mirror of
https://github.com/enaqx/awesome-pentest.git
synced 2025-01-23 21:01:09 -05:00
Merge pull request #205 from enaqx/tools-addition
add various tools based on #204
This commit is contained in:
commit
191b21cb13
@ -9,4 +9,4 @@ before_script:
|
|||||||
- wget 'http://cdp.pca.dfn.de/uni-potsdam-ca/pub/cacert/cacert.pem' -O potsdam.pem
|
- wget 'http://cdp.pca.dfn.de/uni-potsdam-ca/pub/cacert/cacert.pem' -O potsdam.pem
|
||||||
- cat bundle.pem dfn.pem potsdam.pem > /tmp/bundle.pem
|
- cat bundle.pem dfn.pem potsdam.pem > /tmp/bundle.pem
|
||||||
script:
|
script:
|
||||||
- SSL_CERT_FILE="/tmp/bundle.pem" awesome_bot README.md --allow-redirect --white-list "www.0day.today,mvfjfugdwgc5uwho.onion,creativecommons.org"
|
- SSL_CERT_FILE="/tmp/bundle.pem" awesome_bot README.md --allow-redirect --white-list "www.0day.today,mvfjfugdwgc5uwho.onion,creativecommons.org,zoomeye.org"
|
||||||
|
14
README.md
14
README.md
@ -151,7 +151,8 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
|||||||
* [Brakeman](https://github.com/presidentbeef/brakeman) - Static analysis security vulnerability scanner for Ruby on Rails applications.
|
* [Brakeman](https://github.com/presidentbeef/brakeman) - Static analysis security vulnerability scanner for Ruby on Rails applications.
|
||||||
* [cppcheck](http://cppcheck.sourceforge.net/) - Extensible C/C++ static analyzer focused on finding bugs.
|
* [cppcheck](http://cppcheck.sourceforge.net/) - Extensible C/C++ static analyzer focused on finding bugs.
|
||||||
* [FindBugs](http://findbugs.sourceforge.net/) - Free software static analyzer to look for bugs in Java code.
|
* [FindBugs](http://findbugs.sourceforge.net/) - Free software static analyzer to look for bugs in Java code.
|
||||||
* [sobelow](https://github.com/techgaun/sobelow) - Security-focused static analysis for the Phoenix Framework.
|
* [sobelow](https://github.com/nccgroup/sobelow) - Security-focused static analysis for the Phoenix Framework.
|
||||||
|
* [bandit](https://pypi.python.org/pypi/bandit/) - Security oriented static analyser for python code.
|
||||||
|
|
||||||
#### Web Scanners
|
#### Web Scanners
|
||||||
* [Nikto](https://cirt.net/nikto2) - Noisy but fast black box web server and web application vulnerability scanner.
|
* [Nikto](https://cirt.net/nikto2) - Noisy but fast black box web server and web application vulnerability scanner.
|
||||||
@ -208,6 +209,8 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
|||||||
* [XRay](https://github.com/evilsocket/xray) - Network (sub)domain discovery and reconnaissance automation tool.
|
* [XRay](https://github.com/evilsocket/xray) - Network (sub)domain discovery and reconnaissance automation tool.
|
||||||
* [Ettercap](http://www.ettercap-project.org) - Comprehensive, mature suite for machine-in-the-middle attacks.
|
* [Ettercap](http://www.ettercap-project.org) - Comprehensive, mature suite for machine-in-the-middle attacks.
|
||||||
* [BetterCAP](https://www.bettercap.org/) - Modular, portable and easily extensible MITM framework.
|
* [BetterCAP](https://www.bettercap.org/) - Modular, portable and easily extensible MITM framework.
|
||||||
|
* [CrackMapExec](https://github.com/byt3bl33d3r/CrackMapExec) - A swiss army knife for pentesting networks.
|
||||||
|
* [impacket](https://github.com/CoreSecurity/impacket) - A collection of Python classes for working with network protocols.
|
||||||
|
|
||||||
### Wireless Network Tools
|
### Wireless Network Tools
|
||||||
* [Aircrack-ng](http://www.aircrack-ng.org/) - Set of tools for auditing wireless networks.
|
* [Aircrack-ng](http://www.aircrack-ng.org/) - Set of tools for auditing wireless networks.
|
||||||
@ -219,6 +222,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
|||||||
### Transport Layer Security Tools
|
### Transport Layer Security Tools
|
||||||
* [SSLyze](https://github.com/nabla-c0d3/sslyze) - Fast and comprehensive TLS/SSL configuration analyzer to help identify security mis-configurations.
|
* [SSLyze](https://github.com/nabla-c0d3/sslyze) - Fast and comprehensive TLS/SSL configuration analyzer to help identify security mis-configurations.
|
||||||
* [tls_prober](https://github.com/WestpointLtd/tls_prober) - Fingerprint a server's SSL/TLS implementation.
|
* [tls_prober](https://github.com/WestpointLtd/tls_prober) - Fingerprint a server's SSL/TLS implementation.
|
||||||
|
* [testssl.sh](https://github.com/drwetter/testssl.sh) - Command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws.
|
||||||
|
|
||||||
### Web Exploitation
|
### Web Exploitation
|
||||||
* [OWASP Zed Attack Proxy (ZAP)](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project) - Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.
|
* [OWASP Zed Attack Proxy (ZAP)](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project) - Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.
|
||||||
@ -232,7 +236,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
|||||||
* [SQLmap](http://sqlmap.org/) - Automatic SQL injection and database takeover tool.
|
* [SQLmap](http://sqlmap.org/) - Automatic SQL injection and database takeover tool.
|
||||||
* [tplmap](https://github.com/epinna/tplmap) - Automatic server-side template injection and Web server takeover tool.
|
* [tplmap](https://github.com/epinna/tplmap) - Automatic server-side template injection and Web server takeover tool.
|
||||||
* [weevely3](https://github.com/epinna/weevely3) - Weaponized web shell.
|
* [weevely3](https://github.com/epinna/weevely3) - Weaponized web shell.
|
||||||
* [Wappalyzer](https://wappalyzer.com/) - Wappalyzer uncovers the technologies used on websites.
|
* [Wappalyzer](https://www.wappalyzer.com/) - Wappalyzer uncovers the technologies used on websites.
|
||||||
* [WhatWeb](https://github.com/urbanadventurer/WhatWeb) - Website fingerprinter.
|
* [WhatWeb](https://github.com/urbanadventurer/WhatWeb) - Website fingerprinter.
|
||||||
* [BlindElephant](http://blindelephant.sourceforge.net/) - Web application fingerprinter.
|
* [BlindElephant](http://blindelephant.sourceforge.net/) - Web application fingerprinter.
|
||||||
* [wafw00f](https://github.com/EnableSecurity/wafw00f) - Identifies and fingerprints Web Application Firewall (WAF) products.
|
* [wafw00f](https://github.com/EnableSecurity/wafw00f) - Identifies and fingerprints Web Application Firewall (WAF) products.
|
||||||
@ -247,6 +251,9 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
|||||||
* [sslstrip2](https://github.com/LeonardoNve/sslstrip2) - SSLStrip version to defeat HSTS.
|
* [sslstrip2](https://github.com/LeonardoNve/sslstrip2) - SSLStrip version to defeat HSTS.
|
||||||
* [NoSQLmap](http://nosqlmap.net/) - Automatic NoSQL injection and database takeover tool.
|
* [NoSQLmap](http://nosqlmap.net/) - Automatic NoSQL injection and database takeover tool.
|
||||||
* [VHostScan](https://github.com/codingo/VHostScan) - A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
|
* [VHostScan](https://github.com/codingo/VHostScan) - A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
|
||||||
|
* [FuzzDB](https://github.com/fuzzdb-project/fuzzdb) - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
|
||||||
|
* [EyeWitness](https://github.com/ChrisTruncer/EyeWitness) - Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible.
|
||||||
|
* [webscreenshot](https://github.com/maaaaz/webscreenshot) - A simple script to take screenshots of list of websites.
|
||||||
|
|
||||||
### Hex Editors
|
### Hex Editors
|
||||||
* [HexEdit.js](https://hexed.it) - Browser-based hex editing.
|
* [HexEdit.js](https://hexed.it) - Browser-based hex editing.
|
||||||
@ -289,6 +296,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
|||||||
* [wePWNise](https://labs.mwrinfosecurity.com/tools/wepwnise/) - Generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software.
|
* [wePWNise](https://labs.mwrinfosecurity.com/tools/wepwnise/) - Generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software.
|
||||||
* [redsnarf](https://github.com/nccgroup/redsnarf) - Post-exploitation tool for retrieving password hashes and credentials from Windows workstations, servers, and domain controllers.
|
* [redsnarf](https://github.com/nccgroup/redsnarf) - Post-exploitation tool for retrieving password hashes and credentials from Windows workstations, servers, and domain controllers.
|
||||||
* [Magic Unicorn](https://github.com/trustedsec/unicorn) - Shellcode generator for numerous attack vectors, including Microsoft Office macros, PowerShell, HTML applications (HTA), or `certutil` (using fake certificates).
|
* [Magic Unicorn](https://github.com/trustedsec/unicorn) - Shellcode generator for numerous attack vectors, including Microsoft Office macros, PowerShell, HTML applications (HTA), or `certutil` (using fake certificates).
|
||||||
|
* [DeathStar](https://github.com/byt3bl33d3r/DeathStar) - Python script that uses Empire's RESTful API to automate gaining Domain Admin rights in Active Directory environments.
|
||||||
|
|
||||||
### GNU/Linux Utilities
|
### GNU/Linux Utilities
|
||||||
* [Linux Exploit Suggester](https://github.com/PenturaLabs/Linux_Exploit_Suggester) - Heuristic reporting on potentially viable exploits for a given GNU/Linux system.
|
* [Linux Exploit Suggester](https://github.com/PenturaLabs/Linux_Exploit_Suggester) - Heuristic reporting on potentially viable exploits for a given GNU/Linux system.
|
||||||
@ -335,6 +343,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
|||||||
* [DataSploit](https://github.com/upgoingstar/datasploit) - OSINT visualizer utilizing Shodan, Censys, Clearbit, EmailHunter, FullContact, and Zoomeye behind the scenes.
|
* [DataSploit](https://github.com/upgoingstar/datasploit) - OSINT visualizer utilizing Shodan, Censys, Clearbit, EmailHunter, FullContact, and Zoomeye behind the scenes.
|
||||||
* [AQUATONE](https://github.com/michenriksen/aquatone) - Subdomain discovery tool utilizing various open sources producing a report that can be used as input to other tools.
|
* [AQUATONE](https://github.com/michenriksen/aquatone) - Subdomain discovery tool utilizing various open sources producing a report that can be used as input to other tools.
|
||||||
* [Intrigue](http://intrigue.io) - Automated OSINT & Attack Surface discovery framework with powerful API, UI and CLI.
|
* [Intrigue](http://intrigue.io) - Automated OSINT & Attack Surface discovery framework with powerful API, UI and CLI.
|
||||||
|
* [ZoomEye](https://www.zoomeye.org/) - Search engine for cyberspace that lets the user find specific network components.
|
||||||
|
|
||||||
|
|
||||||
### Anonymity Tools
|
### Anonymity Tools
|
||||||
@ -361,6 +370,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
|||||||
* [Voltron](https://github.com/snare/voltron) - Extensible debugger UI toolkit written in Python.
|
* [Voltron](https://github.com/snare/voltron) - Extensible debugger UI toolkit written in Python.
|
||||||
* [Capstone](http://www.capstone-engine.org/) - Lightweight multi-platform, multi-architecture disassembly framework.
|
* [Capstone](http://www.capstone-engine.org/) - Lightweight multi-platform, multi-architecture disassembly framework.
|
||||||
* [rVMI](https://github.com/fireeye/rVMI) - Debugger on steroids; inspect userspace processes, kernel drivers, and preboot environments in a single tool.
|
* [rVMI](https://github.com/fireeye/rVMI) - Debugger on steroids; inspect userspace processes, kernel drivers, and preboot environments in a single tool.
|
||||||
|
* [Frida](https://www.frida.re/) - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
|
||||||
|
|
||||||
### Physical Access Tools
|
### Physical Access Tools
|
||||||
* [LAN Turtle](https://lanturtle.com/) - Covert "USB Ethernet Adapter" that provides remote access, network intelligence gathering, and MITM capabilities when installed in a local network.
|
* [LAN Turtle](https://lanturtle.com/) - Covert "USB Ethernet Adapter" that provides remote access, network intelligence gathering, and MITM capabilities when installed in a local network.
|
||||||
|
Loading…
Reference in New Issue
Block a user