mirror of
https://github.com/enaqx/awesome-pentest.git
synced 2025-01-08 13:48:01 -05:00
regroup some of the netowrk tools, based on awesome-lint headers
This commit is contained in:
parent
6f072af3ad
commit
19a96f2e22
114
README.md
114
README.md
@ -27,12 +27,13 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
* [Network Reconnaissance Tools](#network-reconnaissance-tools)
|
||||
* [Protocol Analyzers and Sniffers](#protocol-analyzers-and-sniffers)
|
||||
* [Proxies and MITM Tools](#proxies-and-mitm-tools)
|
||||
* [Wireless Network Tools](#wireless-network-tools)
|
||||
* [Transport Layer Security Tools](#transport-layer-security-tools)
|
||||
* [DDoS Tools](#ddos-tools)
|
||||
* [Tools](#tools)
|
||||
* [Penetration Testing Distributions](#penetration-testing-distributions)
|
||||
* [Docker for Penetration Testing](#docker-for-penetration-testing)
|
||||
* [Multi-paradigm Frameworks](#multi-paradigm-frameworks)
|
||||
* [Wireless Network Tools](#wireless-network-tools)
|
||||
* [Transport Layer Security Tools](#transport-layer-security-tools)
|
||||
* [Web Exploitation](#web-exploitation)
|
||||
* [Hex Editors](#hex-editors)
|
||||
* [File Format Analysis Tools](#file-format-analysis-tools)
|
||||
@ -41,7 +42,6 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
* [Windows Utilities](#windows-utilities)
|
||||
* [GNU/Linux Utilities](#gnulinux-utilities)
|
||||
* [macOS Utilities](#macos-utilities)
|
||||
* [DDoS Tools](#ddos-tools)
|
||||
* [Social Engineering Tools](#social-engineering-tools)
|
||||
* [OSINT Tools](#osint-tools)
|
||||
* [Anonymity Tools](#anonymity-tools)
|
||||
@ -234,6 +234,60 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
* [Lambda-Proxy](https://github.com/puresec/lambda-proxy) - Utility for testing SQL Injection vulnerabilities on AWS Lambda serverless functions.
|
||||
* [Habu](https://github.com/portantier/habu) - Python utility implementing a variety of network attacks, such as ARP poisoning, DHCP starvation, and more.
|
||||
|
||||
### Transport Layer Security Tools
|
||||
|
||||
* [SSLyze](https://github.com/nabla-c0d3/sslyze) - Fast and comprehensive TLS/SSL configuration analyzer to help identify security mis-configurations.
|
||||
* [tls_prober](https://github.com/WestpointLtd/tls_prober) - Fingerprint a server's SSL/TLS implementation.
|
||||
* [testssl.sh](https://github.com/drwetter/testssl.sh) - Command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws.
|
||||
* [crackpkcs12](https://github.com/crackpkcs12/crackpkcs12) - Multithreaded program to crack PKCS#12 files (`.p12` and `.pfx` extensions), such as TLS/SSL certificates.
|
||||
|
||||
### Web Exploitation
|
||||
|
||||
* [OWASP Zed Attack Proxy (ZAP)](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project) - Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.
|
||||
* [Fiddler](https://www.telerik.com/fiddler) - Free cross-platform web debugging proxy with user-friendly companion tools.
|
||||
* [Burp Suite](https://portswigger.net/burp/) - Integrated platform for performing security testing of web applications.
|
||||
* [autochrome](https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/march/autochrome/) - Easy to install a test browser with all the appropriate setting needed for web application testing with native Burp support, from NCCGroup.
|
||||
* [Browser Exploitation Framework (BeEF)](https://github.com/beefproject/beef) - Command and control server for delivering exploits to commandeered Web browsers.
|
||||
* [Offensive Web Testing Framework (OWTF)](https://www.owasp.org/index.php/OWASP_OWTF) - Python-based framework for pentesting Web applications based on the OWASP Testing Guide.
|
||||
* [Wordpress Exploit Framework](https://github.com/rastating/wordpress-exploit-framework) - Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
|
||||
* [WPSploit](https://github.com/espreto/wpsploit) - Exploit WordPress-powered websites with Metasploit.
|
||||
* [SQLmap](http://sqlmap.org/) - Automatic SQL injection and database takeover tool.
|
||||
* [tplmap](https://github.com/epinna/tplmap) - Automatic server-side template injection and Web server takeover tool.
|
||||
* [weevely3](https://github.com/epinna/weevely3) - Weaponized web shell.
|
||||
* [Wappalyzer](https://www.wappalyzer.com/) - Wappalyzer uncovers the technologies used on websites.
|
||||
* [WhatWeb](https://github.com/urbanadventurer/WhatWeb) - Website fingerprinter.
|
||||
* [BlindElephant](http://blindelephant.sourceforge.net/) - Web application fingerprinter.
|
||||
* [wafw00f](https://github.com/EnableSecurity/wafw00f) - Identifies and fingerprints Web Application Firewall (WAF) products.
|
||||
* [fimap](https://github.com/kurobeats/fimap) - Find, prepare, audit, exploit and even Google automatically for LFI/RFI bugs.
|
||||
* [Kadabra](https://github.com/D35m0nd142/Kadabra) - Automatic LFI exploiter and scanner.
|
||||
* [Kadimus](https://github.com/P0cL4bs/Kadimus) - LFI scan and exploit tool.
|
||||
* [liffy](https://github.com/hvqzao/liffy) - LFI exploitation tool.
|
||||
* [Commix](https://github.com/commixproject/commix) - Automated all-in-one operating system command injection and exploitation tool.
|
||||
* [DVCS Ripper](https://github.com/kost/dvcs-ripper) - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR.
|
||||
* [GitTools](https://github.com/internetwache/GitTools) - Automatically find and download Web-accessible `.git` repositories.
|
||||
* [sslstrip](https://www.thoughtcrime.org/software/sslstrip/) - Demonstration of the HTTPS stripping attacks.
|
||||
* [sslstrip2](https://github.com/LeonardoNve/sslstrip2) - SSLStrip version to defeat HSTS.
|
||||
* [NoSQLmap](https://github.com/codingo/NoSQLMap) - Automatic NoSQL injection and database takeover tool.
|
||||
* [VHostScan](https://github.com/codingo/VHostScan) - A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
|
||||
* [FuzzDB](https://github.com/fuzzdb-project/fuzzdb) - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
|
||||
* [EyeWitness](https://github.com/ChrisTruncer/EyeWitness) - Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible.
|
||||
* [webscreenshot](https://github.com/maaaaz/webscreenshot) - A simple script to take screenshots of list of websites.
|
||||
* [recursebuster](https://github.com/c-sto/recursebuster) - Content discovery tool to perform directory and file bruteforcing.
|
||||
* [Raccoon](https://github.com/evyatarmeged/Raccoon) - High performance offensive security tool for reconnaissance and vulnerability scanning.
|
||||
* [WhatWaf](https://github.com/Ekultek/WhatWaf) - Detect and bypass web application firewalls and protection systems.
|
||||
* [badtouch](https://github.com/kpcyrd/badtouch) - Scriptable network authentication cracker.
|
||||
|
||||
### DDoS Tools
|
||||
|
||||
* [LOIC](https://github.com/NewEraCracker/LOIC/) - Open source network stress tool for Windows.
|
||||
* [JS LOIC](http://metacortexsecurity.com/tools/anon/LOIC/LOICv1.html) - JavaScript in-browser version of LOIC.
|
||||
* [SlowLoris](https://github.com/gkbrk/slowloris) - DoS tool that uses low bandwidth on the attacking side.
|
||||
* [HOIC](https://sourceforge.net/projects/high-orbit-ion-cannon/) - Updated version of Low Orbit Ion Cannon, has 'boosters' to get around common counter measures.
|
||||
* [T50](https://gitlab.com/fredericopissarra/t50/) - Faster network stress tool.
|
||||
* [UFONet](https://github.com/epsylon/ufonet) - Abuses OSI layer 7 HTTP to create/manage 'zombies' and to conduct different attacks using; `GET`/`POST`, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.
|
||||
* [Memcrashed](https://github.com/649/Memcrashed-DDoS-Exploit) - DDoS attack tool for sending forged UDP packets to vulnerable Memcached servers obtained using Shodan API.
|
||||
* [Anevicon](https://github.com/Gymmasssorla/anevicon) - The most powerful UDP-based load generator, written in Rust.
|
||||
|
||||
|
||||
## Tools
|
||||
|
||||
@ -297,49 +351,6 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
* [wifi-arsenal](https://github.com/0x90/wifi-arsenal) - Resources for Wi-Fi Pentesting.
|
||||
* [WiFi-Pumpkin](https://github.com/P0cL4bs/WiFi-Pumpkin) - Framework for rogue Wi-Fi access point attack.
|
||||
|
||||
### Transport Layer Security Tools
|
||||
|
||||
* [SSLyze](https://github.com/nabla-c0d3/sslyze) - Fast and comprehensive TLS/SSL configuration analyzer to help identify security mis-configurations.
|
||||
* [tls_prober](https://github.com/WestpointLtd/tls_prober) - Fingerprint a server's SSL/TLS implementation.
|
||||
* [testssl.sh](https://github.com/drwetter/testssl.sh) - Command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws.
|
||||
* [crackpkcs12](https://github.com/crackpkcs12/crackpkcs12) - Multithreaded program to crack PKCS#12 files (`.p12` and `.pfx` extensions), such as TLS/SSL certificates.
|
||||
|
||||
### Web Exploitation
|
||||
|
||||
* [OWASP Zed Attack Proxy (ZAP)](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project) - Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.
|
||||
* [Fiddler](https://www.telerik.com/fiddler) - Free cross-platform web debugging proxy with user-friendly companion tools.
|
||||
* [Burp Suite](https://portswigger.net/burp/) - Integrated platform for performing security testing of web applications.
|
||||
* [autochrome](https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/march/autochrome/) - Easy to install a test browser with all the appropriate setting needed for web application testing with native Burp support, from NCCGroup.
|
||||
* [Browser Exploitation Framework (BeEF)](https://github.com/beefproject/beef) - Command and control server for delivering exploits to commandeered Web browsers.
|
||||
* [Offensive Web Testing Framework (OWTF)](https://www.owasp.org/index.php/OWASP_OWTF) - Python-based framework for pentesting Web applications based on the OWASP Testing Guide.
|
||||
* [Wordpress Exploit Framework](https://github.com/rastating/wordpress-exploit-framework) - Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
|
||||
* [WPSploit](https://github.com/espreto/wpsploit) - Exploit WordPress-powered websites with Metasploit.
|
||||
* [SQLmap](http://sqlmap.org/) - Automatic SQL injection and database takeover tool.
|
||||
* [tplmap](https://github.com/epinna/tplmap) - Automatic server-side template injection and Web server takeover tool.
|
||||
* [weevely3](https://github.com/epinna/weevely3) - Weaponized web shell.
|
||||
* [Wappalyzer](https://www.wappalyzer.com/) - Wappalyzer uncovers the technologies used on websites.
|
||||
* [WhatWeb](https://github.com/urbanadventurer/WhatWeb) - Website fingerprinter.
|
||||
* [BlindElephant](http://blindelephant.sourceforge.net/) - Web application fingerprinter.
|
||||
* [wafw00f](https://github.com/EnableSecurity/wafw00f) - Identifies and fingerprints Web Application Firewall (WAF) products.
|
||||
* [fimap](https://github.com/kurobeats/fimap) - Find, prepare, audit, exploit and even Google automatically for LFI/RFI bugs.
|
||||
* [Kadabra](https://github.com/D35m0nd142/Kadabra) - Automatic LFI exploiter and scanner.
|
||||
* [Kadimus](https://github.com/P0cL4bs/Kadimus) - LFI scan and exploit tool.
|
||||
* [liffy](https://github.com/hvqzao/liffy) - LFI exploitation tool.
|
||||
* [Commix](https://github.com/commixproject/commix) - Automated all-in-one operating system command injection and exploitation tool.
|
||||
* [DVCS Ripper](https://github.com/kost/dvcs-ripper) - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR.
|
||||
* [GitTools](https://github.com/internetwache/GitTools) - Automatically find and download Web-accessible `.git` repositories.
|
||||
* [sslstrip](https://www.thoughtcrime.org/software/sslstrip/) - Demonstration of the HTTPS stripping attacks.
|
||||
* [sslstrip2](https://github.com/LeonardoNve/sslstrip2) - SSLStrip version to defeat HSTS.
|
||||
* [NoSQLmap](https://github.com/codingo/NoSQLMap) - Automatic NoSQL injection and database takeover tool.
|
||||
* [VHostScan](https://github.com/codingo/VHostScan) - A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
|
||||
* [FuzzDB](https://github.com/fuzzdb-project/fuzzdb) - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
|
||||
* [EyeWitness](https://github.com/ChrisTruncer/EyeWitness) - Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible.
|
||||
* [webscreenshot](https://github.com/maaaaz/webscreenshot) - A simple script to take screenshots of list of websites.
|
||||
* [recursebuster](https://github.com/c-sto/recursebuster) - Content discovery tool to perform directory and file bruteforcing.
|
||||
* [Raccoon](https://github.com/evyatarmeged/Raccoon) - High performance offensive security tool for reconnaissance and vulnerability scanning.
|
||||
* [WhatWaf](https://github.com/Ekultek/WhatWaf) - Detect and bypass web application firewalls and protection systems.
|
||||
* [badtouch](https://github.com/kpcyrd/badtouch) - Scriptable network authentication cracker.
|
||||
|
||||
### Hex Editors
|
||||
|
||||
* [HexEdit.js](https://hexed.it) - Browser-based hex editing.
|
||||
@ -414,17 +425,6 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
* [Bella](https://github.com/kdaoudieh/Bella) - Pure Python post-exploitation data mining and remote administration tool for macOS.
|
||||
* [EvilOSX](https://github.com/Marten4n6/EvilOSX) - Modular RAT that uses numerous evasion and exfiltration techniques out-of-the-box.
|
||||
|
||||
### DDoS Tools
|
||||
|
||||
* [LOIC](https://github.com/NewEraCracker/LOIC/) - Open source network stress tool for Windows.
|
||||
* [JS LOIC](http://metacortexsecurity.com/tools/anon/LOIC/LOICv1.html) - JavaScript in-browser version of LOIC.
|
||||
* [SlowLoris](https://github.com/gkbrk/slowloris) - DoS tool that uses low bandwidth on the attacking side.
|
||||
* [HOIC](https://sourceforge.net/projects/high-orbit-ion-cannon/) - Updated version of Low Orbit Ion Cannon, has 'boosters' to get around common counter measures.
|
||||
* [T50](https://gitlab.com/fredericopissarra/t50/) - Faster network stress tool.
|
||||
* [UFONet](https://github.com/epsylon/ufonet) - Abuses OSI layer 7 HTTP to create/manage 'zombies' and to conduct different attacks using; `GET`/`POST`, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.
|
||||
* [Memcrashed](https://github.com/649/Memcrashed-DDoS-Exploit) - DDoS attack tool for sending forged UDP packets to vulnerable Memcached servers obtained using Shodan API.
|
||||
* [Anevicon](https://github.com/Gymmasssorla/anevicon) - The most powerful UDP-based load generator, written in Rust.
|
||||
|
||||
### Social Engineering Tools
|
||||
|
||||
* [Social Engineer Toolkit (SET)](https://github.com/trustedsec/social-engineer-toolkit) - Open source pentesting framework designed for social engineering featuring a number of custom attack vectors to make believable attacks quickly.
|
||||
|
Loading…
Reference in New Issue
Block a user