0cL4bs/Kadimus) - LFI scan and exploit tool. * [liffy](https://github.com/hvqzao/liffy) - LFI exploitation tool. -* [GitTools](https://github.com/internetwache/GitTools) - Automatically find and download Web-accessible `.git` repositories. * [Commix](https://github.com/commixproject/commix) - Automated all-in-one operating system command injection and exploitation tool. +* [DVCS Ripper](https://github.com/kost/dvcs-ripper) - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR. +* [GitTools](https://github.com/internetwache/GitTools) - Automatically find and download Web-accessible `.git` repositories. ### Hex Editors * [HexEdit.js](https://hexed.it) - Browser-based hex editing. From b1b77f40a9f9bc051bcba073b0c772ced8144c5b Mon Sep 17 00:00:00 2001 From: Meitar M Date: Sat, 8 Jul 2017 00:24:33 -0400 Subject: [PATCH 15/44] Add Fiddler, provide more detail on OWASP ZAP. --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 10331d4..0b7d3e6 100644 --- a/README.md +++ b/README.md @@ -201,7 +201,8 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [tls_prober](https://github.com/WestpointLtd/tls_prober) - Fingerprint a server's SSL/TLS implementation. ### Web exploitation -* [OWASP Zed Attack Proxy](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project) - Penetration testing tool for web applications. +* [OWASP Zed Attack Proxy (ZAP)](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project) - Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications. +* [Fiddler](https://www.telerik.com/fiddler) - Free cross-platform web debugging proxy with user-friendly companion tools. * [Burp Suite](https://portswigger.net/burp/) - Integrated platform for performing security testing of web applications. * [autochrome](https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/march/autochrome/) - Easy to install a test browser with all the appropriate setting needed for web application testing with native Burp support, from NCCGroup. * [WPScan](https://wpscan.org/) - Black box WordPress vulnerability scanner. From 522863e27a5c32e9147ebb60186a06b9a65b8a6b Mon Sep 17 00:00:00 2001 From: Meitar M Date: Sat, 8 Jul 2017 01:06:39 -0400 Subject: [PATCH 16/44] Add wafw00f, a web application firewall fingerprinter. --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 10331d4..c4135b4 100644 --- a/README.md +++ b/README.md @@ -215,6 +215,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [joomscan](https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project) - Joomla vulnerability scanner. * [WhatWeb](https://github.com/urbanadventurer/WhatWeb) - Website fingerprinter. * [BlindElephant](http://blindelephant.sourceforge.net/) - Web application fingerprinter. +* [wafw00f](https://github.com/EnableSecurity/wafw00f) - Identifies and fingerprints Web Application Firewall (WAF) products. * [fimap](https://github.com/kurobeats/fimap) - Find, prepare, audit, exploit and even Google automatically for LFI/RFI bugs. * [Kadabra](https://github.com/D35m0nd142/Kadabra) - Automatic LFI exploiter and scanner. * [Kadimus](https://github.com/P0cL4bs/Kadimus) - LFI scan and exploit tool. From 3c811415bcc2c144f300883ce93f03bc98ca5abc Mon Sep 17 00:00:00 2001 From: Meitar M Date: Sat, 8 Jul 2017 14:52:24 -0400 Subject: [PATCH 17/44] Style guide compliance pass focused on Vulnerability Databases section. (#144) * Add CVE List to Vulnerability Databases section, since it was missing. * Style guide compliance pass focused on Vulnerability Databases section. * Whitelist the Inj3ct0r URLs. The `0day.today` website sits behind an extremely aggressive Cloudflare anti-bot checker, which causes `awesome-bot` to trigger an HTTP 503 response. This fails the build but is actually normal behavior. Similarly, the Onion service is inaccessible except over Tor and our Travis CI configuration does not (yet?) support checking Onion service links. (Although, perhaps it should be updated to do so in a future PR.) --- .travis.yml | 2 +- README.md | 30 ++++++++++++++++-------------- 2 files changed, 17 insertions(+), 15 deletions(-) diff --git a/.travis.yml b/.travis.yml index c6754c6..1f2d82b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,4 +4,4 @@ rvm: before_script: - gem install awesome_bot script: - - awesome_bot README.md --allow-redirect + - awesome_bot README.md --allow-redirect --white-list "www.0day.today,mvfjfugdwgc5uwho.onion" diff --git a/README.md b/README.md index 1b09071..a2d6a4c 100644 --- a/README.md +++ b/README.md @@ -397,21 +397,23 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Defcon Suggested Reading](https://www.defcon.org/html/links/book-list.html) ## Vulnerability Databases -* [NVD](https://nvd.nist.gov/) - US National Vulnerability Database. -* [CERT](https://www.us-cert.gov/) - US Computer Emergency Readiness Team. -* [OSVDB](https://blog.osvdb.org/) - Open Sourced Vulnerability Database. -* [Bugtraq](http://www.securityfocus.com/) - Symantec SecurityFocus. -* [Exploit-DB](https://www.exploit-db.com/) - Offensive Security Exploit Database. -* [Fulldisclosure](http://seclists.org/fulldisclosure/) - Full Disclosure Mailing List. -* [MS Bulletin](https://technet.microsoft.com/en-us/security/bulletins) - Microsoft Security Bulletin. -* [MS Advisory](https://technet.microsoft.com/en-us/security/advisories) - Microsoft Security Advisories. -* [Inj3ct0r](http://www.1337day.com/) - Inj3ct0r Exploit Database. -* [Packet Storm](https://packetstormsecurity.com/) - Packet Storm Global Security Resource. -* [SecuriTeam](http://www.securiteam.com/) - Securiteam Vulnerability Information. -* [CXSecurity](http://cxsecurity.com/) - CSSecurity Bugtraq List. -* [Vulnerability Laboratory](http://www.vulnerability-lab.com/) - Vulnerability Research Laboratory. -* [ZDI](http://www.zerodayinitiative.com/) - Zero Day Initiative. +* [Common Vulnerabilities and Exposures (CVE)](https://cve.mitre.org/) - Dictionary of common names (i.e., CVE Identifiers) for publicly known cybersecurity vulnerabilities. +* [National Vulnerability Database (NVD)](https://nvd.nist.gov/) - United States government's National Vulnerability Database provides a superset of the standard CVE List along with a fine-grained search engine. +* [US-CERT Vulnerability Notes Database](https://www.kb.cert.org/vuls/) - Summaries, technical details, remediation information, and lists of vendors affected by software vulnerabilities, aggregated by the United States Computer Emergency Response Team (US-CERT). +* [Full-Disclosure](http://seclists.org/fulldisclosure/) - Public, vendor-neutral forum for detailed discussion of vulnerabilities, often publishes details before many other sources. +* [Bugtraq (BID)](http://www.securityfocus.com/bid/) - Software security bug identification database compiled from submissions to the SecurityFocus mailing list, operated by Symantec, Inc. +* [Exploit-DB](https://www.exploit-db.com/) - Non-profit project hosting exploits for software vulnerabilities, provided as a public service by Offensive Security. +* [Microsoft Security Bulletins](https://technet.microsoft.com/en-us/security/bulletins#sec_search) - Announcements of security issues discovered in Microsoft software, published by the Microsoft Security Response Center (MSRC). +* [Microsoft Security Advisories](https://technet.microsoft.com/en-us/security/advisories#APUMA) - Archive of security advisories impacting Microsoft software. +* [Mozilla Foundation Security Advisories](https://www.mozilla.org/security/advisories/) - Archive of security advisories impacting Mozilla software, including the Firefox Web Browser. +* [Packet Storm](https://packetstormsecurity.com/files/) - Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry. +* [CXSecurity](https://cxsecurity.com/) - Archive of published CVE and Bugtraq software vulnerabilities cross-referenced with a a Google dork database for discovering the listed vulnerability. +* [SecuriTeam](http://www.securiteam.com/) - Independent source of software vulnerability information. +* [Vulnerability Lab](https://www.vulnerability-lab.com/) - Open forum for security advisories organized by category of exploit target. +* [Zero Day Initiative](http://zerodayinitiative.com/advisories/published/) - Bug bounty program with publicly accessible archive of published security advisories, operated by TippingPoint. * [Vulners](https://vulners.com) - Security database of software vulnerabilities. +* [Inj3ct0r](https://www.0day.today) ([Onion service](http://mvfjfugdwgc5uwho.onion/)) - Exploit marketplace and vulnerability information aggregator. +* [Open Source Vulnerability Database (OSVDB)](https://osvdb.org/) - Historical archive of security vulnerabilities in computerized equipment, no longer adding to its vulnerability database as of April, 2016. ## Security Courses * [Offensive Security Training](https://www.offensive-security.com/information-security-training/) - Training from BackTrack/Kali developers. From 71d146979cfbf9bf79bcbc7000fe5fed4116cb3c Mon Sep 17 00:00:00 2001 From: Jericho Date: Sat, 8 Jul 2017 16:45:34 -0600 Subject: [PATCH 18/44] touch-ups and clarifications for the VDB section --- README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index bc43839..c67689d 100644 --- a/README.md +++ b/README.md @@ -405,23 +405,23 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Defcon Suggested Reading](https://www.defcon.org/html/links/book-list.html) ## Vulnerability Databases -* [Common Vulnerabilities and Exposures (CVE)](https://cve.mitre.org/) - Dictionary of common names (i.e., CVE Identifiers) for publicly known cybersecurity vulnerabilities. -* [National Vulnerability Database (NVD)](https://nvd.nist.gov/) - United States government's National Vulnerability Database provides a superset of the standard CVE List along with a fine-grained search engine. +* [Common Vulnerabilities and Exposures (CVE)](https://cve.mitre.org/) - Dictionary of common names (i.e., CVE Identifiers) for publicly known security vulnerabilities. +* [National Vulnerability Database (NVD)](https://nvd.nist.gov/) - United States government's National Vulnerability Database provides additional meta-data (CPE, CVSS scoring) of the standard CVE List along with a fine-grained search engine. * [US-CERT Vulnerability Notes Database](https://www.kb.cert.org/vuls/) - Summaries, technical details, remediation information, and lists of vendors affected by software vulnerabilities, aggregated by the United States Computer Emergency Response Team (US-CERT). * [Full-Disclosure](http://seclists.org/fulldisclosure/) - Public, vendor-neutral forum for detailed discussion of vulnerabilities, often publishes details before many other sources. -* [Bugtraq (BID)](http://www.securityfocus.com/bid/) - Software security bug identification database compiled from submissions to the SecurityFocus mailing list, operated by Symantec, Inc. +* [Bugtraq (BID)](http://www.securityfocus.com/bid/) - Software security bug identification database compiled from submissions to the SecurityFocus mailing list and other sources, operated by Symantec, Inc. * [Exploit-DB](https://www.exploit-db.com/) - Non-profit project hosting exploits for software vulnerabilities, provided as a public service by Offensive Security. * [Microsoft Security Bulletins](https://technet.microsoft.com/en-us/security/bulletins#sec_search) - Announcements of security issues discovered in Microsoft software, published by the Microsoft Security Response Center (MSRC). * [Microsoft Security Advisories](https://technet.microsoft.com/en-us/security/advisories#APUMA) - Archive of security advisories impacting Microsoft software. * [Mozilla Foundation Security Advisories](https://www.mozilla.org/security/advisories/) - Archive of security advisories impacting Mozilla software, including the Firefox Web Browser. * [Packet Storm](https://packetstormsecurity.com/files/) - Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry. -* [CXSecurity](https://cxsecurity.com/) - Archive of published CVE and Bugtraq software vulnerabilities cross-referenced with a a Google dork database for discovering the listed vulnerability. +* [CXSecurity](https://cxsecurity.com/) - Archive of published CVE and Bugtraq software vulnerabilities cross-referenced with a Google dork database for discovering the listed vulnerability. * [SecuriTeam](http://www.securiteam.com/) - Independent source of software vulnerability information. * [Vulnerability Lab](https://www.vulnerability-lab.com/) - Open forum for security advisories organized by category of exploit target. * [Zero Day Initiative](http://zerodayinitiative.com/advisories/published/) - Bug bounty program with publicly accessible archive of published security advisories, operated by TippingPoint. -* [Vulners](https://vulners.com) - Security database of software vulnerabilities. -* [Inj3ct0r](https://www.0day.today) ([Onion service](http://mvfjfugdwgc5uwho.onion/)) - Exploit marketplace and vulnerability information aggregator. -* [Open Source Vulnerability Database (OSVDB)](https://osvdb.org/) - Historical archive of security vulnerabilities in computerized equipment, no longer adding to its vulnerability database as of April, 2016. +* [Vulners](https://vulners.com/) - Security database of software vulnerabilities. +* [Inj3ct0r](https://www.0day.today/) ([Onion service](http://mvfjfugdwgc5uwho.onion/)) - Exploit marketplace and vulnerability information aggregator. +* [Open Source Vulnerability Database (OSVDB)](https://osvdb.org/) - Historical archive of security vulnerabilities in computerized equipment, no longer adding to its vulnerability database as of April, 2016. Continued by [Risk Based Security](https://vulndb.cyberriskanalytics.com/) as a commercial VDB. ## Security Courses * [Offensive Security Training](https://www.offensive-security.com/information-security-training/) - Training from BackTrack/Kali developers. From 9b037a9bbfc6c31de411026b47f698a9b17f7ecd Mon Sep 17 00:00:00 2001 From: Meitar M Date: Fri, 7 Jul 2017 23:09:50 -0400 Subject: [PATCH 19/44] Fix minor typos, capitalization issues, and term consistency. --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index bc43839..870c26c 100644 --- a/README.md +++ b/README.md @@ -159,7 +159,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [cms-explorer](https://code.google.com/archive/p/cms-explorer/) - Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running. * [joomscan](https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project) - Joomla vulnerability scanner. -#### Network Tools +### Network Tools * [zmap](https://zmap.io/) - Open source network scanner that enables researchers to easily perform Internet-wide network studies. * [nmap](https://nmap.org/) - Free security scanner for network exploration & security audits. * [pig](https://github.com/rafael-santiago/pig) - GNU/Linux packet crafting tool. @@ -283,7 +283,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [creepy](https://github.com/ilektrojohn/creepy) - Geolocation OSINT tool. * [metagoofil](https://github.com/laramies/metagoofil) - Metadata harvester. * [Google Hacking Database](https://www.exploit-db.com/google-hacking-database/) - Database of Google dorks; can be used for recon. -* [Google-dorks](https://github.com/JohnTroony/Google-dorks) - Common Google dorks and others you prolly don't know. +* [Google-dorks](https://github.com/JohnTroony/Google-dorks) - Common Google dorks and others you probably don't know. * [GooDork](https://github.com/k3170makan/GooDork) - Command line Google dorking tool. * [dork-cli](https://github.com/jgor/dork-cli) - Command line Google dork tool. * [Censys](https://www.censys.io/) - Collects data on hosts and websites through daily ZMap and ZGrab scans. @@ -309,11 +309,11 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [IDA Pro](https://www.hex-rays.com/products/ida/) - Windows, GNU/Linux or macOS hosted multi-processor disassembler and debugger. * [IDA Free](https://www.hex-rays.com/products/ida/support/download_freeware.shtml) - The freeware version of IDA v5.0. * [WDK/WinDbg](https://msdn.microsoft.com/en-us/windows/hardware/hh852365.aspx) - Windows Driver Kit and WinDbg. -* [OllyDbg](http://www.ollydbg.de/) - x86 debugger that emphasizes binary code analysis. +* [OllyDbg](http://www.ollydbg.de/) - x86 debugger for Windows binaries that emphasizes binary code analysis. * [Radare2](http://rada.re/r/index.html) - Open source, crossplatform reverse engineering framework. * [x64dbg](http://x64dbg.com/) - Open source x64/x32 debugger for windows. * [Immunity Debugger](http://debugger.immunityinc.com/) - Powerful way to write exploits and analyze malware. -* [Evan's Debugger](http://www.codef00.com/projects#debugger) - OllyDbg-like debugger for Linux. +* [Evan's Debugger](http://www.codef00.com/projects#debugger) - OllyDbg-like debugger for GNU/Linux. * [Medusa disassembler](https://github.com/wisk/medusa) - Open source interactive disassembler. * [plasma](https://github.com/joelpx/plasma) - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code. * [peda](https://github.com/longld/peda) - Python Exploit Development Assistance for GDB. From 32ff359418cc3e86d371ed7ab9cd68fdd372f2eb Mon Sep 17 00:00:00 2001 From: Meitar M Date: Mon, 10 Jul 2017 16:17:34 -0400 Subject: [PATCH 20/44] Drop link to commercial-only VulnDB based off OSVDB. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index bf21511..704d5d9 100644 --- a/README.md +++ b/README.md @@ -421,7 +421,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Zero Day Initiative](http://zerodayinitiative.com/advisories/published/) - Bug bounty program with publicly accessible archive of published security advisories, operated by TippingPoint. * [Vulners](https://vulners.com/) - Security database of software vulnerabilities. * [Inj3ct0r](https://www.0day.today/) ([Onion service](http://mvfjfugdwgc5uwho.onion/)) - Exploit marketplace and vulnerability information aggregator. -* [Open Source Vulnerability Database (OSVDB)](https://osvdb.org/) - Historical archive of security vulnerabilities in computerized equipment, no longer adding to its vulnerability database as of April, 2016. Continued by [Risk Based Security](https://vulndb.cyberriskanalytics.com/) as a commercial VDB. +* [Open Source Vulnerability Database (OSVDB)](https://osvdb.org/) - Historical archive of security vulnerabilities in computerized equipment, no longer adding to its vulnerability database as of April, 2016. ## Security Courses * [Offensive Security Training](https://www.offensive-security.com/information-security-training/) - Training from BackTrack/Kali developers. From 9749c6382d644aefb80d5d7000fe58c5ea38e9d0 Mon Sep 17 00:00:00 2001 From: Meitar M Date: Tue, 11 Jul 2017 05:49:24 -0400 Subject: [PATCH 21/44] Fix inconsistent capitalization in headings; "utils" -> "utilities." --- README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 704d5d9..4b83826 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea - [Online Resources](#online-resources) - [Penetration Testing Resources](#penetration-testing-resources) - - [Exploit development](#exploit-development) + - [Exploit Development](#exploit-development) - [Open Source Intelligence (OSINT) Resources](#osint-resources) - [Social Engineering Resources](#social-engineering-resources) - [Lock Picking Resources](#lock-picking-resources) @@ -28,8 +28,8 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea - [Web Exploitation](#web-exploitation) - [Hex Editors](#hex-editors) - [Hash Cracking Tools](#hash-cracking-tools) - - [Windows Utils](#windows-utils) - - [GNU/Linux Utils](#gnu-linux-utils) + - [Windows Utilities](#windows-utilities) + - [GNU/Linux Utilities](#gnu-linux-utilities) - [DDoS Tools](#ddos-tools) - [Social Engineering Tools](#social-engineering-tools) - [OSINT Tools](#osint-tools) @@ -65,7 +65,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Vulnerability Assessment Framework](http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html) - Penetration Testing Framework. * [XSS-Payloads](http://www.xss-payloads.com) - Ultimate resource for all things cross-site including payloads, tools, games and documentation. -### Exploit development +### Exploit Development * [Shellcode Tutorial](http://www.vividmachines.com/shellcode/shellcode.html) - Tutorial on how to write shellcode. * [Shellcode Examples](http://shell-storm.org/shellcode/) - Shellcodes database. * [Exploit Writing Tutorials](https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/) - Tutorials on how to develop exploits. @@ -210,7 +210,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [sslstrip2](https://github.com/LeonardoNve/sslstrip2) - SSLStrip version to defeat HSTS. * [tls_prober](https://github.com/WestpointLtd/tls_prober) - Fingerprint a server's SSL/TLS implementation. -### Web exploitation +### Web Exploitation * [OWASP Zed Attack Proxy (ZAP)](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project) - Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications. * [Fiddler](https://www.telerik.com/fiddler) - Free cross-platform web debugging proxy with user-friendly companion tools. * [Burp Suite](https://portswigger.net/burp/) - Integrated platform for performing security testing of web applications. @@ -247,7 +247,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Hashcat](http://hashcat.net/hashcat/) - The more fast hash cracker. * [CeWL](https://digi.ninja/projects/cewl.php) - Generates custom wordlists by spidering a target's website and collecting unique words. -### Windows Utils +### Windows Utilities * [Sysinternals Suite](https://technet.microsoft.com/en-us/sysinternals/bb842062) - The Sysinternals Troubleshooting Utilities. * [Windows Credentials Editor](http://www.ampliasecurity.com/research/windows-credentials-editor/) - Security tool to list logon sessions and add, change, list and delete associated credentials. * [mimikatz](http://blog.gentilkiwi.com/mimikatz) - Credentials extraction tool for Windows operating system. @@ -259,7 +259,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Fibratus](https://github.com/rabbitstack/fibratus) - Tool for exploration and tracing of the Windows kernel. * [wePWNise](https://labs.mwrinfosecurity.com/tools/wepwnise/) - Generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software. -### GNU/Linux Utils +### GNU/Linux Utilities * [Linux Exploit Suggester](https://github.com/PenturaLabs/Linux_Exploit_Suggester) - Heuristic reporting on potentially viable exploits for a given GNU/Linux system. ### DDoS Tools From ed7ebf1848c240f90a6ed051ec128700843b2c83 Mon Sep 17 00:00:00 2001 From: Meitar M Date: Wed, 12 Jul 2017 00:04:18 -0400 Subject: [PATCH 22/44] Add `binwalk`, fast and easy tool for reversing firmware images. --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 4b83826..685527f 100644 --- a/README.md +++ b/README.md @@ -318,6 +318,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [plasma](https://github.com/joelpx/plasma) - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code. * [peda](https://github.com/longld/peda) - Python Exploit Development Assistance for GDB. * [dnSpy](https://github.com/0xd4d/dnSpy) - Tool to reverse engineer .NET assemblies. +* [binwalk](https://github.com/devttys0/binwalk) - Fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images. ### Physical Access Tools * [LAN Turtle](https://lanturtle.com/) - Covert "USB Ethernet Adapter" that provides remote access, network intelligence gathering, and MITM capabilities when installed in a local network. From 2b2996f5ed0f38c2b80ced2f5076260d122fc20f Mon Sep 17 00:00:00 2001 From: Meitar M Date: Wed, 12 Jul 2017 00:08:26 -0400 Subject: [PATCH 23/44] IDA Pro and IDA Free are basically the same; combine into one item. --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index 4b83826..31e3788 100644 --- a/README.md +++ b/README.md @@ -306,8 +306,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Nipe](https://github.com/GouveaHeitor/nipe) - Script to redirect all traffic from the machine to the Tor network. ### Reverse Engineering Tools -* [IDA Pro](https://www.hex-rays.com/products/ida/) - Windows, GNU/Linux or macOS hosted multi-processor disassembler and debugger. -* [IDA Free](https://www.hex-rays.com/products/ida/support/download_freeware.shtml) - The freeware version of IDA v5.0. +* [Interactive Disassembler (IDA Pro)](https://www.hex-rays.com/products/ida/) - Proprietary multi-processor disassembler and debugger for Windows, GNU/Linux, or macOS; also has a free version, [IDA Free](https://www.hex-rays.com/products/ida/support/download_freeware.shtml). * [WDK/WinDbg](https://msdn.microsoft.com/en-us/windows/hardware/hh852365.aspx) - Windows Driver Kit and WinDbg. * [OllyDbg](http://www.ollydbg.de/) - x86 debugger for Windows binaries that emphasizes binary code analysis. * [Radare2](http://rada.re/r/index.html) - Open source, crossplatform reverse engineering framework. From 0e4032c58e6f1257f3c0e0371df3474c5f51e438 Mon Sep 17 00:00:00 2001 From: Meitar M Date: Wed, 12 Jul 2017 02:18:08 -0400 Subject: [PATCH 24/44] Recategorize "Basic" tools section for clarity and conformity. This commit removes the "Basic Penetration Testing Tools" section and moves numerous items listed therein into more appropriate places, based on existing categories. For instance, BeEF is moved to the Web Exploitation section, since it is more accurate to describe it as a Web exploitation tool than a "Basic" tool. The former category is descriptive while the latter is clearly nondescript. A new section, "Multi-paradigm Frameworks," has been added for items that were listed under the removed "Basic" section but that do not cleanly fit into an existing category. Namely, these are Metasploit, ExploitPack, and Faraday, which are exceptions simply because they are so versatile. (Hence the choice of the new section, "Multi-paradigm.") Additionally, the well-known Armitage GUI for Metasploit was added. Moreover, Bella was moved to a new section, "macOS Utilities," which provides parity with the existing Windows Utilities and GNU/Linux Utilities section. Bella is a post-exploitation agent similar to redsnarf, which likewise has been moved out of the "Basic" section and into its more appropriate Windows Utilities section. Other minor touch ups to various item descriptions were also made. --- README.md | 32 ++++++++++++++++++-------------- 1 file changed, 18 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 4b83826..ed6e11b 100644 --- a/README.md +++ b/README.md @@ -17,8 +17,8 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea - [Operating Systems](#operating-systems) - [Tools](#tools) - [Penetration Testing Distributions](#penetration-testing-distributions) - - [Basic Penetration Testing Tools](#basic-penetration-testing-tools) - [Docker for Penetration Testing](#docker-for-penetration-testing) + - [Multi-paradigm Frameworks](#multi-paradigm-frameworks) - [Vulnerability Scanners](#vulnerability-scanners) - [Static Analyzers](#static-analyzers) - [Web Scanners](#web-scanners) @@ -30,6 +30,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea - [Hash Cracking Tools](#hash-cracking-tools) - [Windows Utilities](#windows-utilities) - [GNU/Linux Utilities](#gnu-linux-utilities) + - [macOS Utilities](#macos-utilities) - [DDoS Tools](#ddos-tools) - [Social Engineering Tools](#social-engineering-tools) - [OSINT Tools](#osint-tools) @@ -107,17 +108,6 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Fedora Security Lab](https://labs.fedoraproject.org/en/security/) - Provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies. * [The Pentesters Framework](https://github.com/trustedsec/ptf) - Distro organized around the Penetration Testing Execution Standard (PTES), providing a curated collection of utilities that eliminates often unused toolchains. -### Basic Penetration Testing Tools -* [Metasploit Framework](https://www.metasploit.com/) - World's most used penetration testing software. -* [ExploitPack](https://github.com/juansacco/exploitpack) - Graphical tool for penetration testing with a bunch of exploits. -* [BeEF](https://github.com/beefproject/beef) - Command and control server for delivering exploits to commandeered Web browsers. -* [faraday](https://github.com/infobyte/faraday) - Collaborative penetration test and vulnerability management platform. -* [evilgrade](https://github.com/infobyte/evilgrade) - The update explotation framework. -* [routersploit](https://github.com/reverse-shell/routersploit) - Automated penetration testing software for router. -* [redsnarf](https://github.com/nccgroup/redsnarf) - Post-exploitation tool for grabbing credentials. -* [Bella](https://github.com/Trietptm-on-Security/Bella) - Pure Python post-exploitation data mining & remote administration tool for Mac OS. -* [Offensive Web Testing Framework (OWTF)](https://www.owasp.org/index.php/OWASP_OWTF) - Python-based framework for pentesting Web applications based on the OWASP Testing Guide. - ### Docker for Penetration Testing * `docker pull kalilinux/kali-linux-docker` [official Kali Linux](https://hub.docker.com/r/kalilinux/kali-linux-docker/) * `docker pull owasp/zap2docker-stable` - [official OWASP ZAP](https://github.com/zaproxy/zaproxy) @@ -136,6 +126,12 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * `docker pull kalilinux/kali-linux-docker` - [Kali Linux Docker Image](https://www.kali.org/news/official-kali-linux-docker-images/) * `docker pull remnux/metasploit` - [docker-metasploit](https://hub.docker.com/r/remnux/metasploit/) +### Multi-paradigm Frameworks +* [Metasploit](https://www.metasploit.com/) - Software for offensive security teams to help verify vulnerabilities and manage security assessments. +* [Armitage](http://fastandeasyhacking.com/) - Java-based GUI front-end for the Metasploit Framework. +* [Faraday](https://github.com/infobyte/faraday) - Multiuser integrated pentesting environment for red teams performing cooperative penetration tests, security audits, and risk assessments. +* [ExploitPack](https://github.com/juansacco/exploitpack) - Graphical tool for automating penetration tests that ships with many pre-packaged exploits. + ### Vulnerability Scanners * [Nexpose](https://www.rapid7.com/products/nexpose/) - Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7. * [Nessus](https://www.tenable.com/products/nessus-vulnerability-scanner) - Commercial vulnerability management, configuration, and compliance assessment platform, sold by Tenable. @@ -166,7 +162,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [scanless](https://github.com/vesche/scanless) - Utility for using websites to perform port scans on your behalf so as not to reveal your own IP. * [tcpdump/libpcap](http://www.tcpdump.org/) - Common packet analyzer that runs under the command line. * [Wireshark](https://www.wireshark.org/) - Network protocol analyzer for Unix and Windows. -* [Network Tools](http://network-tools.com/) - Different network tools: ping, lookup, whois, etc. +* [Network-Tools.com](http://network-tools.com/) - Website offering an interface to numerous basic network utilities like `ping`, `traceroute`, `whois`, and more. * [netsniff-ng](https://github.com/netsniff-ng/netsniff-ng) - Swiss army knife for for network sniffing. * [Intercepter-NG](http://sniff.su/) - Multifunctional network toolkit. * [SPARTA](http://sparta.secforce.com/) - Network infrastructure penetration testing tool. @@ -193,10 +189,12 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [smbmap](https://github.com/ShawnDEvans/smbmap) - Handy SMB enumeration tool. * [scapy](https://github.com/secdev/scapy) - Python-based interactive packet manipulation program & library. * [Dshell](https://github.com/USArmyResearchLab/Dshell) - Network forensic analysis framework. -* [Debookee (macOS)](http://www.iwaxx.com/debookee/) - Intercept traffic from any device on your network. +* [Debookee](http://www.iwaxx.com/debookee/) - Simple and powerful network traffic analyzer for macOS. * [Dripcap](https://github.com/dripcap/dripcap) - Caffeinated packet analyzer. * [PRET](https://github.com/RUB-NDS/PRET) - Printer Exploitation Toolkit offers commands useful for printer attacks and fuzzing. * [Praeda](http://h.foofus.net/?page_id=218) - Automated multi-function printer data harvester for gathering usable data during security assessments. +* [routersploit](https://github.com/reverse-shell/routersploit) - Open source exploitation framework similar to Metasploit but dedicated to embedded devices. +* [evilgrade](https://github.com/infobyte/evilgrade) - Modular framework to take advantage of poor upgrade implementations by injecting fake updates. ### Wireless Network Tools * [Aircrack-ng](http://www.aircrack-ng.org/) - Set of tools for auditing wireless networks. @@ -215,6 +213,8 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Fiddler](https://www.telerik.com/fiddler) - Free cross-platform web debugging proxy with user-friendly companion tools. * [Burp Suite](https://portswigger.net/burp/) - Integrated platform for performing security testing of web applications. * [autochrome](https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/march/autochrome/) - Easy to install a test browser with all the appropriate setting needed for web application testing with native Burp support, from NCCGroup. +* [Browser Exploitation Framework (BeEF)](https://github.com/beefproject/beef) - Command and control server for delivering exploits to commandeered Web browsers. +* [Offensive Web Testing Framework (OWTF)](https://www.owasp.org/index.php/OWASP_OWTF) - Python-based framework for pentesting Web applications based on the OWASP Testing Guide. * [Wordpress Exploit Framework](https://github.com/rastating/wordpress-exploit-framework) - Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. * [WPSploit](https://github.com/espreto/wpsploit) - Exploit WordPress-powered websites with Metasploit. * [SQLmap](http://sqlmap.org/) - Automatic SQL injection and database takeover tool. @@ -258,10 +258,14 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Empire](https://www.powershellempire.com/) - Pure PowerShell post-exploitation agent. * [Fibratus](https://github.com/rabbitstack/fibratus) - Tool for exploration and tracing of the Windows kernel. * [wePWNise](https://labs.mwrinfosecurity.com/tools/wepwnise/) - Generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software. +* [redsnarf](https://github.com/nccgroup/redsnarf) - Post-exploitation tool for retrieving password hashes and credentials from Windows workstations, servers, and domain controllers. ### GNU/Linux Utilities * [Linux Exploit Suggester](https://github.com/PenturaLabs/Linux_Exploit_Suggester) - Heuristic reporting on potentially viable exploits for a given GNU/Linux system. +### macOS Utilities +* [Bella](https://github.com/Trietptm-on-Security/Bella) - Pure Python post-exploitation data mining and remote administration tool for macOS. + ### DDoS Tools * [LOIC](https://github.com/NewEraCracker/LOIC/) - Open source network stress tool for Windows. * [JS LOIC](http://metacortexsecurity.com/tools/anon/LOIC/LOICv1.html) - JavaScript in-browser version of LOIC. From 16868763fd7ac88bf70f77cb714a081eb1918231 Mon Sep 17 00:00:00 2001 From: Meitar M Date: Wed, 12 Jul 2017 02:45:19 -0400 Subject: [PATCH 25/44] Better description for Wireshark, make clear it is cross-platform. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4b83826..7ef34cf 100644 --- a/README.md +++ b/README.md @@ -165,7 +165,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [pig](https://github.com/rafael-santiago/pig) - GNU/Linux packet crafting tool. * [scanless](https://github.com/vesche/scanless) - Utility for using websites to perform port scans on your behalf so as not to reveal your own IP. * [tcpdump/libpcap](http://www.tcpdump.org/) - Common packet analyzer that runs under the command line. -* [Wireshark](https://www.wireshark.org/) - Network protocol analyzer for Unix and Windows. +* [Wireshark](https://www.wireshark.org/) - Widely-used graphical, cross-platform network protocol analyzer. * [Network Tools](http://network-tools.com/) - Different network tools: ping, lookup, whois, etc. * [netsniff-ng](https://github.com/netsniff-ng/netsniff-ng) - Swiss army knife for for network sniffing. * [Intercepter-NG](http://sniff.su/) - Multifunctional network toolkit. From e4ac5a1cc11380fdaadaf965ca00488eeb700813 Mon Sep 17 00:00:00 2001 From: Meitar M Date: Wed, 12 Jul 2017 02:51:49 -0400 Subject: [PATCH 26/44] Better description of PRET through conformity with item link style. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2a08072..f99790d 100644 --- a/README.md +++ b/README.md @@ -195,7 +195,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Dshell](https://github.com/USArmyResearchLab/Dshell) - Network forensic analysis framework. * [Debookee (macOS)](http://www.iwaxx.com/debookee/) - Intercept traffic from any device on your network. * [Dripcap](https://github.com/dripcap/dripcap) - Caffeinated packet analyzer. -* [PRET](https://github.com/RUB-NDS/PRET) - Printer Exploitation Toolkit offers commands useful for printer attacks and fuzzing. +* [Printer Exploitation Toolkit (PRET)](https://github.com/RUB-NDS/PRET) - Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features. * [Praeda](http://h.foofus.net/?page_id=218) - Automated multi-function printer data harvester for gathering usable data during security assessments. ### Wireless Network Tools From 0ed418eef00673f7aebd80a1e8448c6c431bc9d1 Mon Sep 17 00:00:00 2001 From: Meitar M Date: Wed, 12 Jul 2017 16:51:11 -0400 Subject: [PATCH 27/44] Add XRay, automated network (sub)domain recon and OSINT gathering tool. --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 95f32e7..48c8465 100644 --- a/README.md +++ b/README.md @@ -195,6 +195,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Praeda](http://h.foofus.net/?page_id=218) - Automated multi-function printer data harvester for gathering usable data during security assessments. * [routersploit](https://github.com/reverse-shell/routersploit) - Open source exploitation framework similar to Metasploit but dedicated to embedded devices. * [evilgrade](https://github.com/infobyte/evilgrade) - Modular framework to take advantage of poor upgrade implementations by injecting fake updates. +* [XRay](https://github.com/evilsocket/xray) - Network (sub)domain discovery and reconnaissance automation tool. ### Wireless Network Tools * [Aircrack-ng](http://www.aircrack-ng.org/) - Set of tools for auditing wireless networks. From 6a64b2d78b6cc5864d52af308a5bbed539fb86c2 Mon Sep 17 00:00:00 2001 From: Meitar M Date: Wed, 12 Jul 2017 17:02:43 -0400 Subject: [PATCH 28/44] Add AQUATONE, "a tool for domain flyovers" that makes a handy report. --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 95f32e7..774447d 100644 --- a/README.md +++ b/README.md @@ -303,6 +303,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Threat Crowd](https://www.threatcrowd.org/) - Search engine for threats. * [Virus Total](https://www.virustotal.com/) - VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware. * [DataSploit](https://github.com/upgoingstar/datasploit) - OSINT visualizer utilizing Shodan, Censys, Clearbit, EmailHunter, FullContact, and Zoomeye behind the scenes. +* [AQUATONE](https://github.com/michenriksen/aquatone) - Subdomain discovery tool utilizing various open sources producing a report that can be used as input to other tools. ### Anonymity Tools * [Tor](https://www.torproject.org/) - The free software for enabling onion routing online anonymity From 74068f8d348a345f03a5bb02c9eb61a4096b63af Mon Sep 17 00:00:00 2001 From: Meitar M Date: Wed, 12 Jul 2017 23:32:11 -0400 Subject: [PATCH 29/44] Move `sslstrip` to Web Exploitation, recategorize SSL as TLS tools. This commit updates numerous tools all previously categorized as "SSL" tools. It updates their descriptions to more accurately describe current versions by remarking on TLS capabilities, and it does the same with the section heading. Further, Web-centric exploitation tools related to SSL/TLS implementations have been moved to the Web Exploitation section, where they arguably more properly belong, as SSL/TLS implementations may include application-layer services beyond simply HTTP and "Web" traffic. --- README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index ce088f3..3920379 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea - [Web Scanners](#web-scanners) - [Network Tools](#network-tools) - [Wireless Network Tools](#wireless-network-tools) - - [SSL Analysis Tools](#ssl-analysis-tools) + - [Transport Layer Security Tools](#transport-layer-security-tools) - [Web Exploitation](#web-exploitation) - [Hex Editors](#hex-editors) - [Hash Cracking Tools](#hash-cracking-tools) @@ -177,7 +177,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [passivedns](https://github.com/gamelinux/passivedns) - Network sniffer that logs all DNS server replies for use in a passive DNS setup. * [Mass Scan](https://github.com/robertdavidgraham/masscan) - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. * [Zarp](https://github.com/hatRiot/zarp) - Network attack tool centered around the exploitation of local networks. -* [mitmproxy](https://github.com/mitmproxy/mitmproxy) - Interactive SSL-capable intercepting HTTP proxy for penetration testers and software developers. +* [mitmproxy](https://github.com/mitmproxy/mitmproxy) - Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers. * [Morpheus](https://github.com/r00t-3xp10it/morpheus) - Automated ettercap TCP/IP Hijacking tool. * [mallory](https://github.com/justmao945/mallory) - HTTP/HTTPS proxy over SSH. * [SSH MITM](https://github.com/jtesta/ssh-mitm) - Intercept SSH connections with a proxy; all plaintext passwords and sessions are logged to disk. @@ -203,10 +203,8 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Reaver](https://code.google.com/archive/p/reaver-wps) - Brute force attack against WiFi Protected Setup. * [Wifite](https://github.com/derv82/wifite) - Automated wireless attack tool. -### SSL Analysis Tools -* [SSLyze](https://github.com/nabla-c0d3/sslyze) - SSL configuration scanner. -* [sslstrip](https://www.thoughtcrime.org/software/sslstrip/) - Demonstration of the HTTPS stripping attacks. -* [sslstrip2](https://github.com/LeonardoNve/sslstrip2) - SSLStrip version to defeat HSTS. +### Transport Layer Security Tools +* [SSLyze](https://github.com/nabla-c0d3/sslyze) - Fast and comprehensive TLS/SSL configuration analyzer to help identify security mis-configurations. * [tls_prober](https://github.com/WestpointLtd/tls_prober) - Fingerprint a server's SSL/TLS implementation. ### Web Exploitation @@ -232,6 +230,8 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Commix](https://github.com/commixproject/commix) - Automated all-in-one operating system command injection and exploitation tool. * [DVCS Ripper](https://github.com/kost/dvcs-ripper) - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR. * [GitTools](https://github.com/internetwache/GitTools) - Automatically find and download Web-accessible `.git` repositories. +* [sslstrip](https://www.thoughtcrime.org/software/sslstrip/) - Demonstration of the HTTPS stripping attacks. +* [sslstrip2](https://github.com/LeonardoNve/sslstrip2) - SSLStrip version to defeat HSTS. ### Hex Editors * [HexEdit.js](https://hexed.it) - Browser-based hex editing. From bf7a6151a9d9f57bb883e9218b85ded29720dcd9 Mon Sep 17 00:00:00 2001 From: Meitar M Date: Wed, 12 Jul 2017 23:41:23 -0400 Subject: [PATCH 30/44] Add 0xED, a native macOS hex editor with support for resource forks. --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index ce088f3..8664b79 100644 --- a/README.md +++ b/README.md @@ -237,6 +237,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [HexEdit.js](https://hexed.it) - Browser-based hex editing. * [Hexinator](https://hexinator.com/) - World's finest (proprietary, commercial) Hex Editor. * [Frhed](http://frhed.sourceforge.net/) - Binary file editor for Windows. +* [0xED](http://www.suavetech.com/0xed/0xed.html) - Native macOS hex editor that supports plug-ins to display custom data types. ### File Format Analysis Tools * [Kaitai Struct](http://kaitai.io/) - File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby. From a4a1f0ecc652be4876771bf5be320271aae79621 Mon Sep 17 00:00:00 2001 From: Meitar M Date: Thu, 13 Jul 2017 00:20:39 -0400 Subject: [PATCH 31/44] Awesome List style guide compliance pass on the Anonymity Tools section. This commit conforms the Anonymity Tools section to the Awesome List style guide by adding periods and such, plus adds the WEBKAY project to help defend against identity and privay leaks from mis-configured Web browsers. It also phrases the Tor project item description more clearly. --- README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ce088f3..f960387 100644 --- a/README.md +++ b/README.md @@ -307,9 +307,11 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [AQUATONE](https://github.com/michenriksen/aquatone) - Subdomain discovery tool utilizing various open sources producing a report that can be used as input to other tools. ### Anonymity Tools -* [Tor](https://www.torproject.org/) - The free software for enabling onion routing online anonymity -* [I2P](https://geti2p.net/en/) - The Invisible Internet Project +* [Tor](https://www.torproject.org/) - Free software and onion routed overlay network that helps you defend against traffic analysis. +* [I2P](https://geti2p.net/) - The Invisible Internet Project. * [Nipe](https://github.com/GouveaHeitor/nipe) - Script to redirect all traffic from the machine to the Tor network. +* [What Every Browser Knows About You](http://webkay.robinlinus.com/) - Comprehensive detection page to test your own Web browser's configuration for privacy and identity leaks. + ### Reverse Engineering Tools * [Interactive Disassembler (IDA Pro)](https://www.hex-rays.com/products/ida/) - Proprietary multi-processor disassembler and debugger for Windows, GNU/Linux, or macOS; also has a free version, [IDA Free](https://www.hex-rays.com/products/ida/support/download_freeware.shtml). From 19bfe12cd63af2044ac879ef34c024af33fced28 Mon Sep 17 00:00:00 2001 From: Meitar M Date: Thu, 13 Jul 2017 03:45:49 -0400 Subject: [PATCH 32/44] Add Pupy, a multi-paradigm (scriptable/interactive) cross-platform RAT. --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index ce088f3..4afac3d 100644 --- a/README.md +++ b/README.md @@ -131,6 +131,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Armitage](http://fastandeasyhacking.com/) - Java-based GUI front-end for the Metasploit Framework. * [Faraday](https://github.com/infobyte/faraday) - Multiuser integrated pentesting environment for red teams performing cooperative penetration tests, security audits, and risk assessments. * [ExploitPack](https://github.com/juansacco/exploitpack) - Graphical tool for automating penetration tests that ships with many pre-packaged exploits. +* [Pupy](https://github.com/n1nj4sec/pupy) - Cross-platform (Windows, Linux, macOS, Android) remote administration and post-exploitation tool. ### Vulnerability Scanners * [Nexpose](https://www.rapid7.com/products/nexpose/) - Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7. From 72f02c8b6b1246861ddcbbe842ad201bb2b9cdbd Mon Sep 17 00:00:00 2001 From: Meitar M Date: Thu, 13 Jul 2017 14:17:24 -0400 Subject: [PATCH 33/44] Add HPI-VDB, which has a cross-referenced CVE search engine and API. --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index da42572..355c9b1 100644 --- a/README.md +++ b/README.md @@ -432,6 +432,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Vulners](https://vulners.com/) - Security database of software vulnerabilities. * [Inj3ct0r](https://www.0day.today/) ([Onion service](http://mvfjfugdwgc5uwho.onion/)) - Exploit marketplace and vulnerability information aggregator. * [Open Source Vulnerability Database (OSVDB)](https://osvdb.org/) - Historical archive of security vulnerabilities in computerized equipment, no longer adding to its vulnerability database as of April, 2016. +* [HPI-VDB](https://hpi-vdb.de/) - Aggregator of cross-referenced software vulnerabilities offering free-of-charge API access, provided by the Hasso-Plattner Institute, Potsdam. ## Security Courses * [Offensive Security Training](https://www.offensive-security.com/information-security-training/) - Training from BackTrack/Kali developers. From 195e2ed79ea4e96b8e8e867413558ec51f45cb1a Mon Sep 17 00:00:00 2001 From: jose nazario Date: Fri, 14 Jul 2017 10:13:37 -0400 Subject: [PATCH 34/44] spelling fixes --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index da42572..ec4c98f 100644 --- a/README.md +++ b/README.md @@ -439,7 +439,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Open Security Training](http://opensecuritytraining.info/) - Training material for computer security classes. * [CTF Field Guide](https://trailofbits.github.io/ctf/) - Everything you need to win your next CTF competition. * [ARIZONA CYBER WARFARE RANGE](http://azcwr.org/) - 24x7 live fire exercises for beginners through real world operations; capability for upward progression into the real world of cyber warfare. -* [Cybrary](http://cybrary.it) - Free courses in ethical hacking and advanced penetration testing. Advanced penetration testing courses are based on the book 'Penetration Testing for Highly Secured Enviroments'. +* [Cybrary](http://cybrary.it) - Free courses in ethical hacking and advanced penetration testing. Advanced penetration testing courses are based on the book 'Penetration Testing for Highly Secured Environments'. * [Computer Security Student](http://computersecuritystudent.com) - Many free tutorials, great for beginners, $10/mo membership unlocks all content. * [European Union Agency for Network and Information Security](https://www.enisa.europa.eu/topics/trainings-for-cybersecurity-specialists/online-training-material) - ENISA Cyber Security Training material. @@ -464,8 +464,8 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [DeepSec](https://deepsec.net/) - Security Conference in Vienna, Austria. * [SkyDogCon](http://www.skydogcon.com/) - Technology conference in Nashville. * [SECUINSIDE](http://secuinside.com) - Security Conference in [Seoul](https://en.wikipedia.org/wiki/Seoul). -* [DefCamp](http://def.camp/) - Largest Security Conference in Eastern Europe, held anually in Bucharest, Romania. -* [AppSecUSA](https://2016.appsecusa.org/) - Annual conference organised by OWASP. +* [DefCamp](http://def.camp/) - Largest Security Conference in Eastern Europe, held annually in Bucharest, Romania. +* [AppSecUSA](https://2016.appsecusa.org/) - Annual conference organized by OWASP. * [BruCON](http://brucon.org) - Annual security conference in Belgium. * [Infosecurity Europe](http://www.infosecurityeurope.com/) - Europe's number one information security event, held in London, UK. * [Nullcon](http://nullcon.net/website/) - Annual conference in Delhi and Goa, India. @@ -474,7 +474,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Virus Bulletin Conference](https://www.virusbulletin.com/conference/index) - Annual conference going to be held in Denver, USA for 2016. * [Ekoparty](http://www.ekoparty.org) - Largest Security Conference in Latin America, held annually in Buenos Aires, Argentina. * [44Con](https://44con.com/) - Annual Security Conference held in London. -* [BalCCon](https://www.balccon.org) - Balkan Computer Congress, annualy held in Novi Sad, Serbia. +* [BalCCon](https://www.balccon.org) - Balkan Computer Congress, annually held in Novi Sad, Serbia. * [FSec](http://fsec.foi.hr) - FSec - Croatian Information Security Gathering in Varaždin, Croatia. ## Information Security Magazines From cb21655e6472e6ce61efd4ad513129a2e524b221 Mon Sep 17 00:00:00 2001 From: Meitar M Date: Fri, 14 Jul 2017 17:00:31 -0400 Subject: [PATCH 35/44] The name of the Medusa disassembler is just "Medusa." --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ec4c98f..1f6422f 100644 --- a/README.md +++ b/README.md @@ -323,7 +323,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [x64dbg](http://x64dbg.com/) - Open source x64/x32 debugger for windows. * [Immunity Debugger](http://debugger.immunityinc.com/) - Powerful way to write exploits and analyze malware. * [Evan's Debugger](http://www.codef00.com/projects#debugger) - OllyDbg-like debugger for GNU/Linux. -* [Medusa disassembler](https://github.com/wisk/medusa) - Open source interactive disassembler. +* [Medusa](https://github.com/wisk/medusa) - Open source, cross-platform interactive disassembler. * [plasma](https://github.com/joelpx/plasma) - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code. * [peda](https://github.com/longld/peda) - Python Exploit Development Assistance for GDB. * [dnSpy](https://github.com/0xd4d/dnSpy) - Tool to reverse engineer .NET assemblies. From e7824ca693cf1c850403ea6575e4cfba34c51de6 Mon Sep 17 00:00:00 2001 From: techgaun Date: Sat, 15 Jul 2017 18:26:16 -0500 Subject: [PATCH 36/44] update travis steps to handle dfn subca --- .travis.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 1f2d82b..ff3456b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -3,5 +3,9 @@ rvm: - 2.2 before_script: - gem install awesome_bot + - wget 'https://mkcert.org/generate/' -O bundle.pem + - wget 'http://cdp.pca.dfn.de/global-root-ca/pub/cacert/cacert.pem' -O dfn.pem + - wget 'http://cdp.pca.dfn.de/uni-potsdam-ca/pub/cacert/cacert.pem' -O potsdam.pem + - cat bundle.pem dfn.pem potsdam.pem > /tmp/bundle.pem script: - - awesome_bot README.md --allow-redirect --white-list "www.0day.today,mvfjfugdwgc5uwho.onion" + - SSL_CERT_FILE="/tmp/bundle.pem" awesome_bot README.md --allow-redirect --white-list "www.0day.today,mvfjfugdwgc5uwho.onion" From d4fa4f0a72c493aed2594118c411fe617d5f6888 Mon Sep 17 00:00:00 2001 From: techgaun Date: Sat, 15 Jul 2017 23:53:27 -0500 Subject: [PATCH 37/44] default to trusty --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index ff3456b..5a41829 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,4 +1,5 @@ language: ruby +dist: trusty rvm: - 2.2 before_script: From 7e08965e7d14555f559b8fc8fa8df367cff411fe Mon Sep 17 00:00:00 2001 From: Meitar M Date: Sun, 16 Jul 2017 04:06:18 -0400 Subject: [PATCH 38/44] Add TrustedSec's "Magic Unicorn," a payload generator for Windows. --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 4532a75..730fcf6 100644 --- a/README.md +++ b/README.md @@ -262,6 +262,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Fibratus](https://github.com/rabbitstack/fibratus) - Tool for exploration and tracing of the Windows kernel. * [wePWNise](https://labs.mwrinfosecurity.com/tools/wepwnise/) - Generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software. * [redsnarf](https://github.com/nccgroup/redsnarf) - Post-exploitation tool for retrieving password hashes and credentials from Windows workstations, servers, and domain controllers. +* [Magic Unicorn](https://github.com/trustedsec/unicorn) - Shellcode generator for numerous attack vectors, including Microsoft Office macros, PowerShell, HTML applications (HTA), or `certutil` (using fake certificates). ### GNU/Linux Utilities * [Linux Exploit Suggester](https://github.com/PenturaLabs/Linux_Exploit_Suggester) - Heuristic reporting on potentially viable exploits for a given GNU/Linux system. From 222a05baff5deeb21aaba84d4c130c6777d6af33 Mon Sep 17 00:00:00 2001 From: Meitar M Date: Mon, 17 Jul 2017 04:44:03 -0400 Subject: [PATCH 39/44] Add AttifyOS, a distro focused on pentesting IoT devices. --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 730fcf6..aef450d 100644 --- a/README.md +++ b/README.md @@ -107,6 +107,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Buscador](https://inteltechniques.com/buscador/) - GNU/Linux virtual machine that is pre-configured for online investigators. * [Fedora Security Lab](https://labs.fedoraproject.org/en/security/) - Provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies. * [The Pentesters Framework](https://github.com/trustedsec/ptf) - Distro organized around the Penetration Testing Execution Standard (PTES), providing a curated collection of utilities that eliminates often unused toolchains. +* [AttifyOS](https://github.com/adi0x90/attifyos) - GNU/Linux distribution focused on tools useful during Internet of Things (IoT) security assessments. ### Docker for Penetration Testing * `docker pull kalilinux/kali-linux-docker` [official Kali Linux](https://hub.docker.com/r/kalilinux/kali-linux-docker/) From 16f3406a0f2ddc7874a57ea617a8be75d5ba8871 Mon Sep 17 00:00:00 2001 From: filinpavel Date: Tue, 18 Jul 2017 13:56:58 +0700 Subject: [PATCH 40/44] Update README.md added pyrebox to RE Tools section --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index aef450d..39a692e 100644 --- a/README.md +++ b/README.md @@ -330,6 +330,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [peda](https://github.com/longld/peda) - Python Exploit Development Assistance for GDB. * [dnSpy](https://github.com/0xd4d/dnSpy) - Tool to reverse engineer .NET assemblies. * [binwalk](https://github.com/devttys0/binwalk) - Fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images. +* [PyREBox](https://github.com/Cisco-Talos/pyrebox) - Python scriptable Reverse Engineering sandbox by Cisco-Talos. ### Physical Access Tools * [LAN Turtle](https://lanturtle.com/) - Covert "USB Ethernet Adapter" that provides remote access, network intelligence gathering, and MITM capabilities when installed in a local network. From 34587c6dac0d4eb5111b1fddca02af6a293df1b2 Mon Sep 17 00:00:00 2001 From: Meitar M Date: Wed, 19 Jul 2017 15:44:06 -0400 Subject: [PATCH 41/44] Provide a useful description for SPARTA. SPARTA is not really its own tool, it's more like a meta-tool. There are many "network infrastructure penetration testing tools" on this list, but what does SPARTA actually do that these other tools don't? The answer is primarily that SPARTA is a GUI wrapper around arbitrary command lines with some additional logic to identify results from well-known tools such as `nmap` and trigger actions based on those results in other tools. Let's make that clear in the item's description. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 39a692e..905bacb 100644 --- a/README.md +++ b/README.md @@ -167,7 +167,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Network-Tools.com](http://network-tools.com/) - Website offering an interface to numerous basic network utilities like `ping`, `traceroute`, `whois`, and more. * [netsniff-ng](https://github.com/netsniff-ng/netsniff-ng) - Swiss army knife for for network sniffing. * [Intercepter-NG](http://sniff.su/) - Multifunctional network toolkit. -* [SPARTA](http://sparta.secforce.com/) - Network infrastructure penetration testing tool. +* [SPARTA](https://sparta.secforce.com/) - Graphical interface offering scriptable, configurable access to existing network infrastructure scanning and enumeration tools. * [dnschef](https://github.com/iphelix/dnschef) - Highly configurable DNS proxy for pentesters. * [DNSDumpster](https://dnsdumpster.com/) - Online DNS recon and search service. * [CloudFail](https://github.com/m0rtem/CloudFail) - Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS. From c9053f66828d54862bef0b8cfb9b1a4f413b34fd Mon Sep 17 00:00:00 2001 From: Meitar M Date: Fri, 21 Jul 2017 04:04:29 -0400 Subject: [PATCH 42/44] Fix broken intra-page link in the table of contents. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 905bacb..ddb02a6 100644 --- a/README.md +++ b/README.md @@ -29,7 +29,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea - [Hex Editors](#hex-editors) - [Hash Cracking Tools](#hash-cracking-tools) - [Windows Utilities](#windows-utilities) - - [GNU/Linux Utilities](#gnu-linux-utilities) + - [GNU/Linux Utilities](#gnulinux-utilities) - [macOS Utilities](#macos-utilities) - [DDoS Tools](#ddos-tools) - [Social Engineering Tools](#social-engineering-tools) From 20c7af2267c9756786cdfbad2d3a86acb35c664e Mon Sep 17 00:00:00 2001 From: Meitar M Date: Sun, 23 Jul 2017 03:27:51 -0400 Subject: [PATCH 43/44] Move license to the bottom, replace the PNG with an SVG. --- README.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 905bacb..e50e092 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# Awesome Penetration Testing [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome) [![Creative Commons License](http://i.creativecommons.org/l/by/4.0/88x31.png)](https://creativecommons.org/licenses/by/4.0/) +# Awesome Penetration Testing [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome) > A collection of awesome penetration testing resources. @@ -515,3 +515,9 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Awesome Lockpicking](https://github.com/meitar/awesome-lockpicking) - Awesome guides, tools, and other resources about the security and compromise of locks, safes, and keys. * [SecLists](https://github.com/danielmiessler/SecLists) - Collection of multiple types of lists used during security assessments. * [Security Talks](https://github.com/PaulSec/awesome-sec-talks) - Curated list of security conferences. + +# License + +[![CC-BY](https://mirrors.creativecommons.org/presskit/buttons/88x31/svg/by.svg)](https://creativecommons.org/licenses/by/4.0/) + +This work is licensed under a [Creative Commons Attribution 4.0 International License](https://creativecommons.org/licenses/by/4.0/). From 919c1e6113b9231071b2d4b1e1624ecca33a9dba Mon Sep 17 00:00:00 2001 From: Meitar M Date: Fri, 28 Jul 2017 04:02:41 -0400 Subject: [PATCH 44/44] Add ChipWhisperer, a side-channel attack toolchain, in new section. --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index e50e092..cd95a32 100644 --- a/README.md +++ b/README.md @@ -37,6 +37,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea - [Anonymity Tools](#anonymity-tools) - [Reverse Engineering Tools](#reverse-engineering-tools) - [Physical Access Tools](#physical-access-tools) + - [Side-channel Tools](#side-channel-tools) - [CTF Tools](#ctf-tools) - [Books](#books) - [Penetration Testing Books](#penetration-testing-books) @@ -338,6 +339,9 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Poisontap](https://samy.pl/poisontap/) - Siphons cookies, exposes internal (LAN-side) router and installs web backdoor on locked computers. * [WiFi Pineapple](https://www.wifipineapple.com/) - Wireless auditing and penetration testing platform. +### Side-channel Tools +* [ChipWhisperer](http://chipwhisperer.com) - Complete open-source toolchain for side-channel power analysis and glitching attacks. + ### CTF Tools * [ctf-tools](https://github.com/zardus/ctf-tools) - Collection of setup scripts to install various security research tools easily and quickly deployable to new machines. * [Pwntools](https://github.com/Gallopsled/pwntools) - Rapid exploit development framework built for use in CTFs.