Awesome-Mirrors/awesome-pentest
1
0
Fork 0
mirror of https://github.com/enaqx/awesome-pentest.git synced 2025-04-24 17:09:15 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into patch-2

Browse Source
This commit is contained in:
Nick Raienko 2024-09-23 08:43:45 +02:00 committed by GitHub
commit 242da46374
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 42 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
README.md
View File

@ -2,7 +2,7 @@
> A collection of awesome penetration testing and offensive cybersecurity resources.
[Penetration testing](https://en.wikipedia.org/wiki/Penetration_test) is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities.
[Penetration testing](https://en.wikipedia.org/wiki/Penetration_test) is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities. Should you discover a vulnerability, please follow [this guidance](https://kb.cert.org/vuls/guidance/) to report it responsibly.
Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Please check the [Contributing Guidelines](CONTRIBUTING.md) for more details. This work is licensed under a [Creative Commons Attribution 4.0 International License](https://creativecommons.org/licenses/by/4.0/).
@ -17,6 +17,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
* [Books](#books)
* [Malware Analysis Books](#malware-analysis-books)
* [CTF Tools](#ctf-tools)
* [Cloud Platform Attack Tools](#cloud-platform-attack-tools)
* [Collaboration Tools](#collaboration-tools)
* [Conferences and Events](#conferences-and-events)
* [Asia](#asia)
@ -135,6 +136,7 @@ See also [DEF CON Suggested Reading](https://www.defcon.org/html/links/book-list
* [Black Hat Python: Python Programming for Hackers and Pentesters by Justin Seitz, 2014](http://www.amazon.com/Black-Hat-Python-Programming-Pentesters/dp/1593275900)
* [Bug Hunter's Diary by Tobias Klein, 2011](https://nostarch.com/bughunter)
* [Car Hacker's Handbook by Craig Smith, 2016](https://nostarch.com/carhacking)
* [Effective Software Testing, 2021](https://www.manning.com/books/effective-software-testing)
* [Fuzzing: Brute Force Vulnerability Discovery by Michael Sutton et al., 2007](http://www.fuzzing.org/)
* [Metasploit: The Penetration Tester's Guide by David Kennedy et al., 2011](https://nostarch.com/metasploit)
* [Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman, 2014](https://nostarch.com/pentesting)
@ -142,6 +144,7 @@ See also [DEF CON Suggested Reading](https://www.defcon.org/html/links/book-list
* [Professional Penetration Testing by Thomas Wilhelm, 2013](https://www.elsevier.com/books/professional-penetration-testing/wilhelm/978-1-59749-993-4)
* [RTFM: Red Team Field Manual by Ben Clark, 2014](http://www.amazon.com/Rtfm-Red-Team-Field-Manual/dp/1494295504/)
* [The Art of Exploitation by Jon Erickson, 2008](https://nostarch.com/hacking2.htm)
* [The Art of Network Penetration Testing, 2020](https://www.manning.com/books/the-art-of-network-penetration-testing)
* [The Basics of Hacking and Penetration Testing by Patrick Engebretson, 2013](https://www.elsevier.com/books/the-basics-of-hacking-and-penetration-testing/engebretson/978-1-59749-655-1)
* [The Database Hacker's Handbook, David Litchfield et al., 2005](http://www.wiley.com/WileyCDA/WileyTitle/productCd-0764578014.html)
* [The Hacker Playbook by Peter Kim, 2014](http://www.amazon.com/The-Hacker-Playbook-Practical-Penetration/dp/1494932636/)
@ -163,11 +166,23 @@ See [awesome-malware-analysis § Books](https://github.com/rshipp/awesome-malwar
* [ctf-tools](https://github.com/zardus/ctf-tools) - Collection of setup scripts to install various security research tools easily and quickly deployable to new machines.
* [shellpop](https://github.com/0x00-0x00/shellpop) - Easily generate sophisticated reverse or bind shell commands to help you save time during penetration tests.
## Cloud Platform Attack Tools
See also *[HackingThe.cloud](https://hackingthe.cloud/)*.
* [Cloud Container Attack Tool (CCAT)](https://rhinosecuritylabs.com/aws/cloud-container-attack-tool/) - Tool for testing security of container environments.
* [CloudHunter](https://github.com/belane/CloudHunter) - Looks for AWS, Azure and Google cloud storage buckets and lists permissions for vulnerable buckets.
* [Cloudsplaining](https://cloudsplaining.readthedocs.io/) - Identifies violations of least privilege in AWS IAM policies and generates a pretty HTML report with a triage worksheet.
* [Endgame](https://endgame.readthedocs.io/) - AWS Pentesting tool that lets you use one-liner commands to backdoor an AWS account's resources with a rogue AWS account.
* [GCPBucketBrute](https://github.com/RhinoSecurityLabs/GCPBucketBrute) - Script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated.
## Collaboration Tools
* [Dradis](https://dradisframework.com) - Open-source reporting and collaboration tool for IT security professionals.
* [Dradis](https://dradis.com/) - Open-source reporting and collaboration tool for IT security professionals.
* [Hexway Hive](https://hexway.io/hive/) - Commercial collaboration, data aggregation, and reporting framework for red teams with a limited free self-hostable option.
* [Lair](https://github.com/lair-framework/lair/wiki) - Reactive attack collaboration framework and web application built with meteor.
* [Pentest Collaboration Framework (PCF)](https://gitlab.com/invuls/pentest-projects/pcf) - Open source, cross-platform, and portable toolkit for automating routine pentest processes with a team.
* [Reconmap](https://reconmap.com/) - Open-source collaboration platform for InfoSec professionals that streamlines the pentest process.
* [RedELK](https://github.com/outflanknl/RedELK) - Track and alarm about Blue Team activities while providing better usability in long term offensive operations.
## Conferences and Events
@ -235,15 +250,17 @@ See [awesome-malware-analysis § Books](https://github.com/rshipp/awesome-malwar
* [dnscat2](https://github.com/iagox86/dnscat2) - Tool designed to create an encrypted command and control channel over the DNS protocol, which is an effective tunnel out of almost every network.
* [pwnat](https://github.com/samyk/pwnat) - Punches holes in firewalls and NATs.
* [tgcd](http://tgcd.sourceforge.net/) - Simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls.
* [QueenSono](https://github.com/ariary/QueenSono) - Client/Server Binaries for data exfiltration with ICMP. Useful in a network where ICMP protocol is less monitored than others (which is a common case).
## Exploit Development Tools
See also *[Reverse Engineering Tools](#reverse-engineering-tools)*.
* [H26Forge](https://github.com/h26forge/h26forge) - Domain-specific infrastructure for analyzing, generating, and manipulating syntactically correct but semantically spec-non-compliant video files.
* [Magic Unicorn](https://github.com/trustedsec/unicorn) - Shellcode generator for numerous attack vectors, including Microsoft Office macros, PowerShell, HTML applications (HTA), or `certutil` (using fake certificates).
* [Pwntools](https://github.com/Gallopsled/pwntools) - Rapid exploit development framework built for use in CTFs.
* [peda](https://github.com/longld/peda) - Python Exploit Development Assistance for GDB.
* [Wordpress Exploit Framework](https://github.com/rastating/wordpress-exploit-framework) - Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
* [peda](https://github.com/longld/peda) - Python Exploit Development Assistance for GDB.
## File Format Analysis Tools
@ -288,10 +305,12 @@ See also [awesome-industrial-control-system-security](https://github.com/hslatma
* [Industrial Exploitation Framework (ISF)](https://github.com/dark-lbp/isf) - Metasploit-like exploit framework based on routersploit designed to target Industrial Control Systems (ICS), SCADA devices, PLC firmware, and more.
* [s7scan](https://github.com/klsecservices/s7scan) - Scanner for enumerating Siemens S7 PLCs on a TCP/IP or LLC network.
* [OpalOPC](https://opalopc.com/) - Commercial OPC UA vulnerability assessment tool, sold by Molemmat.
## Intentionally Vulnerable Systems
See also [awesome-vulnerable](https://github.com/kaiiyer/awesome-vulnerable).
* [Pentest-Ground](https://pentest-ground.com/).
### Intentionally Vulnerable Systems as Docker Containers
@ -324,6 +343,7 @@ See [awesome-lockpicking](https://github.com/fabacab/awesome-lockpicking).
* [Faraday](https://github.com/infobyte/faraday) - Multiuser integrated pentesting environment for red teams performing cooperative penetration tests, security audits, and risk assessments.
* [Metasploit](https://www.metasploit.com/) - Software for offensive security teams to help verify vulnerabilities and manage security assessments.
* [Pupy](https://github.com/n1nj4sec/pupy) - Cross-platform (Windows, Linux, macOS, Android) remote administration and post-exploitation tool.
* [Ronin](https://ronin-rb.dev) - Free and Open Source Ruby Toolkit for Security Research and Development, providing many different libraries and commands for a variety of security tasks, such as recon, vulnerability scanning, exploit development, exploitation, post-exploitation, and more.
## Network Tools
@ -351,6 +371,7 @@ See [awesome-lockpicking](https://github.com/fabacab/awesome-lockpicking).
### DDoS Tools
* [Anevicon](https://github.com/rozgo/anevicon) - Powerful UDP-based load generator, written in Rust.
* [D(HE)ater](https://github.com/Balasys/dheater) - D(HE)ater sends forged cryptographic handshake messages to enforce the Diffie-Hellman key exchange.
* [HOIC](https://sourceforge.net/projects/high-orbit-ion-cannon/) - Updated version of Low Orbit Ion Cannon, has 'boosters' to get around common counter measures.
* [Low Orbit Ion Canon (LOIC)](https://github.com/NewEraCracker/LOIC) - Open source network stress tool written for Windows.
* [Memcrashed](https://github.com/649/Memcrashed-DDoS-Exploit) - DDoS attack tool for sending forged UDP packets to vulnerable Memcached servers obtained using Shodan API.
@ -366,13 +387,14 @@ See [awesome-lockpicking](https://github.com/fabacab/awesome-lockpicking).
* [DNSDumpster](https://dnsdumpster.com/) - Online DNS recon and search service.
* [Mass Scan](https://github.com/robertdavidgraham/masscan) - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
* [OWASP Amass](https://github.com/OWASP/Amass) - Subdomain enumeration via scraping, web archives, brute forcing, permutations, reverse DNS sweeping, TLS certificates, passive DNS data sources, etc.
* [ScanCannon](https://github.com/johnnyxmas/ScanCannon) - Python script to quickly enumerate large networks by calling `masscan` to quickly identify open ports and then `nmap` to gain details on the systems/services on those ports.
* [ScanCannon](https://github.com/johnnyxmas/ScanCannon) - POSIX-compliant BASH script to quickly enumerate large networks by calling `masscan` to quickly identify open ports and then `nmap` to gain details on the systems/services on those ports.
* [XRay](https://github.com/evilsocket/xray) - Network (sub)domain discovery and reconnaissance automation tool.
* [dnsenum](https://github.com/fwaeytens/dnsenum/) - Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results.
* [dnsmap](https://github.com/makefu/dnsmap/) - Passive DNS network mapper.
* [dnsrecon](https://github.com/darkoperator/dnsrecon/) - DNS enumeration script.
* [dnstracer](http://www.mavetju.org/unix/dnstracer.php) - Determines where a given DNS server gets its information from, and follows the chain of DNS servers.
* [fierce](https://github.com/mschwager/fierce) - Python3 port of the original `fierce.pl` DNS reconnaissance tool for locating non-contiguous IP space.
* [netdiscover](https://github.com/netdiscover-scanner/netdiscover) - Network address discovery scanner, based on ARP sweeps, developed mainly for those wireless networks without a DHCP server.
* [nmap](https://nmap.org/) - Free security scanner for network exploration & security audits.
* [passivedns-client](https://github.com/chrislee35/passivedns-client) - Library and query tool for querying several passive DNS providers.
* [passivedns](https://github.com/gamelinux/passivedns) - Network sniffer that logs all DNS server replies for use in a passive DNS setup.
@ -420,6 +442,7 @@ See also *[Intercepting Web proxies](#intercepting-web-proxies)*.
* [mallory](https://github.com/justmao945/mallory) - HTTP/HTTPS proxy over SSH.
* [oregano](https://github.com/nametoolong/oregano) - Python module that runs as a machine-in-the-middle (MITM) accepting Tor client requests.
* [sylkie](https://dlrobertson.github.io/sylkie/) - Command line tool and library for testing networks for common address spoofing security vulnerabilities in IPv6 networks using the Neighbor Discovery Protocol.
* [PETEP](https://github.com/Warxim/petep) - Extensible TCP/UDP proxy with GUI for traffic analysis & modification with SSL/TLS support.
### Transport Layer Security Tools
@ -471,6 +494,7 @@ See also *[Intercepting Web proxies](#intercepting-web-proxies)*.
* [WebReaver](https://www.webreaver.com/) - Commercial, graphical web application vulnerability scanner designed for macOS.
* [cms-explorer](https://code.google.com/archive/p/cms-explorer/) - Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running.
* [joomscan](https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project) - Joomla vulnerability scanner.
* [skipfish](https://www.kali.org/tools/skipfish/) - Performant and adaptable active web application security reconnaissance tool.
* [w3af](https://github.com/andresriancho/w3af) - Web application attack and audit framework.
## Online Resources
@ -511,10 +535,11 @@ See also *[Intercepting Web proxies](#intercepting-web-proxies)*.
* [JavaScript Programming](https://github.com/sorrycc/awesome-javascript) - In-browser development and scripting.
* [Kali Linux Tools](http://tools.kali.org/tools-listing) - List of tools present in Kali Linux.
* [Node.js Programming by @sindresorhus](https://github.com/sindresorhus/awesome-nodejs) - Curated list of delightful Node.js packages and resources.
* [Pentest Cheat Sheets](https://github.com/coreb1t/awesome-pentest-cheat-sheets) - Awesome Pentest Cheat Sheets.
* [Pentest Cheat Sheets](https://github.com/ByteSnipers/awesome-pentest-cheat-sheets) - Awesome Pentest Cheat Sheets.
* [Python Programming by @svaksha](https://github.com/svaksha/pythonidae) - General Python programming.
* [Python Programming by @vinta](https://github.com/vinta/awesome-python) - General Python programming.
* [Python tools for penetration testers](https://github.com/dloss/python-pentest-tools) - Lots of pentesting tools are written in Python.
* [Rawsec's CyberSecurity Inventory](https://inventory.raw.pm/) - An open-source inventory of tools, resources, CTF platforms and Operating Systems about CyberSecurity. ([Source](https://gitlab.com/rawsec/rawsec-cybersecurity-list))
* [Red Teaming](https://github.com/yeyintminthuhtut/Awesome-Red-Teaming) - List of Awesome Red Teaming Resources.
* [Ruby Programming by @Sdogruyol](https://github.com/Sdogruyol/awesome-ruby) - The de-facto language for writing exploits.
* [Ruby Programming by @dreikanter](https://github.com/dreikanter/ruby-bookmarks) - The de-facto language for writing exploits.
@ -551,8 +576,8 @@ See also [awesome-osint](https://github.com/jivoi/awesome-osint).
* [image-match](https://github.com/ascribe/image-match) - Quickly search over billions of images.
* [recon-ng](https://github.com/lanmaster53/recon-ng) - Full-featured Web Reconnaissance framework written in Python.
* [sn0int](https://github.com/kpcyrd/sn0int) - Semi-automatic OSINT framework and package manager.
* [Keyscope](https://github.com/SpectralOps/keyscope) - an extensible key and secret validation for auditing active secrets against multiple SaaS vendors built in Rust
* [Keyscope](https://github.com/SpectralOps/keyscope) - An extensible key and secret validation for auditing active secrets against multiple SaaS vendors.
* [Facebook Friend List Scraper](https://github.com/narkopolo/fb_friend_list_scraper) - Tool to scrape names and usernames from large friend lists on Facebook, without being rate limited.
### Data Broker and Search Engine Services
@ -610,6 +635,7 @@ See also *[Web-accessible source code ripping tools](#web-accessible-source-code
* [BlindElephant](http://blindelephant.sourceforge.net/) - Web application fingerprinter.
* [EyeWitness](https://github.com/ChrisTruncer/EyeWitness) - Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible.
* [GraphQL Voyager](https://graphql-kit.com/graphql-voyager/) - Represent any GraphQL API as an interactive graph, letting you explore data models from any Web site with a GraphQL query endpoint.
* [VHostScan](https://github.com/codingo/VHostScan) - Virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
* [Wappalyzer](https://www.wappalyzer.com/) - Wappalyzer uncovers the technologies used on websites.
* [WhatWaf](https://github.com/Ekultek/WhatWaf) - Detect and bypass web application firewalls and protection systems.
@ -650,6 +676,8 @@ See also *[Web-accessible source code ripping tools](#web-accessible-source-code
## Privilege Escalation Tools
* [Active Directory and Privilege Escalation (ADAPE)](https://github.com/hausec/ADAPE-Script) - Umbrella script that automates numerous useful PowerShell modules to discover security misconfigurations and attempt privilege escalation against Active Directory.
* [GTFOBins](https://gtfobins.github.io/) - Curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems.
* [LOLBAS (Living Off The Land Binaries and Scripts)](https://lolbas-project.github.io/) - Documents binaries, scripts, and libraries that can be used for "Living Off The Land" techniques, i.e., binaries that can be used by an attacker to perform actions beyond their original purpose.
* [LinEnum](https://github.com/rebootuser/LinEnum) - Scripted local Linux enumeration and privilege escalation checker useful for auditing a host and during CTF gaming.
* [Postenum](https://github.com/mbahadou/postenum) - Shell script used for enumerating possible privilege escalation opportunities on a local GNU/Linux system.
* [unix-privesc-check](https://github.com/pentestmonkey/unix-privesc-check) - Shell script to check for simple privilege escalation vectors on UNIX systems.
@ -704,6 +732,7 @@ See also [awesome-reversing](https://github.com/tylerha97/awesome-reversing), [*
* [European Union Agency for Network and Information Security](https://www.enisa.europa.eu/topics/trainings-for-cybersecurity-specialists/online-training-material) - ENISA Cyber Security Training material.
* [Offensive Security Training](https://www.offensive-security.com/information-security-training/) - Training from BackTrack/Kali developers.
* [Open Security Training](http://opensecuritytraining.info/) - Training material for computer security classes.
* [Roppers Academy Training](https://www.hoppersroppers.org/training.html) - Free courses on computing and security fundamentals designed to train a beginner to crush their first CTF.
* [SANS Security Training](http://www.sans.org/) - Computer Security Training & Certification.
## Shellcoding Guides and Tutorials
@ -771,6 +800,7 @@ See also [awesome-social-engineering](https://github.com/v2-dev/awesome-social-e
## Vulnerability Databases
* [Bugtraq (BID)](http://www.securityfocus.com/bid/) - Software security bug identification database compiled from submissions to the SecurityFocus mailing list and other sources, operated by Symantec, Inc.
* [CISA Known Vulnerabilities Database (KEV)](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) - Vulnerabilities in various systems already known to America's cyber defense agency, the Cybersecurity and Infrastructure Security Agency, to be actively exploited.
* [CXSecurity](https://cxsecurity.com/) - Archive of published CVE and Bugtraq software vulnerabilities cross-referenced with a Google dork database for discovering the listed vulnerability.
* [China National Vulnerability Database (CNNVD)](http://www.cnnvd.org.cn/) - Chinese government-run vulnerability database analoguous to the United States's CVE database hosted by Mitre Corporation.
* [Common Vulnerabilities and Exposures (CVE)](https://cve.mitre.org/) - Dictionary of common names (i.e., CVE Identifiers) for publicly known security vulnerabilities.
@ -787,6 +817,7 @@ See also [awesome-social-engineering](https://github.com/v2-dev/awesome-social-e
* [SecuriTeam](http://www.securiteam.com/) - Independent source of software vulnerability information.
* [Snyk Vulnerability DB](https://snyk.io/vuln/) - Detailed information and remediation guidance for vulnerabilities known by Snyk.
* [US-CERT Vulnerability Notes Database](https://www.kb.cert.org/vuls/) - Summaries, technical details, remediation information, and lists of vendors affected by software vulnerabilities, aggregated by the United States Computer Emergency Response Team (US-CERT).
* [VulDB](https://vuldb.com) - Independent vulnerability database with user community, exploit details, and additional meta data (e.g. CPE, CVSS, CWE)
* [Vulnerability Lab](https://www.vulnerability-lab.com/) - Open forum for security advisories organized by category of exploit target.
* [Vulners](https://vulners.com/) - Security database of software vulnerabilities.
* [Vulmon](https://vulmon.com/) - Vulnerability search engine with vulnerability intelligence features that conducts full text searches in its database.
@ -800,6 +831,7 @@ See also [awesome-social-engineering](https://github.com/v2-dev/awesome-social-e
* [WPSploit](https://github.com/espreto/wpsploit) - Exploit WordPress-powered websites with Metasploit.
* [autochrome](https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/march/autochrome/) - Chrome browser profile preconfigured with appropriate settings needed for web application testing.
* [badtouch](https://github.com/kpcyrd/badtouch) - Scriptable network authentication cracker.
* [gobuster](https://github.com/OJ/gobuster) - Lean multipurpose brute force search/fuzzing tool for Web (and DNS) reconnaissance.
* [sslstrip2](https://github.com/LeonardoNve/sslstrip2) - SSLStrip version to defeat HSTS.
* [sslstrip](https://www.thoughtcrime.org/software/sslstrip/) - Demonstration of the HTTPS stripping attacks.
@ -828,6 +860,7 @@ See also *[Proxies and Machine-in-the-Middle (MITM) Tools](#proxies-and-machine-
### Web path discovery and bruteforcing tools
* [DotDotPwn](https://dotdotpwn.blogspot.com/) - Directory traversal fuzzer.
* [dirsearch](https://github.com/maurosoria/dirsearch) - Web path scanner.
* [recursebuster](https://github.com/c-sto/recursebuster) - Content discovery tool to perform directory and file bruteforcing.
@ -835,8 +868,9 @@ See also *[Proxies and Machine-in-the-Middle (MITM) Tools](#proxies-and-machine-
* [Browser Exploitation Framework (BeEF)](https://github.com/beefproject/beef) - Command and control server for delivering exploits to commandeered Web browsers.
* [DAws](https://github.com/dotcppfile/DAws) - Advanced Web shell.
* [SharPyShell](https://github.com/antonioCoco/SharPyShell) - Tiny and obfuscated ASP.NET webshell for C# web applications.
* [Merlin](https://github.com/Ne0nd0g/merlin) - Cross-platform post-exploitation HTTP/2 Command and Control server and agent written in Golang.
* [PhpSploit](https://github.com/nil0x42/phpsploit) - Full-featured C2 framework which silently persists on webserver via evil PHP oneliner.
* [SharPyShell](https://github.com/antonioCoco/SharPyShell) - Tiny and obfuscated ASP.NET webshell for C# web applications.
* [weevely3](https://github.com/epinna/weevely3) - Weaponized PHP-based web shell.
### Web-accessible source code ripping tools