From 2bf587dcadc0380a607544729e0325d3000cd72f Mon Sep 17 00:00:00 2001 From: Meitar M Date: Wed, 3 Apr 2019 00:15:44 -0400 Subject: [PATCH] Add Covenant, fix grammar, move Commando VM to Windows section. --- README.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 3881466..110a50c 100644 --- a/README.md +++ b/README.md @@ -417,7 +417,7 @@ See also [Defcon Suggested Reading](https://www.defcon.org/html/links/book-list. * [JCS](https://github.com/TheM4hd1/JCS) - Joomla Vulnerability Component Scanner with automatic database updater from exploitdb and packetstorm. * [Netsparker Application Security Scanner](https://www.netsparker.com/) - Application security scanner to automatically find security flaws. * [Nikto](https://cirt.net/nikto2) - Noisy but fast black box web server and web application vulnerability scanner. -* [SQLmate](https://github.com/UltimateHackers/sqlmate) - A friend of sqlmap that identifies sqli vulnerabilities based on a given dork and website (optional). +* [SQLmate](https://github.com/UltimateHackers/sqlmate) - Friend of `sqlmap` that identifies SQLi vulnerabilities based on a given dork and (optional) website. * [SecApps](https://secapps.com/) - In-browser web application security testing suite. * [WPScan](https://wpscan.org/) - Black box WordPress vulnerability scanner. * [Wapiti](http://wapiti.sourceforge.net/) - Black box web application vulnerability scanner with built-in fuzzer. @@ -545,7 +545,7 @@ See also [Defcon Suggested Reading](https://www.defcon.org/html/links/book-list. * [SecTools](http://sectools.org/) - Top 125 Network Security Tools. * [Security Talks](https://github.com/PaulSec/awesome-sec-talks) - Curated list of security conferences. * [Security](https://github.com/sbilly/awesome-security) - Software, libraries, documents, and other resources. -* [Serverless Security](https://github.com/puresec/awesome-serverless-security/) - A curated list of awesome serverless security resources such as (e)books, articles, whitepapers, blogs and research papers. +* [Serverless Security](https://github.com/puresec/awesome-serverless-security/) - Curated list of awesome serverless security resources such as (e)books, articles, whitepapers, blogs and research papers. * [Shell Scripting](https://github.com/alebcay/awesome-shell) - Command line frameworks, toolkits, guides and gizmos. * [YARA](https://github.com/InQuest/awesome-yara) - YARA rules, tools, and people. @@ -568,7 +568,6 @@ See also [Defcon Suggested Reading](https://www.defcon.org/html/links/book-list. * [Parrot](https://www.parrotsec.org/) - Distribution similar to Kali, with support for multiple hardware architectures. * [PentestBox](https://pentestbox.org/) - Open source pre-configured portable penetration testing environment for the Windows Operating System. * [The Pentesters Framework](https://github.com/trustedsec/ptf) - Distro organized around the Penetration Testing Execution Standard (PTES), providing a curated collection of utilities that omits less frequently used utilities. -* [Commando VM](https://github.com/fireeye/commando-vm) - Windows-based security distribution for penetration testing and red teaming. ## Periodicals @@ -694,7 +693,7 @@ See also [awesome-reversing](https://github.com/tylerha97/awesome-reversing). * [Offensive Web Testing Framework (OWTF)](https://www.owasp.org/index.php/OWASP_OWTF) - Python-based framework for pentesting Web applications based on the OWASP Testing Guide. * [Raccoon](https://github.com/evyatarmeged/Raccoon) - High performance offensive security tool for reconnaissance and vulnerability scanning. * [SQLmap](http://sqlmap.org/) - Automatic SQL injection and database takeover tool. -* [VHostScan](https://github.com/codingo/VHostScan) - A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages. +* [VHostScan](https://github.com/codingo/VHostScan) - Virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages. * [WPSploit](https://github.com/espreto/wpsploit) - Exploit WordPress-powered websites with Metasploit. * [Wappalyzer](https://www.wappalyzer.com/) - Wappalyzer uncovers the technologies used on websites. * [WhatWaf](https://github.com/Ekultek/WhatWaf) - Detect and bypass web application firewalls and protection systems. @@ -716,6 +715,8 @@ See also [awesome-reversing](https://github.com/tylerha97/awesome-reversing). * [Active Directory and Privilege Escalation (ADAPE)](https://github.com/hausec/ADAPE-Script) - Umbrella script that automates numerous useful PowerShell modules to discover security misconfigurations and attempt privilege escalation against Active Directory. * [Bloodhound](https://github.com/adaptivethreat/Bloodhound/wiki) - Graphical Active Directory trust relationship explorer. +* [Commando VM](https://github.com/fireeye/commando-vm) - Automated installation of over 140 Windows software packages for penetration testing and red teaming. +* [Covenant](https://github.com/cobbr/Covenant) - ASP.NET Core application that serves as a collaborative command and control platform for red teamers. * [DeathStar](https://github.com/byt3bl33d3r/DeathStar) - Python script that uses Empire's RESTful API to automate gaining Domain Admin rights in Active Directory environments. * [Empire](https://www.powershellempire.com/) - Pure PowerShell post-exploitation agent. * [Fibratus](https://github.com/rabbitstack/fibratus) - Tool for exploration and tracing of the Windows kernel.