diff --git a/README.md b/README.md index 546bdb2..dae748c 100644 --- a/README.md +++ b/README.md @@ -54,6 +54,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Network device discovery tools](#network-device-discovery-tools) * [OSINT Online Resources](#osint-online-resources) * [Source code repository searching tools](#source-code-repository-searching-tools) + * [Web application and resource analysis tools](#web-application-and-resource-analysis-tools) * [Online Resources](#online-resources) * [Online Code Samples and Examples](#online-code-samples-and-examples) * [Online Exploit Development Resources](#online-exploit-development-resources) @@ -66,6 +67,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Periodicals](#periodicals) * [Physical Access Tools](#physical-access-tools) * [Privilege Escalation Tools](#privilege-escalation-tools) + * [Password Spraying Tools](#password-spraying-tools) * [Reverse Engineering](#reverse-engineering) * [Reverse Engineering Books](#reverse-engineering-books) * [Reverse Engineering Tools](#reverse-engineering-tools) @@ -80,12 +82,17 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Steganography Tools](#steganography-tools) * [Vulnerability Databases](#vulnerability-databases) * [Web Exploitation](#web-exploitation) + * [Intercepting Web proxies](#intercepting-web-proxies) + * [Web file inclusion tools](#web-file-inclusion-tools) + * [Web injection tools](#web-injection-tools) + * [Web path discovery and bruteforcing tools](#web-path-discovery-and-bruteforcing-tools) + * [Web shells and C2 frameworks](#web-shells-and-c2-frameworks) + * [Web-accessible source code ripping tools](#web-accessible-source-code-ripping-tools) * [Web Exploitation Books](#web-exploitation-books) * [Windows Utilities](#windows-utilities) ## Android Utilities -* [Android Open Pwn Project (AOPP)](https://www.pwnieexpress.com/aopp) - Variant of the Android Open Source Project (AOSP), called Pwnix, is built from the ground up for network hacking and pentesting. * [cSploit](https://www.csploit.org/) - Advanced IT security professional toolkit on Android featuring an integrated Metasploit daemon and MITM capabilities. * [Fing](https://www.fing.com/products/fing-app/) - Network scanning and host enumeration app that performs NetBIOS, UPnP, Bonjour, SNMP, and various other advanced device fingerprinting techniques. @@ -114,7 +121,6 @@ See also [awesome-tor](https://github.com/ajvb/awesome-tor). * [Shellter](https://www.shellterproject.com/) - Dynamic shellcode injection tool, and the first truly dynamic PE infector ever created. * [UniByAv](https://github.com/Mr-Un1k0d3r/UniByAv) - Simple obfuscator that takes raw shellcode and generates Anti-Virus friendly executables by using a brute-forcable, 32-bit XOR key. * [Veil](https://www.veil-framework.com/) - Generate metasploit payloads that bypass common anti-virus solutions. -* [peCloak.py](https://www.securitysift.com/pecloak-py-an-experiment-in-av-evasion/) - Automates the process of hiding a malicious Windows executable from antivirus (AV) detection. * [peCloakCapstone](https://github.com/v-p-b/peCloakCapstone) - Multi-platform fork of the peCloak.py automated malware antivirus evasion tool. ## Books @@ -161,6 +167,7 @@ See [awesome-malware-analysis § Books](https://github.com/rshipp/awesome-malwar * [Dradis](https://dradisframework.com) - Open-source reporting and collaboration tool for IT security professionals. * [Lair](https://github.com/lair-framework/lair/wiki) - Reactive attack collaboration framework and web application built with meteor. +* [Pentest Collaboration Framework (PCF)](https://gitlab.com/invuls/pentest-projects/pcf) - Open source, cross-platform, and portable toolkit for automating routine pentest processes with a team. * [RedELK](https://github.com/outflanknl/RedELK) - Track and alarm about Blue Team activities while providing better usability in long term offensive operations. ## Conferences and Events @@ -214,6 +221,7 @@ See [awesome-malware-analysis § Books](https://github.com/rshipp/awesome-malwar ### South America * [Ekoparty](http://www.ekoparty.org) - Largest Security Conference in Latin America, held annually in Buenos Aires, Argentina. +* [Hackers to Hackers Conference (H2HC)](https://www.h2hc.com.br/) - Oldest security research (hacking) conference in Latin America and one of the oldest ones still active in the world. ### Zealandia @@ -227,6 +235,7 @@ See [awesome-malware-analysis § Books](https://github.com/rshipp/awesome-malwar * [dnscat2](https://github.com/iagox86/dnscat2) - Tool designed to create an encrypted command and control channel over the DNS protocol, which is an effective tunnel out of almost every network. * [pwnat](https://github.com/samyk/pwnat) - Punches holes in firewalls and NATs. * [tgcd](http://tgcd.sourceforge.net/) - Simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls. +* [QueenSono](https://github.com/ariary/QueenSono) - Client/Server Binaries for data exfiltration with ICMP. Useful in a network where ICMP protocol is less monitored than others (which is a common case). ## Exploit Development Tools @@ -266,7 +275,6 @@ See also *[Reverse Engineering Tools](#reverse-engineering-tools)*. ## Hex Editors -* [0xED](http://www.suavetech.com/0xed/0xed.html) - Native macOS hex editor that supports plug-ins to display custom data types. * [Bless](https://github.com/bwrsandman/Bless) - High quality, full featured, cross-platform graphical hex editor written in Gtk#. * [Frhed](http://frhed.sourceforge.net/) - Binary file editor for Windows. * [Hex Fiend](http://ridiculousfish.com/hexfiend/) - Fast, open source, hex editor for macOS with support for viewing binary diffs. @@ -330,6 +338,7 @@ See [awesome-lockpicking](https://github.com/fabacab/awesome-lockpicking). * [Praeda](http://h.foofus.net/?page_id=218) - Automated multi-function printer data harvester for gathering usable data during security assessments. * [Printer Exploitation Toolkit (PRET)](https://github.com/RUB-NDS/PRET) - Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features. * [SPARTA](https://sparta.secforce.com/) - Graphical interface offering scriptable, configurable access to existing network infrastructure scanning and enumeration tools. +* [SigPloit](https://github.com/SigPloiter/SigPloit) - Signaling security testing framework dedicated to telecom security for researching vulnerabilites in the signaling protocols used in mobile (cellular phone) operators. * [Smart Install Exploitation Tool (SIET)](https://github.com/Sab0tag3d/SIET) - Scripts for identifying Cisco Smart Install-enabled switches on a network and then manipulating them. * [THC Hydra](https://github.com/vanhauser-thc/thc-hydra) - Online password cracking tool with built-in support for many network protocols, including HTTP, SMB, FTP, telnet, ICQ, MySQL, LDAP, IMAP, VNC, and more. * [Tsunami](https://github.com/google/tsunami-security-scanner) - General purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence. @@ -383,7 +392,7 @@ See also [awesome-pcaptools](https://github.com/caesar0301/awesome-pcaptools). * [Dshell](https://github.com/USArmyResearchLab/Dshell) - Network forensic analysis framework. * [Netzob](https://github.com/netzob/netzob) - Reverse engineering, traffic generation and fuzzing of communication protocols. * [Wireshark](https://www.wireshark.org/) - Widely-used graphical, cross-platform network protocol analyzer. -* [netsniff-ng](https://github.com/netsniff-ng/netsniff-ng) - Swiss army knife for for network sniffing. +* [netsniff-ng](https://github.com/netsniff-ng/netsniff-ng) - Swiss army knife for network sniffing. * [sniffglue](https://github.com/kpcyrd/sniffglue) - Secure multithreaded packet sniffer. * [tcpdump/libpcap](http://www.tcpdump.org/) - Common packet analyzer that runs under the command line. @@ -399,6 +408,8 @@ See also [awesome-pcaptools](https://github.com/caesar0301/awesome-pcaptools). ### Proxies and Machine-in-the-Middle (MITM) Tools +See also *[Intercepting Web proxies](#intercepting-web-proxies)*. + * [BetterCAP](https://www.bettercap.org/) - Modular, portable and easily extensible MITM framework. * [Ettercap](http://www.ettercap-project.org) - Comprehensive, mature suite for machine-in-the-middle attacks. * [Habu](https://github.com/portantier/habu) - Python utility implementing a variety of network attacks, such as ARP poisoning, DHCP starvation, and more. @@ -409,7 +420,6 @@ See also [awesome-pcaptools](https://github.com/caesar0301/awesome-pcaptools). * [dnschef](https://github.com/iphelix/dnschef) - Highly configurable DNS proxy for pentesters. * [evilgrade](https://github.com/infobyte/evilgrade) - Modular framework to take advantage of poor upgrade implementations by injecting fake updates. * [mallory](https://github.com/justmao945/mallory) - HTTP/HTTPS proxy over SSH. -* [mitmproxy](https://mitmproxy.org/) - Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers. * [oregano](https://github.com/nametoolong/oregano) - Python module that runs as a machine-in-the-middle (MITM) accepting Tor client requests. * [sylkie](https://dlrobertson.github.io/sylkie/) - Command line tool and library for testing networks for common address spoofing security vulnerabilities in IPv6 networks using the Neighbor Discovery Protocol. @@ -443,6 +453,7 @@ See also [awesome-pcaptools](https://github.com/caesar0301/awesome-pcaptools). ## Network Vulnerability Scanners * [celerystalk](https://github.com/sethsec/celerystalk) - Asynchronous enumeration and vulnerability scanner that "runs all the tools on all the hosts" in a configurable manner. +* [kube-hunter](https://kube-hunter.aquasec.com/) - Open-source tool that runs a set of tests ("hunters") for security issues in Kubernetes clusters from either outside ("attacker's view") or inside a cluster. * [Nessus](https://www.tenable.com/products/nessus-vulnerability-scanner) - Commercial vulnerability management, configuration, and compliance assessment platform, sold by Tenable. * [Netsparker Application Security Scanner](https://www.netsparker.com/pricing/) - Application security scanner to automatically find security flaws. * [Nexpose](https://www.rapid7.com/products/nexpose/) - Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7. @@ -488,6 +499,7 @@ See also [awesome-pcaptools](https://github.com/caesar0301/awesome-pcaptools). * [Android Security](https://github.com/ashishb/android-security-awesome) - Collection of Android security related resources. * [AppSec](https://github.com/paragonie/awesome-appsec) - Resources for learning about application security. * [Awesome Awesomness](https://github.com/bayandin/awesome-awesomeness) - The List of the Lists. +* [Awesome Malware](https://github.com/fabacab/awesome-malware) - Curated collection of awesome malware, botnets, and other post-exploitation tools. * [Awesome Shodan Queries](https://github.com/jakejarvis/awesome-shodan-queries) - Awesome list of useful, funny, and depressing search queries for Shodan. * [AWS Tool Arsenal](https://github.com/toniblyx/my-arsenal-of-aws-security-tools) - List of tools for testing and securing AWS environments. * [Blue Team](https://github.com/fabacab/awesome-cybersecurity-blueteam) - Awesome resources, tools, and other shiny things for cybersecurity blue teams. @@ -528,6 +540,7 @@ See also [awesome-pcaptools](https://github.com/caesar0301/awesome-pcaptools). See also [awesome-osint](https://github.com/jivoi/awesome-osint). * [DataSploit](https://github.com/upgoingstar/datasploit) - OSINT visualizer utilizing Shodan, Censys, Clearbit, EmailHunter, FullContact, and Zoomeye behind the scenes. +* [Depix](https://github.com/beurtschipper/Depix) - Tool for recovering passwords from pixelized screenshots (by de-pixelating text). * [GyoiThon](https://github.com/gyoisamurai/GyoiThon) - GyoiThon is an Intelligence Gathering tool using Machine Learning. * [Intrigue](http://intrigue.io) - Automated OSINT & Attack Surface discovery framework with powerful API, UI and CLI. * [Maltego](http://www.maltego.com/) - Proprietary software for open sources intelligence and forensics. @@ -589,9 +602,22 @@ See also [awesome-osint](https://github.com/jivoi/awesome-osint). ### Source code repository searching tools +See also *[Web-accessible source code ripping tools](#web-accessible-source-code-ripping-tools)*. + * [vcsmap](https://github.com/melvinsh/vcsmap) - Plugin-based tool to scan public version control systems for sensitive information. * [Yar](https://github.com/Furduhlutur/yar) - Clone git repositories to search through the whole commit history in order of commit time for secrets, tokens, or passwords. +### Web application and resource analysis tools + +* [BlindElephant](http://blindelephant.sourceforge.net/) - Web application fingerprinter. +* [EyeWitness](https://github.com/ChrisTruncer/EyeWitness) - Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible. +* [VHostScan](https://github.com/codingo/VHostScan) - Virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages. +* [Wappalyzer](https://www.wappalyzer.com/) - Wappalyzer uncovers the technologies used on websites. +* [WhatWaf](https://github.com/Ekultek/WhatWaf) - Detect and bypass web application firewalls and protection systems. +* [WhatWeb](https://github.com/urbanadventurer/WhatWeb) - Website fingerprinter. +* [wafw00f](https://github.com/EnableSecurity/wafw00f) - Identifies and fingerprints Web Application Firewall (WAF) products. +* [webscreenshot](https://github.com/maaaaz/webscreenshot) - Simple script to take screenshots of websites from a list of sites. + ## Operating System Distributions * [Android Tamer](https://androidtamer.com/) - Distribution built for Android security professionals that includes tools required for Android security testing. @@ -629,6 +655,11 @@ See also [awesome-osint](https://github.com/jivoi/awesome-osint). * [Postenum](https://github.com/mbahadou/postenum) - Shell script used for enumerating possible privilege escalation opportunities on a local GNU/Linux system. * [unix-privesc-check](https://github.com/pentestmonkey/unix-privesc-check) - Shell script to check for simple privilege escalation vectors on UNIX systems. +### Password Spraying Tools + +* [DomainPasswordSpray](https://github.com/dafthack/DomainPasswordSpray) - Tool written in PowerShell to perform a password spray attack against users of a domain. +* [SprayingToolkit](https://github.com/byt3bl33d3r/SprayingToolkit) - Scripts to make password spraying attacks against Lync/S4B, Outlook Web Access (OWA) and Office 365 (O365) a lot quicker, less painful and more efficient. + ## Reverse Engineering See also [awesome-reversing](https://github.com/tylerha97/awesome-reversing), [*Exploit Development Tools*](#exploit-development-tools). @@ -643,7 +674,9 @@ See also [awesome-reversing](https://github.com/tylerha97/awesome-reversing), [* ### Reverse Engineering Tools +* [angr](https://angr.io/) - Platform-agnostic binary analysis framework. * [Capstone](http://www.capstone-engine.org/) - Lightweight multi-platform, multi-architecture disassembly framework. +* [Detect It Easy(DiE)](https://github.com/horsicq/Detect-It-Easy) - Program for determining types of files for Windows, Linux and MacOS. * [Evan's Debugger](http://www.codef00.com/projects#debugger) - OllyDbg-like debugger for GNU/Linux. * [Frida](https://www.frida.re/) - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers. * [Fridax](https://github.com/NorthwaveNL/fridax) - Read variables and intercept/hook functions in Xamarin/Mono JIT and AOT compiled iOS/Android applications. @@ -733,6 +766,7 @@ See also [awesome-social-engineering](https://github.com/v2-dev/awesome-social-e ## Steganography Tools * [Cloakify](https://github.com/TryCatchHCF/Cloakify) - Textual steganography toolkit that converts any filetype into lists of everyday strings. +* [StegOnline](https://stegonline.georgeom.net/) - Web-based, enhanced, and open-source port of StegSolve. * [StegCracker](https://github.com/Paradoxis/StegCracker) - Steganography brute-force utility to uncover hidden data inside files. ## Vulnerability Databases @@ -749,6 +783,7 @@ See also [awesome-social-engineering](https://github.com/v2-dev/awesome-social-e * [Microsoft Security Advisories and Bulletins](https://docs.microsoft.com/en-us/security-updates/) - Archive and announcements of security advisories impacting Microsoft software, published by the Microsoft Security Response Center (MSRC). * [Mozilla Foundation Security Advisories](https://www.mozilla.org/security/advisories/) - Archive of security advisories impacting Mozilla software, including the Firefox Web Browser. * [National Vulnerability Database (NVD)](https://nvd.nist.gov/) - United States government's National Vulnerability Database provides additional meta-data (CPE, CVSS scoring) of the standard CVE List along with a fine-grained search engine. +* [Open Source Vulnerabilities (OSV)](https://osv.dev/) - Database of vulnerabilities affecting open source software, queryable by project, Git commit, or version. * [Packet Storm](https://packetstormsecurity.com/files/) - Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry. * [SecuriTeam](http://www.securiteam.com/) - Independent source of software vulnerability information. * [Snyk Vulnerability DB](https://snyk.io/vuln/) - Detailed information and remediation guidance for vulnerabilities known by Snyk. @@ -760,45 +795,63 @@ See also [awesome-social-engineering](https://github.com/v2-dev/awesome-social-e ## Web Exploitation -* [BlindElephant](http://blindelephant.sourceforge.net/) - Web application fingerprinter. -* [Browser Exploitation Framework (BeEF)](https://github.com/beefproject/beef) - Command and control server for delivering exploits to commandeered Web browsers. -* [Burp Suite](https://portswigger.net/burp/) - Integrated platform for performing security testing of web applications. -* [Commix](https://github.com/commixproject/commix) - Automated all-in-one operating system command injection and exploitation tool. -* [DVCS Ripper](https://github.com/kost/dvcs-ripper) - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR. -* [EyeWitness](https://github.com/ChrisTruncer/EyeWitness) - Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible. -* [Fiddler](https://www.telerik.com/fiddler) - Free cross-platform web debugging proxy with user-friendly companion tools. * [FuzzDB](https://github.com/fuzzdb-project/fuzzdb) - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery. -* [GitTools](https://github.com/internetwache/GitTools) - Automatically find and download Web-accessible `.git` repositories. -* [Kadimus](https://github.com/P0cL4bs/Kadimus) - LFI scan and exploit tool. -* [LFISuite](https://github.com/D35m0nd142/LFISuite) - Automatic LFI scanner and exploiter. -* [NoSQLmap](https://github.com/codingo/NoSQLMap) - Automatic NoSQL injection and database takeover tool. -* [OWASP Zed Attack Proxy (ZAP)](https://www.zaproxy.org/) - Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications. * [Offensive Web Testing Framework (OWTF)](https://www.owasp.org/index.php/OWASP_OWTF) - Python-based framework for pentesting Web applications based on the OWASP Testing Guide. * [Raccoon](https://github.com/evyatarmeged/Raccoon) - High performance offensive security tool for reconnaissance and vulnerability scanning. -* [SQLmap](http://sqlmap.org/) - Automatic SQL injection and database takeover tool. -* [VHostScan](https://github.com/codingo/VHostScan) - Virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages. * [WPSploit](https://github.com/espreto/wpsploit) - Exploit WordPress-powered websites with Metasploit. -* [Wappalyzer](https://www.wappalyzer.com/) - Wappalyzer uncovers the technologies used on websites. -* [WhatWaf](https://github.com/Ekultek/WhatWaf) - Detect and bypass web application firewalls and protection systems. -* [WhatWeb](https://github.com/urbanadventurer/WhatWeb) - Website fingerprinter. -* [autochrome](https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/march/autochrome/) - Easy to install a test browser with all the appropriate setting needed for web application testing with native Burp support, from NCCGroup. +* [autochrome](https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/march/autochrome/) - Chrome browser profile preconfigured with appropriate settings needed for web application testing. * [badtouch](https://github.com/kpcyrd/badtouch) - Scriptable network authentication cracker. -* [fimap](https://github.com/kurobeats/fimap) - Find, prepare, audit, exploit and even Google automatically for LFI/RFI bugs. -* [liffy](https://github.com/hvqzao/liffy) - LFI exploitation tool. -* [recursebuster](https://github.com/c-sto/recursebuster) - Content discovery tool to perform directory and file bruteforcing. * [sslstrip2](https://github.com/LeonardoNve/sslstrip2) - SSLStrip version to defeat HSTS. * [sslstrip](https://www.thoughtcrime.org/software/sslstrip/) - Demonstration of the HTTPS stripping attacks. + +### Intercepting Web proxies + +See also *[Proxies and Machine-in-the-Middle (MITM) Tools](#proxies-and-machine-in-the-middle-mitm-tools)*. + +* [Burp Suite](https://portswigger.net/burp/) - Integrated platform for performing security testing of web applications. +* [Fiddler](https://www.telerik.com/fiddler) - Free cross-platform web debugging proxy with user-friendly companion tools. +* [OWASP Zed Attack Proxy (ZAP)](https://www.zaproxy.org/) - Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications. +* [mitmproxy](https://mitmproxy.org/) - Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers. + +### Web file inclusion tools + +* [Kadimus](https://github.com/P0cL4bs/Kadimus) - LFI scan and exploit tool. +* [LFISuite](https://github.com/D35m0nd142/LFISuite) - Automatic LFI scanner and exploiter. +* [fimap](https://github.com/kurobeats/fimap) - Find, prepare, audit, exploit and even Google automatically for LFI/RFI bugs. +* [liffy](https://github.com/hvqzao/liffy) - LFI exploitation tool. + +### Web injection tools + +* [Commix](https://github.com/commixproject/commix) - Automated all-in-one operating system command injection and exploitation tool. +* [NoSQLmap](https://github.com/codingo/NoSQLMap) - Automatic NoSQL injection and database takeover tool. +* [SQLmap](http://sqlmap.org/) - Automatic SQL injection and database takeover tool. * [tplmap](https://github.com/epinna/tplmap) - Automatic server-side template injection and Web server takeover tool. -* [wafw00f](https://github.com/EnableSecurity/wafw00f) - Identifies and fingerprints Web Application Firewall (WAF) products. -* [webscreenshot](https://github.com/maaaaz/webscreenshot) - Simple script to take screenshots of websites from a list of sites. + +### Web path discovery and bruteforcing tools + +* [dirsearch](https://github.com/maurosoria/dirsearch) - Web path scanner. +* [recursebuster](https://github.com/c-sto/recursebuster) - Content discovery tool to perform directory and file bruteforcing. + +### Web shells and C2 frameworks + +* [Browser Exploitation Framework (BeEF)](https://github.com/beefproject/beef) - Command and control server for delivering exploits to commandeered Web browsers. +* [DAws](https://github.com/dotcppfile/DAws) - Advanced Web shell. +* [SharPyShell](https://github.com/antonioCoco/SharPyShell) - Tiny and obfuscated ASP.NET webshell for C# web applications. +* [PhpSploit](https://github.com/nil0x42/phpsploit) - Full-featured C2 framework which silently persists on webserver via evil PHP oneliner. * [weevely3](https://github.com/epinna/weevely3) - Weaponized PHP-based web shell. +### Web-accessible source code ripping tools + +* [DVCS Ripper](https://github.com/kost/dvcs-ripper) - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR. +* [GitTools](https://github.com/internetwache/GitTools) - Automatically find and download Web-accessible `.git` repositories. +* [git-dumper](https://github.com/arthaud/git-dumper) - Tool to dump a git repository from a website. +* [git-scanner](https://github.com/HightechSec/git-scanner) - Tool for bug hunting or pentesting websites that have open `.git` repositories available in public. + ### Web Exploitation Books * [The Browser Hacker's Handbook by Wade Alcorn et al., 2014](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118662091.html) * [The Web Application Hacker's Handbook by D. Stuttard, M. Pinto, 2011](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118026470.html) - ## Windows Utilities * [Bloodhound](https://github.com/adaptivethreat/Bloodhound/wiki) - Graphical Active Directory trust relationship explorer.